Skip to content

Commit

Permalink
🐛 enforce utf8 for auditpol on windows (#2972)
Browse files Browse the repository at this point in the history
  • Loading branch information
chris-rock authored Jan 10, 2024
1 parent b3e6624 commit 1638567
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 9 deletions.
4 changes: 2 additions & 2 deletions providers-sdk/v1/testutils/testdata/windows.json
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,8 @@
],
"resources": [
{
"Resource": "command",
"ID": "auditpol /get /category:* /r",
"Resource": "powershell",
"ID": "[Console]::OutputEncoding = [Text.Encoding]::UTF8;auditpol /get /category:* /r",
"Fields": {
"exitcode": {
"type": "\u0005",
Expand Down
6 changes: 3 additions & 3 deletions providers/os/resources/auditpol.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,14 +12,14 @@ import (
)

func (p *mqlAuditpol) list() ([]interface{}, error) {
o, err := CreateResource(p.MqlRuntime, "command", map[string]*llx.RawData{
"command": llx.StringData("auditpol /get /category:* /r"),
o, err := CreateResource(p.MqlRuntime, "powershell", map[string]*llx.RawData{
"script": llx.StringData("[Console]::OutputEncoding = [Text.Encoding]::UTF8;auditpol /get /category:* /r"),
})
if err != nil {
return nil, err
}

cmd := o.(*mqlCommand)
cmd := o.(*mqlPowershell)
out := cmd.GetStdout()
if out.Error != nil {
return nil, fmt.Errorf("could not run auditpol: " + out.Error.Error())
Expand Down
8 changes: 4 additions & 4 deletions providers/os/resources/auditpol_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,28 +16,28 @@ func TestResource_Auditpol(t *testing.T) {
})

t.Run("test a specific secpol systemaccess entry", func(t *testing.T) {
res := testWindowsQuery(t, "auditpol.where(subcategory == 'Credential Validation').list[0].subcategory")
res := testWindowsQuery(t, "auditpol.where(subcategory == 'Credential Validation')[0].subcategory")
assert.NotEmpty(t, res)
assert.Empty(t, res[0].Result().Error)
assert.Equal(t, "Credential Validation", res[0].Data.Value)
})

t.Run("test a specific secpol systemaccess entry", func(t *testing.T) {
res := testWindowsQuery(t, "auditpol.where(subcategory == 'Credential Validation').list.length")
res := testWindowsQuery(t, "auditpol.where(subcategory == 'Credential Validation').length")
assert.NotEmpty(t, res)
assert.Empty(t, res[0].Result().Error)
assert.Equal(t, int64(1), res[0].Data.Value)
})

t.Run("test a specific secpol systemaccess entry", func(t *testing.T) {
res := testWindowsQuery(t, "auditpol.where(subcategory == 'Credential Validation').list[0].inclusionsetting")
res := testWindowsQuery(t, "auditpol.where(subcategory == 'Credential Validation')[0].inclusionsetting")
assert.NotEmpty(t, res)
assert.Empty(t, res[0].Result().Error)
assert.Equal(t, "Success", res[0].Data.Value)
})

t.Run("test a specific secpol systemaccess entry", func(t *testing.T) {
res := testWindowsQuery(t, "auditpol.where(subcategory == 'Application Group Management').list { inclusionsetting == 'Success and Failure'}")
res := testWindowsQuery(t, "auditpol.where(subcategory == 'Application Group Management') { inclusionsetting == 'Success and Failure'}")
assert.NotEmpty(t, res)
assert.Empty(t, res[0].Result().Error)
r, found := res[0].Data.IsTruthy()
Expand Down

0 comments on commit 1638567

Please sign in to comment.