Gfs/#579 (#582)

gfs · web-flow · commit e7cc357c64bb · 2021-05-25T18:22:30.000-07:00
* Set version to '2.4-alpha' * Update Readme.md (#581) * Update README.md * Some cleanup * Update OpenPortCollector.cs * Update CommandOptions.cs * Fix Getting Process Names * Update EventLogCollector.cs * Update FileSystemMonitor.cs * Update CollectorTests.cs * Update CollectorTests.cs * Update CollectorTests.cs * Update CollectorTests.cs * Update version.json * Update version.json
diff --git a/Cli/Components/CollectorOptions/FileCollectorOptions.razor b/Cli/Components/CollectorOptions/FileCollectorOptions.razor
@@ -24,9 +24,9 @@
         <div class="form-row">
             <div class="col-9 mb-1">
                 <select class="form-control @directorySelectElementGlowClass.ClassName" id="selectedDirectoriesList" @bind="SelectedDirectoryTop">
-                    @for (var i = 0; i < appData.CollectOptions.SelectedDirectories.Count; i++)
+                    @for (var i = 0; i < appData.CollectOptions.SelectedDirectories.Count(); i++)
                     {
-                        <option value="@i">@appData.CollectOptions.SelectedDirectories[i]</option>
+                        <option value="@i">@appData.CollectOptions.SelectedDirectories.ToList()[i]</option>
                     }
                 </select>
             </div>
@@ -71,17 +71,17 @@
 
     void RemoveInputFromList()
     {
-        if (appData.CollectOptions.SelectedDirectories.Count > SelectedDirectoryTop)
+        if (appData.CollectOptions.SelectedDirectories.Count() > SelectedDirectoryTop)
         {
-            appData.CollectOptions.SelectedDirectories.RemoveAt(SelectedDirectoryTop);
+            appData.CollectOptions.SelectedDirectories = appData.CollectOptions.SelectedDirectories.Except(appData.CollectOptions.SelectedDirectories.Skip(SelectedDirectoryTop-1).Take(1));
             Helper.ToggleGlow(() => InvokeAsync(StateHasChanged), directorySelectElementGlowClass, false);
         }
     }
 
     void PushInputToList()
     {
-        appData.CollectOptions.SelectedDirectories.Add(SelectedDirectoryInput);
-        SelectedDirectoryTop = appData.CollectOptions.SelectedDirectories.Count - 1;
+        appData.CollectOptions.SelectedDirectories = appData.CollectOptions.SelectedDirectories.Union(new string[] { SelectedDirectoryInput });
+        SelectedDirectoryTop = appData.CollectOptions.SelectedDirectories.Count() - 1;
         Helper.ToggleGlow(() => InvokeAsync(StateHasChanged), directorySelectElementGlowClass, true);
         SelectedDirectoryInput = string.Empty;
     }
diff --git a/Cli/Components/CollectorOptions/RegistryCollectorOptions.razor b/Cli/Components/CollectorOptions/RegistryCollectorOptions.razor
@@ -23,9 +23,9 @@
         <div class="form-row">
             <div class="col-9 mb-1">
                 <select class="form-control @directorySelectElementGlowClass.ClassName" id="selectedPathsList" @bind="SelectedHiveTop">
-                    @for (var i = 0; i < appData.CollectOptions.SelectedHives.Count; i++)
+                    @for (var i = 0; i < appData.CollectOptions.SelectedHives.Count(); i++)
                     {
-                        <option value="@i">@appData.CollectOptions.SelectedHives[i]</option>
+                        <option value="@i">@appData.CollectOptions.SelectedHives.ToList()[i]</option>
                     }
                 </select>
             </div>
@@ -44,14 +44,14 @@
 
     void RemoveInputFromList()
     {
-        appData.CollectOptions.SelectedHives.RemoveAt(SelectedHiveTop);
+        appData.CollectOptions.SelectedHives = appData.CollectOptions.SelectedDirectories.Except(appData.CollectOptions.SelectedDirectories.Skip(SelectedHiveTop-1).Take(1));
         Helper.ToggleGlow(() => InvokeAsync(StateHasChanged), directorySelectElementGlowClass, false);
     }
 
     void PushInputToList()
     {
-        appData.CollectOptions.SelectedHives.Add(SelectedHiveInput);
-        SelectedHiveTop = appData.CollectOptions.SelectedHives.Count - 1;
+        appData.CollectOptions.SelectedHives = appData.CollectOptions.SelectedHives.Union(new string[] { SelectedHiveInput });
+        SelectedHiveTop = appData.CollectOptions.SelectedHives.Count() - 1;
         Helper.ToggleGlow(() => InvokeAsync(StateHasChanged), directorySelectElementGlowClass, true);
         SelectedHiveInput = string.Empty;
     }
diff --git a/Cli/Components/MonitorOptions/FileMonitorOptions.razor b/Cli/Components/MonitorOptions/FileMonitorOptions.razor
@@ -30,9 +30,9 @@
         <div class="form-row">
             <div class="col-9 mb-1">
                 <select class="form-control @directorySelectElementGlowClass.ClassName" id="selectedDirectoriesList" @bind="SelectedDirectoryTop">
-                    @for (var i = 0; i < appData.MonitorOptions.MonitoredDirectories.Count; i++)
+                    @for (var i = 0; i < appData.MonitorOptions.MonitoredDirectories.Count(); i++)
                     {
-                        <option value="@i">@appData.MonitorOptions.MonitoredDirectories[i]</option>
+                        <option value="@i">@appData.MonitorOptions.MonitoredDirectories.ToList()[i]</option>
                     }
                 </select>
             </div>
@@ -51,14 +51,14 @@
 
     void RemoveInputFromList()
     {
-        appData.MonitorOptions.MonitoredDirectories.RemoveAt(SelectedDirectoryTop);
+        appData.MonitorOptions.MonitoredDirectories = appData.MonitorOptions.MonitoredDirectories.Except(appData.MonitorOptions.MonitoredDirectories.Skip(SelectedDirectoryTop-1).Take(1));
         Helper.ToggleGlow(() => InvokeAsync(StateHasChanged), directorySelectElementGlowClass, false);
     }
 
     void PushInputToList()
     {
-        appData.MonitorOptions.MonitoredDirectories.Add(SelectedDirectoryInput);
-        SelectedDirectoryTop = appData.MonitorOptions.MonitoredDirectories.Count - 1;
+        appData.MonitorOptions.MonitoredDirectories = appData.MonitorOptions.MonitoredDirectories.Union(new string[] { SelectedDirectoryInput });
+        SelectedDirectoryTop = appData.MonitorOptions.MonitoredDirectories.Count() - 1;
         Helper.ToggleGlow(() => InvokeAsync(StateHasChanged), directorySelectElementGlowClass, true);
         SelectedDirectoryInput = string.Empty;
     }
diff --git a/Lib/Collectors/EventLogCollector.cs b/Lib/Collectors/EventLogCollector.cs
@@ -189,6 +189,10 @@ public void ExecuteMacOs(CancellationToken cancellationToken)
         [System.Diagnostics.CodeAnalysis.SuppressMessage("Design", "CA1031:Do not catch general exception types", Justification = "Official documentation for this functionality does not specify what exceptions it throws. https://docs.microsoft.com/en-us/dotnet/api/system.diagnostics.eventlogentrycollection?view=netcore-3.0")]
         public void ExecuteWindows(CancellationToken cancellationToken)
         {
+            if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+            {
+                return;
+            }
             void ParseWindowsLog(EventLogEntry entry)
             {
                 if (opts.GatherVerboseLogs || entry.EntryType.ToString() == "Warning" || entry.EntryType.ToString() == "Error")
diff --git a/Lib/Collectors/FileSystemMonitor.cs b/Lib/Collectors/FileSystemMonitor.cs
@@ -83,7 +83,7 @@ public FileSystemMonitor(MonitorCommandOptions opts, Action<FileMonitorObject> c
                 GatherHashes = options.GatherHashes,
             });
 
-            foreach (var dir in options.MonitoredDirectories.Count > 0 ? options.MonitoredDirectories : fsc.Roots.ToList())
+            foreach (var dir in (options?.MonitoredDirectories.Any() is true) ? options.MonitoredDirectories : fsc.Roots.ToList())
             {
                 foreach (var filter in defaultFiltersList)
                 {
diff --git a/Lib/Collectors/OpenPortCollector.cs b/Lib/Collectors/OpenPortCollector.cs
@@ -191,10 +191,8 @@ internal void ExecuteWindows(CancellationToken cancellationToken)
                 {
                     Address = endpoint.Address.ToString(),
                 };
-                foreach (ProcessPort p in Win32ProcessPorts.ProcessPortMap.FindAll(x => x.PortNumber == endpoint.Port))
-                {
-                    obj.ProcessName = p.ProcessName;
-                }
+
+                obj.ProcessName = Win32ProcessPorts.ProcessPortMap.Find(x => x.PortNumber == endpoint.Port)?.ProcessName;
 
                 HandleChange(obj);
             }
diff --git a/Lib/Objects/CommandOptions.cs b/Lib/Objects/CommandOptions.cs
@@ -119,13 +119,13 @@ public class CollectorOptions : CommandOptions
         public string? RunId { get; set; }
 
         [Option("directories", Required = false, HelpText = "comma separated list of paths to scan with FileSystemCollector", Separator = ',')]
-        public List<string> SelectedDirectories { get; set; } = new List<string>();
+        public IEnumerable<string> SelectedDirectories { get; set; } = new List<string>();
 
         [Option("skip-directories", Required = false, HelpText = "comma separated list of paths to skip with FileSystemCollector", Separator = ',')]
-        public List<string> SkipDirectories { get; set; } = new List<string>();
+        public IEnumerable<string> SkipDirectories { get; set; } = new List<string>();
 
         [Option("hives", Required = false, HelpText = "comma separated list of hives and subkeys to search.", Separator = ',')]
-        public List<string> SelectedHives { get; set; } = new List<string>();
+        public IEnumerable<string> SelectedHives { get; set; } = new List<string>();
 
         [Option(HelpText = "Force singlethreaded collectors.")]
         public bool SingleThread { get; set; }
@@ -276,7 +276,7 @@ public class GuidedModeCommandOptions : CollectorOptions
         public bool FileNamesOnly { get; set; }
 
         [Option(HelpText = "Comma-separated list of directories to monitor.", Separator = ',')]
-        public List<string> MonitoredDirectories { get; set; } = new List<string>();
+        public IEnumerable<string> MonitoredDirectories { get; set; } = new List<string>();
 
         [Option(HelpText = "Directory to output to.")]
         public string? OutputPath { get; set; }
@@ -304,7 +304,7 @@ public class MonitorCommandOptions : CommandOptions
         public bool GatherHashes { get; set; }
 
         [Option('d', "directories", Required = false, HelpText = "Comma-separated list of directories to monitor.", Separator = ',')]
-        public List<string> MonitoredDirectories { get; set; } = new List<string>();
+        public IEnumerable<string> MonitoredDirectories { get; set; } = new List<string>();
 
         //[Option('r', "registry", Required = false, HelpText = "Monitor the registry for changes. (Windows Only)")]
         //public bool EnableRegistryMonitor { get; set; }
diff --git a/Lib/Utils/Win32OpenPortListenerHelper.cs b/Lib/Utils/Win32OpenPortListenerHelper.cs
@@ -29,7 +29,7 @@ public static List<ProcessPort> ProcessPortMap
             }
         }
 
-        private static List<ProcessPort> CachedProcessPortMap = new List<ProcessPort>();
+        private static List<ProcessPort>? CachedProcessPortMap = null;
 
