checks

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 2, 2024 License: GPL-3.0 Imports: 17 Imported by: 0

Documentation

Overview

Package checks implements different security/privacy checks

Exported function(s): PasswordManager, WindowsDefender, LastPasswordChange, LoginMethod, Permission, Bluetooth, OpenPorts, WindowsOutdated, SecureBoot, SmbCheck, Startup, GuestAccount, UACCheck, RemoteDesktopCheck, ExternalDevices, NetworkSharing

Index

Constants

View Source 
const (
	BluetoothID int = iota + 1
	ExternalDevicesID
	GuestAccountID
	NetworkProfileTypeID
	PasswordManagerID
	LocationID
	MicrophoneID
	WebcamID
	AppointmentsID
	ContactsID
	PortsID
	RemoteDesktopID
	SmbID
	UacID
	WindowsDefenderID
	LastPasswordChangeID
	LoginMethodID
	WindowsOutdatedID
	SecureBootID
	StartupID
	ExtensionChromiumID
	ExtensionEdgeID
	HistoryChromiumID
	HistoryEdgeID
	SearchChromiumID
	SearchEdgeID
	CookiesFirefoxID
	ExtensionFirefoxID
	AdblockFirefoxID
	SearchFirefoxID
	HistoryFirefoxID
	CISRegistrySettingsID
)

This is a list of all the Result IDs for the checks that are performed. It starts at 1 and then iterates up.

Variables

View Source 
var WinVersion int

Functions

func CheckDeviceClass 

func CheckDeviceClass(deviceClass string, executorClass mocking.CommandExecutor) ([]string, error)

CheckDeviceClass is a function that runs the Get-PnpDevice command for a specified device class.

Parameters:

  • deviceClass (string): The specific device class to be checked using the Get-PnpDevice command.
  • executorClass (commandmock.CommandExecutor): An instance of CommandExecutor that is responsible for executing system-level commands.

Returns:

  • ([]string): A list of devices that belong to the specified device class. Each string in the list represents a device name.
  • (error): An error object that captures any error that occurred during the command execution. If no devices are found, an error is returned.

The main purpose of this function is to identify devices of a specific class that are connected to the system. It runs the Get-PnpDevice command with the specified device class and parses the output to extract the device names. If no devices are found, the function returns an error.

func FindWindowsBuild added in v0.2.0 

func FindWindowsBuild(n *html.Node) string

FindWindowsBuild searches for the latest Windows build in the HTML content of a given URL.

This function iterates over the children of the provided HTML node. If the node is a table body (tbody), the function iterates over its children. If a child is a table row (tr), the function counts the number of table data (td) elements in the row. When it finds the fifth td element, it extracts and returns the data as a string. If the function does not find a tbody or a tr with five td elements, it continues the search recursively on the node's children.

The function is designed to work for the specific layout of the HTML content at the provided URL. Should this layout change, the function may need to be updated to reflect the new structure.

Parameters:

  • n *html.Node - The HTML node to search for the data element.

Returns: The data from the fifth td element in the first tr of the tbody of the provided HTML node. If no such data element is found, the function returns an empty string.

func GetURLBody added in v0.2.0 

func GetURLBody(urlStr string) *html.Node

GetURLBody fetches and parses the HTML content of a given URL.

This function makes an HTTP GET request to the provided URL and parses the HTML content of the response. It logs any errors that occur during the HTTP request or the HTML parsing. The function returns the root node of the parsed HTML document.

Parameters:

  • url string - The URL to fetch and parse the HTML content from.

Returns: The root node of the parsed HTML document.

func RemoveDuplicateStr added in v0.2.0 

func RemoveDuplicateStr(strSlice []string) []string

RemoveDuplicateStr is a utility function that eliminates duplicate string values from a given slice.

Parameters:

  • strSlice []string: The input slice from which duplicate string values need to be removed.

