fortify: show short mode omit filesystems
All checks were successful
Tests / Go tests (push) Successful in 36s
Nix / NixOS tests (push) Successful in 3m19s

Filesystem information can be quite noisy in permissive defaults.

Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra 2024-12-22 13:20:33 +09:00
parent f608f28a6a
commit 8a9ba5e0ad
Signed by: cat
SSH Key Fingerprint: SHA256:gQ67O0enBZ7UdZypgtspB2FDM1g3GVw8nX0XSdcFw8Q
2 changed files with 18 additions and 11 deletions

25
main.go
View File

@ -122,14 +122,21 @@ func main() {
printPs(short) printPs(short)
fmsg.Exit(0) fmsg.Exit(0)
case "show": // pretty-print app info case "show": // pretty-print app info
if len(args) != 2 { set := flag.NewFlagSet("show", flag.ExitOnError)
var short bool
set.BoolVar(&short, "short", false, "Omit filesystem information")
// Ignore errors; set is set for ExitOnError.
_ = set.Parse(args[1:])
if len(set.Args()) != 1 {
fmsg.Fatal("show requires 1 argument") fmsg.Fatal("show requires 1 argument")
} }
likePrefix := false likePrefix := false
if len(args[1]) <= 32 { if len(set.Args()[0]) <= 32 {
likePrefix = true likePrefix = true
for _, c := range args[1] { for _, c := range set.Args()[0] {
if c >= '0' && c <= '9' { if c >= '0' && c <= '9' {
continue continue
} }
@ -147,7 +154,7 @@ func main() {
) )
// try to match from state store // try to match from state store
if likePrefix && len(args[1]) >= 8 { if likePrefix && len(set.Args()[0]) >= 8 {
fmsg.VPrintln("argument looks like prefix") fmsg.VPrintln("argument looks like prefix")
s := state.NewMulti(os.Paths().RunDirPath) s := state.NewMulti(os.Paths().RunDirPath)
@ -157,7 +164,7 @@ func main() {
} else { } else {
for id := range entries { for id := range entries {
v := id.String() v := id.String()
if strings.HasPrefix(v, args[1]) { if strings.HasPrefix(v, set.Args()[0]) {
// match, use config from this state entry // match, use config from this state entry
instance = entries[id] instance = entries[id]
config = instance.Config config = instance.Config
@ -173,16 +180,16 @@ func main() {
fmsg.VPrintf("reading from file") fmsg.VPrintf("reading from file")
config = new(fst.Config) config = new(fst.Config)
if f, err := os.Open(args[1]); err != nil { if f, err := os.Open(set.Args()[0]); err != nil {
fmsg.Fatalf("cannot access config file %q: %s", args[1], err) fmsg.Fatalf("cannot access config file %q: %s", set.Args()[0], err)
panic("unreachable") panic("unreachable")
} else if err = json.NewDecoder(f).Decode(&config); err != nil { } else if err = json.NewDecoder(f).Decode(&config); err != nil {
fmsg.Fatalf("cannot parse config file %q: %s", args[1], err) fmsg.Fatalf("cannot parse config file %q: %s", set.Args()[0], err)
panic("unreachable") panic("unreachable")
} }
} }
printShow(instance, config) printShow(instance, config, short)
fmsg.Exit(0) fmsg.Exit(0)
case "app": // launch app from configuration file case "app": // launch app from configuration file
if len(args) < 2 { if len(args) < 2 {

View File

@ -16,7 +16,7 @@ import (
"git.gensokyo.uk/security/fortify/internal/state" "git.gensokyo.uk/security/fortify/internal/state"
) )
func printShow(instance *state.State, config *fst.Config) { func printShow(instance *state.State, config *fst.Config, short bool) {
if flagJSON { if flagJSON {
v := any(config) v := any(config)
if instance != nil { if instance != nil {
@ -81,7 +81,7 @@ func printShow(instance *state.State, config *fst.Config) {
fmt.Fprintf(w, " Command:\t%s\n", strings.Join(config.Command, " ")) fmt.Fprintf(w, " Command:\t%s\n", strings.Join(config.Command, " "))
fmt.Fprintf(w, "\n") fmt.Fprintf(w, "\n")
if config.Confinement.Sandbox != nil && len(config.Confinement.Sandbox.Filesystem) > 0 { if !short && config.Confinement.Sandbox != nil && len(config.Confinement.Sandbox.Filesystem) > 0 {
fmt.Fprintf(w, "Filesystem:\n") fmt.Fprintf(w, "Filesystem:\n")
for _, f := range config.Confinement.Sandbox.Filesystem { for _, f := range config.Confinement.Sandbox.Filesystem {
expr := new(strings.Builder) expr := new(strings.Builder)