From 3b4632e37bc9edbf94c601af35208f5f5ed99461 Mon Sep 17 00:00:00 2001 From: Stephanya Casanova Date: Mon, 9 Sep 2024 09:15:19 +0200 Subject: [PATCH 01/11] [backend] Add elevation required attribute --- .../V3_33__Add_column_requires_elevation.java | 18 +++++++++ .../rest/payload/form/PayloadCreateInput.java | 7 +++- .../rest/payload/form/PayloadUpdateInput.java | 3 ++ .../rest/payload/form/PayloadUpsertInput.java | 3 ++ .../io/openbas/asset/EndpointService.java | 10 ++++- .../io/openbas/config/OpenBASAgentConfig.java | 40 +++++++++++++++++++ .../OpenBASExecutorContextService.java | 16 +++++--- .../openbas/database/model/AssetAgentJob.java | 19 +++++---- .../io/openbas/database/model/Payload.java | 11 +++-- 9 files changed, 108 insertions(+), 19 deletions(-) create mode 100644 openbas-api/src/main/java/io/openbas/migration/V3_33__Add_column_requires_elevation.java create mode 100644 openbas-framework/src/main/java/io/openbas/config/OpenBASAgentConfig.java diff --git a/openbas-api/src/main/java/io/openbas/migration/V3_33__Add_column_requires_elevation.java b/openbas-api/src/main/java/io/openbas/migration/V3_33__Add_column_requires_elevation.java new file mode 100644 index 0000000000..cc52d5c903 --- /dev/null +++ b/openbas-api/src/main/java/io/openbas/migration/V3_33__Add_column_requires_elevation.java @@ -0,0 +1,18 @@ +package io.openbas.migration; + +import org.flywaydb.core.api.migration.BaseJavaMigration; +import org.flywaydb.core.api.migration.Context; +import org.springframework.stereotype.Component; + +import java.sql.Statement; + +@Component +public class V3_33__Add_column_requires_elevation extends BaseJavaMigration { + + @Override + public void migrate(final Context context) throws Exception { + final Statement select = context.getConnection().createStatement(); + select.execute("ALTER TABLE asset_agent_jobs ADD asset_agent_elevation_required bool default false;"); + select.execute("ALTER TABLE payloads ADD payload_elevation_required bool default false;"); + } +} diff --git a/openbas-api/src/main/java/io/openbas/rest/payload/form/PayloadCreateInput.java b/openbas-api/src/main/java/io/openbas/rest/payload/form/PayloadCreateInput.java index 7083cad651..66509e032d 100644 --- a/openbas-api/src/main/java/io/openbas/rest/payload/form/PayloadCreateInput.java +++ b/openbas-api/src/main/java/io/openbas/rest/payload/form/PayloadCreateInput.java @@ -1,7 +1,7 @@ package io.openbas.rest.payload.form; import com.fasterxml.jackson.annotation.JsonProperty; -import io.openbas.database.model.Endpoint.PLATFORM_TYPE; +import io.openbas.database.model.Endpoint; import io.openbas.database.model.PayloadArgument; import io.openbas.database.model.PayloadPrerequisite; import jakarta.validation.constraints.NotBlank; @@ -36,7 +36,7 @@ public class PayloadCreateInput { @NotEmpty(message = MANDATORY_MESSAGE) @JsonProperty("payload_platforms") - private PLATFORM_TYPE[] platforms; + private Endpoint.PLATFORM_TYPE[] platforms; @JsonProperty("payload_description") private String description; @@ -73,6 +73,9 @@ public class PayloadCreateInput { @JsonProperty("payload_attack_patterns") private List attackPatternsIds = new ArrayList<>(); + + @JsonProperty("payload_elevation_required") + private boolean elevationRequired; } diff --git a/openbas-api/src/main/java/io/openbas/rest/payload/form/PayloadUpdateInput.java b/openbas-api/src/main/java/io/openbas/rest/payload/form/PayloadUpdateInput.java index da3bb24ddc..572212249c 100644 --- a/openbas-api/src/main/java/io/openbas/rest/payload/form/PayloadUpdateInput.java +++ b/openbas-api/src/main/java/io/openbas/rest/payload/form/PayloadUpdateInput.java @@ -58,6 +58,9 @@ public class PayloadUpdateInput { @JsonProperty("payload_attack_patterns") private List attackPatternsIds = new ArrayList<>(); + + @JsonProperty("payload_elevation_required") + private boolean elevationRequired; } diff --git a/openbas-api/src/main/java/io/openbas/rest/payload/form/PayloadUpsertInput.java b/openbas-api/src/main/java/io/openbas/rest/payload/form/PayloadUpsertInput.java index f4c4a1a899..f59d5326b3 100644 --- a/openbas-api/src/main/java/io/openbas/rest/payload/form/PayloadUpsertInput.java +++ b/openbas-api/src/main/java/io/openbas/rest/payload/form/PayloadUpsertInput.java @@ -76,6 +76,9 @@ public class PayloadUpsertInput { @JsonProperty("payload_attack_patterns") private List attackPatternsExternalIds = new ArrayList<>(); + + @JsonProperty("payload_elevation_required") + private boolean elevationRequired; } diff --git a/openbas-framework/src/main/java/io/openbas/asset/EndpointService.java b/openbas-framework/src/main/java/io/openbas/asset/EndpointService.java index 8d1242915a..3ba5b4ed75 100644 --- a/openbas-framework/src/main/java/io/openbas/asset/EndpointService.java +++ b/openbas-framework/src/main/java/io/openbas/asset/EndpointService.java @@ -1,5 +1,6 @@ package io.openbas.asset; +import io.openbas.config.OpenBASAgentConfig; import io.openbas.config.OpenBASConfig; import io.openbas.database.model.Endpoint; import io.openbas.database.repository.EndpointRepository; @@ -33,6 +34,9 @@ public class EndpointService { @Resource private OpenBASConfig openBASConfig; + @Resource + private OpenBASAgentConfig openBASAgentConfig; + @Value("${openbas.admin.token:#{null}}") private String adminToken; @@ -103,13 +107,15 @@ public String getFileOrDownloadFromJfrog(String platform, String file, String ad String filename = file + "-" + version + "." + extension; String resourcePath = "/openbas-agent/" + platform.toLowerCase() + "/"; InputStream in = getClass().getResourceAsStream("/agents" + resourcePath + filename); - if (in == null) { // Dev mode, get from artifactory + if (null == in) { // Dev mode, get from artifactory filename = file + "-latest." + extension; in = new BufferedInputStream(new URL(JFROG_BASE + resourcePath + filename).openStream()); } return IOUtils.toString(in, StandardCharsets.UTF_8) .replace("${OPENBAS_URL}", openBASConfig.getBaseUrlForAgent()) - .replace("${OPENBAS_TOKEN}", adminToken); + .replace("${OPENBAS_TOKEN}", adminToken) + .replace("${NON_SYSTEM_USER}", openBASAgentConfig.getNonSystemUser()) + .replace("${NON_SYSTEM_PWD}", openBASAgentConfig.getNonSystemPwd()); } public String generateInstallCommand(String platform, String token) throws IOException { diff --git a/openbas-framework/src/main/java/io/openbas/config/OpenBASAgentConfig.java b/openbas-framework/src/main/java/io/openbas/config/OpenBASAgentConfig.java new file mode 100644 index 0000000000..0d4beb7efd --- /dev/null +++ b/openbas-framework/src/main/java/io/openbas/config/OpenBASAgentConfig.java @@ -0,0 +1,40 @@ +package io.openbas.config; + +import com.fasterxml.jackson.annotation.JsonProperty; +import lombok.Data; +import org.springframework.boot.context.properties.ConfigurationProperties; +import org.springframework.stereotype.Component; + +@Component +@ConfigurationProperties(prefix = "openbas.rabbitmq") +@Data +public class RabbitmqConfig { + + @JsonProperty("rabbitmq_prefix") + private String prefix; + + @JsonProperty("rabbitmq_hostname") + private String hostname; + + @JsonProperty("rabbitmq_vhost") + private String vhost; + + @JsonProperty("rabbitmq_ssl") + private boolean ssl; + + @JsonProperty("rabbitmq_port") + private int port; + + @JsonProperty("rabbitmq_management-port") + private int managementPort; + + @JsonProperty("rabbitmq_user") + private String user; + + @JsonProperty("rabbitmq_pass") + private String pass; + + @JsonProperty("rabbitmq_queue-type") + private String queueType; + +} diff --git a/openbas-framework/src/main/java/io/openbas/executors/openbas/service/OpenBASExecutorContextService.java b/openbas-framework/src/main/java/io/openbas/executors/openbas/service/OpenBASExecutorContextService.java index 04a0efd08f..2dad38d356 100644 --- a/openbas-framework/src/main/java/io/openbas/executors/openbas/service/OpenBASExecutorContextService.java +++ b/openbas-framework/src/main/java/io/openbas/executors/openbas/service/OpenBASExecutorContextService.java @@ -27,15 +27,15 @@ private String computeCommand(@NotNull final Inject inject, Endpoint.PLATFORM_TY .orElseThrow(() -> new UnsupportedOperationException("Inject does not have a contract")); switch (platform) { - case Endpoint.PLATFORM_TYPE.Windows -> { + case Windows -> { return injector.getExecutorCommands().get(Endpoint.PLATFORM_TYPE.Windows.name() + "." + arch.name()) .replace("#{inject}", inject.getId()); } - case Endpoint.PLATFORM_TYPE.Linux -> { + case Linux -> { return injector.getExecutorCommands().get(Endpoint.PLATFORM_TYPE.Linux.name() + "." + arch.name()) .replace("#{inject}", inject.getId()); } - case Endpoint.PLATFORM_TYPE.MacOS -> { + case MacOS -> { return injector.getExecutorCommands().get(Endpoint.PLATFORM_TYPE.MacOS.name() + "." + arch.name()) .replace("#{inject}", inject.getId()); } @@ -46,17 +46,23 @@ private String computeCommand(@NotNull final Inject inject, Endpoint.PLATFORM_TY public void launchExecutorSubprocess(@NotNull final Inject inject, @NotNull final Asset asset) { Endpoint.PLATFORM_TYPE platform = Objects.equals(asset.getType(), "Endpoint") ? ((Endpoint) Hibernate.unproxy(asset)).getPlatform() : null; Endpoint.PLATFORM_ARCH arch = Objects.equals(asset.getType(), "Endpoint") ? ((Endpoint) Hibernate.unproxy(asset)).getArch() : null; - if (platform == null) { + if (null == platform) { throw new RuntimeException("Unsupported null platform"); } AssetAgentJob assetAgentJob = new