Island: Rename get_encryptor and initialize_encryptor
Renamed to get_datastore_encryptor and initialize_datastore_encryptor
This commit is contained in:
parent
e0779347b2
commit
e2ede28967
|
@ -1,14 +1,14 @@
|
|||
from typing import List
|
||||
|
||||
from monkey_island.cc.models.utils.field_encryptors.i_field_encryptor import IFieldEncryptor
|
||||
from monkey_island.cc.server_utils.encryption import get_encryptor
|
||||
from monkey_island.cc.server_utils.encryption import get_datastore_encryptor
|
||||
|
||||
|
||||
class StringListEncryptor(IFieldEncryptor):
|
||||
@staticmethod
|
||||
def encrypt(value: List[str]):
|
||||
return [get_encryptor().enc(string) for string in value]
|
||||
return [get_datastore_encryptor().enc(string) for string in value]
|
||||
|
||||
@staticmethod
|
||||
def decrypt(value: List[str]):
|
||||
return [get_encryptor().dec(string) for string in value]
|
||||
return [get_datastore_encryptor().dec(string) for string in value]
|
||||
|
|
|
@ -27,7 +27,7 @@ from monkey_island.cc.server_utils.consts import ( # noqa: E402
|
|||
GEVENT_EXCEPTION_LOG,
|
||||
MONGO_CONNECTION_TIMEOUT,
|
||||
)
|
||||
from monkey_island.cc.server_utils.encryption import initialize_encryptor # noqa: E402
|
||||
from monkey_island.cc.server_utils.encryption import initialize_datastore_encryptor # noqa: E402
|
||||
from monkey_island.cc.server_utils.island_logger import reset_logger, setup_logging # noqa: E402
|
||||
from monkey_island.cc.services.initialize import initialize_services # noqa: E402
|
||||
from monkey_island.cc.services.reporting.exporter_init import populate_exporter_list # noqa: E402
|
||||
|
@ -88,7 +88,7 @@ def _configure_logging(config_options):
|
|||
def _initialize_globals(config_options: IslandConfigOptions, server_config_path: str):
|
||||
env_singleton.initialize_from_file(server_config_path)
|
||||
|
||||
initialize_encryptor(config_options.data_dir)
|
||||
initialize_datastore_encryptor(config_options.data_dir)
|
||||
initialize_services(config_options.data_dir)
|
||||
|
||||
|
||||
|
|
|
@ -8,6 +8,6 @@ from monkey_island.cc.server_utils.encryption.password_based_encryption import (
|
|||
)
|
||||
from monkey_island.cc.server_utils.encryption.data_store_encryptor import (
|
||||
DataStoreEncryptor,
|
||||
get_encryptor,
|
||||
initialize_encryptor,
|
||||
get_datastore_encryptor,
|
||||
initialize_datastore_encryptor,
|
||||
)
|
||||
|
|
|
@ -40,11 +40,11 @@ class DataStoreEncryptor:
|
|||
return self._key_base_encryptor.decrypt(enc_message)
|
||||
|
||||
|
||||
def initialize_encryptor(key_file_dir):
|
||||
def initialize_datastore_encryptor(key_file_dir):
|
||||
global _encryptor
|
||||
|
||||
_encryptor = DataStoreEncryptor(key_file_dir)
|
||||
|
||||
|
||||
def get_encryptor():
|
||||
def get_datastore_encryptor():
|
||||
return _encryptor
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
from monkey_island.cc.server_utils.encryption import get_encryptor
|
||||
from monkey_island.cc.server_utils.encryption import get_datastore_encryptor
|
||||
|
||||
|
||||
def parse_creds(attempt):
|
||||
|
@ -29,7 +29,7 @@ def censor_password(password, plain_chars=3, secret_chars=5):
|
|||
"""
|
||||
if not password:
|
||||
return ""
|
||||
password = get_encryptor().dec(password)
|
||||
password = get_datastore_encryptor().dec(password)
|
||||
return password[0:plain_chars] + "*" * secret_chars
|
||||
|
||||
|
||||
|
@ -42,5 +42,5 @@ def censor_hash(hash_, plain_chars=5):
|
|||
"""
|
||||
if not hash_:
|
||||
return ""
|
||||
hash_ = get_encryptor().dec(hash_)
|
||||
hash_ = get_datastore_encryptor().dec(hash_)
|
||||
return hash_[0:plain_chars] + " ..."
