caldera icon indicating copy to clipboard operation
caldera copied to clipboard

Published 20 hours ago verified publisher icon mitre

Pipe characters dropped from Fact during Parsing

Open bjeffries opened this issue 1 year ago • 4 comments

Describe the bug A fact that contains a quoted string with a pipe character will drop all text following the pipe character during parsing. For example, if your ability is: echo #{my.caldera.fact} and your fact value pair is my.caldera.fact = 'before|after' When you execute the ability, the output is: echo 'before The expected output is: echo 'before|after'

Our (@d3vco) best guess is that this is an issue with the yaml parser library. To Reproduce Steps to reproduce the behavior: factbug_yml.zip - zip file with test ability and fact source

  1. Add attached ability into 'caldera/data/ability/test/' directory (82dc***.yml)
  2. Add attached fact source into 'caldera/data/sources/' directory (c4de***.yml)
  3. Execute ability (test print fact) with the quoted fact value

Expected behavior I expect pipe characters to be translated from the fact source into the ability especially when quoted.

Screenshots If applicable, add screenshots to help explain your problem. Add the potential link image Reviewing the command in manual mode Notice how everything after the pipe character (including the pipe) is dropped. image

Desktop (please complete the following information):

  • OS: Ubuntu 22.04.3 LTS Linux - VM
  • Browser: Firefox
  • Version: Caldera 4.2.0

Additional context Add any other context about the problem here.

bjeffries avatar Feb 14 '24 17:02 bjeffries

Looks like your first issue -- we aim to respond to issues as quickly as possible. In the meantime, check out our documentation here: http://caldera.readthedocs.io/

github-actions[bot] avatar Feb 14 '24 17:02 github-actions[bot]

So I was too quick to blame yaml.

The bug occurs in operations.html. Each fact is concatenated with its name like so: ${factName}|${fact.value}. Later, to recover the value, this string is split on the | character, which would also split any pipe characters in the value (or name for that matter). I think using the limit parameter of the split function would solve your issue, but that doesn't account for pipe characters in the name (as they would occur before the pipe that we actually want to split on).

d3vco avatar Feb 14 '24 19:02 d3vco

We encountered this issue in the past and I ended up using a hacky fix - using |SEPARATORVALUE| in place of the joining |. I think a better way of doing it might be prepending the length of the factName to the concatenated values, so "hello":"world" might become 5:helloworld, then using split with a limit of one to retrieve the key's length

neptunia avatar Feb 14 '24 19:02 neptunia

Fixed for v5 - https://github.com/mitre/magma/pull/41

elegantmoose avatar Feb 20 '24 23:02 elegantmoose

as patched for v5, closing. reopen if issue persists.

elegantmoose avatar Mar 13 '24 15:03 elegantmoose