add white/blocklist info to events page

upvote/gae/modules/upvote_app/frontend/admin_ui/components/events/events.js

@@ -16,11 +16,13 @@ goog.provide('upvote.admin.events.module');
 goog.require('upvote.admin.events.EventQueryResource');
 goog.require('upvote.admin.events.EventResource');
 goog.require('upvote.admin.events.uvEventCard');
+goog.require('upvote.admin.settings.SettingsService');
 
 
 /** @type {!angular.Module} */
 upvote.admin.events.module =
     angular.module('upvote.admin.events', ['ngResource'])
         .factory('eventResource', upvote.admin.events.EventResource)
         .factory('eventQueryResource', upvote.admin.events.EventQueryResource)
+        .service('settingsService', upvote.admin.settings.SettingsService)
         .directive('uvEventCard', upvote.admin.events.uvEventCard);

upvote/gae/modules/upvote_app/frontend/admin_ui/eventpage/eventpage-controller.js

@@ -22,22 +22,36 @@ goog.scope(() => {
 const ModelController = upvote.admin.lib.controllers.ModelController;
 
 
+upvote.admin.eventpage.Settings = class {
+  constructor() {
+    /** @export {string} */
+    this.santaDirectoryWhitelistRegex = "";
+    /** @export {string} */
+    this.santaDirectoryBlacklistRegex = "";
+  }
+};
+
+
 /** Event model controller. */
 upvote.admin.eventpage.EventController = class extends ModelController {
   /**
    * @param {!angular.Resource} eventResource
    * @param {!angular.Resource} eventQueryResource
+   * @param {!upvote.admin.settings.SettingsService} settingsService
    * @param {!angular.$routeParams} $routeParams
    * @param {!angular.Scope} $scope
    * @param {!angular.$location} $location
    * @param {!upvote.shared.Page} page Details about the active webpage
    * @ngInject
    */
   constructor(
-      eventResource, eventQueryResource, $routeParams, $scope, $location,
+      eventResource, eventQueryResource, settingsService, $routeParams, $scope, $location,
       page) {
     super(eventResource, eventQueryResource, $routeParams, $scope, $location);
 
+    /** @private {!upvote.admin.settings.SettingsService} */
+    this.settingsService_ = settingsService;
+
     /** @export {string} */
     this.hostId = this.location.search()['hostId'];
     /** @export {string} */
@@ -47,8 +61,18 @@ upvote.admin.eventpage.EventController = class extends ModelController {
     this.requestData['hostId'] = this.hostId;
     this.requestData['withContext'] = true;
 
+    /** @export {!upvote.admin.eventpage.Settings} */
+    this.settings = new upvote.admin.eventpage.Settings();
+
     page.title = this.pageTitle;
 
+    // Get the settings we need (FBN TODO: use settings controller directly?)
+    for (let settingName of Object.keys(this.settings)) {
+      this.settingsService_.get(settingName).then((result) => {
+        this.settings[settingName] = result['data'];
+      });
+    }
+
     // Initialize the controller.
     this.init();
   }
@@ -58,8 +82,9 @@ upvote.admin.eventpage.EventController = class extends ModelController {
    * @export
    */
   goToBlockable() {
-    goog.dom.safe.openInWindow('/admin/blockables/' + this.card.blockableId);
+    // FBN
     //this.location.path('/admin/blockables/' + this.card.blockableId).search({});
+    goog.dom.safe.openInWindow('/admin/blockables/' + this.card.blockableId);
   }
 
   /**

upvote/gae/modules/upvote_app/frontend/admin_ui/eventpage/events.html

@@ -81,7 +81,7 @@
           <uv-listing-cell>{{item.event.recordedDt | date:'medium'}}</uv-listing-cell>
           <uv-listing-cell>{{item.event.eventType}}</uv-listing-cell>
           <uv-listing-cell>
-              <uv-state-chip state="item.blockable.state" vote="item.vote" cert="item.cert" is-pending="item.isPending"></uv-state-chip>
+              <uv-state-chip state="item.blockable.state" vote="item.vote" cert="item.cert" event="item.event" host="item.host" settings="eventCtrl.settings" is-pending="item.isPending"></uv-state-chip>
           </uv-listing-cell>
           <uv-listing-cell>{{item.event.executingUser}}</uv-listing-cell>
           <uv-listing-cell>{{item.event.filePath}}</uv-listing-cell>

upvote/gae/modules/upvote_app/frontend/web_ui/components/statechip/statechip-constants.js

@@ -37,6 +37,8 @@ StateDisplayMap[UiState['FLAGGED']] = 'Flagged';
 StateDisplayMap[UiState['BANNED']] = 'Banned';
 StateDisplayMap[UiState['CERT_BANNED']] = 'Banned Publisher';
 StateDisplayMap[UiState['CERT_WHITELISTED']] = 'Whitelisted Publisher';
+StateDisplayMap[UiState['REGEX_BANNED']] = 'Banned File Path';
+StateDisplayMap[UiState['REGEX_WHITELISTED']] = 'Whitelisted File Path';
 
 
 /**
@@ -53,4 +55,6 @@ StateClassMap[UiState['FLAGGED']] = 'flagged';
 StateClassMap[UiState['BANNED']] = 'banned';
 StateClassMap[UiState['CERT_BANNED']] = 'banned';
 StateClassMap[UiState['CERT_WHITELISTED']] = 'whitelisted';
+StateClassMap[UiState['REGEX_BANNED']] = 'banned';
+StateClassMap[UiState['REGEX_WHITELISTED']] = 'whitelisted';
 });  // goog.scope

upvote/gae/modules/upvote_app/frontend/web_ui/components/statechip/statechip-directive.js

@@ -23,7 +23,7 @@ goog.require('upvote.app.constants');
 upvote.statechip.StateChip = () => {
   return {
     'restrict': 'E',
-    'scope': {'state': '=', 'vote': '=', 'cert': '=', 'isPending': '='},
+    'scope': {'state': '=', 'vote': '=', 'cert': '=', 'event': '=', 'host': '=', 'settings': '=', 'isPending': '='},
     'templateUrl': upvote.app.constants.STATIC_URL_PREFIX +
         'components/statechip/statechip.html',
   };

upvote/gae/modules/upvote_app/frontend/web_ui/components/statechip/statechip-filter.js

@@ -31,9 +31,12 @@ const UiState = upvote.shared.constants.UiBlockableState;
  * @param {upvote.shared.constants.BlockableState} blockableState
  * @param {?upvote.shared.models.Vote} vote
  * @param {?upvote.shared.models.SantaCertificate} cert
+ * @param {?upvote.shared.models.SantaEvent} event
+ * @param {?upvote.shared.models.SantaHost} host
+ * @param {upvote.admin.eventpage.Settings} settings
  * @return {?upvote.shared.constants.UiBlockableState}
  */
-upvote.statechip.ToUiState = function(blockableState, vote, cert) {
+upvote.statechip.ToUiState = function(blockableState, vote, cert, event, host, settings) {
   // If the binary has blockable-specific rules associated with it, display the
   // binary's state at the highest priority.
   switch (blockableState) {
@@ -61,6 +64,32 @@ upvote.statechip.ToUiState = function(blockableState, vote, cert) {
         return UiState['CERT_BANNED'];
     }
   }
+
+  // If there's no certificate, or no certificate rules, see if there are any
+  // host or global regex rules
+  // TODO: can we just use javascript match?
+  if(!!event && !!event['filePath']) {  // only have a path if we have an event
+    // if this matches the host's blacklist
+    if(!!host && !!host['directoryBlacklistRegex'] && event['filePath'].match(host['directoryBlacklistRegex'])) {
+      return UiState['REGEX_BANNED'];
+    }
+
+    // if this matches the global blacklist
+    if(!!settings && !!settings['santaDirectoryBlacklistRegex'] && event['filePath'].match(settings['santaDirectoryBlacklistRegex'])) {
+      return UiState['REGEX_BANNED'];
+    }
+
+    // if there are no blacklists, check to see if there are any whitelists
+    if(!!host && !!host['directoryWhitelistRegex'] && event['filePath'].match(host['directoryWhitelistRegex'])) {
+      return UiState['REGEX_WHITELISTED'];
+    }
+
+    // if this matches the global blacklist
+    if(!!settings && !!settings['santaDirectoryWhitelistRegex'] && event['filePath'].match(settings['santaDirectoryWhitelistRegex'])) {
+      return UiState['REGEX_WHITELISTED'];
+    }
+  }
+
   // If the binary has neither blockable-specific nor cert-specific rules,
   // display the binary's state.
   switch (blockableState) {

upvote/gae/modules/upvote_app/frontend/web_ui/components/statechip/statechip.html

@@ -1 +1 @@
-<uv-static-state-chip ui-state="state | toUiState: vote:cert" is-pending="isPending"></uv-static-state-chip>
+<uv-static-state-chip ui-state="state | toUiState: vote:cert:event:host:settings" is-pending="isPending"></uv-static-state-chip>

upvote/gae/modules/upvote_app/frontend/web_ui/shared/constants.js

@@ -48,6 +48,8 @@ upvote.shared.constants.UiBlockableState = {
   'BANNED': 'BANNED',
   'CERT_WHITELISTED': 'CERT_WHITELISTED',
   'CERT_BANNED': 'CERT_BANNED',
+  'REGEX_BANNED': 'REGEX_BANNED',
+  'REGEX_WHITELISTED': 'REGEX_WHITELISTED'
 };
 
 

upvote/gae/shared/common/settings.py

@@ -52,7 +52,7 @@
 # from which executions will be allowed.
 # NOTE: This regex must be written in ICU format. Docs can be found here:
 # https://developer.apple.com/documentation/foundation/nsregularexpression
-SANTA_DIRECTORY_WHITELIST_REGEX = "^/usr/local/Homebrew/.*"
+SANTA_DIRECTORY_WHITELIST_REGEX = "^/usr/local/Homebrew/.*|^/usr/local/Cellar/.*"
 # If provided, a regex string that matches execution paths (read: not files)
 # from which executions will be blocked.
 # NOTE: This regex must be written in ICU format. Docs can be found here: