feat: support multiple embedded plugins and update goreleaser

- add path traversal guards for safer file operations
- tighten file permission defaults on managed outputs
- migrate Goreleaser pre-hook logic from shell scripts to Go
- support multi embedded plugins

Author: h3zh1

.gitignore

@@ -3,8 +3,10 @@ bin/
 dist/
 .malice/
 go.sum
-helper/intl/professional/
-helper/intl/custom/
+helper/intl/professional/*
+!helper/intl/professional/.gitkeep
+helper/intl/custom/*
+!helper/intl/custom/.gitkeep
 *.bin
 *.so
 .gomodcache/

.goreleaser.yml

@@ -8,12 +8,7 @@ git:
 before:
   hooks:
     - go mod tidy
-    - curl -L https://github.com/EgeBalci/sgn/releases/download/v2.0.1/sgn_linux_amd64_2.0.1.zip -o sgn_linux.zip
-    - unzip -o sgn_linux.zip -d server/assets/linux
-    - curl -L https://github.com/EgeBalci/sgn/releases/download/v2.0.1/sgn_windows_amd64_2.0.1.zip -o sgn_windows.zip
-    - unzip -o sgn_windows.zip -d server/assets/windows
-    - curl -L https://github.com/chainreactors/malefic/releases/latest/download/malefic-mutant-x86_64-pc-windows-gnu.exe -o server/assets/windows/malefic-mutant.exe
-    - curl -L https://github.com/chainreactors/malefic/releases/latest/download/malefic-mutant-x86_64-unknown-linux-musl -o server/assets/linux/malefic-mutant
+    - go run scripts/pre_install.go
 
 
 builds:
@@ -46,15 +41,15 @@ builds:
     goos:
       - windows
       - linux
-#      - darwin
+      - darwin
     goarch:
       - amd64
       - arm64
     ldflags: |
-      -s -w 
-      -X github.com/chainreactors/malice-network/helper/consts.Ver={{.Env.VERSION}} 
-      -X github.com/chainreactors/malice-network/helper/consts.Commit={{.Env.COMMIT}} 
-      -X github.com/chainreactors/malice-network/helper/consts.Buildstamp={{.Timestamp}}"
+      -s -w
+      -X github.com/chainreactors/malice-network/helper/consts.Ver={{.Env.VERSION}}
+      -X github.com/chainreactors/malice-network/helper/consts.Commit={{.Env.COMMIT}}
+      -X github.com/chainreactors/malice-network/helper/consts.Buildstamp={{.Timestamp}}
     asmflags:
       - all=-trimpath={{.Env.GOPATH}}
     gcflags:
@@ -73,7 +68,7 @@ upx:
 archives:
   -
     name_template: "{{ .Binary }}"
-    format: binary
+    formats: [binary]
 
 checksum:
   name_template: "{{ .ProjectName }}_checksums.txt"
@@ -90,4 +85,3 @@ release:
     owner: chainreactors
     name: malice-network
   draft: true
-

.professional.yml

@@ -8,12 +8,7 @@ git:
 before:
   hooks:
     - go mod tidy
-    - curl -L https://github.com/EgeBalci/sgn/releases/download/v2.0.1/sgn_linux_amd64_2.0.1.zip -o sgn_linux.zip
-    - unzip -o sgn_linux.zip -d server/assets/linux
-    - curl -L https://github.com/EgeBalci/sgn/releases/download/v2.0.1/sgn_windows_amd64_2.0.1.zip -o sgn_windows.zip
-    - unzip -o sgn_windows.zip -d server/assets/windows
-    - cp helper/consts/professional/malefic-mutant server/assets/linux/
-    - cp helper/consts/professional/malefic-mutant.exe server/assets/windows/
+    - go run scripts/pre_install.go --professional
 
 builds:
   -
@@ -54,10 +49,10 @@ builds:
       - amd64
       - arm64
     ldflags: |
-      -s -w 
-      -X github.com/chainreactors/malice-network/helper/consts.Ver={{.Env.VERSION}} 
-      -X github.com/chainreactors/malice-network/helper/consts.Commit={{.Env.COMMIT}}.{{.Env.LICENSE_ID}} 
-      -X github.com/chainreactors/malice-network/helper/consts.Buildstamp={{.Timestamp}}"
+      -s -w
+      -X github.com/chainreactors/malice-network/helper/consts.Ver={{.Env.VERSION}}
+      -X github.com/chainreactors/malice-network/helper/consts.Commit={{.Env.COMMIT}}.{{.Env.LICENSE_ID}}
+      -X github.com/chainreactors/malice-network/helper/consts.Buildstamp={{.Timestamp}}
     asmflags:
       - all=-trimpath={{.Env.GOPATH}}
     gcflags:
@@ -76,7 +71,7 @@ upx:
 archives:
   -
     name_template: "{{ .Binary }}"
-    format: binary
+    formats: [binary]
 
