From 85994ed1963d2a0025098a891110e0c5d36df13c Mon Sep 17 00:00:00 2001
From: wagga40 <6437862+wagga40@users.noreply.github.com>
Date: Thu, 25 Nov 2021 21:36:51 +0100
Subject: [PATCH] Remove external binary use for embedded versions

---
 tools/genEmbed/genEmbed.py |  3 ++-
 zircolite.py               | 12 +++++++-----
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/tools/genEmbed/genEmbed.py b/tools/genEmbed/genEmbed.py
index c5755b9..8bf3aac 100644
--- a/tools/genEmbed/genEmbed.py
+++ b/tools/genEmbed/genEmbed.py
@@ -115,7 +115,7 @@ def render(self):
                                         evtxDumpCmdEmbed='self.evtxDumpCmd = self.getOSExternalToolsEmbed()',
                                         externalTool=self.externalTool,
                                         externalToolB64=self.fileToB64String(self.evtxdumpPath),
-                                        removeTool=f'os.remove("{self.externalTool}")',
+                                        removeTool=f'if self.useExternalBinaries: os.remove("{self.externalTool}")',
                                         configFileB64=self.configFileB64,
                                         templates=self.templatesArgs,
                                         templatesB64=self.templatesB64,
@@ -126,6 +126,7 @@ def render(self):
                                         rulesIf=self.rulesIf,
                                         rulesCheck=self.rulesCheck,
                                         noPackage = "args.package = False",
+                                        noExternal = "args.noexternal = True",
                                         binPathVar = "binPath = None",
                                         executeRuleSetFromVar='zircoliteCore.loadRulesetFromVar(ruleset=ruleset, ruleFilters=args.rulefilter)',
                                         fieldMappingsLines=self.fieldMappingsLines
diff --git a/zircolite.py b/zircolite.py
index 0136925..2d99ecf 100755
--- a/zircolite.py
+++ b/zircolite.py
@@ -494,10 +494,11 @@ def makeExecutable(self, path):
 
     #{% if embeddedMode %}
     def getOSExternalToolsEmbed(self):
-        with open("{{ externalTool }}", 'wb') as f:
-            f.write(zlib.decompress(base64.b64decode(b'{{ externalToolB64 }}')))
-        self.makeExecutable("{{ externalTool }}")
-        return "{{ externalTool }}"
+        if self.useExternalBinaries:
+            with open("{{ externalTool }}", 'wb') as f:
+                f.write(zlib.decompress(base64.b64decode(b'{{ externalToolB64 }}')))
+            self.makeExecutable("{{ externalTool }}")
+            return "{{ externalTool }}"
     #{% else %}
     def getOSExternalTools(self, binPath):
         """ Determine which binaries to run depending on host OS : 32Bits is NOT supported for now since evtx_dump is 64bits only"""
@@ -610,7 +611,7 @@ def run(self, file):
     def cleanup(self):
         shutil.rmtree(self.tmpDir)
         #{% if embeddedMode %}
-        #{{ removeTool }}
+        #{{ removeTool }}
         #{% endif %}
 
 #{% if not embeddedMode -%}
@@ -771,6 +772,7 @@ def avoidFiles(pathList, avoidFilesList):
     #{% if embeddedMode %}
     #{{ rulesCheck }}
     #{{ noPackage }}
+    #{{ noExternal }}
     #{% endif %}
 
     consoleLogger.info("[+] Checking prerequisites")