Merge pull request #277 from losynix/refactor_analyze

Add an option to analyze all transfer types (and some refactoring)

Cargo.toml

@@ -62,4 +62,4 @@ overflow-checks = true
 strip = true
 
 [workspace.metadata]
-version = "0.1.6"
+version = "0.2.0"

client/kiosk/Makefile

@@ -1,5 +1,5 @@
 VER := $(shell grep 'Version' usbsas-kiosk/DEBIAN/control | cut -d' ' -f2)
-NWJS_VER=0.75.0
+NWJS_VER=0.78.1
 
 PKG=../../target/debian/usbsas-kiosk_$(VER)_amd64.deb
 

client/kiosk/usbsas-kiosk/DEBIAN/control

@@ -1,5 +1,5 @@
 Package: usbsas-kiosk
-Version: 0.1.5
+Version: 0.1.6
 Maintainer: usbsas
 Architecture: amd64
 Section: utility

client/python/comm.py

@@ -73,8 +73,8 @@ class CommUsbsas(Comm):
         "OpenPartition": proto_usbsas.RequestOpenPartition,
         "Partitions": proto_usbsas.RequestPartitions,
         "ReadDir": proto_usbsas.RequestReadDir,
-        "Report": proto_usbsas.RequestReport,
         "Wipe": proto_usbsas.RequestWipe,
+        "PostCopyCmd": proto_usbsas.RequestPostCopyCmd,
     }
     resp_types = {
         "AnalyzeDone": proto_usbsas.ResponseAnalyzeDone,
@@ -97,7 +97,6 @@ class CommUsbsas(Comm):
         "Partitions": proto_usbsas.ResponsePartitions,
         "PostCopyCmd": proto_usbsas.ResponsePostCopyCmd,
         "ReadDir": proto_usbsas.ResponseReadDir,
-        "Report": proto_usbsas.ResponseReport,
         "Wipe": proto_usbsas.ResponseWipe,
     }
     response_cls = proto_usbsas.Response
@@ -167,6 +166,3 @@ def imgdisk(self, busnum, devnum):
             ))
         return self.recv_resp()
 
-    def report(self):
-        self.send_req(proto_usbsas.RequestReport())
-        return self.recv_resp()

client/python/usbsas_transfer_example.py

@@ -23,9 +23,8 @@
 from proto.usbsas import proto3_pb2 as proto_usbsas
 
 usbsas_bin = "/usr/libexec/usbsas-usbsas"
+config_path = "../../config.example.toml"
 date = datetime.datetime.now()
-out_tar = "/tmp/usbsas_tmp_%s.tar" % str(date).replace(' ', '_')
-out_fs = "/tmp/usbsas_tmp_%s.fs" % str(date).replace(' ', '_')
 pid_usbsas = -1
 
 if not os.path.exists(usbsas_bin):
@@ -41,8 +40,6 @@ def start_usbsas():
     (parent_to_child_r, parent_to_child_w) = os.pipe()
     os.set_inheritable(child_to_parent_w, True)
     os.set_inheritable(parent_to_child_r, True)
-    with open(out_tar, mode='w'): pass
-    with open(out_fs, mode='w'): pass
     pid_usbsas = os.fork()
     if pid_usbsas < 0:
         print("fork error")
@@ -54,7 +51,7 @@ def start_usbsas():
         os.environ["INPUT_PIPE_FD"] = str(parent_to_child_r)
         os.environ["OUTPUT_PIPE_FD"] = str(child_to_parent_w)
         os.environ["RUST_LOG"] = "error"
-        os.execv(usbsas_bin, [usbsas_bin, out_tar, out_fs, "--analyze"])
+        os.execv(usbsas_bin, [usbsas_bin, "-c", config_path])
         sys.exit(0)
     os.close(parent_to_child_r)
     os.close(child_to_parent_w)
@@ -99,11 +96,10 @@ def copy_usb(comm, files, device):
         rep = comm.recv_resp()
         ok_or_exit(comm, rep, "error during copy")
         if isinstance(rep, proto_usbsas.ResponseCopyDone):
-            break
+            print("Transfer done")
+            print(json.dumps(json.loads(rep.report), indent=2))
+            return
         print(rep)
-    print("Transfer done")
-    rep = comm.report()
-    print(json.dumps(json.loads(rep.report), indent=2))
 
 def copy_net(comm, files, url):
     rep = comm.copy_files_net(selected=files, url=url)
@@ -113,11 +109,10 @@ def copy_net(comm, files, url):
         rep = comm.recv_resp()
         ok_or_exit(comm, rep, "error during copy")
         if isinstance(rep, proto_usbsas.ResponseCopyDone):
-            break
+            print("Transfer done")
+            print(json.dumps(json.loads(rep.report), indent=2))
+            return
         print(rep)
-    print("Transfer done")
-    rep = comm.report()
-    print(json.dumps(json.loads(rep.report), indent=2))
 
 def confirm_copy(devices):
     print('Copy all files from \n\"{}\"\nto\n\"{}\"\n? [Y/n]'.format(
@@ -140,8 +135,6 @@ def end(comm):
     comm.end()
     os.kill(pid_usbsas, signal.SIGTERM)
     os.waitpid(pid_usbsas, 0)
-    os.remove(out_tar)
-    os.remove(out_fs)
     sys.exit(0)
 
 def main():

client/web/static/i18n/en.json

@@ -5,6 +5,7 @@
     "confirm": "Confirm",
     "copy_cmd_start": "Running custom command",
     "copy_fromtar_tofs": "Creating filesystem",
+    "copy_fromtar_totar": "Creating clean archive",
     "copy_fs2dev_start": "Writing filesystem on output device",
     "copy_start": "Starting copy",
     "copy_upload_start": "Uploading archive",

client/web/static/i18n/fr.json

@@ -5,6 +5,7 @@
     "confirm": "Confirmer",
     "copy_cmd_start": "Exécution de la commande custom",
     "copy_fromtar_tofs": "Création du système de fichier",
+    "copy_fromtar_totar": "Création de l'archive",
     "copy_fs2dev_start": "Écriture du système de fichier sur la clé destination",
     "copy_start": "Préparation de la copie",
     "copy_upload_start": "Téléversement de l'archive",

