Skip to content

[backend] Set inject status to MAYBE_PREVENTED when agent cleans a job #2875

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[backend] Set inject status to MAYBE_PREVENTED when agent cleans a job #2875

wants to merge 1 commit into from

Conversation

rubyroobs
Copy link

@rubyroobs rubyroobs commented Apr 4, 2025
edited
Loading

Proposed changes

  • Set the inject status to MAYBE_PREVENTED when an agent sends a request to clean (delete) a job

Related issues

Test instructions

I couldn't see any test cases covering the agent jobs API (other than agent or "endpoint" registration?) so I tested this manually:

See below testing instructions (given as mix of curl commands and instructions)

# 1. Go to OpenBAS UI /admin/agents and get the token from instructions to add a new agent (I chose Linux)
export OPENBAS_TMP_TEST_TOKEN=AGENTTOKENGOESHERE

curl -XPOST -H "Authorization: Bearer $OPENBAS_TMP_TEST_TOKEN" http://localhost:3001/api/endpoints/register --json '{"asset_name": "test","asset_external_reference": "test","endpoint_agent_version": "1.15.0","endpoint_ips":["127.0.0.2"],"endpoint_platform": "Linux","endpoint_arch": "x86_64","endpoint_mac_addresses": ["00:AA:AA:AA:AA:00"],"endpoint_hostname": "test","agent_is_service": true,"agent_is_elevated": true,"agent_executed_by_user": "ruby","agent_installation_mode": "test"}'

# 2. As long as results indicate success (listened: true etc...), proceed to create some kind of inject
# in the UI (I just made a whoami command payload and an atomic test of that) targeted at the agent
# you just registered. Launch it and wait until status becomes pending. Then get "asset_agent_id" for
# the job with curl call

curl -XPOST -H "Authorization: Bearer $OPENBAS_TMP_TEST_TOKEN" http://localhost:3001/api/endpoints/jobs --json '{"asset_external_reference": "test","agent_is_service": true,"agent_is_elevated": true,"agent_executed_by_user": "ruby"}'

# 3. Then delete it like the agent would
export OPENBAS_TMP_JOB_ID=JOBIDGOESHEREFROMSTEPTWO
curl -XDELETE -H "Authorization: Bearer $OPENBAS_TMP_TEST_TOKEN" "http://localhost:3001/api/endpoints/jobs/$OPENBAS_TMP_JOB_ID"

# 4. Check the status in the UI is updated to MAYBE_PREVENTED
MAYBE_PREVENTED status on the atomic test

Checklist

  • I consider the submitted work as finished
  • I tested the code for its functionality
  • I wrote test cases for the relevant uses case
  • I added/update the relevant documentation (either on github or on notion)
  • Where necessary I refactored code to improve the overall quality
  • For bug fix -> I implemented a test that covers the bug

Further comments

If this is a relatively large or complex change, kick off the discussion by explaining why you chose the solution you did and what alternatives you considered, etc...

@rubyroobs
Copy link
Author

@RomuDeuxfois @Seb-MIGUEL Hi! Please take a look at this PR implementing the solution I proposed in #2801 - thanks!

@RomuDeuxfois
Copy link
Member

@RomuDeuxfois @Seb-MIGUEL Hi! Please take a look at this PR implementing the solution I proposed in #2801 - thanks!

Thank you for that ! We will take a look on monday morning.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Inject still in pending state if implant is killed
2 participants
@rubyroobs @RomuDeuxfois