Returns:

  • []string: A new slice that contains the unique string values from the input slice. The order of the elements is preserved based on their first occurrence in the input slice.

func SmbEnabled 

func SmbEnabled(executor mocking.CommandExecutor, resultID int) (string, string, int, error)

SmbEnabled is a function that determines the status of a specified SMB (Server Message Block) protocol on the system.

Parameters:

  • smb string: The SMB protocol to check. This should be either "SMB1" or "SMB2".
  • executor mocking.CommandExecutor: An executor to run the command for checking the status of the specified SMB protocol.

Returns:

  • string: A string indicating the status of the specified SMB protocol. The string is in the format "<SMB>: enabled" if the protocol is enabled, and "<SMB>: not enabled" if the protocol is not enabled.
  • error: An error object that describes the error, if any occurred during the execution of the command.

The function works by executing a PowerShell command to get the server configuration of the specified SMB protocol. It then parses the output of the command to determine whether the protocol is enabled or not. The function returns a string indicating the status of the protocol and an error object if an error occurred during the execution of the command.

Types

type Check 

type Check struct {
	IssueID  int      `json:"issue_id"`
	ResultID int      `json:"result_id"`
	Result   []string `json:"result,omitempty"`
	Error    error    `json:"-"` // Don't serialize error field to JSON
	ErrorMSG string   `json:"error,omitempty"`
}

Check is a struct that encapsulates the outcome of a security or privacy check.

Fields:

  • IssueID (int): A unique identifier for the issue. This value is used to distinguish between different checks.
  • ResultID (int): A unique identifier for the result. This value is used to distinguish between different results of a check.
  • Result ([]string): The outcome of the check. This could be a list of strings representing various results.
  • Error (error): An error object that captures any error that occurred during the check. This is not serialized directly to JSON.
  • ErrorMSG (string): A string representation of the error. This is included because the error datatype cannot be directly serialized to JSON.

The Check struct can be instantiated using the following functions:

  • NewCheckResult: Creates a new Check instance with only a result.
  • NewCheckError: Creates a new Check instance with an error and its string representation.
  • NewCheckErrorf: Creates a new Check instance with a formatted error message and its error object.

This struct is primarily used to standardize the return type across various security and privacy checks in the application.

func Bluetooth 

func Bluetooth(registryKey mocking.RegistryKey) Check

Bluetooth is a function that checks for Bluetooth devices which are currently connected or have been previously connected to the system.

Parameters:

  • registryKey (mocking.RegistryKey): The registry key used to access the system's registry.

Returns:

  • Check: A Check object that encapsulates the results of the Bluetooth check. The Check object includes a list of strings, where each string represents a Bluetooth device that is currently or was previously connected to the system. If an error occurs during the Bluetooth check, the Check object will encapsulate this error.

This function first opens the registry key for Bluetooth devices. It then reads the names of all sub-keys, which represent Bluetooth devices. For each device, the function opens the device sub-key, retrieves the device name, and adds it to the results. If an error occurs at any point during this process, it is encapsulated in the Check object and returned.

func ExternalDevices 

func ExternalDevices(executorClass mocking.CommandExecutor) Check

ExternalDevices is a function that conducts a security assessment for any external devices connected to the system.

Parameters:

  • executorClass (commandmock.CommandExecutor): An instance of CommandExecutor that is utilized to execute commands at the system level.

Returns:

  • Check: A Check object that encapsulates the outcome of the external devices check. If any external devices are detected, their names are included in the Result field of the Check object. If an error is encountered during the check, it is encapsulated in the Error and ErrorMSG fields of the Check object.

The primary use of this function is to identify potential security threats associated with external devices that are connected to the system.

func GuestAccount 

func GuestAccount(
	executorLocalGroup mocking.CommandExecutor,
	executorLocalGroupMembers mocking.CommandExecutor,
	executorYesWord mocking.CommandExecutor,
	executorNetUser mocking.CommandExecutor,
) Check

GuestAccount checks the status of the Windows guest account.