|
||||
|
|
|
@ -19,7 +19,7 @@ from common.config_value_paths import (
|
|||
USER_LIST_PATH,
|
||||
)
|
||||
from monkey_island.cc.database import mongo
|
||||
from monkey_island.cc.server_utils.encryption import get_encryptor
|
||||
from monkey_island.cc.server_utils.encryption import get_datastore_encryptor
|
||||
from monkey_island.cc.services.config_manipulator import update_config_per_mode
|
||||
from monkey_island.cc.services.config_schema.config_schema import SCHEMA
|
||||
from monkey_island.cc.services.mode.island_mode_service import ModeNotSetError, get_mode
|
||||
|
@ -90,9 +90,9 @@ class ConfigService:
|
|||
if should_decrypt:
|
||||
if config_key_as_arr in ENCRYPTED_CONFIG_VALUES:
|
||||
if isinstance(config, str):
|
||||
config = get_encryptor().dec(config)
|
||||
config = get_datastore_encryptor().dec(config)
|
||||
elif isinstance(config, list):
|
||||
config = [get_encryptor().dec(x) for x in config]
|
||||
config = [get_datastore_encryptor().dec(x) for x in config]
|
||||
return config
|
||||
|
||||
@staticmethod
|
||||
|
@ -130,7 +130,7 @@ class ConfigService:
|
|||
if item_value in items_from_config:
|
||||
return
|
||||
if should_encrypt:
|
||||
item_value = get_encryptor().enc(item_value)
|
||||
item_value = get_datastore_encryptor().enc(item_value)
|
||||
mongo.db.config.update(
|
||||
{"name": "newconfig"}, {"$addToSet": {item_key: item_value}}, upsert=False
|
||||
)
|
||||
|
@ -349,9 +349,11 @@ class ConfigService:
|
|||
ConfigService.decrypt_ssh_key_pair(item) for item in flat_config[key]
|
||||
]
|
||||
else:
|
||||
flat_config[key] = [get_encryptor().dec(item) for item in flat_config[key]]
|
||||
flat_config[key] = [
|
||||
get_datastore_encryptor().dec(item) for item in flat_config[key]
|
||||
]
|
||||
else:
|
||||
flat_config[key] = get_encryptor().dec(flat_config[key])
|
||||
flat_config[key] = get_datastore_encryptor().dec(flat_config[key])
|
||||
return flat_config
|
||||
|
||||
@staticmethod
|
||||
|
@ -377,25 +379,25 @@ class ConfigService:
|
|||
)
|
||||
else:
|
||||
config_arr[i] = (
|
||||
get_encryptor().dec(config_arr[i])
|
||||
get_datastore_encryptor().dec(config_arr[i])
|
||||
if is_decrypt
|
||||
else get_encryptor().enc(config_arr[i])
|
||||
else get_datastore_encryptor().enc(config_arr[i])
|
||||
)
|
||||
else:
|
||||
parent_config_arr[config_arr_as_array[-1]] = (
|
||||
get_encryptor().dec(config_arr)
|
||||
get_datastore_encryptor().dec(config_arr)
|
||||
if is_decrypt
|
||||
else get_encryptor().enc(config_arr)
|
||||
else get_datastore_encryptor().enc(config_arr)
|
||||
)
|
||||
|
||||
@staticmethod
|
||||
def decrypt_ssh_key_pair(pair, encrypt=False):
|
||||
if encrypt:
|
||||
pair["public_key"] = get_encryptor().enc(pair["public_key"])
|
||||
pair["private_key"] = get_encryptor().enc(pair["private_key"])
|
||||
pair["public_key"] = get_datastore_encryptor().enc(pair["public_key"])
|
||||
pair["private_key"] = get_datastore_encryptor().enc(pair["private_key"])
|
||||
else:
|
||||
pair["public_key"] = get_encryptor().dec(pair["public_key"])
|
||||
pair["private_key"] = get_encryptor().dec(pair["private_key"])
|
||||
pair["public_key"] = get_datastore_encryptor().dec(pair["public_key"])
