Skip to content

fix: restrict payload discovery to resources/ directory (#32)#52

Open
deacon-mp wants to merge 1 commit intomasterfrom
fix/issue-32-payload-path-priority
Open

fix: restrict payload discovery to resources/ directory (#32)#52
deacon-mp wants to merge 1 commit intomasterfrom
fix/issue-32-payload-path-priority

Conversation

@deacon-mp
Copy link
Copy Markdown
Contributor

@deacon-mp deacon-mp commented Mar 16, 2026

Summary

  • Fixes emu plugin loads unexpected/wrong payloads for apt29 #32 — emu plugin loads wrong payloads from Archive/ instead of resources/
  • Adds _is_resource_path() helper to prioritize Resources/ directory matches during payload discovery
  • Falls back to any match if no Resources/ path exists, preserving backward compatibility

Test plan

  • Deploy emu plugin with apt29 adversary profile
  • Verify correct payloads are loaded from Resources/
  • Verify Archive/ payloads are not loaded
  • Unit tests for _is_resource_path() helper
  • Unit test verifying Resources/ paths are preferred over Archive/ paths
  • Unit test verifying fallback when no Resources/ path exists

@deacon-mp
fix: restrict payload discovery to resources/ directory (#32)
f63b14c 
The payload search in _store_required_payloads() uses Path.rglob() which
walks the entire adversary-emulation-plans tree and can pick up files from
Archive/CALDERA_DIY/evals/payloads instead of the correct Resources/ path.

Add _is_resource_path() helper and prioritize Resources/ matches over other
locations when copying payloads. Falls back to any match if no Resources/
path is found.
@deacon-mp deacon-mp mentioned this pull request Mar 16, 2026
Closed
@deacon-mp deacon-mp requested a review from Copilot March 16, 2026 13:32
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Mar 16, 2026

Quality Gate Failed Quality Gate failed

Failed conditions
C Reliability Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

Copilot AI reviewed Mar 16, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR addresses payload discovery in the emu plugin so that, when duplicate payload names exist across the adversary-emulation-plans repository, payloads under Resources/ are preferred over archived copies (fixing the APT29 mis-selection described in #32) while retaining a fallback to non-Resources/ matches.

Changes:

  • Add an _is_resource_path() helper to identify Resources/-scoped payload paths.
  • Update _store_required_payloads() to prefer Resources/ matches when multiple payloads share the same name.
  • Add unit tests covering preference for Resources/, fallback behavior, and _is_resource_path().

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
app/emu_svc.py Adds Resources/-path detection and updates payload discovery ordering to prefer Resources/ matches.
tests/test_emu_svc.py Adds unit tests verifying Resources/ preference, fallback behavior, and _is_resource_path() behavior.
Comments suppressed due to low confidence (1)

app/emu_svc.py:336

  • When one or more Resources/ matches exist, ordered_matches is limited to resource_matches. If copying from all Resources/ locations fails (permissions, transient IO errors), the code will never attempt non-Resources matches even though they may be valid, which reduces the intended backward-compatible fallback behavior. Consider trying resource matches first, and if none copy successfully, then iterating the remaining matches as a fallback.
            resource_matches = [p for p in matches if self._is_resource_path(p)]
            ordered_matches = resource_matches if resource_matches else matches
            for path in ordered_matches:
                found = True
                target_path = os.path.join(self.payloads_dir, path.name)
                try:
                    shutil.copyfile(path, target_path)
                    copied = True
                    break

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

app/emu_svc.py
Comment on lines +315 to +316
path_str = str(path)
return 'Resources' + os.sep in path_str or '/Resources/' in path_str
app/emu_svc.py
Comment on lines +325 to +330
matches = list(Path(self.repo_dir).rglob(payload))
# Prioritize payloads from Resources/ directories over other locations
# (e.g. Archive/CALDERA_DIY/evals/payloads) to avoid loading wrong files.
resource_matches = [p for p in matches if self._is_resource_path(p)]
ordered_matches = resource_matches if resource_matches else matches
for path in ordered_matches:
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

emu plugin loads unexpected/wrong payloads for apt29

2 participants

@deacon-mp