From 0a1782a928503342d0bfceda0d1d38429ee3cf7b Mon Sep 17 00:00:00 2001 From: Shreya Date: Thu, 1 Jul 2021 13:18:32 +0530 Subject: [PATCH 01/13] common: Add validator constants for valid ransomware directory paths --- monkey/common/common_consts/validation_formats.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/monkey/common/common_consts/validation_formats.py b/monkey/common/common_consts/validation_formats.py index 2f04dbe21..c7f92e5e5 100644 --- a/monkey/common/common_consts/validation_formats.py +++ b/monkey/common/common_consts/validation_formats.py @@ -1,3 +1,5 @@ # Defined in UI on ValidationFormats.js IP_RANGE = "ip-range" IP = "ip" +VALID_DIR_LINUX = "valid-directory-linux" +VALID_DIR_WINDOWS = "valid-directory-windows" From 73c61ebcf0847182a4e40d7f5f54ed4434948eb4 Mon Sep 17 00:00:00 2001 From: Shreya Date: Thu, 1 Jul 2021 13:19:44 +0530 Subject: [PATCH 02/13] island: Add ransomware directory path validators to ransomware schema --- monkey/monkey_island/cc/services/config_schema/ransomware.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/monkey/monkey_island/cc/services/config_schema/ransomware.py b/monkey/monkey_island/cc/services/config_schema/ransomware.py index 116a6ca70..4e03af168 100644 --- a/monkey/monkey_island/cc/services/config_schema/ransomware.py +++ b/monkey/monkey_island/cc/services/config_schema/ransomware.py @@ -1,3 +1,5 @@ +from common.common_consts.validation_formats import VALID_DIR_LINUX, VALID_DIR_WINDOWS + RANSOMWARE = { "title": "Ransomware", "type": "object", @@ -20,6 +22,7 @@ RANSOMWARE = { "linux_target_dir": { "title": "Linux target directory", "type": "string", + "format": VALID_DIR_LINUX, "default": "", "description": "A path to a directory on Linux systems that contains " "files that you will allow Infection Monkey to encrypt. If no " @@ -28,6 +31,7 @@ RANSOMWARE = { "windows_target_dir": { "title": "Windows target directory", "type": "string", + "format": VALID_DIR_WINDOWS, "default": "", "description": "A path to a directory on Windows systems that contains " "files that you will allow Infection Monkey to encrypt. If no " From 8af93c430430e318d98e62743392e889f93a6876 Mon Sep 17 00:00:00 2001 From: Shreya Date: Thu, 1 Jul 2021 13:22:09 +0530 Subject: [PATCH 03/13] cc: Add ransomware directory path validation error messages --- .../configuration-components/ValidationErrorMessages.js | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationErrorMessages.js b/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationErrorMessages.js index a5782948a..803e4e7e7 100644 --- a/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationErrorMessages.js +++ b/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationErrorMessages.js @@ -1,4 +1,6 @@ -import {IP, IP_RANGE} from './ValidationFormats'; +import {IP, IP_RANGE, VALID_DIR_LINUX, VALID_DIR_WINDOWS} from './ValidationFormats'; + +let invalidDirMessage = 'Invalid directory. Path should be absolute or begin with an environment variable.'; export default function transformErrors(errors) { return errors.map(error => { @@ -8,6 +10,10 @@ export default function transformErrors(errors) { error.message = 'Invalid IP range, refer to description for valid examples.' } else if (error.name === 'format' && error.params.format === IP) { error.message = 'Invalid IP.' + } else if (error.name === 'format' && error.params.format === VALID_DIR_LINUX) { + error.message = invalidDirMessage + } else if (error.name === 'format' && error.params.format === VALID_DIR_WINDOWS) { + error.message = invalidDirMessage } return error; }); From 3d48a11fc25ab0af5aef8c473345b435c6c25180 Mon Sep 17 00:00:00 2001 From: Shreya Date: Thu, 1 Jul 2021 13:29:05 +0530 Subject: [PATCH 04/13] cc: Add regex validators for ransomware directory path validation --- .../ValidationFormats.js | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationFormats.js b/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationFormats.js index ff0b4706b..02a8ec506 100644 --- a/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationFormats.js +++ b/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationFormats.js @@ -1,13 +1,22 @@ const ipRegex = '((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)' const cidrNotationRegex = '([0-9]|1[0-9]|2[0-9]|3[0-2])' const hostnameRegex = '^([A-Za-z0-9]*[A-Za-z]+[A-Za-z0-9]*.?)