Skip to content

Commit

Permalink
Support for collecting artifacts using command args (#72)
Browse files Browse the repository at this point in the history
  • Loading branch information
@puffyCid
puffyCid authored Oct 1, 2023
1 parent cbae5d9 commit 3b3c23a
Show file tree
Hide file tree
Showing 115 changed files with 2,033 additions and 462 deletions.
3 changes: 3 additions & 0 deletions .changes/unreleased/Added-20230928-231729.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
kind: Added
body: "Support for collecting artifacts using command args. Example: `artemis acquire processes`"
time: 2023-09-28T23:17:29.098102-04:00
3 changes: 3 additions & 0 deletions .changes/unreleased/Dependencies-20230928-232607.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
kind: Dependencies
body: Updated all dependencies to latest versions
time: 2023-09-28T23:26:07.117544-04:00
1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,4 @@
/.idea/
*.org
/.vscode/
*heartbeat.jsonl
71 changes: 36 additions & 35 deletions Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

14 changes: 7 additions & 7 deletions artemis-core/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,21 +8,21 @@ edition = "2021"
[dependencies]
serde = { version = "1.0.188", features = ["derive"] }
log = "0.4.20"
serde_json = "1.0.106"
toml = "0.8.0"
serde_json = "1.0.107"
toml = "0.8.1"
base64 = "0.21.4"
nom = "7.1.3"
rusqlite = { version = "0.29.0", features = ["bundled"] }
md-5 = "0.10.5"
md-5 = "0.10.6"
sha-1 = "0.10.1"
sha2 = "0.10.7"
sha2 = "0.10.8"
regex = "1.9.5"
byteorder = "1.4.3"
walkdir = "2.4.0"
sysinfo = "0.29.10"
home = "0.5.5"
uuid = { version = "1.4.1", features = ["v4"] }
chrono = "0.4.30"
chrono = "0.4.31"
flate2 = "1.0.27"
simplelog = "0.12.1"
zip = { version = "0.6.6", default-features = false }
Expand All @@ -34,7 +34,7 @@ quick-xml = { version = "0.30.0", default-features = false}
xml2json-rs = "1.0.1"

# Deno Runtime integration
deno_core = { version = "0.209.0" }
deno_core = { version = "0.218.0" }
tokio = { version = "1.32.0" }

# Windows Dependencies
Expand All @@ -60,7 +60,7 @@ plist = "1.5.0"

# Dependencies at compile time
[build-dependencies]
deno_core = { version = "0.209.0" }
deno_core = { version = "0.218.0" }

# Dependencies for tests
[dev-dependencies]
Expand Down
5 changes: 3 additions & 2 deletions artemis-core/src/artifacts/applications/artifacts.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,8 @@ use super::{
use crate::{
output::formats::{json::json_format, jsonl::jsonl_format},
runtime::deno::filter_script,
utils::{artemis_toml::Output, time},
structs::toml::Output,
utils::time,
};
use log::{error, warn};
use serde_json::Value;
Expand Down Expand Up @@ -241,7 +242,7 @@ mod tests {
artifacts::applications::artifacts::{
chromium_downloads, chromium_history, firefox_downloads, firefox_history,
},
utils::artemis_toml::Output,
structs::toml::Output,
};

#[cfg(target_os = "macos")]
Expand Down
34 changes: 13 additions & 21 deletions artemis-core/src/artifacts/linux_collection.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,36 +5,26 @@ use crate::artifacts::os::linux::artifacts::{files, processes, systeminfo};
use crate::artifacts::os::linux::error::LinuxArtifactError;
use crate::artifacts::os::unix::artifacts::{bash_history, cron_job, python_history, zsh_history};
use crate::runtime::deno::execute_script;
use crate::utils::{
artemis_toml::ArtemisToml, logging::upload_logs, output::compress_final_output,
};
use crate::structs::toml::ArtemisToml;
use crate::utils::{logging::upload_logs, output::compress_final_output};
use log::{error, info, warn};

use super::os::linux::artifacts::{journals, logons};
use super::os::unix::artifacts::sudo_logs;

/// Parse the TOML collector and get Linux artifact targets
pub(crate) fn linux_collection(toml_data: &[u8]) -> Result<(), LinuxArtifactError> {
let collector_results = ArtemisToml::parse_artemis_toml_data(toml_data);
let mut collector = match collector_results {
Ok(results) => results,
Err(err) => {
error!("[artemis-core] Linux Artemis failed to parse TOML data: {err:?}");
return Err(LinuxArtifactError::BadToml);
}
};

for artifacts in collector.artifacts {
pub(crate) fn linux_collection(collector: &mut ArtemisToml) -> Result<(), LinuxArtifactError> {
for artifacts in &collector.artifacts {
let filter = artifacts.filter.unwrap_or(false);
match artifacts.artifact_name.as_str() {
"files" => {
let file_data = artifacts.files;
let file_data = &artifacts.files;
let file_artifact_config = match file_data {
Some(result_data) => result_data,
_ => continue,
};

let results = files(&file_artifact_config, &mut collector.output, &filter);
let results = files(file_artifact_config, &mut collector.output, &filter);
match results {
Ok(_) => info!("Collected file listing"),
Err(err) => {
Expand Down Expand Up @@ -94,13 +84,13 @@ pub(crate) fn linux_collection(toml_data: &[u8]) -> Result<(), LinuxArtifactErro
}
}
"processes" => {
let proc = artifacts.processes;
let proc = &artifacts.processes;
let proc_artifacts = match proc {
Some(result) => result,
_ => continue,
};

let results = processes(&proc_artifacts, &mut collector.output, &filter);
let results = processes(proc_artifacts, &mut collector.output, &filter);
match results {
Ok(_) => info!("Collected processes"),
Err(err) => {
Expand Down Expand Up @@ -170,12 +160,12 @@ pub(crate) fn linux_collection(toml_data: &[u8]) -> Result<(), LinuxArtifactErro
}
}
"script" => {
let script_data = artifacts.script;
let script_data = &artifacts.script;
let script = match script_data {
Some(result) => result,
_ => continue,
};
let results = execute_script(&mut collector.output, &script);
let results = execute_script(&mut collector.output, script);
match results {
Ok(_) => info!("Executed JavaScript "),
Err(err) => {
Expand Down Expand Up @@ -216,6 +206,7 @@ pub(crate) fn linux_collection(toml_data: &[u8]) -> Result<(), LinuxArtifactErro
mod tests {
use crate::artifacts::linux_collection::linux_collection;
use crate::filesystem::files::read_file;
use crate::structs::toml::ArtemisToml;
use std::path::PathBuf;

#[test]
Expand All @@ -224,6 +215,7 @@ mod tests {
test_location.push("tests/test_data/linux/quick.toml");

let buffer = read_file(&test_location.display().to_string()).unwrap();
linux_collection(&buffer).unwrap();
let mut collector = ArtemisToml::parse_artemis_toml(&buffer).unwrap();
linux_collection(&mut collector).unwrap();
}
}
Loading

0 comments on commit 3b3c23a

Please sign in to comment.