Bugfix: Update tool urls to https when using wss for client comms (Ve…

…locidex#3348) Fixes: Velocidex#3345
Genio40921 · Mar 16, 2024 · f557e03 · f557e03
1 parent 5f7f62d
commit f557e03
Show file tree

Hide file tree

Showing 5 changed files with 55 additions and 11 deletions.
diff --git a/docs/references/vql.yaml b/docs/references/vql.yaml
@@ -271,6 +271,22 @@
   category: windows
   metadata:
     permissions: MACHINE_STATE
+- name: backup
+  description: Generates a backup file.
+  type: Plugin
+  args:
+  - name: name
+    type: string
+    description: The name of the backup file.
+    required: true
+- name: backup_restore
+  description: Restore state from a backup file.
+  type: Plugin
+  args:
+  - name: name
+    type: string
+    description: The name of the backup file.
+    required: true
 - name: base64decode
   description: Decodes a base64 encoded string.
   type: Function
@@ -7288,3 +7304,4 @@
   category: plugin
   metadata:
     permissions: FILESYSTEM_READ
+
diff --git a/gui/velociraptor/src/components/hunts/hunts.jsx b/gui/velociraptor/src/components/hunts/hunts.jsx
@@ -39,12 +39,10 @@ class VeloHunts extends React.Component {
 
     componentDidMount = () => {
         this.get_hunts_source = CancelToken.source();
-        this.interval = setInterval(this.fetchSelectedHunt, POLL_TIME);
     }
 
     componentWillUnmount() {
         this.get_hunts_source.cancel();
-        clearInterval(this.interval);
     }
 
     collapse = () => {

diff --git a/services/inventory/inventory.go b/services/inventory/inventory.go
@@ -39,6 +39,7 @@ import (
 	"fmt"
 	"io"
 	"net/http"
+	"net/url"
 	"path"
 	"sync"
 	"time"
@@ -384,10 +385,11 @@ func (self *InventoryService) materializeTool(
 	tool.InvalidHash = ""
 
 	if tool.ServeLocally {
-		if org_config_obj.Client == nil || len(org_config_obj.Client.ServerUrls) == 0 {
-			return errors.New("No server URLs configured!")
+		base_url, err := getPublicURL(org_config_obj)
+		if err != nil {
+			return err
 		}
-		tool.ServeUrl = org_config_obj.Client.ServerUrls[0] + "public/" + tool.FilestorePath
+		tool.ServeUrl = base_url + "public/" + tool.FilestorePath
 
 	} else {
 		tool.ServeUrl = tool.Url
@@ -503,10 +505,11 @@ func (self *InventoryService) AddTool(
 	}
 
 	if tool.ServeLocally {
-		if config_obj.Client == nil || len(config_obj.Client.ServerUrls) == 0 {
-			return errors.New("No server URLs configured!")
+		base_url, err := getPublicURL(config_obj)
+		if err != nil {
+			return err
 		}
-		tool.ServeUrl = config_obj.Client.ServerUrls[0] + "public/" + tool.FilestorePath
+		tool.ServeUrl = base_url + "public/" + tool.FilestorePath
 	} else {
 		// If we dont serve the tool, the clients will directly get
 		// the tool from its upstream URL.
@@ -700,3 +703,21 @@ func isDefinitionBetter(old, new *artifacts_proto.Tool) bool {
 	// We prefer to keep the old tool.
 	return true
 }
+
+// Calculates the URL of the /public/ directory from the config file.
+func getPublicURL(config_obj *config_proto.Config) (string, error) {
+	if config_obj.Client == nil || len(config_obj.Client.ServerUrls) == 0 {
+		return "", fmt.Errorf("%w: No server URLs configured!", utils.InvalidConfigError)
+	}
+
+	parsed_url, err := url.Parse(config_obj.Client.ServerUrls[0])
+	if err != nil {
+		return "", fmt.Errorf("%w: %w!", utils.InvalidConfigError, err)
+	}
+
+	if parsed_url.Scheme == "wss" {
+		parsed_url.Scheme = "https"
+	}
+
+	return parsed_url.String(), nil
+}
diff --git a/services/notebook/acls_test.go b/services/notebook/acls_test.go
@@ -11,6 +11,7 @@ import (
 	"www.velocidex.com/golang/velociraptor/services"
 	"www.velocidex.com/golang/velociraptor/services/notebook"
 	"www.velocidex.com/golang/velociraptor/utils"
+	"www.velocidex.com/golang/velociraptor/vtesting"
 
 	_ "www.velocidex.com/golang/velociraptor/result_sets/timed"
 )
@@ -77,9 +78,15 @@ func (self *ACLTestSuite) TestNotebookPublicACL() {
 	assert.True(self.T(), notebook_manager.CheckNotebookAccess(new_notebook, "User1"))
 
 	// What notebooks does User1 have access to?
-	notebooks, err := notebook_manager.GetSharedNotebooks(self.Sm.Ctx, "User1", 0, 100)
-	assert.NoError(self.T(), err)
-	assert.Equal(self.T(), 1, len(notebooks))
+	var notebooks []*api_proto.NotebookMetadata
+
+	vtesting.WaitUntil(2*time.Second, self.T(), func() bool {
+		notebooks, err = notebook_manager.GetSharedNotebooks(self.Sm.Ctx, "User1", 0, 100)
+		assert.NoError(self.T(), err)
+
+		return 1 == len(notebooks)
+	})
+
 	assert.Equal(self.T(), new_notebook.NotebookId, notebooks[0].NotebookId)
 
 	// Check GetAllNotebooks without ACL checks

diff --git a/utils/errors.go b/utils/errors.go
@@ -14,6 +14,7 @@ var (
 	InvalidStatus       = errors.New("InvalidStatus")
 	TypeError           = errors.New("TypeError")
 	NotImplementedError = errors.New("Not implemented")
+	InvalidConfigError  = errors.New("InvalidConfigError")
 )
 
 // This is a custom error type that wraps an inner error but does not