[tool] update drone & circle for prerelease platform (#1909)

.drone.yml

@@ -94,13 +94,14 @@ steps:
   - name: build-circleci
     image: curlimages/curl
     commands:
-      - curl -X POST --data "branch=master" https://circleci.com/api/v1.1/project/github/OpenBAS-Platform/openbas/build?circle-token=$CIRCLECI_TOKEN
+      - curl -X POST --data "branch=$DRONE_COMMIT_BRANCH" https://circleci.com/api/v1.1/project/github/OpenBAS-Platform/openbas/build?circle-token=$CIRCLECI_TOKEN
     environment:
       CIRCLECI_TOKEN:
         from_secret: circleci_token
     when:
       branch:
         - master
+        - release/*
       event:
         exclude:
           - pull_request

openbas-api/src/main/java/io/openbas/injectors/openbas/OpenBASInjector.java

@@ -57,6 +57,19 @@ public OpenBASInjector(
             + ";"
             + dlVar(openBASConfig, "windows", "x86_64")
             + ";$wc=New-Object System.Net.WebClient;$data=$wc.DownloadData($url);[io.file]::WriteAllBytes($filename,$data) | Out-Null;Remove-NetFirewallRule -DisplayName \"Allow OpenBAS Inbound\";New-NetFirewallRule -DisplayName \"Allow OpenBAS Inbound\" -Direction Inbound -Program \"$location\\$filename\" -Action Allow | Out-Null;Remove-NetFirewallRule -DisplayName \"Allow OpenBAS Outbound\";New-NetFirewallRule -DisplayName \"Allow OpenBAS Outbound\" -Direction Outbound -Program \"$location\\$filename\" -Action Allow | Out-Null;Start-Process -FilePath \"$location\\$filename\" -ArgumentList \"--uri $server --token $token --unsecured-certificate $unsecured_certificate --with-proxy $with_proxy --inject-id #{inject}\" -WindowStyle hidden;");
+    executorCommands.put(
+        Endpoint.PLATFORM_TYPE.Windows.name() + "." + Endpoint.PLATFORM_ARCH.arm64,
+        "$x=\"#{location}\";$location=$x.Replace(\"\\obas-agent-caldera.exe\", \"\");[Environment]::CurrentDirectory = $location;$filename=\"obas-implant-#{inject}.exe\";$"
+            + tokenVar
+            + ";$"
+            + serverVar
+            + ";$"
+            + unsecuredCertificateVar
+            + ";$"
+            + withProxyVar
+            + ";"
+            + dlVar(openBASConfig, "windows", "arm64")
+            + ";$wc=New-Object System.Net.WebClient;$data=$wc.DownloadData($url);[io.file]::WriteAllBytes($filename,$data) | Out-Null;Remove-NetFirewallRule -DisplayName \"Allow OpenBAS Inbound\";New-NetFirewallRule -DisplayName \"Allow OpenBAS Inbound\" -Direction Inbound -Program \"$location\\$filename\" -Action Allow | Out-Null;Remove-NetFirewallRule -DisplayName \"Allow OpenBAS Outbound\";New-NetFirewallRule -DisplayName \"Allow OpenBAS Outbound\" -Direction Outbound -Program \"$location\\$filename\" -Action Allow | Out-Null;Start-Process -FilePath \"$location\\$filename\" -ArgumentList \"--uri $server --token $token --unsecured-certificate $unsecured_certificate --with-proxy $with_proxy --inject-id #{inject}\" -WindowStyle hidden;");
     executorCommands.put(
         Endpoint.PLATFORM_TYPE.Linux.name() + "." + Endpoint.PLATFORM_ARCH.x86_64,
         "x=\"#{location}\";location=$(echo \"$x\" | sed \"s#/openbas-caldera-agent##\");filename=obas-implant-#{inject};"
@@ -70,6 +83,19 @@ public OpenBASInjector(
             + ";curl -s -X GET "
             + dlUri(openBASConfig, "linux", "x86_64")
             + " > $location/$filename;chmod +x $location/$filename;$location/$filename --uri $server --token $token --unsecured-certificate $unsecured_certificate --with-proxy $with_proxy --inject-id #{inject} &");
+    executorCommands.put(
+        Endpoint.PLATFORM_TYPE.Linux.name() + "." + Endpoint.PLATFORM_ARCH.arm64,
+        "x=\"#{location}\";location=$(echo \"$x\" | sed \"s#/openbas-caldera-agent##\");filename=obas-implant-#{inject};"
+            + serverVar
+            + ";"
+            + tokenVar
+            + ";"
+            + unsecuredCertificateVar
+            + ";"
+            + withProxyVar
+            + ";curl -s -X GET "
+            + dlUri(openBASConfig, "linux", "arm64")
+            + " > $location/$filename;chmod +x $location/$filename;$location/$filename --uri $server --token $token --unsecured-certificate $unsecured_certificate --with-proxy $with_proxy --inject-id #{inject} &");
     executorCommands.put(
         Endpoint.PLATFORM_TYPE.MacOS.name() + "." + Endpoint.PLATFORM_ARCH.x86_64,
         "x=\"#{location}\";location=$(echo \"$x\" | sed \"s#/openbas-caldera-agent##\");filename=obas-implant-#{inject};"
@@ -100,9 +126,15 @@ public OpenBASInjector(
     executorClearCommands.put(
         Endpoint.PLATFORM_TYPE.Windows.name() + "." + Endpoint.PLATFORM_ARCH.x86_64,
         "$x=\"#{location}\";$location=$x.Replace(\"\\obas-agent-caldera.exe\", \"\");[Environment]::CurrentDirectory = $location;cd \"$location\";Get-ChildItem -Recurse -Filter *implant* | Remove-Item");
+    executorClearCommands.put(
+        Endpoint.PLATFORM_TYPE.Windows.name() + "." + Endpoint.PLATFORM_ARCH.arm64,
+        "$x=\"#{location}\";$location=$x.Replace(\"\\obas-agent-caldera.exe\", \"\");[Environment]::CurrentDirectory = $location;cd \"$location\";Get-ChildItem -Recurse -Filter *implant* | Remove-Item");
     executorClearCommands.put(
         Endpoint.PLATFORM_TYPE.Linux.name() + "." + Endpoint.PLATFORM_ARCH.x86_64,
         "x=\"#{location}\";location=$(echo \"$x\" | sed \"s#/openbas-caldera-agent##\");cd \"$location\"; rm *implant*");
+    executorClearCommands.put(
+        Endpoint.PLATFORM_TYPE.Linux.name() + "." + Endpoint.PLATFORM_ARCH.arm64,
+        "x=\"#{location}\";location=$(echo \"$x\" | sed \"s#/openbas-caldera-agent##\");cd \"$location\"; rm *implant*");
     executorClearCommands.put(
         Endpoint.PLATFORM_TYPE.MacOS.name() + "." + Endpoint.PLATFORM_ARCH.x86_64,
         "x=\"#{location}\";location=$(echo \"$x\" | sed \"s#/openbas-caldera-agent##\");cd \"$location\"; rm *implant*");

openbas-api/src/main/java/io/openbas/rest/executor/ExecutorApi.java

@@ -39,6 +39,12 @@ public class ExecutorApi extends RestBehavior {
   @Value("${info.app.version:unknown}")
   String version;
 
+  @Value("${executor.openbas.binaries.origin:local}")
+  private String executorOpenbasBinariesOrigin;
+
+  @Value("${executor.openbas.binaries.version:${info.app.version:unknown}}")
+  private String executorOpenbasBinariesVersion;
+
   private ExecutorRepository executorRepository;
   private EndpointService endpointService;
   private FileService fileService;
@@ -138,24 +144,19 @@ public Executor registerExecutor(
   public @ResponseBody ResponseEntity<byte[]> getOpenBasAgentExecutable(
       @PathVariable String platform, @PathVariable String architecture) throws IOException {
     InputStream in = null;
-    String filename = null;
-    if (platform.equals("windows") && architecture.equals("x86_64")) {
-      filename = "openbas-agent-" + version + ".exe";
-      String resourcePath = "/openbas-agent/windows/x86_64/";
-      in = getClass().getResourceAsStream("/agents" + resourcePath + filename);
-      if (in == null) { // Dev mode, get from artifactory
-        filename = "openbas-agent-latest.exe";
-        in = new BufferedInputStream(new URL(JFROG_BASE + resourcePath + filename).openStream());
-      }
-    }
-    if (platform.equals("linux") || platform.equals("macos")) {
-      filename = "openbas-agent-" + version;
-      String resourcePath = "/openbas-agent/" + platform + "/" + architecture + "/";
+    String resourcePath = "/openbas-agent/" + platform + "/" + architecture + "/";
+    String filename = "";
+
+    if (executorOpenbasBinariesOrigin.equals("local")) { // if we want the local binaries
+      filename = "openbas-agent-" + version + (platform.equals("windows") ? ".exe" : "");
       in = getClass().getResourceAsStream("/agents" + resourcePath + filename);
-      if (in == null) { // Dev mode, get from artifactory
-        filename = "openbas-agent-latest";
-        in = new BufferedInputStream(new URL(JFROG_BASE + resourcePath + filename).openStream());
-      }
+    } else if (executorOpenbasBinariesOrigin.equals(
+        "repository")) { // if we want a specific version from artifactory
+      filename =
+          "openbas-agent-"
+              + executorOpenbasBinariesVersion
+              + (platform.equals("windows") ? ".exe" : "");
+      in = new BufferedInputStream(new URL(JFROG_BASE + resourcePath + filename).openStream());
     }
     if (in != null) {
       HttpHeaders headers = new HttpHeaders();
@@ -176,19 +177,25 @@ public Executor registerExecutor(
       @PathVariable String platform, @PathVariable String architecture) throws IOException {
     byte[] file = null;
     String filename = null;
-    if (platform.equals("windows") && architecture.equals("x86_64")) {
-      filename = "openbas-agent-installer-" + version + ".exe";
-      String resourcePath = "/openbas-agent/windows/x86_64/";
-      InputStream in = getClass().getResourceAsStream("/agents" + resourcePath + filename);
-      if (in != null) {
-        file = IOUtils.toByteArray(in);
-      } else { // Dev mode, get from artifactory
-        filename = "openbas-agent-installer-latest.exe";
+
+    if (platform.equals("windows")) {
+      InputStream in = null;
+      String resourcePath = "/openbas-agent/windows/" + architecture + "/";
+      if (executorOpenbasBinariesOrigin.equals("local")) { // if we want the local binaries
+        filename = "openbas-agent-" + version + ".exe";
+        in = getClass().getResourceAsStream("/agents" + resourcePath + filename);
+      } else if (executorOpenbasBinariesOrigin.equals(
+          "repository")) { // if we want a specific version from artifactory
+        filename = "openbas-agent-" + executorOpenbasBinariesVersion + ".exe";
         in = new BufferedInputStream(new URL(JFROG_BASE + resourcePath + filename).openStream());
-        file = IOUtils.toByteArray(in);
       }
+      if (in == null) {
+        throw new UnsupportedOperationException(
+            "Agent version " + executorOpenbasBinariesVersion + " not found");
+      }
+      file = IOUtils.toByteArray(in);
     }
-    // linux - No package needed
+    // linux & macos - No package needed
     if (file != null) {
       HttpHeaders headers = new HttpHeaders();
       headers.add(HttpHeaders.CONTENT_DISPOSITION, "attachment; filename=" + filename);

openbas-api/src/main/java/io/openbas/rest/injector/InjectorApi.java

@@ -58,6 +58,12 @@ public class InjectorApi extends RestBehavior {
   @Value("${info.app.version:unknown}")
   String version;
 
+  @Value("${executor.openbas.binaries.origin:local}")
+  private String executorOpenbasBinariesOrigin;
+
+  @Value("${executor.openbas.binaries.version:${info.app.version:unknown}}")
+  private String executorOpenbasBinariesVersion;
+
   @Resource private RabbitmqConfig rabbitmqConfig;
 
   private AttackPatternRepository attackPatternRepository;
@@ -333,25 +339,21 @@ public InjectorRegistration registerInjector(
   public @ResponseBody ResponseEntity<byte[]> getOpenBasImplant(
       @PathVariable String platform, @PathVariable String architecture) throws IOException {
     InputStream in = null;
-    String filename = null;
-    if (platform.equals("windows") && architecture.equals("x86_64")) {
-      filename = "openbas-implant-" + version + ".exe";
-      String resourcePath = "/openbas-implant/windows/x86_64/";
-      in = getClass().getResourceAsStream("/implants" + resourcePath + filename);
-      if (in == null) { // Dev mode, get from artifactory
-        filename = "openbas-implant-latest.exe";
-        in = new BufferedInputStream(new URL(JFROG_BASE + resourcePath + filename).openStream());
-      }
-    }
-    if (platform.equals("linux") || platform.equals("macos")) {
-      filename = "openbas-implant-" + version;
-      String resourcePath = "/openbas-implant/" + platform + "/" + architecture + "/";
+    String filename = "";
+    String resourcePath = "/openbas-implant/" + platform + "/" + architecture + "/";
+
+    if (executorOpenbasBinariesOrigin.equals("local")) { // if we want the local binaries
+      filename = "openbas-implant-" + version + (platform.equals("windows") ? ".exe" : "");
       in = getClass().getResourceAsStream("/implants" + resourcePath + filename);
-      if (in == null) { // Dev mode, get from artifactory
-        filename = "openbas-implant-latest";
-        in = new BufferedInputStream(new URL(JFROG_BASE + resourcePath + filename).openStream());
-      }
+    } else if (executorOpenbasBinariesOrigin.equals(
+        "repository")) { // if we want a specific version from artifactory
+      filename =
+          "openbas-implant-"
+              + executorOpenbasBinariesVersion
+              + (platform.equals("windows") ? ".exe" : "");
+      in = new BufferedInputStream(new URL(JFROG_BASE + resourcePath + filename).openStream());
     }
+
     if (in != null) {
       HttpHeaders headers = new HttpHeaders();
       headers.add(HttpHeaders.CONTENT_DISPOSITION, "attachment; filename=" + filename);

openbas-api/src/main/resources/application.properties

@@ -157,6 +157,17 @@ executor.tanium.action-group-id=4
 executor.tanium.windows-package-id=
 executor.tanium.unix-package-id=
 
+# Executor OpenBAS
+
+# valid values: local | repository
+# default: local
+executor.openbas.binaries.origin=
+
+# if executor.openbas.agent.binaries.origin is set to "local",
+# this config is ignored
+# default: the OpenBAS instance's version
+executor.openbas.binaries.version=
+
 #############
 # INJECTORS #
 #############

openbas-framework/src/main/java/io/openbas/asset/EndpointService.java

@@ -37,6 +37,12 @@ public class EndpointService {
   @Value("${info.app.version:unknown}")
   String version;
 
+  @Value("${executor.openbas.binaries.origin:local}")
+  private String executorOpenbasBinariesOrigin;
+
+  @Value("${executor.openbas.binaries.version:${info.app.version:unknown}}")
+  private String executorOpenbasBinariesVersion;
+
   private final EndpointRepository endpointRepository;
 
   public Endpoint createEndpoint(@NotNull final Endpoint endpoint) {
@@ -101,13 +107,23 @@ public String getFileOrDownloadFromJfrog(String platform, String file, String ad
           case "linux", "macos" -> "sh";
           default -> throw new UnsupportedOperationException("");
         };
-    String filename = file + "-" + version + "." + extension;
+    InputStream in = null;
+    String filename;
     String resourcePath = "/openbas-agent/" + platform.toLowerCase() + "/";
-    InputStream in = getClass().getResourceAsStream("/agents" + resourcePath + filename);
-    if (in == null) { // Dev mode, get from artifactory
-      filename = file + "-latest." + extension;
+
+    if (executorOpenbasBinariesOrigin.equals("local")) { // if we want the local binaries
+      filename = file + "-" + version + "." + extension;
+      in = getClass().getResourceAsStream("/agents" + resourcePath + filename);
+    } else if (executorOpenbasBinariesOrigin.equals(
+        "repository")) { // if we want a specific version from artifactory
+      filename = file + "-" + executorOpenbasBinariesVersion + "." + extension;
       in = new BufferedInputStream(new URL(JFROG_BASE + resourcePath + filename).openStream());
     }
+    if (in == null) {
+      throw new UnsupportedOperationException(
+          "Agent installer version " + executorOpenbasBinariesVersion + " not found");
+    }
+
     return IOUtils.toString(in, StandardCharsets.UTF_8)
         .replace("${OPENBAS_URL}", openBASConfig.getBaseUrlForAgent())
         .replace("${OPENBAS_TOKEN}", adminToken)