*([A-Za-z0-9]*[A-Za-z]+[A-Za-z0-9]*)$' +// path starts with `/` OR `$` +const linuxDirRegex = '^/|\\$' +// path starts like `C:\` OR `C:/` OR `$` OR `%abc%` +const windowsDirRegex = '^([A-Za-z]:(\\\\|\\/))|\\$|(%\\w*\\d*\\s*%)' + export const IP_RANGE = 'ip-range'; export const IP = 'ip'; +export const VALID_DIR_LINUX = 'valid-directory-linux' +export const VALID_DIR_WINDOWS = 'valid-directory-windows' export const formValidationFormats = { [IP_RANGE]: buildIpRangeRegex(), - [IP]: buildIpRegex() + [IP]: buildIpRegex(), + [VALID_DIR_LINUX]: buildValidDirLinuxRegex(), + [VALID_DIR_WINDOWS]: buildValidDirWindowsRegex() }; function buildIpRangeRegex(){ @@ -22,3 +31,11 @@ function buildIpRangeRegex(){ function buildIpRegex(){ return new RegExp('^'+ipRegex+'$') } + +function buildValidDirLinuxRegex() { + return new RegExp(linuxDirRegex) +} + +function buildValidDirWindowsRegex() { + return new RegExp(windowsDirRegex) +} From 1768c0cdf66655a33cd01d808d6540019b9006b4 Mon Sep 17 00:00:00 2001 From: Shreya Date: Fri, 2 Jul 2021 16:04:46 +0530 Subject: [PATCH 05/13] cc: Fix regex bug when validating ransomware target directories --- .../components/configuration-components/ValidationFormats.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationFormats.js b/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationFormats.js index 02a8ec506..d7b30c13a 100644 --- a/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationFormats.js +++ b/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationFormats.js @@ -2,9 +2,9 @@ const ipRegex = '((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0 const cidrNotationRegex = '([0-9]|1[0-9]|2[0-9]|3[0-2])' const hostnameRegex = '^([A-Za-z0-9]*[A-Za-z]+[A-Za-z0-9]*.?)*([A-Za-z0-9]*[A-Za-z]+[A-Za-z0-9]*)$' // path starts with `/` OR `$` -const linuxDirRegex = '^/|\\$' +const linuxDirRegex = '^/|^\\$' // path starts like `C:\` OR `C:/` OR `$` OR `%abc%` -const windowsDirRegex = '^([A-Za-z]:(\\\\|\\/))|\\$|(%\\w*\\d*\\s*%)' +const windowsDirRegex = '^([A-Za-z]:(\\\\|\\/))|^\\$|^(%\\w*\\d*\\s*%)' export const IP_RANGE = 'ip-range'; From 54072b6632d4cd5c58eca0769573e06c416d8b79 Mon Sep 17 00:00:00 2001 From: Shreya Date: Fri, 2 Jul 2021 16:09:40 +0530 Subject: [PATCH 06/13] cc: Make whitespace-only a valid input for ransomware target directory paths --- .../configuration-components/ValidationFormats.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationFormats.js b/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationFormats.js index d7b30c13a..e03519c5d 100644 --- a/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationFormats.js +++ b/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationFormats.js @@ -1,10 +1,10 @@ const ipRegex = '((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)' const cidrNotationRegex = '([0-9]|1[0-9]|2[0-9]|3[0-2])' const hostnameRegex = '^([A-Za-z0-9]*[A-Za-z]+[A-Za-z0-9]*.?)*([A-Za-z0-9]*[A-Za-z]+[A-Za-z0-9]*)$' -// path starts with `/` OR `$` -const linuxDirRegex = '^/|^\\$' -// path starts like `C:\` OR `C:/` OR `$` OR `%abc%` -const windowsDirRegex = '^([A-Za-z]:(\\\\|\\/))|^\\$|^(%\\w*\\d*\\s*%)' +// path is empty, or starts with `/` OR `$` +const linuxDirRegex = '(^\\s*$)|^/|^\\$' +// path is empty, or starts like `C:\` OR `C:/` OR `$` OR `%abc%` +const windowsDirRegex = '(^\\s*$)|^([A-Za-z]:(\\\\|\\/))|^\\$|^(%\\w*\\d*\\s*%)' export const IP_RANGE = 'ip-range'; From 3496c717a9dea4b3dd5ae61807856f6b1407208b Mon Sep 17 00:00:00 2001 From: Shreya Date: Fri, 2 Jul 2021 16:36:54 +0530 Subject: [PATCH 07/13] cc, common: Split ransomware dir path validator regex expressions and rename related stuff to accurately describe it --- .../common_consts/validation_formats.py | 4 +-- .../cc/services/config_schema/ransomware.py | 9 +++-- .../ValidationErrorMessages.js | 6 ++-- .../ValidationFormats.js | 36 ++++++++++++------- 4 files changed, 35 insertions(+), 20 deletions(-) diff --git a/monkey/common/common_consts/validation_formats.py b/monkey/common/common_consts/validation_formats.py index c7f92e5e5..41a460a8a 100644 --- a/monkey/common/common_consts/validation_formats.py +++ b/monkey/common/common_consts/validation_formats.py @@ -1,5 +1,5 @@ # Defined in UI on ValidationFormats.js IP_RANGE = "ip-range" IP = "ip" -VALID_DIR_LINUX = "valid-directory-linux" -VALID_DIR_WINDOWS = "valid-directory-windows" +VALID_RANSOMWARE_TARGET_PATH_LINUX = "valid-ransomware-target-path-linux" +VALID_RANSOMWARE_TARGET_PATH_WINDOWS = "valid-ransomware-target-path-windows" diff --git a/monkey/monkey_island/cc/services/config_schema/ransomware.py b/monkey/monkey_island/cc/services/config_schema/ransomware.py index 4e03af168..be4403c6f 100644 --- a/monkey/monkey_island/cc/services/config_schema/ransomware.py +++ b/monkey/monkey_island/cc/services/config_schema/ransomware.py @@ -1,4 +1,7 @@ -from common.common_consts.validation_formats import VALID_DIR_LINUX, VALID_DIR_WINDOWS +from common.common_consts.validation_formats import ( + VALID_RANSOMWARE_TARGET_PATH_LINUX, + VALID_RANSOMWARE_TARGET_PATH_WINDOWS, +) RANSOMWARE = { "title": "Ransomware", @@ -22,7 +25,7 @@ RANSOMWARE = { "linux_target_dir": { "title": "Linux target directory", "type": "string", - "format": VALID_DIR_LINUX, + "format": VALID_RANSOMWARE_TARGET_PATH_LINUX, "default": "", "description": "A path to a directory on Linux systems that contains " "files that you will allow Infection Monkey to encrypt. If no " @@ -31,7 +34,7 @@ RANSOMWARE = { "windows_target_dir": { "title": "Windows target directory", "type": "string", - "format": VALID_DIR_WINDOWS, + "format": VALID_RANSOMWARE_TARGET_PATH_WINDOWS, "default": "", "description": "A path to a directory on Windows systems that contains " "files that you will allow Infection Monkey to encrypt. If no " diff --git a/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationErrorMessages.js b/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationErrorMessages.js index 803e4e7e7..3c7280f97 100644 --- a/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationErrorMessages.js +++ b/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationErrorMessages.js @@ -1,4 +1,4 @@ -import {IP, IP_RANGE, VALID_DIR_LINUX, VALID_DIR_WINDOWS} from './ValidationFormats'; +import {IP, IP_RANGE, VALID_RANSOMWARE_TARGET_PATH_LINUX, VALID_RANSOMWARE_TARGET_PATH_WINDOWS} from './ValidationFormats'; let invalidDirMessage = 'Invalid directory. Path should be absolute or begin with an environment variable.'; @@ -10,9 +10,9 @@ export default function transformErrors(errors) { error.message = 'Invalid IP range, refer to description for valid examples.' } else if (error.name === 'format' && error.params.format === IP) { error.message = 'Invalid IP.' - } else if (error.name === 'format' && error.params.format === VALID_DIR_LINUX) { + } else if (error.name === 'format' && error.params.format === VALID_RANSOMWARE_TARGET_PATH_LINUX) { error.message = invalidDirMessage - } else if (error.name === 'format' && error.params.format === VALID_DIR_WINDOWS) { + } else if (error.name === 'format' && error.params.format === VALID_RANSOMWARE_TARGET_PATH_WINDOWS) { error.message = invalidDirMessage } return error; diff --git a/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationFormats.js b/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationFormats.js index e03519c5d..1038c45a2 100644 --- a/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationFormats.js +++ b/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationFormats.js @@ -1,22 +1,26 @@ const ipRegex = '((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)' const cidrNotationRegex = '([0-9]|1[0-9]|2[0-9]|3[0-2])' const hostnameRegex = '^([A-Za-z0-9]*[A-Za-z]+[A-Za-z0-9]*.?)