[backend] add command line with interpolated values

OpenBAS-Platform · Nov 12, 2024 · 037c5e1 · 037c5e1
1 parent 7d15dd7
commit 037c5e1
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 3 deletions.
diff --git a/openbas-api/src/main/java/io/openbas/injectors/openbas/OpenBASImplantExecutor.java b/openbas-api/src/main/java/io/openbas/injectors/openbas/OpenBASImplantExecutor.java
@@ -9,6 +9,7 @@
 import static io.openbas.model.expectation.PreventionExpectation.preventionExpectationForAsset;
 import static io.openbas.model.expectation.PreventionExpectation.preventionExpectationForAssetGroup;
 
+import com.fasterxml.jackson.databind.node.ObjectNode;
 import io.openbas.asset.AssetGroupService;
 import io.openbas.database.model.*;
 import io.openbas.database.repository.InjectRepository;
@@ -22,6 +23,8 @@
 import io.openbas.model.expectation.PreventionExpectation;
 import jakarta.validation.constraints.NotNull;
 import java.util.*;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 import java.util.stream.Stream;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.java.Log;
@@ -260,13 +263,21 @@ public ExecutionProcess process(Execution execution, ExecutableInject injection)
                                   .type(EXPECTATION_SIGNATURE_TYPE_PARENT_PROCESS_NAME)
                                   .value("obas-implant-" + inject.getId())
                                   .build());
+
+                          String interpolatedCommand =
+                              interpolateCommand(payloadCommand.getContent(), inject.getContent());
                           injectExpectationSignatures.add(
                               InjectExpectationSignature.builder()
-                                  .type(EXPECTATION_SIGNATURE_TYPE_COMMAND_LINE)
+                                  .type(EXPECTATION_SIGNATURE_TYPE_COMMAND_LINE_BASE64)
                                   .value(
                                       Base64.getEncoder()
-                                          .encodeToString(payloadCommand.getContent().getBytes()))
-                                  .build()); // Add parsing: base64 for example
+                                          .encodeToString(interpolatedCommand.getBytes()))
+                                  .build());
+                          injectExpectationSignatures.add(
+                              InjectExpectationSignature.builder()
+                                  .type(EXPECTATION_SIGNATURE_TYPE_COMMAND_LINE)
+                                  .value(interpolatedCommand)
+                                  .build());
                           totalActionsCount = totalActionsCount + 1;
                           if (payloadCommand.getPrerequisites() != null) {
                             totalActionsCount =
@@ -360,4 +371,24 @@ public ExecutionProcess process(Execution execution, ExecutableInject injection)
                 expectations, content, assetGroup, new ArrayList<>())));
     return new ExecutionProcess(true, expectations);
   }
+
+  private static String interpolateCommand(String commandMask, ObjectNode injectContent) {
+    List<String> placeholders = extractPlaceholderNames(commandMask);
+    String interpolatedCommand = commandMask;
+    for (String placeholder : placeholders) {
+      String value = injectContent.get(placeholder).asText();
+      interpolatedCommand = interpolatedCommand.replace("#{" + placeholder + "}", value);
+    }
+    return interpolatedCommand;
+  }
+
+  private static List<String> extractPlaceholderNames(String command) {
+    List<String> placeholders = new ArrayList<>();
+    Pattern pattern = Pattern.compile("#\\{(.*?)\\}");
+    Matcher matcher = pattern.matcher(command);
+    while (matcher.find()) {
+      placeholders.add(matcher.group(1));
+    }
+    return placeholders;
+  }
 }
diff --git a/openbas-model/src/main/java/io/openbas/database/model/InjectExpectationSignature.java b/openbas-model/src/main/java/io/openbas/database/model/InjectExpectationSignature.java
@@ -11,6 +11,7 @@ public class InjectExpectationSignature {
   public static final String EXPECTATION_SIGNATURE_TYPE_PARENT_PROCESS_NAME = "parent_process_name";
   public static final String EXPECTATION_SIGNATURE_TYPE_PROCESS_NAME = "process_name";
   public static final String EXPECTATION_SIGNATURE_TYPE_COMMAND_LINE = "command_line";
+  public static final String EXPECTATION_SIGNATURE_TYPE_COMMAND_LINE_BASE64 = "command_line_base64";
   public static final String EXPECTATION_SIGNATURE_TYPE_HASH = "hash";
   public static final String EXPECTATION_SIGNATURE_TYPE_FILE_NAME = "file_name";
   public static final String EXPECTATION_SIGNATURE_TYPE_IPV4_ADDRESS = "ipv4_address";