AssetAgentJob(); assetAgentJob.setCommand(computeCommand(inject, platform, arch)); assetAgentJob.setAsset(asset); assetAgentJob.setInject(inject); - assetAgentJobRepository.save(assetAgentJob); + assetAgentJob.setElevationRequired(this.isElevationRequired(inject)); + assetAgentJobRepository.save(assetAgentJob); } public void launchExecutorClear(@NotNull final Injector injector, @NotNull final Asset asset) { // TODO } + + private boolean isElevationRequired(final Inject inject) { + // Fix me add also for caldera + return inject.getInjectorContract().map(injectorContract -> injectorContract.getPayload().isElevationRequired()).orElse(false).booleanValue(); + } } diff --git a/openbas-model/src/main/java/io/openbas/database/model/AssetAgentJob.java b/openbas-model/src/main/java/io/openbas/database/model/AssetAgentJob.java index b4d7f9c445..e049be8541 100644 --- a/openbas-model/src/main/java/io/openbas/database/model/AssetAgentJob.java +++ b/openbas-model/src/main/java/io/openbas/database/model/AssetAgentJob.java @@ -46,26 +46,31 @@ public class AssetAgentJob implements Base { @NotBlank private String command; + @Getter + @Column(name = "asset_agent_elevation_required") + @JsonProperty("asset_agent_elevation_required") + private boolean elevationRequired; + @Override public String toString() { - return id; + return this.id; } @Override - public boolean equals(Object o) { + public boolean equals(final Object o) { if (this == o) return true; - if (o == null || !Base.class.isAssignableFrom(o.getClass())) return false; - Base base = (Base) o; - return id.equals(base.getId()); + if (null == o || !Base.class.isAssignableFrom(o.getClass())) return false; + final Base base = (Base) o; + return this.id.equals(base.getId()); } @Override public int hashCode() { - return Objects.hash(id); + return Objects.hash(this.id); } @Override public String getId() { - return id; + return this.id; } } diff --git a/openbas-model/src/main/java/io/openbas/database/model/Payload.java b/openbas-model/src/main/java/io/openbas/database/model/Payload.java index b43e2cba14..f4bdee081b 100644 --- a/openbas-model/src/main/java/io/openbas/database/model/Payload.java +++ b/openbas-model/src/main/java/io/openbas/database/model/Payload.java @@ -6,7 +6,6 @@ import io.hypersistence.utils.hibernate.type.json.JsonType; import io.openbas.annotation.Queryable; import io.openbas.database.audit.ModelBaseListener; -import io.openbas.database.model.Endpoint.PLATFORM_TYPE; import io.openbas.helper.MonoIdDeserializer; import io.openbas.helper.MultiIdListDeserializer; import io.openbas.helper.MultiIdSetDeserializer; @@ -14,6 +13,7 @@ import jakarta.validation.constraints.NotBlank; import jakarta.validation.constraints.NotNull; import lombok.Data; +import lombok.Getter; import lombok.Setter; import org.hibernate.annotations.Type; import org.hibernate.annotations.UuidGenerator; @@ -72,7 +72,7 @@ public enum PAYLOAD_STATUS { @Type(StringArrayType.class) @Column(name = "payload_platforms", columnDefinition = "text[]") @JsonProperty("payload_platforms") - private PLATFORM_TYPE[] platforms = new PLATFORM_TYPE[0]; + private Endpoint.PLATFORM_TYPE[] platforms = new Endpoint.PLATFORM_TYPE[0]; @Setter @ManyToMany(fetch = FetchType.EAGER) @@ -94,6 +94,11 @@ public enum PAYLOAD_STATUS { @JsonProperty("payload_cleanup_command") private String cleanupCommand; + @Getter + @Column(name = "payload_elevation_required") + @JsonProperty("payload_elevation_required") + private boolean elevationRequired; + @Setter @Type(JsonType.class) @Column(name = "payload_arguments") @@ -159,7 +164,7 @@ public enum PAYLOAD_STATUS { @JsonProperty("payload_collector_type") private String getCollectorType() { - return this.getCollector() != null ? this.getCollector().getType() : null; + return null != collector ? this.collector.getType() : null; } @Override From 11114b54804e132a7e0e4509f202ada06e3268bc Mon Sep 17 00:00:00 2001 From: Stephanya Casanova Date: Mon, 9 Sep 2024 09:22:50 +0200 Subject: [PATCH 02/11] [backend] Add elevation required attribute --- .../rest/payload/form/PayloadCreateInput.java | 4 +-- .../io/openbas/config/OpenBASAgentConfig.java | 33 ++++--------------- 2 files changed, 8 insertions(+), 29 deletions(-) diff --git a/openbas-api/src/main/java/io/openbas/rest/payload/form/PayloadCreateInput.java b/openbas-api/src/main/java/io/openbas/rest/payload/form/PayloadCreateInput.java index 66509e032d..acee78a04a 100644 --- a/openbas-api/src/main/java/io/openbas/rest/payload/form/PayloadCreateInput.java +++ b/openbas-api/src/main/java/io/openbas/rest/payload/form/PayloadCreateInput.java @@ -1,7 +1,7 @@ package io.openbas.rest.payload.form; import com.fasterxml.jackson.annotation.JsonProperty; -import io.openbas.database.model.Endpoint; +import io.openbas.database.model.Endpoint.PLATFORM_TYPE; import io.openbas.database.model.PayloadArgument; import io.openbas.database.model.PayloadPrerequisite; import jakarta.validation.constraints.NotBlank; @@ -36,7 +36,7 @@ public class PayloadCreateInput { @NotEmpty(message = MANDATORY_MESSAGE) @JsonProperty("payload_platforms") - private Endpoint.PLATFORM_TYPE[] platforms; + private PLATFORM_TYPE[] platforms; @JsonProperty("payload_description") private String description; diff --git a/openbas-framework/src/main/java/io/openbas/config/OpenBASAgentConfig.java b/openbas-framework/src/main/java/io/openbas/config/OpenBASAgentConfig.java index 0d4beb7efd..5221d48c08 100644 --- a/openbas-framework/src/main/java/io/openbas/config/OpenBASAgentConfig.java +++ b/openbas-framework/src/main/java/io/openbas/config/OpenBASAgentConfig.java @@ -6,35 +6,14 @@ import org.springframework.stereotype.Component; @Component -@ConfigurationProperties(prefix = "openbas.rabbitmq") +@ConfigurationProperties(prefix = "openbas.agent") @Data -public class RabbitmqConfig { +public class OpenBASAgentConfig { - @JsonProperty("rabbitmq_prefix") - private String prefix; + @JsonProperty("non_system_user") + private String nonSystemUser; - @JsonProperty("rabbitmq_hostname") - private String hostname; - - @JsonProperty("rabbitmq_vhost") - private String vhost; - - @JsonProperty("rabbitmq_ssl") - private boolean ssl; - - @JsonProperty("rabbitmq_port") - private int port; - - @JsonProperty("rabbitmq_management-port") - private int managementPort; - - @JsonProperty("rabbitmq_user") - private String user; - - @JsonProperty("rabbitmq_pass") - private String pass; - - @JsonProperty("rabbitmq_queue-type") - private String queueType; + @JsonProperty("non_system_pwd") + private String nonSystemPwd; } From 1d4f5fc78d80611b601b459080928d638e8d3408 Mon Sep 17 00:00:00 2001 From: Stephanya Casanova Date: Mon, 9 Sep 2024 09:24:13 +0200 Subject: [PATCH 03/11] [backend] Add elevation required attribute --- .../openbas/service/OpenBASExecutorContextService.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openbas-framework/src/main/java/io/openbas/executors/openbas/service/OpenBASExecutorContextService.java b/openbas-framework/src/main/java/io/openbas/executors/openbas/service/OpenBASExecutorContextService.java index 2dad38d356..8766d01b03 100644 --- a/openbas-framework/src/main/java/io/openbas/executors/openbas/service/OpenBASExecutorContextService.java +++ b/openbas-framework/src/main/java/io/openbas/executors/openbas/service/OpenBASExecutorContextService.java @@ -54,7 +54,7 @@ public void launchExecutorSubprocess(@NotNull final Inject inject, @NotNull fina assetAgentJob.setAsset(asset); assetAgentJob.setInject(inject); assetAgentJob.setElevationRequired(this.isElevationRequired(inject)); - assetAgentJobRepository.save(assetAgentJob); + assetAgentJobRepository.save(assetAgentJob); } public void launchExecutorClear(@NotNull final Injector injector, @NotNull final Asset asset) { From 7b6d82dd72ca84e3aaf77fc31a84283c657f630d Mon Sep 17 00:00:00 2001 From: Stephanya Casanova Date: Mon, 9 Sep 2024 15:17:24 +0200 Subject: [PATCH 04/11] [backend] Add credentials from non system user into properties file --- openbas-api/src/main/resources/application.properties | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/openbas-api/src/main/resources/application.properties b/openbas-api/src/main/resources/application.properties index ad76554831..69a908baa2 100644 --- a/openbas-api/src/main/resources/application.properties +++ b/openbas-api/src/main/resources/application.properties @@ -131,6 +131,11 @@ logging.logback.rollingpolicy.file-name-pattern=${LOG_FILE}.-%d{yyyy-MM-dd}.%i logging.logback.rollingpolicy.max-file-size=10MB logging.logback.rollingpolicy.max-history=7 + +# Non-system service account credentials for OpenBAS agent +agent.non-system-user= +agent.non-system-pwd= + ############# # EXECUTORS # ############# From 21859a91355598a8af28f423d9db9c87838dec45 Mon Sep 17 00:00:00 2001 From: Stephanya Casanova Date: Tue, 10 Sep 2024 16:48:51 +0200 Subject: [PATCH 05/11] [backend] refact --- openbas-api/src/main/resources/application.properties | 4 ++-- .../src/main/java/io/openbas/config/OpenBASAgentConfig.java | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/openbas-api/src/main/resources/application.properties b/openbas-api/src/main/resources/application.properties index 69a908baa2..653c60bbb4 100644 --- a/openbas-api/src/main/resources/application.properties +++ b/openbas-api/src/main/resources/application.properties @@ -133,8 +133,8 @@ logging.logback.rollingpolicy.max-history=7 # Non-system service account credentials for