Bug fixes for file searching and task completion

its-a-feature · its-a-feature · commit b77077b06d33 · 2024-07-11T09:30:00.000-05:00
diff --git a/CHANGELOG.MD b/CHANGELOG.MD
@@ -4,6 +4,14 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [3.3.0-rc2] - 2024-07-11
+
+### Changed
+
+- Updated eventing tasks to properly address when tasks fail and continue on with the eventing steps
+- Updated the LimitByCallback field when searching for files to also account of a fileID was used in a task in a callback
+  - this helps with files that might be uploaded as part of workflows, but still loaded into callbacks
+  
 ## [3.3.0-rc1] - 2024-07-09
 
 ### Changed
diff --git a/MythicReactUI/src/components/pages/Eventing/Eventing.js b/MythicReactUI/src/components/pages/Eventing/Eventing.js
@@ -184,6 +184,10 @@ export function Eventing({me}){
     const onFileChange = async (evt) => {
         for(let i = 0; i < evt.target.files.length; i++){
             let uploadStatus = await UploadEventFile(evt.target.files[i], "New Eventing Workflow");
+            if(!uploadStatus){
+                snackActions.error("Failed to upload file");
+                continue
+            }
             if(uploadStatus.status === "error"){
                 snackActions.error(uploadStatus.error);
             }
diff --git a/MythicReactUI/src/index.js b/MythicReactUI/src/index.js
@@ -14,7 +14,7 @@ import {snackActions} from './components/utilities/Snackbar';
 import jwt_decode from 'jwt-decode';
 import {meState} from './cache';
 
-export const mythicUIVersion = "0.2.0";
+export const mythicUIVersion = "0.2.1";
 
 let fetchingNewToken = false;
 
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-3.3.0-rc1
+3.3.0-rc2
diff --git a/mythic-docker/src/VERSION b/mythic-docker/src/VERSION
@@ -1 +1 @@
-3.3.0-rc1
+3.3.0-rc2
diff --git a/mythic-docker/src/rabbitmq/eventingStructs.go b/mythic-docker/src/rabbitmq/eventingStructs.go
@@ -9,7 +9,7 @@ type EventActionDataCreateTask struct {
 	CommandName         string                 `json:"command_name" mapstructure:"command_name"`
 	PayloadType         *string                `json:"payload_type,omitempty" mapstructure:"payload_type,omitempty"`
 	Params              string                 `json:"params" mapstructure:"params"`
-	ParamDictionary     map[string]interface{} `json:"param_dictionary,omitempty" mapstructure:"param_dictionary"`
+	ParamDictionary     map[string]interface{} `json:"params_dictionary,omitempty" mapstructure:"params_dictionary"`
 	ParameterGroupName  *string                `json:"parameter_group_name,omitempty" mapstructure:"parameter_group_name"`
 	Token               *int                   `json:"token,omitempty" mapstructure:"token"`
 	ParentTaskID        *int                   `json:"parent_task_id,omitempty" mapstructure:"parent_task_id"`
diff --git a/mythic-docker/src/rabbitmq/recv_mythic_rpc_file_search.go b/mythic-docker/src/rabbitmq/recv_mythic_rpc_file_search.go
@@ -2,6 +2,7 @@ package rabbitmq
 
 import (
 	"encoding/json"
+	"fmt"
 	"time"
 
 	"github.com/its-a-feature/Mythic/database"
@@ -165,7 +166,18 @@ func MythicRPCFileSearch(input MythicRPCFileSearchMessage) MythicRPCFileSearchMe
 				} else if fileCallbackID == callbackId {
 					finalFiles = append(finalFiles, convertFileMetaToFileData(file))
 				}
+			} else {
+				// this means this file wasn't directly uploaded _just_ for this callback, but could be used in this callback anyway
+				tasks := []databaseStructs.Task{}
+				err := database.DB.Select(&tasks, `SELECT id FROM task WHERE
+                        callback_id=$1 AND params LIKE $2 LIMIT 1`, callbackId, fmt.Sprintf("%%%s%%", file.AgentFileID))
+				if err != nil {
+					logging.LogError(err, "failed to search for tasks with params that include file id")
+				} else if len(tasks) > 0 {
+					finalFiles = append(finalFiles, convertFileMetaToFileData(file))
+				}
 			}
+
 		} else {
 			finalFiles = append(finalFiles, convertFileMetaToFileData(file))
 		}
diff --git a/mythic-docker/src/rabbitmq/recv_pt_task_create_response.go b/mythic-docker/src/rabbitmq/recv_pt_task_create_response.go
@@ -37,12 +37,16 @@ func processPtTaskCreateMessages(msg amqp.Delivery) {
 		go SendAllOperationsMessage(payloadMsg.Error, 0, "", database.MESSAGE_LEVEL_WARNING)
 		return
 	}
-	err = database.DB.Get(&task, `SELECT status, operation_id FROM task WHERE id=$1`, task.ID)
+	err = database.DB.Get(&task, `SELECT status, operation_id, eventstepinstance_id FROM task WHERE id=$1`, task.ID)
 	if err != nil {
 		logging.LogError(err, "Failed to find task from create_tasking")
 		go SendAllOperationsMessage(err.Error(), 0, "", database.MESSAGE_LEVEL_WARNING)
 		return
 	}
+	_, err = database.DB.Exec(`UPDATE apitokens SET deleted=true AND active=false WHERE task_id=$1`, task.ID)
+	if err != nil {
+		logging.LogError(err, "Failed to update the apitokens to set to deleted")
+	}
 	//logging.LogInfo("got response back from create message", "resp", payloadMsg, "original", string(msg.Body))
 
