Split regex functions and non-regex functions #171
Conversation
|
I am writing docs now -- but here is the functionality. |
checks.go
Outdated
| // This check will always fail if the command returns an error. | ||
| func (c cond) CommandContains() (bool, error) { | ||
| c.requireArgs("Cmd", "Value") | ||
| out, err := shellCommandOutput(c.Cmd) | ||
| if c.Regex { | ||
| outTrim := strings.TrimSpace(out) | ||
| if err != nil { |
There was a problem hiding this comment.
Looks like err here doesn't get checked unless regex
checks.go
Outdated
| found, err = regexp.Match(c.Value, []byte(line)) | ||
| } else { | ||
| found = strings.Contains(line, c.Value) | ||
| } | ||
| if err != nil { |
There was a problem hiding this comment.
Same here, I think err check should be moved up to under regex match
There was a problem hiding this comment.
so just make sure each error != nil is always directly under the error causer?
checks.go
Outdated
| condFunc := "" | ||
| negation := false | ||
| cond.Regex = false |
There was a problem hiding this comment.
Setting condition regex as a boolean works since it's more nuanced than negation, although I think we should leave it unexported (like starting with a lowercase in the struct) which should prevent people from trying to set it in their config. That or raise an error, since if they have Regex = true but CommandContains not CommandContainsRegex then it won't be regex.
|
|
||
| // Ensure that condition type is a valid length | ||
| if len(cond.Type) <= len(not) { | ||
| if len(cond.Type) <= len(regex) { |
There was a problem hiding this comment.
That's unintuitive but should be valid. I think. Might catch us later if we have a very short check type name
checks.go
Outdated
| negation = true | ||
| condFunc = cond.Type[:len(cond.Type)-len(not)] | ||
| } else if cond.Type[len(cond.Type)-len(regex):len(cond.Type)] == regex { |
There was a problem hiding this comment.
Does this prevent doing RegexNot commands since it's an else if?
There was a problem hiding this comment.
Yeah it does currently -- my next push should check for and remove Not, then check for Regex and remove it
| > **Note**: We recommend you use the `Not` version of this check to score a program's version being different from its version at the beginning of the image. You can't guarantee that the latest version of the program you're scoring will be the same once your round is released, and it's unlikely that a competitor will intentionally downgrade a package. | ||
| > **Note**: We recommend you use the `Not` version of this check to score a program's version being different from its | ||
| > version at the beginning of the image. You can't guarantee that the latest version of the program you're scoring will | ||
| > be |
There was a problem hiding this comment.
Kind of weird single word line here?
|
|
||
| **FileContains**: pass if file contains regex | ||
| **FileContains**: pass if file contains a value |
There was a problem hiding this comment.
We still need documentation for FileContainsRegex and all the other *Regex checks right? Since I dont think you can 100% guess if all checks have a regex alternate
There was a problem hiding this comment.
Fair point thanks I definitely skimmed over the note block we should probably make that more readable at some point
| @@ -377,7 +425,10 @@ name = 'Administrators' | |||
| value = 'SeTimeZonePrivilege' | |||
| ``` | |||
|
|
|||
| > A list of URA and Constant Names (which are used in the config) [can be found here](https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/user-rights-assignment). On your local machine, check Local Security Policy > User Rights Assignments to see the current assignments. | |||
| > A list of URA and Constant Names (which are used in the | |||
| > | |||
There was a problem hiding this comment.
Sometimes the lint god is wrong
checks.go
Outdated
| @@ -51,7 +52,7 @@ func (c cond) requireArgs(args ...interface{}) { | |||
| v := reflect.ValueOf(c) | |||
| vType := v.Type() | |||
| for i := 0; i < v.NumField(); i++ { | |||
| if vType.Field(i).Name == "Type" { | |||
| if vType.Field(i).Name == "Type" || vType.Field(i).Name == "Regex" { | |||
There was a problem hiding this comment.
Should be lowercase here right?
No description provided.