p15670423
/
monkey
1
0
Fork 5
Code Issues Pull Requests 3 Projects Releases Wiki Activity

Fix DUO123 warnings

This commit is contained in:
Shreya 2021-04-22 16:39:19 +05:30 committed by Mike Salvatore
parent b0be14193d
commit c0fdc9561f
7 changed files with 52 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
envs/monkey_zoo/blackbox/island_client/monkey_island_requests.py
View File

@ -66,8 +66,8 @@ class MonkeyIslandRequests(object):
return request_function_wrapper return request_function_wrapper
def get_jwt_from_server(self): def get_jwt_from_server(self):
resp = requests.post( resp = requests.post( # noqa: DUO123
self.addr + "api/auth", # noqa: DUO123 self.addr + "api/auth",
json={"username": NO_AUTH_CREDS, "password": NO_AUTH_CREDS}, json={"username": NO_AUTH_CREDS, "password": NO_AUTH_CREDS},
verify=False, verify=False,
) )
@ -75,8 +75,8 @@ class MonkeyIslandRequests(object):
@_Decorators.refresh_jwt_token @_Decorators.refresh_jwt_token
def get(self, url, data=None): def get(self, url, data=None):
return requests.get( return requests.get( # noqa: DUO123
self.addr + url, # noqa: DUO123 self.addr + url,
headers=self.get_jwt_header(), headers=self.get_jwt_header(),
params=data, params=data,
verify=False, verify=False,
@ -84,25 +84,25 @@ class MonkeyIslandRequests(object):
@_Decorators.refresh_jwt_token @_Decorators.refresh_jwt_token
def post(self, url, data): def post(self, url, data):
return requests.post( return requests.post( # noqa: DUO123
self.addr + url, data=data, headers=self.get_jwt_header(), verify=False # noqa: DUO123 self.addr + url, data=data, headers=self.get_jwt_header(), verify=False
) )
@_Decorators.refresh_jwt_token @_Decorators.refresh_jwt_token
def post_json(self, url, data: Dict): def post_json(self, url, data: Dict):
return requests.post( return requests.post( # noqa: DUO123
self.addr + url, json=data, headers=self.get_jwt_header(), verify=False # noqa: DUO123 self.addr + url, json=data, headers=self.get_jwt_header(), verify=False
) )
@_Decorators.refresh_jwt_token @_Decorators.refresh_jwt_token
def patch(self, url, data: Dict): def patch(self, url, data: Dict):
return requests.patch( return requests.patch( # noqa: DUO123
self.addr + url, data=data, headers=self.get_jwt_header(), verify=False # noqa: DUO123 self.addr + url, data=data, headers=self.get_jwt_header(), verify=False
) )
@_Decorators.refresh_jwt_token @_Decorators.refresh_jwt_token
def delete(self, url): def delete(self, url):
return requests.delete( # noqa: DOU123 return requests.delete( # noqa: DUO123
self.addr + url, headers=self.get_jwt_header(), verify=False self.addr + url, headers=self.get_jwt_header(), verify=False
) )

