Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics) of Red Canary's Atomic Red Team project.
Issue:
The escape quote logic for bash/sh executors caused errors with find commands that contained an -exec statement. The \; escape syntax for the -exec statement was incorrectly being escaped causing the find command to fail. (See Issue #91)
Fix:
After reading PR #24 and PR #33, the proposed fix is to split the escape regex into two statements. The backslash escape regex performs a negative lookahead for a semicolon (;). If the semicolon is found, the backslash is not escaped. The second regex statement looks to escape the double quote (")
Testing:
Testing was performed locally on a Linux server. Ran multiple Linux Atomic-Tests to ensure proper execution. The tests including the following that execute an -exec as part of the find command:
Issue: The escape quote logic for bash/sh executors caused errors with
findcommands that contained an-execstatement. The\;escape syntax for the-execstatement was incorrectly being escaped causing the find command to fail. (See Issue #91)Fix: After reading PR #24 and PR #33, the proposed fix is to split the escape regex into two statements. The backslash escape regex performs a negative lookahead for a semicolon (
;). If the semicolon is found, the backslash is not escaped. The second regex statement looks to escape the double quote (")Testing: Testing was performed locally on a Linux server. Ran multiple Linux Atomic-Tests to ensure proper execution. The tests including the following that execute an
-execas part of thefindcommand: