Merge branch 'main' into tavern-testing

.github/workflows/tests.yml

@@ -32,7 +32,6 @@ jobs:
       run: go test -v -race -coverprofile='coverage.out' -covermode=atomic ./tavern/...
     - name: 📶 Upload Coverage Results
       uses: codecov/codecov-action@v3
-
   imix:
     runs-on: ${{ matrix.os }}
     strategy:
@@ -57,14 +56,18 @@ jobs:
       uses: Swatinem/rust-cache@v2
       with:
         workspaces: "./implants/imix -> ../target"
-    - name: 🔨 Build
-      run: cd implants/imix && cargo build --verbose
+    - name: Install latest nextest release
+      uses: taiki-e/install-action@nextest
+    - name: Install cargo-llvm-cov
+      uses: taiki-e/install-action@cargo-llvm-cov
     - name: 🔎 Run tests
-      run: cd implants/imix && cargo test --verbose -- --test-threads=256
+      run: cd ./implants/imix && cargo llvm-cov nextest --lcov --output-path lcov.info
+    - name: 📶 Upload Coverage Results
+      uses: codecov/codecov-action@v3
 
   eldritch:
     runs-on: ${{ matrix.os }}
-    timeout-minutes: 15
+    timeout-minutes: 30
     strategy:
       matrix:
         os:
@@ -87,7 +90,12 @@ jobs:
       uses: Swatinem/rust-cache@v2
       with:
         workspaces: "./implants/eldritch -> ../target"
-    - name: 🔨 Build
-      run: cd implants/eldritch && cargo build --verbose
+        components: llvm-tools-preview
+    - name: Install latest nextest release
+      uses: taiki-e/install-action@nextest
+    - name: Install cargo-llvm-cov
+      uses: taiki-e/install-action@cargo-llvm-cov
     - name: 🔎 Run tests
-      run: cd implants/eldritch && cargo test --verbose -- --test-threads=256
+      run: cd ./implants/eldritch && cargo llvm-cov nextest --lcov --output-path lcov.info
+    - name: 📶 Upload Coverage Results
+      uses: codecov/codecov-action@v3

.gitignore

@@ -36,3 +36,5 @@ build/**
 # Credentials
 .creds/**
 implants/imix/imix-test-config.json
+
+implants/golem/embed_files_golem_prod/*

docs/_docs/user-guide/golem.md

@@ -16,7 +16,7 @@ You can leverage the power of Eldritch with minimal exposure in the system proce
 ```bash
 git clone git@github.com:KCarretto/realm.git
 cd realm/implants/golem
-cargo run
+cargo run -- -i
 # - or - 
-../target/debug/golem working_dir/tomes/hello_world.tome
+../target/debug/golem ../../tests/golem_cli_test/tomes/hello_world.tome
 ```

implants/eldritch/Cargo.toml

@@ -24,6 +24,7 @@ tera = "1.17.1"
 gazebo = "0.8.1"
 nix = "0.26.1"
 eval = "0.4.3"
+rust-embed="6.6.0"
 
 [dependencies.windows-sys]
 version = "0.45.0"

implants/eldritch/src/assets.rs

@@ -0,0 +1,70 @@
+mod copy_impl;
+mod list_impl;
+
+use derive_more::Display;
+
+use starlark::environment::{Methods, MethodsBuilder, MethodsStatic};
+use starlark::values::none::NoneType;
+use starlark::values::{StarlarkValue, Value, UnpackValue, ValueLike, ProvidesStaticType};
+use starlark::{starlark_type, starlark_simple_value, starlark_module};
+
+use serde::{Serialize,Serializer};
+use rust_embed::RustEmbed;
+
+#[cfg(debug_assertions)]
+#[derive(RustEmbed)]
+#[folder = "../../tests/embedded_files_test"]
+pub struct Asset;
+
+#[cfg(not(debug_assertions))]
+#[derive(RustEmbed)]
+#[folder = "../../implants/golem/embed_files_golem_prod"]
+pub struct Asset;
+
+
+#[derive(Copy, Clone, Debug, PartialEq, Display, ProvidesStaticType)]
+#[display(fmt = "AssetsLibrary")]
+pub struct AssetsLibrary();
+starlark_simple_value!(AssetsLibrary);
+
+impl<'v> StarlarkValue<'v> for AssetsLibrary {
+    starlark_type!("assets_library");
+
+    fn get_methods() -> Option<&'static Methods> {
+        static RES: MethodsStatic = MethodsStatic::new();
+        RES.methods(methods)
+    }
+}
+
+impl Serialize for AssetsLibrary {
+    fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
+    where
+        S: Serializer,
+    {
+        serializer.serialize_none()
+    }
+}
+
+impl<'v> UnpackValue<'v> for AssetsLibrary {
+    fn expected() -> String {
+        AssetsLibrary::get_type_value_static().as_str().to_owned()
+    }
+
+    fn unpack_value(value: Value<'v>) -> Option<Self> {
+        Some(*value.downcast_ref::<AssetsLibrary>().unwrap())
+    }
+}
+
+// This is where all of the "assets.X" impl methods are bound
+#[starlark_module]
+fn methods(builder: &mut MethodsBuilder) {
+    fn copy(this: AssetsLibrary, src: String, dest: String) -> anyhow::Result<NoneType> {
+        if false { println!("Ignore unused this var. _this isn't allowed by starlark. {:?}", this); }
+        copy_impl::copy(src, dest)?;
+        Ok(NoneType{})
+    }
+    fn list(this: AssetsLibrary) -> anyhow::Result<Vec<String>> {
+        if false { println!("Ignore unused this var. _this isn't allowed by starlark. {:?}", this); }
+        list_impl::list()
+    }
+}

implants/eldritch/src/assets/copy_impl.rs

@@ -0,0 +1,41 @@
+use std::fs;
+use anyhow::Result;
+
+pub fn copy(src: String, dst: String) -> Result<()> {
+    let src_file = match super::Asset::get(src.as_str()) {
+        Some(local_src_file) => local_src_file.data,
+        None => return Err(anyhow::anyhow!("Embedded file {src} not found.")),
+    };
+
+    match fs::write(dst, src_file) {
+        Ok(_) => Ok(()),
+        Err(local_err) => Err(local_err.into()),
+    }
+}
+
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use std::io::prelude::*;
+    use tempfile::NamedTempFile;
+
+    #[test]
+    fn test_embedded_copy() -> anyhow::Result<()>{
+
+        // Create files
+        let mut tmp_file_dst = NamedTempFile::new()?;
+        let path_dst = String::from(tmp_file_dst.path().to_str().unwrap());
+
+        // Run our code
+        copy("exec_script/hello_word.sh".to_string(), path_dst)?;
+
+        // Read
+        let mut contents = String::new();
+        tmp_file_dst.read_to_string(&mut contents)?;
+        // Compare
+        assert!(contents.contains("hello from an embedded shell script"));
+
+        Ok(())
+    }
+}

implants/eldritch/src/assets/list_impl.rs

@@ -0,0 +1,25 @@
+use anyhow::Result;
+
+pub fn list() -> Result<Vec<String>> {
+    let mut res: Vec<String> = Vec::new();
+    for file_path in super::Asset::iter() {
+        res.push(file_path.to_string());
+    }
+
+    Ok(res)
+}
+
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn test_assets_list() -> anyhow::Result<()>{
+        let res_all_embedded_files = list()?;
+
+        assert_eq!(res_all_embedded_files, ["exec_script/hello_word.sh", "exec_script/main.eld", "print/main.eld"]);
+
+        Ok(())
+    }
+}

implants/eldritch/src/lib.rs

@@ -2,6 +2,7 @@ pub mod file;
 pub mod process;
 pub mod sys;
 pub mod pivot;
+pub mod assets;
 
 use serde_json::Map;
 use starlark::collections::SmallMap;
@@ -15,13 +16,17 @@ use starlark::values::{Value, AllocValue};
 use file::FileLibrary;
 use process::ProcessLibrary;
 use sys::SysLibrary;
+use assets::AssetsLibrary;
+use pivot::PivotLibrary;
 
 pub fn get_eldritch() -> anyhow::Result<Globals> {
     #[starlark_module]
     fn eldritch(builder: &mut GlobalsBuilder) {
         const file: FileLibrary = FileLibrary();
         const process: ProcessLibrary = ProcessLibrary();
         const sys: SysLibrary = SysLibrary();
+        const pivot: PivotLibrary = PivotLibrary();
+        const assets: AssetsLibrary = AssetsLibrary();
     }
 
     let globals = GlobalsBuilder::extended().with(eldritch).build();
@@ -114,35 +119,22 @@ mod tests {
     use std::thread;
 
     use super::*;
-    use starlark::environment::{GlobalsBuilder};
-    use starlark::{starlark_module};
     use starlark::assert::Assert;
     use tempfile::NamedTempFile;
 
