diff --git a/cmd/grimoire/shell.go b/cmd/grimoire/shell.go index ad9eb0d..e28267b 100644 --- a/cmd/grimoire/shell.go +++ b/cmd/grimoire/shell.go @@ -63,7 +63,7 @@ func (m *ShellCommand) Validate() error { } func (m *ShellCommand) Do() error { ctx, cancel := context.WithCancel(context.Background()) - sigChan := make(chan os.Signal) + sigChan := make(chan os.Signal, 1) signal.Notify(sigChan, os.Interrupt, syscall.SIGTERM) go func() { select { diff --git a/cmd/grimoire/stratus-red-team.go b/cmd/grimoire/stratus-red-team.go index bfbe416..b6adc85 100644 --- a/cmd/grimoire/stratus-red-team.go +++ b/cmd/grimoire/stratus-red-team.go @@ -2,7 +2,6 @@ package main import ( "context" - "encoding/json" "errors" "fmt" "github.com/aws/aws-sdk-go-v2/config" @@ -117,11 +116,11 @@ func (m *RunCommand) Do() error { } // Make sure we wait until cleanup is finished before exiting - if m.cleanupRunning.Load() == true { + if m.cleanupRunning.Load() { log.Info("Waiting for Stratus Red Team attack technique clean-up to complete...") } m.cleanupWg.Wait() - if m.cleanupSucceeded.Load() == false { + if m.cleanupSucceeded.Load() { // Note: Stratus Red Team Cleanup function calls the Terraform Go Wrapper, which unfortunately // catches Ctrl+C signals. This means that if the user presses Ctrl+C at "the wrong time", the cleanup // will fail because the Terraform Wrapper will panic and exit @@ -150,23 +149,6 @@ func (m *RunCommand) handleNewEvent(event *map[string]interface{}) error { return nil } -func (m *RunCommand) writeToFile(events []map[string]interface{}) error { - if m.OutputFile == "" { - return nil // nothing to do - } - outputBytes, err := json.MarshalIndent(events, "", " ") - if err != nil { - return err - } - - if m.OutputFile == "-" { - fmt.Println(string(outputBytes)) - } else if err := os.WriteFile(m.OutputFile, outputBytes, 0600); err != nil { - return err - } - return nil -} - func (m *RunCommand) CleanupDetonation() error { m.cleanupMutex.Lock() defer m.cleanupMutex.Unlock() diff --git a/pkg/grimoire/detonators/stratus_red_team.go b/pkg/grimoire/detonators/stratus_red_team.go index 0119b16..f3e3297 100644 --- a/pkg/grimoire/detonators/stratus_red_team.go +++ b/pkg/grimoire/detonators/stratus_red_team.go @@ -19,6 +19,7 @@ type StratusRedTeamDetonator struct { func NewStratusRedTeamDetonator(attackTechniqueID string) (*StratusRedTeamDetonator, error) { ttp := stratus.GetRegistry().GetAttackTechniqueByName(attackTechniqueID) if ttp == nil { + //lint:ignore ST1005 "Stratus Red Team" is a proper noun return nil, fmt.Errorf("Stratus Red Team attack technique %s not found", attackTechniqueID) } return &StratusRedTeamDetonator{AttackTechnique: ttp}, nil diff --git a/pkg/grimoire/logs/cloudtrail.go b/pkg/grimoire/logs/cloudtrail.go index b58fccd..b62d955 100644 --- a/pkg/grimoire/logs/cloudtrail.go +++ b/pkg/grimoire/logs/cloudtrail.go @@ -192,9 +192,6 @@ func (m *CloudTrailEventsFinder) lookupEvents(ctx context.Context, detonation *d } else { log.Debugf("Found CloudTrail event %s matching detonation UID, but ignoring as it's on the exclude list", eventName) } - } else { - // logging disabled for now, was noisy - //log.Debugf("Found CloudTrail event %s but it does not match detonation UID", eventName) } } } @@ -216,7 +213,7 @@ func (m *CloudTrailEventsFinder) eventsMatchesDetonation(event map[string]interf switch m.Options.UserAgentMatchType { case UserAgentMatchTypeExact: - return strings.ToLower(userAgent) == strings.ToLower(detonation.DetonationID) + return strings.EqualFold(userAgent, detonation.DetonationID) case UserAgentMatchTypePartial: return strings.Contains(userAgent, detonation.DetonationID) default: