Documentation ¶
Overview ¶
Package checks implements different security/privacy checks
Exported function(s): PasswordManager, WindowsDefender, LastPasswordChange, LoginMethod, Permission, Bluetooth, OpenPorts, WindowsOutdated, SecureBoot, SmbCheck, Startup, GuestAccount, UACCheck, RemoteDesktopCheck, ExternalDevices, NetworkSharing
Index ¶
- Constants
- Variables
- func CheckDeviceClass(deviceClass string, executorClass mocking.CommandExecutor) ([]string, error)
- func FindWindowsBuild(n *html.Node) string
- func GetURLBody(urlStr string) *html.Node
- func RemoveDuplicateStr(strSlice []string) []string
- func SmbEnabled(executor mocking.CommandExecutor, resultID int) (string, string, int, error)
- type Check
- func Bluetooth(registryKey mocking.RegistryKey) Check
- func ExternalDevices(executorClass mocking.CommandExecutor) Check
- func GuestAccount(executorLocalGroup mocking.CommandExecutor, ...) Check
- func LastPasswordChange(executor mocking.CommandExecutor) Check
- func LoginMethod(registryKey mocking.RegistryKey) Check
- func NetworkProfileTypes(registryKey mocking.RegistryKey) Check
- func NewCheckError(id int, err error) Check
- func NewCheckErrorf(id int, message string, err error) Check
- func NewCheckResult(issID int, resID int, result ...string) Check
- func OpenPorts(tasklistexecutor, netstatexecutor mocking.CommandExecutor) Check
- func PasswordManager(pl ProgramLister) Check
- func Permission(permissionID int, permission string, registryKey mocking.RegistryKey) Check
- func RemoteDesktopCheck(registryKey mocking.RegistryKey) Check
- func SecureBoot(registryKey mocking.RegistryKey) Check
- func SmbCheck(smbexecutor mocking.CommandExecutor) Check
- func Startup(key1 mocking.RegistryKey, key2 mocking.RegistryKey, key3 mocking.RegistryKey) Check
- func UACCheck(uacExecutor mocking.CommandExecutor) Check
- func WindowsDefender(scanKey mocking.RegistryKey, defenderKey mocking.RegistryKey) Check
- func WindowsOutdated(mockExecutor mocking.CommandExecutor) Check
- type ProgramLister
- type RealProgramLister
Constants ¶
const ( BluetoothID int = iota + 1 ExternalDevicesID GuestAccountID NetworkProfileTypeID PasswordManagerID LocationID MicrophoneID WebcamID AppointmentsID ContactsID PortsID RemoteDesktopID SmbID UacID WindowsDefenderID LastPasswordChangeID LoginMethodID WindowsOutdatedID SecureBootID StartupID ExtensionChromiumID ExtensionEdgeID HistoryChromiumID HistoryEdgeID SearchChromiumID SearchEdgeID CookiesFirefoxID ExtensionFirefoxID AdblockFirefoxID SearchFirefoxID HistoryFirefoxID CISRegistrySettingsID )
This is a list of all the Result IDs for the checks that are performed. It starts at 1 and then iterates up.
Variables ¶
var WinVersion int
Functions ¶
func CheckDeviceClass ¶
func CheckDeviceClass(deviceClass string, executorClass mocking.CommandExecutor) ([]string, error)
CheckDeviceClass is a function that runs the Get-PnpDevice command for a specified device class.
Parameters:
- deviceClass (string): The specific device class to be checked using the Get-PnpDevice command.
- executorClass (commandmock.CommandExecutor): An instance of CommandExecutor that is responsible for executing system-level commands.
Returns:
- ([]string): A list of devices that belong to the specified device class. Each string in the list represents a device name.
- (error): An error object that captures any error that occurred during the command execution. If no devices are found, an error is returned.
The main purpose of this function is to identify devices of a specific class that are connected to the system. It runs the Get-PnpDevice command with the specified device class and parses the output to extract the device names. If no devices are found, the function returns an error.
func FindWindowsBuild ¶ added in v0.2.0
FindWindowsBuild searches for the latest Windows build in the HTML content of a given URL.
This function iterates over the children of the provided HTML node. If the node is a table body (tbody), the function iterates over its children. If a child is a table row (tr), the function counts the number of table data (td) elements in the row. When it finds the fifth td element, it extracts and returns the data as a string. If the function does not find a tbody or a tr with five td elements, it continues the search recursively on the node's children.
The function is designed to work for the specific layout of the HTML content at the provided URL. Should this layout change, the function may need to be updated to reflect the new structure.
Parameters:
- n *html.Node - The HTML node to search for the data element.
Returns: The data from the fifth td element in the first tr of the tbody of the provided HTML node. If no such data element is found, the function returns an empty string.
func GetURLBody ¶ added in v0.2.0
GetURLBody fetches and parses the HTML content of a given URL.
This function makes an HTTP GET request to the provided URL and parses the HTML content of the response. It logs any errors that occur during the HTTP request or the HTML parsing. The function returns the root node of the parsed HTML document.
Parameters:
- url string - The URL to fetch and parse the HTML content from.
Returns: The root node of the parsed HTML document.
func RemoveDuplicateStr ¶ added in v0.2.0
RemoveDuplicateStr is a utility function that eliminates duplicate string values from a given slice.
Parameters:
- strSlice []string: The input slice from which duplicate string values need to be removed.
Returns:
- []string: A new slice that contains the unique string values from the input slice. The order of the elements is preserved based on their first occurrence in the input slice.
func SmbEnabled ¶
SmbEnabled is a function that determines the status of a specified SMB (Server Message Block) protocol on the system.
Parameters:
- smb string: The SMB protocol to check. This should be either "SMB1" or "SMB2".
- executor mocking.CommandExecutor: An executor to run the command for checking the status of the specified SMB protocol.
Returns:
- string: A string indicating the status of the specified SMB protocol. The string is in the format "<SMB>: enabled" if the protocol is enabled, and "<SMB>: not enabled" if the protocol is not enabled.
- error: An error object that describes the error, if any occurred during the execution of the command.
The function works by executing a PowerShell command to get the server configuration of the specified SMB protocol. It then parses the output of the command to determine whether the protocol is enabled or not. The function returns a string indicating the status of the protocol and an error object if an error occurred during the execution of the command.
Types ¶
type Check ¶
type Check struct { IssueID int `json:"issue_id"` ResultID int `json:"result_id"` Result []string `json:"result,omitempty"` Error error `json:"-"` // Don't serialize error field to JSON ErrorMSG string `json:"error,omitempty"` }
Check is a struct that encapsulates the outcome of a security or privacy check.
Fields:
- IssueID (int): A unique identifier for the issue. This value is used to distinguish between different checks.
- ResultID (int): A unique identifier for the result. This value is used to distinguish between different results of a check.
- Result ([]string): The outcome of the check. This could be a list of strings representing various results.
- Error (error): An error object that captures any error that occurred during the check. This is not serialized directly to JSON.
- ErrorMSG (string): A string representation of the error. This is included because the error datatype cannot be directly serialized to JSON.
The Check struct can be instantiated using the following functions:
- NewCheckResult: Creates a new Check instance with only a result.
- NewCheckError: Creates a new Check instance with an error and its string representation.
- NewCheckErrorf: Creates a new Check instance with a formatted error message and its error object.
This struct is primarily used to standardize the return type across various security and privacy checks in the application.
func Bluetooth ¶
func Bluetooth(registryKey mocking.RegistryKey) Check
Bluetooth is a function that checks for Bluetooth devices which are currently connected or have been previously connected to the system.
Parameters:
- registryKey (mocking.RegistryKey): The registry key used to access the system's registry.
Returns:
- Check: A Check object that encapsulates the results of the Bluetooth check. The Check object includes a list of strings, where each string represents a Bluetooth device that is currently or was previously connected to the system. If an error occurs during the Bluetooth check, the Check object will encapsulate this error.
This function first opens the registry key for Bluetooth devices. It then reads the names of all sub-keys, which represent Bluetooth devices. For each device, the function opens the device sub-key, retrieves the device name, and adds it to the results. If an error occurs at any point during this process, it is encapsulated in the Check object and returned.
func ExternalDevices ¶
func ExternalDevices(executorClass mocking.CommandExecutor) Check
ExternalDevices is a function that conducts a security assessment for any external devices connected to the system.
