v1-prerelease

xfhg · xfhg · commit b84f0f996389 · 2024-09-12T16:35:12.000+08:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,8 +2,32 @@
 
 All notable changes to this project will be documented in this file.
 
+<br><br>
 
-## Unreleased - feature/loadremote
+## EXPERIMENTAL FEATURE - feature/targetid
+
+**Commit**: [e95c0ed](https://github.com/xfhg/intercept/commit/e95c0ed)
+
+**Branch** [feature/loadremote](https://github.com/xfhg/intercept/tree/feature/targetid)
+
+**Summary**: Fingerprint hosts for reporting --experimental
+
+### Breaking 
+- Properties on Final SARIF report key names corrected to kebab case.
+
+### Added
+- Added Global hostData & hostFingerprint
+- Added "host-data" & "host-fingerprint" to Final SARIF Report
+
+### Changed
+- Properties on Final SARIF report key names corrected to kebab case.
+
+### Removed
+- None
+
+<br><br><br><br>
+
+## FEATURE - feature/loadremote
 
 **Commit**: [e95c0ed](https://github.com/xfhg/intercept/commit/e95c0ed)
 
diff --git a/cmd/policy.go b/cmd/policy.go
@@ -26,6 +26,12 @@ type Config struct {
 		ReportSchedule string   `yaml:"report_schedule"`
 	} `yaml:"Flags"`
 	Metadata struct {
+		HostOS          string `yaml:"host_os,omitempty"`
+		HostMAC         string `yaml:"host_mac,omitempty"`
+		HostARCH        string `yaml:"host_arch,omitempty"`
+		HostNAME        string `yaml:"host_name,omitempty"`
+		HostFingerprint string `yaml:"host_fingerprint,omitempty"`
+		HostInfo        string `yaml:"host_info,omitempty"`
 		MsgExitClean    string `yaml:"MsgExitClean"`
 		MsgExitWarning  string `yaml:"MsgExitWarning"`
 		MsgExitCritical string `yaml:"MsgExitCritical"`
diff --git a/cmd/root.go b/cmd/root.go
@@ -20,6 +20,9 @@ var (
 	silentMode       bool
 	nologMode        bool
 
+	hostData        string
+	hostFingerprint string
+
 	buildVersion   string
 	buildSignature string
 
@@ -94,8 +97,30 @@ func setupLogging() {
 	log = zerolog.New(output).With().Timestamp().Logger()
 
 	if experimentalMode {
+
+		// ----------------------------------------------
+		// ---------------------------------------------- EXPERIMENTAL log caller debug
+		// ----------------------------------------------
+
 		log = zerolog.New(output).With().Timestamp().Logger().With().Caller().Logger()
 		// log = zerolog.New(output).With().Timestamp().Logger().With().Str("id", intercept_run_id).Logger()
+
+		// ----------------------------------------------
+		// ---------------------------------------------- EXPERIMENTAL feature/targetid
+		// ----------------------------------------------
+
+		hostInfo, err := GetHostInfo()
+		if err != nil {
+			log.Error().Msgf("Error gathering host info: %v\n", err)
+		}
+
+		hostData, hostFingerprint, err := FingerprintHost(hostInfo)
+		if err != nil {
+			log.Error().Msgf("Error generating fingerprint: %v\n", err)
+		}
+		log.Info().Msgf("Host Data: %s", hostData)
+		log.Info().Msgf("Host Fingerprint: %s", hostFingerprint)
+
 	}
 	if silentMode {
 
