checks

Documentation

Overview

Package checks implements different security/privacy checks

Exported function(s): PasswordManager, WindowsDefender, LastPasswordChange, LoginMethod, Permission, Bluetooth, OpenPorts, WindowsOutdated, SecureBoot, SmbCheck, Startup, GuestAccount, UACCheck, RemoteDesktopCheck, ExternalDevices, NetworkSharing

Index

• Constants
• func CheckKey(key mocking.RegistryKey, elem string) string
• func CloseRegistryKey(key mocking.RegistryKey)
• func CurrentUsername() (string, error)
• func FindEntries(entries []string, key mocking.RegistryKey) []string
• func OpenRegistryKey(k mocking.RegistryKey, path string) (mocking.RegistryKey, error)
• type Check
  • func NewCheckError(id int, err error) Check
  • func NewCheckErrorf(id int, message string, err error) Check
  • func NewCheckResult(issID int, resID int, result ...string) Check

Constants

const (
	BluetoothID int = iota + 1
	ExternalDevicesID
	GuestAccountID
	NetworkProfileTypeID
	PasswordManagerID
	LocationID
	MicrophoneID
	WebcamID
	AppointmentsID
	ContactsID
	PortsID
	RemoteDesktopID
	SmbID
	UacID
	WindowsDefenderID
	LastPasswordChangeID
	LoginMethodID
	WindowsOutdatedID
	SecureBootID
	StartupID
	ExtensionChromiumID
	ExtensionEdgeID
	HistoryChromiumID
	HistoryEdgeID
	SearchChromiumID
	SearchEdgeID
	CookiesFirefoxID
	ExtensionFirefoxID
	AdblockFirefoxID
	SearchFirefoxID
	HistoryFirefoxID
	CISRegistrySettingsID
)

This is a list of all the Result IDs for the checks that are performed. It starts at 1 and then iterates up.

Functions

func CheckKey

func CheckKey(key mocking.RegistryKey, elem string) string

CheckKey retrieves the value of a specified element within a given registry key.

Parameters:

• key: A RegistryKey object representing the registry key to be checked.
• elem: A string representing the name of the element whose value is to be retrieved.

Returns:

• A string representing the value of the specified element within the registry key. If the element does not exist or an error occurs while retrieving its value, the function returns "-1".

Note: This function is designed to handle the retrieval of values from the registry. It encapsulates the process of accessing the registry and retrieving a value, providing a simplified interface for this operation.

func CloseRegistryKey

func CloseRegistryKey(key mocking.RegistryKey)

CloseRegistryKey is a function that closes a specified registry key and logs any associated errors.

Parameter:

• key: A RegistryKey object representing the registry key to be closed.

Returns: None. If an error occurs while closing the registry key, the error is logged and not returned.

Note: This function is designed to handle errors that may occur when closing a registry key. If an error occurs, it is logged with additional context, allowing for easier debugging and error tracking.

func CurrentUsername

func CurrentUsername() (string, error)

CurrentUsername retrieves the username of the currently logged-in user in a Windows environment.

This function uses the os/user package to access the current user's information. It then parses the Username field to extract the actual username, discarding the domain if present.

Returns:

• string: The username of the currently logged-in user. If the username cannot be retrieved, an empty string is returned.
• error: An error object that wraps any error that occurs during the retrieval of the username. If the username is retrieved successfully, it returns nil.

func FindEntries

func FindEntries(entries []string, key mocking.RegistryKey) []string

FindEntries scans a specified registry key for a list of entries and returns the values of those entries.

Parameters:

• entries: A slice of strings representing the names of the entries to be checked within the registry key.
• key: A RegistryKey object representing the registry key to be scanned.

Returns:

• A slice of strings containing the values of the specified entries within the registry key. Only entries that are enabled on startup are included. This is determined by checking the binary values of the entries; entries with a binary value of 0 at indices 4, 5, and 6 are considered enabled.

Note: This function is designed to handle the retrieval of startup-related programs from the registry. It filters out disabled programs to provide a list of only the enabled ones.

func OpenRegistryKey

func OpenRegistryKey(k mocking.RegistryKey, path string) (mocking.RegistryKey, error)

OpenRegistryKey is a function that opens a specified registry key and handles any associated errors.

Parameters:

• k: A RegistryKey object representing the base registry key from which the specified path will be opened.
• path: A string representing the path to the registry key to be opened, relative to the base registry key.

Returns:

• A RegistryKey object representing the opened registry key.
• An error object that encapsulates any error that occurred while trying to open the registry key. If no error occurred, this will be nil.

Note: This function is designed to handle errors that may occur when opening a registry key, such as the key not existing. If an error occurs, it will be wrapped with additional context and returned, allowing the caller to handle it appropriately.

Types

type Check

type Check struct {
	IssueID  int      `json:"issue_id"`
	ResultID int      `json:"result_id"`
	Result   []string `json:"result,omitempty"`
	Error    error    `json:"-"` // Don't serialize error field to JSON
	ErrorMSG string   `json:"error,omitempty"`
}

Check is a struct that encapsulates the outcome of a security or privacy check.

Fields:

• IssueID (int): A unique identifier for the issue. This value is used to distinguish between different checks.
• ResultID (int): A unique identifier for the result. This value is used to distinguish between different results of a check.
• Result ([]string): The outcome of the check. This could be a list of strings representing various results.
• Error (error): An error object that captures any error that occurred during the check. This is not serialized directly to JSON.
• ErrorMSG (string): A string representation of the error. This is included because the error datatype cannot be directly serialized to JSON.

The Check struct can be instantiated using the following functions:

• NewCheckResult: Creates a new Check instance with only a result.
• NewCheckError: Creates a new Check instance with an error and its string representation.
• NewCheckErrorf: Creates a new Check instance with a formatted error message and its error object.

This struct is primarily used to standardize the return type across various security and privacy checks in the application.

func NewCheckError

func NewCheckError(id int, err error) Check

NewCheckError is a constructor function that creates and returns a new instance of the Check struct. It sets the ID, Error, and ErrorMSG fields of the Check struct, leaving the Result field as its zero value.

Parameters:

• id (int): A unique identifier for the check. This value is assigned to the ID field of the Check struct.
• err (error): An error object that captures any error that occurred during the check. This value is assigned to the Error field of the Check struct, and its string representation is assigned to the ErrorMSG field.

Returns:

• Check: A new instance of the Check struct with the ID, Error, and ErrorMSG fields set to the provided values, and the Result field set to its zero value.

This function is primarily used when a security or privacy check encounters an error and needs to return a Check instance that encapsulates this error.

func NewCheckErrorf

func NewCheckErrorf(id int, message string, err error) Check

NewCheckErrorf is a constructor function that creates and returns a new instance of the Check struct. It sets the ID, Error, and ErrorMSG fields of the Check struct, leaving the Result field as its zero value.

Parameters:

• id (int): A unique identifier for the check. This value is assigned to the ID field of the Check struct.
• message (string): A base error message that provides context about the error. This is used to create a formatted error message.
• err (error): An error object that captures any error that occurred during the check. This is used to create a formatted error message, which is assigned to the ErrorMSG field.

Returns:

• Check: A new instance of the Check struct with the ID, Error, and ErrorMSG fields set to the provided values, and the Result field set to its zero value.

This function is primarily used when a security or privacy check encounters an error and needs to return a Check instance that encapsulates this error. The formatted error message provides additional context about the error, which can be helpful for debugging and understanding the nature of the error.

func NewCheckResult

func NewCheckResult(issID int, resID int, result ...string) Check

NewCheckResult is a constructor function that creates and returns a new instance of the Check struct. It sets the IssueID, ResultID, and Result fields of the Check struct, leaving the Error and ErrorMSG fields as their zero values.

Parameters:

• issID (int): A unique identifier for the issue. This value is assigned to the IssueID field of the Check struct.
• resID (int): A unique identifier for the result. This value is assigned to the ResultID field of the Check struct.
• result ([]string): The outcome of the check. This could be a list of strings representing various results. This value is assigned to the Result field of the Check struct.

Returns:

• Check: A new instance of the Check struct with the IssueID, ResultID, and Result fields set to the provided values, and the Error and ErrorMSG fields set to their zero values.

This function is primarily used when a security or privacy check completes successfully and returns a result without any errors.