 	var updateColumns []string
@@ -145,7 +149,7 @@ func processPtTaskCreateMessages(msg amqp.Delivery) {
 				OperatorID:          task.OperatorID,
 				EventStepInstanceID: int(task.EventStepInstanceID.Int64),
 				TaskID:              task.ID,
-				ActionSuccess:       !strings.Contains(task.Status, "error"),
+				ActionSuccess:       !strings.Contains(strings.ToLower(task.Status), "error"),
 			}
 			go CheckAndProcessTaskCompletionHandlers(task.ID)
 		}
@@ -166,7 +170,7 @@ func processPtTaskCreateMessages(msg amqp.Delivery) {
 			OperatorID:          task.OperatorID,
 			EventStepInstanceID: int(task.EventStepInstanceID.Int64),
 			TaskID:              task.ID,
-			ActionSuccess:       !strings.Contains(task.Status, "error"),
+			ActionSuccess:       false,
 		}
 		// we hit an error in processing, so check if others are waiting on us to finish
 		go CheckAndProcessTaskCompletionHandlers(task.ID)
diff --git a/mythic-docker/src/rabbitmq/recv_pt_task_opsec_post_response.go b/mythic-docker/src/rabbitmq/recv_pt_task_opsec_post_response.go
@@ -37,6 +37,16 @@ func processPtTaskOPSECPostMessages(msg amqp.Delivery) {
 		go SendAllOperationsMessage(payloadMsg.Error, 0, "", database.MESSAGE_LEVEL_WARNING)
 		return
 	}
+	err = database.DB.Get(&task, `SELECT status, operation_id, eventstepinstance_id FROM task WHERE id=$1`, task.ID)
+	if err != nil {
+		logging.LogError(err, "Failed to find task from create_tasking")
+		go SendAllOperationsMessage(err.Error(), 0, "", database.MESSAGE_LEVEL_WARNING)
+		return
+	}
+	_, err = database.DB.Exec(`UPDATE apitokens SET deleted=true AND active=false WHERE task_id=$1`, task.ID)
+	if err != nil {
+		logging.LogError(err, "Failed to update the apitokens to set to deleted")
+	}
 	if payloadMsg.Success {
 		if !payloadMsg.OpsecPostBlocked || (payloadMsg.OpsecPostBlocked && payloadMsg.OpsecPostBypassed != nil && *payloadMsg.OpsecPostBypassed) {
 			task.Status = PT_TASK_FUNCTION_STATUS_SUBMITTED
@@ -103,7 +113,7 @@ func processPtTaskOPSECPostMessages(msg amqp.Delivery) {
 				OperationID:         task.OperationID,
 				EventStepInstanceID: int(task.EventStepInstanceID.Int64),
 				TaskID:              task.ID,
-				ActionSuccess:       !strings.Contains(task.Status, "error"),
+				ActionSuccess:       !strings.Contains(strings.ToLower(task.Status), "error"),
 			}
 		} else {
 			checkForTaskInterception(&task)
@@ -144,7 +154,7 @@ func processPtTaskOPSECPostMessages(msg amqp.Delivery) {
 			OperationID:         task.OperationID,
 			EventStepInstanceID: int(task.EventStepInstanceID.Int64),
 			TaskID:              task.ID,
-			ActionSuccess:       !strings.Contains(task.Status, "error"),
+			ActionSuccess:       !strings.Contains(strings.ToLower(task.Status), "error"),
 		}
 	}
 }
diff --git a/mythic-docker/src/rabbitmq/recv_pt_task_opsec_pre_response.go b/mythic-docker/src/rabbitmq/recv_pt_task_opsec_pre_response.go
@@ -32,6 +32,12 @@ func processPtTaskOPSECPreMessages(msg amqp.Delivery) {
 			go SendAllOperationsMessage(payloadMsg.Error, 0, "", database.MESSAGE_LEVEL_WARNING)
 			return
 		}
+		err = database.DB.Get(&task, `SELECT status, operation_id, eventstepinstance_id FROM task WHERE id=$1`, task.ID)
+		if err != nil {
+			logging.LogError(err, "Failed to find task from create_tasking")
+			go SendAllOperationsMessage(err.Error(), 0, "", database.MESSAGE_LEVEL_WARNING)
+			return
+		}
 		_, err = database.DB.Exec(`UPDATE apitokens SET deleted=true AND active=false WHERE task_id=$1`, task.ID)
 		if err != nil {
 			logging.LogError(err, "Failed to update the apitokens to set to deleted")
@@ -88,7 +94,7 @@ func processPtTaskOPSECPreMessages(msg amqp.Delivery) {
 				OperatorID:          task.OperatorID,
 				EventStepInstanceID: int(task.EventStepInstanceID.Int64),
 				TaskID:              task.ID,
-				ActionSuccess:       !strings.Contains(task.Status, "error"),
+				ActionSuccess:       !strings.Contains(strings.ToLower(task.Status), "error"),
 			}
 		}
 	}
diff --git a/mythic-docker/src/rabbitmq/recv_pt_task_process_response.go b/mythic-docker/src/rabbitmq/recv_pt_task_process_response.go
@@ -24,6 +24,10 @@ func processPtTaskProcessResponseMessages(msg amqp.Delivery) {
 		logging.LogError(err, "Failed to process PTTaskProcessResponseMessageResponse into struct")
 	} else {
 		// now process the create_tasking response body to update the task
+		_, err = database.DB.Exec(`UPDATE apitokens SET deleted=true AND active=false WHERE task_id=$1`, payloadMsg.TaskID)
+		if err != nil {
+			logging.LogError(err, "Failed to update the apitokens to set to deleted")
+		}
 		if !payloadMsg.Success {
 			go SendAllOperationsMessage(fmt.Sprintf("Failed to process response message for task %d:\n%s", payloadMsg.TaskID, payloadMsg.Error),
 				0, "", database.MESSAGE_LEVEL_WARNING)
diff --git a/mythic-docker/src/rabbitmq/utils.go b/mythic-docker/src/rabbitmq/utils.go
@@ -763,7 +763,7 @@ func CheckAndProcessTaskCompletionHandlers(taskId int) {
 		task.parent_task_id, task.operator_id,
 		task.subtask_callback_function, task.subtask_callback_function_completed,
 		task.group_callback_function, task.group_callback_function_completed, task.completed_callback_function,
-		task.completed_callback_function_completed, task.subtask_group_name, task.id, task.status
+		task.completed_callback_function_completed, task.subtask_group_name, task.id, task.status, task.eventstepinstance_id
 		FROM task
 		WHERE task.id=$1`, taskId)
 	if err != nil {
@@ -775,7 +775,7 @@ func CheckAndProcessTaskCompletionHandlers(taskId int) {
 	}
 	if task.ParentTaskID.Valid {
 		err = database.DB.Get(&parentTask, `SELECT 
-    		task.id, task.status, task.completed,
+    		task.id, task.status, task.completed, task.eventstepinstance_id,
     		c.script_only "command.script_only"
     		from task
     		LEFT OUTER JOIN command c on task.command_id = c.id
diff --git a/mythic-react-docker/mythic/public/asset-manifest.json b/mythic-react-docker/mythic/public/asset-manifest.json
@@ -1,15 +1,15 @@
 {
   "files": {
     "main.css": "/new/static/css/main.7e143bf2.css",
-    "main.js": "/new/static/js/main.180c42c2.js",
+    "main.js": "/new/static/js/main.4fbb60c3.js",
     "static/media/mythic-red.png": "/new/static/media/mythic-red.203468a4e5240d239aa0.png",
     "static/media/mythic_red_small.svg": "/new/static/media/mythic_red_small.793b41cc7135cdede246661ec232976b.svg",
     "index.html": "/new/index.html",
     "main.7e143bf2.css.map": "/new/static/css/main.7e143bf2.css.map",
-    "main.180c42c2.js.map": "/new/static/js/main.180c42c2.js.map"
+    "main.4fbb60c3.js.map": "/new/static/js/main.4fbb60c3.js.map"
   },
   "entrypoints": [
     "static/css/main.7e143bf2.css",
-    "static/js/main.180c42c2.js"
+    "static/js/main.4fbb60c3.js"
   ]
 }
diff --git a/mythic-react-docker/mythic/public/index.html b/mythic-react-docker/mythic/public/index.html
@@ -1 +1 @@
-<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="icon" href="/new/favicon.ico"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><link rel="apple-touch-icon" href="/new/logo192.png"/><link rel="manifest" href="/new/manifest.json"/><title>Mythic</title><script defer="defer" src="/new/static/js/main.180c42c2.js"></script><link href="/new/static/css/main.7e143bf2.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"></div></body></html>
+<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="icon" href="/new/favicon.ico"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><link rel="apple-touch-icon" href="/new/logo192.png"/><link rel="manifest" href="/new/manifest.json"/><title>Mythic</title><script defer="defer" src="/new/static/js/main.4fbb60c3.js"></script><link href="/new/static/css/main.7e143bf2.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"></div></body></html>
diff --git a/mythic-react-docker/mythic/public/static/js/main.4fbb60c3.js b/mythic-react-docker/mythic/public/static/js/main.4fbb60c3.js
diff --git a/mythic-react-docker/mythic/public/static/js/main.4fbb60c3.js.LICENSE.txt b/mythic-react-docker/mythic/public/static/js/main.4fbb60c3.js.LICENSE.txt
diff --git a/mythic-react-docker/mythic/public/static/js/main.4fbb60c3.js.map b/mythic-react-docker/mythic/public/static/js/main.4fbb60c3.js.map

