Make the sync client content encoding a tunable.
This makes the sync client's content encoding a tunable so that it can be
compatible with more sync servers.
Removed the "backwards compatibility" config option.
---------
Co-authored-by: Russell Hancox <russellhancox@users.noreply.github.com>
This change allows a sync server to change the header that Santa will use to send XSRF tokens on subsequent requests by putting the header name in the header.
* Skip testHandleMessage when testing with tsan
* fix other 2 tsan failures
* change action_env->test_env in bazelrc for sanitizers
* revert Source/santactl/BUILD formatting
* Add method to get WatchItems state
* Update santactl status with watch items state
* Update status label
* PR feedback - add missing dispatch_group_leave
* WIP begin adopting new ES APIs inverting target mute paths
* Track subscription status so as not to unnecessarily enable/disable
* Properly chain call to invert target mute paths. Fix using wrong Message obj.
* Add base client tests
* Support compiling on older platforms
* More changes to support compiling on older platforms
* Only enable watch items periodic task on macOS 13
* Add more asserts to test
* Disable ES caching for now
* lint
* WIP refactor file access class to setup logging
* Combined GetPathTarget1 and 2, added some tests.
* Change method name to not be abbrv.
* Remove unnecessary includes
* PR feedback: fix missing path sep, add comments
* Fix test issue
* WIP Initial work for new fs watcher client
* WIP basic working mechanics of applying policy to OPEN events
* WIP now support allowing access based on cdhash
* WIP lint fix
* WIP check instigator cdhash and cert hash against policy
* WIP Fix test issue in base ES client class
* WIP Fix test issue in water items test
* Added secondary lookup cache for cert hashes and fallback lookups
* Adopt new SantaVnode name
* Adopt min macOS 11. Adopt new SantaCacheHasher for SantaVnode.
* Rename the es client to FileAccessAuthorizer
* Added some more tests
* Added MockLogger and a lot more tests.
* Removed currently unused subscriptions. Don't enable FS client by default
* lint
* lint after rebase
* Use strtoul for hex string conversion. Update comments.
* PR feedback
* Move santa_action_t to SNTCommonEnums and rename to SNTAction
* Move likely and unlikely macros to a new BranchPrediction header
* Remove SNTCommon.h. Move SantaVnode to its own header.
* Add SantaVnodeHash
* Fix build deps
* Swtich from task_info to libproc for system resource info
* Fix return value
* Convert nanos to seconds
* Make GetTimebase static. Expose NanosToMachTime.
* Abstract return or GetTaskInfo to new type.
* WIP Rename SNTPrefixTree to PrefixTree
* WIP Implement the new PrefixTree and tests
* Add Unit type. Fix build and tests.
* lint
* Make NodeCount accessor for tests
* Updated comments
* Spool writer and santactl command to print proto file
* Make valid JSON for multiple paths. Can now create proto/spool logger. Updated logger tests.
* Make fsspool writer and fsspool log batch writer injectable
* Add spool writer tests
* Updated help text for santactl printlog
* Include file cleanup
* Fix dispatch source destruction
* Change config keys for the new Spool writer
* Spool settings now configurable
* Fix param order
* Remove some test sleeps related to control flow
* Apply clang-format to cc files
* Modify binaryproto namespace
* Add more required includes
* Add proto includes
* Assert message parsing succeeds in test
* Add optional keyword to proto fields to track presence. TESTS BROKEN.
* Update golden test data
* Initial proto serializer with close event
* Define move ctors for enriched types, delete copy ctors
* More event proto serialization. Commonized proto test code.
* Started work serializing exec event. Added serializer utilities.
* More progress serializing exec event
* Add mroe test data. Test restructure to permit fine grained mocking.
* Env/FD ES types now wrapped in EndpointSecurityAPI. Added calls to proto serializer.
* Add fd type names to proto
* Version compat. Script and Working Dir encoding.
* Add process start time
* Serialize Link event
* Add null check, mainly to fix tests
* Handle versioned expectations
* Each test now build msg in callbacks to set better expectations
* Serialize rename event and tests
* Serialize unlink event and tests
* Serialize allowlist and bundle events. Add utilities tests.
* Formatting
* Disk event proto serialization and tests
* Fix test only issues
* Rename santa_new.proto to santa.proto
* Change fd type int and string to an enum
* Proto namespace now versioned
* Added comments to proto schema
* Add proto support to indicate if fd list truncated
* Initial structure for ES wrappers, enriched types, logging
* Basic working ES and logging functionality
* Add in oneTBB and thread-safe-lru deps
* Added a bunch of enriched types
* Auto-mute self when establishing ES client
* Basic auth, tamper client. Syslog of all events. Basic compiler tracking.
* Update copyright header blobs, convert some tabs to spaces
* Auth result cache. Fix getting translocation path.
* Added remaining cache methods
* Add AuthResultCache to Recorder client. Cache now operates on es_file_t.
* Hooked up SNTPrefixTree
* Fix CompilerController for RENAME. Fix AllowList logging missing path.
* Block loading Santa kext
* Added device manager client
* Properly log DiskAppear events
* Fix build to adopt new adhoc build
* Handle clearing cache on UNMOUNT events
* Ignore other ES clients if configured
* Remove SNTAllowlistInfo. Rename AllowList to Allowlist. Minor cleanup.
* Recorder now logs asynchronously. Enricher now returns shared_ptrs.
* Added File writer. Added timestamps to BasicStream serializer.
* Skip calling stat in SNTFileInfo when path given by ES.
* Fix build issue
* Address draft PR feedback
* santactl integrated, XPC works, fix file writer bug
* Integrate syncservice. Start observing some config changes.
* Add metrics service wrapper
* Add metrics config observers and metrics interval reset.
* Start better dependency control. Add Null logger support.
* Added more deps
* Added more deps
* Fix issue where metric service wasn't starting
* Add missing variant include
* Fix missing parent proc name
* Added googletest and new unit test macro
* Started expanding AuthResultCacheTest
* Properly mock EndpointSecurityAPI
* Finished AuthResultCacheTest
* bazelrc now builds all C++ as C++17. Added LoggerTest.
* Add FileTest. Abstract some File constants to Logger.
* Added Empty serializer test
* Started work on BasicStringTest. Fixed some BasicString serialization bugs.
* Added Unlink BasicString serialization test
* Added some more tests. Commonized some test code
* Finished BasicStringTest. Converted to XCTest.
* Standardize esapi variable naming
* Bubble up gTest expect failures to XCTest failures
* AuthResultCacheTest now uses XCTest. Added common TestUtils.h
* EmptyTest now uses XCTest.
* FileTest now uses XCTest
* LoggerTest now uses XCTest. Removed santa_unit_gtest bazel macro.
* Added ClientTest
* Add basic Enricher tests
* Add MessageTest. Make more TestUtils.
* Rename metrics to Metrics
* Add MetricsTest.
* Apply template pattern to Serializer
* Add SNTDecisionCacheTest.
* Add SNTCachedDecisionTest.
* Testing with coveralls debug mode
* Allow manual CI runs
* Remove unused property
* Started work on SNTEndpointSecurityClientTest.
* WIP SNTEndpointSecurityClientTest, fix test run issue
* Added more base ES client tests
* Add more base ES client tests
* Base ES client tests done. Added serializer utils/tests. Expanded basic string tests.
* Add utils test to test suite
* Add copy ctor. Add test output to bazel coverage.
* Single thread bazel coverage
* Updaload coverage file
* Updaload coverage file
* Old gen cov test
* Restructure message handlers to enable better testability
* Added enable tests for all ES clients
* Made a single MockEndpointSecurityAPI class to share everywhere
* Added most of SNTCompilerControllerTest
* Cleanup SNTCompilerControllerTest
* Started expanding Auth client test
* Finished up the Authorizer tests
* Move to using enum class for notify/auth instead of bool
* WIP for tamper resistance test. ASAN issues.
* Add OCMock patch to fix test issue on ARM Macs
* Changed patches directory name to external_patches
* Update WORKSPACE path
* Finished up Tamper Resistance tests
* Finished up Recorder tests.
* Move SNTExecutionControllerTest to ObjC++
* Initial work to port SNTExecutionControllerTest
* Finished porting SNTExecutionControllerTest.
* Added SNTExecutionControllerTest to list of unit tests
* Ported SNTEndpointSecurityDeviceManager.
* Test cleanup, use MockESAPI expectation helpers
* Verify SNTEndpointSecurityDeviceManager expectations differently
* Test cleanup, omit gTest param list where unused
* Log message cleanup
* Rename SNTApplicationTest to santad_test.mm
* Finished porting santad_test, formerly SNTApplicationTest
* Fix SNTEndpointSecurityDeviceManager issues
* Pulled in missed fixes. Updated tests.
* Renamed lowercase filenames to match rest of codebase
* Fix non-static dispatch_once_t, and noisy watching compiler log message
* WIP Started process of removing components no longer used
* WIP Continued process of removing components no longer used
* BUILD file cleanup. Proto warning. Removed unused global
* Rename SNTEventProvider to SNTEndpointSecurityEventHandler
* Rename SNTEndpointSecurityEventHandler protocol
* Remove EnableSysxCache option. Remove --quick flag used during dev.
* Ran testing/fix.sh
* Addmissing param to fix.sh that was omitting .mm files.
* clang-format
* Fix linter: find cmd missing .mm ext, git grep exclude patch files.
* Use MakeESProcess default params in tests
* Move variables to camelCase in objc classes
* More case changes
* Sanitize strings
* Change dispatch queue priorities and standardize daemon queue naming
* Exclude patch files in markdown check
* Ensure string log messages end with newline
* Fix BasicStringTest
* Disable clang-format in code producing different results in local/remote versions
* Moved to using date ranges in copyright notices as per current guidelines
* Update Source/common/SNTConfigurator.h
Suggestion adding whitespace in comment to fix clang-format mangling
Co-authored-by: Russell Hancox <russellhancox@users.noreply.github.com>
* Removed santa_panic macro used in one place
* Updated comment about ES cachability
* Pin oneTBB to specific commit
* Address outstanding WORKSPACE 'canonical reproducible form' messages
* Use string append instead of ostringstream due to benchmark results
* Remove use of freind classes in EnrichedTypes.h
* Added SNTKVOManager, removed observers from SNTConfigurator.
* Fixed SNTEndpointSecurityRecorderTest class name
* Reduce usage of the auto keyword
* Each SNTKVOManager instance now adds its own observer
* Replaced more auto keywords with real types.
* Remove leftover code coverage debugging from ci.yml
* Updated comment
* Memoize SNTFileInfo sha256. Reduce some cache sizes.
* Fix issue checking for translocated paths
* Use more performant NSURL creation method
* Fix lint issue
* Address PR feedback
* Use an array literal for kvo objects
* Fix some clang tidy and import issues
* Replace third party LRU cache with SantaCache for now
* Fix clang tidy issues
* Address PR feedback
* Fix comment typo
Co-authored-by: Pete Markowsky <pmarkowsky@users.noreply.github.com>
* Added todo for when we adopt macOS 13
Co-authored-by: Russell Hancox <russellhancox@users.noreply.github.com>
Co-authored-by: Pete Markowsky <pmarkowsky@users.noreply.github.com>
