From 6307acb11bbab47dc1508bc0b55f88e82e766357 Mon Sep 17 00:00:00 2001 From: Shreya Malviya Date: Wed, 27 Jul 2022 17:40:24 +0530 Subject: [PATCH 1/5] Common: Add docstring to ExploitationOptionsConfiguration dataclass --- .../common/agent_configuration/agent_sub_configurations.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/monkey/common/agent_configuration/agent_sub_configurations.py b/monkey/common/agent_configuration/agent_sub_configurations.py index ab05a55cc..b61717cb0 100644 --- a/monkey/common/agent_configuration/agent_sub_configurations.py +++ b/monkey/common/agent_configuration/agent_sub_configurations.py @@ -106,6 +106,13 @@ class NetworkScanConfiguration: @dataclass(frozen=True) class ExploitationOptionsConfiguration: + """ + A configuration for exploitation options + + Attributes: + :param http_ports: HTTP ports to scan + """ + http_ports: Tuple[int, ...] From 20ab2c3ecaa635787ff2b5608d00bb16cbf7bf71 Mon Sep 17 00:00:00 2001 From: Shreya Malviya Date: Wed, 27 Jul 2022 17:44:19 +0530 Subject: [PATCH 2/5] Common: Add port number validation to ExploitationOptionsConfigurationSchema --- .../agent_configuration/agent_sub_configuration_schemas.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/monkey/common/agent_configuration/agent_sub_configuration_schemas.py b/monkey/common/agent_configuration/agent_sub_configuration_schemas.py index 15fdd6ba9..81dc6f53b 100644 --- a/monkey/common/agent_configuration/agent_sub_configuration_schemas.py +++ b/monkey/common/agent_configuration/agent_sub_configuration_schemas.py @@ -115,7 +115,7 @@ class NetworkScanConfigurationSchema(Schema): class ExploitationOptionsConfigurationSchema(Schema): - http_ports = fields.List(fields.Int()) + http_ports = fields.List(fields.Int(validate=validate.Range(min=0, max=65535))) @post_load @freeze_lists From 95a6c143346399044cdbbab58b1ba74377bdb48b Mon Sep 17 00:00:00 2001 From: Shreya Malviya Date: Wed, 27 Jul 2022 17:48:36 +0530 Subject: [PATCH 3/5] UT: Add test for ExploitationOptionsConfigurationSchema port validation --- .../common/configuration/test_agent_configuration.py | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/monkey/tests/unit_tests/common/configuration/test_agent_configuration.py b/monkey/tests/unit_tests/common/configuration/test_agent_configuration.py index 95539b9c7..9b2f1ba47 100644 --- a/monkey/tests/unit_tests/common/configuration/test_agent_configuration.py +++ b/monkey/tests/unit_tests/common/configuration/test_agent_configuration.py @@ -191,6 +191,16 @@ def test_exploitation_options_configuration_schema(): assert config.http_ports == tuple(ports) +@pytest.mark.parametrize("ports", [[-1, 1, 2], [1, 2, 99999]]) +def test_exploitation_options_configuration_schema__ports_out_of_range(ports): + schema = ExploitationOptionsConfigurationSchema() + + invalid_ports_configuration = {"http_ports": ports} + + with pytest.raises(ValidationError): + schema.load(invalid_ports_configuration) + + def test_exploiter_configuration_schema(): name = "bond" options = {"gun": "Walther PPK", "car": "Aston Martin DB5"} From ba1115cf79e5ff7d43f9c64654ae6fd8591ad6ca Mon Sep 17 00:00:00 2001 From: Shreya Malviya Date: Wed, 27 Jul 2022 17:52:01 +0530 Subject: [PATCH 4/5] UT: Extract invalid ports to a variable in test_agent_configuration.py --- .../common/configuration/test_agent_configuration.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/monkey/tests/unit_tests/common/configuration/test_agent_configuration.py b/monkey/tests/unit_tests/common/configuration/test_agent_configuration.py index 9b2f1ba47..ec1f884e1 100644 --- a/monkey/tests/unit_tests/common/configuration/test_agent_configuration.py +++ b/monkey/tests/unit_tests/common/configuration/test_agent_configuration.py @@ -48,6 +48,8 @@ from common.agent_configuration.agent_sub_configurations import ( PropagationConfiguration, ) +INVALID_PORTS = [[-1, 1, 2], [1, 2, 99999]] + def test_build_plugin_configuration(): schema = PluginConfigurationSchema() @@ -145,7 +147,7 @@ def test_tcp_scan_configuration_schema(): assert config.ports == tuple(PORTS) -@pytest.mark.parametrize("ports", [[-1, 1, 2], [1, 2, 99999]]) +@pytest.mark.parametrize("ports", INVALID_PORTS) def test_tcp_scan_configuration_schema__ports_out_of_range(ports): schema = TCPScanConfigurationSchema() @@ -191,7 +193,7 @@ def test_exploitation_options_configuration_schema(): assert config.http_ports == tuple(ports) -@pytest.mark.parametrize("ports", [[-1, 1, 2], [1, 2, 99999]]) +@pytest.mark.parametrize("ports", INVALID_PORTS) def test_exploitation_options_configuration_schema__ports_out_of_range(ports): schema = ExploitationOptionsConfigurationSchema() From 339b3a2232dc65d75f69f054c15870e2979cfdf6 Mon Sep 17 00:00:00 2001 From: Shreya Malviya Date: Wed, 27 Jul 2022 18:05:20 +0530 Subject: [PATCH 5/5] Common: Reword ExploitationOptionsConfiguration docstring Co-authored-by: Mike Salvatore --- monkey/common/agent_configuration/agent_sub_configurations.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/monkey/common/agent_configuration/agent_sub_configurations.py b/monkey/common/agent_configuration/agent_sub_configurations.py index b61717cb0..16d3d23cf 100644 --- a/monkey/common/agent_configuration/agent_sub_configurations.py +++ b/monkey/common/agent_configuration/agent_sub_configurations.py @@ -110,7 +110,7 @@ class ExploitationOptionsConfiguration: A configuration for exploitation options Attributes: - :param http_ports: HTTP ports to scan + :param http_ports: HTTP ports to exploit """ http_ports: Tuple[int, ...]