Agent: Use filecmp instead of sha256 hash in ransomware payload

2022-02-20 14:03:42 -05:00 · 2022-02-20 14:03:42 -05:00 · ccfe0a773e
parent 5fe2f80aa4
commit ccfe0a773e
3 changed files with 6 additions and 8 deletions
--- a/monkey/infection_monkey/payload/ransomware/consts.py
+++ b/monkey/infection_monkey/payload/ransomware/consts.py
@ -2,4 +2,3 @@ from pathlib import Path

 README_SRC = Path(__file__).parent / "ransomware_readme.txt"
 README_FILE_NAME = "README.txt"
-README_SHA256_HASH = "a5608df1d9dbdbb489838f9aaa33b06b6cd8702799ff843b4b1704519541e674"
--- a/monkey/infection_monkey/payload/ransomware/file_selectors.py
+++ b/monkey/infection_monkey/payload/ransomware/file_selectors.py
@ -1,7 +1,7 @@
+import filecmp
 from pathlib import Path
 from typing import List, Set

-from common.utils.file_utils import get_file_sha256_hash
 from infection_monkey.utils.dir_utils import (
    file_extension_filter,
    filter_files,
@ -10,7 +10,7 @@ from infection_monkey.utils.dir_utils import (
    is_not_symlink_filter,
 )

-from .consts import README_FILE_NAME, README_SHA256_HASH
+from .consts import README_FILE_NAME, README_SRC


 class ProductionSafeTargetFileSelector:
@ -33,4 +33,4 @@ def _is_not_ransomware_readme_filter(filepath: Path) -> bool:
    if filepath.name != README_FILE_NAME:
        return True

-    return get_file_sha256_hash(filepath) != README_SHA256_HASH
+    return not filecmp.cmp(filepath, README_SRC)
--- a/monkey/tests/unit_tests/infection_monkey/payload/ransomware/test_readme_dropper.py
+++ b/monkey/tests/unit_tests/infection_monkey/payload/ransomware/test_readme_dropper.py
@ -1,10 +1,11 @@
+import filecmp
+
 import pytest

 from common.utils.file_utils import get_file_sha256_hash
 from infection_monkey.payload.ransomware.readme_dropper import leave_readme

 DEST_FILE = "README.TXT"
-README_HASH = "c98c24b677eff44860afea6f493bbaec5bb1c4cbb209c6fc2bbb47f66ff2ad31"
 EMPTY_FILE_HASH = "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"


@ -22,11 +23,9 @@ def test_readme_already_exists(src_readme, dest_readme):
    dest_readme.touch()

    leave_readme(src_readme, dest_readme)
-
    assert get_file_sha256_hash(dest_readme) == EMPTY_FILE_HASH


 def test_leave_readme(src_readme, dest_readme):
    leave_readme(src_readme, dest_readme)
-
-    assert get_file_sha256_hash(dest_readme) == README_HASH
+    assert filecmp.cmp(src_readme, dest_readme)