Can we download a file as in parameter

i want to use a parameter in download url and below is the script , is it possible to use parameter in the download command ?

parameter "script" = "dns.ps1"

// Disable wow64 redirection on x64 OSes
action uses wow64 redirection {not x64 of operating system}

delete "c:\temp\{parameter script}"

download “http://server:52311/Uploads/adhoc/{{parameter script}”

extract __Download “c:\temp{parameter script}”

waithidden { pathname of file ((it as string) of value “Path” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell” of native registry) } -ExecutionPolicy Bypass -File “c:\temp{parameter script}”

Not with the ‘download’ command. See https://developer.bigfix.com/action-script/reference/download/

For the ‘download’ command, relevance substitution is not performed on the URL. You may be able to use a prefetch block and add prefetch item, but you will need to supply the file name, size, url, and hashes.

but prefetch block does not allow to add anything but only blank lines and comment then how can i use parameter in prefetch block

Ah, I think I misunderstand, I thought you were using parameter queries (where the parameter is provided before the action is taken).

I don’t think I understand your use-case. What are you trying to do, and where would this solution fit?

You could use curl in actionscript to do this

wait curl -X GET “http://server:52311/Uploads/adhoc/{parameter script}” -o c:\someDirectory\somefile

Similarly you can use the ‘download now’ command to do the same; but both curl and ‘download now’ download from the client directly, skipping the Relays, and means the client needs direct access to the download server (which is not great, I advise clients should never have direct access to the root server for security reasons)

You can definitely do parameters and conditionals inside prefetch blocks. Here is an example template that we use routinely:

begin prefetch block
	parameter "theMSI" = "REPLACE"
	parameter "MSIoptions" = "" // Populate if needed
 	if {architecture of operating system = "x86_64"}
		parameter "theSha1" = "REPLACE"
		parameter "theSize" = "REPLACE"
		parameter "theUrl" = "REPLACE"
	elseif {architecture of operating system = "i386"}
		parameter "theSha1" = "REPLACE"
		parameter "theSize" = "REPLACE"
		parameter "theUrl" = "REPLACE"
	endif
	add prefetch item name={parameter "theMSI"} sha1={parameter "theSha1"} size={parameter "theSize"} url={parameter "theUrl"}
	collect prefetch items
end prefetch block

i need to develop a fixlet where it would accept the script parameter as dynamic as it would be store in the uploads directly and keep on updated by Admin ,

so idea is server/uploads/adhoc/script.ps1 - which might be updated by Admin and uploaded into the adhoc directory

in the fixlet http://server:52311/uploads/adhoc/script.ps1 as {parameter script}

after that , fixlet may run on the mutiple system to fetch the information generated by multiple system in c\temp\out.txt

i tried with all para options but i have to keep the dynamic path for the “theMSI” as script on this path is keep on changing , and tis fixlet i want to use it from client macines

begin prefetch block
        parameter "thePath" = "<<http://path of the script>>"
        parameter "theName" = "{(name of it ) of file (parameter "thePath")}"
         parameter "theSha1" = "{(sha1 of it ) of file (parameter "thePath")}"
        parameter "theSize" = "{(size of it ) of file (parameter "thePath")}"
        parameter "theUrl" = "http://server:52311/Uploads/adhoc/{{parameter "theName"}"
    add prefetch item name={parameter "theName"} sha1={parameter "theSha1"} size={parameter "theSize"} url={parameter "theUrl"}
    collect prefetch items
end prefetch block

But…you won’t know what size, sha1, or sha256 to provide until after the script is downloaded, so this won’t make sense to the client.

I think what you’re looking for is ‘add nohash prefetch item’.
I don’t know whether it allows a relevance substitution for the URL though so you may need to supply that before you send the action.

See ETA of Fixlet for CVE-2022-1096(High-Severity Zero-Day Exploit) and the Chrome Fixlet I posted at BigFix.me linked from that thread, for an example of ‘always downloaded the latest version of the thing’

Parameters 2,3 & 4 won’t give you anything useful - file{parameter "thePath"} isn’t a file

Even if it were, dynamically calculating the size & hashes is pointless. The purpose of the size and hash in the download to to enable the client to check it has the file you intended, and not some randomly updated or maliciously changed content

@mail2vij, I’m still not sure – what are you trying to make happen? The prefetch function has certain characteristics with benefits, but you seem to be trying to work around them.

It looks like they are trying to automate dynamic downloads.

The download commands (all of them) do not allow for relevance substitution.

The prefetch requires SHA1 values.

I’ve had this issue in the past several times, and the way I found as a work-around was to use the curl example as I posted above.

chrome fixlet helped as i wanted to download lastest version and having limitation to use SHA1, size parameters at run time for dynamic script

thanks @JasonWalker and all other who replied on this thread !

unable to take parameter inside prefetch block
begin prefetch block

   parameter "thename"="dns.ps1"
 
   add nohash prefetch item name={parameter "thename"} url=http://server:52311/Uploads/adhoc/dns.ps1
   
  end prefetch block

so , i used different method and it worked for me , but still curious how to use param inside prefetch block

here is the script

//download curl command to execute action
begin prefetch block
add prefetch item name=ca-bundle.crt sha1=3d068d3bf6cd6b666087b00596ed2d9b08e33a92 size=261889 url=http://server:52311/Uploads/3d068d3bf6cd6b666087b00596ed2d9b08e33a92/ca-bundle.crt
add prefetch item name=curl.exe sha1=2137003f8092244fa7b381a6e60720509cf1509e size=2070016 url=http://server:52311/Uploads/2137003f8092244fa7b381a6e60720509cf1509e/curl.exe

end prefetch block 

action parameter query "ErrorFolder" with description "Please enter the Output Folder " with default value ""
action parameter query "theURL" with description "Please enter the URL " with default value ""

if {not exists folder (parameter "ErrorFolder")} 
folder create {parameter "ErrorFolder"}
folder create {parameter "ErrorFolder"}\curl
endif

move __Download/ca-bundle.crt  {parameter "ErrorFolder"}/curl/ca-bundle.crt 
move __Download/curl.exe  {parameter "ErrorFolder"}/curl/curl.exe

delete {parameter "ErrorFolder"}\script.bat

createfile until eof1
cd {parameter "ErrorFolder"}\curl
curl -X GET {parameter "theurl"} -o {parameter "ErrorFolder"}\adhoc-script.ps1
eof1
move __createfile "{parameter "ErrorFolder"}\script.bat"
wait cmd.exe /C {parameter "ErrorFolder"}\script.bat

waithidden cmd.exe /C { pathname of file ((it as string) of value "Path" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell" of native registry) } -ExecutionPolicy Bypass -File "{parameter "ErrorFolder"}\adhoc-script.ps1" > "{parameter "ErrorFolder"}\client_result.txt" 2>&1

https://developer.bigfix.com/action-script/reference/download/add-nohash-prefetch-item.html

The ‘add nohash prefetch item’ command cannot take a relevance substitution.
This is mostly for security but also architectural reasons.

I’m not sure why you’re trying to use a parameter when you’re still just supplying a static value (maybe eventually you want this to prompt the operator for a download filename to run?) But this whole concept you’re attempting is a non-starter.

If you’re using a newer version of windows (WIN10 + >) curl is already included in the OS. Look in the system directory (win32).

i wanted to prompt user to put a script url which may change all the time with updated version of script and for this purpose i would use dynamic parameter instead of static , but as you said this would not work in prefetch block , so i wrote script to new method with help of curl and may change my script to dynamic para instead of static

thanks for your help

@menglish66 glish66

Yes you are correct , i just checked
thanks