Parameters:
- executorClass (commandmock.CommandExecutor): An instance of CommandExecutor that is utilized to execute commands at the system level.
Returns:
- Check: A Check object that encapsulates the outcome of the external devices check. If any external devices are detected, their names are included in the Result field of the Check object. If an error is encountered during the check, it is encapsulated in the Error and ErrorMSG fields of the Check object.
The primary use of this function is to identify potential security threats associated with external devices that are connected to the system.
func GuestAccount ¶
func GuestAccount( executorLocalGroup mocking.CommandExecutor, executorLocalGroupMembers mocking.CommandExecutor, executorYesWord mocking.CommandExecutor, executorNetUser mocking.CommandExecutor, ) Check
GuestAccount checks the status of the Windows guest account.
Parameters:
- executorLocalGroup (commandmock.CommandExecutor): An instance of CommandExecutor used to execute the Get-WmiObject command to retrieve local group information.
- executorLocalGroupMembers (commandmock.CommandExecutor): An instance of CommandExecutor used to execute the 'net localgroup' command to retrieve local group members.
- executorYesWord (commandmock.CommandExecutor): An instance of CommandExecutor used to execute the 'net user' command to retrieve the word for 'yes' in the current user's language.
- executorNetUser (commandmock.CommandExecutor): An instance of CommandExecutor used to execute the 'net user' command to retrieve all users.
Returns:
- Check: A Check instance encapsulating the results of the guest account check. If the guest account is active, the Result field of the Check instance will contain the message "Guest account is active". If the guest account is not active, the Result field will contain the message "Guest account is not active". If an error occurs during the check, it is encapsulated in the Error and ErrorMSG fields of the Check instance.
This function is primarily used to identify potential security risks associated with an active guest account on the Windows system.
func LastPasswordChange ¶
func LastPasswordChange(executor mocking.CommandExecutor) Check
LastPasswordChange is a function that checks the last time the Windows password was changed.
Parameters:
- executor mocking.CommandExecutor: An executor to run the command for retrieving the last password change date.
Returns:
- Check: A struct containing the result of the check. The result indicates the date when the password was last changed.
The function works by executing a 'net user' command to get the user's password last set date. It then parses the output of the command to extract the date. The function compares this date with the current date and if the difference is more than half a year, it returns a warning suggesting the user to change the password. Otherwise, it returns a message indicating that the password was changed recently.
func LoginMethod ¶
func LoginMethod(registryKey mocking.RegistryKey) Check
LoginMethod is a function that checks and returns the login methods enabled by the user on a Windows system.
Parameters:
- registryKey mocking.RegistryKey: A registry key object for accessing the Windows login methods registry key.
Returns:
- Check: A struct containing the result of the check. The result is a list of enabled login methods such as PIN, Picture Logon, Password, Fingerprint, Facial recognition, and Trust signal.
The function works by opening and reading the values of the Windows login methods registry key. Each login method corresponds to a unique GUID. The function checks whether the GUID is present in the registry key, and if it is, that login method is considered enabled. The function returns a Check instance containing a list of enabled login methods.
func NetworkProfileTypes ¶ added in v0.2.0
func NetworkProfileTypes(registryKey mocking.RegistryKey) Check
NetworkProfileTypes is a function that checks the network profile types on the system.
Parameters:
- registryKey (mocking.RegistryKey): An instance of RegistryKey used to access the registry keys related to network profiles.
Returns:
- Check: A Check instance encapsulating the results of the network profile type check. The Result field of the Check instance will contain one or more of the following messages:
- "Network [ProfileName] is Public" if the network profile is public.
- "Network [ProfileName] is Private" if the network profile is private.
- "Network [ProfileName] is Domain" if the network profile is domain.
- "No network profiles found" if no network profiles are found.
This function is primarily used to identify potential security risks associated with different types of network profiles on the system.
func NewCheckError ¶
NewCheckError is a constructor function that creates and returns a new instance of the Check struct. It sets the ID, Error, and ErrorMSG fields of the Check struct, leaving the Result field as its zero value.
Parameters:
- id (int): A unique identifier for the check. This value is assigned to the ID field of the Check struct.
- err (error): An error object that captures any error that occurred during the check. This value is assigned to the Error field of the Check struct, and its string representation is assigned to the ErrorMSG field.
Returns:
- Check: A new instance of the Check struct with the ID, Error, and ErrorMSG fields set to the provided values, and the Result field set to its zero value.
This function is primarily used when a security or privacy check encounters an error and needs to return a Check instance that encapsulates this error.
func NewCheckErrorf ¶
NewCheckErrorf is a constructor function that creates and returns a new instance of the Check struct. It sets the ID, Error, and ErrorMSG fields of the Check struct, leaving the Result field as its zero value.
Parameters:
- id (int): A unique identifier for the check. This value is assigned to the ID field of the Check struct.
- message (string): A base error message that provides context about the error. This is used to create a formatted error message.
- err (error): An error object that captures any error that occurred during the check. This is used to create a formatted error message, which is assigned to the ErrorMSG field.
Returns:
- Check: A new instance of the Check struct with the ID, Error, and ErrorMSG fields set to the provided values, and the Result field set to its zero value.
This function is primarily used when a security or privacy check encounters an error and needs to return a Check instance that encapsulates this error. The formatted error message provides additional context about the error, which can be helpful for debugging and understanding the nature of the error.
func NewCheckResult ¶
NewCheckResult is a constructor function that creates and returns a new instance of the Check struct. It sets the IssueID, ResultID, and Result fields of the Check struct, leaving the Error and ErrorMSG fields as their zero values.
Parameters:
- issID (int): A unique identifier for the issue. This value is assigned to the IssueID field of the Check struct.
- resID (int): A unique identifier for the result. This value is assigned to the ResultID field of the Check struct.
- result ([]string): The outcome of the check. This could be a list of strings representing various results. This value is assigned to the Result field of the Check struct.
Returns:
- Check: A new instance of the Check struct with the IssueID, ResultID, and Result fields set to the provided values, and the Error and ErrorMSG fields set to their zero values.
This function is primarily used when a security or privacy check completes successfully and returns a result without any errors.
func OpenPorts ¶
func OpenPorts(tasklistexecutor, netstatexecutor mocking.CommandExecutor) Check
OpenPorts is a function that checks for open ports on the system and identifies the processes that are using them.
Parameters:
- tasklistexecutor (mocking.CommandExecutor): An executor to run the 'tasklist' command which retrieves the list of currently running tasks.
- netstatexecutor (mocking.CommandExecutor): An executor to run the 'netstat' command which provides network statistics.
Returns:
- Check: A struct containing the result of the check. The result is a list of open ports along with the names of the processes that are using them.
The function works by first running the 'tasklist' command to get a list of all running tasks. It then maps each process ID to its corresponding process name. Next, it runs the 'netstat' command to get a list of all open ports. For each open port, it identifies the process ID and maps it back to the process name using the previously created map. The function then returns a list of open ports along with the names of the processes that are using them.
func PasswordManager ¶
func PasswordManager(pl ProgramLister) Check
PasswordManager is a function that checks for the presence of known password managers on the system.
Parameters:
- pl (ProgramLister): An instance of ProgramLister used to list installed programs.
Returns:
- Check: A Check instance encapsulating the results of the password manager check. The Result field of the Check instance will contain one of the following messages:
- The name of the password manager if found.
- "No password manager found" if no known password managers are found.
This function uses the ListInstalledPrograms method of the provided ProgramLister to list installed programs in the 'Program Files' and 'Program Files (x86)' directories. It then checks if any of the listed programs match the names of known password managers. If a match is found, it returns a Check instance with the name of the password manager. If no match is found, it returns a Check instance with the message "No password manager found".
func Permission ¶
func Permission(permissionID int, permission string, registryKey mocking.RegistryKey) Check
Permission is a function that checks if a user has granted a specific permission to an application.
Parameters:
- permissionID (int): The ID of the permission check.
- permission (string): The specific permission to check.
- registryKey (mocking.RegistryKey): The registry key to use for the check.
Returns:
- Check: A Check instance encapsulating the results of the permission check. The Result field of the Check instance will contain a list of applications that have been granted the specified permission.
