check_go_dependencies() fails with non-empty dependencies list
Rayhawk11 opened this issue · 3 comments
Describe the bug
sandcat/app/utility/base_extension.py
Lines 18 to 26 in b817047
check_go_dependencies() seems to return False whenever self.dependencies is a non-empty list. It runs the command "go list [dep_name]", but the working directory is the root of the Caldera server, which is not a Go module.
To Reproduce
Steps to reproduce the behavior:
- Ensure Go dependencies are installed by running
go mod downloadin gocat directory. - Start Caldera server.
- Try to compile Sandcat with any gocat-extension that has a Go dependency.
server="http://caldera01.red:8888"; curl -s -X POST -H "file:sandcat.go" -H "platform:linux" -H "gocat-extensions:dns_tunneling" $server/file/download > splunkd
Expected behavior
Sandcat successfully compiles with the expected gocat-extension instead of omitting it over allegedly missing dependencies.
Desktop (please complete the following information):
- OS: CentOS Stream 8
- Browser: Google Chrome v89
- Version: Caldera Server 3.1.0
Possible fix?
Adding cwd='./plugins/sandcat/gocat' to the options of the call to subprocess.run() call referenced above fixes the issue for me.
Assuming go is in your path, you should be able to run go list <package name> from anywhere and have it return the appropriate output. Also, gocat extension dependencies won't be listed in the go.mod file within the gocat directory, since that file only contains dependencies for the core gocat code.
Oh, you are correct, my mistake. Fixed on my machine by setting GO111MODULE=auto and installing the right dependency. Without that environment variable set, go list wouldn't run properly outside of a Go module. Thanks!
Great, glad it all worked out! Let me know if you come across anything else or have any other questions.