Added support for modular loggers and changes to process creation.

[apscott]

Invoke-Process.ps1

There is now a new method of process creation when running in non-interactive mode. This method uses System.Diagnostics.ProcessStartInfo from the .NET API to create and retrieve output from a process. This method does not require writing files to disk to retrieve output from the process.

The previous method of using Start-Process is still used when running in interactive mode.

Invoke-AtomicTest.ps1

There are several changes in this file to facilitate logging. There is a new input argument for the user to specify a logger and new code to load and validate the logger module.

There is a section of code to re-create an equivalent command line passed into Invoke-AtomicTest. This is needed for the ATTiRe logger, but the code needs to be in Invoke-AtomicTest to access the input arguments. The rebuilt command line may explicitly contain arguments with default values that the user did not set.

There are now 3 places where Invoke-AtomicTest passes information to the logger module through the functions Start-ExecutionLog, Write-ExecutionLog, and Stop-ExecutionLog. Start-ExecutionLog and Stop-ExecutionLog are each called once: before and after all the test cases have run, respectively. These functions are to allow the logger to perform any setup or cleanup work it may need. Write-ExecutionLog is called once after each test case and is where any of the actual logging work is performed.

Default-ExecutionLogger.psm1

Write-ExecutionLog.ps1 has been renamed to Default-ExecutionLogger.psm1 and moved to the Public directory. The Write-ExecutionLog function remains, but with additional arguments to match the new API. These new arguments are not used by the function. Start-ExecutionLog and Stop-ExecutionLog have also been added but are empty functions. It generates the same logs as before.

[thebleucheese]

An example implementation of another logger is available here: https://github.com/SecurityRiskAdvisors/invoke-atomic-attire-logger logging to our ATTiRe format (https://github.com/SecurityRiskAdvisors/ATTiRe) that allows data to be easily imported to vectr

[clr2of8]

I'm looking at this right now and will give it a solid workout. I'm so excited for this. Thank you!

[clr2of8]

Check prereqs erroneously says files are missing when they are not. If I run the original Invoke code, it reports all prereqs as being met, which is correct.

[clr2of8]

Looks like the CheckPreqs issue can be fixed by changing

if ($res -ne 0) {

to

if ($res.ExitCode -ne 0) {

In Private\Invoke-CheckPrereqs.ps1

[clr2of8]

Problem handling null input args. New code on the left, old code on the right.

[clr2of8]

Some problematic getpreq situations with new code include T1560.001 tests 1 and 4. New code on the left, old code on the right.

[clr2of8]

When invoking test against remote machine (both local and remote are Windows) using a PowerShell remoting session, the new code (left) tries to access the art-out file and gets an error. Old code on right doesn't get error. I think this is a really easy fix as I don't think new code should need to access art-out or art-err. Wiki on remote execution

Or maybe it's not that easy of a fix. The logging currently happens on the remote machine and the remote machine would need to have and import the Attire-ExecutionLogger.psm1. Let's talk about the best way to make this happen.

[clr2of8]

There is a weird behavior for stdout with pwsh on Linux where it over-writes some lines of the output. See new code (left) with the PS prompt overwriting some of the output, and old code (right). I had to put the following line in Invoke-Process to fix it.

Start-Sleep -Seconds 5 # On nix, the last 4 lines of stdout get overwritten upon return so pause for a bit to ensure user can view results

[clr2of8]

Passing the custom logger on Linux gives Exception setting "PriorityClass"

I added a sleep of 3 seconds to this particular atomic (T1087.001-6) and it fixed the above race condition and interestingly also kind-of fixed the "overwriting of output" issue I posted in the previous comment. Note: I'm not suggesting we add sleeps to atomics but it was just to test the race condition theory.

[clr2of8]

Execution from Windows VM against remote Linux VM. New code (in red box) gives two errors about art-out and art-err but old code doesn't (in green box). These is probably the same issue discussed early where local and remote are both Windows OS.