Parameters:

  • executorLocalGroup (commandmock.CommandExecutor): An instance of CommandExecutor used to execute the Get-WmiObject command to retrieve local group information.
  • executorLocalGroupMembers (commandmock.CommandExecutor): An instance of CommandExecutor used to execute the 'net localgroup' command to retrieve local group members.
  • executorYesWord (commandmock.CommandExecutor): An instance of CommandExecutor used to execute the 'net user' command to retrieve the word for 'yes' in the current user's language.
  • executorNetUser (commandmock.CommandExecutor): An instance of CommandExecutor used to execute the 'net user' command to retrieve all users.

Returns:

  • Check: A Check instance encapsulating the results of the guest account check. If the guest account is active, the Result field of the Check instance will contain the message "Guest account is active". If the guest account is not active, the Result field will contain the message "Guest account is not active". If an error occurs during the check, it is encapsulated in the Error and ErrorMSG fields of the Check instance.

This function is primarily used to identify potential security risks associated with an active guest account on the Windows system.

func LastPasswordChange 

func LastPasswordChange(executor mocking.CommandExecutor) Check

LastPasswordChange is a function that checks the last time the Windows password was changed.

Parameters:

  • executor mocking.CommandExecutor: An executor to run the command for retrieving the last password change date.

Returns:

  • Check: A struct containing the result of the check. The result indicates the date when the password was last changed.

The function works by executing a 'net user' command to get the user's password last set date. It then parses the output of the command to extract the date. The function compares this date with the current date and if the difference is more than half a year, it returns a warning suggesting the user to change the password. Otherwise, it returns a message indicating that the password was changed recently.

func LoginMethod 

func LoginMethod(registryKey mocking.RegistryKey) Check

LoginMethod is a function that checks and returns the login methods enabled by the user on a Windows system.

Parameters:

  • registryKey mocking.RegistryKey: A registry key object for accessing the Windows login methods registry key.

Returns:

  • Check: A struct containing the result of the check. The result is a list of enabled login methods such as PIN, Picture Logon, Password, Fingerprint, Facial recognition, and Trust signal.

The function works by opening and reading the values of the Windows login methods registry key. Each login method corresponds to a unique GUID. The function checks whether the GUID is present in the registry key, and if it is, that login method is considered enabled. The function returns a Check instance containing a list of enabled login methods.

func NetworkProfileTypes added in v0.2.0 

func NetworkProfileTypes(registryKey mocking.RegistryKey) Check

NetworkProfileTypes is a function that checks the network profile types on the system.

Parameters:

  • registryKey (mocking.RegistryKey): An instance of RegistryKey used to access the registry keys related to network profiles.

Returns:

  • Check: A Check instance encapsulating the results of the network profile type check. The Result field of the Check instance will contain one or more of the following messages:
  • "Network [ProfileName] is Public" if the network profile is public.
  • "Network [ProfileName] is Private" if the network profile is private.
  • "Network [ProfileName] is Domain" if the network profile is domain.
  • "No network profiles found" if no network profiles are found.

This function is primarily used to identify potential security risks associated with different types of network profiles on the system.

func NewCheckError 

func NewCheckError(id int, err error) Check

NewCheckError is a constructor function that creates and returns a new instance of the Check struct. It sets the ID, Error, and ErrorMSG fields of the Check struct, leaving the Result field as its zero value.

Parameters:

  • id (int): A unique identifier for the check. This value is assigned to the ID field of the Check struct.
  • err (error): An error object that captures any error that occurred during the check. This value is assigned to the Error field of the Check struct, and its string representation is assigned to the ErrorMSG field.

Returns:

  • Check: A new instance of the Check struct with the ID, Error, and ErrorMSG fields set to the provided values, and the Result field set to its zero value.

This function is primarily used when a security or privacy check encounters an error and needs to return a Check instance that encapsulates this error.

func NewCheckErrorf 

func NewCheckErrorf(id int, message string, err error) Check

NewCheckErrorf is a constructor function that creates and returns a new instance of the Check struct. It sets the ID, Error, and ErrorMSG fields of the Check struct, leaving the Result field as its zero value.

Parameters:

  • id (int): A unique identifier for the check. This value is assigned to the ID field of the Check struct.
  • message (string): A base error message that provides context about the error. This is used to create a formatted error message.
  • err (error): An error object that captures any error that occurred during the check. This is used to create a formatted error message, which is assigned to the ErrorMSG field.

Returns:

  • Check: A new instance of the Check struct with the ID, Error, and ErrorMSG fields set to the provided values, and the Result field set to its zero value.

This function is primarily used when a security or privacy check encounters an error and needs to return a Check instance that encapsulates this error. The formatted error message provides additional context about the error, which can be helpful for debugging and understanding the nature of the error.

func NewCheckResult 

func NewCheckResult(issID int, resID int, result ...string) Check

NewCheckResult is a constructor function that creates and returns a new instance of the Check struct. It sets the IssueID, ResultID, and Result fields of the Check struct, leaving the Error and ErrorMSG fields as their zero values.

Parameters:

  • issID (int): A unique identifier for the issue. This value is assigned to the IssueID field of the Check struct.
  • resID (int): A unique identifier for the result. This value is assigned to the ResultID field of the Check struct.
  • result ([]string): The outcome of the check. This could be a list of strings representing various results. This value is assigned to the Result field of the Check struct.

Returns:

  • Check: A new instance of the Check struct with the IssueID, ResultID, and Result fields set to the provided values, and the Error and ErrorMSG fields set to their zero values.

This function is primarily used when a security or privacy check completes successfully and returns a result without any errors.

func OpenPorts 

func OpenPorts(tasklistexecutor, netstatexecutor mocking.CommandExecutor) Check

OpenPorts is a function that checks for open ports on the system and identifies the processes that are using them.

Parameters:

  • tasklistexecutor (mocking.CommandExecutor): An executor to run the 'tasklist' command which retrieves the list of currently running tasks.
  • netstatexecutor (mocking.CommandExecutor): An executor to run the 'netstat' command which provides network statistics.

Returns:

  • Check: A struct containing the result of the check. The result is a list of open ports along with the names of the processes that are using them.

The function works by first running the 'tasklist' command to get a list of all running tasks. It then maps each process ID to its corresponding process name. Next, it runs the 'netstat' command to get a list of all open ports. For each open port, it identifies the process ID and maps it back to the process name using the previously created map. The function then returns a list of open ports along with the names of the processes that are using them.

func PasswordManager 

func PasswordManager(pl ProgramLister) Check

PasswordManager is a function that checks for the presence of known password managers on the system.

Parameters:

  • pl (ProgramLister): An instance of ProgramLister used to list installed programs.

Returns:

  • Check: A Check instance encapsulating the results of the password manager check. The Result field of the Check instance will contain one of the following messages:
  • The name of the password manager if found.
  • "No password manager found" if no known password managers are found.

This function uses the ListInstalledPrograms method of the provided ProgramLister to list installed programs in the 'Program Files' and 'Program Files (x86)' directories. It then checks if any of the listed programs match the names of known password managers. If a match is found, it returns a Check instance with the name of the password manager. If no match is found, it returns a Check instance with the message "No password manager found".

func Permission 

func Permission(permissionID int, permission string, registryKey mocking.RegistryKey) Check

Permission is a function that checks if a user has granted a specific permission to an application.

Parameters:

  • permissionID (int): The ID of the permission check.
  • permission (string): The specific permission to check.
  • registryKey (mocking.RegistryKey): The registry key to use for the check.

Returns:

  • Check: A Check instance encapsulating the results of the permission check. The Result field of the Check instance will contain a list of applications that have been granted the specified permission.

This function opens the registry key for the given permission and retrieves the names of all sub-keys, which represent applications. It then iterates through these applications, checking if they have been granted the specified permission. If the permission value is "Allow", the application name is added to the results. The function also handles non-packaged applications separately. Finally, it removes any duplicate results before returning them.

func RemoteDesktopCheck 

func RemoteDesktopCheck(registryKey mocking.RegistryKey) Check

RemoteDesktopCheck is a function that checks if the Remote Desktop feature is enabled on the system.

Parameters:

  • registryKey (mocking.RegistryKey): A mocker of a Windows registry key. This is used to simulate the behavior of the Windows registry for testing purposes.

Returns:

  • Check: A struct containing the result of the check. The result indicates whether the Remote Desktop feature is enabled or not.

The function works by opening the registry key for Terminal Server settings. It then reads the value of 'fDenyTSConnections', which indicates whether Remote Desktop is enabled or not. If the value is 0, it means that Remote Desktop is enabled. Otherwise, it is disabled. The function returns a Check instance containing the result of the check.

func SecureBoot 

func SecureBoot(registryKey mocking.RegistryKey) Check

SecureBoot is a function that checks if Windows Secure Boot is enabled on the system.

Parameters:

  • registryKey mocking.RegistryKey: A registry key object for accessing the Windows Secure Boot registry key.

Returns:

  • Check: A struct containing the result of the check. The result indicates whether Windows Secure Boot is enabled or not.

The function works by opening the Windows Secure Boot registry key and reading its 'UEFISecureBootEnabled' value. This value represents the status of Secure Boot. If the value is 1, Secure Boot is enabled. If the value is 0, Secure Boot is disabled. If the function encounters an error while accessing the registry key or reading the value, it returns a Check instance containing an error message. If the 'UEFISecureBootEnabled' value is not 1 or 0, the function returns a Check instance indicating that the Secure Boot status is unknown.

func SmbCheck 

func SmbCheck(smbexecutor mocking.CommandExecutor) Check

SmbCheck is a function that checks the status of SMB1 (Server Message Block) and SMB2 protocols on the system.

Parameters:

  • smb1executor mocking.CommandExecutor: An executor to run the command for checking the status of SMB1.
  • smb2executor mocking.CommandExecutor: An executor to run the command for checking the status of SMB2.

Returns:

  • Check: A struct containing the results of the checks. The result indicates whether SMB1 and SMB2 protocols are enabled or not.

The function works by executing the commands to check the status of SMB1 and SMB2 protocols using the provided executors. It then parses the output of the commands to determine whether the protocols are enabled or not. The function returns a Check instance containing the results of the checks.

func Startup 

func Startup(key1 mocking.RegistryKey, key2 mocking.RegistryKey, key3 mocking.RegistryKey) Check

Startup is a function that checks the Windows registry for startup programs.

Parameters:

  • key1 mocking.RegistryKey: A registry key object for accessing the first registry key location for startup programs.
  • key2 mocking.RegistryKey: A registry key object for accessing the second registry key location for startup programs.
  • key3 mocking.RegistryKey: A registry key object for accessing the third registry key location for startup programs.

Returns:

  • Check: A struct containing the result of the check. The result includes a list of startup programs if any are found, or a message indicating that no startup programs were found.

The function works by opening three different registry keys where startup programs can be located. It reads the entries within each registry key and concatenates the results. If any startup programs are found, the function returns a Check instance containing a list of the startup programs. If no startup programs are found, the function returns a Check instance with a message indicating that no startup programs were found. If the function encounters an error while opening the registry keys or reading the entries, it returns a Check instance containing an error message.

func UACCheck 

func UACCheck(uacExecutor mocking.CommandExecutor) Check

UACCheck is a function that checks the User Account Control (UAC) level on the system.

Parameters:

  • uacExecutor commandmock.CommandExecutor: An executor to run the command for checking the UAC level.

Returns:

  • Check: A struct containing the result of the check. The result indicates the level at which the UAC is enabled.

The function works by executing a PowerShell command to get the 'ConsentPromptBehaviorAdmin' property from the system registry. This property represents the UAC level. The function then parses the output of the command to determine the UAC level. Based on the value of the key, the function returns a Check instance containing a string that describes the UAC level.

func WindowsDefender 

func WindowsDefender(scanKey mocking.RegistryKey, defenderKey mocking.RegistryKey) Check

WindowsDefender is a function that checks the status of Windows Defender and its periodic scan feature on the system.

Parameters:

  • scanKey mocking.RegistryKey: A registry key object for accessing the Windows Defender registry key.
  • defenderKey mocking.RegistryKey: A registry key object for accessing the Windows Defender Real-Time Protection registry key.

Returns:

  • Check: A struct containing the result of the check. The result indicates whether Windows Defender and its periodic scan feature are enabled or disabled.

The function works by opening and reading the values of the Windows Defender and Real-Time Protection registry keys. Based on these values, it determines the status of Windows Defender and its periodic scan feature. The function returns a Check instance containing a string that describes the status of Windows Defender and its periodic scan feature.

func WindowsOutdated 

func WindowsOutdated(mockExecutor mocking.CommandExecutor) Check

WindowsOutdated is a function that checks if the currently installed Windows version is outdated.

Parameters:

  • mockOS mocking.WindowsVersion: A mock object for retrieving the Windows version information.

Returns:

  • Check: A struct containing the result of the check. The result indicates whether the Windows version is up-to-date or if updates are available.

The function works by retrieving the Windows version information using the provided mock object. It then compares the build number of the installed Windows version with the build numbers of the latest Windows 10 and Windows 11 versions. If the installed version's build number matches the latest build number for its major version (10 or 11), the function returns a message indicating that the Windows version is up-to-date. If the build number does not match, the function returns a message indicating that updates are available. If the major version is neither 10 nor 11, the function returns a message suggesting to update to Windows 10 or Windows 11.

type ProgramLister 

type ProgramLister interface {
	ListInstalledPrograms(directory string) ([]string, error)
}

ProgramLister is an interface that defines a method for listing installed programs.

The ListInstalledPrograms method takes a directory path as input and returns a slice of strings representing the names of installed programs, or an error if the operation fails.

This interface is used in the PasswordManager function to abstract the operation of listing installed programs, allowing for different implementations that can be swapped out as needed. This is particularly useful for testing, as a mock implementation can be used to simulate different scenarios.

type RealProgramLister 

type RealProgramLister struct{}

RealProgramLister is a struct that implements the ProgramLister interface.

It provides a real-world implementation of the ListInstalledPrograms method, which lists all installed programs in a given directory by reading the directory's contents and returning the names of all subdirectories, which represent installed programs.

This struct is used in the PasswordManager function to list installed programs when checking for the presence of known password managers.

func (RealProgramLister) ListInstalledPrograms 

func (rpl RealProgramLister) ListInstalledPrograms(directory string) ([]string, error)

ListInstalledPrograms is a method of the RealProgramLister struct that lists all installed programs in a given directory.

Parameters:

  • directory (string): The path of the directory to list the installed programs from.

Returns:

  • []string: A slice of strings representing the names of installed programs.
  • error: An error object that describes the error, if any occurred.

This method reads the contents of the specified directory and returns the names of all subdirectories, which represent installed programs. If an error occurs during the operation, it returns the error.

Source Files

View all Source files

Directories

Path Synopsis
browsers
browserutils
Package browserutils provides utility functions for handling browser-related operations.
 Package browserutils provides utility functions for handling browser-related operations.
chromium
Package chromium is responsible for running checks on Chromium based browsers.
 Package chromium is responsible for running checks on Chromium based browsers.
firefox
Package firefox is responsible for running checks on Firefox.
 Package firefox is responsible for running checks on Firefox.
Package checksutils provides utility functions for security/privacy checks.
 Package checksutils provides utility functions for security/privacy checks.
Package cisregistrysettings provides a set of functions to check various registry settings to ensure they adhere to the CIS Benchmark standards.
 Package cisregistrysettings provides a set of functions to check various registry settings to ensure they adhere to the CIS Benchmark standards.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.