Merge pull request #53 from Netflix-Skunkworks/release-cleanup

cleanup for release
Netflix-Skunkworks · Aug 29, 2018 · 57fe6e6 · 57fe6e6
2 parents 9e4b4e5 + ad5ea26
commit 57fe6e6
Show file tree

Hide file tree

Showing 10 changed files with 247 additions and 338 deletions.
diff --git a/docs/POLICIES.md b/docs/POLICIES.md
@@ -94,7 +94,7 @@ Scans return a JSON object with an overall status and individual practice status
 
 ## Supported Practices
 
-### `os version` (yaml) | `osVersion` (json)
+### `osVersion`
 
 OS Version allows you to specify what operation system version the user is running, based on the platform the app is running on.
 
@@ -103,7 +103,7 @@ The requirement is specified to each platform and uses `semver` strings to speci
 **Example os version policy (yaml)**
 
 ```yaml
-os version:
+osVersion:
   darwin:
     # High Sierra
     ok: ">=10.13.6"
@@ -141,7 +141,7 @@ os version:
 
 You can use more complex semver strings if you want to warn on a specific OS version.
 
-### `firewall` (yaml) | `firewall` (json)
+### `firewall`
 
 Firewall checks the local firewall state using the default firewall provider in each platform (and `iptables` on linux). This practice uses the `RequirementOption` enum to specify the requirement.
 
@@ -155,7 +155,7 @@ Valid values are: `ALWAYS`, `SUGGESTED`, `NEVER`, `IF_SUPPORTED`
 }
 ```
 
-### `disk encryption` (yaml) | `diskEncryption` (json)
+### `diskEncryption`
 
 Disk encryption enumerates mounted drives and checks their encryption status using FileVault (mac), BitLocker (windows), and LUKS (linux). This practice uses the `RequirementOption` enum to specify the requirement.
 
@@ -169,7 +169,7 @@ Valid values are: `ALWAYS`, `SUGGESTED`, `NEVER`, `IF_SUPPORTED`
 }
 ```
 
-### `automatic updates` (yaml) | `automaticUpdates` (json)
+### `automaticUpdates`
 
 The automatic updates practice checks that the user has automatic updates enabled on their machine through `plist` values and service state (running). This practice uses the `RequirementOption` enum to specify the requirement.
 
@@ -183,7 +183,7 @@ Valid values are: `ALWAYS`, `SUGGESTED`, `NEVER`, `IF_SUPPORTED`
 }
 ```
 
-### `screen lock` (yaml) | `screenLock` (json)
+### `screenLock`
 
 Does not work on El Capitan or higher as this setting was moved to the keychain and is not accessible. This practice uses the `RequirementOption` enum to specify the requirement.
 
@@ -197,7 +197,7 @@ Valid values are: `ALWAYS`, `SUGGESTED`, `NEVER`, `IF_SUPPORTED`
 }
 ```
 
-### `remote login` (yaml) | `remoteLogin` (json)
+### `remoteLogin`
 
 Checks that remote login (RDP, SSH) is disabled for the device. This practice uses the `RequirementOption` enum to specify the requirement.
 
@@ -211,7 +211,7 @@ Valid values are: `ALWAYS`, `SUGGESTED`, `NEVER`, `IF_SUPPORTED`
 }
 ```
 
-### `required applications` (yaml) | `requiredApplications` (json)
+### `requiredApplications`
 
 Application requirements have their own GraphQL schema:
 

diff --git a/practices/policy.yaml b/practices/policy.yaml
@@ -1,4 +1,4 @@
-os version:
+osVersion:
   darwin:
     # High Sierra
     ok: ">=10.13.6"
@@ -16,7 +16,7 @@ os version:
     ok: ">=18.4.0"
     nudge: ">=18.0.2"
 firewall: ALWAYS
-disk encryption: ALWAYS
-automatic updates: ALWAYS
-screen lock: IF_SUPPORTED
-remote login: NEVER
+diskEncryption: ALWAYS
+automaticUpdates: ALWAYS
+screenLock: IF_SUPPORTED
+remoteLogin: NEVER
diff --git a/sources/macmodels.js b/sources/macmodels.js
diff --git a/src/App.js b/src/App.js
@@ -7,15 +7,15 @@ import openSocket from 'socket.io-client'
 import moment from 'moment'
 import prettyBytes from './lib/prettyBytes'
 import classNames from 'classnames'
-import getBadge from './lib/getBadge'
 import { HOST } from './constants'
+import { MAC, WIN } from './lib/platform'
 import appConfig from './config.json'
 import ErrorMessage from './ErrorMessage'
 import './App.css'
 
 const socket = openSocket(HOST)
 
-let platform = 'darwin'
+let platform = MAC
 let shell, ipcRenderer, log, remote
 // CRA doesn't like importing native node modules, have to use window.require AFAICT
 try {
@@ -163,11 +163,7 @@ class App extends Component {
     }
 
     if (policy.validate.status !== 'PASS') {
-      const violations = Object.keys(newState.result).filter(k => newState.result[k] === 'FAIL')
-      const violationCount = violations.length > 1 ? violations.length - 1 : 1
-      ipcRenderer.send('scan:violation', getBadge(violationCount), violationCount)
-    } else {
-      ipcRenderer.send('scan:violation', getBadge(0), 0)
+      // perform action on scan violation
     }
 
     this.setState(newState, () => {

diff --git a/src/__tests__/policy-server.js b/src/__tests__/policy-server.js
@@ -1,6 +1,7 @@
 /* global it, expect, describe */
 import chai from 'chai'
 import chaiHttp from 'chai-http'
+import { MAC, WIN } from '../lib/platform'
 import startGraphQLServer from '../../server'
 
 process.env.NODE_ENV = 'test'
@@ -143,11 +144,11 @@ describe('GraphQL', () => {
       'policy': {
         'stethoscopeVersion': '>=1.0.4',
         'osVersion': {
-          'darwin': {
+          [MAC]: {
             'ok': '>=10.13.4',
             'nudge': '>=10.12.6'
           },
-          'win32': {
+          [WIN]: {
             'ok': '>=10.0.16299',
             'nudge': '>=10.0.15063'
           }

diff --git a/src/lib/getBadge.js b/src/lib/getBadge.js
diff --git a/src/lib/platform.js b/src/lib/platform.js
@@ -0,0 +1,20 @@
+const MAC = 'darwin'
+const WIN = 'win32'
+const LINUX = 'linux'
+const UBUNTU = 'ubuntu'
+
+const IS_MAC = process.platform === MAC
+const IS_WIN = process.platform === WIN
+const IS_LINUX = [LINUX, UBUNTU].includes(process.platform)
+const IS_UBUNTU = process.platform === UBUNTU
+
+module.exports = {
+  IS_MAC,
+  IS_WIN,
+  IS_LINUX,
+  IS_UBUNTU,
+  MAC,
+  WIN,
+  LINUX,
+  UBUNTU
+}
diff --git a/src/lib/protocolHandlers.js b/src/lib/protocolHandlers.js
@@ -3,6 +3,7 @@ const os = require('os')
 const log = require('./logger')
 const applescript = require('./applescript')
 const { shell } = require('electron')
+const { MAC, WIN } = require('./platform')
 const env = process.env.NODE_ENV || 'production'
 
 module.exports = function initProtocols (mainWindow) {
@@ -16,10 +17,10 @@ module.exports = function initProtocols (mainWindow) {
   protocol.registerHttpProtocol('prefs', (request, cb) => {
     const pref = decodeURIComponent(request.url.replace('prefs://', ''))
     switch (os.platform()) {
-      case 'darwin':
+      case MAC:
         applescript.openPreferences(pref)
         break
-      case 'win32':
+      case WIN:
         powershell.openPreferences(pref)
         break
       default:

diff --git a/src/lib/softwareUpdate.js b/src/lib/softwareUpdate.js
@@ -1,4 +1,5 @@
 const { spawn } = require('child_process')
+const { MAC, WIN } = require('./platform')
 const ps = require('./powershell')
 
 const darwinUpdates = async function () {
@@ -27,10 +28,10 @@ const windowsUpdates = async function () {
 module.exports = async function softwareUpdate (platform) {
   let update = false
   switch (platform) {
-    case 'darwin':
+    case MAC:
       update = await darwinUpdates()
       break
-    case 'win32':
+    case WIN:
       update = await windowsUpdates()
   }
   return update

diff --git a/src/start.js b/src/start.js
@@ -12,6 +12,7 @@ const findIcon = require('./lib/findIcon')(env)
 const startGraphQLServer = require('../server')
 const OSQuery = require('../sources/osquery')
 const IS_DEV = env === 'development'
+const { IS_MAC, IS_WIN, IS_LINUX } = require('./lib/platform')
 
 const disableAutomaticScanning = settings.get('disableAutomaticScanning')
 
@@ -80,9 +81,7 @@ function createWindow () {
       }
     }
 
-    if (process.platform === 'win32') {
-      deeplinkingUrl = commandLine.slice(1)
-    }
+    if (IS_WIN) deeplinkingUrl = commandLine.slice(1)
 
     if (String(deeplinkingUrl).indexOf('update') > -1) {
       updater.checkForUpdates(env, mainWindow, log).catch(err => {
@@ -95,29 +94,15 @@ function createWindow () {
     return app.quit()
   }
 
-  // if (settings.get('showInDock') !== true) {
-  //   switch (process.platform) {
-  //     case 'darwin':
-  //       app.dock.hide()
-  //       break
-  //     default:
-  //       windowPrefs.skipTaskbar = true
-  //       break
-  //   }
-  // } else {
-  //   app.dock.show()
-  // }
-
-  if (!IS_DEV) setTimeout(() => app.dock && app.dock.hide(), 0)
-
-  if (process.platform === 'win32') {
-    deeplinkingUrl = process.argv.slice(1)
-  }
-
+  // wait for process to load before hiding in dock, prevents the app
+  // from flashing into view and then hiding
+  if (!IS_DEV && IS_MAC) setTimeout(() => app.dock.hide(), 0)
+  // windows detection of deep link path
+  if (IS_WIN) deeplinkingUrl = process.argv.slice(1)
   // only allow resize if debugging production build
-  if (env === 'production' && !enableDebugger) {
-    windowPrefs.resizable = false
-  }
+  if (!IS_DEV && !enableDebugger) windowPrefs.resizable = false
+  // open developer console if env vars or args request
+  if (enableDebugger || DEBUG_MODE) mainWindow.webContents.openDevTools()
 
   mainWindow = new BrowserWindow(windowPrefs)
   updater = require('./updater')(env, mainWindow, log)
@@ -132,17 +117,13 @@ function createWindow () {
   tray = new Tray(statusImages.PASS)
   tray.on('click', focusOrCreateWindow)
 
-  if (enableDebugger || DEBUG_MODE) {
-    mainWindow.webContents.openDevTools()
-  }
-
   let contextMenu = initMenu(mainWindow, app, focusOrCreateWindow, updater, log)
   tray.on('right-click', () => tray.popUpContextMenu(contextMenu))
 
   if (!starting) {
     log.info('Starting osquery')
+    // these methods allow express to update app state
     const appHooksForServer = {
-      // allow express to update app state
       setScanStatus (status = 'PASS') {
         if (status in statusImages) {
           next = statusImages[status]
@@ -157,9 +138,10 @@ function createWindow () {
     }
     // ensure that this process doesn't start multiple times
     starting = true
-    // kill any remaining osquery processes
+
     OSQuery.start().then(() => {
       log.info('osquery started')
+      // used to select the appropriate instructions file
       const [ language ] = app.getLocale().split('-')
       // start GraphQL server, close the app if 37370 is already in use
       server = startGraphQLServer(env, log, language, appHooksForServer, OSQuery)
@@ -172,9 +154,8 @@ function createWindow () {
         }
       })
 
-      if (!mainWindow) {
-        mainWindow = new BrowserWindow(windowPrefs)
-      }
+      if (!mainWindow) mainWindow = new BrowserWindow(windowPrefs)
+
       mainWindow.loadURL(BASE_URL)
       mainWindow.focus()
     }).catch(err => {
@@ -183,24 +164,20 @@ function createWindow () {
     })
   }
 
-  ipcMain.on('contextmenu', event =>
-    contextMenu.popup({ window: mainWindow })
-  )
+  // add right-click menu to app
+  ipcMain.on('contextmenu', event => contextMenu.popup({ window: mainWindow }))
 
   // adjust window height when download begins and ends
-  ipcMain.on('download:start', (event, arg) =>
-    mainWindow.setSize(windowPrefs.width, 110, true)
-  )
+  ipcMain.on('download:start', () => mainWindow.setSize(windowPrefs.width, 110, true))
 
+  // holds the setTimeout handle
   let rescanTimeout
   const { rescanIntervalSeconds = MINIMUM_AUTOSCAN_INTERVAL_SECONDS } = config
-  // used to schedule rescan, minimum delay is 5 minutes
+  // ensure minimum delay is 5 minutes
+  const scanSeconds = Math.max(MINIMUM_AUTOSCAN_INTERVAL_SECONDS, rescanIntervalSeconds)
   const rescanDelay = rescanIntervalSeconds * 1000
 
   ipcMain.on('scan:init', event => {
-    //app.setBadgeCount(0)
-    mainWindow && mainWindow.setOverlayIcon(null, 'No policy violations')
-
     if (!disableAutomaticScanning) {
       // schedule next automatic scan
       clearTimeout(rescanTimeout)
@@ -210,21 +187,14 @@ function createWindow () {
     }
   })
 
-  ipcMain.on('scan:violation', (event, badgeURI, violationCount) => {
-    if (process.platform === 'darwin') {
-      //app.setBadgeCount(violationCount)
-    } else {
-      const img = nativeImage.createFromDataURL(badgeURI)
-      mainWindow.setOverlayIcon(img, `${violationCount} policy violations`)
-    }
-  })
-
+  // restore main window after update is downloaded (if arg = { resize: true })
   ipcMain.on('download:complete', (event, arg) => {
     if (arg && arg.resize) {
       mainWindow.setSize(windowPrefs.width, windowPrefs.height, true)
     }
   })
 
+  // wait for app to finish loading before attempting auto update from deep link (stethoscope://update)
   ipcMain.on('app:loaded', () => {
     if (String(deeplinkingUrl).indexOf('update') > -1) {
       updater.checkForUpdates(env, mainWindow).then(err => {
@@ -279,9 +249,9 @@ app.on('before-quit', () => {
 })
 
 app.on('window-all-closed', () => {
-  if (process.platform !== 'darwin') {
-    app.quit()
-  }
+  // NOTE: this is removed so that closing the main window collapses
+  // the app back down to the tray/menubar rather than quitting
+  // if (!IS_MAC) app.quit()
 })
 
 app.on('open-url', (event, url) => {