[backend] Added Agent ID at the implant command level for third-party…

… executors (#2263)
OpenBAS-Platform · Jan 22, 2025 · 4d971d9 · 4d971d9
1 parent f69fcbd
commit 4d971d9
Show file tree

Hide file tree

Showing 4 changed files with 82 additions and 107 deletions.
diff --git a/openbas-api/src/main/java/io/openbas/executors/ExecutorHelper.java b/openbas-api/src/main/java/io/openbas/executors/ExecutorHelper.java
@@ -0,0 +1,32 @@
+package io.openbas.executors;
+
+import io.openbas.database.model.Endpoint.PLATFORM_TYPE;
+
+public class ExecutorHelper {
+
+  public static final String WINDOWS_LOCATION_PATH = "$PWD.Path";
+  public static final String UNIX_LOCATION_PATH = "$(pwd)";
+
+  private ExecutorHelper() {}
+
+  public static String replaceArgs(
+      PLATFORM_TYPE platformType, String command, String injectId, String agentId) {
+    if (platformType == null || command == null || injectId == null || agentId == null) {
+      throw new IllegalArgumentException(
+          "Platform type, command, injectId, and agentId must not be null.");
+    }
+
+    String location =
+        switch (platformType) {
+          case Windows -> WINDOWS_LOCATION_PATH;
+          case Linux, MacOS -> UNIX_LOCATION_PATH;
+          default ->
+              throw new IllegalArgumentException("Unsupported platform type: " + platformType);
+        };
+
+    return command
+        .replace("\"#{location}\"", location)
+        .replace("#{inject}", injectId)
+        .replace("#{agent}", agentId);
+  }
+}
diff --git a/...main/java/io/openbas/executors/crowdstrike/service/CrowdStrikeExecutorContextService.java b/...main/java/io/openbas/executors/crowdstrike/service/CrowdStrikeExecutorContextService.java
@@ -1,5 +1,7 @@
 package io.openbas.executors.crowdstrike.service;
 
+import static io.openbas.executors.ExecutorHelper.replaceArgs;
+
 import io.openbas.database.model.*;
 import io.openbas.executors.crowdstrike.client.CrowdStrikeExecutorClient;
 import io.openbas.executors.crowdstrike.config.CrowdStrikeExecutorConfig;
@@ -43,46 +45,25 @@ public void launchExecutorSubprocess(
     if (platform == null || arch == null) {
       throw new RuntimeException("Unsupported platform: " + platform + " (arch:" + arch + ")");
     }
-    switch (platform) {
-      case Endpoint.PLATFORM_TYPE.Windows -> {
-        String command =
-            injector
-                .getExecutorCommands()
-                .get(Endpoint.PLATFORM_TYPE.Windows.name() + "." + arch.name())
-                .replace("\"#{location}\"", "$PWD.Path")
-                .replace("#{inject}", inject.getId());
-        this.crowdStrikeExecutorClient.executeAction(
-            assetEndpoint.getAgents().getFirst().getExternalReference(),
-            this.crowdStrikeExecutorConfig.getWindowsScriptName(),
-            Base64.getEncoder().encodeToString(command.getBytes()));
-      }
-      case Endpoint.PLATFORM_TYPE.Linux -> {
-        String command =
-            injector
-                .getExecutorCommands()
-                .get(Endpoint.PLATFORM_TYPE.Linux.name() + "." + arch.name())
-                .replace("\"#{location}\"", "$(pwd)")
-                .replace("#{inject}", inject.getId());
-        this.crowdStrikeExecutorClient.executeAction(
-            assetEndpoint.getAgents().getFirst().getExternalReference(),
-            this.crowdStrikeExecutorConfig.getUnixScriptName(),
-            Base64.getEncoder().encodeToString(command.getBytes()));
-      }
-      case Endpoint.PLATFORM_TYPE.MacOS -> {
-        String command =
-            injector
-                .getExecutorCommands()
-                .get(Endpoint.PLATFORM_TYPE.MacOS.name() + "." + arch.name())
-                .replace("\"#{location}\"", "$(pwd)")
-                .replace("#{inject}", inject.getId());
-        this.crowdStrikeExecutorClient.executeAction(
-            assetEndpoint.getAgents().getFirst().getExternalReference(),
-            this.crowdStrikeExecutorConfig.getUnixScriptName(),
-            Base64.getEncoder().encodeToString(command.getBytes()));
-      }
-      default -> throw new RuntimeException("Unsupported platform: " + platform);
-    }
-    ;
+
+    String scriptName =
+        switch (platform) {
+          case Windows -> this.crowdStrikeExecutorConfig.getWindowsScriptName();
+          case Linux, MacOS -> this.crowdStrikeExecutorConfig.getUnixScriptName();
+          default -> throw new RuntimeException("Unsupported platform: " + platform);
+        };
+
+    String executorCommandKey = platform.name() + "." + arch.name();
+    String command = injector.getExecutorCommands().get(executorCommandKey);
+
+    command =
+        replaceArgs(
+            platform, command, inject.getId(), assetEndpoint.getAgents().getFirst().getId());
+
+    this.crowdStrikeExecutorClient.executeAction(
+        assetEndpoint.getAgents().getFirst().getExternalReference(),
+        scriptName,
+        Base64.getEncoder().encodeToString(command.getBytes()));
   }
 
   public void launchExecutorClear(@NotNull final Injector injector, @NotNull final Asset asset) {}

diff --git a/...api/src/main/java/io/openbas/executors/openbas/service/OpenBASExecutorContextService.java b/...api/src/main/java/io/openbas/executors/openbas/service/OpenBASExecutorContextService.java
@@ -1,5 +1,7 @@
 package io.openbas.executors.openbas.service;
 