|
||||
pair["private_key"] = get_datastore_encryptor().dec(pair["private_key"])
|
||||
return pair
|
||||
|
||||
@staticmethod
|
||||
|
|
|
@ -3,7 +3,7 @@ import copy
|
|||
import dateutil
|
||||
|
||||
from monkey_island.cc.models import Monkey
|
||||
from monkey_island.cc.server_utils.encryption import get_encryptor
|
||||
from monkey_island.cc.server_utils.encryption import get_datastore_encryptor
|
||||
from monkey_island.cc.services.config import ConfigService
|
||||
from monkey_island.cc.services.edge.displayed_edge import EdgeService
|
||||
from monkey_island.cc.services.node import NodeService
|
||||
|
@ -76,4 +76,4 @@ def encrypt_exploit_creds(telemetry_json):
|
|||
credential = attempts[i][field]
|
||||
if credential: # PowerShell exploiter's telem may have `None` here
|
||||
if len(credential) > 0:
|
||||
attempts[i][field] = get_encryptor().enc(credential)
|
||||
attempts[i][field] = get_datastore_encryptor().enc(credential)
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
import logging
|
||||
|
||||
from monkey_island.cc.server_utils.encryption import get_encryptor
|
||||
from monkey_island.cc.server_utils.encryption import get_datastore_encryptor
|
||||
from monkey_island.cc.services.config import ConfigService
|
||||
from monkey_island.cc.services.node import NodeService
|
||||
from monkey_island.cc.services.telemetry.processing.system_info_collectors.system_info_telemetry_dispatcher import ( # noqa: E501
|
||||
|
@ -70,7 +70,7 @@ def encrypt_system_info_ssh_keys(ssh_info):
|
|||
for idx, user in enumerate(ssh_info):
|
||||
for field in ["public_key", "private_key", "known_hosts"]:
|
||||
if ssh_info[idx][field]:
|
||||
ssh_info[idx][field] = get_encryptor().enc(ssh_info[idx][field])
|
||||
ssh_info[idx][field] = get_datastore_encryptor().enc(ssh_info[idx][field])
|
||||
|
||||
|
||||
def process_credential_info(telemetry_json):
|
||||
|
|
|
@ -5,7 +5,7 @@ from ScoutSuite.providers.base.authentication_strategy import AuthenticationExce
|
|||
from common.cloud.scoutsuite_consts import CloudProviders
|
||||
from common.config_value_paths import AWS_KEYS_PATH
|
||||
from common.utils.exceptions import InvalidAWSKeys
|
||||
from monkey_island.cc.server_utils.encryption import get_encryptor
|
||||
from monkey_island.cc.server_utils.encryption import get_datastore_encryptor
|
||||
from monkey_island.cc.services.config import ConfigService
|
||||
|
||||
|
||||
|
@ -41,7 +41,7 @@ def set_aws_keys(access_key_id: str, secret_access_key: str, session_token: str)
|
|||
|
||||
def _set_aws_key(key_type: str, key_value: str):
|
||||
path_to_keys = AWS_KEYS_PATH
|
||||
encrypted_key = get_encryptor().enc(key_value)
|
||||
encrypted_key = get_datastore_encryptor().enc(key_value)
|
||||
ConfigService.set_config_value(path_to_keys + [key_type], encrypted_key)
|
||||
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
import pytest
|
||||
|
||||
from monkey_island.cc.models.utils.field_encryptors.string_list_encryptor import StringListEncryptor
|
||||
from monkey_island.cc.server_utils.encryption import initialize_encryptor
|
||||
from monkey_island.cc.server_utils.encryption import initialize_datastore_encryptor
|
||||
|
||||
MOCK_STRING_LIST = ["test_1", "test_2"]
|
||||
EMPTY_LIST = []
|
||||
|
@ -9,7 +9,7 @@ EMPTY_LIST = []
|
|||
|
||||
@pytest.fixture
|
||||
def uses_encryptor(data_for_tests_dir):
|
||||
initialize_encryptor(data_for_tests_dir)
|
||||
initialize_datastore_encryptor(data_for_tests_dir)
|
||||
|
||||
|
||||
def test_encryption_and_decryption(uses_encryptor):
|
||||
|
|
|
@ -1,6 +1,9 @@
|
|||
import os
|
||||
|
||||
from monkey_island.cc.server_utils.encryption import get_encryptor, initialize_encryptor
|
||||
from monkey_island.cc.server_utils.encryption import (
|
||||
get_datastore_encryptor,
|
||||
initialize_datastore_encryptor,
|
||||
)
|
||||
|
||||
PASSWORD_FILENAME = "mongo_key.bin"
|
||||
|
||||
|
@ -9,24 +12,24 @@ CYPHERTEXT = "vKgvD6SjRyIh1dh2AM/rnTa0NI/vjfwnbZLbMocWtE4e42WJmSUz2ordtbQrH1Fq"
|
|||
|
||||
|
||||
def test_aes_cbc_encryption(data_for_tests_dir):
|
||||
initialize_encryptor(data_for_tests_dir)
|
||||
initialize_datastore_encryptor(data_for_tests_dir)
|
||||
|
||||
assert get_encryptor().enc(PLAINTEXT) != PLAINTEXT
|
||||
assert get_datastore_encryptor().enc(PLAINTEXT) != PLAINTEXT
|
||||
|
||||
|
||||
def test_aes_cbc_decryption(data_for_tests_dir):
|
||||
initialize_encryptor(data_for_tests_dir)
|
||||
initialize_datastore_encryptor(data_for_tests_dir)
|
||||
|
||||
assert get_encryptor().dec(CYPHERTEXT) == PLAINTEXT
|
||||
assert get_datastore_encryptor().dec(CYPHERTEXT) == PLAINTEXT
|
||||
|
||||
|
||||
def test_aes_cbc_enc_dec(data_for_tests_dir):
|
||||
initialize_encryptor(data_for_tests_dir)
|
||||
initialize_datastore_encryptor(data_for_tests_dir)
|
||||
|
||||
assert get_encryptor().dec(get_encryptor().enc(PLAINTEXT)) == PLAINTEXT
|
||||
assert get_datastore_encryptor().dec(get_datastore_encryptor().enc(PLAINTEXT)) == PLAINTEXT
|
||||
|
||||
|
||||
def test_create_new_password_file(tmpdir):
|
||||
initialize_encryptor(tmpdir)
|
||||
initialize_datastore_encryptor(tmpdir)
|
||||
|
||||
assert os.path.isfile(os.path.join(tmpdir, PASSWORD_FILENAME))
|
||||
|
|
|
@ -5,7 +5,10 @@ import pytest
|
|||
|
||||
from common.config_value_paths import AWS_KEYS_PATH
|
||||
from monkey_island.cc.database import mongo
|
||||
from monkey_island.cc.server_utils.encryption import get_encryptor, initialize_encryptor
|
||||
from monkey_island.cc.server_utils.encryption import (
|
||||
get_datastore_encryptor,
|
||||
initialize_datastore_encryptor,
|
||||
)
|
||||
from monkey_island.cc.services.config import ConfigService
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.scoutsuite_auth_service import (
|
||||
is_aws_keys_setup,
|
||||
|
@ -27,8 +30,8 @@ def test_is_aws_keys_setup(tmp_path):
|
|||
assert not is_aws_keys_setup()
|
||||
|
||||
# Make sure noone changed config path and broke this function
|
||||
initialize_encryptor(tmp_path)
|
||||
bogus_key_value = get_encryptor().enc("bogus_aws_key")
|
||||
initialize_datastore_encryptor(tmp_path)
|
||||
bogus_key_value = get_datastore_encryptor().enc("bogus_aws_key")
|
||||
dpath.util.set(
|
||||
ConfigService.default_config, AWS_KEYS_PATH + ["aws_secret_access_key"], bogus_key_value
|
||||
)
|
||||
|
|
Loading…
Reference in New Issue