Skip to content

[backend] feat(executors): adapt Tanium and improve all executors - chunk 2 (#3515) #4491

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
damgouj wants to merge 15 commits into
base: release/current
Choose a base branch
from
Open

[backend] feat(executors): adapt Tanium and improve all executors - chunk 2 (#3515) #4491

damgouj wants to merge 15 commits into from

Conversation

@damgouj
Copy link
Member

@damgouj damgouj commented Dec 3, 2025

Proposed changes

  • Adapt Tanium code as the other executors
  • Improve executors code with tests and for better performance

Testing Instructions

  1. Tanium: nothing has changed, just try to enable Tanium and see if the endpoints are registered, if you can launch an attack and if the garbage collector works well
  2. Crowdstrike: same
  3. SentinelOne: same
  4. Review doc here please: Add documentation on SentinelOne executor docs#231

Related issues

Checklist

  • I consider the submitted work as finished
  • I tested the code for its functionality
  • I wrote test cases for the relevant uses case
  • I added/update the relevant documentation (either on github or on notion)
  • Where necessary I refactored code to improve the overall quality
  • For bug fix -> I implemented a test that covers the bug

@damgouj damgouj self-assigned this Dec 3, 2025
@damgouj damgouj added the filigran team use to identify PR from the Filigran team label Dec 3, 2025
This was linked to issues Dec 3, 2025
[EE] Executor SentinelOne #3515
Open
Adapt Tanium executor like Crowdstrike #3127
Open
@codecov
Copy link

codecov bot commented Dec 3, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 58.22368% with 127 lines in your changes missing coverage. Please review.
✅ Project coverage is 50.84%. Comparing base (04e2e56) to head (87d6eba).

Files with missing lines Patch % Lines
.../executors/tanium/client/TaniumExecutorClient.java 0.00% 50 Missing ⚠️
...s/tanium/service/TaniumExecutorContextService.java 75.00% 15 Missing and 1 partial ⚠️
...ke/service/CrowdStrikeGarbageCollectorService.java 62.96% 7 Missing and 3 partials ⚠️
...ne/service/SentinelOneGarbageCollectorService.java 61.53% 7 Missing and 3 partials ⚠️
...io/openaev/execution/ExecutionExecutorService.java 52.63% 8 Missing and 1 partial ⚠️
.../tanium/service/TaniumGarbageCollectorService.java 65.38% 7 Missing and 2 partials ⚠️
.../crowdstrike/client/CrowdStrikeExecutorClient.java 0.00% 5 Missing ⚠️
...openaev/executors/exception/ExecutorException.java 0.00% 4 Missing ⚠️
...xecutors/tanium/service/TaniumExecutorService.java 88.88% 1 Missing and 2 partials ⚠️
...utors/crowdstrike/CrowdStrikeGarbageCollector.java 0.00% 2 Missing ⚠️
... and 6 more
Additional details and impacted files 
@@                  Coverage Diff                  @@
##             release/current    #4491      +/-   ##
=====================================================
+ Coverage              50.39%   50.84%   +0.45%     
- Complexity              3721     3752      +31     
=====================================================
  Files                    912      913       +1     
  Lines                  27301    27371      +70     
  Branches                2046     2057      +11     
=====================================================
+ Hits                   13758    13917     +159     
+ Misses                 12707    12606     -101     
- Partials                 836      848      +12

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@damgouj damgouj marked this pull request as ready for review December 3, 2025 16:27
Dimfacion
Dimfacion requested changes Dec 4, 2025
View reviewed changes
...rc/main/java/io/openaev/executors/crowdstrike/service/CrowdStrikeExecutorContextService.java Outdated
+ UUID.randomUUID()
+ "\";md $location -ea 0;[Environment]::CurrentDirectory";
Endpoint.PLATFORM_TYPE platform = Endpoint.PLATFORM_TYPE.Windows;
Endpoint.PLATFORM_TYPE platform = Windows;
Copy link
Member

@Dimfacion Dimfacion Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nitpick : Happy to discuss about it as it's clearly a nitpicky nitpick but I feel it's easier to read when you write PLATFORM_TYPE.Windows. It makes it clearer that it's an enum.

openaev-api/src/main/java/io/openaev/executors/sentinelone/SentinelOneGarbageCollector.java Outdated
this.taskScheduler.scheduleAtFixedRate(service, Duration.ofHours(6));
new SentinelOneGarbageCollectorService(
this.config, this.sentinelOneExecutorContextService, this.agentService);
this.taskScheduler.scheduleAtFixedRate(service, Duration.ofHours(8));
Copy link
Member

@Dimfacion Dimfacion Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggestion : Maybe we should make the rate configurable in the properties

openaev-api/src/main/java/io/openaev/executors/tanium/TaniumGarbageCollector.java Outdated
this.taskScheduler.scheduleAtFixedRate(service, Duration.ofHours(6));
new TaniumGarbageCollectorService(
this.config, this.taniumExecutorContextService, this.agentService);
this.taskScheduler.scheduleAtFixedRate(service, Duration.ofHours(8));
Copy link
Member

@Dimfacion Dimfacion Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggestion : Maybe we should make the rate configurable in the properties

openaev-api/src/main/java/io/openaev/executors/crowdstrike/CrowdStrikeGarbageCollector.java Outdated
this.taskScheduler.scheduleAtFixedRate(service, Duration.ofHours(6));
new CrowdStrikeGarbageCollectorService(
this.config, this.crowdStrikeExecutorContextService, this.agentService);
this.taskScheduler.scheduleAtFixedRate(service, Duration.ofHours(8));
Copy link
Member

@Dimfacion Dimfacion Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggestion : Maybe we should make the rate configurable in the properties

openaev-api/src/main/java/io/openaev/executors/tanium/client/TaniumExecutorClient.java Outdated
}
}
}
""",
Copy link
Member

@Dimfacion Dimfacion Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nitpick : Maybe this should be a final class member

openaev-api/src/main/java/io/openaev/executors/tanium/client/TaniumExecutorClient.java Outdated
try {
String query =
String.format(
"""
Copy link
Member

@Dimfacion Dimfacion Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggestion : Maybe use a final class member

openaev-api/src/main/java/io/openaev/executors/tanium/service/TaniumExecutorContextService.java Outdated

if (!this.taniumExecutorConfig.isEnable()) {
throw new AgentException("Fatal error: Tanium executor is not enabled", agent);
throw new RuntimeException("Fatal error: Tanium executor is not enabled");
Copy link
Member

@Dimfacion Dimfacion Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

chore : We should move away from using generic RuntimeException and create more specific exceptions. Maybe an ExecutorException ?

...i/src/test/java/io/openaev/executors/crowdstrike/service/CrowdstrikeExecutorServiceTest.java
crowdStrikeExecutorContextService.launchBatchExecutorSubprocess(
inject, new HashSet<>(agents), injectStatus);
// Executor scheduled so we have to wait before the execution
Thread.sleep(1000);
Copy link
Member

@Dimfacion Dimfacion Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggestion : Maybe a lib like Awaitibility would be better ? With Thread.sleep, you're blocking the whole thread for no real reasons

...i/src/test/java/io/openaev/executors/sentinelone/service/SentinelOneExecutorServiceTest.java
sentinelOneExecutorContextService.launchBatchExecutorSubprocess(
inject, new HashSet<>(agents), injectStatus);
// Executor scheduled so we have to wait before the execution
Thread.sleep(1000);
Copy link
Member

@Dimfacion Dimfacion Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggestion : Maybe a lib like Awaitibility would be better ? With Thread.sleep, you're blocking the whole thread for no real reasons

openaev-api/src/test/java/io/openaev/executors/tanium/service/TaniumExecutorServiceTest.java
taniumExecutorContextService.launchBatchExecutorSubprocess(
inject, new HashSet<>(agents), injectStatus);
// Executor scheduled so we have to wait before the execution
Thread.sleep(1000);
Copy link
Member

@Dimfacion Dimfacion Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggestion : Maybe a lib like Awaitibility would be better ? With Thread.sleep, you're blocking the whole thread for no real reasons

@damgouj damgouj requested a review from Dimfacion December 5, 2025 14:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Dimfacion Dimfacion Awaiting requested review from Dimfacion

Requested changes must be addressed to merge this pull request.

Assignees

@damgouj damgouj

Labels

filigran team use to identify PR from the Filigran team

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[EE] Executor SentinelOne Adapt Tanium executor like Crowdstrike

3 participants

@damgouj @Dimfacion