-    use super::file::FileLibrary;
-    use super::process::ProcessLibrary;
-    use super::sys::SysLibrary;
-    use super::pivot::PivotLibrary;
-
     // just checks dir...
     #[test]
     fn test_library_bindings() {
-        #[starlark_module]
-        fn globals(builder: &mut GlobalsBuilder) {
-            const file: FileLibrary = FileLibrary();
-            const process: ProcessLibrary = ProcessLibrary();
-            const sys: SysLibrary = SysLibrary();
-            const pivot: PivotLibrary = PivotLibrary();
-        }
-
+        let globals = get_eldritch().unwrap();
         let mut a = Assert::new();
-        a.globals_add(globals);
+        a.globals(globals);
         a.all_true(
             r#"
 dir(file) == ["append", "compress", "copy", "download", "exists", "hash", "is_dir", "is_file", "mkdir", "read", "remove", "rename", "replace", "replace_all", "template", "timestomp", "write"]
 dir(process) == ["kill", "list", "name"]
 dir(sys) == ["dll_inject", "exec", "is_linux", "is_macos", "is_windows", "shell"]
 dir(pivot) == ["arp_scan", "bind_proxy", "ncat", "port_forward", "port_scan", "smb_exec", "ssh_exec", "ssh_password_spray"]
+dir(assets) == ["copy","list"]
 "#,
         );
     }

implants/eldritch/src/pivot/ncat_impl.rs

@@ -181,29 +181,29 @@ mod tests {
         assert_eq!(expected_response, actual_response.unwrap().unwrap());
         Ok(())
     }
-    #[test]
-    fn test_ncat_not_handle() -> anyhow::Result<()> {
-        let runtime = tokio::runtime::Builder::new_current_thread()
-            .enable_all()
-            .build()
-            .unwrap();
-
-        let response = runtime.block_on(
-            allocate_localhost_unused_ports(1,"tcp".to_string())
-        );
-
-        let test_port = response.unwrap()[0];
-
-        let result = ncat(String::from("127.0.0.1"), test_port, String::from("No one can hear me!"), String::from("tcp"));
-        match result {
-            Ok(res) => panic!("Connection failure expected: {:?}", res), // No valid connection should exist
-            Err(err) => match String::from(format!("{:?}", err)).as_str() {
-                "Connection refused (os error 111)" if cfg!(target_os = "linux") => assert!(true),
-                "No connection could be made because the target machine actively refused it. (os error 10061)" if cfg!(target_os = "windows") => assert!(true),
-                "Connection refused (os error 61)" if cfg!(target_os = "macos") => assert!(true),
-                _ => panic!("Unhandled result {:?}", err)
-            }
-        }
-        Ok(())
-    }
+    // #[test]
+    // fn test_ncat_not_handle() -> anyhow::Result<()> {
+    //     let runtime = tokio::runtime::Builder::new_current_thread()
+    //         .enable_all()
+    //         .build()
+    //         .unwrap();
+
+    //     let response = runtime.block_on(
+    //         allocate_localhost_unused_ports(1,"tcp".to_string())
+    //     );
+
+    //     let test_port = response.unwrap()[0];
+
+    //     let result = ncat(String::from("127.0.0.1"), test_port, String::from("No one can hear me!"), String::from("tcp"));
+    //     match result {
+    //         Ok(res) => panic!("Connection failure expected: {:?}", res), // No valid connection should exist
+    //         Err(err) => match String::from(format!("{:?}", err)).as_str() {
+    //             "Connection refused (os error 111)" if cfg!(target_os = "linux") => assert!(true),
+    //             "No connection could be made because the target machine actively refused it. (os error 10061)" if cfg!(target_os = "windows") => assert!(true),
+    //             "Connection refused (os error 61)" if cfg!(target_os = "macos") => assert!(true),
+    //             _ => panic!("Unhandled result {:?}", err)
+    //         }
+    //     }
+    //     Ok(())
+    // }
 }

implants/golem/Cargo.toml

@@ -16,6 +16,7 @@ gazebo.version = "0.8.1"
 itertools = "0.10"
 thiserror = "1.0.30"
 lsp-types = "0.93.0"
+rust-embed = { version = "6.6.0" }
 
 [dev-dependencies]
 assert_cmd = "2.0.6"