|
|
|
|
@ -44,6 +44,7 @@ type Config struct { |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
var initMode bool |
|
|
|
|
var initFile string |
|
|
|
|
var updateFile string |
|
|
|
|
var migrateMode bool |
|
|
|
|
var newKey bool |
|
|
|
|
@ -52,7 +53,8 @@ var dbMutex sync.Mutex |
|
|
|
|
|
|
|
|
|
func main() { |
|
|
|
|
flag.BoolVar(&initMode, "init", false, "initialize and populate allowed executable database") |
|
|
|
|
flag.StringVar(&updateFile, "update", "", "add specified file to allowed database with hash") |
|
|
|
|
flag.StringVar(&initFile, "initFile", "", "file containing files to add to allowed database with hash") |
|
|
|
|
flag.StringVar(&updateFile, "update", "", "add specified file to allowed database with hash") |
|
|
|
|
flag.BoolVar(&migrateMode, "migrate", false, "recompute hashes of all allowed paths using current settings") |
|
|
|
|
flag.BoolVar(&newKey, "newKey", false, "generate a new XXTEA-compatible encryption key") |
|
|
|
|
flag.Parse() |
|
|
|
|
@ -94,6 +96,16 @@ func main() { |
|
|
|
|
|
|
|
|
|
createTable(db) |
|
|
|
|
|
|
|
|
|
if initFile != "" { |
|
|
|
|
absPath, err := filepath.Abs(initFile) |
|
|
|
|
if err != nil { |
|
|
|
|
log.Fatalf("Invalid init file path: %v", err) |
|
|
|
|
os.Exit(1) // Exit with status code 1
|
|
|
|
|
} |
|
|
|
|
runInit(db, absPath) |
|
|
|
|
return |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if updateFile != "" { |
|
|
|
|
absPath, err := filepath.Abs(updateFile) |
|
|
|
|
if err != nil { |
|
|
|
|
@ -155,6 +167,31 @@ func createTable(db *sql.DB) { |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
func readFile(db *sql.DB, input *os.File) { |
|
|
|
|
defer input.Close() |
|
|
|
|
|
|
|
|
|
scanner := bufio.NewScanner(input) |
|
|
|
|
for scanner.Scan() { |
|
|
|
|
line := strings.TrimSpace(scanner.Text()) |
|
|
|
|
if line != "" { |
|
|
|
|
time.Sleep(time.Duration(100) * time.Millisecond) |
|
|
|
|
addToAllowed(db, line) |
|
|
|
|
log.Printf("Migrated path: %s", line) |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
if err := scanner.Err(); err != nil { |
|
|
|
|
log.Printf("Error reading Migrate file: %v", err) |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
func runInit(db *sql.DB, path string) { |
|
|
|
|
input, err := os.Open(path) |
|
|
|
|
if err != nil { |
|
|
|
|
log.Fatalf("Failed to open temp file: %v", err) |
|
|
|
|
} |
|
|
|
|
readFile(db, input) |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
func runMigration(db *sql.DB) { |
|
|
|
|
tempFile := "Migrate" |
|
|
|
|
|
|
|
|
|
@ -178,27 +215,12 @@ func runMigration(db *sql.DB) { |
|
|
|
|
} |
|
|
|
|
_, _ = fmt.Fprintln(f, path) |
|
|
|
|
} |
|
|
|
|
f.Close() // make sure it can be read next
|
|
|
|
|
|
|
|
|
|
// Reopen to read
|
|
|
|
|
input, err := os.Open(f.Name()) |
|
|
|
|
if err != nil { |
|
|
|
|
log.Fatalf("Failed to open temp file: %v", err) |
|
|
|
|
} |
|
|
|
|
defer input.Close() |
|
|
|
|
|
|
|
|
|
scanner := bufio.NewScanner(input) |
|
|
|
|
for scanner.Scan() { |
|
|
|
|
line := strings.TrimSpace(scanner.Text()) |
|
|
|
|
if line != "" { |
|
|
|
|
time.Sleep(time.Duration(1) * 100 * time.Millisecond) |
|
|
|
|
addToAllowed(db, line) |
|
|
|
|
log.Printf("Migrated path: %s", line) |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
if err := scanner.Err(); err != nil { |
|
|
|
|
log.Printf("Error reading Migrate file: %v", err) |
|
|
|
|
} |
|
|
|
|
// Seek back to start instead of closing/reopening
|
|
|
|
|
if _, err := f.Seek(0, 0); err != nil { |
|
|
|
|
log.Fatalf("Failed to seek file: %v", err) |
|
|
|
|
}
|
|
|
|
|
readFile(db, f) |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
func isAllowed(db *sql.DB, path string) bool { |
|
|
|
|
|
Robert
7 months ago