         /// <summary>
         ///     This method distills the output from netstat -a -n -o into a list of ProcessPorts that provide
diff --git a/Tests/CollectorTests.cs b/Tests/CollectorTests.cs
@@ -507,7 +507,7 @@ public void TestUserCollectorWindows()
             {
                 Assert.IsTrue(AsaHelpers.IsAdmin());
                 var user = System.Guid.NewGuid().ToString().Substring(0, 10);
-                var password = "$" + CryptoHelpers.GetRandomString(13);
+                var password = $"$A4%b^6a_";
 
                 var cmd = string.Format("user /add {0} {1}", user, password);
                 ExternalCommandRunner.RunExternalCommand("net", cmd);
diff --git a/version.json b/version.json
@@ -16,4 +16,4 @@
   "release": {
     "branchName": "release/v{version}"
   }
-}
+}

Original file line number	Diff line number	Diff line change
`@@ -24,9 +24,9 @@`
`24`	`24`	`<div class="form-row">`
`25`	`25`	`<div class="col-9 mb-1">`
`26`	`26`	`<select class="form-control @directorySelectElementGlowClass.ClassName" id="selectedDirectoriesList" @bind="SelectedDirectoryTop">`
`27`		`- @for (var i = 0; i < appData.CollectOptions.SelectedDirectories.Count; i++)`
	`27`	`+ @for (var i = 0; i < appData.CollectOptions.SelectedDirectories.Count(); i++)`
`28`	`28`	`{`
`29`		`- <option value="@i">@appData.CollectOptions.SelectedDirectories[i]</option>`
	`29`	`+ <option value="@i">@appData.CollectOptions.SelectedDirectories.ToList()[i]</option>`
`30`	`30`	`}`
`31`	`31`	`</select>`
`32`	`32`	`</div>`
`@@ -71,17 +71,17 @@`
`71`	`71`
`72`	`72`	`void RemoveInputFromList()`
`73`	`73`	`{`
`74`		`- if (appData.CollectOptions.SelectedDirectories.Count > SelectedDirectoryTop)`
	`74`	`+ if (appData.CollectOptions.SelectedDirectories.Count() > SelectedDirectoryTop)`
`75`	`75`	`{`
`76`		`- appData.CollectOptions.SelectedDirectories.RemoveAt(SelectedDirectoryTop);`
	`76`	`+ appData.CollectOptions.SelectedDirectories = appData.CollectOptions.SelectedDirectories.Except(appData.CollectOptions.SelectedDirectories.Skip(SelectedDirectoryTop-1).Take(1));`
`77`	`77`	`Helper.ToggleGlow(() => InvokeAsync(StateHasChanged), directorySelectElementGlowClass, false);`
`78`	`78`	`}`
`79`	`79`	`}`
`80`	`80`
`81`	`81`	`void PushInputToList()`
`82`	`82`	`{`
`83`		`- appData.CollectOptions.SelectedDirectories.Add(SelectedDirectoryInput);`
`84`		`- SelectedDirectoryTop = appData.CollectOptions.SelectedDirectories.Count - 1;`
	`83`	`+ appData.CollectOptions.SelectedDirectories = appData.CollectOptions.SelectedDirectories.Union(new string[] { SelectedDirectoryInput });`
	`84`	`+ SelectedDirectoryTop = appData.CollectOptions.SelectedDirectories.Count() - 1;`
`85`	`85`	`Helper.ToggleGlow(() => InvokeAsync(StateHasChanged), directorySelectElementGlowClass, true);`
`86`	`86`	`SelectedDirectoryInput = string.Empty;`
`87`	`87`	`}`
Original file line number	Diff line number	Diff line change
`@@ -23,9 +23,9 @@`
`23`	`23`	`<div class="form-row">`
`24`	`24`	`<div class="col-9 mb-1">`
`25`	`25`	`<select class="form-control @directorySelectElementGlowClass.ClassName" id="selectedPathsList" @bind="SelectedHiveTop">`
`26`		`- @for (var i = 0; i < appData.CollectOptions.SelectedHives.Count; i++)`
	`26`	`+ @for (var i = 0; i < appData.CollectOptions.SelectedHives.Count(); i++)`
`27`	`27`	`{`
`28`		`- <option value="@i">@appData.CollectOptions.SelectedHives[i]</option>`
	`28`	`+ <option value="@i">@appData.CollectOptions.SelectedHives.ToList()[i]</option>`
`29`	`29`	`}`
`30`	`30`	`</select>`
`31`	`31`	`</div>`
`@@ -44,14 +44,14 @@`
`44`	`44`
`45`	`45`	`void RemoveInputFromList()`
`46`	`46`	`{`
`47`		`- appData.CollectOptions.SelectedHives.RemoveAt(SelectedHiveTop);`
	`47`	`+ appData.CollectOptions.SelectedHives = appData.CollectOptions.SelectedDirectories.Except(appData.CollectOptions.SelectedDirectories.Skip(SelectedHiveTop-1).Take(1));`
`48`	`48`	`Helper.ToggleGlow(() => InvokeAsync(StateHasChanged), directorySelectElementGlowClass, false);`
`49`	`49`	`}`
`50`	`50`
`51`	`51`	`void PushInputToList()`
`52`	`52`	`{`
`53`		`- appData.CollectOptions.SelectedHives.Add(SelectedHiveInput);`
`54`		`- SelectedHiveTop = appData.CollectOptions.SelectedHives.Count - 1;`
	`53`	`+ appData.CollectOptions.SelectedHives = appData.CollectOptions.SelectedHives.Union(new string[] { SelectedHiveInput });`
	`54`	`+ SelectedHiveTop = appData.CollectOptions.SelectedHives.Count() - 1;`
`55`	`55`	`Helper.ToggleGlow(() => InvokeAsync(StateHasChanged), directorySelectElementGlowClass, true);`
`56`	`56`	`SelectedHiveInput = string.Empty;`
`57`	`57`	`}`
Original file line number	Diff line number	Diff line change
`@@ -30,9 +30,9 @@`
`30`	`30`	`<div class="form-row">`
`31`	`31`	`<div class="col-9 mb-1">`
`32`	`32`	`<select class="form-control @directorySelectElementGlowClass.ClassName" id="selectedDirectoriesList" @bind="SelectedDirectoryTop">`
`33`		`- @for (var i = 0; i < appData.MonitorOptions.MonitoredDirectories.Count; i++)`
	`33`	`+ @for (var i = 0; i < appData.MonitorOptions.MonitoredDirectories.Count(); i++)`
`34`	`34`	`{`
`35`		`- <option value="@i">@appData.MonitorOptions.MonitoredDirectories[i]</option>`
	`35`	`+ <option value="@i">@appData.MonitorOptions.MonitoredDirectories.ToList()[i]</option>`
`36`	`36`	`}`
`37`	`37`	`</select>`
`38`	`38`	`</div>`
`@@ -51,14 +51,14 @@`
`51`	`51`
`52`	`52`	`void RemoveInputFromList()`
`53`	`53`	`{`
`54`		`- appData.MonitorOptions.MonitoredDirectories.RemoveAt(SelectedDirectoryTop);`
	`54`	`+ appData.MonitorOptions.MonitoredDirectories = appData.MonitorOptions.MonitoredDirectories.Except(appData.MonitorOptions.MonitoredDirectories.Skip(SelectedDirectoryTop-1).Take(1));`
`55`	`55`	`Helper.ToggleGlow(() => InvokeAsync(StateHasChanged), directorySelectElementGlowClass, false);`
`56`	`56`	`}`
`57`	`57`
`58`	`58`	`void PushInputToList()`
`59`	`59`	`{`
`60`		`- appData.MonitorOptions.MonitoredDirectories.Add(SelectedDirectoryInput);`
`61`		`- SelectedDirectoryTop = appData.MonitorOptions.MonitoredDirectories.Count - 1;`
	`60`	`+ appData.MonitorOptions.MonitoredDirectories = appData.MonitorOptions.MonitoredDirectories.Union(new string[] { SelectedDirectoryInput });`
	`61`	`+ SelectedDirectoryTop = appData.MonitorOptions.MonitoredDirectories.Count() - 1;`
`62`	`62`	`Helper.ToggleGlow(() => InvokeAsync(StateHasChanged), directorySelectElementGlowClass, true);`
`63`	`63`	`SelectedDirectoryInput = string.Empty;`
`64`	`64`	`}`
