From ce82000bb4d39f84f884202c5852a26f2ed21945 Mon Sep 17 00:00:00 2001 From: SadlyNotSappho Date: Tue, 10 Oct 2023 11:38:59 -0700 Subject: [PATCH] finish folder checking for linux --- Cargo.lock | 17 ++++++++++ Cargo.toml | 1 + src/main.rs | 87 ++++++++++++++++++++++++++++++++------------------ src/structs.rs | 39 +++++++++++++--------- 4 files changed, 98 insertions(+), 46 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 0a10a4b..d4b975c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -61,6 +61,12 @@ version = "0.2.148" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9cdc71e17332e86d2e1d38c1f99edcb6288ee11b815fb1a4b049eaa2114d369b" +[[package]] +name = "log" +version = "0.4.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f" + [[package]] name = "number_prefix" version = "0.4.0" @@ -78,6 +84,7 @@ name = "security-checker" version = "0.1.0" dependencies = [ "indicatif", + "users", ] [[package]] @@ -86,6 +93,16 @@ version = "0.1.11" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e51733f11c9c4f72aa0c160008246859e340b00807569a0da0e7a1079b27ba85" +[[package]] +name = "users" +version = "0.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "24cc0f6d6f267b73e5a2cadf007ba8f9bc39c6a6f9666f8cf25ea809a153b032" +dependencies = [ + "libc", + "log", +] + [[package]] name = "windows-sys" version = "0.45.0" diff --git a/Cargo.toml b/Cargo.toml index 001a827..eb8522b 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -7,3 +7,4 @@ edition = "2021" [dependencies] indicatif = "0.17.7" +users = "0.11.0" diff --git a/src/main.rs b/src/main.rs index f23e62f..5b21239 100644 --- a/src/main.rs +++ b/src/main.rs @@ -1,27 +1,18 @@ -use std::{fmt::Write, thread, time::Duration, sync::mpsc, process, fs, os::unix::prelude::MetadataExt}; use indicatif::{ProgressBar, ProgressState, ProgressStyle}; -use security_checker::{structs::{Folder, Perms}, get_home}; -use std::os::unix::fs::PermissionsExt; +use security_checker::{ + get_home, + structs::{Folder, FolderPerms, Perms}, +}; +use std::{ + fmt::Write, fs, os::unix::prelude::MetadataExt, process, sync::mpsc, thread, time::Duration, +}; fn main() { - // TODO: add support for other OSes + // TODO: add support for other OSes if std::env::consts::OS != "linux" { println!("This currently only supports linux. Sorry!"); process::exit(1) } - println!("SCAMing you..."); - let pb = ProgressBar::new(100); - pb.set_style(ProgressStyle::with_template("[{elapsed_precise}] [{wide_bar:.cyan/blue}] {pos}/{len} ({eta})") - .unwrap() - .with_key("eta", |state: &ProgressState, w: &mut dyn Write| write!(w, "{:.1}s", state.eta().as_secs_f64()).unwrap()) - .progress_chars("=>-")); - - let mut progress = 0; - while progress < 100 { - progress += 1; - pb.set_position(progress); - thread::sleep(Duration::from_millis(50)); - } let (tx, rx) = mpsc::channel(); @@ -29,29 +20,63 @@ fn main() { let mut out: Vec = vec![]; let folders = Folder::linux(); for mut folder in folders { - folder.path = folder.path.replace('~', &get_home()[..]); - - // check if we have write perms for all of the folders, if so, push to out - let md = fs::metadata(&folder.path).unwrap(); - let perms = md.permissions().mode(); - let string = format!("{perms:o}").chars().rev().take(3).collect::().chars().rev().collect::(); + folder.path = folder.path.replace('~', &get_home()[..]); - println!("{}: {:?}", folder.path, Perms::from_unix_folder(folder.path.clone())); + let md = fs::metadata(&folder.path).unwrap(); + let perms = Perms::from_unix_folder(&folder.path); let owner = md.uid(); let group = md.gid(); - // println!("{readonly} - {}", folder.path); - // if !readonly { - // println!("can write to {}", folder.path); - // out.push(folder) - // } - }; + let current_user = users::get_effective_uid(); + let current_group = users::get_effective_gid(); + + // clippy hates this. + if owner == current_user && perms.owner.contains(&folder.dangerous_perms) { + out.push(folder) + } else if group == current_group && perms.group.contains(&folder.dangerous_perms) { + out.push(folder) + } else if perms.other.contains(&folder.dangerous_perms) { + out.push(folder) + }; + } tx.send(out) }); + println!