Skip to content

Commit

Permalink
Remove external binary use for embedded versions
Browse files Browse the repository at this point in the history
  • Loading branch information
@wagga40
wagga40 committed Nov 25, 2021
1 parent 13855a4 commit 85994ed
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 6 deletions.
3 changes: 2 additions & 1 deletion tools/genEmbed/genEmbed.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -115,7 +115,7 @@ def render(self):
evtxDumpCmdEmbed='self.evtxDumpCmd = self.getOSExternalToolsEmbed()',
externalTool=self.externalTool,
externalToolB64=self.fileToB64String(self.evtxdumpPath),
removeTool=f'os.remove("{self.externalTool}")',
removeTool=f'if self.useExternalBinaries: os.remove("{self.externalTool}")',
configFileB64=self.configFileB64,
templates=self.templatesArgs,
templatesB64=self.templatesB64,
Expand All @@ -126,6 +126,7 @@ def render(self):
rulesIf=self.rulesIf,
rulesCheck=self.rulesCheck,
noPackage = "args.package = False",
noExternal = "args.noexternal = True",
binPathVar = "binPath = None",
executeRuleSetFromVar='zircoliteCore.loadRulesetFromVar(ruleset=ruleset, ruleFilters=args.rulefilter)',
fieldMappingsLines=self.fieldMappingsLines
Expand Down
12 changes: 7 additions & 5 deletions zircolite.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -494,10 +494,11 @@ def makeExecutable(self, path):

#{% if embeddedMode %}
def getOSExternalToolsEmbed(self):
with open("{{ externalTool }}", 'wb') as f:
f.write(zlib.decompress(base64.b64decode(b'{{ externalToolB64 }}')))
self.makeExecutable("{{ externalTool }}")
return "{{ externalTool }}"
if self.useExternalBinaries:
with open("{{ externalTool }}", 'wb') as f:
f.write(zlib.decompress(base64.b64decode(b'{{ externalToolB64 }}')))
self.makeExecutable("{{ externalTool }}")
return "{{ externalTool }}"
#{% else %}
def getOSExternalTools(self, binPath):
""" Determine which binaries to run depending on host OS : 32Bits is NOT supported for now since evtx_dump is 64bits only"""
Expand Down Expand Up @@ -610,7 +611,7 @@ def run(self, file):
def cleanup(self):
shutil.rmtree(self.tmpDir)
#{% if embeddedMode %}
#{{ removeTool }}
#{{ removeTool }}
#{% endif %}

#{% if not embeddedMode -%}
Expand Down Expand Up @@ -771,6 +772,7 @@ def avoidFiles(pathList, avoidFilesList):
#{% if embeddedMode %}
#{{ rulesCheck }}
#{{ noPackage }}
#{{ noExternal }}
#{% endif %}

consoleLogger.info("[+] Checking prerequisites")
Expand Down

0 comments on commit 85994ed

Please sign in to comment.