This repository was archived by the owner on Feb 5, 2025. It is now read-only.
This repository was archived by the owner on Feb 5, 2025. It is now read-only.
CDHash serialization issue in fileinfo #1318
Description
There are issues with the CD Hash in the santactl fileinfo command output:
Path : /Applications/Firefox Developer Edition.app/Contents/MacOS/firefox
SHA-256 : e089ce663ef57a9be064f9ad8c49428930ce03083b19d5949460b14a5ce8571e
SHA-1 : b9e82bdb5d90ec039df945d79a61c09a3fab9457
Bundle Name : Firefox Developer Edition
Bundle Version : 12524.4.3
Bundle Version Str : 125.0
Download Timestamp : 2024/04/04 07:02:21 +0200
Team ID : 43AQ936H96
Signing ID : org.mozilla.firefoxdeveloperedition
CDHash : {length = 20, bytes = 0xa71fd6b275762f87ad27f0f8cbe76961025370e3}
Type : Executable (arm64, x86_64)
Code-signed : Yes
Rule : Could not communicate with daemon
It seems that the binary data is passed directly to the text output.
There is also a related hard crash in the json output:
/Applications/Santa.app/Contents/MacOS/santactl fileinfo --json /Applications/1Password.app
[
*** Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: 'Invalid type in JSON write (__NSCFData)'
*** First throw call stack:
(
0 CoreFoundation 0x000000019a872ccc __exceptionPreprocess + 176
1 libobjc.A.dylib 0x000000019a35a788 objc_exception_throw + 60
2 Foundation 0x000000019b9734f4 _writeJSONValue + 788
3 Foundation 0x000000019b973e08 ___writeJSONObject_block_invoke + 388
4 CoreFoundation 0x000000019a7c0904 __NSDICTIONARY_IS_CALLING_OUT_TO_A_BLOCK__ + 24
5 CoreFoundation 0x000000019a7ffcc4 -[__NSDictionaryM enumerateKeysAndObjectsWithOptions:usingBlock:] + 288
6 Foundation 0x000000019b97372c _writeJSONObject + 504
7 Foundation 0x000000019c0f2e68 -[_NSJSONWriter dataWithRootObject:options:] + 88
8 Foundation 0x000000019b9730cc +[NSJSONSerialization dataWithJSONObject:options:error:] + 112
9 santactl 0x000000010044cca8 -[SNTCommandFileInfo jsonStringForDictionary:] + 40
10 santactl 0x000000010044b4c8 -[SNTCommandFileInfo printInfoForFile:] + 3508
11 Foundation 0x000000019b91212c __NSBLOCKOPERATION_IS_CALLING_OUT_TO_A_BLOCK__ + 24
12 Foundation 0x000000019b911fec -[NSBlockOperation main] + 104
13 Foundation 0x000000019b911f7c __NSOPERATION_IS_INVOKING_MAIN__ + 16
14 Foundation 0x000000019b911324 -[NSOperation start] + 648
15 Foundation 0x000000019b911094 __NSOPERATIONQUEUE_IS_STARTING_AN_OPERATION__ + 16
16 Foundation 0x000000019b910f84 __NSOQSchedule_f + 172
17 libdispatch.dylib 0x000000019a57d470 _dispatch_block_async_invoke2 + 148
18 libdispatch.dylib 0x000000019a56e3e8 _dispatch_client_callout + 20
19 libdispatch.dylib 0x000000019a5718ec _dispatch_continuation_pop + 600
20 libdispatch.dylib 0x000000019a570f08 _dispatch_async_redirect_invoke + 584
21 libdispatch.dylib 0x000000019a57fea8 _dispatch_root_queue_drain + 392
22 libdispatch.dylib 0x000000019a5806b8 _dispatch_worker_thread2 + 156
23 libsystem_pthread.dylib 0x000000019a71afd0 _pthread_wqthread + 228
24 libsystem_pthread.dylib 0x000000019a719d28 start_wqthread + 8
)
libc++abi: terminating due to uncaught exception of type NSException
I have just installed Santa 2024.3:
$ santactl version
santad | 2024.3 (build 618894742)
santactl | 2024.3 (build 618894742)
SantaGUI | 2024.3 (build 618894742)
$ systemextensionsctl list
2 extension(s)
--- com.apple.system_extension.endpoint_security
enabled active teamID bundleID (version) name [state]
* * EQHXZ8M8AV com.google.santa.daemon (2024.3/2024.3.618894742) santad [activated enabled]
Also, the daemon is up and running, status and sync are OK, but there is a "Could not communicate with daemon" error in the rule key value, so there may be another issue there.
The events received by the sync server are OK. We get the cdhash key in the payload with a string value.