diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8c096c3..0b3ad36 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -16,7 +16,7 @@ jobs: strategy: matrix: yara-version: - - v4.1.1 + - v4.1.3 steps: - uses: actions/checkout@v2 @@ -44,12 +44,10 @@ jobs: strategy: matrix: go-version: + - 1.17 - 1.16 - - 1.15 yara-version: - - v4.1.1 - openssl-version: - - OpenSSL_1_1_1-stable + - v4.1.3 steps: - uses: actions/checkout@v2 @@ -93,7 +91,7 @@ jobs: - name: Upload coverage uses: actions/upload-artifact@v2 with: - name: coverage-linux-${{ matrix.go-version }}-${{ matrix.yara-version }}-${{ matrix.openssl-version }} + name: coverage-linux-${{ matrix.go-version }}-${{ matrix.yara-version }} path: coverage.txt - name: Codecov uses: codecov/codecov-action@v1.5.2 @@ -105,9 +103,9 @@ jobs: strategy: matrix: go-version: - - 1.16 + - 1.17 yara-version: - - v4.1.1 + - v4.1.3 openssl-version: - OpenSSL_1_1_1-stable steps: diff --git a/acceptanceTests/reports_test.go b/acceptanceTests/reports_test.go index c6ea7a1..2760c82 100644 --- a/acceptanceTests/reports_test.go +++ b/acceptanceTests/reports_test.go @@ -396,17 +396,17 @@ func conveyReportIsReadable(c C, openReport reportOpenFunc, pid int, addressOfDa So(err, ShouldBeNil) defer report.Close() - reportFiles, err := readReport(c, report) + reportFiles, err := readReport(report) c.So(reportFiles, ShouldNotBeEmpty) c.So(err, ShouldBeNil) - var memoryScansJson *file + var memoryScansJSON *file filenames := make([]string, len(reportFiles)) for i, file := range reportFiles { filenames[i] = file.Name if file.Name == "memory-scans.json" { - memoryScansJson = file + memoryScansJSON = file } } c.Convey("which contains the expected files", func(c C) { @@ -414,9 +414,9 @@ func conveyReportIsReadable(c C, openReport reportOpenFunc, pid int, addressOfDa c.So(filenames, ShouldContain, "processes.json") c.So(filenames, ShouldContain, "memory-scans.json") c.So(filenames, ShouldContain, "stats.json") - c.So(memoryScansJson, ShouldNotBeNil) + c.So(memoryScansJSON, ShouldNotBeNil) - conveyReportHasMatch(c, pid, addressOfData, memoryScansJson) + conveyReportHasMatch(c, pid, addressOfData, memoryScansJSON) }) }) } @@ -434,17 +434,17 @@ func conveyReportIsReadableButDoesNotHaveMatch(c C, openReport reportOpenFunc, p So(err, ShouldBeNil) defer report.Close() - reportFiles, err := readReport(c, report) + reportFiles, err := readReport(report) c.So(reportFiles, ShouldNotBeEmpty) c.So(err, ShouldBeNil) - var memoryScansJson *file + var memoryScansJSON *file filenames := make([]string, len(reportFiles)) for i, file := range reportFiles { filenames[i] = file.Name if file.Name == "memory-scans.json" { - memoryScansJson = file + memoryScansJSON = file } } c.Convey("which contains the expected files", func(c C) { @@ -452,9 +452,9 @@ func conveyReportIsReadableButDoesNotHaveMatch(c C, openReport reportOpenFunc, p c.So(filenames, ShouldContain, "processes.json") c.So(filenames, ShouldContain, "memory-scans.json") c.So(filenames, ShouldContain, "stats.json") - c.So(memoryScansJson, ShouldNotBeNil) + c.So(memoryScansJSON, ShouldNotBeNil) - conveyReportDoesNotHaveMatch(c, pid, addressOfData, memoryScansJson) + conveyReportDoesNotHaveMatch(c, pid, addressOfData, memoryScansJSON) }) }) } @@ -472,7 +472,7 @@ func conveyReportIsAnonymized(c C, openReport reportOpenFunc, reportDir string) So(err, ShouldBeNil) defer report.Close() - reportFiles, err := readReport(c, report) + reportFiles, err := readReport(report) c.So(reportFiles, ShouldNotBeEmpty) c.So(err, ShouldBeNil) @@ -523,14 +523,14 @@ func conveyReportIsNotReadable(c C, openReport reportOpenFunc, reportDir string) } defer report.Close() - _, err = readReport(c, report) + _, err = readReport(report) c.So(err, ShouldNotBeNil) }) } -func conveyReportHasMatch(c C, pid int, addressOfData uintptr, memoryScansJson *file) { +func conveyReportHasMatch(c C, pid int, addressOfData uintptr, memoryScansJSON *file) { c.Convey("with the memory-scans.json containing the correct match.", func() { - dec := json.NewDecoder(bytes.NewReader(memoryScansJson.Data)) + dec := json.NewDecoder(bytes.NewReader(memoryScansJSON.Data)) foundCorrectMatch := false var err error for { @@ -549,9 +549,9 @@ func conveyReportHasMatch(c C, pid int, addressOfData uintptr, memoryScansJson * }) } -func conveyReportDoesNotHaveMatch(c C, pid int, addressOfData uintptr, memoryScansJson *file) { +func conveyReportDoesNotHaveMatch(c C, pid int, addressOfData uintptr, memoryScansJSON *file) { c.Convey("with the memory-scans.json not containing a false positive.", func() { - dec := json.NewDecoder(bytes.NewReader(memoryScansJson.Data)) + dec := json.NewDecoder(bytes.NewReader(memoryScansJSON.Data)) foundMatchForPID := false foundMatchForAddressInPID := false var err error @@ -580,7 +580,7 @@ type file struct { Data []byte } -func readReport(c C, rdr io.Reader) ([]*file, error) { +func readReport(rdr io.Reader) ([]*file, error) { zstdRdr, err := zstd.NewReader(rdr) if err != nil { return nil, err diff --git a/app/app.go b/app/app.go index 54fa8fd..82dab4e 100644 --- a/app/app.go +++ b/app/app.go @@ -11,8 +11,6 @@ import ( "github.com/urfave/cli/v2" ) -const yaraRulesNamespace = "" - var