Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement Mitre Caldera API to communicate with Sandcat agents #521

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Implement Mitre Caldera API to communicate with Sandcat agents #521

wants to merge 1 commit into from

Conversation

inesusvet
Copy link
Contributor

Summary:
buck build //security/redteam/purple_team/ttpforge:ttpforge --out ttpforge
buck run //security/redteam/purple_team/ttpforge:ttpforge -- serve

Differential Revision: D59696048

@inesusvet @facebook-github-bot
Implement Mitre Caldera API to communicate with Sandcat agents
1884945 
Summary:
buck build //security/redteam/purple_team/ttpforge:ttpforge --out ttpforge
  buck run //security/redteam/purple_team/ttpforge:ttpforge -- serve

Differential Revision: D59696048
@facebook-github-bot
Copy link
Contributor

This pull request was exported from Phabricator. Differential Revision: D59696048

@TTPForge-bot TTPForge-bot added the area/go Changes made to go resources label Dec 16, 2024
github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 16, 2024
View reviewed changes
cmd/serve.go
return
}
fullFilePath := cwd + "/" + filePath
if _, err := os.Stat(fullFilePath); err != nil {

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
Loading
.
cmd/serve.go
w.Header().Set("Filename", filePath)

// Serve the file
http.ServeFile(w, r, filePath)

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
Loading
.
cmd/serve.go

// Create a new file on disk
dstDir := fmt.Sprintf("%s/uploads/%s", cwd, agentID)
err = os.MkdirAll(dstDir, os.ModePerm)

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
Loading
.
cmd/serve.go
return
}
dst := fmt.Sprintf("%s/%s", dstDir, fh.Filename)
out, err := os.Create(dst)

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
Loading
.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@d3sch41n d3sch41n Awaiting requested review from d3sch41n d3sch41n is a code owner

@cedowens cedowens Awaiting requested review from cedowens cedowens is a code owner

@d0n601 d0n601 Awaiting requested review from d0n601 d0n601 is a code owner

@CrimsonK1ng CrimsonK1ng Awaiting requested review from CrimsonK1ng CrimsonK1ng is a code owner

@RoboticPrism RoboticPrism Awaiting requested review from RoboticPrism RoboticPrism is a code owner

Assignees
No one assigned
Labels
area/go Changes made to go resources cla signed fb-exported
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@inesusvet @facebook-github-bot @TTPForge-bot