username updates and cleanup #17
Conversation
artifacts/TCC.swift
Outdated
| @@ -16,7 +16,11 @@ class TCC: ArtifactsModule { | |||
| } | |||
|
|
|||
| func getTCC() { | |||
| let fileURL = try! filemanager.url(for: .applicationSupportDirectory, in: .userDomainMask, appropriateFor: nil, create: false).appendingPathComponent("com.apple.TCC/TCC.db") | |||
| let username = getUsersOnSystem() | |||
| let local_name = username[0].username | |||
There was a problem hiding this comment.
I think this is going back to the approach of only focusing on one user on the system right? Don't you want to do this more like you did with ShellHistoryAndProfiles where you're checking each users personal directory to see if these files exist? That way we account for every artifact for each user on the system
There was a problem hiding this comment.
This would look for whatever user is logged in, running the aftermath application. My thought was we probably wouldn't be scanning all profiles on said system, but that does make sense. I'll make the fix.
There was a problem hiding this comment.
Pushed an update to fix this
| let newFileName = "\(user.username)_\(filename)" | ||
| self.copyFileToCase(fileToCopy: path, toLocation: self.profilesDir, newFileName: newFileName) | ||
| } | ||
| } else { continue } |
There was a problem hiding this comment.
Are these continue's performing any additional function that I don't know about?
There was a problem hiding this comment.
they break that current iteration of the for loop
artifacts/TCC.swift
Outdated
| for user in getBasicUsersOnSystem() { | ||
|
|
||
| var fileURL: URL | ||
| if filemanager.fileExists(atPath: "\(user.homedir)/Library/Application Support/com.apple.TCC/TCC.db") { |
There was a problem hiding this comment.
To keep this cleaner
let tcc_path = "\(user.homedir)/Library/Application Support/com.apple.TCC/TCC.db"
if filemanager.fileExists(atPath: tcc_path) {...
aftermath/Module.swift
Outdated
| @@ -6,6 +6,7 @@ | |||
| // | |||
|
|
|||
| import Foundation | |||
| import CoreData | |||
artifacts/TCC.swift
Outdated
| authValue = String(describing: item) | ||
| while sqlite3_step(queryStatement) == SQLITE_ROW { | ||
| let col1 = sqlite3_column_text(queryStatement, 0) | ||
| if col1 != nil{ |
There was a problem hiding this comment.
I think you can clean all of these up by using
if let col1 = col1 {
client = String(cString: col1)
}
This is the more standard way to do it in swift that way you're not force unwrapping with client = String(cString: col1!)
If you would prefer to do all of this in a separate PR that's fine. I know you have a lot of sql statements
added slack to personal info disable
No description provided.