Island: Refactor encryptors
All encryptors are moved to server_utils/encryption. They were renamed according to the class name. Everywhere that we had use the encryptors I have updated the names. Unit tests are also moved to UTs server_utils/encryption.
This commit is contained in:
parent
803d1c910f
commit
a661dc4fe6
|
@ -1,7 +1,7 @@
|
|||
from typing import List
|
||||
|
||||
from monkey_island.cc.models.utils.field_encryptors.i_field_encryptor import IFieldEncryptor
|
||||
from monkey_island.cc.server_utils.key_encryptor import get_encryptor
|
||||
from monkey_island.cc.server_utils.encryption.data_store_encryptor import get_encryptor
|
||||
|
||||
|
||||
class StringListEncryptor(IFieldEncryptor):
|
||||
|
|
|
@ -4,8 +4,10 @@ import flask_restful
|
|||
from flask import request
|
||||
|
||||
from monkey_island.cc.resources.auth.auth import jwt_required
|
||||
from monkey_island.cc.server_utils.encryption.password_based_encryption import (
|
||||
PasswordBasedEncryptor,
|
||||
)
|
||||
from monkey_island.cc.services.config import ConfigService
|
||||
from monkey_island.cc.services.utils.password_encryption import PasswordBasedEncryptor
|
||||
|
||||
|
||||
class ConfigurationExport(flask_restful.Resource):
|
||||
|
|
|
@ -8,13 +8,13 @@ from flask import request
|
|||
|
||||
from common.utils.exceptions import InvalidConfigurationError
|
||||
from monkey_island.cc.resources.auth.auth import jwt_required
|
||||
from monkey_island.cc.services.config import ConfigService
|
||||
from monkey_island.cc.services.utils.password_encryption import (
|
||||
from monkey_island.cc.server_utils.encryption.password_based_encryption import (
|
||||
InvalidCiphertextError,
|
||||
InvalidCredentialsError,
|
||||
PasswordBasedEncryptor,
|
||||
is_encrypted,
|
||||
)
|
||||
from monkey_island.cc.services.config import ConfigService
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
|
|
@ -27,8 +27,10 @@ from monkey_island.cc.server_utils.consts import ( # noqa: E402
|
|||
GEVENT_EXCEPTION_LOG,
|
||||
MONGO_CONNECTION_TIMEOUT,
|
||||
)
|
||||
from monkey_island.cc.server_utils.encryption.data_store_encryptor import ( # noqa: E402
|
||||
initialize_encryptor,
|
||||
)
|
||||
from monkey_island.cc.server_utils.island_logger import reset_logger, setup_logging # noqa: E402
|
||||
from monkey_island.cc.server_utils.key_encryptor import initialize_encryptor # noqa: E402
|
||||
from monkey_island.cc.services.initialize import initialize_services # noqa: E402
|
||||
from monkey_island.cc.services.reporting.exporter_init import populate_exporter_list # noqa: E402
|
||||
from monkey_island.cc.services.utils.network_utils import local_ip_addresses # noqa: E402
