From 0825454db143749835d392e9cc74cab045c2c54b Mon Sep 17 00:00:00 2001 From: Daniel Date: Mon, 12 Dec 2022 14:47:30 +0100 Subject: [PATCH 1/3] Add update versions debug data --- core/api.go | 1 + updates/export.go | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+) diff --git a/core/api.go b/core/api.go index ffa02a28..24a4b946 100644 --- a/core/api.go +++ b/core/api.go @@ -146,6 +146,7 @@ func debugInfo(ar *api.Request) (data []byte, err error) { compat.AddToDebugInfo(di) di.AddLastReportedModuleError() di.AddLastUnexpectedLogs() + updates.AddToDebugInfo(di) di.AddGoroutineStack() // Return data. diff --git a/updates/export.go b/updates/export.go index 0c03b365..fe29f464 100644 --- a/updates/export.go +++ b/updates/export.go @@ -2,12 +2,16 @@ package updates import ( "context" + "fmt" + "sort" + "strings" "sync" "github.com/safing/portbase/database/record" "github.com/safing/portbase/info" "github.com/safing/portbase/log" "github.com/safing/portbase/updater" + "github.com/safing/portbase/utils/debug" "github.com/safing/portmaster/updates/helper" ) @@ -131,3 +135,46 @@ func export(_ context.Context, _ interface{}) error { } return GetSimpleVersions().save() } + +// AddToDebugInfo adds the update system status to the given debug.Info. +func AddToDebugInfo(di *debug.Info) { + // Get resources from registry. + resources := registry.Export() + platformPrefix := helper.PlatformIdentifier("") + + // Collect data for debug info. + var active, selected []string + var activeCnt, totalCnt int + for id, r := range resources { + // Ignore resources for other platforms. + if !strings.HasPrefix(id, "all/") && !strings.HasPrefix(id, platformPrefix) { + continue + } + + totalCnt++ + if r.ActiveVersion != nil { + activeCnt++ + active = append(active, fmt.Sprintf("%s: %s", id, r.ActiveVersion.VersionNumber)) + } + if r.SelectedVersion != nil { + selected = append(selected, fmt.Sprintf("%s: %s", id, r.SelectedVersion.VersionNumber)) + } + } + sort.Strings(active) + sort.Strings(selected) + + // Compile to one list. + lines := make([]string, 0, len(active)+len(selected)+3) + lines = append(lines, "Active:") + lines = append(lines, active...) + lines = append(lines, "") + lines = append(lines, "Selected:") + lines = append(lines, selected...) + + // Add section. + di.AddSection( + fmt.Sprintf("Updates: %s (%d/%d)", initialReleaseChannel, activeCnt, totalCnt), + debug.UseCodeSection|debug.AddContentLineBreaks, + lines..., + ) +} From 83d31e8514f9b04d06d29b8fd52932d56ee55062 Mon Sep 17 00:00:00 2001 From: Daniel Date: Mon, 12 Dec 2022 14:47:42 +0100 Subject: [PATCH 2/3] Improve rule doc --- profile/config.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/profile/config.go b/profile/config.go index 582bbc31..340578d7 100644 --- a/profile/config.go +++ b/profile/config.go @@ -169,7 +169,7 @@ var ( // SPNRulesHelp defines the help text for SPN related Hub selection rules. SPNRulesHelp = strings.ReplaceAll(`Rules are checked from top to bottom, stopping after the first match. They can match the following attributes of SPN Nodes: -- Country (based on IPs): "US" +- Country (based on IPs): "US" (two-letter country codes according to ISO 3166-1 alpha-2) - AS number: "AS123456" - Address: "192.168.0.1" - Network: "192.168.0.1/24" @@ -250,7 +250,7 @@ func registerConfiguration() error { //nolint:maintidx - Matching with a wildcard prefix: "*xample.com" - Matching with a wildcard suffix: "example.*" - Matching domains containing text: "*example*" -- By country (based on IP): "US" +- By country (based on IP): "US" (two-letter country codes according to ISO 3166-1 alpha-2) - By AS number: "AS123456" - By filter list - use the filterlist ID prefixed with "L:": "L:MAL" - Match anything: "*" From 603e66955fe9c31c4de5b9860278af45001f0e27 Mon Sep 17 00:00:00 2001 From: Daniel Date: Mon, 12 Dec 2022 14:57:45 +0100 Subject: [PATCH 3/3] Remove deprecated package --- profile/fingerprint/const.go | 9 --- profile/fingerprint/const_darwin.go | 6 -- profile/fingerprint/const_linux.go | 6 -- profile/fingerprint/const_openbsd.go | 6 -- profile/fingerprint/const_windows.go | 6 -- profile/fingerprint/fingerprint.go | 85 -------------------- profile/fingerprint/identifier_linux.go | 47 ----------- profile/fingerprint/identifier_linux_test.go | 26 ------ 8 files changed, 191 deletions(-) delete mode 100644 profile/fingerprint/const.go delete mode 100644 profile/fingerprint/const_darwin.go delete mode 100644 profile/fingerprint/const_linux.go delete mode 100644 profile/fingerprint/const_openbsd.go delete mode 100644 profile/fingerprint/const_windows.go delete mode 100644 profile/fingerprint/fingerprint.go delete mode 100644 profile/fingerprint/identifier_linux.go delete mode 100644 profile/fingerprint/identifier_linux_test.go diff --git a/profile/fingerprint/const.go b/profile/fingerprint/const.go deleted file mode 100644 index 02a0877a..00000000 --- a/profile/fingerprint/const.go +++ /dev/null @@ -1,9 +0,0 @@ -package profile - -// Platform identifiers. -const ( - PlatformLinux = "linux" - PlatformWindows = "windows" - PlatformMac = "macos" - PlatformOpenBSD = "openbsd" -) diff --git a/profile/fingerprint/const_darwin.go b/profile/fingerprint/const_darwin.go deleted file mode 100644 index 7ce48800..00000000 --- a/profile/fingerprint/const_darwin.go +++ /dev/null @@ -1,6 +0,0 @@ -package profile - -// OS Identifier. -const ( - osIdentifier = PlatformMac -) diff --git a/profile/fingerprint/const_linux.go b/profile/fingerprint/const_linux.go deleted file mode 100644 index 795b2ce5..00000000 --- a/profile/fingerprint/const_linux.go +++ /dev/null @@ -1,6 +0,0 @@ -package profile - -// OS Identifier. -const ( - osIdentifier = PlatformLinux -) diff --git a/profile/fingerprint/const_openbsd.go b/profile/fingerprint/const_openbsd.go deleted file mode 100644 index cfe2947c..00000000 --- a/profile/fingerprint/const_openbsd.go +++ /dev/null @@ -1,6 +0,0 @@ -package profile - -// OS Identifier. -const ( - osIdentifier = PlatformOpenBSD -) diff --git a/profile/fingerprint/const_windows.go b/profile/fingerprint/const_windows.go deleted file mode 100644 index d5d33966..00000000 --- a/profile/fingerprint/const_windows.go +++ /dev/null @@ -1,6 +0,0 @@ -package profile - -// OS Identifier. -const ( - osIdentifier = PlatformWindows -) diff --git a/profile/fingerprint/fingerprint.go b/profile/fingerprint/fingerprint.go deleted file mode 100644 index 0ee38f72..00000000 --- a/profile/fingerprint/fingerprint.go +++ /dev/null @@ -1,85 +0,0 @@ -package profile - -var fingerprintWeights = map[string]int{ - "full_path": 2, - "partial_path": 1, - "md5_sum": 4, - "sha1_sum": 5, - "sha256_sum": 6, -} - -// Fingerprint links processes to profiles. -type Fingerprint struct { - OS string - Type string - Value string - Comment string - LastUsed int64 -} - -// MatchesOS returns whether the Fingerprint is applicable for the current OS. -func (fp *Fingerprint) MatchesOS() bool { - return fp.OS == osIdentifier -} - -// GetFingerprintWeight returns the weight of the given fingerprint type. -func GetFingerprintWeight(fpType string) (weight int) { - weight, ok := fingerprintWeights[fpType] - if ok { - return weight - } - return 0 -} - -// TODO: move to profile -/* -// AddFingerprint adds the given fingerprint to the profile. -func (profile *Profile) AddFingerprint(fp *Fingerprint) { - if fp.OS == "" { - fp.OS = osIdentifier - } - if fp.LastUsed == 0 { - fp.LastUsed = time.Now().Unix() - } - - profile.Fingerprints = append(profile.Fingerprints, fp) -} -*/ - -// TODO: matching -/* -//nolint:deadcode,unused // FIXME -func matchProfile(p *Process, prof *profile.Profile) (score int) { - for _, fp := range prof.Fingerprints { - score += matchFingerprint(p, fp) - } - return -} - -//nolint:deadcode,unused // FIXME -func matchFingerprint(p *Process, fp *profile.Fingerprint) (score int) { - if !fp.MatchesOS() { - return 0 - } - - switch fp.Type { - case "full_path": - if p.Path == fp.Value { - return profile.GetFingerprintWeight(fp.Type) - } - case "partial_path": - // FIXME: if full_path matches, do not match partial paths - return profile.GetFingerprintWeight(fp.Type) - case "md5_sum", "sha1_sum", "sha256_sum": - // FIXME: one sum is enough, check sums in a grouped form, start with the best - sum, err := p.GetExecHash(fp.Type) - if err != nil { - log.Errorf("process: failed to get hash of executable: %s", err) - } else if sum == fp.Value { - return profile.GetFingerprintWeight(fp.Type) - } - } - - return 0 -} -*/ diff --git a/profile/fingerprint/identifier_linux.go b/profile/fingerprint/identifier_linux.go deleted file mode 100644 index dfa28eb1..00000000 --- a/profile/fingerprint/identifier_linux.go +++ /dev/null @@ -1,47 +0,0 @@ -package profile - -import ( - "path/filepath" - "strings" - - "github.com/safing/portbase/utils" -) - -// GetPathIdentifier returns the identifier from the given path. -func GetPathIdentifier(path string) string { - // clean path - // TODO: is this necessary? - cleanedPath, err := filepath.EvalSymlinks(path) - if err == nil { - path = cleanedPath - } else { - path = filepath.Clean(path) - } - - splittedPath := strings.Split(path, "/") - - // strip sensitive data - switch { - case strings.HasPrefix(path, "/home/"): - splittedPath = splittedPath[3:] - case strings.HasPrefix(path, "/root/"): - splittedPath = splittedPath[2:] - } - - // common directories with executable - if i := utils.IndexOfString(splittedPath, "bin"); i > 0 { - splittedPath = splittedPath[i:] - return strings.Join(splittedPath, "/") - } - if i := utils.IndexOfString(splittedPath, "sbin"); i > 0 { - splittedPath = splittedPath[i:] - return strings.Join(splittedPath, "/") - } - - // shorten to max 3 - if len(splittedPath) > 3 { - splittedPath = splittedPath[len(splittedPath)-3:] - } - - return strings.Join(splittedPath, "/") -} diff --git a/profile/fingerprint/identifier_linux_test.go b/profile/fingerprint/identifier_linux_test.go deleted file mode 100644 index a9ae09d4..00000000 --- a/profile/fingerprint/identifier_linux_test.go +++ /dev/null @@ -1,26 +0,0 @@ -package profile - -import "testing" - -func testPathID(t *testing.T, execPath, identifierPath string) { - t.Helper() - - result := GetPathIdentifier(execPath) - if result != identifierPath { - t.Errorf("unexpected identifier path for %s: got %s, expected %s", execPath, result, identifierPath) - } -} - -func TestGetPathIdentifier(t *testing.T) { - t.Parallel() - - testPathID(t, "/bin/bash", "bin/bash") - testPathID(t, "/home/user/bin/bash", "bin/bash") - testPathID(t, "/home/user/project/main", "project/main") - testPathID(t, "/root/project/main", "project/main") - testPathID(t, "/tmp/a/b/c/d/install.sh", "c/d/install.sh") - testPathID(t, "/lib/systemd/systemd-udevd", "lib/systemd/systemd-udevd") - testPathID(t, "/bundle/ruby/2.4.0/bin/passenger", "bin/passenger") - testPathID(t, "/usr/sbin/cron", "sbin/cron") - testPathID(t, "/usr/local/bin/python", "bin/python") -}