santad: Log quarantine URL if one exists.

Fixes google#34
kyoshisuki · Mar 10, 2016 · e9ec9a7 · e9ec9a7
1 parent 6834507
commit e9ec9a7
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 0 deletions.
diff --git a/Source/santad/SNTCachedDecision.h b/Source/santad/SNTCachedDecision.h
@@ -25,6 +25,7 @@
 @property NSString *sha256;
 @property NSString *certSHA256;
 @property NSString *certCommonName;
+@property NSString *quarantineURL;
 
 @property NSString *customMsg;
 @property BOOL silentBlock;

diff --git a/Source/santad/SNTEventLog.m b/Source/santad/SNTEventLog.m
@@ -155,6 +155,11 @@ - (void)logExecution:(santa_message_t)message withDecision:(SNTCachedDecision *)
                  cd.certSHA256, [self sanitizeString:cd.certCommonName]];
   }
 
+  if (cd.quarantineURL) {
+    outLog = [outLog stringByAppendingFormat:@"|quarantine_url=%@",
+                 [self sanitizeString:cd.quarantineURL]];
+  }
+
   NSString *user, *group;
   struct passwd *pw = getpwuid(message.uid);
   if (pw) user = @(pw->pw_name);

diff --git a/Source/santad/SNTExecutionController.m b/Source/santad/SNTExecutionController.m
@@ -130,6 +130,7 @@ - (void)validateBinaryWithMessage:(santa_message_t)message {
   cd.certCommonName = csInfo.leafCertificate.commonName;
   cd.certSHA256 = csInfo.leafCertificate.SHA256;
   cd.vnodeId = message.vnode_id;
+  cd.quarantineURL = binInfo.quarantineDataURL;
   cd.decision = [self makeDecision:cd binaryInfo:binInfo];
 
   // Save decision details for logging the execution later.