Skip to content

[backend/frontend] Manage architecture for OpenBAS implant #2908

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 10 commits into
base: release/current
Choose a base branch
from
Open

[backend/frontend] Manage architecture for OpenBAS implant #2908

wants to merge 10 commits into from

Conversation

damgouj
Copy link
Member

@damgouj damgouj commented Apr 9, 2025

Proposed changes

  • Clarify the compatible architecture for the assets
  • Add the architecture in the OpenBAS implant script as Crowdstrike agent doesn't know this data
  • Add error execution trace if the implant isn't compatible with the asset architecture
  • Add tests

Related issues

Checklist

  • I consider the submitted work as finished
  • I tested the code for its functionality
  • I wrote test cases for the relevant uses case
  • I added/update the relevant documentation (either on github or on notion)
  • Where necessary I refactored code to improve the overall quality
  • For bug fix -> I implemented a test that covers the bug

@damgouj damgouj added the filigran team use to identify PR from the Filigran team label Apr 9, 2025
@damgouj damgouj self-assigned this Apr 9, 2025
@damgouj damgouj linked an issue Apr 9, 2025 that may be closed by this pull request
Implant is not downloaded for Crowdstrike agent if the host can't reach OpenBAS #2870
Open
@damgouj damgouj removed a link to an issue Apr 9, 2025
Implant is not downloaded for Crowdstrike agent if the host can't reach OpenBAS #2870
Open
@damgouj damgouj linked an issue Apr 9, 2025 that may be closed by this pull request
Download OpenBAS implant with correct architecture for CS agent #2868
Open
@codecov Codecov
Copy link

codecov bot commented Apr 9, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 10.34483% with 26 lines in your changes missing coverage. Please review.

Project coverage is 40.18%. Comparing base (6222686) to head (66527cf).
Report is 5 commits behind head on release/current.

Files with missing lines Patch % Lines
...ain/java/io/openbas/rest/injector/InjectorApi.java 0.00% 19 Missing ⚠️
...ike/service/CrowdStrikeExecutorContextService.java 0.00% 5 Missing ⚠️
...cutors/caldera/service/CalderaExecutorService.java 0.00% 2 Missing ⚠️
Additional details and impacted files 
@@                  Coverage Diff                  @@
##             release/current    #2908      +/-   ##
=====================================================
+ Coverage              40.00%   40.18%   +0.17%     
- Complexity              2123     2124       +1     
=====================================================
  Files                    646      647       +1     
  Lines                  20065    20082      +17     
  Branches                1369     1369              
=====================================================
+ Hits                    8027     8069      +42     
+ Misses                 11597    11563      -34     
- Partials                 441      450       +9

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@damgouj damgouj marked this pull request as ready for review April 10, 2025 07:00
RomuDeuxfois
RomuDeuxfois reviewed Apr 17, 2025
View reviewed changes
...i/src/test/java/io/openbas/executors/crowdstrike/service/CrowdstrikeExecutorServiceTest.java
private CrowdStrikeDevice crowdstrikeAgent;
private Executor crowdstrikeExecutor;

private void initCsAgent() {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nitpick: Could be put in a fixture class

...rc/main/java/io/openbas/executors/crowdstrike/service/CrowdStrikeExecutorContextService.java
WINDOWS_ARCH
+ WINDOWS_EXTERNAL_REFERENCE
+ command.replace(
Endpoint.PLATFORM_ARCH.x86_64.name(),
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't understand this part

openbas-api/src/main/java/io/openbas/rest/injector/InjectorApi.java
Comment on lines +400 to +409
InjectStatus injectStatus =
inject.getStatus().orElseThrow(() -> new IllegalArgumentException("Status should exist"));
injectStatus.addTrace(ExecutionTraceStatus.ERROR, message, ExecutionTraceAction.START, agent);
injectStatusRepository.save(injectStatus);
InjectExecutionInput input = new InjectExecutionInput();
input.setMessage("Execution done");
input.setStatus(ExecutionTraceStatus.INFO.name());
input.setAction(InjectExecutionAction.complete);
injectStatusService.updateInjectStatus(agent, inject, input);
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@MarineLeM can you confirm this trace part ? Thank you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@RomuDeuxfois RomuDeuxfois RomuDeuxfois left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@damgouj damgouj

Labels
filigran team use to identify PR from the Filigran team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Download OpenBAS implant with correct architecture for CS agent
2 participants
@damgouj @RomuDeuxfois