From 06db5bc83de548fd89d0798c95d909f42aa8696e Mon Sep 17 00:00:00 2001 From: trevor-shoe Date: Thu, 30 Jan 2025 12:54:08 -0500 Subject: [PATCH] [Windows] Add max partitions It would be bad if we allowed unreasonable amounts of partitions --- internal/collector/sysinfo/sysinfo_windows.go | 6 + .../collector/sysinfo/sysinfo_windows_test.go | 62 +++ .../golden/malicious_disk_information | 426 ++++++++++++++++++ 3 files changed, 494 insertions(+) create mode 100644 internal/collector/sysinfo/testdata/TestCollectWindows/golden/malicious_disk_information diff --git a/internal/collector/sysinfo/sysinfo_windows.go b/internal/collector/sysinfo/sysinfo_windows.go index bdb2513..8d83ed7 100644 --- a/internal/collector/sysinfo/sysinfo_windows.go +++ b/internal/collector/sysinfo/sysinfo_windows.go @@ -213,6 +213,8 @@ func (s Manager) collectBlocks() (blks []diskInfo, err error) { return nil, err } + const maxPartitions = 128 + blks = make([]diskInfo, 0, len(disks)) for _, d := range disks { parts, err := strconv.Atoi(d["Partitions"]) @@ -224,6 +226,10 @@ func (s Manager) collectBlocks() (blks []diskInfo, err error) { s.opts.log.Warn("disk partitions was negative", "value", parts) parts = 0 } + if parts > maxPartitions { + s.opts.log.Warn("disk partitions too large", "value", parts) + parts = maxPartitions + } c := diskInfo{ Name: d["Name"], diff --git a/internal/collector/sysinfo/sysinfo_windows_test.go b/internal/collector/sysinfo/sysinfo_windows_test.go index a2e8a33..c0a32a2 100644 --- a/internal/collector/sysinfo/sysinfo_windows_test.go +++ b/internal/collector/sysinfo/sysinfo_windows_test.go @@ -231,6 +231,20 @@ func TestCollectWindows(t *testing.T) { }, }, + "Malicious disk information": { + productInfo: "regular", + cpuInfo: "regular", + gpuInfo: "regular", + memoryInfo: "regular", + diskInfo: "malicious", + partitionInfo: "regular", + screenInfo: "regular", + + logs: map[slog.Level]uint{ + slog.LevelWarn: 3, + }, + }, + "Missing partition information": { productInfo: "regular", cpuInfo: "regular", @@ -772,6 +786,53 @@ SCSIPort : 1 SCSITargetId : 0 SerialNumber : DEAD_BEEF_D34D_B33F_DEAD_B33F_D34D_BEEF. Signature :`) + case "malicious": + fmt.Println(` + +Partitions : 999999999999 +BytesPerSector : 512 +Index : 0 +SectorsPerTrack : 63 +Size : 2000396321280 +TotalCylinders : 243201 +TotalHeads : 255 +TotalSectors : 3907024065 +TotalTracks : 62016255 +TracksPerCylinder : 255 +Caption : WD Green SN350 2TB +Description : Disk drive +Name : \\.\PHYSICALDRIVE0 +Model : WD Green SN350 2TB + +Partitions : -1 +BytesPerSector : 512 +Index : 1 +SectorsPerTrack : 63 +Size : 2000396321280 +TotalCylinders : 243201 +TotalHeads : 255 +TotalSectors : 3907024065 +TotalTracks : 62016255 +TracksPerCylinder : 255 +Caption : WD Green SN350 2TB +Description : Disk drive +Name : \\.\PHYSICALDRIVE0 +Model : WD Green SN350 2TB + +Partitions : one gazillion +BytesPerSector : 512 +Index : 2 +SectorsPerTrack : 63 +Size : 2000396321280 +TotalCylinders : 243201 +TotalHeads : 255 +TotalSectors : 3907024065 +TotalTracks : 62016255 +TracksPerCylinder : 255 +Caption : WD Green SN350 2TB +Description : Disk drive +Name : \\.\PHYSICALDRIVE0 +Model : WD Green SN350 2TB`) case "": fallthrough case "missing": @@ -937,6 +998,7 @@ Type : GPT: Basic Data`) Index : -1 Name : Disk #0, Partition #-1 +DiskIndex : 0 Size : 314572800 Index : alpha diff --git a/internal/collector/sysinfo/testdata/TestCollectWindows/golden/malicious_disk_information b/internal/collector/sysinfo/testdata/TestCollectWindows/golden/malicious_disk_information new file mode 100644 index 0000000..66fee5c --- /dev/null +++ b/internal/collector/sysinfo/testdata/TestCollectWindows/golden/malicious_disk_information @@ -0,0 +1,426 @@ +hardware: + product: + Family: "1582.3" + Model: Star 11 CPP + Vendor: Micro-Star International Co., Ltd. + cpu: + Manufacturer: GenuineIntel + Name: 11th Gen Intel(R) Core(TM) i7-11800H @ 2.30GHz + NumberOfCores: "8" + NumberOfLogicalProcessors: "16" + Sockets: "1" + gpus: + - Driver: nvldumdx.dll + Name: NVIDIA GeForce RTX 3050 Ti Laptop GPU + Vendor: NVIDIA + - Driver: igdumdim0.dll + Name: Intel(R) UHD Graphics + Vendor: Intel Corporation + mem: + MemTotal: 68406489088 + blks: + - name: \\.\PHYSICALDRIVE0 + size: "2000396321280" + partitions: + - name: 'Disk #0, Partition #0' + size: "314572800" + partitions: [] + - name: 'Disk #0, Partition #1' + size: "943718400" + partitions: [] + - name: 'Disk #0, Partition #2' + size: "22153265152" + partitions: [] + - name: 'Disk #0, Partition #3' + size: "1976850972672" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: "" + size: "" + partitions: [] + - name: \\.\PHYSICALDRIVE0 + size: "2000396321280" + partitions: [] + - name: \\.\PHYSICALDRIVE0 + size: "2000396321280" + partitions: [] + screens: + - name: Default Monitor + physicalresolution: "" + size: "" + resolution: 1920x1080 + refreshrate: "" + - name: Generic PnP Monitor + physicalresolution: "" + size: "" + resolution: 1920x1080 + refreshrate: "" +software: {}