finish folder checking for linux

This commit is contained in:
SadlyNotSappho 2023-10-10 11:38:59 -07:00
parent a933a287b5
commit ce82000bb4
4 changed files with 98 additions and 46 deletions

17
Cargo.lock generated
View File

@ -61,6 +61,12 @@ version = "0.2.148"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9cdc71e17332e86d2e1d38c1f99edcb6288ee11b815fb1a4b049eaa2114d369b" checksum = "9cdc71e17332e86d2e1d38c1f99edcb6288ee11b815fb1a4b049eaa2114d369b"
[[package]]
name = "log"
version = "0.4.20"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f"
[[package]] [[package]]
name = "number_prefix" name = "number_prefix"
version = "0.4.0" version = "0.4.0"
@ -78,6 +84,7 @@ name = "security-checker"
version = "0.1.0" version = "0.1.0"
dependencies = [ dependencies = [
"indicatif", "indicatif",
"users",
] ]
[[package]] [[package]]
@ -86,6 +93,16 @@ version = "0.1.11"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e51733f11c9c4f72aa0c160008246859e340b00807569a0da0e7a1079b27ba85" checksum = "e51733f11c9c4f72aa0c160008246859e340b00807569a0da0e7a1079b27ba85"
[[package]]
name = "users"
version = "0.11.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "24cc0f6d6f267b73e5a2cadf007ba8f9bc39c6a6f9666f8cf25ea809a153b032"
dependencies = [
"libc",
"log",
]
[[package]] [[package]]
name = "windows-sys" name = "windows-sys"
version = "0.45.0" version = "0.45.0"

View File

@ -7,3 +7,4 @@ edition = "2021"
[dependencies] [dependencies]
indicatif = "0.17.7" indicatif = "0.17.7"
users = "0.11.0"

View File

@ -1,27 +1,18 @@
use std::{fmt::Write, thread, time::Duration, sync::mpsc, process, fs, os::unix::prelude::MetadataExt};
use indicatif::{ProgressBar, ProgressState, ProgressStyle}; use indicatif::{ProgressBar, ProgressState, ProgressStyle};
use security_checker::{structs::{Folder, Perms}, get_home}; use security_checker::{
use std::os::unix::fs::PermissionsExt; get_home,
structs::{Folder, FolderPerms, Perms},
};
use std::{
fmt::Write, fs, os::unix::prelude::MetadataExt, process, sync::mpsc, thread, time::Duration,
};
fn main() { fn main() {
// TODO: add support for other OSes // TODO: add support for other OSes
if std::env::consts::OS != "linux" { if std::env::consts::OS != "linux" {
println!("This currently only supports linux. Sorry!"); println!("This currently only supports linux. Sorry!");
process::exit(1) process::exit(1)
} }
println!("SCAMing you...");
let pb = ProgressBar::new(100);
pb.set_style(ProgressStyle::with_template("[{elapsed_precise}] [{wide_bar:.cyan/blue}] {pos}/{len} ({eta})")
.unwrap()
.with_key("eta", |state: &ProgressState, w: &mut dyn Write| write!(w, "{:.1}s", state.eta().as_secs_f64()).unwrap())
.progress_chars("=>-"));
let mut progress = 0;
while progress < 100 {
progress += 1;
pb.set_position(progress);
thread::sleep(Duration::from_millis(50));
}
let (tx, rx) = mpsc::channel(); let (tx, rx) = mpsc::channel();
@ -29,29 +20,63 @@ fn main() {
let mut out: Vec<Folder> = vec![]; let mut out: Vec<Folder> = vec![];
let folders = Folder::linux(); let folders = Folder::linux();
for mut folder in folders { for mut folder in folders {
folder.path = folder.path.replace('~', &get_home()[..]); folder.path = folder.path.replace('~', &get_home()[..]);
// check if we have write perms for all of the folders, if so, push to out
let md = fs::metadata(&folder.path).unwrap();
let perms = md.permissions().mode();
let string = format!("{perms:o}").chars().rev().take(3).collect::<String>().chars().rev().collect::<String>();
println!("{}: {:?}", folder.path, Perms::from_unix_folder(folder.path.clone())); let md = fs::metadata(&folder.path).unwrap();
let perms = Perms::from_unix_folder(&folder.path);
let owner = md.uid(); let owner = md.uid();
let group = md.gid(); let group = md.gid();
// println!("{readonly} - {}", folder.path); let current_user = users::get_effective_uid();
// if !readonly { let current_group = users::get_effective_gid();
// println!("can write to {}", folder.path);
// out.push(folder) // clippy hates this.
// } if owner == current_user && perms.owner.contains(&folder.dangerous_perms) {
}; out.push(folder)
} else if group == current_group && perms.group.contains(&folder.dangerous_perms) {
out.push(folder)
} else if perms.other.contains(&folder.dangerous_perms) {
out.push(folder)
};
}
tx.send(out) tx.send(out)
}); });
println!("SCAMing you...");
let pb = ProgressBar::new(100);
pb.set_style(
ProgressStyle::with_template(
"[{elapsed_precise}] [{wide_bar:.cyan/blue}] {pos}/{len} ({eta})",
)
.unwrap()
.with_key("eta", |state: &ProgressState, w: &mut dyn Write| {
write!(w, "{:.1}s", state.eta().as_secs_f64()).unwrap()
})
.progress_chars("=>-"),
);
let mut progress = 0;
while progress < 100 {
progress += 1;
pb.set_position(progress);
thread::sleep(Duration::from_millis(50));
}
pb.finish(); pb.finish();
println!("Ran SCAM. Here's your output!"); println!("Ran SCAM. Here's your output!");
let recieved = rx.recv().unwrap(); let recieved = rx.recv().unwrap();
println!("{recieved:?}");
for folder in recieved {
println!(
"I can {} {}. This is potentially bad, because this folder stores {}.",
match folder.dangerous_perms {
FolderPerms::Write => "write to",
FolderPerms::Read => "read from",
FolderPerms::Execute => "execute files in",
},
folder.path,
folder.contains
);
}
} }

