Clean up logic, remove extra regex, increase validation, and beef up …

…malformed test

ee/tables/execparsers/socketfilterfw/parser.go

@@ -4,12 +4,10 @@ import (
 	"bufio"
 	"io"
 	"regexp"
-	"strconv"
 	"strings"
 )
 
 var lineRegex = regexp.MustCompile("(state|block|built-in|downloaded|stealth|log mode|log option)(?:.*\\s)([0-9a-z]+)")
-var disabledStateRegex = regexp.MustCompile("(0|off|disabled)")
 
 // socketfilterfw returns lines for each `get` argument supplied.
 // The output data is in the same order as the supplied arguments.
@@ -30,8 +28,6 @@ func socketfilterfwParse(reader io.Reader) (any, error) {
 		}
 
 		var key string
-		value := sanitizeState(matches[2])
-
 		switch matches[1] {
 		case "state":
 			key = "global_state_enabled"
@@ -47,14 +43,15 @@ func socketfilterfwParse(reader io.Reader) (any, error) {
 			key = "logging_enabled"
 		case "log option":
 			key = "logging_option"
-			// The logging option value differs from the booleans.
-			// Can be one of `throttled`, `brief`, or `detail`.
-			value = matches[2]
 		default:
 			continue
 		}
 
-		row[key] = value
+		// Don't allow overwrites.
+		_, ok := row[key]
+		if !ok {
+			row[key] = sanitizeState(matches[2])
+		}
 	}
 
 	// There should only be one row of data for application firewall,
@@ -68,10 +65,20 @@ func socketfilterfwParse(reader io.Reader) (any, error) {
 
 // sanitizeState takes in a state like string and returns
 // the correct boolean to create a consistent state value.
-//
-// When the "block all" firewall option is enabled, it doesn't
-// include a state like string, which is why we search for
-// a disabled state, and return the reversed value of that match.
 func sanitizeState(state string) string {
-	return strconv.FormatBool(!disabledStateRegex.MatchString(state))
+	switch state {
+	case "0", "off", "disabled":
+		return "0"
+	// When the "block all" firewall option is enabled, it doesn't
+	// include a state like string, which is why we match on
+	// the string value of "connections" for that mode.
+	case "1", "on", "enabled", "connections":
+		return "1"
+	case "throttled", "brief", "detail":
+		// The "logging option" value differs from the booleans.
+		// Can be one of `throttled`, `brief`, or `detail`.
+		return state
+	default:
+		return ""
+	}
 }

ee/tables/execparsers/socketfilterfw/parser_test.go

@@ -30,17 +30,17 @@ func TestParse(t *testing.T) {
 			input: empty,
 		},
 		{
-			name:     "data",
-			input:    data,
+			name:  "data",
+			input: data,
 			expected: []map[string]string{
 				{
-				"global_state_enabled": "true",
-				"block_all_enabled": "false",
-				"allow_built-in_signed_enabled": "true",
-				"allow_downloaded_signed_enabled": "true",
-				"stealth_enabled": "false",
-				"logging_enabled": "true",
-				"logging_option": "throttled",
+					"global_state_enabled":            "1",
+					"block_all_enabled":               "0",
+					"allow_built-in_signed_enabled":   "1",
+					"allow_downloaded_signed_enabled": "1",
+					"stealth_enabled":                 "0",
+					"logging_enabled":                 "1",
+					"logging_option":                  "throttled",
 				},
 			},
 		},
@@ -49,13 +49,13 @@ func TestParse(t *testing.T) {
 			input: malformed,
 			expected: []map[string]string{
 				{
-				"global_state_enabled": "false",
-				"block_all_enabled": "true",
-				"allow_built-in_signed_enabled": "false",
-				"allow_downloaded_signed_enabled": "true",
-				"stealth_enabled": "false",
-				"logging_enabled": "true",
-				"logging_option": "throttled",
+					"global_state_enabled":            "0",
+					"block_all_enabled":               "1",
+					"allow_built-in_signed_enabled":   "0",
+					"allow_downloaded_signed_enabled": "1",
+					"stealth_enabled":                 "0",
+					"logging_enabled":                 "1",
+					"logging_option":                  "throttled",
 				},
 			},
 		},

ee/tables/execparsers/socketfilterfw/test-data/malformed.txt

@@ -3,7 +3,13 @@ Firewall is blocking all non-essential incoming connections.x^CFS.
 %#UO
 Automatically allow built-in signed software DISABLED.
 
-
+Total number of apps = 6
+replicatord (state: 1)
+Pop Helper.app (state: 1)
+Google Chrome (state: 1)
+rtadvd (state: 1)
+com.docker.backend (state: 1)
+sshd-keygen-wrapper (state: 1)
 
 Automatically allow downloaded signed software ENABLED.
 Firewall stealth mode is off