DefaultNumberOfFilescanThreads int func init() { @@ -209,7 +207,7 @@ func MakeApp(args []string) *cli.App { Name: "yapscan", HelpName: "yapscan", Description: "A yara based scanner for files and process memory with some extras.", - Version: "0.11.0", + Version: "0.12.0", Writer: os.Stdout, ErrWriter: os.Stderr, Authors: []*cli.Author{ diff --git a/app/filter.go b/app/filter.go index f4cd570..304e464 100644 --- a/app/filter.go +++ b/app/filter.go @@ -33,7 +33,7 @@ func BuildFilterPermissions(fStr string) (yapscan.MemorySegmentFilter, error) { func BuildFilterPermissionsExact(fStr []string) (yapscan.MemorySegmentFilter, error) { var err error - if fStr == nil || len(fStr) == 0 { + if len(fStr) == 0 { return nil, nil } @@ -51,16 +51,16 @@ func BuildFilterPermissionsExact(fStr []string) (yapscan.MemorySegmentFilter, er func BuildFilterType(fStr []string) (yapscan.MemorySegmentFilter, error) { var err error - if fStr == nil || len(fStr) == 0 { + if len(fStr) == 0 { return nil, nil } - types := make([]procio.Type, len(fStr)) + types := make([]procio.SegmentType, len(fStr)) for i, s := range fStr { if s == "" { continue } - types[i], err = procio.ParseType(strings.ToUpper(s[0:1]) + strings.ToLower(s[1:])) + types[i], err = procio.ParseSegmentType(strings.ToUpper(s[0:1]) + strings.ToLower(s[1:])) if err != nil { return nil, fmt.Errorf("could not parse type \"%s\", reason: %w", s, err) } @@ -72,7 +72,7 @@ func BuildFilterType(fStr []string) (yapscan.MemorySegmentFilter, error) { func BuildFilterState(fStr []string) (yapscan.MemorySegmentFilter, error) { var err error - if fStr == nil || len(fStr) == 0 { + if len(fStr) == 0 { return nil, nil } @@ -256,6 +256,9 @@ func ParseAbsoluteSize(s string) (uintptr, error) { num := numReg.FindString(s) value, err := strconv.ParseFloat(num, 64) + if err != nil { + return 0, err + } unit := strings.Trim(s[len(num):], " \t") mult, err := ParseByteUnit(unit) diff --git a/app/scan.go b/app/scan.go index c11b140..d4dc39e 100644 --- a/app/scan.go +++ b/app/scan.go @@ -4,7 +4,6 @@ import ( "context" "crypto/md5" "encoding/base64" - "encoding/binary" "encoding/hex" "fmt" "math/rand" @@ -157,9 +156,12 @@ func scan(c *cli.Context) error { hostname, err := os.Hostname() if err != nil { logrus.WithError(err).Warn("Could not determine hostname.") + + // Generate random name h := md5.New() - binary.Write(h, binary.LittleEndian, rand.Int()) - binary.Write(h, binary.LittleEndian, rand.Int()) + randBytes := make([]byte, 32) + rand.Read(randBytes) + h.Write(randBytes) hostname = hex.EncodeToString(h.Sum(nil)) } if anonymizer != nil { diff --git a/arch/bitness_enum.go b/arch/bitness_enum.go index 376ee27..1cd7355 100644 --- a/arch/bitness_enum.go +++ b/arch/bitness_enum.go @@ -1,5 +1,8 @@ -// Code generated by go-enum -// DO NOT EDIT! +// Code generated by go-enum DO NOT EDIT. +// Version: +// Revision: +// Build Date: +// Built By: package arch @@ -9,11 +12,11 @@ import ( ) const ( - // BitnessInvalid is a Bitness of type Invalid + // BitnessInvalid is a Bitness of type Invalid. BitnessInvalid Bitness = iota - // Bitness32Bit is a Bitness of type 32Bit + // Bitness32Bit is a Bitness of type 32Bit. Bitness32Bit Bitness = iota + 31 - // Bitness64Bit is a Bitness of type 64Bit + // Bitness64Bit is a Bitness of type 64Bit. Bitness64Bit Bitness = iota + 62 ) @@ -33,9 +36,9 @@ func BitnessNames() []string { } var _BitnessMap = map[Bitness]string{ - 0: _BitnessName[0:7], - 32: _BitnessName[7:12], - 64: _BitnessName[12:17], + BitnessInvalid: _BitnessName[0:7], + Bitness32Bit: _BitnessName[7:12], + Bitness64Bit: _BitnessName[12:17], } // String implements the Stringer interface. @@ -47,12 +50,12 @@ func (x Bitness) String() string { } var _BitnessValue = map[string]Bitness{ - _BitnessName[0:7]: 0, - strings.ToLower(_BitnessName[0:7]): 0, - _BitnessName[7:12]: 32, - strings.ToLower(_BitnessName[7:12]): 32, - _BitnessName[12:17]: 64, - strings.ToLower(_BitnessName[12:17]): 64, + _BitnessName[0:7]: BitnessInvalid, + strings.ToLower(_BitnessName[0:7]): BitnessInvalid, + _BitnessName[7:12]: Bitness32Bit, + strings.ToLower(_BitnessName[7:12]): Bitness32Bit, + _BitnessName[12:17]: Bitness64Bit, + strings.ToLower(_BitnessName[12:17]): Bitness64Bit, } // ParseBitness attempts to convert a string to a Bitness diff --git a/cicd/release.sh b/cicd/release.sh index 778712a..61b96f8 100755 --- a/cicd/release.sh +++ b/cicd/release.sh @@ -98,7 +98,7 @@ if [[ "$?" != "0" ]]; then echo "ERROR: Could not create release!" exit 15 fi -upload_url=${upload_url%{*} +upload_url=${upload_url%\{*} echo "Uploading assets to $upload_url..." diff --git a/cicd/yaraVersion.sh b/cicd/yaraVersion.sh index 20ee72e..79b9b80 100755 --- a/cicd/yaraVersion.sh +++ b/cicd/yaraVersion.sh @@ -1,6 +1,6 @@ #!