View File

@ -13,11 +13,12 @@ pub struct Data {
#[derive(Debug)] #[derive(Debug)]
pub struct Folder { pub struct Folder {
pub path: String, pub path: String,
pub r#type: FolderType, pub ftype: FolderType,
pub contains: String, pub contains: String,
pub dangerous_perms: FolderPerms,
} }
#[derive(Debug)] #[derive(Debug, PartialEq, Eq)]
pub enum FolderType { pub enum FolderType {
ApplicationData, ApplicationData,
Binary, Binary,
@ -26,7 +27,7 @@ pub enum FolderType {
} }
pub struct Malware { pub struct Malware {
pub r#type: Vec<MalwareType>, pub ftype: Vec<MalwareType>,
pub name: String, pub name: String,
} }
@ -44,49 +45,58 @@ impl Folder {
// system folders // system folders
Folder { Folder {
path: String::from("/usr/bin"), path: String::from("/usr/bin"),
r#type: FolderType::Binary, ftype: FolderType::Binary,
contains: "Installed Programs".to_string(), contains: "Installed Programs".to_string(),
dangerous_perms: FolderPerms::Write
}, },
Folder { Folder {
path: "/boot".to_string(), path: "/boot".to_string(),
r#type: FolderType::Kernel, ftype: FolderType::Kernel,
contains: "Boot Files, Kernel".to_string(), contains: "Boot Files, Kernel".to_string(),
dangerous_perms: FolderPerms::Write
}, },
Folder { Folder {
path: "/lib".to_string(), path: "/lib".to_string(),
r#type: FolderType::SystemData, ftype: FolderType::SystemData,
contains: "Kernel Modules, Libraries".to_string(), contains: "Kernel Modules, Libraries".to_string(),
dangerous_perms: FolderPerms::Write
}, },
Folder { Folder {
path: "/usr/lib".to_string(), path: "/usr/lib".to_string(),
r#type: FolderType::SystemData, ftype: FolderType::SystemData,
contains: "Libraries, Object Files".to_string(), contains: "Libraries, Object Files".to_string(),
dangerous_perms: FolderPerms::Write
}, },
Folder { Folder {
path: "/dev".to_string(), path: "/dev".to_string(),
r#type: FolderType::SystemData, ftype: FolderType::SystemData,
contains: "Access To All Devices".to_string(), contains: "Access To All Devices".to_string(),
dangerous_perms: FolderPerms::Write
}, },
Folder { Folder {
path: "/tmp".to_string(), path: "/tmp".to_string(),
r#type: FolderType::ApplicationData, ftype: FolderType::ApplicationData,
contains: "Temporary Application Data".to_string(), contains: "Temporary Application Data".to_string(),
dangerous_perms: FolderPerms::Read
}, },
// user specific files // user specific files
Folder { Folder {
path: "~/.config".to_string(), path: "~/.config".to_string(),
r#type: FolderType::ApplicationData, ftype: FolderType::ApplicationData,
contains: "Permanent Application Data, Login Info".to_string(), contains: "Permanent Application Data, Login Info".to_string(),
dangerous_perms: FolderPerms::Read
}, },
Folder { Folder {
path: "~/.local/share".to_string(), path: "~/.local/share".to_string(),
r#type: FolderType::ApplicationData, ftype: FolderType::ApplicationData,
contains: String::from("Permanent Application Data, Login Info"), contains: String::from("Permanent Application Data, Login Info"),
dangerous_perms: FolderPerms::Read
}, },
Folder { Folder {
path: "~/.cache".to_string(), path: "~/.cache".to_string(),
r#type: FolderType::ApplicationData, ftype: FolderType::ApplicationData,
contains: "Cached Data From Applications".to_string(), contains: "Cached Data From Applications".to_string(),
dangerous_perms: FolderPerms::Read
}, },
] ]
} }
@ -99,7 +109,7 @@ pub struct Perms {
pub other: Vec<FolderPerms>, pub other: Vec<FolderPerms>,
} }
#[derive(Debug)] #[derive(Debug, PartialEq, Eq)]
pub enum FolderPerms { pub enum FolderPerms {
Read, Read,
Write, Write,
@ -107,7 +117,7 @@ pub enum FolderPerms {
} }
impl Perms { impl Perms {
pub fn from_unix_folder(path: String) -> Perms { pub fn from_unix_folder(path: &String) -> Perms {
let md = fs::metadata(path).unwrap(); let md = fs::metadata(path).unwrap();
let perms = md.permissions().mode(); let perms = md.permissions().mode();
let string = format!("{perms:o}") let string = format!("{perms:o}")
@ -119,7 +129,6 @@ impl Perms {
.rev() .rev()
.collect::<String>() .collect::<String>()
.chars() .chars()
.into_iter()
.collect::<Vec<char>>(); .collect::<Vec<char>>();
Perms { Perms {