54
monkey/infection_monkey/control.py
View File

@ -64,8 +64,8 @@ class ControlClient(object):
if ControlClient.proxies: if ControlClient.proxies:
monkey["tunnel"] = ControlClient.proxies.get("https") monkey["tunnel"] = ControlClient.proxies.get("https")
requests.post( requests.post( # noqa: DUO123
"https://%s/api/monkey" % (WormConfiguration.current_server,), # noqa: DUO123 "https://%s/api/monkey" % (WormConfiguration.current_server,),
data=json.dumps(monkey), data=json.dumps(monkey),
headers={"content-type": "application/json"}, headers={"content-type": "application/json"},
verify=False, verify=False,
@ -92,8 +92,8 @@ class ControlClient(object):
if ControlClient.proxies: if ControlClient.proxies:
debug_message += " through proxies: %s" % ControlClient.proxies debug_message += " through proxies: %s" % ControlClient.proxies
LOG.debug(debug_message) LOG.debug(debug_message)
requests.get( requests.get( # noqa: DUO123
f"https://{server}/api?action=is-up", # noqa: DUO123 f"https://{server}/api?action=is-up",
verify=False, verify=False,
proxies=ControlClient.proxies, proxies=ControlClient.proxies,
timeout=TIMEOUT_IN_SECONDS, timeout=TIMEOUT_IN_SECONDS,
@ -130,9 +130,8 @@ class ControlClient(object):
monkey = {} monkey = {}
if ControlClient.proxies: if ControlClient.proxies:
monkey["tunnel"] = ControlClient.proxies.get("https") monkey["tunnel"] = ControlClient.proxies.get("https")
requests.patch( requests.patch( # noqa: DUO123
"https://%s/api/monkey/%s" "https://%s/api/monkey/%s" % (WormConfiguration.current_server, GUID),
% (WormConfiguration.current_server, GUID), # noqa: DUO123
data=json.dumps(monkey), data=json.dumps(monkey),
headers={"content-type": "application/json"}, headers={"content-type": "application/json"},
verify=False, verify=False,
@ -155,8 +154,8 @@ class ControlClient(object):
return return
try: try:
telemetry = {"monkey_guid": GUID, "telem_category": telem_category, "data": json_data} telemetry = {"monkey_guid": GUID, "telem_category": telem_category, "data": json_data}
requests.post( requests.post( # noqa: DUO123
"https://%s/api/telemetry" % (WormConfiguration.current_server,), # noqa: DUO123 "https://%s/api/telemetry" % (WormConfiguration.current_server,),
data=json.dumps(telemetry), data=json.dumps(telemetry),
headers={"content-type": "application/json"}, headers={"content-type": "application/json"},
verify=False, verify=False,
@ -174,8 +173,8 @@ class ControlClient(object):
return return
try: try:
telemetry = {"monkey_guid": GUID, "log": json.dumps(log)} telemetry = {"monkey_guid": GUID, "log": json.dumps(log)}
requests.post( requests.post( # noqa: DUO123
"https://%s/api/log" % (WormConfiguration.current_server,), # noqa: DUO123 "https://%s/api/log" % (WormConfiguration.current_server,),
data=json.dumps(telemetry), data=json.dumps(telemetry),
headers={"content-type": "application/json"}, headers={"content-type": "application/json"},
verify=False, verify=False,
@ -192,9 +191,8 @@ class ControlClient(object):
if not WormConfiguration.current_server: if not WormConfiguration.current_server:
return return
try: try:
reply = requests.get( reply = requests.get( # noqa: DUO123
"https://%s/api/monkey/%s" "https://%s/api/monkey/%s" % (WormConfiguration.current_server, GUID),
% (WormConfiguration.current_server, GUID), # noqa: DUO123
verify=False, verify=False,
proxies=ControlClient.proxies, proxies=ControlClient.proxies,
timeout=MEDIUM_REQUEST_TIMEOUT, timeout=MEDIUM_REQUEST_TIMEOUT,
@ -230,9 +228,8 @@ class ControlClient(object):
if not WormConfiguration.current_server: if not WormConfiguration.current_server:
return return
try: try:
requests.patch( requests.patch( # noqa: DUO123
"https://%s/api/monkey/%s" "https://%s/api/monkey/%s" % (WormConfiguration.current_server, GUID),
% (WormConfiguration.current_server, GUID), # noqa: DUO123
data=json.dumps({"config_error": True}), data=json.dumps({"config_error": True}),
headers={"content-type": "application/json"}, headers={"content-type": "application/json"},
verify=False, verify=False,
@ -292,9 +289,9 @@ class ControlClient(object):
if (monkeyfs.isfile(dest_file)) and (size == monkeyfs.getsize(dest_file)): if (monkeyfs.isfile(dest_file)) and (size == monkeyfs.getsize(dest_file)):
return dest_file return dest_file
else: else:
download = requests.get( download = requests.get( # noqa: DUO123
"https://%s/api/monkey/download/%s" "https://%s/api/monkey/download/%s"
% (WormConfiguration.current_server, filename), # noqa: DUO123 % (WormConfiguration.current_server, filename),
verify=False, verify=False,
proxies=ControlClient.proxies, proxies=ControlClient.proxies,
timeout=MEDIUM_REQUEST_TIMEOUT, timeout=MEDIUM_REQUEST_TIMEOUT,
@ -322,9 +319,8 @@ class ControlClient(object):
if not WormConfiguration.current_server: if not WormConfiguration.current_server:
return None, None return None, None
try: try:
reply = requests.post( reply = requests.post( # noqa: DUO123
"https://%s/api/monkey/download" "https://%s/api/monkey/download" % (WormConfiguration.current_server,),
% (WormConfiguration.current_server,), # noqa: DUO123
data=json.dumps(host_dict), data=json.dumps(host_dict),
headers={"content-type": "application/json"}, headers={"content-type": "application/json"},
verify=False, verify=False,
@ -370,8 +366,8 @@ class ControlClient(object):
@staticmethod @staticmethod
def get_pba_file(filename): def get_pba_file(filename):
try: try:
return requests.get( return requests.get( # noqa: DUO123
PBA_FILE_DOWNLOAD % (WormConfiguration.current_server, filename), # noqa: DUO123 PBA_FILE_DOWNLOAD % (WormConfiguration.current_server, filename),
verify=False, verify=False,
proxies=ControlClient.proxies, proxies=ControlClient.proxies,
timeout=LONG_REQUEST_TIMEOUT, timeout=LONG_REQUEST_TIMEOUT,
@ -382,9 +378,9 @@ class ControlClient(object):
@staticmethod @staticmethod
def get_T1216_pba_file(): def get_T1216_pba_file():
try: try:
return requests.get( return requests.get( # noqa: DUO123
urljoin( urljoin(
f"https://{WormConfiguration.current_server}/", # noqa: DUO123 f"https://{WormConfiguration.current_server}/",
T1216_PBA_FILE_DOWNLOAD_PATH, T1216_PBA_FILE_DOWNLOAD_PATH,
), ),
verify=False, verify=False,
@ -416,7 +412,9 @@ class ControlClient(object):
f"https://{WormConfiguration.current_server}/api/monkey_control" f"https://{WormConfiguration.current_server}/api/monkey_control"
f"/check_remote_port/{port}" f"/check_remote_port/{port}"
) )
response = requests.get(url, verify=False, timeout=SHORT_REQUEST_TIMEOUT) response = requests.get( # noqa: DUO123
url, verify=False, timeout=SHORT_REQUEST_TIMEOUT
)
response = json.loads(response.content.decode()) response = json.loads(response.content.decode())
return response["status"] == "port_visible" return response["status"] == "port_visible"
except requests.exceptions.RequestException: except requests.exceptions.RequestException:
@ -424,7 +422,7 @@ class ControlClient(object):
@staticmethod @staticmethod
def report_start_on_island(): def report_start_on_island():
requests.post( requests.post( # noqa: DUO123
f"https://{WormConfiguration.current_server}/api/monkey_control/started_on_island", f"https://{WormConfiguration.current_server}/api/monkey_control/started_on_island",
data=json.dumps({"started_on_island": True}), data=json.dumps({"started_on_island": True}),
verify=False, verify=False,

