diff --git a/Cli/Components/CollectorOptions/FileCollectorOptions.razor b/Cli/Components/CollectorOptions/FileCollectorOptions.razor index 914fe494..a53035f8 100644 --- a/Cli/Components/CollectorOptions/FileCollectorOptions.razor +++ b/Cli/Components/CollectorOptions/FileCollectorOptions.razor @@ -24,9 +24,9 @@
@@ -71,17 +71,17 @@ void RemoveInputFromList() { - if (appData.CollectOptions.SelectedDirectories.Count > SelectedDirectoryTop) + if (appData.CollectOptions.SelectedDirectories.Count() > SelectedDirectoryTop) { - appData.CollectOptions.SelectedDirectories.RemoveAt(SelectedDirectoryTop); + appData.CollectOptions.SelectedDirectories = appData.CollectOptions.SelectedDirectories.Except(appData.CollectOptions.SelectedDirectories.Skip(SelectedDirectoryTop-1).Take(1)); Helper.ToggleGlow(() => InvokeAsync(StateHasChanged), directorySelectElementGlowClass, false); } } void PushInputToList() { - appData.CollectOptions.SelectedDirectories.Add(SelectedDirectoryInput); - SelectedDirectoryTop = appData.CollectOptions.SelectedDirectories.Count - 1; + appData.CollectOptions.SelectedDirectories = appData.CollectOptions.SelectedDirectories.Union(new string[] { SelectedDirectoryInput }); + SelectedDirectoryTop = appData.CollectOptions.SelectedDirectories.Count() - 1; Helper.ToggleGlow(() => InvokeAsync(StateHasChanged), directorySelectElementGlowClass, true); SelectedDirectoryInput = string.Empty; } diff --git a/Cli/Components/CollectorOptions/RegistryCollectorOptions.razor b/Cli/Components/CollectorOptions/RegistryCollectorOptions.razor index bb0757f5..1cdefe70 100644 --- a/Cli/Components/CollectorOptions/RegistryCollectorOptions.razor +++ b/Cli/Components/CollectorOptions/RegistryCollectorOptions.razor @@ -23,9 +23,9 @@
@@ -44,14 +44,14 @@ void RemoveInputFromList() { - appData.CollectOptions.SelectedHives.RemoveAt(SelectedHiveTop); + appData.CollectOptions.SelectedHives = appData.CollectOptions.SelectedDirectories.Except(appData.CollectOptions.SelectedDirectories.Skip(SelectedHiveTop-1).Take(1)); Helper.ToggleGlow(() => InvokeAsync(StateHasChanged), directorySelectElementGlowClass, false); } void PushInputToList() { - appData.CollectOptions.SelectedHives.Add(SelectedHiveInput); - SelectedHiveTop = appData.CollectOptions.SelectedHives.Count - 1; + appData.CollectOptions.SelectedHives = appData.CollectOptions.SelectedHives.Union(new string[] { SelectedHiveInput }); + SelectedHiveTop = appData.CollectOptions.SelectedHives.Count() - 1; Helper.ToggleGlow(() => InvokeAsync(StateHasChanged), directorySelectElementGlowClass, true); SelectedHiveInput = string.Empty; } diff --git a/Cli/Components/MonitorOptions/FileMonitorOptions.razor b/Cli/Components/MonitorOptions/FileMonitorOptions.razor index 6343c31a..19c14938 100644 --- a/Cli/Components/MonitorOptions/FileMonitorOptions.razor +++ b/Cli/Components/MonitorOptions/FileMonitorOptions.razor @@ -30,9 +30,9 @@
@@ -51,14 +51,14 @@ void RemoveInputFromList() { - appData.MonitorOptions.MonitoredDirectories.RemoveAt(SelectedDirectoryTop); + appData.MonitorOptions.MonitoredDirectories = appData.MonitorOptions.MonitoredDirectories.Except(appData.MonitorOptions.MonitoredDirectories.Skip(SelectedDirectoryTop-1).Take(1)); Helper.ToggleGlow(() => InvokeAsync(StateHasChanged), directorySelectElementGlowClass, false); } void PushInputToList() { - appData.MonitorOptions.MonitoredDirectories.Add(SelectedDirectoryInput); - SelectedDirectoryTop = appData.MonitorOptions.MonitoredDirectories.Count - 1; + appData.MonitorOptions.MonitoredDirectories = appData.MonitorOptions.MonitoredDirectories.Union(new string[] { SelectedDirectoryInput }); + SelectedDirectoryTop = appData.MonitorOptions.MonitoredDirectories.Count() - 1; Helper.ToggleGlow(() => InvokeAsync(StateHasChanged), directorySelectElementGlowClass, true); SelectedDirectoryInput = string.Empty; } diff --git a/Lib/Collectors/EventLogCollector.cs b/Lib/Collectors/EventLogCollector.cs index 7523af50..55d2be88 100644 --- a/Lib/Collectors/EventLogCollector.cs +++ b/Lib/Collectors/EventLogCollector.cs @@ -189,6 +189,10 @@ namespace Microsoft.CST.AttackSurfaceAnalyzer.Collectors [System.Diagnostics.CodeAnalysis.SuppressMessage("Design", "CA1031:Do not catch general exception types", Justification = "Official documentation for this functionality does not specify what exceptions it throws. https://docs.microsoft.com/en-us/dotnet/api/system.diagnostics.eventlogentrycollection?view=netcore-3.0")] public void ExecuteWindows(CancellationToken cancellationToken) { + if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) + { + return; + } void ParseWindowsLog(EventLogEntry entry) { if (opts.GatherVerboseLogs || entry.EntryType.ToString() == "Warning" || entry.EntryType.ToString() == "Error") diff --git a/Lib/Collectors/FileSystemMonitor.cs b/Lib/Collectors/FileSystemMonitor.cs index 5f0fda6a..f0a49701 100644 --- a/Lib/Collectors/FileSystemMonitor.cs +++ b/Lib/Collectors/FileSystemMonitor.cs @@ -83,7 +83,7 @@ namespace Microsoft.CST.AttackSurfaceAnalyzer.Collectors GatherHashes = options.GatherHashes, }); - foreach (var dir in options.MonitoredDirectories.Count > 0 ? options.MonitoredDirectories : fsc.Roots.ToList()) + foreach (var dir in (options?.MonitoredDirectories.Any() is true) ? options.MonitoredDirectories : fsc.Roots.ToList()) { foreach (var filter in defaultFiltersList) { diff --git a/Lib/Collectors/OpenPortCollector.cs b/Lib/Collectors/OpenPortCollector.cs index 1e4edfa3..d199228d 100644 --- a/Lib/Collectors/OpenPortCollector.cs +++ b/Lib/Collectors/OpenPortCollector.cs @@ -191,10 +191,8 @@ namespace Microsoft.CST.AttackSurfaceAnalyzer.Collectors { Address = endpoint.Address.ToString(), }; - foreach (ProcessPort p in Win32ProcessPorts.ProcessPortMap.FindAll(x => x.PortNumber == endpoint.Port)) - { - obj.ProcessName = p.ProcessName; - } + + obj.ProcessName = Win32ProcessPorts.ProcessPortMap.Find(x => x.PortNumber == endpoint.Port)?.ProcessName; HandleChange(obj); } diff --git a/Lib/Objects/CommandOptions.cs b/Lib/Objects/CommandOptions.cs index 9a72a10a..0974eee6 100644 --- a/Lib/Objects/CommandOptions.cs +++ b/Lib/Objects/CommandOptions.cs @@ -119,13 +119,13 @@ namespace Microsoft.CST.AttackSurfaceAnalyzer public string? RunId { get; set; } [Option("directories", Required = false, HelpText = "comma separated list of paths to scan with FileSystemCollector", Separator = ',')] - public List SelectedDirectories { get; set; } = new List(); + public IEnumerable SelectedDirectories { get; set; } = new List(); [Option("skip-directories", Required = false, HelpText = "comma separated list of paths to skip with FileSystemCollector", Separator = ',')] - public List SkipDirectories { get; set; } = new List(); + public IEnumerable SkipDirectories { get; set; } = new List(); [Option("hives", Required = false, HelpText = "comma separated list of hives and subkeys to search.", Separator = ',')] - public List SelectedHives { get; set; } = new List(); + public IEnumerable SelectedHives { get; set; } = new List(); [Option(HelpText = "Force singlethreaded collectors.")] public bool SingleThread { get; set; } @@ -276,7 +276,7 @@ namespace Microsoft.CST.AttackSurfaceAnalyzer public bool FileNamesOnly { get; set; } [Option(HelpText = "Comma-separated list of directories to monitor.", Separator = ',')] - public List MonitoredDirectories { get; set; } = new List(); + public IEnumerable MonitoredDirectories { get; set; } = new List(); [Option(HelpText = "Directory to output to.")] public string? OutputPath { get; set; } @@ -304,7 +304,7 @@ namespace Microsoft.CST.AttackSurfaceAnalyzer public bool GatherHashes { get; set; } [Option('d', "directories", Required = false, HelpText = "Comma-separated list of directories to monitor.", Separator = ',')] - public List MonitoredDirectories { get; set; } = new List(); + public IEnumerable MonitoredDirectories { get; set; } = new List(); //[Option('r', "registry", Required = false, HelpText = "Monitor the registry for changes. (Windows Only)")] //public bool EnableRegistryMonitor { get; set; } diff --git a/Lib/Utils/Win32OpenPortListenerHelper.cs b/Lib/Utils/Win32OpenPortListenerHelper.cs index b1d878b6..5179ed2b 100644 --- a/Lib/Utils/Win32OpenPortListenerHelper.cs +++ b/Lib/Utils/Win32OpenPortListenerHelper.cs @@ -29,7 +29,7 @@ namespace Microsoft.CST.AttackSurfaceAnalyzer.Utils } } - private static List CachedProcessPortMap = new List(); + private static List? CachedProcessPortMap = null; /// /// This method distills the output from netstat -a -n -o into a list of ProcessPorts that provide diff --git a/Tests/CollectorTests.cs b/Tests/CollectorTests.cs index bc9148a2..8943a0b5 100644 --- a/Tests/CollectorTests.cs +++ b/Tests/CollectorTests.cs @@ -507,7 +507,7 @@ namespace Microsoft.CST.AttackSurfaceAnalyzer.Tests { Assert.IsTrue(AsaHelpers.IsAdmin()); var user = System.Guid.NewGuid().ToString().Substring(0, 10); - var password = "$" + CryptoHelpers.GetRandomString(13); + var password = $"$A4%b^6a_"; var cmd = string.Format("user /add {0} {1}", user, password); ExternalCommandRunner.RunExternalCommand("net", cmd); diff --git a/version.json b/version.json index 71d85482..58216d82 100644 --- a/version.json +++ b/version.json @@ -16,4 +16,4 @@ "release": { "branchName": "release/v{version}" } -} \ No newline at end of file +}