Untitled Goose Tool is a robust and flexible hunt and incident response tool that adds novel authentication and data gathering methods in order to run a full investigation against a customer’s Azure Active Directory (AzureAD), Azure, and M365 environments.
This PR fixes a bug in the M365 dumper module. The bug produces an KeyError exception which leads to a crash of the application.
💠Motivation and context
The exception is thrown in the function dump_exo_mailbox of the m365_datadumper.py. The complete stack trace can be found below.
Traceback (most recent call last):
File "venv/goose/bin/goosey", line 11, in <module>
load_entry_point('goosey==1.1.0', 'console_scripts', 'goosey')()
File "venv/goose/lib/python3.8/site-packages/goosey/main.py", line 89, in main
honkmain(args)
File "venv/goose/lib/python3.8/site-packages/goosey/honk.py", line 278, in main
asyncio.run(run(args, config, auth, auth_un_pw))
File "/usr/lib/python3.8/asyncio/runners.py", line 44, in run
return loop.run_until_complete(main)
File "/usr/lib/python3.8/asyncio/base_events.py", line 616, in run_until_complete
return future.result()
File "venv/goose/lib/python3.8/site-packages/goosey/honk.py", line 145, in run
await asyncio.gather(*tasks)
File "venv/goose/lib/python3.8/site-packages/goosey/m365_datadumper.py", line 278, in dump_exo_mailbox
del result['@odata.context']
KeyError: '@odata.context'
As seen in the stack trace the key @odata.context is not part of the result dictionary. Thus, I suggest to check whether the key exists beforehand.
🧪 Testing
This PR was tested manually against a Microsoft 365 development tenant (E5 license).
✅ Pre-approval checklist
[x] This PR has an informative and human-readable title.
[x] Changes are limited to a single goal - eschew scope creep!
[x] All future TODOs are captured in issues, which are referenced
in code comments.
[ ] All relevant type-of-change labels have been added.
🗣 Description
This PR fixes a bug in the M365 dumper module. The bug produces an
KeyError
exception which leads to a crash of the application.💠Motivation and context
The exception is thrown in the function
dump_exo_mailbox
of them365_datadumper.py
. The complete stack trace can be found below.As seen in the stack trace the key
@odata.context
is not part of theresult
dictionary. Thus, I suggest to check whether the key exists beforehand.🧪 Testing
This PR was tested manually against a Microsoft 365 development tenant (E5 license).
✅ Pre-approval checklist
✅ Pre-merge checklist
✅ Post-merge checklist