Original file line number	Diff line number	Diff line change
`@@ -32,6 +32,12 @@ func processPtTaskOPSECPreMessages(msg amqp.Delivery) {`
`32`	`32`	`go SendAllOperationsMessage(payloadMsg.Error, 0, "", database.MESSAGE_LEVEL_WARNING)`
`33`	`33`	`return`
`34`	`34`	`}`
	`35`	+ err = database.DB.Get(&task, `SELECT status, operation_id, eventstepinstance_id FROM task WHERE id=$1`, task.ID)
	`36`	`+ if err != nil {`
	`37`	`+ logging.LogError(err, "Failed to find task from create_tasking")`
	`38`	`+ go SendAllOperationsMessage(err.Error(), 0, "", database.MESSAGE_LEVEL_WARNING)`
	`39`	`+ return`
	`40`	`+ }`
`35`	`41`	_, err = database.DB.Exec(`UPDATE apitokens SET deleted=true AND active=false WHERE task_id=$1`, task.ID)
`36`	`42`	`if err != nil {`
`37`	`43`	`logging.LogError(err, "Failed to update the apitokens to set to deleted")`
`@@ -88,7 +94,7 @@ func processPtTaskOPSECPreMessages(msg amqp.Delivery) {`
`88`	`94`	`OperatorID: task.OperatorID,`
`89`	`95`	`EventStepInstanceID: int(task.EventStepInstanceID.Int64),`
`90`	`96`	`TaskID: task.ID,`
`91`		`- ActionSuccess: !strings.Contains(task.Status, "error"),`
	`97`	`+ ActionSuccess: !strings.Contains(strings.ToLower(task.Status), "error"),`
`92`	`98`	`}`
`93`	`99`	`}`
`94`	`100`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,15 +1,15 @@`
`1`	`1`	`{`
`2`	`2`	`"files": {`
`3`	`3`	`"main.css": "/new/static/css/main.7e143bf2.css",`
`4`		`- "main.js": "/new/static/js/main.180c42c2.js",`
	`4`	`+ "main.js": "/new/static/js/main.4fbb60c3.js",`
`5`	`5`	`"static/media/mythic-red.png": "/new/static/media/mythic-red.203468a4e5240d239aa0.png",`
`6`	`6`	`"static/media/mythic_red_small.svg": "/new/static/media/mythic_red_small.793b41cc7135cdede246661ec232976b.svg",`
`7`	`7`	`"index.html": "/new/index.html",`
`8`	`8`	`"main.7e143bf2.css.map": "/new/static/css/main.7e143bf2.css.map",`
`9`		`- "main.180c42c2.js.map": "/new/static/js/main.180c42c2.js.map"`
	`9`	`+ "main.4fbb60c3.js.map": "/new/static/js/main.4fbb60c3.js.map"`
`10`	`10`	`},`
`11`	`11`	`"entrypoints": [`
`12`	`12`	`"static/css/main.7e143bf2.css",`
`13`		`- "static/js/main.180c42c2.js"`
	`13`	`+ "static/js/main.4fbb60c3.js"`
`14`	`14`	`]`
`15`	`15`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		-<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="icon" href="/new/favicon.ico"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><link rel="apple-touch-icon" href="/new/logo192.png"/><link rel="manifest" href="/new/manifest.json"/><title>Mythic</title><script defer="defer" src="/new/static/js/main.180c42c2.js"></script><link href="/new/static/css/main.7e143bf2.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"></div></body></html>
	`1`	+<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="icon" href="/new/favicon.ico"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><link rel="apple-touch-icon" href="/new/logo192.png"/><link rel="manifest" href="/new/manifest.json"/><title>Mythic</title><script defer="defer" src="/new/static/js/main.4fbb60c3.js"></script><link href="/new/static/css/main.7e143bf2.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"></div></body></html>