diff --git a/Source/common/SNTConfigurator.h b/Source/common/SNTConfigurator.h index dedca3cd..a822984e 100644 --- a/Source/common/SNTConfigurator.h +++ b/Source/common/SNTConfigurator.h @@ -74,7 +74,7 @@ /// The return of this property is a dictionary where the keys are the /// identifiers of each rule, with the SNTRule as a value /// -@property(readonly, nonatomic) NSDictionary *staticRules; +@property(nullable, readonly, nonatomic) NSDictionary *staticRules; /// /// The regex of allowed paths. Regexes are specified in ICU format. @@ -83,12 +83,12 @@ /// pointless as a path only ever has a single line. /// If the regex doesn't begin with ^ to match from the beginning of the line, it will be added. /// -@property(readonly, nonatomic) NSRegularExpression *allowedPathRegex; +@property(nullable, readonly, nonatomic) NSRegularExpression *allowedPathRegex; /// /// Set the regex of allowed paths as received from a sync server. /// -- (void)setSyncServerAllowedPathRegex:(NSRegularExpression *)re; +- (void)setSyncServerAllowedPathRegex:(nonnull NSRegularExpression *)re; /// /// The regex of blocked paths. Regexes are specified in ICU format. @@ -97,12 +97,12 @@ /// pointless as a path only ever has a single line. /// If the regex doesn't begin with ^ to match from the beginning of the line, it will be added. /// -@property(readonly, nonatomic) NSRegularExpression *blockedPathRegex; +@property(nullable, readonly, nonatomic) NSRegularExpression *blockedPathRegex; /// /// Set the regex of blocked paths as received from a sync server. /// -- (void)setSyncServerBlockedPathRegex:(NSRegularExpression *)re; +- (void)setSyncServerBlockedPathRegex:(nonnull NSRegularExpression *)re; /// /// The regex of paths to log file changes for. Regexes are specified in ICU format. @@ -111,7 +111,7 @@ /// pointless as a path only ever has a single line. /// If the regex doesn't begin with ^ to match from the beginning of the line, it will be added. /// -@property(readonly, nonatomic) NSRegularExpression *fileChangesRegex; +@property(nullable, readonly, nonatomic) NSRegularExpression *fileChangesRegex; /// /// A list of ignore prefixes which are checked in-kernel. @@ -162,7 +162,7 @@ /// Filters are only applied on santad startup. /// TODO(bur): Support add / remove of filters while santad is running. /// -@property(readonly, nonatomic) NSArray *fileChangesPrefixFilters; +@property(nullable, readonly, nonatomic) NSArray *fileChangesPrefixFilters; /// /// Enable __PAGEZERO protection, defaults to YES @@ -200,7 +200,7 @@ /// converted to the SNTEventLogType enum. If the key is not set, the default log /// type is returned. /// -@property(readonly, nonatomic) NSString *eventLogTypeRaw; +@property(nonnull, readonly, nonatomic) NSString *eventLogTypeRaw; /// /// If eventLogType is set to Filelog, eventLogPath will provide the path to save logs. @@ -208,7 +208,7 @@ /// /// @note: This property is KVO compliant, but should only be read once at santad startup. /// -@property(readonly, nonatomic) NSString *eventLogPath; +@property(nonnull, readonly, nonatomic) NSString *eventLogPath; /// /// If eventLogType is set to protobuf, spoolDirectory will provide the base path used for @@ -217,7 +217,7 @@ /// /// @note: This property is KVO compliant, but should only be read once at santad startup. /// -@property(readonly, nonatomic) NSString *spoolDirectory; +@property(nonnull, readonly, nonatomic) NSString *spoolDirectory; /// /// If eventLogType is set to protobuf, spoolDirectoryFileSizeThresholdKB sets the per-file size @@ -253,7 +253,7 @@ /// fileAccessPolicy is set. /// @note: This property is KVO compliant. /// -@property(readonly, nonatomic) NSDictionary *fileAccessPolicy; +@property(nullable, readonly, nonatomic) NSDictionary *fileAccessPolicy; /// /// If set, contains the path to the filesystem access policy config plist. @@ -261,7 +261,7 @@ /// @note: This property will be