 checksum:
   name_template: "{{ .ProjectName }}_checksums.txt"
@@ -93,4 +88,3 @@ release:
     owner: chainreactors
     name: malice-network
   draft: true
-

client/assets/asset.go

@@ -35,7 +35,7 @@ func GetConfigDir() string {
 	if _, err := os.Stat(dir); os.IsNotExist(err) {
 		err = os.MkdirAll(dir, 0700)
 		if err != nil {
-			logs.Log.Errorf(err.Error())
+			logs.Log.Errorf("%v", err)
 		}
 	}
 	return dir

client/client.go

@@ -8,7 +8,7 @@ import (
 func main() {
 	err := cli.Start()
 	if err != nil {
-		logs.Log.Errorf(err.Error())
+		logs.Log.Errorf("%v", err)
 		return
 	}
 }

client/command/implant.go

@@ -111,9 +111,9 @@ func makeRunners(implantCmd *cobra.Command, con *core.Console) (pre, post func(c
 		}
 
 		var session *client.Session
-		var ok bool
-
-		if session, ok = con.GetLocalSession(sid); !ok {
+		var err error
+		session, err = con.GetOrUpdateSession(sid)
+		if err != nil || session == nil {
 			if con.ActiveTarget != nil && con.ActiveTarget.Get() != nil && con.ActiveTarget.Get().SessionId == sid {
 				session = con.ActiveTarget.Get()
 			} else {
@@ -287,8 +287,19 @@ func BindImplantCommands(con *core.Console) console.Commands {
 
 		// 注册嵌入式插件命令
 		embeddedBind := MakeBind(implant, con, "mal")
-		for _, plug := range con.MalManager.GetAllEmbeddedPlugins() {
-			embeddedBind(plug.Name, BindCommand(plug.Commands().Commands()))
+		customCommands := con.MalManager.GetEmbeddedCommandsByLevel(plugin.CustomLevel)
+		if len(customCommands) > 0 {
+			embeddedBind(plugin.CustomLevel.String(), BindCommand(customCommands))
+		}
+
+		communityCommands := con.MalManager.GetEmbeddedCommandsByLevel(plugin.CommunityLevel)
+		if len(communityCommands) > 0 {
+			embeddedBind(plugin.CommunityLevel.String(), BindCommand(communityCommands))
+		}
+
+		professionalCommands := con.MalManager.GetEmbeddedCommandsByLevel(plugin.ProfessionalLevel)
+		if len(professionalCommands) > 0 {
+			embeddedBind(plugin.ProfessionalLevel.String(), BindCommand(professionalCommands))
 		}
 
 		// 注册外部插件命令

client/plugin/embed.go

@@ -25,6 +25,8 @@ func (l MalLevel) String() string {
 		return "community"
 	case ProfessionalLevel:
 		return "professional"
+	case CustomLevel:
+		return "custom"
 	default:
 		return "unknown"
 	}
@@ -37,7 +39,7 @@ const (
 )
 
 var (
-	levelOrder = []MalLevel{CommunityLevel, ProfessionalLevel, CustomLevel}
+	levelOrder = []MalLevel{CustomLevel, ProfessionalLevel, CommunityLevel}
 )
 
 // EmbedPlugin 嵌入式Lua插件，直接实现Plugin接口
@@ -51,9 +53,10 @@ type EmbedPlugin struct {
 
 // NewEmbedPlugin 创建嵌入式插件
 func NewEmbedPlugin(malPath, malName string, level MalLevel) (*EmbedPlugin, error) {
+	pluginFS := intl.UnifiedFS
 	// 读取manifest文件
 	manifestPath := malPath + "/mal.yaml"
-	manifestData, err := intl.UnifiedFS.ReadFile(manifestPath)
+	manifestData, err := pluginFS.ReadFile(manifestPath)
 	if err != nil {
 		return nil, fmt.Errorf("failed to read manifest: %w", err)
 	}
@@ -71,7 +74,7 @@ func NewEmbedPlugin(malPath, malName string, level MalLevel) (*EmbedPlugin, erro
 	var content []byte
 	if manifest.EntryFile != "" {
 		entryPath := malPath + "/" + manifest.EntryFile
-		content, err = intl.UnifiedFS.ReadFile(entryPath)
+		content, err = pluginFS.ReadFile(entryPath)
 		if err != nil {
 			return nil, fmt.Errorf("failed to read entry file %s: %w", manifest.EntryFile, err)
 		}
@@ -96,7 +99,7 @@ func NewEmbedPlugin(malPath, malName string, level MalLevel) (*EmbedPlugin, erro
 	embedPlugin := &EmbedPlugin{
 		LuaPlugin: luaPlugin,
 		Level:     level,
-		FS:        intl.UnifiedFS,
+		FS:        pluginFS,
 		RootPath:  malPath,
 	}
 
@@ -168,13 +171,11 @@ func (plug *EmbedPlugin) registerEmbedResourceFunctions() {
 	plug.registerFunction("global_resource", func(filename string) (string, error) {
 		// 从全局管理器查找
 		if globalManager := GetGlobalMalManager(); globalManager != nil {
-			reverseLevelOrder := []string{"custom", "professional", "community"}
-
-			for _, levelName := range reverseLevelOrder {
-				if plugin, exists := globalManager.GetEmbedPlugin(levelName); exists {
+			for _, level := range []MalLevel{CustomLevel, ProfessionalLevel, CommunityLevel} {
+				for _, levelPlugin := range globalManager.GetEmbeddedPluginsByLevel(level) {
 					resourcePath := "resources/" + filename
-					if _, fileExists := plugin.GetFileContent(resourcePath); fileExists {
-						return fmt.Sprintf("embed://%s/%s", levelName, resourcePath), nil
+					if _, fileExists := levelPlugin.GetFileContent(resourcePath); fileExists {
+						return fmt.Sprintf("embed://%s/%s", levelPlugin.Name, resourcePath), nil
 					}
 				}
 			}
@@ -203,13 +204,11 @@ func (plug *EmbedPlugin) registerEmbedResourceFunctions() {
 		filename := fmt.Sprintf("%s.%s.%s", base, sess.Os.Arch, ext)
 
 		if globalManager := GetGlobalMalManager(); globalManager != nil {
-			reverseLevelOrder := []string{"custom", "professional", "community"}
-
-			for _, levelName := range reverseLevelOrder {
-				if plugin, exists := globalManager.GetEmbedPlugin(levelName); exists {
+			for _, level := range []MalLevel{CustomLevel, ProfessionalLevel, CommunityLevel} {
+				for _, levelPlugin := range globalManager.GetEmbeddedPluginsByLevel(level) {
 					resourcePath := "resources/" + filename
-					if _, fileExists := plugin.GetFileContent(resourcePath); fileExists {
-						return fmt.Sprintf("embed://%s/%s", levelName, resourcePath), nil
+					if _, fileExists := levelPlugin.GetFileContent(resourcePath); fileExists {
+						return fmt.Sprintf("embed://%s/%s", levelPlugin.Name, resourcePath), nil
 					}
 				}
 			}
@@ -241,13 +240,10 @@ func (plug *EmbedPlugin) registerEmbedResourceFunctions() {
 	plug.registerFunction("read_global_resource", func(filename string) (string, error) {
 		// 从plugin包获取全局嵌入式mal管理器
 		if globalManager := GetGlobalMalManager(); globalManager != nil {
-			// 按优先级顺序查找：custom -> professional -> community
-			reverseLevelOrder := []string{"custom", "professional", "community"}
-
-			for _, levelName := range reverseLevelOrder {
-				if plugin, exists := globalManager.GetEmbedPlugin(levelName); exists {
+			for _, level := range []MalLevel{CustomLevel, ProfessionalLevel, CommunityLevel} {
+				for _, levelPlugin := range globalManager.GetEmbeddedPluginsByLevel(level) {
 					resourcePath := "resources/" + filename
-					if content, fileExists := plugin.GetFileContent(resourcePath); fileExists {
+					if content, fileExists := levelPlugin.GetFileContent(resourcePath); fileExists {
 						return string(content), nil
 					}
 				}