Island: Refactor encryptors

All encryptors are moved to server_utils/encryption.
They were renamed according to the class name.
Everywhere that we had use the encryptors I have updated the names.
Unit tests are also moved to UTs server_utils/encryption.
This commit is contained in:
Ilija Lazoroski 2021-09-22 22:48:13 +02:00
parent 803d1c910f
commit a661dc4fe6
20 changed files with 38 additions and 24 deletions

View File

@ -1,7 +1,7 @@
from typing import List from typing import List
from monkey_island.cc.models.utils.field_encryptors.i_field_encryptor import IFieldEncryptor from monkey_island.cc.models.utils.field_encryptors.i_field_encryptor import IFieldEncryptor
from monkey_island.cc.server_utils.key_encryptor import get_encryptor from monkey_island.cc.server_utils.encryption.data_store_encryptor import get_encryptor
class StringListEncryptor(IFieldEncryptor): class StringListEncryptor(IFieldEncryptor):

View File

@ -4,8 +4,10 @@ import flask_restful
from flask import request from flask import request
from monkey_island.cc.resources.auth.auth import jwt_required from monkey_island.cc.resources.auth.auth import jwt_required
from monkey_island.cc.server_utils.encryption.password_based_encryption import (
PasswordBasedEncryptor,
)
from monkey_island.cc.services.config import ConfigService from monkey_island.cc.services.config import ConfigService
from monkey_island.cc.services.utils.password_encryption import PasswordBasedEncryptor
class ConfigurationExport(flask_restful.Resource): class ConfigurationExport(flask_restful.Resource):

View File

@ -8,13 +8,13 @@ from flask import request
from common.utils.exceptions import InvalidConfigurationError from common.utils.exceptions import InvalidConfigurationError
from monkey_island.cc.resources.auth.auth import jwt_required from monkey_island.cc.resources.auth.auth import jwt_required
from monkey_island.cc.services.config import ConfigService from monkey_island.cc.server_utils.encryption.password_based_encryption import (
from monkey_island.cc.services.utils.password_encryption import (
InvalidCiphertextError, InvalidCiphertextError,
InvalidCredentialsError, InvalidCredentialsError,
PasswordBasedEncryptor, PasswordBasedEncryptor,
is_encrypted, is_encrypted,
) )
from monkey_island.cc.services.config import ConfigService
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)

View File

@ -27,8 +27,10 @@ from monkey_island.cc.server_utils.consts import ( # noqa: E402
GEVENT_EXCEPTION_LOG, GEVENT_EXCEPTION_LOG,
MONGO_CONNECTION_TIMEOUT, MONGO_CONNECTION_TIMEOUT,
) )
from monkey_island.cc.server_utils.encryption.data_store_encryptor import ( # noqa: E402
initialize_encryptor,
)
from monkey_island.cc.server_utils.island_logger import reset_logger, setup_logging # noqa: E402 from monkey_island.cc.server_utils.island_logger import reset_logger, setup_logging # noqa: E402
from monkey_island.cc.server_utils.key_encryptor import initialize_encryptor # noqa: E402
from monkey_island.cc.services.initialize import initialize_services # noqa: E402 from monkey_island.cc.services.initialize import initialize_services # noqa: E402
from monkey_island.cc.services.reporting.exporter_init import populate_exporter_list # noqa: E402 from monkey_island.cc.services.reporting.exporter_init import populate_exporter_list # noqa: E402
from monkey_island.cc.services.utils.network_utils import local_ip_addresses # noqa: E402 from monkey_island.cc.services.utils.network_utils import local_ip_addresses # noqa: E402

View File

@ -4,8 +4,8 @@ import os
# is maintained. # is maintained.
from Crypto import Random # noqa: DUO133 # nosec: B413 from Crypto import Random # noqa: DUO133 # nosec: B413
from monkey_island.cc.server_utils.encryption.key_based_encryptor import KeyBasedEncryptor
from monkey_island.cc.server_utils.file_utils import open_new_securely_permissioned_file from monkey_island.cc.server_utils.file_utils import open_new_securely_permissioned_file
from monkey_island.cc.services.utils.key_encryption import KeyBasedEncryptor
_encryptor = None _encryptor = None
@ -22,6 +22,8 @@ class DataStoreEncryptor:
else: else:
self._init_key(password_file) self._init_key(password_file)
self._key_base_encryptor = KeyBasedEncryptor(self._cipher_key)
def _init_key(self, password_file_path: str): def _init_key(self, password_file_path: str):
self._cipher_key = Random.new().read(self._BLOCK_SIZE) self._cipher_key = Random.new().read(self._BLOCK_SIZE)
with open_new_securely_permissioned_file(password_file_path, "wb") as f: with open_new_securely_permissioned_file(password_file_path, "wb") as f:
@ -32,12 +34,10 @@ class DataStoreEncryptor:
self._cipher_key = f.read() self._cipher_key = f.read()
def enc(self, message: str): def enc(self, message: str):
key_encryptor = KeyBasedEncryptor(self._cipher_key) return self._key_base_encryptor.encrypt(message)
return key_encryptor.encrypt(message)
def dec(self, enc_message: str): def dec(self, enc_message: str):
key_encryptor = KeyBasedEncryptor(self._cipher_key) return self._key_base_encryptor.decrypt(enc_message)
return key_encryptor.decrypt(enc_message)
def initialize_encryptor(password_file_dir): def initialize_encryptor(password_file_dir):

