Merge branch 'master' into start-process

redcanaryco · Feb 5, 2024 · cc5b557 · cc5b557
2 parents 789c60c + d2051d7
commit cc5b557
Show file tree

Hide file tree

Showing 36 changed files with 377 additions and 315 deletions.
diff --git a/.github/workflows/check-installation.yml b/.github/workflows/check-installation.yml
@@ -14,7 +14,10 @@ jobs:
         shell: pwsh
         run: |
           IEX (IWR 'https://raw.githubusercontent.com/${{ github.event.pull_request.head.repo.full_name }}/${{ github.event.pull_request.head.ref }}/install-atomicredteam.ps1' -UseBasicParsing);
-          Install-AtomicRedTeam -RepoOwner "${{ github.event.pull_request.head.repo.owner.login }}" -Branch "${{ github.event.pull_request.head.ref }}" -getAtomics -Force -noPayloads
+          Install-AtomicRedTeam -RepoOwner "${{ github.event.pull_request.head.repo.owner.login }}" -Branch "${{ github.event.pull_request.head.ref }}" -Force
           if($error.contains("Installation of AtomicRedTeam Failed")){
             exit 1
-          }
+          }
+          IEX (IWR 'https://raw.githubusercontent.com/${{ github.event.pull_request.head.repo.full_name }}/${{ github.event.pull_request.head.ref }}/install-atomicsfolder.ps1' -UseBasicParsing);
+          Install-AtomicsFolder -Force
+          Invoke-AtomicTest All -ShowDetailsBrief
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -0,0 +1,19 @@
+name: Lint
+on: pull_request
+
+jobs:
+  install-invoke:
+    name: Install Invoke-Atomic
+    runs-on: ubuntu-latest
+    steps:
+      - name: checkout
+        uses: actions/checkout@v2
+      - name: Run lint checks
+        shell: pwsh
+        run: |
+          Install-Module -Name PSScriptAnalyzer -Force
+          Invoke-ScriptAnalyzer -Recurse ./ -Settings ./PSScriptAnalyzerSettings.psd1 -Fix
+      - name: Check whether there are any file changes
+        shell: bash
+        run: |
+          git diff --exit-code
diff --git a/Invoke-AtomicRedTeam.psd1 b/Invoke-AtomicRedTeam.psd1
@@ -4,7 +4,7 @@
     RootModule        = 'Invoke-AtomicRedTeam.psm1'
 
     # Version number of this module.
-    ModuleVersion     = '2.0.6'
+    ModuleVersion     = '2.1.0'
 
     # ID used to uniquely identify this module
     GUID              = '8f492621-18f8-432e-9532-b1d54d3e90bd'
@@ -25,11 +25,11 @@
     PowerShellVersion = '5.0'
 
     # Modules that must be imported into the global environment prior to importing this module
-    RequiredModules = @('powershell-yaml')
-    
+    RequiredModules   = @('powershell-yaml')
+
     # Script files (.ps1) that are run in the caller's environment prior to importing this module.
     # AtomicClassSchema.ps1 needs to be present in the caller's scope in order for the built-in classes to surface properly.
-    ScriptsToProcess  = @('Private\AtomicClassSchema.ps1','Public\config.ps1')
+    ScriptsToProcess  = @('Private\AtomicClassSchema.ps1', 'Public\config.ps1')
 
     # Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
     FunctionsToExport = @(
@@ -53,26 +53,26 @@
     # Variables to export from this module
     VariablesToExport = '*'
 
-    NestedModules = @(
+    NestedModules     = @(
         "Public\Default-ExecutionLogger.psm1",
         "Public\Attire-ExecutionLogger.psm1",
         "Public\Syslog-ExecutionLogger.psm1",
         "Public\WinEvent-ExecutionLogger.psm1"
-        )
+    )
 
     # Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
     PrivateData       = @{
 
         PSData = @{
 
             # Tags applied to this module. These help with module discovery in online galleries.
-            Tags = @('Security', 'Defense')
+            Tags         = @('Security', 'Defense')
 
             # A URL to the license for this module.
-            LicenseUri = 'https://github.com/redcanaryco/invoke-atomicredteam/blob/master/LICENSE.txt'
+            LicenseUri   = 'https://github.com/redcanaryco/invoke-atomicredteam/blob/master/LICENSE.txt'
 
             # A URL to the main website for this project.
-            ProjectUri = 'https://github.com/redcanaryco/invoke-atomicredteam'
+            ProjectUri   = 'https://github.com/redcanaryco/invoke-atomicredteam'
 
