fortify: show short mode omit filesystems
Filesystem information can be quite noisy in permissive defaults. Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
parent
f608f28a6a
commit
8a9ba5e0ad
25
main.go
25
main.go
@ -122,14 +122,21 @@ func main() {
|
|||||||
printPs(short)
|
printPs(short)
|
||||||
fmsg.Exit(0)
|
fmsg.Exit(0)
|
||||||
case "show": // pretty-print app info
|
case "show": // pretty-print app info
|
||||||
if len(args) != 2 {
|
set := flag.NewFlagSet("show", flag.ExitOnError)
|
||||||
|
var short bool
|
||||||
|
set.BoolVar(&short, "short", false, "Omit filesystem information")
|
||||||
|
|
||||||
|
// Ignore errors; set is set for ExitOnError.
|
||||||
|
_ = set.Parse(args[1:])
|
||||||
|
|
||||||
|
if len(set.Args()) != 1 {
|
||||||
fmsg.Fatal("show requires 1 argument")
|
fmsg.Fatal("show requires 1 argument")
|
||||||
}
|
}
|
||||||
|
|
||||||
likePrefix := false
|
likePrefix := false
|
||||||
if len(args[1]) <= 32 {
|
if len(set.Args()[0]) <= 32 {
|
||||||
likePrefix = true
|
likePrefix = true
|
||||||
for _, c := range args[1] {
|
for _, c := range set.Args()[0] {
|
||||||
if c >= '0' && c <= '9' {
|
if c >= '0' && c <= '9' {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
@ -147,7 +154,7 @@ func main() {
|
|||||||
)
|
)
|
||||||
|
|
||||||
// try to match from state store
|
// try to match from state store
|
||||||
if likePrefix && len(args[1]) >= 8 {
|
if likePrefix && len(set.Args()[0]) >= 8 {
|
||||||
fmsg.VPrintln("argument looks like prefix")
|
fmsg.VPrintln("argument looks like prefix")
|
||||||
|
|
||||||
s := state.NewMulti(os.Paths().RunDirPath)
|
s := state.NewMulti(os.Paths().RunDirPath)
|
||||||
@ -157,7 +164,7 @@ func main() {
|
|||||||
} else {
|
} else {
|
||||||
for id := range entries {
|
for id := range entries {
|
||||||
v := id.String()
|
v := id.String()
|
||||||
if strings.HasPrefix(v, args[1]) {
|
if strings.HasPrefix(v, set.Args()[0]) {
|
||||||
// match, use config from this state entry
|
// match, use config from this state entry
|
||||||
instance = entries[id]
|
instance = entries[id]
|
||||||
config = instance.Config
|
config = instance.Config
|
||||||
@ -173,16 +180,16 @@ func main() {
|
|||||||
fmsg.VPrintf("reading from file")
|
fmsg.VPrintf("reading from file")
|
||||||
|
|
||||||
config = new(fst.Config)
|
config = new(fst.Config)
|
||||||
if f, err := os.Open(args[1]); err != nil {
|
if f, err := os.Open(set.Args()[0]); err != nil {
|
||||||
fmsg.Fatalf("cannot access config file %q: %s", args[1], err)
|
fmsg.Fatalf("cannot access config file %q: %s", set.Args()[0], err)
|
||||||
panic("unreachable")
|
panic("unreachable")
|
||||||
} else if err = json.NewDecoder(f).Decode(&config); err != nil {
|
} else if err = json.NewDecoder(f).Decode(&config); err != nil {
|
||||||
fmsg.Fatalf("cannot parse config file %q: %s", args[1], err)
|
fmsg.Fatalf("cannot parse config file %q: %s", set.Args()[0], err)
|
||||||
panic("unreachable")
|
panic("unreachable")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
printShow(instance, config)
|
printShow(instance, config, short)
|
||||||
fmsg.Exit(0)
|
fmsg.Exit(0)
|
||||||
case "app": // launch app from configuration file
|
case "app": // launch app from configuration file
|
||||||
if len(args) < 2 {
|
if len(args) < 2 {
|
||||||
|
4
print.go
4
print.go
@ -16,7 +16,7 @@ import (
|
|||||||
"git.gensokyo.uk/security/fortify/internal/state"
|
"git.gensokyo.uk/security/fortify/internal/state"
|
||||||
)
|
)
|
||||||
|
|
||||||
func printShow(instance *state.State, config *fst.Config) {
|
func printShow(instance *state.State, config *fst.Config, short bool) {
|
||||||
if flagJSON {
|
if flagJSON {
|
||||||
v := any(config)
|
v := any(config)
|
||||||
if instance != nil {
|
if instance != nil {
|
||||||
@ -81,7 +81,7 @@ func printShow(instance *state.State, config *fst.Config) {
|
|||||||
fmt.Fprintf(w, " Command:\t%s\n", strings.Join(config.Command, " "))
|
fmt.Fprintf(w, " Command:\t%s\n", strings.Join(config.Command, " "))
|
||||||
fmt.Fprintf(w, "\n")
|
fmt.Fprintf(w, "\n")
|
||||||
|
|
||||||
if config.Confinement.Sandbox != nil && len(config.Confinement.Sandbox.Filesystem) > 0 {
|
if !short && config.Confinement.Sandbox != nil && len(config.Confinement.Sandbox.Filesystem) > 0 {
|
||||||
fmt.Fprintf(w, "Filesystem:\n")
|
fmt.Fprintf(w, "Filesystem:\n")
|
||||||
for _, f := range config.Confinement.Sandbox.Filesystem {
|
for _, f := range config.Confinement.Sandbox.Filesystem {
|
||||||
expr := new(strings.Builder)
|
expr := new(strings.Builder)
|
||||||
|
Loading…
Reference in New Issue
Block a user