Original file line number	Diff line number	Diff line change
`@@ -189,6 +189,10 @@ public void ExecuteMacOs(CancellationToken cancellationToken)`
`189`	`189`	`[System.Diagnostics.CodeAnalysis.SuppressMessage("Design", "CA1031:Do not catch general exception types", Justification = "Official documentation for this functionality does not specify what exceptions it throws. https://docs.microsoft.com/en-us/dotnet/api/system.diagnostics.eventlogentrycollection?view=netcore-3.0")]`
`190`	`190`	`public void ExecuteWindows(CancellationToken cancellationToken)`
`191`	`191`	`{`
	`192`	`+ if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))`
	`193`	`+ {`
	`194`	`+ return;`
	`195`	`+ }`
`192`	`196`	`void ParseWindowsLog(EventLogEntry entry)`
`193`	`197`	`{`
`194`	`198`	`if (opts.GatherVerboseLogs \|\| entry.EntryType.ToString() == "Warning" \|\| entry.EntryType.ToString() == "Error")`
Original file line number	Diff line number	Diff line change
`@@ -83,7 +83,7 @@ public FileSystemMonitor(MonitorCommandOptions opts, Action<FileMonitorObject> c`
`83`	`83`	`GatherHashes = options.GatherHashes,`
`84`	`84`	`});`
`85`	`85`
`86`		`- foreach (var dir in options.MonitoredDirectories.Count > 0 ? options.MonitoredDirectories : fsc.Roots.ToList())`
	`86`	`+ foreach (var dir in (options?.MonitoredDirectories.Any() is true) ? options.MonitoredDirectories : fsc.Roots.ToList())`
`87`	`87`	`{`
`88`	`88`	`foreach (var filter in defaultFiltersList)`
`89`	`89`	`{`
Original file line number	Diff line number	Diff line change
`@@ -191,10 +191,8 @@ internal void ExecuteWindows(CancellationToken cancellationToken)`
`191`	`191`	`{`
`192`	`192`	`Address = endpoint.Address.ToString(),`
`193`	`193`	`};`
`194`		`- foreach (ProcessPort p in Win32ProcessPorts.ProcessPortMap.FindAll(x => x.PortNumber == endpoint.Port))`
`195`		`- {`
`196`		`- obj.ProcessName = p.ProcessName;`
`197`		`- }`
	`194`	`+`
	`195`	`+ obj.ProcessName = Win32ProcessPorts.ProcessPortMap.Find(x => x.PortNumber == endpoint.Port)?.ProcessName;`
`198`	`196`
`199`	`197`	`HandleChange(obj);`
`200`	`198`	`}`
Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,7 @@ public static List<ProcessPort> ProcessPortMap`
`29`	`29`	`}`
`30`	`30`	`}`
`31`	`31`
`32`		`- private static List<ProcessPort> CachedProcessPortMap = new List<ProcessPort>();`
	`32`	`+ private static List<ProcessPort>? CachedProcessPortMap = null;`
`33`	`33`
`34`	`34`	`/// <summary>`
`35`	`35`	`/// This method distills the output from netstat -a -n -o into a list of ProcessPorts that provide`
Original file line number	Diff line number	Diff line change
`@@ -507,7 +507,7 @@ public void TestUserCollectorWindows()`
`507`	`507`	`{`
`508`	`508`	`Assert.IsTrue(AsaHelpers.IsAdmin());`
`509`	`509`	`var user = System.Guid.NewGuid().ToString().Substring(0, 10);`
`510`		`- var password = "$" + CryptoHelpers.GetRandomString(13);`
	`510`	`+ var password = $"$A4%b^6a_";`
`511`	`511`
`512`	`512`	`var cmd = string.Format("user /add {0} {1}", user, password);`
`513`	`513`	`ExternalCommandRunner.RunExternalCommand("net", cmd);`
Original file line number	Diff line number	Diff line change
`@@ -16,4 +16,4 @@`
`16`	`16`	`"release": {`
`17`	`17`	`"branchName": "release/v{version}"`
`18`	`18`	`}`
`19`		`-}`
	`19`	`+}`