Compare commits

...

4 Commits

Author SHA1 Message Date
Milan Bharanya 4d7910fec8
Merge 642d5fd7a4 into 9561846979 2024-11-21 01:14:13 +00:00
Jordan Wright 9561846979
Update workflow actions and Go versions (#3245)
This PR:

* Updates the versions of various actions used by the CI and release workflows
* Updates the release workflow to use Go version 1.22
* Updates the test matrix to use Go versions 1.21, 1.22, and 1.23

It also updates the CI workflow to run when pull requests are created or changed. This will help give feedback when formatting or tests are broken during a PR.

As a good example of why this is useful, you'll see that I needed to run `gofmt` to get this to pass! We should have caught that earlier and now we'll catch it moving forward.
2024-09-22 23:24:43 -05:00
Caetan 908886f2cd
Enforce account locks when creating new users (#3173)
Properly enforce account locks when new users are created

---------

Co-authored-by: Caetan Tojeiro Carpente <caetan.tojeiro@tier8.com>
2024-09-22 22:53:08 -05:00
MBharanya 642d5fd7a4 Add configurable list of filetypes that allow substitutions in attachments 2022-10-19 13:45:16 +02:00
9 changed files with 75 additions and 30 deletions

View File

@ -1,5 +1,7 @@
name: CI
on: [push]
on:
- pull_request
- push
jobs:
build:
@ -7,17 +9,17 @@ jobs:
runs-on: ubuntu-latest
strategy:
matrix:
goVer: [1.16, 1.17, 1.18]
goVer: [1.21, 1.22, 1.23]
steps:
- name: Set up Go ${{ matrix.goVer }}
uses: actions/setup-go@v1
uses: actions/setup-go@v5
with:
go-version: ${{ matrix.goVer }}
id: go
- name: Check out code into the Go module directory
uses: actions/checkout@v2
uses: actions/checkout@v4
- name: Get dependencies
run: |
@ -31,4 +33,4 @@ jobs:
run: diff -u <(echo -n) <(gofmt -d .)
- name: Test
run: go test -v ./...
run: go test ./...

View File

@ -38,7 +38,7 @@ jobs:
- name: Set up Go
uses: actions/setup-go@v2
with:
go-version: 1.14
go-version: 1.22
- if: matrix.os == 'ubuntu-latest'
run: sudo apt-get update && sudo apt-get install -y gcc-multilib
- if: matrix.arch == '386'
@ -47,7 +47,7 @@ jobs:
run: echo "RELEASE=gophish-${{ github.event.release.tag_name }}-${{ matrix.releaseos }}-64bit" >> $GITHUB_ENV
- if: matrix.os == 'windows-latest'
run: echo "RELEASE=gophish-${{ github.event.release.tag_name }}-${{ matrix.releaseos }}-64bit" | Out-File -FilePath $env:GITHUB_ENV -Append # https://github.com/actions/runner/issues/1636
- uses: actions/checkout@v2
- uses: actions/checkout@v4
- name: Build ${{ matrix.goos }}/${{ matrix.arch }}
run: go build -o ${{ matrix.bin }}
env:
@ -55,7 +55,7 @@ jobs:
GOARCH: ${{ matrix.arch }}
CGO_ENABLED: 1
- name: Upload to artifacts
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@v4
with:
name: ${{ env.RELEASE }}
path: ${{ matrix.bin }}
@ -65,8 +65,8 @@ jobs:
runs-on: ubuntu-latest
needs: build
steps:
- uses: actions/checkout@v2
- uses: actions/download-artifact@v2
- uses: actions/checkout@v4
- uses: actions/download-artifact@v4
with:
path: bin
- name: Package Releases
@ -96,7 +96,7 @@ jobs:
done
done
- name: Upload to artifacts
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@v4
with:
name: releases
path: releases/*.zip
@ -106,7 +106,7 @@ jobs:
runs-on: ubuntu-latest
needs: package
steps:
- uses: actions/download-artifact@v2
- uses: actions/download-artifact@v4
with:
name: releases
path: releases/

View File

@ -19,5 +19,17 @@
"logging": {
"filename": "",
"level": ""
},
"attachments": {
"plain_text_file_list": [
".txt",
".html",
".ics",
".ps1",
".bat",
".vbs",
".sh",
".py"
]
}
}

View File

@ -26,6 +26,11 @@ type PhishServer struct {
KeyPath string `json:"key_path"`
}
// Attachments represents the handling of attachments in emails
type Attachments struct {
PlainTextFileList []string `json:"plain_text_file_list"`
}
// Config represents the configuration information.
type Config struct {
AdminConf AdminServer `json:"admin_server"`
@ -37,6 +42,7 @@ type Config struct {
TestFlag bool `json:"test_flag"`
ContactAddress string `json:"contact_address"`
Logging *log.Config `json:"logging"`
Attachments Attachments `json:"attachments"`
}
// Version contains the current gophish version

View File

@ -26,7 +26,19 @@ var validConfig = []byte(`{
"db_name": "sqlite3",
"db_path": "gophish.db",
"migrations_prefix": "db/db_",
"contact_address": ""
"contact_address": "",
"attachments": {
"plain_text_file_list": [
".txt",
".html",
".ics",
".ps1",
".bat",
".vbs",
".sh",
".py"
]
}
}`)
func createTemporaryConfig(t *testing.T) *os.File {

View File

@ -109,6 +109,7 @@ func (as *Server) Users(w http.ResponseWriter, r *http.Request) {
Role: role,
RoleID: role.ID,
PasswordChangeRequired: ur.PasswordChangeRequired,
AccountLocked: ur.AccountLocked,
}
err = models.PutUser(&user)
if err != nil {

View File

@ -115,8 +115,8 @@ func (im *Monitor) Shutdown() error {
return nil
}
// checkForNewEmails logs into an IMAP account and checks unread emails
// for the rid campaign identifier.
// checkForNewEmails logs into an IMAP account and checks unread emails for the
// rid campaign identifier.
func checkForNewEmails(im models.IMAP) {
im.Host = im.Host + ":" + strconv.Itoa(int(im.Port)) // Append port
mailServer := Mailbox{

View File

@ -61,6 +61,21 @@ func (a *Attachment) ApplyTemplate(ptx PhishingTemplateContext) (io.Reader, erro
// "application/vnd.openxmlformats-officedocument.wordprocessingml.document"
fileExtension := filepath.Ext(a.Name)
if array_contains(conf.Attachments.PlainTextFileList, fileExtension) {
b, err := ioutil.ReadAll(decodedAttachment)
if err != nil {
return nil, err
}
processedAttachment, err := ExecuteTemplate(string(b), ptx)
if err != nil {
return nil, err
}
if processedAttachment == string(b) {
a.vanillaFile = true
}
return strings.NewReader(processedAttachment), nil
}
switch fileExtension {
case ".docx", ".docm", ".pptx", ".xlsx", ".xlsm":
@ -136,21 +151,18 @@ func (a *Attachment) ApplyTemplate(ptx PhishingTemplateContext) (io.Reader, erro
zipWriter.Close()
return bytes.NewReader(newZipArchive.Bytes()), err
case ".txt", ".html", ".ics":
b, err := ioutil.ReadAll(decodedAttachment)
if err != nil {
return nil, err
}
processedAttachment, err := ExecuteTemplate(string(b), ptx)
if err != nil {
return nil, err
}
if processedAttachment == string(b) {
a.vanillaFile = true
}
return strings.NewReader(processedAttachment), nil
default:
return decodedAttachment, nil // Default is to simply return the file
}
}
func array_contains(s []string, str string) bool {
for _, v := range s {
if v == str {
return true
}
}
return false
}

View File

@ -609,7 +609,7 @@ func PostCampaign(c *Campaign, uid int64) error {
return tx.Commit().Error
}
//DeleteCampaign deletes the specified campaign
// DeleteCampaign deletes the specified campaign
func DeleteCampaign(id int64) error {
log.WithFields(logrus.Fields{
"campaign_id": id,