Linting, gosec, and staticcheck updates

go.mod

@@ -3,15 +3,12 @@ module github.com/Ne0nd0g/merlin
 require (
 	github.com/Binject/debug v0.0.0-20201228082058-60012895f187 // indirect
 	github.com/Binject/go-donut v0.0.0-20201215224200-d947cf4d090d
-	github.com/CUCyber/ja3transport v0.0.0-20191126031250-d2ab5557668f // indirect
-	github.com/Ne0nd0g/go-clr v1.0.1
-	github.com/Ne0nd0g/ja3transport v0.0.0-20200203013218-e81e31892d84
 	github.com/chzyer/logex v1.1.10 // indirect
 	github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e
 	github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1 // indirect
 	github.com/cretz/gopaque v0.1.0
 	github.com/fatih/color v1.7.0
-	github.com/google/go-cmp v0.5.1 // indirect
+	github.com/google/uuid v1.2.0 // indirect
 	github.com/kr/pretty v0.2.0 // indirect
 	github.com/lucas-clemente/quic-go v0.20.1
 	github.com/mattn/go-colorable v0.1.2 // indirect
@@ -21,12 +18,11 @@ require (
 	github.com/satori/go.uuid v1.2.0
 	github.com/stretchr/testify v1.6.1 // indirect
 	go.dedis.ch/kyber/v3 v3.0.12
-	golang.org/x/crypto v0.0.0-20200709230013-948cd5f35899
-	golang.org/x/net v0.0.0-20201021035429-f5854403a974
-	golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9
-	golang.org/x/sys v0.0.0-20210415045647-66c3f260301c
+	golang.org/x/crypto v0.0.0-20200709230013-948cd5f35899 // indirect
+	golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985
+	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
+	golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c // indirect
 	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
-	google.golang.org/protobuf v1.25.0 // indirect
 	gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect
 	gopkg.in/square/go-jose.v2 v2.3.1
 )

pkg/agents/agents.go

@@ -439,21 +439,20 @@ func SetAgentNote(agentID uuid.UUID, note string) error {
 func GroupAddAgent(agentID uuid.UUID, groupName string) error {
 	if !isAgent(agentID) {
 		return fmt.Errorf("%s is not a known agent", agentID)
+	}
+	grp, ok := groups[groupName]
+	if !ok {
+		groups[groupName] = []uuid.UUID{agentID}
 	} else {
-		grp, ok := groups[groupName]
-		if !ok {
-			groups[groupName] = []uuid.UUID{agentID}
-		} else {
-			// Don't add it to the group if it's already there
-			for _, a := range groups[groupName] {
-				if uuid.Equal(a, agentID) {
-					return nil
-				}
+		// Don't add it to the group if it's already there
+		for _, a := range groups[groupName] {
+			if uuid.Equal(a, agentID) {
+				return nil
 			}
-			groups[groupName] = append(grp, agentID)
 		}
-		return nil
+		groups[groupName] = append(grp, agentID)
 	}
+	return nil
 }
 
 // GroupListAll lists groups as a table of {groupName,agentID}
@@ -470,7 +469,7 @@ func GroupListAll() [][]string {
 // GroupListNames list out just the names of existing groups
 func GroupListNames() []string {
 	keys := make([]string, 0, len(groups))
-	for k, _ := range groups {
+	for k := range groups {
 		keys = append(keys, k)
 	}
 	return keys

pkg/api/agents/agents.go

@@ -411,10 +411,10 @@ func GetAgentInfo(agentID uuid.UUID) ([][]string, messages.UserMessage) {
 		{"Hostname", a.HostName},
 		{"Process Name", a.Process},
 		{"Process ID", strconv.Itoa(a.Pid)},
-		{"IP", fmt.Sprintf("%s", strings.Join(a.Ips, "\n"))},
+		{"IP", strings.Join(a.Ips, "\n")},
 		{"Initial Check In", a.InitialCheckIn.Format(time.RFC3339)},
 		{"Last Check In", fmt.Sprintf("%s (%s)", a.StatusCheckIn.Format(time.RFC3339), lastCheckin(a.StatusCheckIn))},
-		{"Groups", fmt.Sprintf("%s", strings.Join(groups, ", "))},
+		{"Groups", strings.Join(groups, ", ")},
 		{"Note", a.Note},
 		{"", ""},
 		{"Agent Version", a.Version},
@@ -472,7 +472,7 @@ func GroupAdd(agentID uuid.UUID, groupName string) messages.UserMessage {
 		return messages.UserMessage{
 			Level:   messages.Info,
 			Time:    time.Now().UTC(),
-			Message: fmt.Sprintf("Global group 'all' is immutable."),
+			Message: "Global group 'all' is immutable.",
 		}
 	}
 
