Work on portmaster restructuring
This commit is contained in:
Daniel
43
process/executable.go
Normal file
43
process/executable.go
Normal file
@@ -0,0 +1,43 @@
|
||||
// Copyright Safing ICS Technologies GmbH. Use of this source code is governed by the AGPL license that can be found in the LICENSE file.
|
||||
|
||||
package process
|
||||
|
||||
import (
|
||||
"crypto"
|
||||
"encoding/hex"
|
||||
"hash"
|
||||
"io"
|
||||
"os"
|
||||
)
|
||||
|
||||
// GetExecHash returns the hash of the executable with the given algorithm.
|
||||
func (p *Process) GetExecHash(algorithm string) (string, error) {
|
||||
sum, ok := p.ExecHashes[algorithm]
|
||||
if ok {
|
||||
return sum, nil
|
||||
}
|
||||
|
||||
var hasher hash.Hash
|
||||
switch algorithm {
|
||||
case "md5":
|
||||
hasher = crypto.MD5.New()
|
||||
case "sha1":
|
||||
hasher = crypto.SHA1.New()
|
||||
case "sha256":
|
||||
hasher = crypto.SHA256.New()
|
||||
}
|
||||
|
||||
file, err := os.Open(p.Path)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
_, err = io.Copy(hasher, file)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
sum = hex.EncodeToString(hasher.Sum(nil))
|
||||
p.ExecHashes[algorithm] = sum
|
||||
return sum, nil
|
||||
}
|
||||
@@ -1,37 +0,0 @@
|
||||
// Copyright Safing ICS Technologies GmbH. Use of this source code is governed by the AGPL license that can be found in the LICENSE file.
|
||||
|
||||
package process
|
||||
|
||||
import (
|
||||
"strings"
|
||||
"sync"
|
||||
"time"
|
||||
|
||||
"github.com/Safing/portbase/database/record"
|
||||
)
|
||||
|
||||
// ExecutableSignature stores a signature of an executable.
|
||||
type ExecutableSignature []byte
|
||||
|
||||
// FileInfo stores (security) information about a file.
|
||||
type FileInfo struct {
|
||||
record.Base
|
||||
sync.Mutex
|
||||
|
||||
HumanName string
|
||||
Owners []string
|
||||
ApproxLastSeen int64
|
||||
Signature *ExecutableSignature
|
||||
}
|
||||
|
||||
// GetFileInfo gathers information about a file and returns *FileInfo
|
||||
func GetFileInfo(path string) *FileInfo {
|
||||
// TODO: actually get file information
|
||||
// TODO: try to load from DB
|
||||
// TODO: save to DB (key: hash of some sorts)
|
||||
splittedPath := strings.Split("/", path)
|
||||
return &FileInfo{
|
||||
HumanName: splittedPath[len(splittedPath)-1],
|
||||
ApproxLastSeen: time.Now().Unix(),
|
||||
}
|
||||
}
|
||||
51
process/matching.go
Normal file
51
process/matching.go
Normal file
@@ -0,0 +1,51 @@
|
||||
package process
|
||||
|
||||
import (
|
||||
"github.com/Safing/portbase/log"
|
||||
"github.com/Safing/portmaster/profile"
|
||||
)
|
||||
|
||||
// FindProfiles finds and assigns a profile set to the process.
|
||||
func (p *Process) FindProfiles() {
|
||||
|
||||
// Get fingerprints of process
|
||||
|
||||
// Check if user profile already exists, else create new
|
||||
|
||||
// Find/Re-evaluate Stamp profile
|
||||
|
||||
// p.UserProfileKey
|
||||
// p.profileSet
|
||||
|
||||
}
|
||||
|
||||
func matchProfile(p *Process, prof *profile.Profile) (score int) {
|
||||
for _, fp := range prof.Fingerprints {
|
||||
score += matchFingerprint(p, fp)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
func matchFingerprint(p *Process, fp *profile.Fingerprint) (score int) {
|
||||
if !fp.MatchesOS() {
|
||||
return 0
|
||||
}
|
||||
|
||||
switch fp.Type {
|
||||
case "full_path":
|
||||
if p.Path == fp.Value {
|
||||
}
|
||||
return profile.GetFingerprintWeight(fp.Type)
|
||||
case "partial_path":
|
||||
return profile.GetFingerprintWeight(fp.Type)
|
||||
case "md5_sum", "sha1_sum", "sha256_sum":
|
||||
sum, err := p.GetExecHash(fp.Type)
|
||||
if err != nil {
|
||||
log.Errorf("process: failed to get hash of executable: %s", err)
|
||||
} else if sum == fp.Value {
|
||||
return profile.GetFingerprintWeight(fp.Type)
|
||||
}
|
||||
}
|
||||
|
||||
return 0
|
||||
}
|
||||
@@ -5,6 +5,7 @@ package process
|
||||
import (
|
||||
"fmt"
|
||||
"runtime"
|
||||
"strings"
|
||||
"sync"
|
||||
"time"
|
||||
|
||||
@@ -27,13 +28,18 @@ type Process struct {
|
||||
ParentPid int
|
||||
Path string
|
||||
Cwd string
|
||||
FileInfo *FileInfo
|
||||
CmdLine string
|
||||
FirstArg string
|
||||
|
||||
profileSet *profile.Set
|
||||
Name string
|
||||
Icon string
|
||||
ExecName string
|
||||
ExecHashes map[string]string
|
||||
// ExecOwner ...
|
||||
// ExecSignature ...
|
||||
|
||||
UserProfileKey string
|
||||
profileSet *profile.Set
|
||||
Name string
|
||||
Icon string
|
||||
// Icon is a path to the icon and is either prefixed "f:" for filepath, "d:" for database cache path or "c:"/"a:" for a the icon key to fetch it from a company / authoritative node and cache it in its own cache.
|
||||
|
||||
FirstConnectionEstablished int64
|
||||
@@ -226,8 +232,11 @@ func GetOrFindProcess(pid int) (*Process, error) {
|
||||
// }
|
||||
// }
|
||||
|
||||
// get FileInfo
|
||||
new.FileInfo = GetFileInfo(new.Path)
|
||||
// Executable Information
|
||||
|
||||
// FIXME: use os specific path seperator
|
||||
splittedPath := strings.Split("/", new.Path)
|
||||
new.ExecName = strings.ToTitle(splittedPath[len(splittedPath)-1])
|
||||
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user