             # A URL to an icon representing this module.
             # IconUri = ''
@@ -86,7 +86,7 @@
 1.0.1
 -----
 * Adding 'powershell-yaml' to RequiredModules in the module manifest
-            
+
 1.0.0
 -----
 * Initial release for submission to the PowerShell Gallery

diff --git a/Invoke-AtomicRedTeam.psm1 b/Invoke-AtomicRedTeam.psm1
@@ -20,4 +20,4 @@ Foreach ($import in @($Public + $Private)) {
     Catch {
         Write-Error -Message "Failed to import function $($import.fullname): $_"
     }
-}
+}
diff --git a/PSScriptAnalyzerSettings.psd1 b/PSScriptAnalyzerSettings.psd1
@@ -0,0 +1,5 @@
+# PSScriptAnalyzerSettings.psd1
+@{
+    ExcludeRules=@('PSUseSingularNouns',
+                'PSAvoidUsingWriteHost')
+}
diff --git a/Private/AtomicClassSchema.ps1 b/Private/AtomicClassSchema.ps1
@@ -15,7 +15,7 @@ class AtomicExecutorBase {
     [Bool] $elevation_required
 
     # Implemented to facilitate improved PS object display
-    [String] ToString(){
+    [String] ToString() {
         return $this.Name
     }
 }
@@ -43,7 +43,7 @@ class AtomicTest {
     [AtomicExecutorBase] $executor
 
     # Implemented to facilitate improved PS object display
-    [String] ToString(){
+    [String] ToString() {
         return $this.name
     }
 }
@@ -52,4 +52,4 @@ class AtomicTechnique {
     [String[]] $attack_technique
     [String] $display_name
     [AtomicTest[]] $atomic_tests
-}
+}
diff --git a/Private/Get-PrereqExecutor.ps1 b/Private/Get-PrereqExecutor.ps1
@@ -1,5 +1,5 @@
 function Get-PrereqExecutor ($test) {
-    if ($nul -eq $test.dependency_executor_name) { $executor = $test.executor.name } 
+    if ($nul -eq $test.dependency_executor_name) { $executor = $test.executor.name }
     else { $executor = $test.dependency_executor_name }
     $executor
-}
+}
diff --git a/Private/Get-TargetInfo.ps1 b/Private/Get-TargetInfo.ps1
@@ -10,14 +10,15 @@ function Get-TargetInfo($Session) {
             $targetHostname = hostname
             $targetUser = whoami
             if ($IsLinux) { $targetPlatform = "linux" }
-            elseif ($IsMacOS) { $targetPlatform =  "macos" }
-            else {  # windows
+            elseif ($IsMacOS) { $targetPlatform = "macos" }
+            else {
+                # windows
                 $tmpDir = "$env:TEMP\"
                 $isElevated = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
             }
             if ($IsLinux -or $IsMacOS) {
                 $isElevated = $false
-                $privid = id -u                
+                $privid = id -u
                 if ($privid -eq 0) { $isElevated = $true }
             }
             $targetPlatform, $isElevated, $tmpDir, $targetHostname, $targetUser
@@ -28,15 +29,15 @@ function Get-TargetInfo($Session) {
         if ($IsLinux -or $IsMacOS) {
             $tmpDir = "/tmp/"
             $isElevated = $false
-            $privid = id -u                
+            $privid = id -u
             if ($privid -eq 0) { $isElevated = $true }
             if ($IsMacOS) { $targetPlatform = "macos" }
         }
         else {
             $targetPlatform = "windows"
             $isElevated = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
         }
-      
+
     }
     $targetPlatform, $isElevated, $tmpDir, $targetHostname, $targetUser
-} 
+}
diff --git a/Private/Invoke-CheckPrereqs.ps1 b/Private/Invoke-CheckPrereqs.ps1
@@ -6,7 +6,7 @@ function Invoke-CheckPrereqs ($test, $isElevated, $executionPlatform, $customInp
     foreach ($dep in $test.dependencies) {
         $executor = Get-PrereqExecutor $test
         $final_command = Merge-InputArgs $dep.prereq_command $test $customInputArgs $PathToAtomicsFolder
-        if($executor -ne "powershell") { $final_command = ($final_Command.trim()).Replace("`n", " && ") }
+        if ($executor -ne "powershell") { $final_command = ($final_Command.trim()).Replace("`n", " && ") }
         $res = Invoke-ExecuteCommand $final_command $executor $executionPlatform $TimeoutSeconds  $session
         $description = Merge-InputArgs $dep.description $test $customInputArgs $PathToAtomicsFolder
         if ($res.ExitCode -ne 0) {

