Properly encapsulate providers to allow for different detonation UUIDs #295
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Current state
"Providers" (i.e. instances of the AWS SDK, GCP SDK etc.) are currently globally shared. Each attack technique retrieves the provider it needs by using the global
providers
namespace:When Stratus Red Team detonates an attack technique, it injects an UUID in the user-agent of the relevant SDK. This UUID is also globally accessible through
providers.UniqueExecutionId
.The problem
The detonation UUID is currently global per process. For instance, if we detonate multiple Stratus Red Team attack techniques through the programmatic interface, all the detonations have same UUID.
This is a problem because it defeats the very purpose of this UUID mechanism: creating a causation between a detonation and the resulting logs.
The solution
CloudProviders
and structureCloudProvidersImpl
holding references to the appropriate providers:detonate
andrevert
attack technique functions to inject aCloudProviders
(dependency injection):Retro-compatibility
This should be fully retro-compatible.
Manual tests