/bin/bash -DEFAULT_VERSION=v4.1.1 +DEFAULT_VERSION=v4.1.3 YARA_VERSION=${YARA_VERSION:-$DEFAULT_VERSION} echo "$YARA_VERSION" diff --git a/cmd/yapscan/main.go b/cmd/yapscan/main.go index d1c1100..f9365ae 100644 --- a/cmd/yapscan/main.go +++ b/cmd/yapscan/main.go @@ -40,5 +40,4 @@ func main() { } // Started as service. // The ServiceMain is called by the service manager, we can just exit. - return } diff --git a/fileio/driveType_enum.go b/fileio/driveType_enum.go index 4650a9f..b0eccdf 100644 --- a/fileio/driveType_enum.go +++ b/fileio/driveType_enum.go @@ -1,5 +1,8 @@ -// Code generated by go-enum -// DO NOT EDIT! +// Code generated by go-enum DO NOT EDIT. +// Version: +// Revision: +// Build Date: +// Built By: package fileio @@ -9,17 +12,17 @@ import ( ) const ( - // DriveTypeUnknown is a DriveType of type Unknown + // DriveTypeUnknown is a DriveType of type Unknown. DriveTypeUnknown DriveType = iota - // DriveTypeRemovable is a DriveType of type Removable + // DriveTypeRemovable is a DriveType of type Removable. DriveTypeRemovable - // DriveTypeFixed is a DriveType of type Fixed + // DriveTypeFixed is a DriveType of type Fixed. DriveTypeFixed - // DriveTypeRemote is a DriveType of type Remote + // DriveTypeRemote is a DriveType of type Remote. DriveTypeRemote DriveType = iota + 1 - // DriveTypeCDRom is a DriveType of type CDRom + // DriveTypeCDRom is a DriveType of type CDRom. DriveTypeCDRom DriveType = iota + 4 - // DriveTypeRAM is a DriveType of type RAM + // DriveTypeRAM is a DriveType of type RAM. DriveTypeRAM DriveType = iota + 11 ) @@ -42,12 +45,12 @@ func DriveTypeNames() []string { } var _DriveTypeMap = map[DriveType]string{ - 0: _DriveTypeName[0:7], - 1: _DriveTypeName[7:16], - 2: _DriveTypeName[16:21], - 4: _DriveTypeName[21:27], - 8: _DriveTypeName[27:32], - 16: _DriveTypeName[32:35], + DriveTypeUnknown: _DriveTypeName[0:7], + DriveTypeRemovable: _DriveTypeName[7:16], + DriveTypeFixed: _DriveTypeName[16:21], + DriveTypeRemote: _DriveTypeName[21:27], + DriveTypeCDRom: _DriveTypeName[27:32], + DriveTypeRAM: _DriveTypeName[32:35], } // String implements the Stringer interface. @@ -59,18 +62,18 @@ func (x DriveType) String() string { } var _DriveTypeValue = map[string]DriveType{ - _DriveTypeName[0:7]: 0, - strings.ToLower(_DriveTypeName[0:7]): 0, - _DriveTypeName[7:16]: 1, - strings.ToLower(_DriveTypeName[7:16]): 1, - _DriveTypeName[16:21]: 2, - strings.ToLower(_DriveTypeName[16:21]): 2, - _DriveTypeName[21:27]: 4, - strings.ToLower(_DriveTypeName[21:27]): 4, - _DriveTypeName[27:32]: 8, - strings.ToLower(_DriveTypeName[27:32]): 8, - _DriveTypeName[32:35]: 16, - strings.ToLower(_DriveTypeName[32:35]): 16, + _DriveTypeName[0:7]: DriveTypeUnknown, + strings.ToLower(_DriveTypeName[0:7]): DriveTypeUnknown, + _DriveTypeName[7:16]: DriveTypeRemovable, + strings.ToLower(_DriveTypeName[7:16]): DriveTypeRemovable, + _DriveTypeName[16:21]: DriveTypeFixed, + strings.ToLower(_DriveTypeName[16:21]): DriveTypeFixed, + _DriveTypeName[21:27]: DriveTypeRemote, + strings.ToLower(_DriveTypeName[21:27]): DriveTypeRemote, + _DriveTypeName[27:32]: DriveTypeCDRom, + strings.ToLower(_DriveTypeName[27:32]): DriveTypeCDRom, + _DriveTypeName[32:35]: DriveTypeRAM, + strings.ToLower(_DriveTypeName[32:35]): DriveTypeRAM, } // ParseDriveType attempts to convert a string to a DriveType diff --git a/fileio/filesystem.go b/fileio/filesystem.go index a66d189..b084a25 100644 --- a/fileio/filesystem.go +++ b/fileio/filesystem.go @@ -2,7 +2,7 @@ package fileio import ( "context" - "errors" + "fmt" "io" "os" "path/filepath" @@ -15,7 +15,7 @@ var ( FilesBuffer = 8 ) -var ErrSkipped error = errors.New("skipped") +var ErrSkipped = fmt.Errorf("skipped") type nextEntry struct { File File @@ -43,13 +43,11 @@ func IteratePath(ctx context.Context, path string, validExtensions []string) (It return nil, err } if !stat.IsDir() { - return nil, errors.New("path must be a directory") + return nil, fmt.Errorf("path must be a directory") } - if validExtensions != nil { - for i := range validExtensions { - validExtensions[i] = strings.ToLower(validExtensions[i]) - } + for i := range validExtensions { + validExtensions[i] = strings.ToLower(validExtensions[i]) } it := &fsIterator{ @@ -97,7 +95,11 @@ func (it *fsIterator) dirScanner() { for { select { case <-it.ctx.Done(): + //revive:disable:useless-break + // This break is intentionally only causing a non-blocking read, not + // breaking the loop. The loop-break is below. break + //revive:enable:useless-break default: } @@ -200,7 +202,7 @@ func (it *fileListIterator) Next() (File, error) { } file := NewFile(it.files[it.i]) - it.i += 1 + it.i++ return file, nil } diff --git a/filter.go b/filter.go index 415d6f3..92abf3d 100644 --- a/filter.go +++ b/filter.go @@ -157,8 +157,8 @@ func NewStateFilter(states []procio.State) MemorySegmentFilter { } // NewTypeFilter creates a new filter, matching *procio.MemorySegmentInfo -// with a procio.Type equal to one of the given types. -func NewTypeFilter(types []procio.Type) MemorySegmentFilter { +// with a procio.SegmentType equal to one of the given types. +func NewTypeFilter(types []procio.SegmentType) MemorySegmentFilter { return NewFilterFromFunc( func(info *procio.MemorySegmentInfo) bool { for _, t := range types { @@ -169,7 +169,7 @@ func NewTypeFilter(types []procio.Type) MemorySegmentFilter { return false }, types, - "segment has wrong type, type: {{.MSI.Type}}, allowed types: {{.Filter.Parameter|join \", \"}}", + "segment has wrong type, type: {{.MSI.SegmentType}}, allowed types: {{.Filter.Parameter|join \", \"}}", fmt.Sprintf("segment type must be one of %q", types), ) } diff --git a/generate.sh b/generate.sh index 7d4ef78..0040b3d 100755 --- a/generate.sh +++ b/generate.sh @@ -16,4 +16,5 @@ go mod tidy find . -name 'mock_*_test.go' -type f -delete -go generate ./... \ No newline at end of file +go generate ./... + diff --git a/go.mod b/go.mod index 2d569a4..0d43bfa 100644 --- a/go.mod +++ b/go.mod @@ -5,21 +5,23 @@ go 1.15 require ( github.com/cpuguy83/go-md2man/v2 v2.0.1 // indirect github.com/dustin/go-humanize v1.0.0 - github.com/fatih/color v1.12.0 - github.com/golang/snappy v0.0.4 // indirect + github.com/fatih/color v1.13.0 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 github.com/gopherjs/gopherjs v0.0.0-20210503212227-fb464eba2686 // indirect github.com/hillu/go-yara/v4 v4.1.0 - github.com/klauspost/compress v1.13.3 - github.com/kr/pretty v0.2.1 // indirect - github.com/mattn/go-isatty v0.0.13 // indirect + github.com/klauspost/compress v1.13.6 + github.com/kr/text v0.2.0 // indirect + github.com/mattn/go-colorable v0.1.11 // indirect github.com/sirupsen/logrus v1.8.1 github.com/smartystreets/assertions v1.2.0 // indirect github.com/smartystreets/goconvey v1.6.4 - github.com/stretchr/testify v1.6.1 + github.com/stretchr/objx v0.3.0 // indirect + github.com/stretchr/testify v1.7.0 github.com/targodan/go-errors v1.0.0 github.com/urfave/cli/v2 v2.3.0 github.com/yeka/zip v0.0.0-20180914125537-d046722c6feb - golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97 - golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c + golang.org/x/crypto v0.0.0-20211115234514-b4de73f9ece8 + golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c + gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect + gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect ) diff --git a/go.sum b/go.sum index 5caa4af..e5682d6 100644 --- a/go.sum +++ b/go.sum @@ -34,6 +34,7 @@ github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:ma github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.1 h1:r/myEWzV9lfsM1tFLgDyu0atFtJ1fXn261LKYj/3DxU= github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -42,8 +43,8 @@ github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8 github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= -github.com/fatih/color v1.12.0 h1:mRhaKNwANqRgUBGKmnI5ZxEk7QXmjQeCcuYFMX2bfcc= -github.com/fatih/color v1.12.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM= +github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w= +github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= @@ -62,9 +63,6 @@ github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFU github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= -github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM= -github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= @@ -116,24 +114,26 @@ github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfV github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.13.3 h1:BtAvtV1+h0YwSVwWoYXMREPpYu9VzTJ9QDI1TEg/iQQ= -github.com/klauspost/compress v1.13.3/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= +github.com/klauspost/compress v1.13.6 h1:P76CopJELS0TiO2mebmnzgWaajssP/EszplttgQxcgc= +github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= -github.com/mattn/go-colorable v0.1.8 h1:c1ghPdyEDarC70ftn0y+A/Ee++9zz8ljHG1b13eJ0s8= -github.com/mattn/go-colorable v0.1.8/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= +github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= +github.com/mattn/go-colorable v0.1.11 h1:nQ+aFkoE2TMGc0b68U2OKSexC+eq46+XwZzWXHRmPYs= +github.com/mattn/go-colorable v0.1.11/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4= github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= -github.com/mattn/go-isatty v0.0.13 h1:qdl+GuBjcsKKDco5BsxPJlId98mSWNKqYA+Co0SC1yA= -github.com/mattn/go-isatty v0.0.13/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= +github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y= +github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= @@ -194,12 +194,13 @@ github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnIn github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.1.1 h1:2vfRuCMp5sSVIDSqO8oNnWJq7mPa6KVP3iPIwFBuy8A= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.3.0 h1:NGXK3lHquSN08v5vWalVI/L8XU9hdzE/G6xsrze47As= +github.com/stretchr/objx v0.3.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0= -github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= +github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/targodan/go-errors v1.0.0 h1:H1hZke3MN9+Z06n1l4O0dYsC5Sm2d3W4ZcIJjQDiKlg= github.com/targodan/go-errors v1.0.0/go.mod h1:xF0Z1lpYQlz9suJZl6dXny+ZeDuJer0F8HiuVqaYkh4= @@ -224,8 +225,8 @@ golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= -golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97 h1:/UOmuWzQfxxo9UtlXMwuQU8CMgg1eZXqTRwkSQJWKOI= -golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.0.0-20211115234514-b4de73f9ece8 h1:5QRxNnVsaJP6NAse0UdkRgL3zHMvCRRkrDVLNdNpdy4= +golang.org/x/crypto v0.0.0-20211115234514-b4de73f9ece8/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -292,8 +293,10 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c h1:F1jZWGFhYfh0Ci55sIpILtKKK8p3i2/krTr0H1rg74I= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c h1:DHcbWVXeY+0Y8HHKR+rbLwnoh2F4tNCY7rTiHJ30RmA= +golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -347,8 +350,9 @@ google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiq google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= @@ -357,8 +361,9 @@ gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= -gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo= +gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/lint.sh b/lint.sh new file mode 100755 index 0000000..ee09ef9 --- /dev/null +++ b/lint.