View File

@ -6,7 +6,7 @@ import logging
from Crypto import Random # noqa: DUO133 # nosec: B413 from Crypto import Random # noqa: DUO133 # nosec: B413
from Crypto.Cipher import AES # noqa: DUO133 # nosec: B413 from Crypto.Cipher import AES # noqa: DUO133 # nosec: B413
from monkey_island.cc.services.utils.i_encryptor import IEncryptor from monkey_island.cc.server_utils.encryption.i_encryptor import IEncryptor
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)

View File

@ -4,7 +4,7 @@ import logging
import pyAesCrypt import pyAesCrypt
from monkey_island.cc.services.utils.i_encryptor import IEncryptor from monkey_island.cc.server_utils.encryption.i_encryptor import IEncryptor
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)

View File

@ -1,4 +1,4 @@
from monkey_island.cc.server_utils.key_encryptor import get_encryptor from monkey_island.cc.server_utils.encryption.data_store_encryptor import get_encryptor
def parse_creds(attempt): def parse_creds(attempt):

View File

@ -19,7 +19,7 @@ from common.config_value_paths import (
USER_LIST_PATH, USER_LIST_PATH,
) )
from monkey_island.cc.database import mongo from monkey_island.cc.database import mongo
from monkey_island.cc.server_utils.key_encryptor import get_encryptor from monkey_island.cc.server_utils.encryption.data_store_encryptor import get_encryptor
from monkey_island.cc.services.config_manipulator import update_config_per_mode from monkey_island.cc.services.config_manipulator import update_config_per_mode
from monkey_island.cc.services.config_schema.config_schema import SCHEMA from monkey_island.cc.services.config_schema.config_schema import SCHEMA
from monkey_island.cc.services.mode.island_mode_service import ModeNotSetError, get_mode from monkey_island.cc.services.mode.island_mode_service import ModeNotSetError, get_mode

View File

@ -3,7 +3,7 @@ import copy
import dateutil import dateutil
from monkey_island.cc.models import Monkey from monkey_island.cc.models import Monkey
from monkey_island.cc.server_utils.key_encryptor import get_encryptor from monkey_island.cc.server_utils.encryption.data_store_encryptor import get_encryptor
from monkey_island.cc.services.config import ConfigService from monkey_island.cc.services.config import ConfigService
from monkey_island.cc.services.edge.displayed_edge import EdgeService from monkey_island.cc.services.edge.displayed_edge import EdgeService
from monkey_island.cc.services.node import NodeService from monkey_island.cc.services.node import NodeService

View File

@ -1,6 +1,6 @@
import logging import logging
from monkey_island.cc.server_utils.key_encryptor import get_encryptor from monkey_island.cc.server_utils.encryption.data_store_encryptor import get_encryptor
from monkey_island.cc.services.config import ConfigService from monkey_island.cc.services.config import ConfigService
from monkey_island.cc.services.node import NodeService from monkey_island.cc.services.node import NodeService
from monkey_island.cc.services.telemetry.processing.system_info_collectors.system_info_telemetry_dispatcher import ( # noqa: E501 from monkey_island.cc.services.telemetry.processing.system_info_collectors.system_info_telemetry_dispatcher import ( # noqa: E501

View File

@ -5,7 +5,7 @@ from ScoutSuite.providers.base.authentication_strategy import AuthenticationExce
from common.cloud.scoutsuite_consts import CloudProviders from common.cloud.scoutsuite_consts import CloudProviders
from common.config_value_paths import AWS_KEYS_PATH from common.config_value_paths import AWS_KEYS_PATH
from common.utils.exceptions import InvalidAWSKeys from common.utils.exceptions import InvalidAWSKeys
from monkey_island.cc.server_utils.key_encryptor import get_encryptor from monkey_island.cc.server_utils.encryption.data_store_encryptor import get_encryptor
from monkey_island.cc.services.config import ConfigService from monkey_island.cc.services.config import ConfigService