*([A-Za-z0-9]*[A-Za-z]+[A-Za-z0-9]*)$' -// path is empty, or starts with `/` OR `$` -const linuxDirRegex = '(^\\s*$)|^/|^\\$' -// path is empty, or starts like `C:\` OR `C:/` OR `$` OR `%abc%` -const windowsDirRegex = '(^\\s*$)|^([A-Za-z]:(\\\\|\\/))|^\\$|^(%\\w*\\d*\\s*%)' + +const linuxAbsolutePathRegex = '^/' // path starts with `/` +const linuxPathStartsWithEnvVariableRegex = '^\\$' // path starts with `$` + +const windowsAbsolutePathRegex = '^([A-Za-z]:(\\\\|\\/))' // path starts like `C:\` OR `C:/` +const windowsPathStartsWithEnvVariableRegex = '^\\$|^(%\\w*\\d*\\s*%)' // path starts like `$` OR `%abc%` + +const whitespacesOnlyRegex = '^\\s*$' export const IP_RANGE = 'ip-range'; export const IP = 'ip'; -export const VALID_DIR_LINUX = 'valid-directory-linux' -export const VALID_DIR_WINDOWS = 'valid-directory-windows' +export const VALID_RANSOMWARE_TARGET_PATH_LINUX = 'valid-ransomware-target-path-linux' +export const VALID_RANSOMWARE_TARGET_PATH_WINDOWS = 'valid-ransomware-target-path-windows' export const formValidationFormats = { [IP_RANGE]: buildIpRangeRegex(), [IP]: buildIpRegex(), - [VALID_DIR_LINUX]: buildValidDirLinuxRegex(), - [VALID_DIR_WINDOWS]: buildValidDirWindowsRegex() + [VALID_RANSOMWARE_TARGET_PATH_LINUX]: buildValidRansomwarePathLinuxRegex(), + [VALID_RANSOMWARE_TARGET_PATH_WINDOWS]: buildValidRansomwarePathWindowsRegex() }; function buildIpRangeRegex(){ @@ -32,10 +36,18 @@ function buildIpRegex(){ return new RegExp('^'+ipRegex+'$') } -function buildValidDirLinuxRegex() { - return new RegExp(linuxDirRegex) +function buildValidRansomwarePathLinuxRegex() { + return new RegExp([ + whitespacesOnlyRegex, + linuxAbsolutePathRegex, + linuxPathStartsWithEnvVariableRegex + ].join('|')) } -function buildValidDirWindowsRegex() { - return new RegExp(windowsDirRegex) +function buildValidRansomwarePathWindowsRegex() { + return new RegExp([ + whitespacesOnlyRegex, + windowsAbsolutePathRegex, + windowsPathStartsWithEnvVariableRegex + ].join('|')) } From dc305d8e1682d8391165656ad16b487c72b21eb7 Mon Sep 17 00:00:00 2001 From: Shreya Date: Mon, 5 Jul 2021 15:22:20 +0530 Subject: [PATCH 08/13] cc: Add validation format (starts wih `~`) for ransomware linux target directory --- .../components/configuration-components/ValidationFormats.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationFormats.js b/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationFormats.js index 1038c45a2..540942f80 100644 --- a/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationFormats.js +++ b/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationFormats.js @@ -4,6 +4,7 @@ const hostnameRegex = '^([A-Za-z0-9]*[A-Za-z]+[A-Za-z0-9]*.?)*([A-Za-z0-9]*[A-Za const linuxAbsolutePathRegex = '^/' // path starts with `/` const linuxPathStartsWithEnvVariableRegex = '^\\$' // path starts with `$` +const linuxPathStartsWithTilde = '^~' // path starts with `~` const windowsAbsolutePathRegex = '^([A-Za-z]:(\\\\|\\/))' // path starts like `C:\` OR `C:/` const windowsPathStartsWithEnvVariableRegex = '^\\$|^(%\\w*\\d*\\s*%)' // path starts like `$` OR `%abc%` @@ -40,7 +41,8 @@ function buildValidRansomwarePathLinuxRegex() { return new RegExp([ whitespacesOnlyRegex, linuxAbsolutePathRegex, - linuxPathStartsWithEnvVariableRegex + linuxPathStartsWithEnvVariableRegex, + linuxPathStartsWithTilde ].join('|')) } From df6082b50a14ae5721f2e1a743abdffdca11ac66 