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +revive -formatter stylish -config revive.toml -exclude vendor/... -exclude app/... ./... diff --git a/output/dumpStorage.go b/output/dumpStorage.go index 699deeb..46ac93b 100644 --- a/output/dumpStorage.go +++ b/output/dumpStorage.go @@ -42,12 +42,6 @@ type ReadableDumpStorage interface { Retrieve(ctx context.Context) <-chan *DumpOrError } -type fileDump struct { - Process *procio.ProcessInfo - Segment *procio.MemorySegmentInfo - Filename string -} - // ArchiveDumpStorage stores dumps using an Archiver. type ArchiveDumpStorage struct { archiver Archiver diff --git a/output/filtering.go b/output/filtering.go index 45e46ce..9647a62 100644 --- a/output/filtering.go +++ b/output/filtering.go @@ -418,7 +418,7 @@ func (p *anonymizedProcess) Info() (*procio.ProcessInfo, error) { } func (p *anonymizedProcess) Handle() interface{} { - return p.Handle() + return p.orig.Handle() } func (p *anonymizedProcess) MemorySegments() ([]*procio.MemorySegmentInfo, error) { @@ -430,13 +430,13 @@ func (p *anonymizedProcess) MemorySegments() ([]*procio.MemorySegmentInfo, error } func (p *anonymizedProcess) Suspend() error { - return p.Suspend() + return p.orig.Suspend() } func (p *anonymizedProcess) Resume() error { - return p.Resume() + return p.orig.Resume() } func (p *anonymizedProcess) Crash(method procio.CrashMethod) error { - return p.Crash(method) + return p.orig.Crash(method) } diff --git a/processScanner.go b/processScanner.go index cfb67f1..6056697 100644 --- a/processScanner.go +++ b/processScanner.go @@ -150,7 +150,7 @@ func (s *ProcessScanner) Scan() (<-chan *MemoryScanProgress, error) { func (s *ProcessScanner) EncounteredMemoryMappedFiles() []string { files := make([]string, 0, len(s.memoryMappedFiles)) - for f, _ := range s.memoryMappedFiles { + for f := range s.memoryMappedFiles { files = append(files, f) } return files diff --git a/procio/crash_enum.go b/procio/crash_enum.go index 5a80153..88a64ba 100644 --- a/procio/crash_enum.go +++ b/procio/crash_enum.go @@ -1,5 +1,8 @@ -// Code generated by go-enum -// DO NOT EDIT! +// Code generated by go-enum DO NOT EDIT. +// Version: +// Revision: +// Build Date: +// Built By: package procio @@ -9,7 +12,7 @@ import ( ) const ( - // CrashMethodCreateThreadOnNull is a CrashMethod of type CreateThreadOnNull + // CrashMethodCreateThreadOnNull is a CrashMethod of type CreateThreadOnNull. CrashMethodCreateThreadOnNull CrashMethod = iota ) @@ -27,7 +30,7 @@ func CrashMethodNames() []string { } var _CrashMethodMap = map[CrashMethod]string{ - 0: _CrashMethodName[0:18], + CrashMethodCreateThreadOnNull: _CrashMethodName[0:18], } // String implements the Stringer interface. @@ -39,8 +42,8 @@ func (x CrashMethod) String() string { } var _CrashMethodValue = map[string]CrashMethod{ - _CrashMethodName[0:18]: 0, - strings.ToLower(_CrashMethodName[0:18]): 0, + _CrashMethodName[0:18]: CrashMethodCreateThreadOnNull, + strings.ToLower(_CrashMethodName[0:18]): CrashMethodCreateThreadOnNull, } // ParseCrashMethod attempts to convert a string to a CrashMethod diff --git a/procio/memory.go b/procio/memory.go index c2a4927..3072345 100644 --- a/procio/memory.go +++ b/procio/memory.go @@ -44,8 +44,8 @@ type MemorySegmentInfo struct { State State `json:"state"` // Type contains the Type of the segment. - // Equivalence on windows: _MEMORY_BASIC_INFORMATION->Type - Type Type `json:"type"` + // Equivalence on windows: _MEMORY_BASIC_INFORMATION->SegmentType + Type SegmentType `json:"type"` // File contains the path to the mapped file, or empty string if // no file mapping is associated with this memory segment. @@ -195,22 +195,6 @@ func (p Permissions) IsMoreOrEquallyPermissiveThan(other Permissions) bool { return true } -// IsMorePermissiveThan returns true if the other Permissions is more permissive than -// this one. -// E.g. "rx" is more permissive than "r". -func (p Permissions) IsMorePermissiveThan(other Permissions) bool { - if other.Read && !p.Read { - return false - } - if other.Write && !p.Write { - return false - } - if other.Execute && !p.Execute { - return false - } - return !p.EqualTo(other) -} - // String returns the string representation of this Permissions. func (p Permissions) String() string { ret := "" @@ -246,7 +230,7 @@ Reserve */ type State int -// Type represents the type of a memory segment. +// SegmentType represents the type of a memory segment. /* ENUM( Image @@ -255,4 +239,4 @@ Private PrivateMapped ) */ -type Type int +type SegmentType int diff --git a/procio/memory_enum.go b/procio/memory_enum.go index 64b1db4..a0a2b0e 100644 --- a/procio/memory_enum.go +++ b/procio/memory_enum.go @@ -1,5 +1,8 @@ -// Code generated by go-enum -// DO NOT EDIT! +// Code generated by go-enum DO NOT EDIT. +// Version: +// Revision: +// Build Date: +// Built By: package procio @@ -9,69 +12,75 @@ import ( ) const ( - // StateCommit is a State of type Commit - StateCommit State = iota - // StateFree is a State of type Free - StateFree - // StateReserve is a State of type Reserve - StateReserve + // SegmentTypeImage is a SegmentType of type Image. + SegmentTypeImage SegmentType = iota + // SegmentTypeMapped is a SegmentType of type Mapped. + SegmentTypeMapped + // SegmentTypePrivate is a SegmentType of type Private. + SegmentTypePrivate + // SegmentTypePrivateMapped is a SegmentType of type PrivateMapped. + SegmentTypePrivateMapped ) -const _StateName = "CommitFreeReserve" +const _SegmentTypeName = "ImageMappedPrivatePrivateMapped" -var _StateNames = []string{ - _StateName[0:6], - _StateName[6:10], - _StateName[10:17], +var _SegmentTypeNames = []string{ + _SegmentTypeName[0:5], + _SegmentTypeName[5:11], + _SegmentTypeName[11:18], + _SegmentTypeName[18:31], } -// StateNames returns a list of possible string values of State. -func StateNames() []string { - tmp := make([]string, len(_StateNames)) - copy(tmp, _StateNames) +// SegmentTypeNames returns a list of possible string values of SegmentType. +func SegmentTypeNames() []string { + tmp := make([]string, len(_SegmentTypeNames)) + copy(tmp, _SegmentTypeNames) return tmp } -var _StateMap = map[State]string{ - 0: _StateName[0:6], - 1: _StateName[6:10], - 2: _StateName[10:17], +var _SegmentTypeMap = map[SegmentType]string{ + SegmentTypeImage: _SegmentTypeName[0:5], + SegmentTypeMapped: _SegmentTypeName[5:11], + SegmentTypePrivate: _SegmentTypeName[11:18], + SegmentTypePrivateMapped: _SegmentTypeName[18:31], } // String implements the Stringer interface. -func (x State) String() string { - if str, ok := _StateMap[x]; ok { +func (x SegmentType) String() string { + if str, ok := _SegmentTypeMap[x]; ok { return str } - return fmt.Sprintf("State(%d)", x) + return fmt.Sprintf("SegmentType(%d)", x) } -var _StateValue = map[string]State{ - _StateName[0:6]: 0, - strings.ToLower(_StateName[0:6]): 0, - _StateName[6:10]: 1, - strings.ToLower(_StateName[6:10]): 1, - _StateName[10:17]: 2, - strings.ToLower(_StateName[10:17]): 2, +var _SegmentTypeValue = map[string]SegmentType{ + _SegmentTypeName[0:5]: SegmentTypeImage, + strings.ToLower(_SegmentTypeName[0:5]): SegmentTypeImage, + _SegmentTypeName[5:11]: SegmentTypeMapped, + strings.ToLower(_SegmentTypeName[5:11]): SegmentTypeMapped, + _SegmentTypeName[11:18]: SegmentTypePrivate, + strings.ToLower(_SegmentTypeName[11:18]): SegmentTypePrivate, + _SegmentTypeName[18:31]: SegmentTypePrivateMapped, + strings.ToLower(_SegmentTypeName[18:31]): SegmentTypePrivateMapped, } -// ParseState attempts to convert a string to a State -func ParseState(name string) (State, error) { - if x, ok := _StateValue[name]; ok { +// ParseSegmentType attempts to convert a string to a SegmentType +func ParseSegmentType(name string) (SegmentType, error) { + if x, ok := _SegmentTypeValue[name]; ok { return x, nil } - return State(0), fmt.Errorf("%s is not a valid State, try [%s]", name, strings.Join(_StateNames, ", ")) + return SegmentType(0), fmt.Errorf("%s is not a valid SegmentType, try [%s]", name, strings.Join(_SegmentTypeNames, ", ")) } // MarshalText implements the text marshaller method -func (x State) MarshalText() ([]byte, error) { +func (x SegmentType) MarshalText() ([]byte, error) { return []byte(x.String()), nil } // UnmarshalText implements the text unmarshaller method -func (x *State) UnmarshalText(text []byte) error { +func (x *SegmentType) UnmarshalText(text []byte) error { name := string(text) - tmp, err := ParseState(name) + tmp, err := ParseSegmentType(name) if err != nil { return err } @@ -80,75 +89,69 @@ func (x *State) UnmarshalText(text []byte) error { } const ( - // TypeImage is a Type of type Image - TypeImage Type = iota - // TypeMapped is a Type of type Mapped - TypeMapped - // TypePrivate is a Type of type Private - TypePrivate - // TypePrivateMapped is a Type of type PrivateMapped - TypePrivateMapped + // StateCommit is a State of type Commit. + StateCommit State = iota + // StateFree is a State of type Free. + StateFree + // StateReserve is a State of type Reserve. + StateReserve ) -const _TypeName = "ImageMappedPrivatePrivateMapped" +const _StateName = "CommitFreeReserve" -var _TypeNames = []string{ - _TypeName[0:5], - _TypeName[5:11], - _TypeName[11:18], - _TypeName[18:31], +var _StateNames = []string{ + _StateName[0:6], + _StateName[6:10], + _StateName[10:17], } -// TypeNames returns a list of possible string values of Type. -func TypeNames() []string { - tmp := make([]string, len(_TypeNames)) - copy(tmp, _TypeNames) +// StateNames returns a list of possible string values of State. +func StateNames() []string { + tmp := make([]string, len(_StateNames)) + copy(tmp, _StateNames) return tmp } -var _TypeMap = map[Type]string{ - 0: _TypeName[0:5], - 1: _TypeName[5:11], - 2: _TypeName[11:18], - 3: _TypeName[18:31], +var _StateMap = map[State]string{ + StateCommit: _StateName[0:6], + StateFree: _StateName[6:10], + StateReserve: _StateName[10:17], } // String implements the Stringer interface. -func (x Type) String() string { - if str, ok := _TypeMap[x]; ok { +func (x State) String() string { + if str, ok := _StateMap[x]; ok { return str } - return fmt.Sprintf("Type(%d)", x) + return fmt.Sprintf("State(%d)", x) } -var _TypeValue = map[string]Type{ - _TypeName[0:5]: 0, - strings.ToLower(_TypeName[0:5]): 0, - _TypeName[5:11]: 1, - strings.ToLower(_TypeName[5:11]): 1, - _TypeName[11:18]: 2, - strings.ToLower(_TypeName[11:18]): 2, - _TypeName[18:31]: 3, - strings.ToLower(_TypeName[18:31]): 3, +var _StateValue = map[string]State{ + _StateName[0:6]: StateCommit, + strings.ToLower(_StateName[0:6]): StateCommit, + _StateName[6:10]: StateFree, + strings.ToLower(_StateName[6:10]): StateFree, + _StateName[10:17]: StateReserve, + strings.ToLower(_StateName[10:17]): StateReserve, } -// ParseType attempts to convert a string to a Type -func ParseType(name string) (Type, error) { - if x, ok := _TypeValue[name]; ok { +// ParseState attempts to convert a string to a State +func ParseState(name string) (State, error) { + if x, ok := _StateValue[name]; ok { return x, nil } - return Type(0), fmt.Errorf("%s is not a valid Type, try [%s]", name, strings.Join(_TypeNames, ", ")) + return State(0), fmt.Errorf("%s is not a valid State, try [%s]", name, strings.Join(_StateNames, ", ")) } // MarshalText implements the text marshaller method -func (x Type) MarshalText() ([]byte, error) { +func (x State) MarshalText() ([]byte, error) { return []byte(x.String()), nil } // UnmarshalText implements the text unmarshaller method -func (x *Type) UnmarshalText(text []byte) error { +func (x *State) UnmarshalText(text []byte) error { name := string(text) - tmp, err := ParseType(name) + tmp, err := ParseState(name) if err != nil { return err } diff --git a/procio/memory_linux.go b/procio/memory_linux.go index 2977245..1c0d8f7 100644 --- a/procio/memory_linux.go +++ b/procio/memory_linux.go @@ -131,12 +131,12 @@ func parseSegmentHead(line string) (*MemorySegmentInfo, error) { return seg, fmt.Errorf("permissions have invalid format, %w", err) } - var t Type + var t SegmentType switch matches[fieldPerms][3] { case 's': - t = TypeMapped + t = SegmentTypeMapped case 'p': - t = TypePrivate + t = SegmentTypePrivate perms.COW = true default: return seg, errors.Newf("invalid memory type \"%c\"", matches[fieldPerms][3]) @@ -154,8 +154,8 @@ func parseSegmentHead(line string) (*MemorySegmentInfo, error) { } seg.MappedFile = fileio.NewFile(fpath) - if seg.Type == TypePrivate { - seg.Type = TypePrivateMapped + if seg.Type == SegmentTypePrivate { + seg.Type = SegmentTypePrivateMapped } } diff --git a/procio/memory_windows.go b/procio/memory_windows.go index 1341666..22f270a 100644 --- a/procio/memory_windows.go +++ b/procio/memory_windows.go @@ -27,7 +27,7 @@ func LookupFilePathOfSegment(procHandle windows.Handle, seg *MemorySegmentInfo) // Only check root segments return "", nil } - if seg.Type == TypeImage { + if seg.Type == SegmentTypeImage { return win32.GetModuleFilenameExW(procHandle, windows.Handle(seg.BaseAddress)) } return "", nil @@ -105,14 +105,14 @@ func stateFromNative(state uint32) State { return State(state) } -func typeFromNative(t uint32) Type { +func typeFromNative(t uint32) SegmentType { switch t { case win32.MEM_IMAGE: - return TypeImage + return SegmentTypeImage case win32.MEM_MAPPED: - return TypeMapped + return SegmentTypeMapped case win32.MEM_PRIVATE: - return TypePrivate + return SegmentTypePrivate } - return Type(t) + return SegmentType(t) } diff --git a/procio/process.go b/procio/process.go index 2692059..c236140 100644 --- a/procio/process.go +++ b/procio/process.go @@ -1,7 +1,6 @@ package procio import ( - "errors" "fmt" "io" "sync" @@ -10,12 +9,12 @@ import ( ) // ErrProcIsSelf is returned when trying to suspend the current process. -var ErrProcIsSelf = errors.New("not supported on self") +var ErrProcIsSelf = fmt.Errorf("not supported on self") // ErrProcIsParent is returned when trying to suspend the immediate parent process. // Reason for this is the assumption that the parent process always is some form of // console, which needs to be running in order to handle IO. -var ErrProcIsParent = errors.New("not supported on parent") +var ErrProcIsParent = fmt.Errorf("not supported on parent") // ProcessInfo represents information about a Process. type ProcessInfo struct { diff --git a/revive.toml b/revive.toml new file mode 100644 index 0000000..b8ff3c2 --- /dev/null +++ b/revive.toml @@ -0,0 +1,59 @@ +ignoreGeneratedHeader = false +severity = "error" +confidence = 0.8 +errorCode = 1 +warningCode = 0 + +[rule.atomic] +[rule.blank-imports] +[rule.cognitive-complexity] + arguments = [17] + severity = "warning" +[rule.confusing-results] +[rule.constant-logical-expr] +[rule.context-as-argument] +[rule.context-keys-type] +# [rule.cyclomatic] +# arguments = [5] +[rule.defer] +[rule.dot-imports] +[rule.early-return] +[rule.empty-block] +[rule.empty-lines] +[rule.errorf] +[rule.error-naming] +[rule.error-return] +[rule.error-strings] +# [rule.exported] +# This is on the todo-list +[rule.get-return] +[rule.if-return] +[rule.import-shadowing] +[rule.imports-blacklist] + arguments = ["errors"] # Using fmt.Errorf instead to stay consistent +[rule.increment-decrement] +[rule.indent-error-flow] +[rule.optimize-operands-order] +# [rule.package-comments] +# This rule false-positives on every generator comment +[rule.range] +[rule.range-val-address] +[rule.range-val-in-closure] +[rule.receiver-naming] +[rule.redefines-builtin-id] +[rule.string-of-int] +[rule.struct-tag] +[rule.superfluous-else] +[rule.time-equal] +[rule.time-naming] +[rule.unconditional-recursion] +[rule.unexported-naming] +[rule.unexported-return] +# [rule.unhandled-error] +[rule.unnecessary-stmt] +[rule.unreachable-code] +# [rule.unused-parameter] +# [rule.unused-receiver] +[rule.useless-break] +[rule.var-declaration] +[rule.var-naming] diff --git a/service/service.go b/service/service.go index abe3b83..d0f6b86 100644 --- a/service/service.go +++ b/service/service.go @@ -4,7 +4,7 @@ import "fmt" type MainFunction func(args []string) error -var registeredMainFunction MainFunction = nil +var registeredMainFunction MainFunction func Initialize(mainFunc MainFunction) error { if registeredMainFunction != nil { diff --git a/system/cpuload_windows.go b/system/cpuload_windows.go index 4742df3..3f9a743 100644 --- a/system/cpuload_windows.go +++ b/system/cpuload_windows.go @@ -67,7 +67,12 @@ func (t *cpuLoadTracker) fifteenMinutesAvg() float64 { } func (t *cpuLoadTracker) track() { - // This function will never stop, sorry mom + // This function will never stop, sorry mom. + // This may not be gentlemanly but is okay because the track is only + // implementing a sort of profiler, intended to run during the entire + // execution time of yapscan. + // Thus it's only invoked as a goroutine in the init() function and + // will be garbage-collected by the go runtime during shutdown. lastIdleTicks, kernelTicks, userTicks, err := win32.GetSystemTimes() lastLoadTicks := kernelTicks + userTicks if err != nil { diff --git a/system/info.go b/system/info.go index abd333b..c6de72e 100644 --- a/system/info.go +++ b/system/info.go @@ -37,6 +37,8 @@ func GetInfo() (*Info, error) { var tmpErr error tmpInfo := new(Info) + // TODO: #16 This causes false detection if yapscan was compiled for 32-bit but run on a 64-bit + // system. tmpInfo.OSArch = arch.Native() tmpInfo.OSName, tmpInfo.OSVersion, tmpInfo.OSFlavour, tmpErr = getOSInfo() if tmpErr != nil { @@ -65,6 +67,7 @@ func GetInfo() (*Info, error) { if tmpErr != nil { err = errors.NewMultiError(err, fmt.Errorf("could not determine total Swap, reason: %w", tmpErr)) } + tmpInfo.NumCPUs = runtime.NumCPU() if err != nil { return tmpInfo, err @@ -86,7 +89,7 @@ func copyInfo(info *Info) *Info { OSArch: info.OSArch, Hostname: info.Hostname, IPs: ips, - NumCPUs: runtime.NumCPU(), + NumCPUs: info.NumCPUs, TotalRAM: info.TotalRAM, TotalSwap: info.TotalSwap, } diff --git a/system/info_linux.go b/system/info_linux.go index 33c7dc0..fa89296 100644 --- a/system/info_linux.go +++ b/system/info_linux.go @@ -22,12 +22,6 @@ func getOSInfo() (name, version, flavour string, err error) { } version = strings.TrimSpace(string(buf)) - cmd = exec.Command("uname", "-m") - buf, err = cmd.Output() - if err != nil { - return - } - cmd = exec.Command("uname", "-o") buf, err = cmd.Output() if err != nil { diff --git a/testutil/compiler.go b/testutil/compiler.go index edab2a6..7a73fbb 100644 --- a/testutil/compiler.go +++ b/testutil/compiler.go @@ -51,9 +51,8 @@ func (c *Compiler) Compile(ctx context.Context) error { exitErr, ok := err.(*exec.ExitError) if ok { return fmt.Errorf("could not build %s\n==== STDOUT ====\n%s\n==== STDERR ====\n%s", c.srcPath, output, exitErr.Stderr) - } else { - return fmt.Errorf("could not build %s, reason: %w", c.srcPath, err) } + return fmt.Errorf("could not build %s, reason: %w", c.srcPath, err) } c.compiled = true diff --git a/testutil/directory.go b/testutil/directory.go index 51a6833..3be7d69 100644 --- a/testutil/directory.go +++ b/testutil/directory.go @@ -1,7 +1,7 @@ package testutil import ( - "errors" + "fmt" "path/filepath" "runtime" ) @@ -9,7 +9,7 @@ import ( func GetProjectRoot() (string, error) { _, filename, _, ok := runtime.Caller(0) if !ok { - return "", errors.New("could not determine caller") + return "", fmt.Errorf("could not determine caller") } dir := filepath.Dir(filename) diff --git a/testutil/memory/api_linux.go b/testutil/memory/api_linux.go index 2dc2b4a..284c32e 100644 --- a/testutil/memory/api_linux.go +++ b/testutil/memory/api_linux.go @@ -43,7 +43,7 @@ func free(addr uintptr, size uint64) { C.munmap(unsafe.Pointer(addr), C.size_t(size)) } -func memset(addr uintptr, value byte, count uint64) { +func memset(addr uintptr, _ byte, count uint64) { C.memset(unsafe.Pointer(addr), 0xAA, C.size_t(count)) } diff --git a/yara.go b/yara.go index 95d1761..d522a96 100644 --- a/yara.go +++ b/yara.go @@ -372,6 +372,9 @@ func loadZippedRules(in io.ReaderAt, size int64) (*yara.Rules, error) { } t, rdr, err := detectRuleType(f) + if err != nil { + return nil, fmt.Errorf("invalid rules zip, reason: %v", err) + } switch t { case ruleTypeCompiled: if len(zipRdr.File) != 1 {