Agent: Remove ransomware cleanup function
This commit is contained in:
Ilija Lazoroski
Mike Salvatore
parent
8423a064bb
commit
20890e51ec
|
|
@ -30,7 +30,6 @@ class RansomwarePayload:
|
|||
self._readme_file_path = (
|
||||
self._target_directory / README_FILE_NAME if self._target_directory else None
|
||||
)
|
||||
self._readme_incomplete = False
|
||||
|
||||
def run_payload(self):
|
||||
if not self._target_directory:
|
||||
|
|
@ -67,26 +66,6 @@ class RansomwarePayload:
|
|||
|
||||
def _leave_readme_in_target_directory(self):
|
||||
try:
|
||||
self._readme_incomplete = True
|
||||
self._leave_readme(README_SRC, self._readme_file_path)
|
||||
self._readme_incomplete = False
|
||||
except Exception as ex:
|
||||
logger.warning(f"An error occurred while attempting to leave a README.txt file: {ex}")
|
||||
|
||||
def cleanup(self):
|
||||
# This cleanup function is only concerned with cleaning up and replacing *incomplete*
|
||||
# README.txt files; its goal is not to ensure the existence of a README file. Therefore,
|
||||
# only retry if a README.txt file actually exists.
|
||||
if self._readme_incomplete and self._readme_file_path.exists():
|
||||
logger.info(
|
||||
"The process of leaving a README.txt was interrupted. Removing the corrupt file "
|
||||
"and trying again."
|
||||
)
|
||||
try:
|
||||
self._readme_file_path.unlink()
|
||||
self._leave_readme_in_target_directory()
|
||||
except Exception as ex:
|
||||
logger.error(
|
||||
"An error occurred while trying to remove the corrupt or incomplete README.txt "
|
||||
f"file: {ex}"
|
||||
)
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
from pathlib import Path, PurePosixPath
|
||||
from pathlib import PurePosixPath
|
||||
from unittest.mock import MagicMock
|
||||
|
||||
import pytest
|
||||
|
|
@ -184,28 +184,3 @@ def test_leave_readme_exceptions_handled(build_ransomware_payload, ransomware_pa
|
|||
|
||||
# Test will fail if exception is raised and not handled
|
||||
ransomware_payload.run_payload()
|
||||
ransomware_payload.cleanup()
|
||||
|
||||
|
||||
def test_cleanup_incomplete_readme(build_ransomware_payload, ransomware_payload_config):
|
||||
def leave_readme(_: Path, dest: Path):
|
||||
if leave_readme.i == 0:
|
||||
dest.touch()
|
||||
|
||||
leave_readme.i += 1
|
||||
|
||||
raise Exception("Test exception when leaving README")
|
||||
|
||||
leave_readme.i = 0
|
||||
|
||||
ransomware_payload_config.readme_enabled = True
|
||||
ransomware_payload = build_ransomware_payload(
|
||||
config=ransomware_payload_config, leave_readme=leave_readme
|
||||
)
|
||||
|
||||
ransomware_payload.run_payload()
|
||||
assert (ransomware_payload_config.target_directory / README_FILE_NAME).exists()
|
||||
|
||||
ransomware_payload.cleanup()
|
||||
assert not (ransomware_payload_config.target_directory / README_FILE_NAME).exists()
|
||||
assert leave_readme.i == 2
|
||||
|
|
|
|||
Loading…
Reference in New Issue