LoginItems improvements (#148)

.changes/unreleased/Changed-20240531-232712.yaml

@@ -0,0 +1,3 @@
+kind: Changed
+body: Improvements to the macOS loginitem artifact
+time: 2024-05-31T23:27:12.249644-04:00

.changes/unreleased/Fixed-20240531-232730.yaml

@@ -0,0 +1,3 @@
+kind: Fixed
+body: Path value not getting populated for pcoesses artifact
+time: 2024-05-31T23:27:30.464003-04:00

common/src/applications.rs

@@ -1,5 +1,7 @@
 use serde::Serialize;
 
+use crate::macos::{CreationFlags, TargetFlags, VolumeFlags};
+
 #[derive(Debug, Serialize)]
 pub struct ChromiumDownloads {
  pub downloads: Vec<ChromiumDownload>,
@@ -122,26 +124,26 @@ pub struct SafariDownload {
  pub download_id: String,
  pub download_entry_date: u64,
  pub download_entry_finish: u64,
- pub path: Vec<String>, // Path to binary to run
- pub cnid_path: Vec<i64>, // Path represented as Catalog Node ID
- pub created: i64, // Created timestamp of binary target
- pub volume_path: String, // Root
- pub volume_url: String, // URL type
- pub volume_name: String, // Name of Volume
- pub volume_uuid: String, // Volume UUID string
- pub volume_size: i64, // Size of Volume
- pub volume_created: i64, // Created timestamp of Volume
- pub volume_flag: Vec<u64>,  // Volume Property flags
- pub volume_root: bool, // If Volume is filesystem root
- pub localized_name: String, // Optional localized name of target binary
- pub security_extension_rw: String, // Optional Security extension of target binary
- pub security_extension_ro: String, // Optional Security extension of target binary
- pub target_flags: Vec<u64>,  // Resource property flags
- pub username: String, // Username related to bookmark
- pub folder_index: i64, // Folder index number
- pub uid: i32, // User UID
- pub creation_options: i32,  // Bookmark creation options
- pub is_executable: bool, // Can target be executed
+ pub path: String,  // Path to binary to run
+ pub cnid_path: String,  // Path represented as Catalog Node ID
+ pub created: i64,  // Created timestamp of binary target
+ pub volume_path: String,  // Root
+ pub volume_url: String,  // URL type
+ pub volume_name: String,  // Name of Volume
+ pub volume_uuid: String,  // Volume UUID string
+ pub volume_size: i64,  // Size of Volume
+ pub volume_created: i64,  // Created timestamp of Volume
+ pub volume_flags: Vec<VolumeFlags>, // Volume Property flags
+ pub volume_root: bool,  // If Volume is filesystem root
+ pub localized_name: String,  // Optional localized name of target binary
+ pub security_extension_rw: String,  // Optional Security extension of target binary
+ pub security_extension_ro: String,  // Optional Security extension of target binary
+ pub target_flags: Vec<TargetFlags>, // Resource property flags
+ pub username: String,  // Username related to bookmark
+ pub folder_index: i64,  // Folder index number
+ pub uid: i32,  // User UID
+ pub creation_options: Vec<CreationFlags>, // Bookmark creation options
+ pub is_executable: bool,  // Can target be executed
  pub file_ref_flag: bool,
 }
 

common/src/macos.rs

@@ -1,8 +1,7 @@
-use std::collections::HashMap;
-
 use plist::Dictionary;
 use serde::{Deserialize, Serialize};
 use serde_json::Value;
+use std::collections::HashMap;
 
 #[derive(Debug, Serialize)]
 pub struct OpendirectoryUsers {
@@ -32,9 +31,9 @@ pub struct OpendirectoryGroups {
 #[derive(Debug, Serialize)]
 pub struct BookmarkData {
  /**Path to file to run */
- pub path: Vec<String>,
+ pub path: String,
  /**Path represented as Catalog Node ID */
- pub cnid_path: Vec<i64>,
+ pub cnid_path: String,
  /**Created timestamp of target file in UNIXEPOCH seconds */
  pub created: i64,
  /**Path to the volume of target file */
@@ -50,7 +49,7 @@ pub struct BookmarkData {
  /**Created timestamp of volume in UNIXEPOCH seconds */
  pub volume_created: i64,
  /**Volume Property flags */
- pub volume_flag: Vec<u64>,
+ pub volume_flags: Vec<VolumeFlags>,
  /**Flag if volume if the root filesystem */
  pub volume_root: bool,
  /**Localized name of target file */
@@ -60,21 +59,110 @@ pub struct BookmarkData {
  /**Read-Only security extension of target file */
  pub security_extension_ro: String,
  /**File property flags */
- pub target_flags: Vec<u64>,
+ pub target_flags: Vec<TargetFlags>,
  /**Username associated with `Bookmark` */
  pub username: String,
  /**Folder index number associated with target file */
  pub folder_index: i64,
  /**UID associated with `Bookmark` */
  pub uid: i32,
  /**`Bookmark` creation flags */
- pub creation_options: i32,
+ pub creation_options: Vec<CreationFlags>,
  /**Is target file executable */
  pub is_executable: bool,
  /**Does target file have file reference flag */
  pub file_ref_flag: bool,
 }
 
+#[derive(Debug, Serialize, PartialEq)]
+pub enum TargetFlags {
+ RegularFile,
+ Directory,
+ SymbolicLink,
+ Volume,
+ Package,
+ SystemImmutable,
+ UserImmutable,
+ Hidden,
+ HasHiddenExtension,
+ Application,
+ Compressed,
+ CanSetHiddenExtension,
+ Readable,
+ Writable,
+ Executable,
+ AliasFile,
+ MountTrigger,
+}
+
+#[derive(Debug, Serialize, PartialEq)]
+pub enum CreationFlags {
+ MinimalBookmark,
+ SuitableBookmark,
+ SecurityScope,
+ SecurityScopeAllowOnlyReadAccess,
+ WithoutImplicitSecurityScope,
+ PreferFileIDResolutionMask,
+}
+
+#[derive(Debug, Serialize, PartialEq)]
+pub enum VolumeFlags {
+ Local,
+ Automount,
+ DontBrowse,
+ ReadOnly,
+ Quarantined,
+ Ejectable,
+ Removable,
+ Internal,
+ External,
+ DiskImage,
+ FileVault,
+ LocaliDiskMirror,
+ Ipod,
+ Idisk,
+ Cd,
+ Dvd,
+ DeviceFileSystem,
+ TimeMachine,
+ Airport,
+ VideoDisk,
+ DvdVideo,
+ BdVideo,
+ MobileTimeMachine,
+ NetworkOptical,
+ BeingRepaired,
+ Unmounted,
+ SupportsPersistentIds,
+ SupportsSearchFs,
+ SupportsExchange,
+ SupportsSymbolicLinks,
+ SupportsDenyModes,
+ SupportsCopyFile,
+ SupportsReadDirAttr,
+ SupportsJournaling,
+ SupportsRename,
+ SupportsFastStatFs,
+ SupportsCaseSensitiveNames,
+ SupportsCasePreservedNames,
+ SupportsFlock,
+ SupportsNoRootDirectoryTimes,
+ SupportsExtendedSecurity,
+ Supports2TbFileSize,
+ SupportsHardLinks,
+ SupportsMandatoryByteRangeLocks,
+ SupportsPathFromId,
+ Journaling,
+ SupportsSparseFiles,
+ SupportsZeroRunes,
+ SupportsVolumeSizes,
+ SupportsRemoteEvents,
+ SupportsHiddenFiles,
+ SupportsDecmpFsCompression,
+ Has64BitObjectIds,
+ PropertyFlagsAll,
+}
+
 #[derive(Debug, Serialize)]
 pub struct EmondData {
  pub name: String,
@@ -190,9 +278,9 @@ pub struct LaunchdPlist {
 #[derive(Debug, Serialize)]
 pub struct LoginItemsData {
  /**Path to file to run */
- pub path: Vec<String>,
+ pub path: String,
  /**Path represented as Catalog Node ID */
- pub cnid_path: Vec<i64>,
+ pub cnid_path: String,
  /**Created timestamp of target file in UNIXEPOCH seconds */
  pub created: i64,
  /**Path to the volume of target file */
@@ -208,7 +296,7 @@ pub struct LoginItemsData {
  /**Created timestamp of volume in UNIXEPOCH seconds */
  pub volume_created: i64,
  /**Volume Property flags */
- pub volume_flag: Vec<u64>,
+ pub volume_flags: Vec<VolumeFlags>,
  /**Flag if volume if the root filesystem */
  pub volume_root: bool,
  /**Localized name of target file */
@@ -218,15 +306,15 @@ pub struct LoginItemsData {
  /**Read-Only security extension of target file */
  pub security_extension_ro: String,
  /**File property flags */
- pub target_flags: Vec<u64>,
+ pub target_flags: Vec<TargetFlags>,
  /**Username associated with `Bookmark` */
  pub username: String,
  /**Folder index number associated with target file */
  pub folder_index: i64,
  /**UID associated with `LoginItem` */
  pub uid: i32,
  /**`LoginItem` creation flags */
- pub creation_options: i32,
+ pub creation_options: Vec<CreationFlags>,
  /**Is `LoginItem` bundled in app */
  pub is_bundled: bool,
  /**App ID associated with `LoginItem` */

core/src/artifacts/applications/safari/downloads.rs

@@ -80,7 +80,7 @@ pub(crate) fn downloads_query(path: &str) -> Result<Vec<SafariDownload>, SafariE
  volume_uuid: bookmark.volume_uuid,
  volume_size: bookmark.volume_size,
  volume_created: bookmark.volume_created,
- volume_flag: bookmark.volume_flag,
+ volume_flags: bookmark.volume_flags,
  volume_root: bookmark.volume_root,
  localized_name: bookmark.localized_name,
  security_extension_rw: bookmark.security_extension_rw,
@@ -100,6 +100,8 @@ pub(crate) fn downloads_query(path: &str) -> Result<Vec<SafariDownload>, SafariE
 
 #[cfg(test)]
 mod tests {
+ use common::macos::{CreationFlags, TargetFlags, VolumeFlags};
+
  use super::get_safari_downloads;
  use crate::artifacts::applications::safari::downloads::downloads_query;
  use std::path::PathBuf;
@@ -135,14 +137,9 @@ mod tests {
  assert_eq!(results[0].download_entry_finish, 1656266422);
  assert_eq!(
  results[0].path,
- [
- "Users",
- "puffycid",
- "Downloads",
- "powershell-7.2.5-osx-arm64.pkg"
- ]
+ "/Users/puffycid/Downloads/powershell-7.2.5-osx-arm64.pkg"
  );
- assert_eq!(results[0].cnid_path, [21327, 360459, 360510, 37719400]);
+ assert_eq!(results[0].cnid_path, "/21327/360459/360510/37719400");
  assert_eq!(results[0].volume_path, "/");
  assert_eq!(results[0].created, 1656266417);
  assert_eq!(results[0].volume_url, "file:///");
@@ -152,17 +149,31 @@ mod tests {
  "96FB41C0-6CE9-4DA2-8435-35BC19C735A3"
  );
  assert_eq!(results[0].volume_size, 2000662327296);
- assert_eq!(results[0].volume_flag, [4294967425, 4294972399, 0]);
+ assert_eq!(
+ results[0].volume_flags,
+ vec![
+ VolumeFlags::Local,
+ VolumeFlags::Internal,
+ VolumeFlags::SupportsPersistentIds
+ ]
+ );
  assert_eq!(results[0].volume_created, 1645859107);
  assert_eq!(results[0].volume_root, true);
  assert_eq!(results[0].localized_name, "");
  assert_eq!(results[0].security_extension_ro, "");
  assert_eq!(results[0].security_extension_rw, "");
- assert_eq!(results[0].target_flags, [1, 15, 0]);
+ assert_eq!(results[0].target_flags, vec![TargetFlags::RegularFile]);
  assert_eq!(results[0].username, "puffycid");
  assert_eq!(results[0].folder_index, 2);
  assert_eq!(results[0].uid, 501);
- assert_eq!(results[0].creation_options, 671094784);
+ assert_eq!(
+ results[0].creation_options,
+ vec![
+ CreationFlags::WithoutImplicitSecurityScope,
+ CreationFlags::SecurityScopeAllowOnlyReadAccess,
+ CreationFlags::SecurityScope
+ ]
+ );
  assert_eq!(results[0].is_executable, false);
  assert_eq!(results[0].file_ref_flag, false);
  }