Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

new: added --source argument to agent init (ENG-99) #10

Merged
merged 7 commits into from
Nov 22, 2024
Merged

new: added --source argument to agent init (ENG-99) #10

merged 7 commits into from
Nov 22, 2024

Conversation

evilsocket
Copy link
Contributor

  • Added an optional --source argument to dreadnode agent init that supports custom templates in the form of:
    • username/repository (github repository partial string) -> will download https://github.com/username/repository/archive/refs/heads/main.zip
    • https://github.com/username/repository (full github url) -> will download https://github.com/username/repository/archive/refs/heads/main.zip
    • https://example.com/custom.zip -> will download as is if full URL to a zip archive.

Unzipping should be safe from path traversal attacks.

  • Refactored install_template / install_template_from_dir in order to perform validation (at least a Dockerfile is required for a template) and handle nested folders correctly (there was a bug).
  • Fixed install_template / install_template_from_dir to handle non text files properly.
  • Added unit tests coverage for these changes and fixes.
  • Updated documentation to reflect changes.

Closes ENG-99

@evilsocket
new: added --source argument to agent init to support custom template…
e1e916e 
…s from github repositories and ZIP archives in general
@linear Linear
Copy link

linear bot commented Nov 20, 2024

ENG-99 CLI - Agent templates per strike

Given the unique requirements of strikes, we might want to let the user select from some docker base images to use for their agent (or maybe suggest them from the server) based on tools that might be required.

For example, certain dangerous-capabilities zones might benefit from having tools like mongo or psql.

@evilsocket evilsocket requested a review from monoxgas November 20, 2024 12:17
monoxgas
monoxgas approved these changes Nov 20, 2024
View reviewed changes
Copy link
Contributor

@monoxgas monoxgas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking good!

Currently checking on how easy it might be to get access to private repos with authentication through various means.

I did come across https://github.com/jelmer/dulwich, which might be a more well-supported library than GitPython if we wanted to add it the ability to clone local repos from SSH paths using everyone's default ssh config.

Going to try and avoid adding too much complexity with maybe just some web token auth primitives. I'll keep you posted.

README.md Outdated Show resolved Hide resolved
dreadnode_cli/utils.py Outdated Show resolved Hide resolved
dreadnode_cli/utils.py Show resolved Hide resolved
@evilsocket
Copy link
Contributor Author

Looking good!

Currently checking on how easy it might be to get access to private repos with authentication through various means.

I did come across https://github.com/jelmer/dulwich, which might be a more well-supported library than GitPython if we wanted to add it the ability to clone local repos from SSH paths using everyone's default ssh config.

Going to try and avoid adding too much complexity with maybe just some web token auth primitives. I'll keep you posted.

i specifically avoided using gitpython or similar because: do we really want to clone the whole repo, with the whole .git folder, the logs, diffs, commits and whatnot?

@evilsocket evilsocket closed this Nov 22, 2024
@evilsocket evilsocket deleted the feature/eng-99-cli-agent-templates-per-strike branch November 22, 2024 11:40
@evilsocket evilsocket restored the feature/eng-99-cli-agent-templates-per-strike branch November 22, 2024 12:55
@evilsocket evilsocket reopened this Nov 22, 2024
evilsocket
evilsocket commented Nov 22, 2024
View reviewed changes
dreadnode_cli/agent/cli.py
):
print(":key: Accessed private repository")
source_dir = download_and_unzip_archive(
github_repo.api_zip_url, headers={"Authorization": f"Bearer {github_access_token.token}"}
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@monoxgas ooooooooooooooooo, now I get it :D github_repo.api_zip_url FTW!

@evilsocket
Copy link
Contributor Author

@monoxgas love the github_repo.api_zip_url solution! this PR looks ready to merge, wdyt?

@monoxgas monoxgas merged commit cf73707 into main Nov 22, 2024
3 checks passed
@monoxgas monoxgas deleted the feature/eng-99-cli-agent-templates-per-strike branch November 22, 2024 16:24
@monoxgas
Copy link
Contributor

Let's GOOO

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@monoxgas monoxgas monoxgas approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@evilsocket @monoxgas