Merge 642d5fd7a4 into 9561846979

This PR:

* Updates the versions of various actions used by the CI and release workflows
* Updates the release workflow to use Go version 1.22
* Updates the test matrix to use Go versions 1.21, 1.22, and 1.23

It also updates the CI workflow to run when pull requests are created or changed. This will help give feedback when formatting or tests are broken during a PR.

As a good example of why this is useful, you'll see that I needed to run `gofmt` to get this to pass! We should have caught that earlier and now we'll catch it moving forward.

.github/workflows/ci.yml

@@ -1,5 +1,7 @@
 name: CI
-on: [push]
+on:
+  - pull_request
+  - push
 jobs:
 
   build:
@@ -7,17 +9,17 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        goVer: [1.16, 1.17, 1.18]
+        goVer: [1.21, 1.22, 1.23]
 
     steps:
     - name: Set up Go ${{ matrix.goVer }}
-      uses: actions/setup-go@v1
+      uses: actions/setup-go@v5
       with:
         go-version: ${{ matrix.goVer }}
       id: go
 
     - name: Check out code into the Go module directory
-      uses: actions/checkout@v2
+      uses: actions/checkout@v4
 
     - name: Get dependencies
       run: |
@@ -31,4 +33,4 @@ jobs:
       run: diff -u <(echo -n) <(gofmt -d .)
     
     - name: Test
-      run: go test -v ./...
+      run: go test ./...

.github/workflows/release.yml

@@ -38,7 +38,7 @@ jobs:
             - name: Set up Go
               uses: actions/setup-go@v2
               with:
-                go-version: 1.14
+                go-version: 1.22
             - if: matrix.os == 'ubuntu-latest'
               run: sudo apt-get update && sudo apt-get install -y gcc-multilib
             - if: matrix.arch == '386'
@@ -47,7 +47,7 @@ jobs:
               run: echo "RELEASE=gophish-${{ github.event.release.tag_name }}-${{ matrix.releaseos }}-64bit" >> $GITHUB_ENV
             - if: matrix.os == 'windows-latest'
               run: echo "RELEASE=gophish-${{ github.event.release.tag_name }}-${{ matrix.releaseos }}-64bit" | Out-File -FilePath $env:GITHUB_ENV -Append # https://github.com/actions/runner/issues/1636
-            - uses: actions/checkout@v2
+            - uses: actions/checkout@v4
             - name: Build ${{ matrix.goos }}/${{ matrix.arch }}
               run: go build -o ${{ matrix.bin }}
               env:
@@ -55,7 +55,7 @@ jobs:
                 GOARCH: ${{ matrix.arch }}
                 CGO_ENABLED: 1
             - name: Upload to artifacts
-              uses: actions/upload-artifact@v2
+              uses: actions/upload-artifact@v4
               with:
                 name: ${{ env.RELEASE }}
                 path: ${{ matrix.bin }}
@@ -65,8 +65,8 @@ jobs:
         runs-on: ubuntu-latest
         needs: build
         steps:
-            - uses: actions/checkout@v2
+            - uses: actions/checkout@v4
-            - uses: actions/download-artifact@v2
+            - uses: actions/download-artifact@v4
               with:
                 path: bin
             - name: Package Releases
@@ -96,7 +96,7 @@ jobs:
                   done
                 done
             - name: Upload to artifacts
-              uses: actions/upload-artifact@v2
+              uses: actions/upload-artifact@v4
               with:
                 name: releases
                 path: releases/*.zip
@@ -106,7 +106,7 @@ jobs:
         runs-on: ubuntu-latest
         needs: package
         steps:
-            - uses: actions/download-artifact@v2
+            - uses: actions/download-artifact@v4
               with:
                 name: releases
                 path: releases/

config.json

@@ -19,5 +19,17 @@
 	"logging": {
 		"filename": "",
 		"level": ""
+	},
+	"attachments": {
+		"plain_text_file_list": [
+			".txt",
+			".html",
+			".ics",
+			".ps1",
+			".bat",
+			".vbs",
+			".sh",
+			".py"
+		]
 	}
-}
+}

config/config.go

@@ -26,6 +26,11 @@ type PhishServer struct {
 	KeyPath   string `json:"key_path"`
 }
 
+// Attachments represents the handling of attachments in emails
+type Attachments struct {
+	PlainTextFileList []string `json:"plain_text_file_list"`
+}
+
 // Config represents the configuration information.
 type Config struct {
 	AdminConf      AdminServer `json:"admin_server"`
@@ -37,6 +42,7 @@ type Config struct {
 	TestFlag       bool        `json:"test_flag"`
 	ContactAddress string      `json:"contact_address"`
 	Logging        *log.Config `json:"logging"`
+	Attachments    Attachments `json:"attachments"`
 }
 
 // Version contains the current gophish version

config/config_test.go

@@ -26,7 +26,19 @@ var validConfig = []byte(`{
 	"db_name": "sqlite3",
 	"db_path": "gophish.db",
 	"migrations_prefix": "db/db_",
-	"contact_address": ""
+	"contact_address": "",
+	"attachments": {
+		"plain_text_file_list": [
+			".txt",
+			".html",
+			".ics",
+			".ps1",
+			".bat",
+			".vbs",
+			".sh",
+			".py"
+		]
+	}
 }`)
 
 func createTemporaryConfig(t *testing.T) *os.File {

controllers/api/user.go

@@ -109,6 +109,7 @@ func (as *Server) Users(w http.ResponseWriter, r *http.Request) {
 			Role:                   role,
 			RoleID:                 role.ID,
 			PasswordChangeRequired: ur.PasswordChangeRequired,
+			AccountLocked:          ur.AccountLocked,
 		}
 		err = models.PutUser(&user)
 		if err != nil {

imap/monitor.go

@@ -115,8 +115,8 @@ func (im *Monitor) Shutdown() error {
 	return nil
 }
 
-// checkForNewEmails logs into an IMAP account and checks unread emails
+// checkForNewEmails logs into an IMAP account and checks unread emails for the
-//  for the rid campaign identifier.
+// rid campaign identifier.
 func checkForNewEmails(im models.IMAP) {
 	im.Host = im.Host + ":" + strconv.Itoa(int(im.Port)) // Append port
 	mailServer := Mailbox{

models/attachment.go

@@ -61,6 +61,21 @@ func (a *Attachment) ApplyTemplate(ptx PhishingTemplateContext) (io.Reader, erro
 	//   "application/vnd.openxmlformats-officedocument.wordprocessingml.document"
 	fileExtension := filepath.Ext(a.Name)
 
+	if array_contains(conf.Attachments.PlainTextFileList, fileExtension) {
+		b, err := ioutil.ReadAll(decodedAttachment)
+		if err != nil {
+			return nil, err
+		}
+		processedAttachment, err := ExecuteTemplate(string(b), ptx)
+		if err != nil {
+			return nil, err
+		}
+		if processedAttachment == string(b) {
+			a.vanillaFile = true
+		}
+		return strings.NewReader(processedAttachment), nil
+	}
+
 	switch fileExtension {
 
 	case ".docx", ".docm", ".pptx", ".xlsx", ".xlsm":
@@ -136,21 +151,18 @@ func (a *Attachment) ApplyTemplate(ptx PhishingTemplateContext) (io.Reader, erro
 		zipWriter.Close()
 		return bytes.NewReader(newZipArchive.Bytes()), err
 
-	case ".txt", ".html", ".ics":
-		b, err := ioutil.ReadAll(decodedAttachment)
-		if err != nil {
-			return nil, err
-		}
-		processedAttachment, err := ExecuteTemplate(string(b), ptx)
-		if err != nil {
-			return nil, err
-		}
-		if processedAttachment == string(b) {
-			a.vanillaFile = true
-		}
-		return strings.NewReader(processedAttachment), nil
 	default:
 		return decodedAttachment, nil // Default is to simply return the file
 	}
 
 }
+
+func array_contains(s []string, str string) bool {
+	for _, v := range s {
+		if v == str {
+			return true
+		}
+	}
+
+	return false
+}

models/campaign.go

@@ -609,7 +609,7 @@ func PostCampaign(c *Campaign, uid int64) error {
 	return tx.Commit().Error
 }
 
-//DeleteCampaign deletes the specified campaign
+// DeleteCampaign deletes the specified campaign
 func DeleteCampaign(id int64) error {
 	log.WithFields(logrus.Fields{
 		"campaign_id": id,