12
monkey/infection_monkey/exploit/drupal.py
View File

@ -82,8 +82,8 @@ class DrupalExploiter(WebRCE):
""" """
payload = build_exploitability_check_payload(url) payload = build_exploitability_check_payload(url)
response = requests.get( response = requests.get( # noqa: DUO123
f"{url}?_format=hal_json", # noqa: DUO123 f"{url}?_format=hal_json",
json=payload, json=payload,
headers={"Content-Type": "application/hal+json"}, headers={"Content-Type": "application/hal+json"},
verify=False, verify=False,
@ -102,8 +102,8 @@ class DrupalExploiter(WebRCE):
base = remove_port(url) base = remove_port(url)
payload = build_cmd_execution_payload(base, cmd) payload = build_cmd_execution_payload(base, cmd)
r = requests.get( r = requests.get( # noqa: DUO123
f"{url}?_format=hal_json", # noqa: DUO123 f"{url}?_format=hal_json",
json=payload, json=payload,
headers={"Content-Type": "application/hal+json"}, headers={"Content-Type": "application/hal+json"},
verify=False, verify=False,
@ -157,9 +157,9 @@ def find_exploitbale_article_ids(base_url: str, lower: int = 1, upper: int = 100
articles = set() articles = set()
while lower < upper: while lower < upper:
node_url = urljoin(base_url, str(lower)) node_url = urljoin(base_url, str(lower))
response = requests.get( response = requests.get( # noqa: DUO123
node_url, verify=False, timeout=LONG_REQUEST_TIMEOUT node_url, verify=False, timeout=LONG_REQUEST_TIMEOUT
) # noqa: DUO123 )
if response.status_code == 200: if response.status_code == 200:
if is_response_cached(response): if is_response_cached(response):
LOG.info(f"Found a cached article at: {node_url}, skipping") LOG.info(f"Found a cached article at: {node_url}, skipping")

