fix: restrict payload discovery to resources/ directory (#32)

app/emu_svc.py

@@ -71,7 +71,7 @@
 
         if not os.path.exists(self.repo_dir) or not os.listdir(self.repo_dir):
             self.log.debug('cloning repo %s' % repo_url)
             check_call(['git', 'clone', '--depth', '1', repo_url, self.repo_dir], stdout=DEVNULL, stderr=STDOUT)
             self.log.debug('clone complete')
 
     async def populate_data_directory(self, library_path=None):
@@ -309,14 +309,25 @@
             [payload for payload in payloads if payload not in self._dynamicically_compiled_payloads]
         )
 
+    @staticmethod
+    def _is_resource_path(path):
+        """Check if the given path is under a Resources/ directory (not Archive/)."""
+        path_str = str(path)
+        return 'Resources' + os.sep in path_str or '/Resources/' in path_str
+
     def _store_required_payloads(self):
         self.log.debug('Searching for and storing required payloads.')
         for payload in self.required_payloads:
             copied = False
             found = False
             if os.path.exists(os.path.join(self.payloads_dir, payload)):
                 continue
-            for path in Path(self.repo_dir).rglob(payload):
+            matches = list(Path(self.repo_dir).rglob(payload))
+            # Prioritize payloads from Resources/ directories over other locations
+            # (e.g. Archive/CALDERA_DIY/evals/payloads) to avoid loading wrong files.
+            resource_matches = [p for p in matches if self._is_resource_path(p)]
+            ordered_matches = resource_matches if resource_matches else matches
+            for path in ordered_matches:
                 found = True
                 target_path = os.path.join(self.payloads_dir, path.name)
                 try:

tests/test_emu_svc.py

@@ -237,6 +237,43 @@ def _rglob(_, target):
             call(PosixPath('/path/to/payload3'), 'plugins/emu/payloads/payload3'),
         ], any_order=True)
 
+    def test_store_required_payloads_prefers_resources_path(self, emu_svc):
+        """Payloads under Resources/ should be preferred over Archive/ duplicates (#32)."""
+        def _rglob(_, target):
+            return [
+                PosixPath('/repo/apt29/Archive/CALDERA_DIY/evals/payloads/' + target),
+                PosixPath('/repo/apt29/Resources/payloads/' + target),
+            ]
+
+        emu_svc.required_payloads = {'evil.exe'}
+        with patch.object(Path, 'rglob', new=_rglob):
+            with patch.object(shutil, 'copyfile', return_value=None) as new_copyfile:
+                emu_svc._store_required_payloads()
+        # Should copy from Resources/ path, not Archive/ path
+        new_copyfile.assert_called_once_with(
+            PosixPath('/repo/apt29/Resources/payloads/evil.exe'),
+            'plugins/emu/payloads/evil.exe',
+        )
+
+    def test_store_required_payloads_falls_back_when_no_resources(self, emu_svc):
+        """If no Resources/ match exists, fall back to any available match."""
+        def _rglob(_, target):
+            return [PosixPath('/repo/other_location/' + target)]
+
+        emu_svc.required_payloads = {'tool.dll'}
+        with patch.object(Path, 'rglob', new=_rglob):
+            with patch.object(shutil, 'copyfile', return_value=None) as new_copyfile:
+                emu_svc._store_required_payloads()
+        new_copyfile.assert_called_once_with(
+            PosixPath('/repo/other_location/tool.dll'),
+            'plugins/emu/payloads/tool.dll',
+        )
+
+    def test_is_resource_path(self):
+        assert EmuService._is_resource_path(PosixPath('/repo/apt29/Resources/payloads/evil.exe')) is True
+        assert EmuService._is_resource_path(PosixPath('/repo/apt29/Archive/CALDERA_DIY/evals/payloads/evil.exe')) is False
+        assert EmuService._is_resource_path(PosixPath('/repo/other/evil.exe')) is False
+
     def test_register_required_payloads(self, emu_svc):
         payloads = ['payload1', 'payload2', 'payload3', 'sandcat.go-darwin', 'sandcat.go-linux', 'sandcat.go-windows']
         want = {'payload1', 'payload2', 'payload3'}