View File

@ -5,7 +5,7 @@ import os
import pytest import pytest
from tests.unit_tests.monkey_island.cc.mongomock_fixtures import * # noqa: F401,F403,E402 from tests.unit_tests.monkey_island.cc.mongomock_fixtures import * # noqa: F401,F403,E402
from tests.unit_tests.monkey_island.cc.services.utils.test_encryption import ( from tests.unit_tests.monkey_island.cc.server_utils.encryption.test_password_based_encryption import ( # noqa: E501
MONKEY_CONFIGS_DIR_PATH, MONKEY_CONFIGS_DIR_PATH,
STANDARD_PLAINTEXT_MONKEY_CONFIG_FILENAME, STANDARD_PLAINTEXT_MONKEY_CONFIG_FILENAME,
) )

View File

@ -1,7 +1,7 @@
import pytest import pytest
from monkey_island.cc.models.utils.field_encryptors.string_list_encryptor import StringListEncryptor from monkey_island.cc.models.utils.field_encryptors.string_list_encryptor import StringListEncryptor
from monkey_island.cc.server_utils.key_encryptor import initialize_encryptor from monkey_island.cc.server_utils.encryption.data_store_encryptor import initialize_encryptor
MOCK_STRING_LIST = ["test_1", "test_2"] MOCK_STRING_LIST = ["test_1", "test_2"]
EMPTY_LIST = [] EMPTY_LIST = []

View File

@ -1,12 +1,16 @@
import pytest import pytest
from tests.unit_tests.monkey_island.cc.server_utils.encryption.test_password_based_encryption import ( # noqa: E501
PASSWORD,
)
from tests.unit_tests.monkey_island.cc.services.utils.ciphertexts_for_encryption_test import ( from tests.unit_tests.monkey_island.cc.services.utils.ciphertexts_for_encryption_test import (
MALFORMED_CIPHER_TEXT_CORRUPTED, MALFORMED_CIPHER_TEXT_CORRUPTED,
) )
from tests.unit_tests.monkey_island.cc.services.utils.test_encryption import PASSWORD
from common.utils.exceptions import InvalidConfigurationError from common.utils.exceptions import InvalidConfigurationError
from monkey_island.cc.resources.configuration_import import ConfigurationImport from monkey_island.cc.resources.configuration_import import ConfigurationImport
from monkey_island.cc.services.utils.password_encryption import PasswordBasedEncryptor from monkey_island.cc.server_utils.encryption.password_based_encryption import (
PasswordBasedEncryptor,
)
def test_is_config_encrypted__json(monkey_config_json): def test_is_config_encrypted__json(monkey_config_json):

View File

@ -1,6 +1,9 @@
import os import os
from monkey_island.cc.server_utils.key_encryptor import get_encryptor, initialize_encryptor from monkey_island.cc.server_utils.encryption.data_store_encryptor import (
get_encryptor,
initialize_encryptor,
)
PASSWORD_FILENAME = "mongo_key.bin" PASSWORD_FILENAME = "mongo_key.bin"

View File

@ -4,7 +4,7 @@ from tests.unit_tests.monkey_island.cc.services.utils.ciphertexts_for_encryption
VALID_CIPHER_TEXT, VALID_CIPHER_TEXT,
) )
from monkey_island.cc.services.utils.password_encryption import ( from monkey_island.cc.server_utils.encryption.password_based_encryption import (
InvalidCredentialsError, InvalidCredentialsError,
PasswordBasedEncryptor, PasswordBasedEncryptor,
) )

View File

@ -5,7 +5,10 @@ import pytest
from common.config_value_paths import AWS_KEYS_PATH from common.config_value_paths import AWS_KEYS_PATH
from monkey_island.cc.database import mongo from monkey_island.cc.database import mongo
from monkey_island.cc.server_utils.key_encryptor import get_encryptor, initialize_encryptor from monkey_island.cc.server_utils.encryption.data_store_encryptor import (
get_encryptor,
initialize_encryptor,
)
from monkey_island.cc.services.config import ConfigService from monkey_island.cc.services.config import ConfigService
from monkey_island.cc.services.zero_trust.scoutsuite.scoutsuite_auth_service import ( from monkey_island.cc.services.zero_trust.scoutsuite.scoutsuite_auth_service import (
is_aws_keys_setup, is_aws_keys_setup,