fix(3078, 3079): Resolve issues in Operations API Manager and Plugin Hooks

[HackedRico]

Description

This pull request uses the proposed fix in #3101 to address issues #3078 and #3079.

Prior to PR, adding a ability with Builder Plugin does not build Payload using Potential Links in a Operation. It requires the ability to be added to an Adversary, then creating a Operation from that Adversary. The changes made allows for dynamic compilation of Builder Plugin ability payloads when adding a Potential Link to a Operation during runtime.

Changes I Made to #3101

After testing the proposed fix, running an operation with an ability that doesn't utilize a plugin fails, and raises a AttributeError. Error Message:

AttributeError: 'NoneType' object has no attribute 'startswith'                                                                                                        
ERROR    'NoneType' object has no attribute 'startswith'

The error occurs because the implementation assumes that every ability uses the Builder Plugin for dynamic compilation. However, there are abilities that do not utilize the Builder Plugin. When the builder service attempts to build these abilities, it encounters a NoneType object where a payload or plugin-related attribute is expected.

TL;DR: Required conditional to validate an ability utilizes Builder Plugin

• caldera/app/api/v2/managers/operation_api_manager.py

  Line 177 in de989ef

  if executor.HOOKS and executor.language and executor.language in executor.HOOKS:

• caldera/app/service/planning_svc.py

  Line 395 in de989ef

  if executor.HOOKS and executor.language and executor.language in executor.HOOKS:

Full Logs: 3101_logs.txt

Type of change

Please delete options that are not relevant.

• Bug fix (non-breaking change which fixes an issue)
• This change requires a documentation update

How Has This Been Tested?

I have tested these changes in Caldera v5.3.0 with a staged SandCat agent with abilities that use and not use Builder Plugin.

1. Adding a Potential Link to Operation using a POST Requested Ability that does not use Builder plugin executes successfully.

{
	"tactic": "curl",
	"technique_name": "curl",
	"technique_id": "curl",
	"name": "test_curl_regular",
	"description": "testing curl regular ability",
	"executors": [
		{
			"name": "sh",
			"platform": "linux",
			"command": "whoami",
			"code": null,
			"language": null,
			"build_target": null,
			"payloads": [],
			"uploads": [],
			"timeout": 60,
			"parsers": [],
			"cleanup": [],
			"variations": [],
			"additional_info": {}
		}
	],
	"requirements": [],
	"privilege": "",
	"repeatable": false,
	"buckets": [
		"curl"
	],
	"additional_info": {},
	"access": {},
	"singleton": false,
	"plugin": "",
	"delete_payload": true,
	"id": "86a058d5-c71d-409b-a4f3-209f534c71ce"
}

2. Adding a Potential Link to Operation using a POST Requested Ability that does use Builder plugin executes successfully, compiled payload, and planted on SandCat Agent system.

{
  "tactic": "curl",
  "technique_name": "curl",
  "technique_id": "curl",
  "name": "test_curl_builder_csharp",
  "description": "testing curl creation of builder ability",
  "executors": [
    {
      "name": "sh",
      "platform": "linux",
      "command": "./CSHelloWorld.sh",
      "code": "using System;\n\nnamespace HelloWorld\n{\n    class Program\n    {\n        static void Main(string[] args)\n        {\n            Console.WriteLine(\"Hello World!\");\n        }\n    }\n}\n",
      "language": "csharp",
      "build_target": "CSHelloWorld.sh",
      "payloads": [],
      "uploads": [],
      "timeout": 60,
      "parsers": [],
      "cleanup": [],
      "variations": [],
      "additional_info": {}
    }
  ],
  "requirements": [],
  "privilege": "",
  "repeatable": false,
  "buckets": [
    "curl"
  ],
  "additional_info": {},
  "access": {},
  "singleton": false,
  "plugin": "builder",
  "delete_payload": false,
  "id": "19a058d5-c71d-409b-a4f3-209f534c71rr"
}

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my own code

[Copilot]

Pull Request Overview

This pull request resolves issues with the Operations API Manager and Plugin Hooks by implementing conditional validation to ensure abilities that utilize the Builder Plugin are properly handled during dynamic compilation. The main problem was that the original implementation assumed all abilities use the Builder Plugin, causing AttributeError exceptions when processing abilities that don't utilize plugins.

Key changes:

• Added conditional validation before calling plugin hooks to prevent errors with non-plugin abilities
• Refactored hook calling logic into dedicated methods for better maintainability
• Updated test fixtures to use consistent parameter naming

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.

File	Description
app/service/planning_svc.py	Refactored plugin hook calling into a dedicated method with proper conditional validation
app/api/v2/managers/operation_api_manager.py	Added plugin hook calling functionality to the potential link creation process
tests/conftest.py	Updated test fixture parameter names from event_loop to loop for consistency

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[Copilot]

Pull Request Overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud