From 93bf787b7242eb81d0bee88a2c3d714816e80975 Mon Sep 17 00:00:00 2001
From: h0x0er <jatink843@protonmail.com>
Date: Wed, 3 Apr 2024 12:14:56 +0530
Subject: [PATCH] handleFileEvent: removed source-code-extension check

Signed-off-by: h0x0er <jatink843@protonmail.com>
---
 eventhandler.go | 51 +++++++++++++++++++------------------------------
 1 file changed, 20 insertions(+), 31 deletions(-)

diff --git a/eventhandler.go b/eventhandler.go
index 85bb864..01c015d 100644
--- a/eventhandler.go
+++ b/eventhandler.go
@@ -60,31 +60,29 @@ func (eventHandler *EventHandler) handleFileEvent(event *Event) {
 	// Uncomment to log file writes (only uncomment in INT env)
 	// WriteLog(fmt.Sprintf("file write %s, syscall %s", event.FileName, event.Syscall))
 
-	if isSourceCodeFile(event.FileName) {
-		_, found := eventHandler.SourceCodeMap[event.FileName]
-		if !found {
-			eventHandler.SourceCodeMap[event.FileName] = append(eventHandler.SourceCodeMap[event.FileName], event)
-		}
-		if found {
-			isFromDifferentProcess := false
-			for _, writeEvent := range eventHandler.SourceCodeMap[event.FileName] {
-				if writeEvent.Pid != event.Pid {
-					isFromDifferentProcess = true
-				}
+	_, found := eventHandler.SourceCodeMap[event.FileName]
+	if !found {
+		eventHandler.SourceCodeMap[event.FileName] = append(eventHandler.SourceCodeMap[event.FileName], event)
+	}
+	if found {
+		isFromDifferentProcess := false
+		for _, writeEvent := range eventHandler.SourceCodeMap[event.FileName] {
+			if writeEvent.Pid != event.Pid {
+				isFromDifferentProcess = true
 			}
+		}
 
-			if isFromDifferentProcess {
-				eventHandler.SourceCodeMap[event.FileName] = append(eventHandler.SourceCodeMap[event.FileName], event)
-				counter, found := eventHandler.FileOverwriteCounterMap[event.Exe]
-				if !found || counter < 3 {
-					checksum, err := getProgramChecksum(event.Exe)
-					if err == nil {
-						WriteLog(fmt.Sprintf("[Source code overwritten] file: %s syscall: %s by exe: %s [%s] Timestamp: %s", event.FileName, event.Syscall, event.Exe, checksum, event.Timestamp.Format("2006-01-02T15:04:05.999999999Z")))
-						// WriteAnnotation(fmt.Sprintf("StepSecurity Harden Runner: Source code overwritten file: %s syscall: %s by exe: %s", event.FileName, event.Syscall, event.Exe))
-					}
-
-					eventHandler.FileOverwriteCounterMap[event.Exe]++
+		if isFromDifferentProcess {
+			eventHandler.SourceCodeMap[event.FileName] = append(eventHandler.SourceCodeMap[event.FileName], event)
+			counter, found := eventHandler.FileOverwriteCounterMap[event.Exe]
+			if !found || counter < 3 {
+				checksum, err := getProgramChecksum(event.Exe)
+				if err == nil {
+					WriteLog(fmt.Sprintf("[Source code overwritten] file: %s syscall: %s by exe: %s [%s] Timestamp: %s", event.FileName, event.Syscall, event.Exe, checksum, event.Timestamp.Format("2006-01-02T15:04:05.999999999Z")))
+					// WriteAnnotation(fmt.Sprintf("StepSecurity Harden Runner: Source code overwritten file: %s syscall: %s by exe: %s", event.FileName, event.Syscall, event.Exe))
 				}
+
+				eventHandler.FileOverwriteCounterMap[event.Exe]++
 			}
 		}
 	}
@@ -92,15 +90,6 @@ func (eventHandler *EventHandler) handleFileEvent(event *Event) {
 	eventHandler.fileMutex.Unlock()
 }
 
-func isSourceCodeFile(fileName string) bool {
-	// If it has an extension or might be a Dockerfile
-	if strings.Contains(fileName, ".") || strings.Contains(fileName, "Dockerfile") {
-		return true
-	}
-
-	return false
-}
-
 func (eventHandler *EventHandler) handleProcessEvent(event *Event) {
 	eventHandler.procMutex.Lock()