+import static io.openbas.executors.ExecutorHelper.replaceArgs;
+
 import io.openbas.database.model.*;
 import io.openbas.database.repository.AssetAgentJobRepository;
 import jakarta.validation.constraints.NotNull;
@@ -31,30 +33,14 @@ private String computeCommand(
             .orElseThrow(
                 () -> new UnsupportedOperationException("Inject does not have a contract"));
 
-    switch (platform) {
-      case Endpoint.PLATFORM_TYPE.Windows -> {
-        return injector
-            .getExecutorCommands()
-            .get(Endpoint.PLATFORM_TYPE.Windows.name() + "." + arch.name())
-            .replace("#{inject}", inject.getId())
-            .replace("#{agent}", agentId);
-      }
-      case Endpoint.PLATFORM_TYPE.Linux -> {
-        return injector
-            .getExecutorCommands()
-            .get(Endpoint.PLATFORM_TYPE.Linux.name() + "." + arch.name())
-            .replace("#{inject}", inject.getId())
-            .replace("#{agent}", agentId);
-      }
-      case Endpoint.PLATFORM_TYPE.MacOS -> {
-        return injector
-            .getExecutorCommands()
-            .get(Endpoint.PLATFORM_TYPE.MacOS.name() + "." + arch.name())
-            .replace("#{inject}", inject.getId())
-            .replace("#{agent}", agentId);
+    return switch (platform) {
+      case Windows, Linux, MacOS -> {
+        String executorCommandKey = platform.name() + "." + arch.name();
+        String cmd = injector.getExecutorCommands().get(executorCommandKey);
+        yield replaceArgs(platform, cmd, inject.getId(), agentId);
       }
       default -> throw new RuntimeException("Unsupported platform: " + platform);
-    }
+    };
   }
 
   public void launchExecutorSubprocess(

diff --git a/...s-api/src/main/java/io/openbas/executors/tanium/service/TaniumExecutorContextService.java b/...s-api/src/main/java/io/openbas/executors/tanium/service/TaniumExecutorContextService.java
@@ -1,10 +1,8 @@
 package io.openbas.executors.tanium.service;
 
-import io.openbas.database.model.Asset;
-import io.openbas.database.model.Endpoint;
-import io.openbas.database.model.Inject;
-import io.openbas.database.model.Injector;
-import io.openbas.database.model.InjectorContract;
+import static io.openbas.executors.ExecutorHelper.replaceArgs;
+
+import io.openbas.database.model.*;
 import io.openbas.executors.tanium.client.TaniumExecutorClient;
 import io.openbas.executors.tanium.config.TaniumExecutorConfig;
 import jakarta.validation.constraints.NotNull;
@@ -47,46 +45,24 @@ public void launchExecutorSubprocess(
     if (platform == null || arch == null) {
       throw new RuntimeException("Unsupported platform: " + platform + " (arch:" + arch + ")");
     }
-    switch (platform) {
-      case Endpoint.PLATFORM_TYPE.Windows -> {
-        String command =
-            injector
-                .getExecutorCommands()
-                .get(Endpoint.PLATFORM_TYPE.Windows.name() + "." + arch.name())
-                .replace("\"#{location}\"", "$PWD.Path")
-                .replace("#{inject}", inject.getId());
-        this.taniumExecutorClient.executeAction(
-            assetEndpoint.getAgents().getFirst().getExternalReference(),
-            this.taniumExecutorConfig.getWindowsPackageId(),
-            Base64.getEncoder().encodeToString(command.getBytes()));
-      }
-      case Endpoint.PLATFORM_TYPE.Linux -> {
-        String command =
-            injector
-                .getExecutorCommands()
-                .get(Endpoint.PLATFORM_TYPE.Linux.name() + "." + arch.name())
-                .replace("\"#{location}\"", "$(pwd)")
-                .replace("#{inject}", inject.getId());
-        this.taniumExecutorClient.executeAction(
-            assetEndpoint.getAgents().getFirst().getExternalReference(),
-            this.taniumExecutorConfig.getUnixPackageId(),
-            Base64.getEncoder().encodeToString(command.getBytes()));
-      }
-      case Endpoint.PLATFORM_TYPE.MacOS -> {
-        String command =
-            injector
-                .getExecutorCommands()
-                .get(Endpoint.PLATFORM_TYPE.MacOS.name() + "." + arch.name())
-                .replace("\"#{location}\"", "$(pwd)")
-                .replace("#{inject}", inject.getId());
-        this.taniumExecutorClient.executeAction(
-            assetEndpoint.getAgents().getFirst().getExternalReference(),
-            this.taniumExecutorConfig.getUnixPackageId(),
-            Base64.getEncoder().encodeToString(command.getBytes()));
-      }
-      default -> throw new RuntimeException("Unsupported platform: " + platform);
-    }
-    ;
+
+    Integer packageId =
+        switch (platform) {
+          case Windows -> this.taniumExecutorConfig.getWindowsPackageId();
+          case Linux, MacOS -> this.taniumExecutorConfig.getUnixPackageId();
+          default -> throw new RuntimeException("Unsupported platform: " + platform);
+        };
+
+    String executorCommandKey = platform.name() + "." + arch.name();
+    String command = injector.getExecutorCommands().get(executorCommandKey);
+    command =
+        replaceArgs(
+            platform, command, inject.getId(), assetEndpoint.getAgents().getFirst().getId());
+
+    this.taniumExecutorClient.executeAction(
+        assetEndpoint.getAgents().getFirst().getExternalReference(),
+        packageId,
+        Base64.getEncoder().encodeToString(command.getBytes()));
   }
 
   public void launchExecutorClear(@NotNull final Injector injector, @NotNull final Asset asset) {}