diff --git a/cmd/sarif.go b/cmd/sarif.go
@@ -545,13 +545,15 @@ func MergeSARIFReports(commandLine string, perf Performance, isScheduled bool) (
 						ExecutionSuccessful: true,
 						CommandLine:         commandLine,
 						Properties: map[string]string{
-							"run_id":            intercept_run_id,
-							"start_time":        perf.StartTime.Format(time.RFC3339),
-							"end_time":          perf.EndTime.Format(time.RFC3339),
-							"execution_time_ms": fmt.Sprintf("%d", perf.Delta.Milliseconds()),
+							"run-id":            intercept_run_id,
+							"start-time":        perf.StartTime.Format(time.RFC3339),
+							"end-time":          perf.EndTime.Format(time.RFC3339),
+							"execution-time-ms": fmt.Sprintf("%d", perf.Delta.Milliseconds()),
 							"environment":       environment,
 							"debug":             fmt.Sprintf("%v", debugOutput),
 							"report-timestamp":  timestamp,
+							"host-data":         hostData,
+							"host-fingerprint":  hostFingerprint,
 						},
 					},
 				},
diff --git a/cmd/watch.go b/cmd/watch.go
@@ -1,13 +1,27 @@
 package cmd
 
 import (
+	"crypto/sha256"
+	"encoding/hex"
 	"fmt"
+	"net"
+	"os"
+	"runtime"
+	"strings"
 	"time"
 
 	"github.com/fsnotify/fsnotify"
 	"github.com/segmentio/ksuid"
 )
 
+type HostInfo struct {
+	Hostname     string
+	OS           string
+	Architecture string
+	IPs          []string
+	MAC          string
+}
+
 func watchPaths(paths ...string) {
 	if len(paths) < 1 {
 		log.Fatal().Msg("must specify at least one path to watch")
@@ -95,3 +109,72 @@ func processEvent(e fsnotify.Event) {
 		log.Error().Msgf("Policy not found in cache, watcher event [%s] didn't trigger policy process for: %s", e.Op.String(), e.Name)
 	}
 }
+
+func GetHostInfo() (*HostInfo, error) {
+	hostInfo := &HostInfo{}
+
+	// Get hostname
+	hostname, err := os.Hostname()
+	if err != nil {
+		return nil, fmt.Errorf("failed to get hostname: %v", err)
+	}
+	hostInfo.Hostname = hostname
+
+	// Get OS and architecture
+	hostInfo.OS = runtime.GOOS
+	hostInfo.Architecture = runtime.GOARCH
+
+	// Get IPs and MAC addresses
+	interfaces, err := net.Interfaces()
+	if err != nil {
+		return nil, fmt.Errorf("failed to get network interfaces: %v", err)
+	}
+
+	for _, iface := range interfaces {
+		if iface.Flags&net.FlagUp == 0 {
+			continue // ignore interfaces that are down
+		}
+
+		addrs, err := iface.Addrs()
+		if err != nil {
+			return nil, fmt.Errorf("failed to get addresses for interface %v: %v", iface.Name, err)
+		}
+
+		for _, addr := range addrs {
+			ip, _, err := net.ParseCIDR(addr.String())
+			if err != nil {
+				return nil, fmt.Errorf("failed to parse IP address %v: %v", addr.String(), err)
+			}
+
+			if ip.IsLoopback() {
+				continue // ignore loopback addresses
+			}
+
+			hostInfo.IPs = append(hostInfo.IPs, ip.String())
+		}
+		// main MAC
+		if iface.Flags&net.FlagUp != 0 && iface.HardwareAddr.String() != "" {
+			hostInfo.MAC = iface.HardwareAddr.String()
+		}
+
+	}
+
+	return hostInfo, nil
+}
+
+// FingerprintHost generates a fingerprint for the host using its identifiable information
+func FingerprintHost(hostInfo *HostInfo) (string, string, error) {
+	data := strings.Join([]string{
+		hostInfo.MAC,
+		hostInfo.OS,
+		hostInfo.Architecture,
+		hostInfo.Hostname,
+	}, "|")
+	hash := sha256.New()
+	_, err := hash.Write([]byte(data))
+	if err != nil {
+		return "", "", fmt.Errorf("failed to generate hash: %v", err)
+	}
+	fingerprint := hex.EncodeToString(hash.Sum(nil))
+	return data, fingerprint, nil
+}