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Mon, 5 Jul 2021 13:46:01 -0400 Subject: [PATCH 09/13] Island: Refactor linux/windows ransomware path regexes Refactored because the escape characters were cumbersome and difficult to read when regexes were defined as strings. Also allow special characters in Windows environment variable names as per https://ss64.com/nt/syntax-variables.html --- .../ValidationFormats.js | 31 +++++++++++-------- 1 file changed, 18 insertions(+), 13 deletions(-) diff --git a/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationFormats.js b/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationFormats.js index 540942f80..6c4ba15a1 100644 --- a/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationFormats.js +++ b/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationFormats.js @@ -2,14 +2,19 @@ const ipRegex = '((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0 const cidrNotationRegex = '([0-9]|1[0-9]|2[0-9]|3[0-2])' const hostnameRegex = '^([A-Za-z0-9]*[A-Za-z]+[A-Za-z0-9]*.?)*([A-Za-z0-9]*[A-Za-z]+[A-Za-z0-9]*)$' -const linuxAbsolutePathRegex = '^/' // path starts with `/` -const linuxPathStartsWithEnvVariableRegex = '^\\$' // path starts with `$` -const linuxPathStartsWithTilde = '^~' // path starts with `~` -const windowsAbsolutePathRegex = '^([A-Za-z]:(\\\\|\\/))' // path starts like `C:\` OR `C:/` -const windowsPathStartsWithEnvVariableRegex = '^\\$|^(%\\w*\\d*\\s*%)' // path starts like `$` OR `%abc%` +const linuxAbsolutePathRegex = /^\// // path starts with `/` +const linuxPathStartsWithEnvVariableRegex = /^\$/ // path starts with `$` +const linuxPathStartsWithTildeRegex = /^~/ // path starts with `~` -const whitespacesOnlyRegex = '^\\s*$' + +const windowsAbsolutePathRegex = /^([A-Za-z]:(\\|\/))/ // path starts like `C:\` OR `C:/` +const windowsEnvVarNonNumeric = '[A-Za-z#\\$\'\\(\\)\\*\\+,-\\.\\?@\\[\\]_`\\{\\}~+ ]' +const windowsPathStartsWithEnvVariableRegex = new RegExp( + `^\\$|^%(${windowsEnvVarNonNumeric}+(${windowsEnvVarNonNumeric}|\\d)*)%` +);// path starts like `$` OR `%abc%` + +const emptyRegex = /^$/ export const IP_RANGE = 'ip-range'; @@ -39,17 +44,17 @@ function buildIpRegex(){ function buildValidRansomwarePathLinuxRegex() { return new RegExp([ - whitespacesOnlyRegex, - linuxAbsolutePathRegex, - linuxPathStartsWithEnvVariableRegex, - linuxPathStartsWithTilde + emptyRegex.source, + linuxAbsolutePathRegex.source, + linuxPathStartsWithEnvVariableRegex.source, + linuxPathStartsWithTildeRegex.source ].join('|')) } function buildValidRansomwarePathWindowsRegex() { return new RegExp([ - whitespacesOnlyRegex, - windowsAbsolutePathRegex, - windowsPathStartsWithEnvVariableRegex + emptyRegex.source, + windowsAbsolutePathRegex.source, + windowsPathStartsWithEnvVariableRegex.source ].join('|')) } From 9d4ee88e0958fb43ac95e561374e830505be91ec Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Mon, 5 Jul 2021 13:50:13 -0400 Subject: [PATCH 10/13] Island: Do not allow Windows ransomware target paths beginning with "$" As far as I can tell, environment variables in Windows look like %NAME%. Variables in powershell begin with $, but file explorer doesn't recognize paths beginning with $ as valid. --- .../components/configuration-components/ValidationFormats.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationFormats.js b/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationFormats.js index 6c4ba15a1..414d6071a 100644 --- a/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationFormats.js +++ b/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationFormats.js @@ -11,7 +11,7 @@ const linuxPathStartsWithTildeRegex = /^~/ // path starts with `~` const windowsAbsolutePathRegex = /^([A-Za-z]:(\\|\/))/ // path starts like `C:\` OR `C:/` const windowsEnvVarNonNumeric = '[A-Za-z#\\$\'\\(\\)\\*\\+,-\\.\\?