[Feature] Add cross site scripting

amidaware · Nov 12, 2023 · 6ba3272 · 6ba3272
1 parent 753242a
commit 6ba3272
Show file tree

Hide file tree

Showing 2 changed files with 49 additions and 2 deletions.
diff --git a/agent/agent_unix.go b/agent/agent_unix.go
@@ -194,10 +194,49 @@ func (a *Agent) RunScript(code string, shell string, args []string, timeout int,
 
 	opts := a.NewCMDOpts()
 	opts.IsScript = true
-	opts.Shell = f.Name()
-	opts.Args = args
+	switch shell {
+	case "nushell":
+		// FIXME: Make this dynamic and use /opt/tacticalagent/bin/nu
+		opts.Shell = "/usr/local/bin/nu"
+		opts.Args = append([]string{
+			"--no-config-file",
+			f.Name(),
+		},
+			args...)
+
+	case "deno":
+		// FIXME: Make this dynamic and use /opt/tacticalagent/bin/nu
+		opts.Shell = "/usr/local/bin/deno"
+		opts.Args = []string{
+			"run",
+			"--no-prompt",
+		}
+
+		// Search the environment variables for DENO_PERMISSIONS and use that to set permissions for the script.
+		// https://docs.deno.com/runtime/manual/basics/permissions#permissions-list
+		// DENO_PERMISSIONS is not an official environment variable.
+		// https://docs.deno.com/runtime/manual/basics/env_variables
+		// TODO: Remove DENO_PERMISSIONS from the environment variables.
+		for _, v := range envVars {
+			if strings.HasPrefix(v, "DENO_PERMISSIONS=") {
+				permissions := strings.Split(v, "=")[1]
+				opts.Args = append(opts.Args, strings.Split(permissions, " ")...)
+			}
+		}
+
+		// Can't append a variadic slice after a string arg.
+		// https://pkg.go.dev/builtin#append
+		opts.Args = append(opts.Args, f.Name())
+		opts.Args = append(opts.Args, args...)
+
+	default:
+		opts.Shell = f.Name()
+		opts.Args = args
+	}
+
 	opts.EnvVars = envVars
 	opts.Timeout = time.Duration(timeout)
+	a.Logger.Debugln("RunScript(): ", opts.Shell, opts.Args)
 	out := a.CmdV2(opts)
 	retError := ""
 	if out.Status.Error != nil {

diff --git a/agent/agent_windows.go b/agent/agent_windows.go
@@ -118,6 +118,10 @@ func (a *Agent) RunScript(code string, shell string, args []string, timeout int,
 		ext = "*.py"
 	case "cmd":
 		ext = "*.bat"
+	case "nushell":
+		ext = "*.nu"
+	case "deno":
+		ext = "*.ts"
 	}
 
 	tmpDir := a.WinTmpDir
@@ -151,6 +155,10 @@ func (a *Agent) RunScript(code string, shell string, args []string, timeout int,
 		cmdArgs = []string{tmpfn.Name()}
 	case "cmd":
 		exe = tmpfn.Name()
+	case "nushell":
+		exe = tmpfn.Name()
+	case "deno":
+		exe = tmpfn.Name()
 	}
 
 	if len(args) > 0 {