4
monkey/infection_monkey/exploit/shellshock.py
View File

@ -243,9 +243,9 @@ class ShellShockExploiter(HostExploiter):
try: try:
LOG.debug("Header is: %s" % header) LOG.debug("Header is: %s" % header)
LOG.debug("Attack is: %s" % attack) LOG.debug("Attack is: %s" % attack)
r = requests.get( r = requests.get( # noqa: DUO123
url, headers={header: attack}, verify=False, timeout=TIMEOUT url, headers={header: attack}, verify=False, timeout=TIMEOUT
) # noqa: DUO123 )
result = r.content.decode() result = r.content.decode()
return result return result
except requests.exceptions.RequestException as exc: except requests.exceptions.RequestException as exc:

8
monkey/infection_monkey/exploit/weblogic.py
View File

@ -83,9 +83,9 @@ class WebLogic201710271(WebRCE):
else: else:
payload = self.get_exploit_payload("cmd", "/c", command + " 1> NUL 2> NUL") payload = self.get_exploit_payload("cmd", "/c", command + " 1> NUL 2> NUL")
try: try:
post( post( # noqa: DUO123
url, data=payload, headers=HEADERS, timeout=EXECUTION_TIMEOUT, verify=False url, data=payload, headers=HEADERS, timeout=EXECUTION_TIMEOUT, verify=False
) # noqa: DUO123 )
except Exception as e: except Exception as e:
LOG.error("Connection error: %s" % e) LOG.error("Connection error: %s" % e)
return False return False
@ -121,9 +121,9 @@ class WebLogic201710271(WebRCE):
def check_if_exploitable_weblogic(self, url, httpd): def check_if_exploitable_weblogic(self, url, httpd):
payload = self.get_test_payload(ip=httpd.local_ip, port=httpd.local_port) payload = self.get_test_payload(ip=httpd.local_ip, port=httpd.local_port)
try: try:
post( post( # noqa: DUO123
url, data=payload, headers=HEADERS, timeout=REQUEST_DELAY, verify=False url, data=payload, headers=HEADERS, timeout=REQUEST_DELAY, verify=False
) # noqa: DUO123 )
except exceptions.ReadTimeout: except exceptions.ReadTimeout:
# Our request will not get response thus we get ReadTimeout error # Our request will not get response thus we get ReadTimeout error
pass pass

2
monkey/infection_monkey/transport/http.py
View File

@ -126,7 +126,7 @@ class HTTPConnectProxyHandler(http.server.BaseHTTPRequestHandler):
LOG.info("Received bootloader's request: {}".format(post_data)) LOG.info("Received bootloader's request: {}".format(post_data))
try: try:
dest_path = self.path dest_path = self.path
r = requests.post( r = requests.post( # noqa: DUO123
url=dest_path, url=dest_path,
data=post_data, data=post_data,
verify=False, verify=False,

4
monkey/monkey_island/cc/server_utils/bootloader_server.py
View File

@ -33,9 +33,9 @@ class BootloaderHTTPRequestHandler(BaseHTTPRequestHandler):
# The island server doesn't always have a correct SSL cert installed # The island server doesn't always have a correct SSL cert installed
# (By default it comes with a self signed one), # (By default it comes with a self signed one),
# that's why we're not verifying the cert in this request. # that's why we're not verifying the cert in this request.
r = requests.post( r = requests.post( # noqa: DUO123
url=island_server_path, data=post_data, verify=False, timeout=SHORT_REQUEST_TIMEOUT url=island_server_path, data=post_data, verify=False, timeout=SHORT_REQUEST_TIMEOUT
) # noqa: DUO123 )
try: try:
if r.status_code != 200: if r.status_code != 200: