From 41348bb39bb3fb05f1314c4e7b3734e208a23489 Mon Sep 17 00:00:00 2001 From: bcmmbaga Date: Tue, 12 Mar 2024 19:24:08 +0300 Subject: [PATCH] Add process validation for peer metadata --- management/server/posture/process.go | 27 ++++- management/server/posture/process_test.go | 132 +++++++++++++++++++++- 2 files changed, 157 insertions(+), 2 deletions(-) diff --git a/management/server/posture/process.go b/management/server/posture/process.go index fba3f928f..234bca82a 100644 --- a/management/server/posture/process.go +++ b/management/server/posture/process.go @@ -1,6 +1,9 @@ package posture import ( + "fmt" + "slices" + nbpeer "github.com/netbirdio/netbird/management/server/peer" ) @@ -16,7 +19,29 @@ type ProcessCheck struct { var _ Check = (*ProcessCheck)(nil) func (p *ProcessCheck) Check(peer nbpeer.Peer) (bool, error) { - return false, nil + peerActiveProcesses := make([]string, 0, len(peer.Meta.Processes)) + for _, process := range peer.Meta.Processes { + peerActiveProcesses = append(peerActiveProcesses, process.Path) + } + + switch peer.Meta.GoOS { + case "darwin", "linux": + for _, process := range p.Processes { + if !slices.Contains(peerActiveProcesses, process.Path) { + return false, nil + } + } + return true, nil + case "windows": + for _, process := range p.Processes { + if !slices.Contains(peerActiveProcesses, process.WindowsPath) { + return false, nil + } + } + return true, nil + default: + return false, fmt.Errorf("unsupported peer's operating system: %s", peer.Meta.GoOS) + } } func (p *ProcessCheck) Name() string { diff --git a/management/server/posture/process_test.go b/management/server/posture/process_test.go index 5917c9125..bed2c8e49 100644 --- a/management/server/posture/process_test.go +++ b/management/server/posture/process_test.go @@ -16,7 +16,137 @@ func TestProcessCheck_Check(t *testing.T) { wantErr bool isValid bool }{ - {}, + { + name: "darwin with matching processes", + input: peer.Peer{ + Meta: peer.PeerSystemMeta{ + GoOS: "darwin", + Processes: []peer.Process{ + {Path: "process1"}, + {Path: "process2"}}, + }, + }, + check: ProcessCheck{ + Processes: []Process{ + {Path: "process1"}, + {Path: "process2"}, + }, + }, + wantErr: false, + isValid: true, + }, + { + name: "linux with matching processes", + input: peer.Peer{ + Meta: peer.PeerSystemMeta{ + GoOS: "linux", + Processes: []peer.Process{ + {Path: "process1"}, + {Path: "process2"}, + }, + }, + }, + check: ProcessCheck{ + Processes: []Process{ + {Path: "process1"}, + {Path: "process2"}, + }, + }, + wantErr: false, + isValid: true, + }, + { + name: "linux with non-matching processes", + input: peer.Peer{ + Meta: peer.PeerSystemMeta{ + GoOS: "linux", + Processes: []peer.Process{ + {Path: "process3"}, + {Path: "process4"}, + }, + }, + }, + check: ProcessCheck{ + Processes: []Process{ + {Path: "process1"}, + {Path: "process2"}, + }, + }, + wantErr: false, + isValid: false, + }, + { + name: "windows with matching processes", + input: peer.Peer{ + Meta: peer.PeerSystemMeta{ + GoOS: "windows", + Processes: []peer.Process{ + {Path: "process1"}, + {Path: "process2"}, + }, + }, + }, + check: ProcessCheck{ + Processes: []Process{ + {WindowsPath: "process1"}, + {WindowsPath: "process2"}, + }, + }, + wantErr: false, + isValid: true, + }, + { + name: "windows with non-matching processes", + input: peer.Peer{ + Meta: peer.PeerSystemMeta{ + GoOS: "windows", + Processes: []peer.Process{ + {Path: "process3"}, + {Path: "process4"}, + }, + }, + }, + check: ProcessCheck{ + Processes: []Process{ + {WindowsPath: "process1"}, + {WindowsPath: "process2"}, + }, + }, + wantErr: false, + isValid: false, + }, + { + name: "unsupported Ios operating system with matching processes", + input: peer.Peer{ + Meta: peer.PeerSystemMeta{ + GoOS: "ios", + }, + }, + check: ProcessCheck{ + Processes: []Process{ + {Path: "process1"}, + {Path: "process2"}, + }, + }, + wantErr: true, + isValid: false, + }, + { + name: "unsupported android operating system with matching processes", + input: peer.Peer{ + Meta: peer.PeerSystemMeta{ + GoOS: "android", + }, + }, + check: ProcessCheck{ + Processes: []Process{ + {Path: "process1"}, + {Path: "process2"}, + }, + }, + wantErr: true, + isValid: false, + }, } for _, tt := range tests {