From 16385676f24e01041443fe37aa2bb07dad86f8cd Mon Sep 17 00:00:00 2001 From: Christoph Hartmann Date: Wed, 10 Jan 2024 05:25:53 -0500 Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20enforce=20utf8=20for=20auditpol?= =?UTF-8?q?=20on=20windows=20(#2972)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- providers-sdk/v1/testutils/testdata/windows.json | 4 ++-- providers/os/resources/auditpol.go | 6 +++--- providers/os/resources/auditpol_test.go | 8 ++++---- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/providers-sdk/v1/testutils/testdata/windows.json b/providers-sdk/v1/testutils/testdata/windows.json index 92c5dc3a82..3649b592cc 100644 --- a/providers-sdk/v1/testutils/testdata/windows.json +++ b/providers-sdk/v1/testutils/testdata/windows.json @@ -26,8 +26,8 @@ ], "resources": [ { - "Resource": "command", - "ID": "auditpol /get /category:* /r", + "Resource": "powershell", + "ID": "[Console]::OutputEncoding = [Text.Encoding]::UTF8;auditpol /get /category:* /r", "Fields": { "exitcode": { "type": "\u0005", diff --git a/providers/os/resources/auditpol.go b/providers/os/resources/auditpol.go index 710cd9fcf5..a4878434a6 100644 --- a/providers/os/resources/auditpol.go +++ b/providers/os/resources/auditpol.go @@ -12,14 +12,14 @@ import ( ) func (p *mqlAuditpol) list() ([]interface{}, error) { - o, err := CreateResource(p.MqlRuntime, "command", map[string]*llx.RawData{ - "command": llx.StringData("auditpol /get /category:* /r"), + o, err := CreateResource(p.MqlRuntime, "powershell", map[string]*llx.RawData{ + "script": llx.StringData("[Console]::OutputEncoding = [Text.Encoding]::UTF8;auditpol /get /category:* /r"), }) if err != nil { return nil, err } - cmd := o.(*mqlCommand) + cmd := o.(*mqlPowershell) out := cmd.GetStdout() if out.Error != nil { return nil, fmt.Errorf("could not run auditpol: " + out.Error.Error()) diff --git a/providers/os/resources/auditpol_test.go b/providers/os/resources/auditpol_test.go index 19815eba1e..71eb949566 100644 --- a/providers/os/resources/auditpol_test.go +++ b/providers/os/resources/auditpol_test.go @@ -16,28 +16,28 @@ func TestResource_Auditpol(t *testing.T) { }) t.Run("test a specific secpol systemaccess entry", func(t *testing.T) { - res := testWindowsQuery(t, "auditpol.where(subcategory == 'Credential Validation').list[0].subcategory") + res := testWindowsQuery(t, "auditpol.where(subcategory == 'Credential Validation')[0].subcategory") assert.NotEmpty(t, res) assert.Empty(t, res[0].Result().Error) assert.Equal(t, "Credential Validation", res[0].Data.Value) }) t.Run("test a specific secpol systemaccess entry", func(t *testing.T) { - res := testWindowsQuery(t, "auditpol.where(subcategory == 'Credential Validation').list.length") + res := testWindowsQuery(t, "auditpol.where(subcategory == 'Credential Validation').length") assert.NotEmpty(t, res) assert.Empty(t, res[0].Result().Error) assert.Equal(t, int64(1), res[0].Data.Value) }) t.Run("test a specific secpol systemaccess entry", func(t *testing.T) { - res := testWindowsQuery(t, "auditpol.where(subcategory == 'Credential Validation').list[0].inclusionsetting") + res := testWindowsQuery(t, "auditpol.where(subcategory == 'Credential Validation')[0].inclusionsetting") assert.NotEmpty(t, res) assert.Empty(t, res[0].Result().Error) assert.Equal(t, "Success", res[0].Data.Value) }) t.Run("test a specific secpol systemaccess entry", func(t *testing.T) { - res := testWindowsQuery(t, "auditpol.where(subcategory == 'Application Group Management').list { inclusionsetting == 'Success and Failure'}") + res := testWindowsQuery(t, "auditpol.where(subcategory == 'Application Group Management') { inclusionsetting == 'Success and Failure'}") assert.NotEmpty(t, res) assert.Empty(t, res[0].Result().Error) r, found := res[0].Data.IsTruthy()