github.com/facebookincubator/ttpforge@v1.0.13-0.20240405153150-5ae801628835/pkg/blocks/copypath.go

github.com/facebookincubator/ttpforge@v1.0.13-0.20240405153150-5ae801628835/pkg/blocks/copypath.go (about)

     1  /*
     2  Copyright © 2023-present, Meta Platforms, Inc. and affiliates
     3  Permission is hereby granted, free of charge, to any person obtaining a copy
     4  of this software and associated documentation files (the "Software"), to deal
     5  in the Software without restriction, including without limitation the rights
     6  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
     7  copies of the Software, and to permit persons to whom the Software is
     8  furnished to do so, subject to the following conditions:
     9  The above copyright notice and this permission notice shall be included in
    10  all copies or substantial portions of the Software.
    11  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
    12  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
    13  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
    14  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
    15  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
    16  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
    17  THE SOFTWARE.
    18  */
    19  
    20  package blocks
    21  
    22  import (
    23  	"fmt"
    24  
    25  	"github.com/facebookincubator/ttpforge/pkg/logging"
    26  	"github.com/otiai10/copy"
    27  	"github.com/spf13/afero"
    28  )
    29  
    30  // CopyPathStep creates a new file and populates it
    31  // with the specified contents from an existing path.
    32  // Its intended use is simulating malicious file copies
    33  // via a C2, where there is no corresponding shell history
    34  // telemetry.
    35  type CopyPathStep struct {
    36  	actionDefaults `yaml:",inline"`
    37  	Source         string   `yaml:"copy_path,omitempty"`
    38  	Destination    string   `yaml:"to,omitempty"`
    39  	Recursive      bool     `yaml:"recursive,omitempty"`
    40  	Overwrite      bool     `yaml:"overwrite,omitempty"`
    41  	Mode           int      `yaml:"mode,omitempty"`
    42  	FileSystem     afero.Fs `yaml:"-,omitempty"`
    43  }
    44  
    45  // NewCopyPathStep creates a new CopyPathStep instance and returns a pointer to it.
    46  func NewCopyPathStep() *CopyPathStep {
    47  	return &CopyPathStep{}
    48  }
    49  
    50  // IsNil checks if the step is nil or empty and returns a boolean value.
    51  func (s *CopyPathStep) IsNil() bool {
    52  	switch {
    53  	case s.Source == "":
    54  		return true
    55  	case s.Destination == "":
    56  		return true
    57  	default:
    58  		return false
    59  	}
    60  }
    61  
    62  // Validate validates the step, checking for the necessary attributes and dependencies
    63  func (s *CopyPathStep) Validate(_ TTPExecutionContext) error {
    64  	if s.Source == "" {
    65  		return fmt.Errorf("src field cannot be empty")
    66  	}
    67  	if s.Destination == "" {
    68  		return fmt.Errorf("dest field cannot be empty")
    69  	}
    70  	return nil
    71  }
    72  
    73  // Execute runs the step and returns an error if one occurs.
    74  func (s *CopyPathStep) Execute(_ TTPExecutionContext) (*ActResult, error) {
    75  	logging.L().Infof("Copying file(s) from %v to %v", s.Source, s.Destination)
    76  	fsys := s.FileSystem
    77  	if fsys == nil {
    78  		fsys = afero.NewOsFs()
    79  	}
    80  
    81  	// check if source exists.
    82  	sourceExists, err := afero.Exists(fsys, s.Source)
    83  	if err != nil {
    84  		return nil, err
    85  	}
    86  
    87  	// if source does not exist.
    88  	if !sourceExists {
    89  		return nil, fmt.Errorf("source %v does not exist", s.Source)
    90  	}
    91  
    92  	// if source is a directory but recursive is false
    93  	srcInfo, err := fsys.Stat(s.Source)
    94  	if err != nil {
    95  		return nil, err
    96  	}
    97  	if srcInfo.IsDir() && !s.Recursive {
    98  		return nil, fmt.Errorf("source %v is a directory, but the recursive flag is set to false", s.Source)
    99  	}
   100  
   101  	// check if destination exists.
   102  	destExists, err := afero.Exists(fsys, s.Destination)
   103  	if err != nil {
   104  		return nil, err
   105  	}
   106  	// if destination exits, return error if overwrite flag is not true.
   107  	if destExists && !s.Overwrite {
   108  		return nil, fmt.Errorf("dest %v already exists and overwrite was not set", s.Destination)
   109  	}
   110  
   111  	// use the default umask
   112  	// https://stackoverflow.com/questions/23842247/reading-default-filemode-when-using-os-o-create
   113  	mode := s.Mode
   114  	if mode == 0 {
   115  		mode = 0666
   116  	}
   117  
   118  	// Copy a file
   119  	err = copy.Copy(s.Source, s.Destination)
   120  	if err != nil {
   121  		return nil, err
   122  	}
   123  
   124  	return &ActResult{}, nil
   125  }
   126  
   127  // GetDefaultCleanupAction will instruct the calling code
   128  // to remove the path created by this action
   129  func (s *CopyPathStep) GetDefaultCleanupAction() Action {
   130  	return &RemovePathAction{
   131  		Path: s.Destination,
   132  	}
   133  }
   134  
   135  // CanBeUsedInCompositeAction enables this action to be used in a composite action
   136  func (s *CopyPathStep) CanBeUsedInCompositeAction() bool {
   137  	return true
   138  }