From f15011eb6c86d3f7d4bb049e375389740faf1396 Mon Sep 17 00:00:00 2001
From: yk <yukai@vista.aero>
Date: Thu, 27 May 2021 16:30:05 +0800
Subject: [PATCH] Fixed runscript bug

Due to changes made at Crowdstrike end, runscript had insufficient permissions to use Raw and HostPath arguments. This had now been rectified.
---
 helpers.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/helpers.py b/helpers.py
index e7bf291..b00abbf 100644
--- a/helpers.py
+++ b/helpers.py
@@ -7,9 +7,9 @@
 read_only = ['cat', 'cd', 'clear', 'csrutil', 'env', 'eventlog', 'filehash', 'getsid', 'history', 'ifconfig',
              'ipconfig', 'ls', 'mount', 'netstat', 'ps', 'reg query', 'users']
 active_responder = ['cp', 'encrypt', 'get', 'kill', 'map', 'memdump', 'mkdir', 'mv', 'reg set' 'reg delete', 'reg load'
-                    'reg unload', 'restart', 'rm', 'runscript', 'shutdown', 'tar', 'umount', 'unmap', 'update',
+                    'reg unload', 'restart', 'rm', 'shutdown', 'tar', 'umount', 'unmap', 'update',
                     'xmemdump', 'zip']
-rtr_admin = ['put', 'run']
+rtr_admin = ['put', 'run', 'runscript']
 
 
 def to_readable(num, suffix='B'):