diff --git a/Private/Invoke-ExecuteCommand.ps1 b/Private/Invoke-ExecuteCommand.ps1
@@ -6,47 +6,48 @@ function Invoke-ExecuteCommand ($finalCommand, $executor, $executionPlatform, $T
         if ($executor -eq "command_prompt" -or $executor -eq "sh" -or $executor -eq "bash") {
             $execPrefix = "-c"
             $execExe = $executor
-            if ($executor -eq "command_prompt") { 
-                    $execPrefix = "/c"; 
-                    $execExe = "cmd.exe"; 
-                    $execCommand = $finalCommand -replace "`n", " & " 
-                    $arguments = $execPrefix,"$execCommand"
-                }
+            if ($executor -eq "command_prompt") {
+                $execPrefix = "/c";
+                $execExe = "cmd.exe";
+                $execCommand = $finalCommand -replace "`n", " & "
+                $arguments = $execPrefix, "$execCommand"
+            }
             else {
-                    $finalCommand = $finalCommand -replace "[\\](?!;)", "`\$&"
-                    $finalCommand = $finalCommand -replace "[`"]", "`\$&"
-                    $execCommand = $finalCommand -replace "(?<!;)\n", "; "
-                    $arguments = "$execPrefix `"$execCommand`""
+                $finalCommand = $finalCommand -replace "[\\](?!;)", "`\$&"
+                $finalCommand = $finalCommand -replace "[`"]", "`\$&"
+                $execCommand = $finalCommand -replace "(?<!;)\n", "; "
+                $arguments = "$execPrefix `"$execCommand`""
 
             }
         }
         elseif ($executor -eq "powershell") {
             $execCommand = $finalCommand -replace "`"", "`\`"`""
             if ($session) {
                 if ($executionPlatform -eq "windows") {
-                        $execExe = "powershell.exe"
+                    $execExe = "powershell.exe"
                 }
                 else {
-                        $execExe = "pwsh"
+                    $execExe = "pwsh"
                 }
             }
             else {
                 $execExe = "powershell.exe"; if ($IsLinux -or $IsMacOS) { $execExe = "pwsh" }
             }
-            if ($execExe -eq "pwsh"){
+            if ($execExe -eq "pwsh") {
                 $arguments = "-Command $execCommand"
-            }else{
+            }
+            else {
                 $arguments = "& {$execCommand}"
             }
         }
         else {
             Write-Warning -Message "Unable to generate or execute the command line properly. Unknown executor"
             return [PSCustomObject]@{
-                    StandardOutput = ""
-                    ErrorOutput = ""
-                    ExitCode = -1
-                    IsTimeOut = $false
-                }
+                StandardOutput = ""
+                ErrorOutput    = ""
+                ExitCode       = -1
+                IsTimeOut      = $false
+            }
         }
 
         # Write-Host -ForegroundColor Magenta "$execExe $arguments"
@@ -56,7 +57,7 @@ function Invoke-ExecuteCommand ($finalCommand, $executor, $executionPlatform, $T
             $fp2 = Join-Path $scriptParentPath "Invoke-KillProcessTree.ps1"
             invoke-command -Session $session -FilePath $fp
             invoke-command -Session $session -FilePath $fp2
-            $res = invoke-command -Session $session -ScriptBlock { Invoke-Process -filename $Using:execExe -Arguments $Using:arguments -TimeoutSeconds $Using:TimeoutSeconds -stdoutFile "art-out.txt" -stderrFile "art-err.txt"  }
+            $res = invoke-command -Session $session -ScriptBlock { Invoke-Process -filename $Using:execExe -Arguments $Using:arguments -TimeoutSeconds $Using:TimeoutSeconds -stdoutFile "art-out.txt" -stderrFile "art-err.txt" }
         }
         else {
             if ($interactive) {
@@ -67,7 +68,7 @@ function Invoke-ExecuteCommand ($finalCommand, $executor, $executionPlatform, $T
             else {
                 # Local execution that DO NOT contain interactive prompts
                 #   In this situation, capture the stdout/stderr for Invoke-AtomicTest to send to the caller
-                $res = Invoke-Process -filename $execExe -Arguments $arguments -TimeoutSeconds $TimeoutSeconds -stdoutFile "art-out.txt" -stderrFile "art-err.txt" 
+                $res = Invoke-Process -filename $execExe -Arguments $arguments -TimeoutSeconds $TimeoutSeconds -stdoutFile "art-out.txt" -stderrFile "art-err.txt"
             }
         }
     )
-Original file line number
+Diff line change
@@ Expand Up / @@ -20,4 +20,4 @@ Foreach ($import in @($Public + $Private)) { @@
         Catch {
             Write-Error -Message "Failed to import function $($import.fullname): $_"
         }
-    }
+    }