ignored if fileAccessPolicy is set. /// @note: This property is KVO compliant. /// -@property(readonly, nonatomic) NSString *fileAccessPolicyPlist; +@property(nullable, readonly, nonatomic) NSString *fileAccessPolicyPlist; /// /// This is the message shown to the user when access to a file is blocked @@ -271,7 +271,7 @@ /// /// @note: This property is KVO compliant. /// -@property(readonly, nonatomic) NSString *fileAccessBlockMessage; +@property(nullable, readonly, nonatomic) NSString *fileAccessBlockMessage; /// /// If fileAccessPolicyPlist is set, fileAccessPolicyUpdateIntervalSec @@ -314,13 +314,13 @@ /// The text to display when opening Santa.app. /// If unset, the default text will be displayed. /// -@property(readonly, nonatomic) NSString *aboutText; +@property(nullable, readonly, nonatomic) NSString *aboutText; /// /// The URL to open when the user clicks "More Info..." when opening Santa.app. /// If unset, the button will not be displayed. /// -@property(readonly, nonatomic) NSURL *moreInfoURL; +@property(nullable, readonly, nonatomic) NSURL *moreInfoURL; /// /// When the user gets a block notification, a button can be displayed which will @@ -340,56 +340,56 @@ /// /// If this item isn't set, the Open Event button will not be displayed. /// -@property(readonly, nonatomic) NSString *eventDetailURL; +@property(nullable, readonly, nonatomic) NSString *eventDetailURL; /// /// Related to the above property, this string represents the text to show on the button. /// -@property(readonly, nonatomic) NSString *eventDetailText; +@property(nullable, readonly, nonatomic) NSString *eventDetailText; /// /// This string represents the text to show on the "Dismiss" button in the UI instead of "Dismiss". /// -@property(readonly, nonatomic) NSString *dismissText; +@property(nullable, readonly, nonatomic) NSString *dismissText; /// /// In lockdown mode this is the message shown to the user when an unknown binary /// is blocked. If this message is not configured, a reasonable default is provided. /// -@property(readonly, nonatomic) NSString *unknownBlockMessage; +@property(nullable, readonly, nonatomic) NSString *unknownBlockMessage; /// /// This is the message shown to the user when a binary is blocked because of a rule, /// if that rule doesn't provide a custom message. If this is not configured, a reasonable /// default is provided. /// -@property(readonly, nonatomic) NSString *bannedBlockMessage; +@property(nullable, readonly, nonatomic) NSString *bannedBlockMessage; /// /// This is the message shown to the user when a USB storage device's mount is denied /// from the BlockUSB configuration setting. If not configured, a reasonable /// default is provided. /// -@property(readonly, nonatomic) NSString *bannedUSBBlockMessage; +@property(nullable, readonly, nonatomic) NSString *bannedUSBBlockMessage; /// /// This is the message shown to the user when a USB storage device's mount is forcibly /// remounted to a different set of permissions from the BlockUSB and RemountUSBMode /// configuration settings. If not configured, a reasonable default is provided. /// -@property(readonly, nonatomic) NSString *remountUSBBlockMessage; +@property(nullable, readonly, nonatomic) NSString *remountUSBBlockMessage; /// /// The notification text to display when the client goes into MONITOR mode. /// Defaults to "Switching into Monitor mode" /// -@property(readonly, nonatomic) NSString *modeNotificationMonitor; +@property(nullable, readonly, nonatomic) NSString *modeNotificationMonitor; /// /// The notification text to display when the client goes into LOCKDOWN mode. /// Defaults to "Switching into Lockdown mode" /// -@property(readonly, nonatomic) NSString *modeNotificationLockdown; +@property(nullable, readonly, nonatomic) NSString *modeNotificationLockdown; /// /// If this is set to true, the UI will use different fonts on April 1st, May 4th and October 31st. @@ -401,7 +401,7 @@ /// /// The base URL of the sync server. /// -@property(readonly, nonatomic) NSURL *syncBaseURL; +@property(nullable, readonly, nonatomic) NSURL *syncBaseURL; /// /// If enabled, syncing will use binary protobufs for transfer instead @@ -415,7 +415,7 @@ /// are loosely documented at /// https://developer.apple.com/documentation/cfnetwork/global-proxy-settings-constants. /// -@property(readonly, nonatomic) NSDictionary *syncProxyConfig; +@property(nullable, readonly, nonatomic) NSDictionary *syncProxyConfig; /// /// Extra headers to include in all requests made during syncing. @@ -436,22 +436,22 @@ /// are able to use a different header for this that would be safest but if not /// using Authorization /should/ be fine. /// -@property(readonly, nonatomic) NSDictionary *syncExtraHeaders; +@property(nullable, readonly, nonatomic) NSDictionary *syncExtraHeaders; /// /// The machine owner. /// -@property(readonly, nonatomic) NSString *machineOwner; +@property(nullable, readonly, nonatomic) NSString *machineOwner; /// /// The last date of a successful full sync. /// -@property(nonatomic) NSDate *fullSyncLastSuccess; +@property(nullable, nonatomic) NSDate *fullSyncLastSuccess; /// /// The last date of a successful rule sync. /// -@property(nonatomic) NSDate *ruleSyncLastSuccess; +@property(nullable, nonatomic) NSDate *ruleSyncLastSuccess; /// /// Type of sync required (e.g. normal, clean, etc.). @@ -469,7 +469,7 @@ /// Comma-separated `$ mount -o` arguments used for forced remounting of USB devices. Default /// to fully allow/deny without remounting if unset. /// -@property(nonatomic) NSArray *remountUSBMode; +@property(nullable, nonatomic) NSArray *remountUSBMode; /// /// If set, defines the action that should be taken on existing USB mounts when @@ -502,12 +502,12 @@ /// /// Set the action that will override file access policy config action /// -- (void)setSyncServerOverrideFileAccessAction:(NSString *)action; +- (void)setSyncServerOverrideFileAccessAction:(nonnull NSString *)action; /// /// If set, this over-rides the default machine ID used for syncing. /// -@property(readonly, nonatomic) NSString *machineID; +@property(nullable, readonly, nonatomic) NSString *machineID; /// /// If YES, enables bundle detection for blocked events. This property is not stored on disk. @@ -530,36 +530,36 @@ /// If set, this is valid PEM containing one or more certificates to be used to evaluate the /// server's SSL chain, overriding the list of trusted CAs distributed with the OS. /// -@property(readonly, nonatomic) NSData *syncServerAuthRootsData; +@property(nullable, readonly, nonatomic) NSData *syncServerAuthRootsData; /// /// This property is the same as the above but is a file on disk containing the PEM data. /// -@property(readonly, nonatomic) NSString *syncServerAuthRootsFile; +@property(nullable, readonly, nonatomic) NSString *syncServerAuthRootsFile; #pragma mark Client Auth Settings /// /// If set, this contains the location of a PKCS#12 certificate to be used for sync authentication. /// -@property(readonly, nonatomic) NSString *syncClientAuthCertificateFile; +@property(nullable, readonly, nonatomic) NSString *syncClientAuthCertificateFile; /// /// Contains the password for the pkcs#12 certificate. /// -@property(readonly, nonatomic) NSString *syncClientAuthCertificatePassword; +@property(nullable, readonly, nonatomic) NSString *syncClientAuthCertificatePassword; /// /// If set, this is the Common Name of a certificate in the System keychain to be used for /// sync authentication. The corresponding private key must also be in the keychain. /// -@property(readonly, nonatomic) NSString *syncClientAuthCertificateCn; +@property(nullable, readonly, nonatomic) NSString *syncClientAuthCertificateCn; /// /// If set, this is the Issuer Name of a certificate in the System keychain to be used for /// sync authentication. The corresponding private