From b5f5d2afa04944d1010de0345535e4eb9844fe74 Mon Sep 17 00:00:00 2001
From: Rubiginosa <89671549+Rubiginosa@users.noreply.github.com>
Date: Fri, 30 Aug 2024 18:28:56 -0400
Subject: [PATCH] feat: refactor flatpak audit for readability and
 extensibility (#414)

* refactored flatpak audit to be more extensible

* fixed old typo

* added warning string array for flatpak audit
---
 .../share/ublue-os/just/70-secureblue.just    | 30 ++++++++-----------
 1 file changed, 12 insertions(+), 18 deletions(-)

diff --git a/files/system/usr/share/ublue-os/just/70-secureblue.just b/files/system/usr/share/ublue-os/just/70-secureblue.just
index 9e45432..6437a08 100644
--- a/files/system/usr/share/ublue-os/just/70-secureblue.just
+++ b/files/system/usr/share/ublue-os/just/70-secureblue.just
@@ -559,30 +559,24 @@ audit-secureblue:
             flatpaks+=(["${ref}"]="${ref}//${version}")
         done <<<$(flatpak list | sort -k 1 | cut --fields 2,4)
         for f in ${!flatpaks[@]}; do
-            has_network=false
-            has_x11=false
+            warnings=()
+            status="$STATUS_SUCCESS"
             fullref=${flatpaks["$f"]}
             permissions=$(flatpak info --show-permissions "$fullref")
+
             if hasPermission "$permissions" "shared" "network"; then
-                has_network=true
+                [[ "$status" != "$STATUS_FAILURE" ]] && status="$STATUS_WARNING"
+                warnings+=("> $f has network access!")
             fi
-            if hasPermission "$permissions" "sockets" "x11" && ! hasPermission "$permissions" "sockets" "fallback-x11"  ]]; then
-                has_x11=true
+            if hasPermission "$permissions" "sockets" "x11" && ! hasPermission "$permissions" "sockets" "fallback-x11"; then
+                status="$STATUS_FAILURE"
+                warnings+=("> $f has x11 access!")
             fi
             flatpak_test_string="Auditing $f"
-            if [[ ! $has_network == "true" && ! $has_x11 == "true" ]]; then
-                print_status "$flatpak_test_string" "$STATUS_SUCCESS"
-            elif [[ $has_x11 == "true" ]]; then
-                print_status "$flatpak_test_string" "$STATUS_FAILURE"
-            elif [[ $has_network == "true" ]]; then
-                print_status "$flatpak_test_string" "$STATUS_WARNING"
-            fi
-            if [[ $has_network == "true" ]]; then
-                echo "> $f has network access!"
-            fi
-            if [[ $has_x11 == "true" ]]; then
-                echo "> $f has x11 access!"
-            fi
+            print_status "$flatpak_test_string" "$status"
+            for warning in "${warnings[@]}"; do
+                echo "$warning"
+            done
         done
     fi