OpenBAS agent -agent.non-system-user= -agent.non-system-pwd= +openbas.agent.non-system-user= +openbas.agent.non-system-pwd= ############# # EXECUTORS # diff --git a/openbas-framework/src/main/java/io/openbas/config/OpenBASAgentConfig.java b/openbas-framework/src/main/java/io/openbas/config/OpenBASAgentConfig.java index 5221d48c08..56085a463a 100644 --- a/openbas-framework/src/main/java/io/openbas/config/OpenBASAgentConfig.java +++ b/openbas-framework/src/main/java/io/openbas/config/OpenBASAgentConfig.java @@ -10,10 +10,10 @@ @Data public class OpenBASAgentConfig { - @JsonProperty("non_system_user") + @JsonProperty("non-system-user") private String nonSystemUser; - @JsonProperty("non_system_pwd") + @JsonProperty("non-system-pwd") private String nonSystemPwd; } From 01a4b70575b0df363ad5080698c6f09df951f26d Mon Sep 17 00:00:00 2001 From: Stephanya Casanova Date: Tue, 10 Sep 2024 16:55:22 +0200 Subject: [PATCH 06/11] [backend] refact --- ...elevation.java => V3_34__Add_column_requires_elevation.java} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename openbas-api/src/main/java/io/openbas/migration/{V3_33__Add_column_requires_elevation.java => V3_34__Add_column_requires_elevation.java} (90%) diff --git a/openbas-api/src/main/java/io/openbas/migration/V3_33__Add_column_requires_elevation.java b/openbas-api/src/main/java/io/openbas/migration/V3_34__Add_column_requires_elevation.java similarity index 90% rename from openbas-api/src/main/java/io/openbas/migration/V3_33__Add_column_requires_elevation.java rename to openbas-api/src/main/java/io/openbas/migration/V3_34__Add_column_requires_elevation.java index cc52d5c903..822e8304fa 100644 --- a/openbas-api/src/main/java/io/openbas/migration/V3_33__Add_column_requires_elevation.java +++ b/openbas-api/src/main/java/io/openbas/migration/V3_34__Add_column_requires_elevation.java @@ -7,7 +7,7 @@ import java.sql.Statement; @Component -public class V3_33__Add_column_requires_elevation extends BaseJavaMigration { +public class V3_34__Add_column_requires_elevation extends BaseJavaMigration { @Override public void migrate(final Context context) throws Exception { From ab8d08e064788875d0ea22e6e56c10462d523346 Mon Sep 17 00:00:00 2001 From: Stephanya Casanova Date: Wed, 11 Sep 2024 14:17:35 +0200 Subject: [PATCH 07/11] [backend] refact --- .../openbas/service/OpenBASExecutorContextService.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/openbas-framework/src/main/java/io/openbas/executors/openbas/service/OpenBASExecutorContextService.java b/openbas-framework/src/main/java/io/openbas/executors/openbas/service/OpenBASExecutorContextService.java index 8766d01b03..4afc16b72e 100644 --- a/openbas-framework/src/main/java/io/openbas/executors/openbas/service/OpenBASExecutorContextService.java +++ b/openbas-framework/src/main/java/io/openbas/executors/openbas/service/OpenBASExecutorContextService.java @@ -62,7 +62,6 @@ public void launchExecutorClear(@NotNull final Injector injector, @NotNull final } private boolean isElevationRequired(final Inject inject) { - // Fix me add also for caldera - return inject.getInjectorContract().map(injectorContract -> injectorContract.getPayload().isElevationRequired()).orElse(false).booleanValue(); + return inject.getInjectorContract().map(injectorContract -> injectorContract.getPayload()).map(payload->payload.isElevationRequired()).orElse(false).booleanValue(); } } From 450a9a9f8fc7077eb5b3a01e71cc5f184bcda34a Mon Sep 17 00:00:00 2001 From: Stephanya Casanova Date: Wed, 11 Sep 2024 14:46:18 +0200 Subject: [PATCH 08/11] [backend] add elevation_required into paylaod model --- ...dd_column_elevation_required_payload.java} | 3 +-- .../src/main/resources/application.properties | 5 ----- .../io/openbas/asset/EndpointService.java | 8 +------- .../io/openbas/config/OpenBASAgentConfig.java | 19 ------------------- .../OpenBASExecutorContextService.java | 5 ----- .../openbas/database/model/AssetAgentJob.java | 5 ----- 6 files changed, 2 insertions(+), 43 deletions(-) rename openbas-api/src/main/java/io/openbas/migration/{V3_34__Add_column_requires_elevation.java => V3_34__Add_column_elevation_required_payload.java} (72%) delete mode 100644 openbas-framework/src/main/java/io/openbas/config/OpenBASAgentConfig.java diff --git a/openbas-api/src/main/java/io/openbas/migration/V3_34__Add_column_requires_elevation.java b/openbas-api/src/main/java/io/openbas/migration/V3_34__Add_column_elevation_required_payload.java similarity index 72% rename from openbas-api/src/main/java/io/openbas/migration/V3_34__Add_column_requires_elevation.java rename to openbas-api/src/main/java/io/openbas/migration/V3_34__Add_column_elevation_required_payload.java index 822e8304fa..e09b6506fa 100644 --- a/openbas-api/src/main/java/io/openbas/migration/V3_34__Add_column_requires_elevation.java +++ b/openbas-api/src/main/java/io/openbas/migration/V3_34__Add_column_elevation_required_payload.java @@ -7,12 +7,11 @@ import java.sql.Statement; @Component -public class V3_34__Add_column_requires_elevation extends BaseJavaMigration { +public class V3_34__Add_column_elevation_required_payload extends BaseJavaMigration { @Override public void migrate(final Context context) throws Exception { final Statement select = context.getConnection().createStatement(); - select.execute("ALTER TABLE asset_agent_jobs ADD asset_agent_elevation_required bool default false;"); select.execute("ALTER TABLE payloads ADD payload_elevation_required bool default false;"); } } diff --git a/openbas-api/src/main/resources/application.properties b/openbas-api/src/main/resources/application.properties index 653c60bbb4..ad76554831 100644 --- a/openbas-api/src/main/resources/application.properties +++ b/openbas-api/src/main/resources/application.properties @@ -131,11 +131,6 @@ logging.logback.rollingpolicy.file-name-pattern=${LOG_FILE}.-%d{yyyy-MM-dd}.%i logging.logback.rollingpolicy.max-file-size=10MB logging.logback.rollingpolicy.max-history=7 - -# Non-system service account credentials for OpenBAS agent -openbas.agent.non-system-user= -openbas.agent.non-system-pwd= - ############# # EXECUTORS # ############# diff --git a/openbas-framework/src/main/java/io/openbas/asset/EndpointService.java b/openbas-framework/src/main/java/io/openbas/asset/EndpointService.java index 3ba5b4ed75..3bb206fddf 100644 --- a/openbas-framework/src/main/java/io/openbas/asset/EndpointService.java +++ b/openbas-framework/src/main/java/io/openbas/asset/EndpointService.java @@ -1,6 +1,5 @@ package io.openbas.asset; -import io.openbas.config.OpenBASAgentConfig; import io.openbas.config.OpenBASConfig; import io.openbas.database.model.Endpoint; import io.openbas.database.repository.EndpointRepository; @@ -34,9 +33,6 @@ public class EndpointService { @Resource private OpenBASConfig openBASConfig; - @Resource - private OpenBASAgentConfig openBASAgentConfig; - @Value("${openbas.admin.token:#{null}}") private String adminToken; @@ -113,9 +109,7 @@ public String getFileOrDownloadFromJfrog(String platform, String file, String ad } return IOUtils.toString(in, StandardCharsets.UTF_8) .replace("${OPENBAS_URL}", openBASConfig.getBaseUrlForAgent()) - .replace("${OPENBAS_TOKEN}", adminToken) - .replace("${NON_SYSTEM_USER}", openBASAgentConfig.getNonSystemUser()) - .replace("${NON_SYSTEM_PWD}", openBASAgentConfig.getNonSystemPwd()); + .replace("${OPENBAS_TOKEN}", adminToken); } public String generateInstallCommand(String platform, String token) throws IOException { diff --git a/openbas-framework/src/main/java/io/openbas/config/OpenBASAgentConfig.java b/openbas-framework/src/main/java/io/openbas/config/OpenBASAgentConfig.java deleted file mode 100644 index 56085a463a..0000000000 --- a/openbas-framework/src/main/java/io/openbas/config/OpenBASAgentConfig.java +++ /dev/null @@ -1,19 +0,0 @@ -package io.openbas.config; - -import com.fasterxml.jackson.annotation.JsonProperty; -import lombok.Data; -import org.springframework.boot.context.properties.ConfigurationProperties; -import org.springframework.stereotype.Component; - -@Component -@ConfigurationProperties(prefix = "openbas.agent") -@Data -public class OpenBASAgentConfig { - - @JsonProperty("non-system-user") - private String nonSystemUser; - - @JsonProperty("non-system-pwd") - private String nonSystemPwd; - -} diff --git a/openbas-framework/src/main/java/io/openbas/executors/openbas/service/OpenBASExecutorContextService.java b/openbas-framework/src/main/java/io/openbas/executors/openbas/service/OpenBASExecutorContextService.java index 4afc16b72e..bbcb455f6d 100644 --- a/openbas-framework/src/main/java/io/openbas/executors/openbas/service/OpenBASExecutorContextService.java +++ b/openbas-framework/src/main/java/io/openbas/executors/openbas/service/OpenBASExecutorContextService.java @@ -53,15 +53,10 @@ public void launchExecutorSubprocess(@NotNull final Inject inject, @NotNull fina assetAgentJob.setCommand(computeCommand(inject, platform, arch)); assetAgentJob.setAsset(asset); assetAgentJob.setInject(inject); - assetAgentJob.setElevationRequired(this.isElevationRequired(inject)); assetAgentJobRepository.save(assetAgentJob); } public void launchExecutorClear(@NotNull final Injector injector, @NotNull final Asset asset) { // TODO } - - private boolean isElevationRequired(final Inject inject) { - return inject.getInjectorContract().map(injectorContract -> injectorContract.getPayload()).map(payload->payload.isElevationRequired()).orElse(false).booleanValue(); - } } diff --git a/openbas-model/src/main/java/io/openbas/database/model/AssetAgentJob.java b/openbas-model/src/main/java/io/openbas/database/model/AssetAgentJob.java index e049be8541..5cb728f4a4 100644 --- a/openbas-model/src/main/java/io/openbas/database/model/AssetAgentJob.java +++ b/openbas-model/src/main/java/io/openbas/database/model/AssetAgentJob.java @@ -46,11 +46,6 @@ public class AssetAgentJob implements Base { @NotBlank private String command; - @Getter - @Column(name = "asset_agent_elevation_required") - @JsonProperty("asset_agent_elevation_required") - private boolean elevationRequired; - @Override public String toString() { return this.id; From e84d949e4619e6f4f53af98868c3cddc930c9adf Mon Sep 17 00:00:00 2001 From: Stephanya Casanova Date: Wed, 11 Sep 2024 16:27:44 +0200 Subject: [PATCH 09/11] [backend] add elevation_required into paylaod model --- .../java/io/openbas/asset/EndpointService.java | 2 +- .../service/OpenBASExecutorContextService.java | 8 ++++---- .../io/openbas/database/model/AssetAgentJob.java | 14 +++++++------- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/openbas-framework/src/main/java/io/openbas/asset/EndpointService.java b/openbas-framework/src/main/java/io/openbas/asset/EndpointService.java index 3bb206fddf..8d1242915a 100644 --- a/openbas-framework/src/main/java/io/openbas/asset/EndpointService.java +++ b/openbas-framework/src/main/java/io/openbas/asset/EndpointService.java @@ -103,7 +103,7 @@ public String getFileOrDownloadFromJfrog(String platform, String file, String ad String filename = file + "-" + version + "." + extension; String resourcePath = "/openbas-agent/" + platform.toLowerCase() + "/"; InputStream in = getClass().getResourceAsStream("/agents" + resourcePath + filename); - if (null == in) { // Dev mode, get from artifactory + if (in == null) { // Dev mode, get from artifactory filename = file + "-latest." + extension; in = new BufferedInputStream(new URL(JFROG_BASE + resourcePath + filename).openStream()); } diff --git a/openbas-framework/src/main/java/io/openbas/executors/openbas/service/OpenBASExecutorContextService.java b/openbas-framework/src/main/java/io/openbas/executors/openbas/service/OpenBASExecutorContextService.java index bbcb455f6d..04a0efd08f 100644 --- a/openbas-framework/src/main/java/io/openbas/executors/openbas/service/OpenBASExecutorContextService.java +++ b/openbas-framework/src/main/java/io/openbas/executors/openbas/service/OpenBASExecutorContextService.java @@ -27,15 +27,15 @@ private String computeCommand(@NotNull final Inject inject, Endpoint.PLATFORM_TY .orElseThrow(() -> new UnsupportedOperationException("Inject does not have a contract")); switch (platform) { - case Windows -> { + case Endpoint.PLATFORM_TYPE.Windows -> { return injector.getExecutorCommands().get(Endpoint.PLATFORM_TYPE.Windows.name() + "." + arch.name()) .replace("#{inject}", inject.getId()); } - case Linux -> { + case Endpoint.PLATFORM_TYPE.Linux -> { return injector.getExecutorCommands().get(Endpoint.PLATFORM_TYPE.Linux.name() + "." + arch.name()) .replace("#{inject}", inject.getId()); } - case MacOS -> { + case Endpoint.PLATFORM_TYPE.MacOS -> { return injector.getExecutorCommands().get(Endpoint.PLATFORM_TYPE.MacOS.name() + "." + arch.name()) .replace("#{inject}", inject.getId()); } @@ -46,7 +46,7 @@ private String computeCommand(@NotNull final Inject inject, Endpoint.PLATFORM_TY public void launchExecutorSubprocess(@NotNull final Inject inject, @NotNull final Asset asset) { Endpoint.PLATFORM_TYPE platform = Objects.equals(asset.getType(), "Endpoint") ? ((Endpoint) Hibernate.unproxy(asset)).getPlatform() : null; Endpoint.PLATFORM_ARCH arch = Objects.equals(asset.getType(), "Endpoint") ? ((Endpoint) Hibernate.unproxy(asset)).getArch() : null; - if (null == platform) { + if (platform == null) { throw new RuntimeException("Unsupported null platform"); } AssetAgentJob assetAgentJob = new AssetAgentJob(); diff --git a/openbas-model/src/main/java/io/openbas/database/model/AssetAgentJob.java b/openbas-model/src/main/java/io/openbas/database/model/AssetAgentJob.java index 5cb728f4a4..b4d7f9c445 100644 --- a/openbas-model/src/main/java/io/openbas/database/model/AssetAgentJob.java +++ b/openbas-model/src/main/java/io/openbas/database/model/AssetAgentJob.java @@ -48,24 +48,24 @@ public class AssetAgentJob implements Base { @Override public String toString() { - return this.id; + return id; } @Override - public boolean equals(final Object o) { + public boolean equals(Object o) { if (this == o) return true; - if (null == o || !Base.class.isAssignableFrom(o.getClass())) return false; - final Base base = (Base) o; - return this.id.equals(base.getId()); + if (o == null || !Base.class.isAssignableFrom(o.getClass())) return false; + Base base = (Base) o; + return id.equals(base.getId()); } @Override public int hashCode() { - return Objects.hash(this.id); + return Objects.hash(id); } @Override public String getId() { - return this.id; + return id; } } From 462f404c1a42d5f2e78d72882ba153c7d27ca8b7 Mon Sep 17 00:00:00 2001 From: Stephanya Casanova Date: Wed, 11 Sep 2024 16:41:55 +0200 Subject: [PATCH 10/11] [backend] add elevation_required into paylaod model --- .../java/io/openbas/rest/payload/form/PayloadCreateInput.java | 3 --- .../java/io/openbas/rest/payload/form/PayloadUpdateInput.java | 3 --- 2 files changed, 6 deletions(-) diff --git a/openbas-api/src/main/java/io/openbas/rest/payload/form/PayloadCreateInput.java b/openbas-api/src/main/java/io/openbas/rest/payload/form/PayloadCreateInput.java index acee78a04a..7083cad651 100644 --- a/openbas-api/src/main/java/io/openbas/rest/payload/form/PayloadCreateInput.java +++ b/openbas-api/src/main/java/io/openbas/rest/payload/form/PayloadCreateInput.java @@ -73,9 +73,6 @@ public class PayloadCreateInput { @JsonProperty("payload_attack_patterns") private List attackPatternsIds = new ArrayList<>(); - - @JsonProperty("payload_elevation_required") - private boolean elevationRequired; } diff --git a/openbas-api/src/main/java/io/openbas/rest/payload/form/PayloadUpdateInput.java b/openbas-api/src/main/java/io/openbas/rest/payload/form/PayloadUpdateInput.java index 572212249c..da3bb24ddc 100644 --- a/openbas-api/src/main/java/io/openbas/rest/payload/form/PayloadUpdateInput.java +++ b/openbas-api/src/main/java/io/openbas/rest/payload/form/PayloadUpdateInput.java @@ -58,9 +58,6 @@ public class PayloadUpdateInput { @JsonProperty("payload_attack_patterns") private List attackPatternsIds = new ArrayList<>(); - - @JsonProperty("payload_elevation_required") - private boolean elevationRequired; } From 7c0f825869669fbc1f333acf5f36ee9fec73b3be Mon Sep 17 00:00:00 2001 From: Romuald Lemesle Date: Tue, 17 Sep 2024 11:45:10 +0200 Subject: [PATCH 11/11] Fix --- ...ava => V3_37__Add_column_elevation_required_payload.java} | 2 +- .../src/main/java/io/openbas/database/model/Payload.java | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) rename openbas-api/src/main/java/io/openbas/migration/{V3_34__Add_column_elevation_required_payload.java => V3_37__Add_column_elevation_required_payload.java} (88%) diff --git a/openbas-api/src/main/java/io/openbas/migration/V3_34__Add_column_elevation_required_payload.java b/openbas-api/src/main/java/io/openbas/migration/V3_37__Add_column_elevation_required_payload.java similarity index 88% rename from openbas-api/src/main/java/io/openbas/migration/V3_34__Add_column_elevation_required_payload.java rename to openbas-api/src/main/java/io/openbas/migration/V3_37__Add_column_elevation_required_payload.java index e09b6506fa..7f1f3c4f8e 100644 --- a/openbas-api/src/main/java/io/openbas/migration/V3_34__Add_column_elevation_required_payload.java +++ b/openbas-api/src/main/java/io/openbas/migration/V3_37__Add_column_elevation_required_payload.java @@ -7,7 +7,7 @@ import java.sql.Statement; @Component -public class V3_34__Add_column_elevation_required_payload extends BaseJavaMigration { +public class V3_37__Add_column_elevation_required_payload extends BaseJavaMigration { @Override public void migrate(final Context context) throws Exception { diff --git a/openbas-model/src/main/java/io/openbas/database/model/Payload.java b/openbas-model/src/main/java/io/openbas/database/model/Payload.java index f4bdee081b..a5e21d3e20 100644 --- a/openbas-model/src/main/java/io/openbas/database/model/Payload.java +++ b/openbas-model/src/main/java/io/openbas/database/model/Payload.java @@ -6,6 +6,7 @@ import io.hypersistence.utils.hibernate.type.json.JsonType; import io.openbas.annotation.Queryable; import io.openbas.database.audit.ModelBaseListener; +import io.openbas.database.model.Endpoint.PLATFORM_TYPE; import io.openbas.helper.MonoIdDeserializer; import io.openbas.helper.MultiIdListDeserializer; import io.openbas.helper.MultiIdSetDeserializer; @@ -72,7 +73,7 @@ public enum PAYLOAD_STATUS { @Type(StringArrayType.class) @Column(name = "payload_platforms", columnDefinition = "text[]") @JsonProperty("payload_platforms") - private Endpoint.PLATFORM_TYPE[] platforms = new Endpoint.PLATFORM_TYPE[0]; + private PLATFORM_TYPE[] platforms = new PLATFORM_TYPE[0]; @Setter @ManyToMany(fetch = FetchType.EAGER) @@ -164,7 +165,7 @@ public enum PAYLOAD_STATUS { @JsonProperty("payload_collector_type") private String getCollectorType() { - return null != collector ? this.collector.getType() : null; + return this.collector != null ? this.collector.getType() : null; } @Override