Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

💡 [REQUEST] - OS/Arch Metadata Filtering #328

Open
l50 opened this issue Sep 13, 2023 · 3 comments
Open

💡 [REQUEST] - OS/Arch Metadata Filtering #328

l50 opened this issue Sep 13, 2023 · 3 comments
Assignees
@d3sch41n
Labels
enhancement New feature or request

Comments

@l50
Copy link
Contributor

l50 commented Sep 13, 2023
edited
Loading

Implementation PR

N/A

Reference Issues

#196

Summary

It would be great to be able to filter on metadata for a specific TTP using ttpforge list.

Aside from providing a nicer interface to find specific TTPs, this work could also be used to provide feedback if someone is trying to run an incompatible TTP, i.e. macOS TTP on a linux box.

Basic Example

If we wanted all TTPs that target x86_64 linux:

ttpforge list ttps -os linux -arch x86_64

Or if we wanted all macOS TTPs (generally speaking and ignoring the architecture):

ttpforge list ttps -os macos

Drawbacks

It's work, but otherwise I'm not seeing any downsides.

Unresolved questions

No response
@l50 l50 added the question Clarification and/or additional information required to move forward label Sep 13, 2023
@d3sch41n d3sch41n self-assigned this Sep 26, 2023
@d3sch41n d3sch41n added enhancement New feature or request batch-2023-q4 and removed question Clarification and/or additional information required to move forward labels Sep 26, 2023
@d3sch41n d3sch41n changed the title 💡 [REQUEST] - Metadata filtering 💡 [REQUEST] - OS/Arch Metadata Filtering Sep 26, 2023
@d3sch41n
Copy link
Contributor

d3sch41n commented Sep 26, 2023
edited
Loading

TL;DR

I intend to add a compatibility: section containing a list of OS/arch combinations

  • we can later add a version field as well:
compatibility:
  - os: linux
    arch: amd64
  - os: darwin
    arch:  arm64

Disambiguation

This specifies "where is it possible for ttpforge to run this TTP" - it does not specify the target environment.
For example, a linux-based attack tool designed to attack remote windows systems would declare linux rather than windows compatibility.

Schema Details

The following validation rules will be enforced:

  • os must be a valid GOOS value
  • arch: must be a valid GOARCH value

ttpforge run Mechanics

If a TTP specifies a compatibility section, then TTPForge will refuse to execute it (and immediately print a clear error message)
unless the runtime.GOOS and runtime.GOARCH values match one of the entries in the compatibility list:

The arch field will not be mandatory, because there will be many situations in which it is overly restrictive - for instance, a TTP that just executes some inline Python (no compiling C files etc.) is not expected to have architecture-dependent properties. In such cases, one could simply write:

compatibility:
  - os: linux
  - os: darwin

ttpforge list ttps Mechanics

Corresponding options will be added to the ttpforge list command to filter on the above values:

ttpforge list --compatible-with "os=macOS,arch=arm64"

The following shorthand will be allowed to filter to "which TTPs can I run right now on my current GOOS/GOARCH":

ttpforge list --compatible

SubTTPs

The compatibilty: filters will also be enforced against SubTTPs - this will prevent you from tying incompatible sub TTPs together.

@d3sch41n
Copy link
Contributor

This will also encompass @l50's prior FR

#196

@d3sch41n d3sch41n mentioned this issue Oct 3, 2023
Closed
3 tasks
@d3sch41n
Copy link
Contributor

Maybe we call it platform_requirements instead

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@d3sch41n d3sch41n

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@l50 @d3sch41n @TTPForge-bot