("SCAMing you..."); + let pb = ProgressBar::new(100); + pb.set_style( + ProgressStyle::with_template( + "[{elapsed_precise}] [{wide_bar:.cyan/blue}] {pos}/{len} ({eta})", + ) + .unwrap() + .with_key("eta", |state: &ProgressState, w: &mut dyn Write| { + write!(w, "{:.1}s", state.eta().as_secs_f64()).unwrap() + }) + .progress_chars("=>-"), + ); + + let mut progress = 0; + while progress < 100 { + progress += 1; + pb.set_position(progress); + thread::sleep(Duration::from_millis(50)); + } + pb.finish(); println!("Ran SCAM. Here's your output!"); let recieved = rx.recv().unwrap(); - println!("{recieved:?}"); + + for folder in recieved { + println!( + "I can {} {}. This is potentially bad, because this folder stores {}.", + match folder.dangerous_perms { + FolderPerms::Write => "write to", + FolderPerms::Read => "read from", + FolderPerms::Execute => "execute files in", + }, + folder.path, + folder.contains + ); + } } diff --git a/src/structs.rs b/src/structs.rs index d94b9cb..91d70e3 100644 --- a/src/structs.rs +++ b/src/structs.rs @@ -13,11 +13,12 @@ pub struct Data { #[derive(Debug)] pub struct Folder { pub path: String, - pub r#type: FolderType, + pub ftype: FolderType, pub contains: String, + pub dangerous_perms: FolderPerms, } -#[derive(Debug)] +#[derive(Debug, PartialEq, Eq)] pub enum FolderType { ApplicationData, Binary, @@ -26,7 +27,7 @@ pub enum FolderType { } pub struct Malware { - pub r#type: Vec, + pub ftype: Vec, pub name: String, } @@ -44,49 +45,58 @@ impl Folder { // system folders Folder { path: String::from("/usr/bin"), - r#type: FolderType::Binary, + ftype: FolderType::Binary, contains: "Installed Programs".to_string(), + dangerous_perms: FolderPerms::Write }, Folder { path: "/boot".to_string(), - r#type: FolderType::Kernel, + ftype: FolderType::Kernel, contains: "Boot Files, Kernel".to_string(), + dangerous_perms: FolderPerms::Write }, Folder { path: "/lib".to_string(), - r#type: FolderType::SystemData, + ftype: FolderType::SystemData, contains: "Kernel Modules, Libraries".to_string(), + dangerous_perms: FolderPerms::Write }, Folder { path: "/usr/lib".to_string(), - r#type: FolderType::SystemData, + ftype: FolderType::SystemData, contains: "Libraries, Object Files".to_string(), + dangerous_perms: FolderPerms::Write }, Folder { path: "/dev".to_string(), - r#type: FolderType::SystemData, + ftype: FolderType::SystemData, contains: "Access To All Devices".to_string(), + dangerous_perms: FolderPerms::Write }, Folder { path: "/tmp".to_string(), - r#type: FolderType::ApplicationData, + ftype: FolderType::ApplicationData, contains: "Temporary Application Data".to_string(), + dangerous_perms: FolderPerms::Read }, // user specific files Folder { path: "~/.config".to_string(), - r#type: FolderType::ApplicationData, + ftype: FolderType::ApplicationData, contains: "Permanent Application Data, Login Info".to_string(), + dangerous_perms: FolderPerms::Read }, Folder { path: "~/.local/share".to_string(), - r#type: FolderType::ApplicationData, + ftype: FolderType::ApplicationData, contains: String::from("Permanent Application Data, Login Info"), + dangerous_perms: FolderPerms::Read }, Folder { path: "~/.cache".to_string(), - r#type: FolderType::ApplicationData, + ftype: FolderType::ApplicationData, contains: "Cached Data From Applications".to_string(), + dangerous_perms: FolderPerms::Read }, ] } @@ -99,7 +109,7 @@ pub struct Perms { pub other: Vec, } -#[derive(Debug)] +#[derive(Debug, PartialEq, Eq)] pub enum FolderPerms { Read, Write, @@ -107,7 +117,7 @@ pub enum FolderPerms { } impl Perms { - pub fn from_unix_folder(path: String) -> Perms { + pub fn from_unix_folder(path: &String) -> Perms { let md = fs::metadata(path).unwrap(); let perms = md.permissions().mode(); let string = format!("{perms:o}") @@ -119,7 +129,6 @@ impl Perms { .rev() .collect::() .chars() - .into_iter() .collect::>(); Perms {