From 360b438f6232633996ee06b1bd557441a0545088 Mon Sep 17 00:00:00 2001
From: Shreya Malviya <shreya.malviya@gmail.com>
Date: Thu, 14 Jul 2022 15:09:08 +0530
Subject: [PATCH] Island: Remove ConfigService (cc/services/config.py)

---
 monkey/monkey_island/cc/services/config.py | 181 ---------------------
 1 file changed, 181 deletions(-)
 delete mode 100644 monkey/monkey_island/cc/services/config.py

diff --git a/monkey/monkey_island/cc/services/config.py b/monkey/monkey_island/cc/services/config.py
deleted file mode 100644
index 240002e04..000000000
--- a/monkey/monkey_island/cc/services/config.py
+++ /dev/null
@@ -1,181 +0,0 @@
-import collections
-import functools
-import logging
-
-from common.config_value_paths import (
-    LM_HASH_LIST_PATH,
-    NTLM_HASH_LIST_PATH,
-    PASSWORD_LIST_PATH,
-    PBA_LINUX_FILENAME_PATH,
-    PBA_WINDOWS_FILENAME_PATH,
-    SSH_KEYS_PATH,
-)
-from monkey_island.cc.database import mongo
-from monkey_island.cc.server_utils.encryption import (
-    SensitiveField,
-    StringEncryptor,
-    decrypt_dict,
-    encrypt_dict,
-    get_datastore_encryptor,
-)
-
-logger = logging.getLogger(__name__)
-
-# This should be used for config values of array type (array of strings only)
-ENCRYPTED_CONFIG_VALUES = [
-    PASSWORD_LIST_PATH,
-    LM_HASH_LIST_PATH,
-    NTLM_HASH_LIST_PATH,
-    SSH_KEYS_PATH,
-]
-
-SENSITIVE_SSH_KEY_FIELDS = [
-    SensitiveField(path="private_key", field_encryptor=StringEncryptor),
-    SensitiveField(path="public_key", field_encryptor=StringEncryptor),
-]
-
-
-class ConfigService:
-    def __init__(self):
-        pass
-
-    @staticmethod
-    def get_config(should_decrypt=True, is_island=False):
-        """
-        Gets the entire global config.
-
-        :param should_decrypt: If True, all config values which are set as encrypted will be \
-         decrypted. \
-        :param is_island: If True, will include island specific configuration parameters. \
-        :return: The entire global config.
-        """
-
-        # is_initial_config and should_decrypt are only there to compare if we are on the
-        # default configuration or did user modified it already
-        config = mongo.db.config.find_one() or {}
-        config.pop("_id", None)
-        if should_decrypt and len(config) > 0:
-            ConfigService.decrypt_config(config)
-        if not is_island:
-            config.get("cnc", {}).pop("aws_config", None)
-        return config
-
-    @staticmethod
-    def get_config_value(config_key_as_arr, should_decrypt=True):
-        """
-        Get a specific config value.
-
-        :param config_key_as_arr: The config key as an array.
-         e.g. ['basic', 'credentials','exploit_password_list'].
-        :param should_decrypt: If True, the value of the config key will be decrypted
-                               (if it's in the list of encrypted config values).
-        :return: The value of the requested config key.
-        """
-        config_key = functools.reduce(lambda x, y: x + "." + y, config_key_as_arr)
-
-        # This should just call get_config from repository. If None, then call get_default prob
-        config = mongo.db.config.find_one({}, {config_key: 1})
-
-        for config_key_part in config_key_as_arr:
-            config = config[config_key_part]
-        if should_decrypt:
-            if config_key_as_arr in ENCRYPTED_CONFIG_VALUES:
-                if isinstance(config, str):
-                    config = get_datastore_encryptor().decrypt(config)
-                elif isinstance(config, list):
-                    if config:
-                        if isinstance(config[0], str):
-                            config = [get_datastore_encryptor().decrypt(x) for x in config]
-                        elif isinstance(config[0], dict) and "public_key" in config[0]:
-                            config = [decrypt_dict(SENSITIVE_SSH_KEY_FIELDS, x) for x in config]
-
-        return config
-
-    @staticmethod
-    def set_config_value(config_key_as_arr, value):
-        mongo_key = ".".join(config_key_as_arr)
-        mongo.db.config.update({}, {"$set": {mongo_key: value}})
-
-    @staticmethod
-    def _filter_none_values(data):
-        if isinstance(data, dict):
-            return {
-                k: ConfigService._filter_none_values(v)
-                for k, v in data.items()
-                if k is not None and v is not None
-            }
-        elif isinstance(data, list):
-            return [ConfigService._filter_none_values(item) for item in data if item is not None]
-        else:
-            return data
-
-    @staticmethod
-    def update_config(config_json, should_encrypt):
-        # PBA file upload happens on pba_file_upload endpoint and corresponding config options
-        # are set there
-        config_json = ConfigService._filter_none_values(config_json)
-        ConfigService.set_config_PBA_files(config_json)
-        if should_encrypt:
-            try:
-                ConfigService.encrypt_config(config_json)
-            except KeyError:
-                logger.error("Bad configuration file was submitted.")
-                return False
-        mongo.db.config.update({}, {"$set": config_json}, upsert=True)
-        logger.info("monkey config was updated")
-        return True
-
-    @staticmethod
-    def set_config_PBA_files(config_json):
-        """
-        Sets PBA file info in config_json to current config's PBA file info values.
-        :param config_json: config_json that will be modified
-        """
-        if ConfigService.get_config():
-            linux_filename = ConfigService.get_config_value(PBA_LINUX_FILENAME_PATH)
-            windows_filename = ConfigService.get_config_value(PBA_WINDOWS_FILENAME_PATH)
-
-            ConfigService.set_config_value(PBA_LINUX_FILENAME_PATH, linux_filename)
-            ConfigService.set_config_value(PBA_WINDOWS_FILENAME_PATH, windows_filename)
-
-    @staticmethod
-    def decrypt_config(config):
-        ConfigService._encrypt_or_decrypt_config(config, True)
-
-    @staticmethod
-    def encrypt_config(config):
-        ConfigService._encrypt_or_decrypt_config(config, False)
-
-    @staticmethod
-    def _encrypt_or_decrypt_config(config, is_decrypt=False):
-        for config_arr_as_array in ENCRYPTED_CONFIG_VALUES:
-            config_arr = config
-            parent_config_arr = None
-
-            # Because the config isn't flat, this for-loop gets the actual config value out of
-            # the config
-            for config_key_part in config_arr_as_array:
-                parent_config_arr = config_arr
-                config_arr = config_arr[config_key_part]
-
-            if isinstance(config_arr, collections.abc.Sequence) and not isinstance(config_arr, str):
-                for i in range(len(config_arr)):
-                    # Check if array of shh key pairs and then decrypt
-                    if isinstance(config_arr[i], dict) and "public_key" in config_arr[i]:
-                        config_arr[i] = (
-                            decrypt_dict(SENSITIVE_SSH_KEY_FIELDS, config_arr[i])
-                            if is_decrypt
-                            else encrypt_dict(SENSITIVE_SSH_KEY_FIELDS, config_arr[i])
-                        )
-                    else:
-                        config_arr[i] = (
-                            get_datastore_encryptor().decrypt(config_arr[i])
-                            if is_decrypt
-                            else get_datastore_encryptor().encrypt(config_arr[i])
-                        )
-            else:
-                parent_config_arr[config_arr_as_array[-1]] = (
-                    get_datastore_encryptor().decrypt(config_arr)
-                    if is_decrypt
-                    else get_datastore_encryptor().encrypt(config_arr)
-                )