This function opens the registry key for the given permission and retrieves the names of all sub-keys, which represent applications. It then iterates through these applications, checking if they have been granted the specified permission. If the permission value is "Allow", the application name is added to the results. The function also handles non-packaged applications separately. Finally, it removes any duplicate results before returning them.
func RemoteDesktopCheck ¶
func RemoteDesktopCheck(registryKey mocking.RegistryKey) Check
RemoteDesktopCheck is a function that checks if the Remote Desktop feature is enabled on the system.
Parameters:
- registryKey (mocking.RegistryKey): A mocker of a Windows registry key. This is used to simulate the behavior of the Windows registry for testing purposes.
Returns:
- Check: A struct containing the result of the check. The result indicates whether the Remote Desktop feature is enabled or not.
The function works by opening the registry key for Terminal Server settings. It then reads the value of 'fDenyTSConnections', which indicates whether Remote Desktop is enabled or not. If the value is 0, it means that Remote Desktop is enabled. Otherwise, it is disabled. The function returns a Check instance containing the result of the check.
func SecureBoot ¶
func SecureBoot(registryKey mocking.RegistryKey) Check
SecureBoot is a function that checks if Windows Secure Boot is enabled on the system.
Parameters:
- registryKey mocking.RegistryKey: A registry key object for accessing the Windows Secure Boot registry key.
Returns:
- Check: A struct containing the result of the check. The result indicates whether Windows Secure Boot is enabled or not.
The function works by opening the Windows Secure Boot registry key and reading its 'UEFISecureBootEnabled' value. This value represents the status of Secure Boot. If the value is 1, Secure Boot is enabled. If the value is 0, Secure Boot is disabled. If the function encounters an error while accessing the registry key or reading the value, it returns a Check instance containing an error message. If the 'UEFISecureBootEnabled' value is not 1 or 0, the function returns a Check instance indicating that the Secure Boot status is unknown.
func SmbCheck ¶
func SmbCheck(smbexecutor mocking.CommandExecutor) Check
SmbCheck is a function that checks the status of SMB1 (Server Message Block) and SMB2 protocols on the system.
Parameters:
- smb1executor mocking.CommandExecutor: An executor to run the command for checking the status of SMB1.
- smb2executor mocking.CommandExecutor: An executor to run the command for checking the status of SMB2.
Returns:
- Check: A struct containing the results of the checks. The result indicates whether SMB1 and SMB2 protocols are enabled or not.
The function works by executing the commands to check the status of SMB1 and SMB2 protocols using the provided executors. It then parses the output of the commands to determine whether the protocols are enabled or not. The function returns a Check instance containing the results of the checks.
func Startup ¶
func Startup(key1 mocking.RegistryKey, key2 mocking.RegistryKey, key3 mocking.RegistryKey) Check
Startup is a function that checks the Windows registry for startup programs.
Parameters:
- key1 mocking.RegistryKey: A registry key object for accessing the first registry key location for startup programs.
- key2 mocking.RegistryKey: A registry key object for accessing the second registry key location for startup programs.
- key3 mocking.RegistryKey: A registry key object for accessing the third registry key location for startup programs.
Returns:
- Check: A struct containing the result of the check. The result includes a list of startup programs if any are found, or a message indicating that no startup programs were found.
The function works by opening three different registry keys where startup programs can be located. It reads the entries within each registry key and concatenates the results. If any startup programs are found, the function returns a Check instance containing a list of the startup programs. If no startup programs are found, the function returns a Check instance with a message indicating that no startup programs were found. If the function encounters an error while opening the registry keys or reading the entries, it returns a Check instance containing an error message.
func UACCheck ¶
func UACCheck(uacExecutor mocking.CommandExecutor) Check
UACCheck is a function that checks the User Account Control (UAC) level on the system.
Parameters:
- uacExecutor commandmock.CommandExecutor: An executor to run the command for checking the UAC level.
Returns:
- Check: A struct containing the result of the check. The result indicates the level at which the UAC is enabled.
The function works by executing a PowerShell command to get the 'ConsentPromptBehaviorAdmin' property from the system registry. This property represents the UAC level. The function then parses the output of the command to determine the UAC level. Based on the value of the key, the function returns a Check instance containing a string that describes the UAC level.
func WindowsDefender ¶
func WindowsDefender(scanKey mocking.RegistryKey, defenderKey mocking.RegistryKey) Check
WindowsDefender is a function that checks the status of Windows Defender and its periodic scan feature on the system.
Parameters:
- scanKey mocking.RegistryKey: A registry key object for accessing the Windows Defender registry key.
- defenderKey mocking.RegistryKey: A registry key object for accessing the Windows Defender Real-Time Protection registry key.
Returns:
- Check: A struct containing the result of the check. The result indicates whether Windows Defender and its periodic scan feature are enabled or disabled.
The function works by opening and reading the values of the Windows Defender and Real-Time Protection registry keys. Based on these values, it determines the status of Windows Defender and its periodic scan feature. The function returns a Check instance containing a string that describes the status of Windows Defender and its periodic scan feature.
func WindowsOutdated ¶
func WindowsOutdated(mockExecutor mocking.CommandExecutor) Check
WindowsOutdated is a function that checks if the currently installed Windows version is outdated.
Parameters:
- mockOS mocking.WindowsVersion: A mock object for retrieving the Windows version information.
Returns:
- Check: A struct containing the result of the check. The result indicates whether the Windows version is up-to-date or if updates are available.
The function works by retrieving the Windows version information using the provided mock object. It then compares the build number of the installed Windows version with the build numbers of the latest Windows 10 and Windows 11 versions. If the installed version's build number matches the latest build number for its major version (10 or 11), the function returns a message indicating that the Windows version is up-to-date. If the build number does not match, the function returns a message indicating that updates are available. If the major version is neither 10 nor 11, the function returns a message suggesting to update to Windows 10 or Windows 11.
type ProgramLister ¶
ProgramLister is an interface that defines a method for listing installed programs.
The ListInstalledPrograms method takes a directory path as input and returns a slice of strings representing the names of installed programs, or an error if the operation fails.
This interface is used in the PasswordManager function to abstract the operation of listing installed programs, allowing for different implementations that can be swapped out as needed. This is particularly useful for testing, as a mock implementation can be used to simulate different scenarios.
type RealProgramLister ¶
type RealProgramLister struct{}
RealProgramLister is a struct that implements the ProgramLister interface.
It provides a real-world implementation of the ListInstalledPrograms method, which lists all installed programs in a given directory by reading the directory's contents and returning the names of all subdirectories, which represent installed programs.
This struct is used in the PasswordManager function to list installed programs when checking for the presence of known password managers.
func (RealProgramLister) ListInstalledPrograms ¶
func (rpl RealProgramLister) ListInstalledPrograms(directory string) ([]string, error)
ListInstalledPrograms is a method of the RealProgramLister struct that lists all installed programs in a given directory.
Parameters:
- directory (string): The path of the directory to list the installed programs from.
Returns:
- []string: A slice of strings representing the names of installed programs.
- error: An error object that describes the error, if any occurred.
This method reads the contents of the specified directory and returns the names of all subdirectories, which represent installed programs. If an error occurs during the operation, it returns the error.
Source Files ¶
- bluetooth.go
- checks.go
- externaldevices.go
- guestaccount_check.go
- issue_ID.go
- networkprofiletypes_check.go
- password_manager.go
- permission.go
- ports.go
- remote_desktop_check.go
- smb_check.go
- uac_check.go
- windows_defender.go
- windows_lastpasswordchange.go
- windows_loginmethod.go
- windows_outdated.go
- windows_secureboot.go
- windows_startup.go
Directories ¶
Path | Synopsis |
---|---|
browsers
|
|
browserutils
Package browserutils provides utility functions for handling browser-related operations.
|
Package browserutils provides utility functions for handling browser-related operations. |
chromium
Package chromium is responsible for running checks on Chromium based browsers.
|
Package chromium is responsible for running checks on Chromium based browsers. |
firefox
Package firefox is responsible for running checks on Firefox.
|
Package firefox is responsible for running checks on Firefox. |
Package checksutils provides utility functions for security/privacy checks.
|
Package checksutils provides utility functions for security/privacy checks. |
Package cisregistrysettings provides a set of functions to check various registry settings to ensure they adhere to the CIS Benchmark standards.
|
Package cisregistrysettings provides a set of functions to check various registry settings to ensure they adhere to the CIS Benchmark standards. |