From 8d5c90faa46d5c698ee4f5c1f7cc0be90beba22f Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Mon, 29 Jul 2019 09:18:45 +0300 Subject: [PATCH] Filtering sensitive info when logging running config --- monkey/infection_monkey/config.py | 6 ++++++ monkey/infection_monkey/control.py | 3 ++- monkey/infection_monkey/main.py | 2 +- 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/monkey/infection_monkey/config.py b/monkey/infection_monkey/config.py index f7e4cfae4..72fc8adf6 100644 --- a/monkey/infection_monkey/config.py +++ b/monkey/infection_monkey/config.py @@ -53,6 +53,12 @@ class Configuration(object): result = self.from_kv(formatted_data) return result + @staticmethod + def filter_sensitive_info(config_dict): + config_dict["exploit_password_list"] = ["~REDACTED~"] + config_dict["exploit_user_list"] = ["~REDACTED~"] + return config_dict + def as_dict(self): result = {} for key in dir(Configuration): diff --git a/monkey/infection_monkey/control.py b/monkey/infection_monkey/control.py index f34784041..874616f00 100644 --- a/monkey/infection_monkey/control.py +++ b/monkey/infection_monkey/control.py @@ -168,7 +168,8 @@ class ControlClient(object): try: unknown_variables = WormConfiguration.from_kv(reply.json().get('config')) - LOG.info("New configuration was loaded from server: %r" % (WormConfiguration.as_dict(),)) + LOG.info("New configuration was loaded from server: %r" % + (WormConfiguration.filter_sensitive_info(WormConfiguration.as_dict()),)) except Exception as exc: # we don't continue with default conf here because it might be dangerous LOG.error("Error parsing JSON reply from control server %s (%s): %s", diff --git a/monkey/infection_monkey/main.py b/monkey/infection_monkey/main.py index b8e292243..c880dc7f0 100644 --- a/monkey/infection_monkey/main.py +++ b/monkey/infection_monkey/main.py @@ -68,7 +68,7 @@ def main(): else: print("Config file wasn't supplied and default path: %s wasn't found, using internal default" % (config_file,)) - print("Loaded Configuration: %r" % WormConfiguration.as_dict()) + print("Loaded Configuration: %r" % WormConfiguration.filter_sensitive_info(WormConfiguration.as_dict())) # Make sure we're not in a machine that has the kill file kill_path = os.path.expandvars(