Added command and arguments for ScheduledTask collection

lkarlslund · Mar 28, 2022 · 85fc7e3 · 85fc7e3
1 parent 68048f4
commit 85fc7e3
Show file tree

Hide file tree

Showing 4 changed files with 218 additions and 99 deletions.
diff --git a/modules/integrations/localmachine/collect/main.go b/modules/integrations/localmachine/collect/main.go
@@ -271,6 +271,8 @@ func Collect(outputpath string) error {
 	ts, err := taskmaster.Connect()
 	if err == nil {
 		scheduledtasksinfo, _ = ts.GetRegisteredTasks()
+		defer scheduledtasksinfo.Release()
+		defer ts.Disconnect()
 	}
 
 	// GATHER INTERESTING STUFF FROM EVENT LOG
@@ -363,6 +365,7 @@ func Collect(outputpath string) error {
 			Count: count,
 		})
 	}
+
 	/*
 		slog, err := winevent.NewStream(winevent.EventStreamParams{
 			Channel:  "Microsoft-Windows-Winlogon/Operational",
@@ -405,6 +408,7 @@ func Collect(outputpath string) error {
 			}
 		}
 	*/
+
 	// MACHINE AVAILABILITY
 	var timeonmonth, timeonweek, timeonday time.Duration
 	elog, err = winevent.NewStream(winevent.EventStreamParams{

diff --git a/modules/integrations/localmachine/collect/taskmaster.go b/modules/integrations/localmachine/collect/taskmaster.go
@@ -10,10 +10,15 @@ func ConvertRegisteredTask(rt taskmaster.RegisteredTask) localmachine.Registered
 		Name: rt.Name,
 		Path: rt.Path,
 		Definition: localmachine.TaskDefinition{
-			Actions: func() []string {
-				a := make([]string, len(rt.Definition.Actions))
+			Actions: func() []localmachine.TaskAction {
+				a := make([]localmachine.TaskAction, len(rt.Definition.Actions))
 				for i, v := range rt.Definition.Actions {
-					a[i] = v.GetType().String()
+					a[i].Type = v.GetType().String()
+					if e, ok := v.(taskmaster.ExecAction); ok {
+						a[i].Path = e.Path
+						a[i].Args = e.Args
+						a[i].WorkingDir = e.WorkingDir
+					}
 				}
 				return a
 			}(),

diff --git a/modules/integrations/localmachine/structs.go b/modules/integrations/localmachine/structs.go
@@ -177,7 +177,7 @@ type RegisteredTask struct {
 }
 
 type TaskDefinition struct {
-	Actions          []string         `json:",omitempty"`
+	Actions          []TaskAction     `json:",omitempty"`
 	Context          string           `json:",omitempty"`
 	Data             string           `json:",omitempty"`
 	Principal        Principal        `json:",omitempty"`
@@ -187,6 +187,13 @@ type TaskDefinition struct {
 	XMLText          string           `json:",omitempty"`
 }
 
+type TaskAction struct {
+	Type       string `json:",omitempty"`
+	Path       string `json:",omitempty"`
+	Args       string `json:",omitempty"`
+	WorkingDir string `json:",omitempty"`
+}
+
 type Principal struct {
 	Name      string `json:",omitempty"`
 	GroupID   string `json:",omitempty"`