Agent: Change logic for generating random password

This commit is contained in:
Shreya Malviya 2021-10-26 19:24:50 +05:30
parent b8ed464909
commit 820d47c9cc
3 changed files with 14 additions and 7 deletions

View File

@ -41,7 +41,7 @@ class CommunicateAsBackdoorUser(PBA):
def run(self): def run(self):
username = CommunicateAsBackdoorUser.get_random_new_user_name() username = CommunicateAsBackdoorUser.get_random_new_user_name()
try: try:
password = get_random_password() password = get_random_password(14)
with create_auto_new_user(username, password) as new_user: with create_auto_new_user(username, password) as new_user:
http_request_commandline = ( http_request_commandline = (
CommunicateAsBackdoorUser.get_commandline_for_http_request( CommunicateAsBackdoorUser.get_commandline_for_http_request(

View File

@ -1,8 +1,10 @@
import secrets import secrets
import string
SECRET_BYTE_LENGTH = 32 SECRET_LENGTH = 32
def get_random_password(length: int = SECRET_BYTE_LENGTH) -> str: def get_random_password(length: int = SECRET_LENGTH) -> str:
password = secrets.token_urlsafe(length) alphabet = string.ascii_letters + string.digits + string.punctuation
password = "".join(secrets.choice(alphabet) for i in range(length))
return password return password

View File

@ -2,12 +2,17 @@ from infection_monkey.utils.random_password_generator import get_random_password
def test_get_random_password__length(): def test_get_random_password__length():
password_byte_length = len(get_random_password().encode()) password_length = len(get_random_password())
# 32 is the recommended secure byte length for secrets # 32 is the recommended secure byte length for secrets
assert password_byte_length >= 32 assert password_length == 32
def test_get_random_password__custom_length():
password_length = len(get_random_password(14))
assert password_length == 14
def test_get_random_password__randomness(): def test_get_random_password__randomness():
random_password1 = get_random_password() random_password1 = get_random_password()
random_password2 = get_random_password() random_password2 = get_random_password()
assert not random_password1 == random_password2 assert random_password1 != random_password2