|
||||
|
|
|
@ -4,8 +4,8 @@ import os
|
|||
# is maintained.
|
||||
from Crypto import Random # noqa: DUO133 # nosec: B413
|
||||
|
||||
from monkey_island.cc.server_utils.encryption.key_based_encryptor import KeyBasedEncryptor
|
||||
from monkey_island.cc.server_utils.file_utils import open_new_securely_permissioned_file
|
||||
from monkey_island.cc.services.utils.key_encryption import KeyBasedEncryptor
|
||||
|
||||
_encryptor = None
|
||||
|
||||
|
@ -22,6 +22,8 @@ class DataStoreEncryptor:
|
|||
else:
|
||||
self._init_key(password_file)
|
||||
|
||||
self._key_base_encryptor = KeyBasedEncryptor(self._cipher_key)
|
||||
|
||||
def _init_key(self, password_file_path: str):
|
||||
self._cipher_key = Random.new().read(self._BLOCK_SIZE)
|
||||
with open_new_securely_permissioned_file(password_file_path, "wb") as f:
|
||||
|
@ -32,12 +34,10 @@ class DataStoreEncryptor:
|
|||
self._cipher_key = f.read()
|
||||
|
||||
def enc(self, message: str):
|
||||
key_encryptor = KeyBasedEncryptor(self._cipher_key)
|
||||
return key_encryptor.encrypt(message)
|
||||
return self._key_base_encryptor.encrypt(message)
|
||||
|
||||
def dec(self, enc_message: str):
|
||||
key_encryptor = KeyBasedEncryptor(self._cipher_key)
|
||||
return key_encryptor.decrypt(enc_message)
|
||||
return self._key_base_encryptor.decrypt(enc_message)
|
||||
|
||||
|
||||
def initialize_encryptor(password_file_dir):
|
|
@ -6,7 +6,7 @@ import logging
|
|||
from Crypto import Random # noqa: DUO133 # nosec: B413
|
||||
from Crypto.Cipher import AES # noqa: DUO133 # nosec: B413
|
||||
|
||||
from monkey_island.cc.services.utils.i_encryptor import IEncryptor
|
||||
from monkey_island.cc.server_utils.encryption.i_encryptor import IEncryptor
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
|
@ -4,7 +4,7 @@ import logging
|
|||
|
||||
import pyAesCrypt
|
||||
|
||||
from monkey_island.cc.services.utils.i_encryptor import IEncryptor
|
||||
from monkey_island.cc.server_utils.encryption.i_encryptor import IEncryptor
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
from monkey_island.cc.server_utils.key_encryptor import get_encryptor
|
||||
from monkey_island.cc.server_utils.encryption.data_store_encryptor import get_encryptor
|
||||
|
||||
|
||||
def parse_creds(attempt):
|
||||
|
|
|
@ -19,7 +19,7 @@ from common.config_value_paths import (
|
|||
USER_LIST_PATH,
|
||||
)
|
||||
from monkey_island.cc.database import mongo
|
||||
from monkey_island.cc.server_utils.key_encryptor import get_encryptor
|
||||
from monkey_island.cc.server_utils.encryption.data_store_encryptor import get_encryptor
|
||||
from monkey_island.cc.services.config_manipulator import update_config_per_mode
|
||||
from monkey_island.cc.services.config_schema.config_schema import SCHEMA
|
||||
from monkey_island.cc.services.mode.island_mode_service import ModeNotSetError, get_mode
|
||||
|
|
|
@ -3,7 +3,7 @@ import copy
|
|||
import dateutil
|
||||
|
||||
from monkey_island.cc.models import Monkey
|
||||
from monkey_island.cc.server_utils.key_encryptor import get_encryptor
|
||||
from monkey_island.cc.server_utils.encryption.data_store_encryptor import get_encryptor
|
||||
from monkey_island.cc.services.config import ConfigService
|
||||
from monkey_island.cc.services.edge.displayed_edge import EdgeService
|
||||
from monkey_island.cc.services.node import NodeService
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
import logging
|
||||
|
||||
from monkey_island.cc.server_utils.key_encryptor import get_encryptor
|
||||
from monkey_island.cc.server_utils.encryption.data_store_encryptor import get_encryptor
|
||||
from monkey_island.cc.services.config import ConfigService
|
||||
from monkey_island.cc.services.node import NodeService
|
||||
from monkey_island.cc.services.telemetry.processing.system_info_collectors.system_info_telemetry_dispatcher import ( # noqa: E501
|
||||
|
|
|
@ -5,7 +5,7 @@ from ScoutSuite.providers.base.authentication_strategy import AuthenticationExce
|
|||
from common.cloud.scoutsuite_consts import CloudProviders
|
||||
from common.config_value_paths import AWS_KEYS_PATH
|
||||
from common.utils.exceptions import InvalidAWSKeys
|
||||
from monkey_island.cc.server_utils.key_encryptor import get_encryptor
|
||||
from monkey_island.cc.server_utils.encryption.data_store_encryptor import get_encryptor
|
||||
from monkey_island.cc.services.config import ConfigService
|
||||
|
||||
|
||||
|
|
|
@ -5,7 +5,7 @@ import os
|
|||
|
||||
import pytest
|
||||
from tests.unit_tests.monkey_island.cc.mongomock_fixtures import * # noqa: F401,F403,E402
|
||||
from tests.unit_tests.monkey_island.cc.services.utils.test_encryption import (
|
||||
from tests.unit_tests.monkey_island.cc.server_utils.encryption.test_password_based_encryption import ( # noqa: E501
|
||||
MONKEY_CONFIGS_DIR_PATH,
|
||||
STANDARD_PLAINTEXT_MONKEY_CONFIG_FILENAME,
|
||||
)
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
import pytest
|
||||
|
||||
from monkey_island.cc.models.utils.field_encryptors.string_list_encryptor import StringListEncryptor
|
||||
from monkey_island.cc.server_utils.key_encryptor import initialize_encryptor
|
||||
from monkey_island.cc.server_utils.encryption.data_store_encryptor import initialize_encryptor
|
||||
|
||||
MOCK_STRING_LIST = ["test_1", "test_2"]
|
||||
EMPTY_LIST = []
|
||||
|
|
|
@ -1,12 +1,16 @@
|
|||
import pytest
|
||||
from tests.unit_tests.monkey_island.cc.server_utils.encryption.test_password_based_encryption import ( # noqa: E501
|
||||
PASSWORD,
|
||||
)
|
||||
from tests.unit_tests.monkey_island.cc.services.utils.ciphertexts_for_encryption_test import (
|
||||
MALFORMED_CIPHER_TEXT_CORRUPTED,
|
||||
)
|
||||
from tests.unit_tests.monkey_island.cc.services.utils.test_encryption import PASSWORD
|
||||
|
||||
from common.utils.exceptions import InvalidConfigurationError
|
||||
from monkey_island.cc.resources.configuration_import import ConfigurationImport
|
||||
from monkey_island.cc.services.utils.password_encryption import PasswordBasedEncryptor
|
||||
from monkey_island.cc.server_utils.encryption.password_based_encryption import (
|
||||
PasswordBasedEncryptor,
|
||||
)
|
||||
|
||||
|
||||
def test_is_config_encrypted__json(monkey_config_json):
|
||||
|
|
|
@ -1,6 +1,9 @@
|
|||
import os
|
||||
|
||||
from monkey_island.cc.server_utils.key_encryptor import get_encryptor, initialize_encryptor
|
||||
from monkey_island.cc.server_utils.encryption.data_store_encryptor import (
|
||||
get_encryptor,
|
||||
initialize_encryptor,
|
||||
)
|
||||
|
||||
PASSWORD_FILENAME = "mongo_key.bin"
|
||||
|
|
@ -4,7 +4,7 @@ from tests.unit_tests.monkey_island.cc.services.utils.ciphertexts_for_encryption
|
|||
VALID_CIPHER_TEXT,
|
||||
)
|
||||
|
||||
from monkey_island.cc.services.utils.password_encryption import (
|
||||
from monkey_island.cc.server_utils.encryption.password_based_encryption import (
|
||||
InvalidCredentialsError,
|
||||
PasswordBasedEncryptor,
|
||||
)
|
|
@ -5,7 +5,10 @@ import pytest
|
|||
|
||||
from common.config_value_paths import AWS_KEYS_PATH
|
||||
from monkey_island.cc.database import mongo
|
||||
from monkey_island.cc.server_utils.key_encryptor import get_encryptor, initialize_encryptor
|
||||
from monkey_island.cc.server_utils.encryption.data_store_encryptor import (
|
||||
get_encryptor,
|
||||
initialize_encryptor,
|
||||
)
|
||||
from monkey_island.cc.services.config import ConfigService
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.scoutsuite_auth_service import (
|
||||
is_aws_keys_setup,
|
||||
|
|
Loading…
Reference in New Issue