key must also be in the keychain. /// -@property(readonly, nonatomic) NSString *syncClientAuthCertificateIssuer; +@property(nullable, readonly, nonatomic) NSString *syncClientAuthCertificateIssuer; /// /// If true, syncs will upload events when a clean sync is requested. Defaults to false. @@ -612,17 +612,17 @@ /// /// Contains the FCM project name. /// -@property(readonly, nonatomic) NSString *fcmProject; +@property(nullable, readonly, nonatomic) NSString *fcmProject; /// /// Contains the FCM project entity. /// -@property(readonly, nonatomic) NSString *fcmEntity; +@property(nullable, readonly, nonatomic) NSString *fcmEntity; /// /// Contains the FCM project API key. /// -@property(readonly, nonatomic) NSString *fcmAPIKey; +@property(nullable, readonly, nonatomic) NSString *fcmAPIKey; /// /// True if fcmProject, fcmEntity and fcmAPIKey are all set. Defaults to false. @@ -642,12 +642,12 @@ /// /// URL describing where metrics are exported, defaults to nil. /// -@property(readonly, nonatomic) NSURL *metricURL; +@property(nullable, readonly, nonatomic) NSURL *metricURL; /// /// Extra Metric Labels to add to the metrics payloads. /// -@property(readonly, nonatomic) NSDictionary *extraMetricLabels; +@property(nullable, readonly, nonatomic) NSDictionary *extraMetricLabels; /// /// Duration in seconds of how often the metrics should be exported. @@ -663,30 +663,30 @@ /// List of prefix strings for which individual entitlement keys with a matching /// prefix should not be logged. /// -@property(readonly, nonatomic) NSArray *entitlementsPrefixFilter; +@property(nullable, readonly, nonatomic) NSArray *entitlementsPrefixFilter; /// /// List of TeamIDs for which entitlements should not be logged. Use the string /// "platform" to refer to platform binaries. /// -@property(readonly, nonatomic) NSArray *entitlementsTeamIDFilter; +@property(nullable, readonly, nonatomic) NSArray *entitlementsTeamIDFilter; /// /// List of enabled process annotations. /// This property is not KVO compliant. /// -@property(readonly, nonatomic) NSArray *enabledProcessAnnotations; +@property(nullable, readonly, nonatomic) NSArray *enabledProcessAnnotations; /// /// Retrieve an initialized singleton configurator object using the default file path. /// -+ (instancetype)configurator NS_SWIFT_NAME(configurator()); ++ (nonnull instancetype)configurator NS_SWIFT_NAME(configurator()); /// /// Replace the shared configurator with a custom one using a static config. /// #ifdef DEBUG -+ (void)overrideConfig:(NSDictionary *)config; ++ (void)overrideConfig:(nonnull NSDictionary *)config; #endif /// diff --git a/Source/gui/SNTAboutWindowView.swift b/Source/gui/SNTAboutWindowView.swift index 0e5f6bdf..8b862b83 100644 --- a/Source/gui/SNTAboutWindowView.swift +++ b/Source/gui/SNTAboutWindowView.swift @@ -12,7 +12,7 @@ import santa_common_SNTConfigurator struct SNTAboutWindowView: View { let w: NSWindow? - let c = SNTConfigurator.configurator()! + let c = SNTConfigurator.configurator() var body: some View { VStack(spacing: 20.0) { diff --git a/Source/gui/SNTBinaryMessageWindowView.swift b/Source/gui/SNTBinaryMessageWindowView.swift index 495e6123..15bdfa7b 100644 --- a/Source/gui/SNTBinaryMessageWindowView.swift +++ b/Source/gui/SNTBinaryMessageWindowView.swift @@ -258,7 +258,7 @@ struct SNTBinaryMessageWindowView: View { @State public var preventFutureNotifications = false @State public var preventFutureNotificationPeriod: TimeInterval = NotificationSilencePeriods[0] - let c = SNTConfigurator.configurator()! + let c = SNTConfigurator.configurator() var body: some View { SNTMessageView( @@ -285,7 +285,7 @@ struct SNTBinaryMessageWindowView: View { } HStack(spacing: 15.0) { - if c.eventDetailURL?.count ?? 0 > 0 + if !(c.eventDetailURL?.isEmpty ?? false) && !(event?.needsBundleHash ?? false && !bundleProgress.isFinished) { OpenEventButton(customText: c.eventDetailText, action: openButton)