Closed apscott closed 2 years ago
An example implementation of another logger is available here: https://github.com/SecurityRiskAdvisors/invoke-atomic-attire-logger logging to our ATTiRe format (https://github.com/SecurityRiskAdvisors/ATTiRe) that allows data to be easily imported to vectr
I'm looking at this right now and will give it a solid workout. I'm so excited for this. Thank you!
Check prereqs erroneously says files are missing when they are not. If I run the original Invoke code, it reports all prereqs as being met, which is correct.
Looks like the CheckPreqs issue can be fixed by changing
if ($res -ne 0) {
to
if ($res.ExitCode -ne 0) {
In Private\Invoke-CheckPrereqs.ps1
Problem handling null input args. New code on the left, old code on the right.
Some problematic getpreq situations with new code include T1560.001 tests 1 and 4. New code on the left, old code on the right.
When invoking test against remote machine (both local and remote are Windows) using a PowerShell remoting session, the new code (left) tries to access the art-out file and gets an error. Old code on right doesn't get error. I think this is a really easy fix as I don't think new code should need to access art-out or art-err. Wiki on remote execution
Or maybe it's not that easy of a fix. The logging currently happens on the remote machine and the remote machine would need to have and import the Attire-ExecutionLogger.psm1. Let's talk about the best way to make this happen.
There is a weird behavior for stdout with pwsh on Linux where it over-writes some lines of the output. See new code (left) with the PS prompt overwriting some of the output, and old code (right). I had to put the following line in Invoke-Process to fix it.
Start-Sleep -Seconds 5 # On nix, the last 4 lines of stdout get overwritten upon return so pause for a bit to ensure user can view results
Passing the custom logger on Linux gives Exception setting "PriorityClass"
I added a sleep of 3 seconds to this particular atomic (T1087.001-6) and it fixed the above race condition and interestingly also kind-of fixed the "overwriting of output" issue I posted in the previous comment. Note: I'm not suggesting we add sleeps to atomics but it was just to test the race condition theory.
Execution from Windows VM against remote Linux VM. New code (in red box) gives two errors about art-out and art-err but old code doesn't (in green box). These is probably the same issue discussed early where local and remote are both Windows OS.
Invoke-Process.ps1
There is now a new method of process creation when running in non-interactive mode. This method uses System.Diagnostics.ProcessStartInfo from the .NET API to create and retrieve output from a process. This method does not require writing files to disk to retrieve output from the process.
The previous method of using Start-Process is still used when running in interactive mode.
Invoke-AtomicTest.ps1
There are several changes in this file to facilitate logging. There is a new input argument for the user to specify a logger and new code to load and validate the logger module.
There is a section of code to re-create an equivalent command line passed into Invoke-AtomicTest. This is needed for the ATTiRe logger, but the code needs to be in Invoke-AtomicTest to access the input arguments. The rebuilt command line may explicitly contain arguments with default values that the user did not set.
There are now 3 places where Invoke-AtomicTest passes information to the logger module through the functions Start-ExecutionLog, Write-ExecutionLog, and Stop-ExecutionLog. Start-ExecutionLog and Stop-ExecutionLog are each called once: before and after all the test cases have run, respectively. These functions are to allow the logger to perform any setup or cleanup work it may need. Write-ExecutionLog is called once after each test case and is where any of the actual logging work is performed.
Default-ExecutionLogger.psm1
Write-ExecutionLog.ps1 has been renamed to Default-ExecutionLogger.psm1 and moved to the Public directory. The Write-ExecutionLog function remains, but with additional arguments to match the new API. These new arguments are not used by the function. Start-ExecutionLog and Stop-ExecutionLog have also been added but are empty functions. It generates the same logs as before.