Spaces in fact traits are being prefixed with backslashes

[dan-kir]

Describe the bug
Spaces in fact traits are being prefixed with backslashes when used in abilities.

This is causing problems when trying to seed an operation with a fact source that includes such traits.

To Reproduce
Steps to reproduce the behavior:

1. Create a fact trait with spaces.
2. Use the fact in an ability
3. Any spaces are prefixed with backslashes.

Expected behavior

1. Create a fact trait with spaces.
2. Use the fact in an ability.
3. The trait can be used as is without the backslash prefix.

Screenshots
Example fact trait:

Example command being executed:

Desktop (please complete the following information):

• OS: Kali
• Browser: Chrome
• Version: Caldera latest

Additional context
Don't think the issue is with the agents. Tested both Sandcat and Ragdoll agents.

[github-actions]

Looks like your first issue -- we aim to respond to issues as quickly as possible. In the meantime, check out our documentation here: http://caldera.readthedocs.io/

[idleninja]

I came to check if this had been previously reported as i too am experiencing the same unexpected behavior.

[github-actions]

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days

[dan-kir]

Bump.
I would still like to see a solution to this. Can draft a PR when I have the time to investigate.

[github-actions]

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days

[d3vco]

@dan-kir what ability / plugin were you using when you encountered this issue?

I was not able to replicate when testing on an arbitrary ability (spaces were retained from fact to command), which makes me think it may be related to the ability or plugin that you are using.

[dan-kir]

@dan-kir what ability / plugin were you using when you encountered this issue?

I was not able to replicate when testing on an arbitrary ability (spaces were retained from fact to command), which makes me think it may be related to the ability or plugin that you are using.

In the provided screenshots, I am using a custom ability that simply sends a GET request using curl.

[github-actions]

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days

[elegantmoose]

@dan-kir Still having issue?

[dan-kir]

@elegantmoose Yes still seeing spaces in facts being escaped when used in abilities. I can provide more examples if it will help.

[dan-kir]

Here is a simple example using modified ability 'Leave note (T1491)'

[d3vco]

I still cannot replicate. I modified the Leave note ability as shown in your screenshots @dan-kir and I did not experience the space escaping behavior.

I will add that Facts do have a method that allows them to be escaped, but nothing you are doing should be calling that method.

[dan-kir]

That's it! That function is being called because I'm using a 'sh' executor.

I confirmed this was my problem by updating the 'escaped' function like so:

def escaped(self, executor):
        #if executor not in escape_ref:
        return self.value
        escaped_value = str(self.value)
        #for char in escape_ref[executor]['special']:
        #    escaped_value = escaped_value.replace(char, (escape_ref[executor]['escape_prefix'] + char))
        return escaped_value

This works for me in the short-term. Unsure what a long-term fix looks like. Could spaces be removed from the 'escape_ref' dictionary?

[github-actions]

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days