@@ -514,7 +514,7 @@ func GroupRemove(agentID uuid.UUID, groupName string) messages.UserMessage {
 		return messages.UserMessage{
 			Level:   messages.Info,
 			Time:    time.Now().UTC(),
-			Message: fmt.Sprintf("Global group 'all' is immutable."),
+			Message: "Global group 'all' is immutable.",
 		}
 	}
 	err := agents.GroupRemoveAgent(agentID, groupName)

pkg/cli/banner/banner.go

@@ -49,6 +49,7 @@ const MerlinBanner1 string = `
        &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
            &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&`
 
+// MerlinBanner2 is a tribute to the team working on the Gandalf fork of Merlin
 const MerlinBanner2 string = `
                                   ....
                                 .'' .'''

pkg/cli/core/core.go

@@ -121,7 +121,7 @@ func ExecuteCommand(name string, arg []string) {
 	} else {
 		MessageChannel <- messages.UserMessage{
 			Level:   messages.Success,
-			Message: fmt.Sprintf("%s", out),
+			Message: string(out),
 			Time:    time.Time{},
 			Error:   false,
 		}

pkg/cli/menu/agent.go

@@ -81,7 +81,7 @@ func handlerAgent(cmd []string) {
 		if len(cmd) != 3 {
 			core.MessageChannel <- messages.UserMessage{
 				Level:   messages.Warn,
-				Message: fmt.Sprintf("Invalid arguments: 'group <add | remove> <groupname>"),
+				Message: "Invalid arguments: 'group <add | remove> <groupname>",
 				Time:    time.Now().UTC(),
 				Error:   true,
 			}
@@ -92,7 +92,7 @@ func handlerAgent(cmd []string) {
 		} else {
 			core.MessageChannel <- messages.UserMessage{
 				Level:   messages.Warn,
-				Message: fmt.Sprintf("Invalid arguments: group <add | remove> <groupname>"),
+				Message: "Invalid arguments: group <add | remove> <groupname>",
 				Time:    time.Now().UTC(),
 				Error:   true,
 			}

pkg/cli/menu/menu.go

@@ -24,11 +24,17 @@ import (
 var handler func([]string)
 
 const (
+	// MAIN is for the main menu
 	MAIN = iota
+	// AGENT is for the agent menu
 	AGENT
+	// MODULE is for the module menu
 	MODULE
+	// LISTENER is for a specific, already instantiated, listener menu
 	LISTENER
+	// LISTENERS is for the top-level listeners menu
 	LISTENERS
+	// LISTENERSETUP is the menu used to configure listener options before creation
 	LISTENERSETUP
 )
 

pkg/modules/shellcode/shellcode.go

@@ -131,23 +131,15 @@ func parseHex(str []string) ([]byte, error) {
 	// see if string is prefixed with 0x
 	if hexString[0:2] == "0x" {
 		hexString = strings.Replace(hexString, "0x", "", -1)
-		if strings.Contains(hexString, ",") {
-			hexString = strings.Replace(hexString, ",", "", -1)
-		}
-		if strings.Contains(hexString, " ") {
-			hexString = strings.Replace(hexString, " ", "", -1)
-		}
+		hexString = strings.Replace(hexString, ",", "", -1)
+		hexString = strings.Replace(hexString, " ", "", -1)
 	}
 
 	// see if string is prefixed with \x
 	if hexString[0:2] == "\\x" {
 		hexString = strings.Replace(hexString, "\\x", "", -1)
-		if strings.Contains(hexString, ",") {
-			hexString = strings.Replace(hexString, ",", "", -1)
-		}
-		if strings.Contains(hexString, " ") {
-			hexString = strings.Replace(hexString, " ", "", -1)
-		}
+		hexString = strings.Replace(hexString, ",", "", -1)
+		hexString = strings.Replace(hexString, " ", "", -1)
 	}
 
 	h, errH := hex.DecodeString(hexString)

pkg/server/jobs/jobs.go

@@ -512,7 +512,7 @@ func ClearCreated() error {
 	if core.Debug {
 		message("debug", "Entering into jobs.Clear() function...")
 	}
-	for id, _ := range JobsChannel {
+	for id := range JobsChannel {
 		err := Clear(id)
 		if err != nil {
 			return err