Merge pull request #1000 from Ana06/node-helper

Add helper function for Node tools
mandiant · Apr 23, 2024 · 68f716d · 68f716d
2 parents 905ecb2 + be358d4
commit 68f716d
Show file tree

Hide file tree

Showing 7 changed files with 50 additions and 41 deletions.
diff --git a/packages/common.vm/common.vm.nuspec b/packages/common.vm/common.vm.nuspec
@@ -2,7 +2,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>common.vm</id>
-    <version>0.0.0.20240416</version>
+    <version>0.0.0.20240419</version>
     <description>Common libraries for VM-packages</description>
     <authors>Mandiant</authors>
   </metadata>

diff --git a/packages/common.vm/tools/vm.common/vm.common.psm1 b/packages/common.vm/tools/vm.common/vm.common.psm1
@@ -368,6 +368,38 @@ function VM-Install-From-Zip {
     }
 }
 
+function VM-Install-Node-Tool-From-Zip {
+    [CmdletBinding()]
+    [OutputType([System.Object[]])]
+    Param
+    (
+        [Parameter(Mandatory=$true, Position=0)]
+        [string] $toolName,
+        [Parameter(Mandatory=$true, Position=1)]
+        [string] $category,
+        [Parameter(Mandatory=$true, Position=2)]
+        [string] $zipUrl,
+        [Parameter(Mandatory=$false, Position=3)]
+        [string] $zipSha256,
+        # node command such as "jailme.js -h -b list"
+        [Parameter(Mandatory=$true)]
+        [string] $command,
+        [Parameter(Mandatory=$false)]
+        [bool] $innerFolder=$true # Default to true as most node apps are GH repos (ZIP with inner folder)
+    )
+    # Install dependencies with npm when running shortcut as we ignore errors below
+    $powershellCommand = "npm install; node $command"
+
+    $toolDir = (VM-Install-From-Zip $toolName $category $zipUrl $zipSha256 -innerFolder $innerFolder -powershellCommand $powershellCommand)[0]
+
+    # Prevent the following warning from failing the package: "npm WARN deprecated [email protected]"
+    $ErrorActionPreference = 'Continue'
+    # Get absolute path as npm may not be in PATH until Powershell is restarted
+    $npmPath = Join-Path ${Env:ProgramFiles} "\nodejs\npm.cmd" -Resolve
+    # Install tool dependencies with npm
+    Set-Location $toolDir; & "$npmPath" install | Out-Null
+}
+
 # This functions returns $executablePath
 function VM-Install-Single-Exe {
     [CmdletBinding()]

diff --git a/packages/malware-jail.vm/malware-jail.vm.nuspec b/packages/malware-jail.vm/malware-jail.vm.nuspec
@@ -2,11 +2,11 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>malware-jail.vm</id>
-    <version>0.0.0.20240412</version>
+    <version>0.0.0.20240419</version>
     <authors>Hynek Petrak</authors>
     <description>Sandbox for semi-automatic Javascript malware analysis, deobfuscation and payload extraction.</description>
     <dependencies>
-      <dependency id="common.vm" version="0.0.0.20240412" />
+      <dependency id="common.vm" version="0.0.0.20240419" />
       <dependency id="nodejs.vm" />
     </dependencies>
   </metadata>

diff --git a/packages/malware-jail.vm/tools/chocolateyinstall.ps1 b/packages/malware-jail.vm/tools/chocolateyinstall.ps1
@@ -1,24 +1,12 @@
 $ErrorActionPreference = 'Stop'
 Import-Module vm.common -Force -DisableNameChecking
 
-try {
-    $toolName = 'malware-jail'
-    $category = 'Javascript'
+$toolName = 'malware-jail'
+$category = 'Javascript'
 
-    $zipUrl = 'https://github.com/HynekPetrak/malware-jail/archive/ec370f1433652fdd346995f1d6f00b26368aa611.zip'
-    $zipSha256 = '027b59bdb5c0b8b20ae348269b320b924be34c4cb4ae708704290e67c23e8d4d'
-    # Install dependencies with npm when running shortcut as we ignore errors below
-    $powershellCommand = "npm install; node jailme.js -h -b list"
+$zipUrl = 'https://github.com/HynekPetrak/malware-jail/archive/ec370f1433652fdd346995f1d6f00b26368aa611.zip'
+$zipSha256 = '027b59bdb5c0b8b20ae348269b320b924be34c4cb4ae708704290e67c23e8d4d'
+$command = "jailme.js -h -b list"
 
-    $toolDir = (VM-Install-From-Zip $toolName $category $zipUrl $zipSha256 -innerFolder $true -powershellCommand $powershellCommand)[0]
+VM-Install-Node-Tool-From-Zip $toolName $category $zipUrl $zipSha256 -command $command
 
-} catch {
-    VM-Write-Log-Exception $_
-}
-
-# Prevent the following warning from failing the package: "npm WARN deprecated [email protected]"
-$ErrorActionPreference = 'Continue'
-# Get absolute path as npm is not in path until Powershell is restarted
-$npmPath = Join-Path ${Env:ProgramFiles} "\nodejs\npm.cmd" -Resolve
-# Install tool dependencies with npm
-Set-Location $toolDir; & "$npmPath" install | Out-Null
diff --git a/packages/pkg-unpacker.vm/pkg-unpacker.vm.nuspec b/packages/pkg-unpacker.vm/pkg-unpacker.vm.nuspec
@@ -2,11 +2,11 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>pkg-unpacker.vm</id>
-    <version>1.0.0.20240412</version>
+    <version>1.0.0.20240419</version>
     <authors>LockBlock-dev</authors>
     <description>Unpacker for pkg applications.</description>
     <dependencies>
-      <dependency id="common.vm" version="0.0.0.20240412" />
+      <dependency id="common.vm" version="0.0.0.20240419" />
       <dependency id="nodejs.vm" />
     </dependencies>
   </metadata>

diff --git a/packages/pkg-unpacker.vm/tools/chocolateyinstall.ps1 b/packages/pkg-unpacker.vm/tools/chocolateyinstall.ps1
@@ -1,21 +1,10 @@
 $ErrorActionPreference = 'Stop'
 Import-Module vm.common -Force -DisableNameChecking
 
-try {
-    $toolName = 'pkg-unpacker'
-    $category = 'Packers'
-    $zipUrl = 'https://github.com/LockBlock-dev/pkg-unpacker/archive/b1fd5200e1bf656dedef6817c177c8bb2dc38028.zip'
-    $zipSha256 = '6eed1d492d37ca3934a3bc838c2256719a3e78ccf72ce1b1ca07684519ace16c'
-    $powershellCommand = "npm install; node unpack.js"
+$toolName = 'pkg-unpacker'
+$category = 'Packers'
+$zipUrl = 'https://github.com/LockBlock-dev/pkg-unpacker/archive/b1fd5200e1bf656dedef6817c177c8bb2dc38028.zip'
+$zipSha256 = '6eed1d492d37ca3934a3bc838c2256719a3e78ccf72ce1b1ca07684519ace16c'
+$command = "unpack.js"
 
-    $toolDir = (VM-Install-From-Zip $toolName $category $zipUrl $zipSha256 -innerFolder $true -powershellCommand $powershellCommand)[0]
-} catch {
-  VM-Write-Log-Exception $_
-}
-
-# Prevent npm warn/notice to fail the package
-$ErrorActionPreference = 'Continue'
-# Get absolute path as npm is not in path until Powershell is restarted
-$npmPath = Join-Path ${Env:ProgramFiles} "\nodejs\npm.cmd" -Resolve
-# Install tool dependencies with npm
-Set-Location $toolDir; & "$npmPath" install | Out-Null
+VM-Install-Node-Tool-From-Zip $toolName $category $zipUrl $zipSha256 -command $command
diff --git a/scripts/test/lint.ps1 b/scripts/test/lint.ps1
@@ -1,6 +1,6 @@
 # PSUseApprovedVerbs is disabled to support VM- functions
 # TODO: Enable other rules
-$excludedRules = "PSAvoidUsingInvokeExpression", "PSUseApprovedVerbs", "PSAvoidUsingWriteHost", "PSUseShouldProcessForStateChangingFunctions", "PSUseSingularNouns"
+$excludedRules = "PSAvoidUsingInvokeExpression", "PSUseApprovedVerbs", "PSAvoidUsingWriteHost", "PSUseShouldProcessForStateChangingFunctions", "PSUseSingularNouns", "PSAvoidUsingPositionalParameters"
 
 choco install psscriptanalyzer --version 1.20.0 --no-progress