Fix #339.

microsoft · Jan 7, 2020 · e4e3526 · e4e3526
2 parents cf81a77 + 6249347
commit e4e3526
Show file tree

Hide file tree

Showing 7 changed files with 32 additions and 67 deletions.
diff --git a/Asa/Program.cs b/Asa/Program.cs
@@ -949,7 +949,7 @@ private static int RunMonitorCommand(MonitorCommandOptions opts)
                 }
                 catch (SqliteException ex)
                 {
-                    Log.Error(ex, Strings.Get("Err_CollectingFrom"), c.GetType().Name, ex.Message, ex.StackTrace);
+                    Log.Error(Strings.Get("Err_CollectingFrom"), c.GetType().Name, ex.Message, ex.StackTrace);
                     returnValue = 1;
                 }
             }
@@ -1412,7 +1412,7 @@ public static int RunCollectCommand(CollectCommandOptions opts)
                 }
                 catch (Exception e)
                 {
-                    Log.Error(e, Strings.Get("Err_CollectingFrom"), c.GetType().Name, e.Message, e.StackTrace);
+                    Log.Error(Strings.Get("Err_CollectingFrom"), c.GetType().Name, e.Message, e.StackTrace);
                     Dictionary<string, string> ExceptionEvent = new Dictionary<string, string>();
                     ExceptionEvent.Add("Exception Type", e.GetType().ToString());
                     ExceptionEvent.Add("Stack Trace", e.StackTrace);

diff --git a/Lib/Collectors/BaseCollector.cs b/Lib/Collectors/BaseCollector.cs
@@ -43,7 +43,7 @@ public void Execute()
                                     t.Minutes,
                                     t.Seconds,
                                     t.Milliseconds);
-            Log.Information(Strings.Get("Completed"), this.GetType().Name, answer);
+            Log.Debug(Strings.Get("Completed"), this.GetType().Name, answer);
 
             var prevFlush = DatabaseManager.WriteQueue.Count;
             var totFlush = prevFlush;
@@ -82,9 +82,8 @@ public void Execute()
                                     t.Minutes,
                                     t.Seconds,
                                     t.Milliseconds);
-            Log.Debug($"Completed flushing in {answer}");
+            Log.Debug("Completed flushing in {0}", answer);
 
-            Log.Debug("Committing data.");
             DatabaseManager.Commit();
             Stop();
         }

diff --git a/Lib/Collectors/UserAccountCollector.cs b/Lib/Collectors/UserAccountCollector.cs
@@ -252,21 +252,18 @@ private void ExecuteLinux()
                 accountDetails[username] = tempDict;
             }
 
-            var result = ExternalCommandRunner.RunExternalCommand("grep", "'^sudo:.*$' /etc/group | cut -d: -f4");
-
-            foreach (var _line in result.Split('\n'))
-            {
-                accountDetails[_line].Privileged = true;
-            }
-
             foreach (var username in accountDetails.Keys)
             {
                 // Admin user details
-                var groupsRaw = ExternalCommandRunner.RunExternalCommand("groups", "username");
+                var groupsRaw = ExternalCommandRunner.RunExternalCommand("groups", username);
 
-                var groups = result.Split(' ');
+                var groups = groupsRaw.Split(' ');
                 foreach (var group in groups)
                 {
+                    if (group.Equals("sudo"))
+                    {
+                        accountDetails[username].Privileged = true;
+                    }
                     accountDetails[username].Groups.Add(group);
                     if (Groups.ContainsKey(group))
                     {

diff --git a/Lib/Properties/Resources.resx b/Lib/Properties/Resources.resx
@@ -142,7 +142,7 @@
     <value>Enumerating Monitor Run Ids</value>
   </data>
   <data name="Err_CollectingFrom" xml:space="preserve">
-    <value>Error collecting from {1}: {2} {3}</value>
+    <value>Error collecting from {0}: {1} {2}</value>
   </data>
   <data name="Err_CouldntDetermineOneRun" xml:space="preserve">
     <value>Couldn't determine latest run id. Can't continue.</value>

diff --git a/Lib/Utils/DirectoryWalker.cs b/Lib/Utils/DirectoryWalker.cs
@@ -15,10 +15,13 @@ public static IEnumerable<string> WalkDirectory(string root)
             // Data structure to hold names of subfolders to be
             // examined for files.
             Stack<string> dirs = new Stack<string>();
+            // Master list of all directories seen, to prevent loops from Hard Links.
+            HashSet<string> dirsSet = new HashSet<string>();
 
             if (System.IO.Directory.Exists(root))
             {
                 dirs.Push(root);
+                dirsSet.Add(root);
             }
 
             while (dirs.Count > 0)
@@ -132,7 +135,15 @@ e is SecurityException
 
                     if (fileInfo != null)
                     {
-                        dirs.Push(dir);
+                        if (!dirsSet.Contains(dir))
+                        {
+                            dirs.Push(dir);
+                            dirsSet.Add(dir);
+                        }
+                        else
+                        {
+                            Log.Verbose("Loop detected. Skipping duplicate directory {0} as a subdirectory of {1}", dir, currentDir);
+                        }
                     }
                 }
             }

diff --git a/Lib/Utils/ExternalCommandRunner.cs b/Lib/Utils/ExternalCommandRunner.cs
@@ -9,50 +9,24 @@ namespace AttackSurfaceAnalyzer.Utils
 {
     public static class ExternalCommandRunner
     {
+        public static string RunExternalCommand(string command, params string[] args) => RunExternalCommand(command, string.Join(' ', args), true);
 
-        public static string RunExternalCommand(string command, params string[] args) => RunExternalCommand(command, args, true);
-
-        public static string RunExternalCommand(string command, string[] args, bool Redirect)
+        public static string RunExternalCommand(string filename, string arguments = null, bool Redirect = true)
         {
-            string result = default(string);
             using var process = new Process()
             {
                 StartInfo = new ProcessStartInfo
                 {
-                    FileName = command,
-                    Arguments = string.Join(' ', args),
+                    FileName = filename,
+                    Arguments = string.IsNullOrEmpty(arguments) ? string.Empty : arguments,
                     RedirectStandardOutput = Redirect,
                     RedirectStandardError = Redirect,
                     UseShellExecute = false,
-                    CreateNoWindow = false
+                    CreateNoWindow = true,
+                    WindowStyle = ProcessWindowStyle.Hidden
                 }
             };
-            Serilog.Log.Verbose("Running external command {0} {1}", command, Newtonsoft.Json.JsonConvert.SerializeObject(args));
-            process.Start();
-            if (Redirect)
-            {
-                result = process.StandardOutput.ReadToEnd();
-            }
-            process.WaitForExit();
-            return result;
-        }
-
-        public static string RunExternalCommand(string filename, string arguments = null)
-        {
-            using var process = new Process();
-
-            process.StartInfo.FileName = filename;
-            if (!string.IsNullOrEmpty(arguments))
-            {
-                process.StartInfo.Arguments = arguments;
-            }
-
-            process.StartInfo.CreateNoWindow = true;
-            process.StartInfo.WindowStyle = ProcessWindowStyle.Hidden;
-            process.StartInfo.UseShellExecute = false;
-
-            process.StartInfo.RedirectStandardError = true;
-            process.StartInfo.RedirectStandardOutput = true;
+
             var stdOutput = new StringBuilder();
             process.OutputDataReceived += (sender, args) => stdOutput.AppendLine(args.Data); // Use AppendLine rather than Append since args.Data is one line of output, not including the newline character.
 

diff --git a/Lib/Utils/NativeMethods.cs b/Lib/Utils/NativeMethods.cs
@@ -11,22 +11,6 @@
 
 namespace AttackSurfaceAnalyzer.Utils
 {
-    /****************************** Module Header ******************************\
-     Module Name:  NativeMethod.cs
-     Project:      CSUACSelfElevation
-     Copyright (c) Microsoft Corporation.
-
-     The P/Invoke signature some native Windows APIs used by the code sample.
-
-     This source is subject to the Microsoft Public License.
-     See http://www.microsoft.com/en-us/openness/resources/licenses.aspx#MPL
-     All other rights reserved.
-
-     THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, 
-     EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED 
-     WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.
-    \***************************************************************************/
-
     /// <summary>
     /// The TOKEN_INFORMATION_CLASS enumeration type contains values that 
     /// specify the type of information being assigned to or retrieved from 
@@ -605,11 +589,11 @@ enum WinVerifyTrustResult : uint
         private const uint FILE_FLAG_BACKUP_SEMANTICS = 0x2000000;
 
         [DllImport("Kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
-        static extern uint GetFinalPathNameByHandle(IntPtr hFile, [MarshalAs(UnmanagedType.LPTStr)] StringBuilder lpszFilePath, uint cchFilePath, uint dwFlags);
+        static extern uint GetFinalPathNameByHandle(IntPtr hFile, [MarshalAs(UnmanagedType.LPWStr)] StringBuilder lpszFilePath, uint cchFilePath, uint dwFlags);
 
         [DllImport("kernel32.dll", CharSet = CharSet.Auto, SetLastError = true)]
         public static extern IntPtr CreateFile(
-                [MarshalAs(UnmanagedType.LPTStr)] string filename,
+                [MarshalAs(UnmanagedType.LPWStr)] string filename,
                 [MarshalAs(UnmanagedType.U4)] uint access,
                 [MarshalAs(UnmanagedType.U4)] FileShare share,
                 IntPtr securityAttributes, // optional SECURITY_ATTRIBUTES struct or IntPtr.Zero