client/web/static/js/script.js

@@ -712,7 +712,7 @@ function do_copy() {
           tbody.appendChild(nothing_tr);
           document.querySelector("#cancel-button").classList.remove("d-none");
           document.querySelector("#cancel-button").innerText = langDocument["return"];
-          for (let filtered_path of json.filtered_path) {
+          for (let filtered_path of json.report.filtered_files) {
             // Display filtered elements
             has_error = true;
             let tr_err = document.createElement("tr");
@@ -735,28 +735,30 @@ function do_copy() {
             tr_err.appendChild(name_td_err);
             tbody.appendChild(tr_err);
           }
-          for (let dirty_path of json.dirty_path) {
-            // Display dirty elements
-            has_error = true;
-            let tr_err = document.createElement("tr");
-            let status_td_err = document.createElement("td");
-            status_td_err.innerHTML = " ";
-            let format_status_icon_err = document.createElement("i");
-            format_status_icon_err.classList.add("fas");
-            format_status_icon_err.classList.add("fa-times");
-            format_status_icon_err.classList.add("text-danger");
-            status_td_err.insertBefore(format_status_icon_err, status_td_err.firstChild);
-            tr_err.appendChild(status_td_err);
-            let name_td_err = document.createElement("td");
-            let p_err = document.createElement("p");
-            p_err.classList.add("text-danger");
-            p_err.innerHTML = "<strong data-langkey=\"filterav\">" + langDocument["filterav"] + "</strong>";
-            let span_err = document.createElement("span");
-            span_err.innerText = dirty_path;
-            p_err.appendChild(span_err);
-            name_td_err.appendChild(p_err);
-            tr_err.appendChild(name_td_err);
-            tbody.appendChild(tr_err);
+          for (let path in json.report.analyzer_report.files) {
+            if (json.report.analyzer_report.files[path].status === "DIRTY") {
+              // Display dirty elements
+              has_error = true;
+              let tr_err = document.createElement("tr");
+              let status_td_err = document.createElement("td");
+              status_td_err.innerHTML = "&nbsp;";
+              let format_status_icon_err = document.createElement("i");
+              format_status_icon_err.classList.add("fas");
+              format_status_icon_err.classList.add("fa-times");
+              format_status_icon_err.classList.add("text-danger");
+              status_td_err.insertBefore(format_status_icon_err, status_td_err.firstChild);
+              tr_err.appendChild(status_td_err);
+              let name_td_err = document.createElement("td");
+              let p_err = document.createElement("p");
+              p_err.classList.add("text-danger");
+              p_err.innerHTML = "<strong data-langkey=\"filterav\">" + langDocument["filterav"] + "</strong>";
+              let span_err = document.createElement("span");
+              span_err.innerText = path;
+              p_err.appendChild(span_err);
+              name_td_err.appendChild(p_err);
+              tr_err.appendChild(name_td_err);
+              tbody.appendChild(tr_err);
+            }
           }
           set_state("WAIT_REMOVAL");
           break;
@@ -783,7 +785,7 @@ function do_copy() {
         case "final_report":
           elements[elements.length - 1].icon.classList.remove("spinner-border");
           elements[elements.length - 1].icon.classList.add("fa-check");
-          for (let error_path of json.error_path) {
+          for (let error_path of json.report.error_files) {
             // Display failed elements
             has_error = true;
             let tr_err = document.createElement("tr");
@@ -807,7 +809,7 @@ function do_copy() {
             tr_err.appendChild(name_td_err);
             tbody.appendChild(tr_err);
           }
-          for (let filtered_path of json.filtered_path) {
+          for (let filtered_path of json.report.filtered_files) {
             // Display failed elements
             has_error = true;
             let tr_err = document.createElement("tr");
@@ -831,29 +833,31 @@ function do_copy() {
             tr_err.appendChild(name_td_err);
             tbody.appendChild(tr_err);
           }
-          for (let dirty_path of json.dirty_path) {
-            // Display failed elements
-            has_error = true;
-            let tr_err = document.createElement("tr");
-            let status_td_err = document.createElement("td");
-            status_td_err.innerHTML = "&nbsp;";
-            let format_status_icon_err = document.createElement("i");
-            format_status_icon_err.classList.add("fas");
-            format_status_icon_err.classList.add("fa-times");
-            format_status_icon_err.classList.add("text-danger");
-            status_td_err.insertBefore(format_status_icon_err, status_td_err.firstChild);
-            tr_err.appendChild(status_td_err);
-
-            let name_td_err = document.createElement("td");
-            let p_err = document.createElement("p");
-            p_err.classList.add("text-danger");
-            p_err.innerHTML = "<strong data-langkey=\"filterav\">" + langDocument["filterav"] + "</strong>";
-            let span_err = document.createElement("span");
-            span_err.innerText = dirty_path;
-            p_err.appendChild(span_err);
-            name_td_err.appendChild(p_err);
-            tr_err.appendChild(name_td_err);
-            tbody.appendChild(tr_err);
+          for (let path in json.report.analyzer_report.files) {
+            if (json.report.analyzer_report.files[path].status === "DIRTY") {
+               // Display dirty elements
+               has_error = true;
+               let tr_err = document.createElement("tr");
+               let status_td_err = document.createElement("td");
+               status_td_err.innerHTML = "&nbsp;";
+               let format_status_icon_err = document.createElement("i");
+               format_status_icon_err.classList.add("fas");
+               format_status_icon_err.classList.add("fa-times");
+               format_status_icon_err.classList.add("text-danger");
+               status_td_err.insertBefore(format_status_icon_err, status_td_err.firstChild);
+               tr_err.appendChild(status_td_err);
+
+               let name_td_err = document.createElement("td");
+               let p_err = document.createElement("p");
+               p_err.classList.add("text-danger");
+               p_err.innerHTML = "<strong data-langkey=\"filterav\">" + langDocument["filterav"] + "</strong>";
+               let span_err = document.createElement("span");
+               span_err.innerText = path;
+               p_err.appendChild(span_err);
+               name_td_err.appendChild(p_err);
+               tr_err.appendChild(name_td_err);
+               tbody.appendChild(tr_err);
+            }
           }
           break;
         case "fatal_error":

config.example.toml

@@ -64,9 +64,14 @@ command_args = [
 # Remote analyzer server. (Optional)
 # Like for network destination below, kerberos authentication can be enabled.
 # An analyzer report can optionally be written on the destination device.
+# Analyzing files can be enabled/disabled based on destination (usb, net (upload)
+# or cmd (command)).
 [analyzer]
 url = "http://127.0.0.1:8042/api/scanbundle"
 #krb_service_name = "[email protected]"
+analyze_usb = true
+analyze_net = true
+analyze_cmd = true
 
 
 # Command to execute after a transfer. (Optional)

usbsas-analyzer-server/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "usbsas-analyzer-server"
 description = "usbsas analyzer server (with clamav)"
-version = "0.1.3"
+version = "0.1.4"
 edition = "2021"
 license = "GPL-3.0"
 

usbsas-analyzer-server/src/main.rs

@@ -145,7 +145,10 @@ impl AppState {
         &self,
         mut body: web::Payload,
     ) -> Result<(String, String), actix_web::Error> {
+        #[cfg(not(feature = "integration-tests"))]
         let bundle_id = uuid::Uuid::new_v4().simple().to_string();
+        #[cfg(feature = "integration-tests")]
+        let bundle_id = "bundle_test".into();
         let out_file_name = format!("{}/{}.tar", self.working_dir.lock().unwrap(), bundle_id);
         let mut out_file = fs::File::create(out_file_name.clone()).unwrap();
 

usbsas-cmdexec/Cargo.toml

@@ -1,10 +1,11 @@
 [package]
 name = "usbsas-cmdexec"
-version = "0.1.2"
+version = "0.1.3"
 edition = "2021"
 license = "GPL-3.0"
 
 [dependencies]
+byteorder = "1.4"
 env_logger = "0.10"
 log = "0.4"
 thiserror = "1.0"

usbsas-cmdexec/src/lib.rs

@@ -3,6 +3,7 @@
 //! This process will execute the target command specified in the configuration
 //! file with the output of the transfer as argument.
 
+use byteorder::ReadBytesExt;
 use log::{error, info, trace};
 use std::process::{Command, Stdio};
 use thiserror::Error;
@@ -81,8 +82,24 @@ struct RunningState {
 struct WaitEndState {}
 
 impl InitState {
-    fn run(self, _comm: &mut Comm<proto::cmdexec::Request>) -> Result<State> {
+    fn run(mut self, comm: &mut Comm<proto::cmdexec::Request>) -> Result<State> {
         let config = conf_parse(&conf_read(&self.config_path)?)?;
+
+        match comm.read_u8()? {
+            // Nothing to do, exit
+            0 => return Ok(State::WaitEnd(WaitEndState {})),
+            // Use provided tar path
+            1 => (),
+            // Files of this transfer were analyzed, use clean tar path
+            2 => self.out_tar = format!("{}_clean.tar", self.out_tar.trim_end_matches(".tar")),
+            _ => {
+                error!("bad unlock value");
+                return Ok(State::WaitEnd(WaitEndState {}));
+            }
+        }
+
+        log::trace!("unlocked, using archive {}", self.out_tar);
+
         Ok(State::Running(RunningState {
             out_tar: self.out_tar,
             out_fs: self.out_fs,

usbsas-config/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "usbsas-config"
-version = "0.1.4"
+version = "0.1.5"
 edition = "2021"
 license = "GPL-3.0"
 

usbsas-config/src/lib.rs

@@ -44,6 +44,9 @@ pub struct PathFilter {
 pub struct Analyzer {
     pub url: String,
     pub krb_service_name: Option<String>,
+    pub analyze_usb: bool,
+    pub analyze_net: bool,
+    pub analyze_cmd: bool,
 }
 
 #[derive(Debug, Deserialize)]

usbsas-files2tar/Cargo.toml

@@ -1,11 +1,10 @@
 [package]
 name = "usbsas-files2tar"
-version = "0.1.2"
+version = "0.1.3"
 edition = "2021"
 license = "GPL-3.0"
 
 [dependencies]
-byteorder = "1.4"
 env_logger = "0.10"
 log = "0.4"
 tar = "0.4"