@\\[\\]_`\\{\\}~+ ]' const windowsPathStartsWithEnvVariableRegex = new RegExp( - `^\\$|^%(${windowsEnvVarNonNumeric}+(${windowsEnvVarNonNumeric}|\\d)*)%` + `^%(${windowsEnvVarNonNumeric}+(${windowsEnvVarNonNumeric}|\\d)*)%` );// path starts like `$` OR `%abc%` const emptyRegex = /^$/ From d2dda4519fde7390624c71abd18a246d20cd6857 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Mon, 5 Jul 2021 13:54:04 -0400 Subject: [PATCH 11/13] Island: Allow Windows ransomware target paths to be UNC paths --- .../configuration-components/ValidationFormats.js | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationFormats.js b/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationFormats.js index 414d6071a..d7c0a371c 100644 --- a/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationFormats.js +++ b/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationFormats.js @@ -12,8 +12,8 @@ const windowsAbsolutePathRegex = /^([A-Za-z]:(\\|\/))/ // path starts like `C:\` const windowsEnvVarNonNumeric = '[A-Za-z#\\$\'\\(\\)\\*\\+,-\\.\\?@\\[\\]_`\\{\\}~+ ]' const windowsPathStartsWithEnvVariableRegex = new RegExp( `^%(${windowsEnvVarNonNumeric}+(${windowsEnvVarNonNumeric}|\\d)*)%` -);// path starts like `$` OR `%abc%` - +) // path starts like `$` OR `%abc%` +const windowsUncPathRegex = /^\\{2}/ // Path starts like `\\` const emptyRegex = /^$/ @@ -55,6 +55,7 @@ function buildValidRansomwarePathWindowsRegex() { return new RegExp([ emptyRegex.source, windowsAbsolutePathRegex.source, - windowsPathStartsWithEnvVariableRegex.source + windowsPathStartsWithEnvVariableRegex.source, + windowsUncPathRegex.source ].join('|')) } From 638db3d7e07256bc1473faab0ae3f5f5992e378a Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Tue, 6 Jul 2021 06:22:24 -0400 Subject: [PATCH 12/13] Island: Escape '-' character in environment variable regex Co-authored-by: Shreya Malviya --- .../components/configuration-components/ValidationFormats.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationFormats.js b/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationFormats.js index d7c0a371c..bac83c9f2 100644 --- a/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationFormats.js +++ b/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationFormats.js @@ -9,7 +9,7 @@ const linuxPathStartsWithTildeRegex = /^~/ // path starts with `~` const windowsAbsolutePathRegex = /^([A-Za-z]:(\\|\/))/ // path starts like `C:\` OR `C:/` -const windowsEnvVarNonNumeric = '[A-Za-z#\\$\'\\(\\)\\*\\+,-\\.\\?@\\[\\]_`\\{\\}~+ ]' +const windowsEnvVarNonNumeric = '[A-Za-z#\\$\'\\(\\)\\*\\+,\\-\\.\\?@\\[\\]_`\\{\\}~+ ]' const windowsPathStartsWithEnvVariableRegex = new RegExp( `^%(${windowsEnvVarNonNumeric}+(${windowsEnvVarNonNumeric}|\\d)*)%` ) // path starts like `$` OR `%abc%` From 4bec9576aaf23f12b2065c24749fcb00538ec00f Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Tue, 6 Jul 2021 06:27:31 -0400 Subject: [PATCH 13/13] Island: Remove extra + from windows environment variable regex --- .../components/configuration-components/ValidationFormats.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationFormats.js b/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationFormats.js index bac83c9f2..70d9f82fd 100644 --- a/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationFormats.js +++ b/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationFormats.js @@ -9,7 +9,7 @@ const linuxPathStartsWithTildeRegex = /^~/ // path starts with `~` const windowsAbsolutePathRegex = /^([A-Za-z]:(\\|\/))/ // path starts like `C:\` OR `C:/` -const windowsEnvVarNonNumeric = '[A-Za-z#\\$\'\\(\\)\\*\\+,\\-\\.\\?@\\[\\]_`\\{\\}~+ ]' +const windowsEnvVarNonNumeric = '[A-Za-z#\\$\'\\(\\)\\*\\+,\\-\\.\\?@\\[\\]_`\\{\\}~ ]' const windowsPathStartsWithEnvVariableRegex = new RegExp( `^%(${windowsEnvVarNonNumeric}+(${windowsEnvVarNonNumeric}|\\d)*)%` ) // path starts like `$` OR `%abc%`