p15670423
/
monkey
1
0
Fork 5
Code Issues Pull Requests 3 Projects Releases Wiki Activity
5,566 Commits 31 Branches 20 Tags 48 MiB
Commit Graph

5566 Commits

Author SHA1 Message Date
Mike Salvatore b1ab2525fd
Merge pull request #1288 from guardicore/ransomware-target-dir-validators 
Validate ransomware target directories
 2021-07-06 09:50:47 -04:00
Mike Salvatore 4bec9576aa Island: Remove extra + from windows environment variable regex 2021-07-06 09:38:32 -04:00
Mike Salvatore 638db3d7e0 Island: Escape '-' character in environment variable regex 
Co-authored-by: Shreya Malviya <shreya.malviya@gmail.com>
 2021-07-06 09:38:32 -04:00
Mike Salvatore d2dda4519f Island: Allow Windows ransomware target paths to be UNC paths 2021-07-06 09:38:32 -04:00
Mike Salvatore 9d4ee88e09 Island: Do not allow Windows ransomware target paths beginning with "$" 
As far as I can tell, environment variables in Windows look like %NAME%.
Variables in powershell begin with $, but file explorer doesn't
recognize paths beginning with $ as valid.
 2021-07-06 09:38:32 -04:00
Mike Salvatore df6082b50a Island: Refactor linux/windows ransomware path regexes 
Refactored because the escape characters were cumbersome and difficult
to read when regexes were defined as strings. Also allow special
characters in Windows environment variable names as per
https://ss64.com/nt/syntax-variables.html
 2021-07-06 09:38:32 -04:00
Shreya dc305d8e16 cc: Add validation format (starts wih `~`) for ransomware linux target directory 2021-07-06 09:38:32 -04:00
Mike Salvatore b17b85d7e7
Merge pull request #1299 from guardicore/delimiter-windows-certificate 
island: Add delimiter to windows create_certificate
 2021-07-06 09:23:30 -04:00
Mike Salvatore 0fd88b8097 Merge pull request #1297 from guardicore/ransomware-report-api-endpoint 2021-07-06 09:22:11 -04:00
Mike Salvatore 832704dd1c
Merge pull request #1298 from guardicore/gevent-ssl-traceback 
Gevent ssl traceback
 2021-07-06 09:19:44 -04:00
Mike Salvatore 96fc33025e Island: Redirect gevent tracebacks to file and log exceptions 
By default, gevent prints exceptions and tracebacks to stderr. This is
obnoxious as it results in large tracebacks intermixed with the output
that the logger prints to the console. This commit redirects this data
to {DATA_DIR}/gevent_exceptions.log. Unfortunately, this would mean that
the user might be left without any indication these exceptions had
occurred, unless they take the time to inspect the
gevent_exceptions.log. Therefore, when an excepion occurs, a message
with just the exception (not the traceback) is logged to WARNING.

Fixes #859
 2021-07-06 08:39:30 -04:00
Shreya c78c955551 CHANGELOG: Add ransomware report API endpoint 2021-07-06 16:16:35 +05:30
Shreya 6d32f85120 island: Remove responsibility to decide whether the report should be displayed, from the backend 2021-07-06 16:14:22 +05:30
Ilija Lazoroski 695e266943 island: Add delimiter to windows create_certificate 2021-07-06 12:43:32 +02:00
Mike Salvatore 524fd0f55e
Merge pull request #1248 from guardicore/string-templating-dropper-upgrader 
Added string templating functions for infection monkey dropper.
 2021-07-05 19:27:11 -04:00
Mike Salvatore ebbdbc8dcb Island: Add GeventHubErrorHandler to log gevent exceptions 2021-07-05 12:26:40 -04:00
Mike Salvatore f86ff4fbd7 Island: Set log and error_log parameters on WSGIServer constructor 
Provides WSGIServer with a logger for INFO log messages and ERROR log
messages.

https://www.gevent.org/api/gevent.pywsgi.html#gevent.pywsgi.WSGIServer
 2021-07-05 12:26:37 -04:00
Mike Salvatore 19e9fe5fb9 appimage: Upgrade python version to 3.7.11 2021-07-05 08:29:01 -04:00
Mike Salvatore b4b690491e Update changelog 2021-07-05 08:18:14 -04:00
Mike Salvatore 94bf91c447
Merge pull request #1286 from guardicore/ransomware-config-ui-description 
Ransomware config UI description
 2021-07-05 07:30:47 -04:00
Shreya 7b167ba0c4 island: Add API endpoint for ransomware report 2021-07-05 16:17:40 +05:30
Mike Salvatore 01b9c41c6e Remove mock_home_env() from vulture_allowlist.py 2021-07-02 18:59:24 -04:00
Mike Salvatore f4102aaa3a Remove unused mock_home_env() pytest fixture 
This was replaced with patched_home_env() but never removed.
 2021-07-02 09:31:45 -04:00
Shreya 3496c717a9 cc, common: Split ransomware dir path validator regex expressions and rename related stuff to accurately describe it 2021-07-02 16:39:03 +05:30
Shreya 54072b6632 cc: Make whitespace-only a valid input for ransomware target directory paths 2021-07-02 16:09:50 +05:30
Shreya 1768c0cdf6 cc: Fix regex bug when validating ransomware target directories 2021-07-02 16:04:46 +05:30
Shreya 3d48a11fc2 cc: Add regex validators for ransomware directory path validation 2021-07-01 13:32:10 +05:30
Shreya 8af93c4304 cc: Add ransomware directory path validation error messages 2021-07-01 13:31:39 +05:30
Shreya 73c61ebcf0 island: Add ransomware directory path validators to ransomware schema 2021-07-01 13:31:10 +05:30
Shreya 0a1782a928 common: Add validator constants for valid ransomware directory paths 2021-07-01 13:30:55 +05:30
Mike Salvatore e1263ec753 Island: Add a ransomware description to the ransomware config_schema 2021-06-30 14:10:15 -04:00
Mike Salvatore 938022fc52 Island: Allow HTML in config_schema descriptions to be renedered 2021-06-30 14:09:26 -04:00
Mike Salvatore f698c889e3 Docs: Move ransomware from References to Use Cases 2021-06-30 11:40:06 -04:00
Mike Salvatore b19044e4e8 Docs: Fix "The Infection Monkey" consistency in ransomware.md 2021-06-30 11:37:32 -04:00
Mike Salvatore f023399a36
Merge pull request #1285 from guardicore/ransomware_dir_hide_ui 
Ransomware: hide directory fields if encryption is disabled
 2021-06-30 10:46:13 -04:00
Mike Salvatore 8735724c90
Merge pull request #1283 from guardicore/config-log-formatting 
Agent: Format config log messages so they are readable
 2021-06-30 10:19:05 -04:00
Mike Salvatore bfa6bcaeb2 Island: Reword descriptions in ransomware config schema 2021-06-30 10:10:44 -04:00
Mike Salvatore adc7996ab8 Docs: Rework ransomware documentation 2021-06-30 10:10:04 -04:00
Mike Salvatore dcffe2a850
Merge pull request #1284 from guardicore/ransomware-targeted-files 
Ransomware targeted files
 2021-06-30 09:51:43 -04:00
VakarisZ 16f97f2811 Hide the input fields for directories to be encrypted if "Should encrypt" option is disabled 
This change will enhance the UX by hiding the irrelevant inputs. This also allows us to add further logic to dynamically hide/show or otherwise modify uiSchema
 2021-06-30 16:05:32 +03:00
VakarisZ 889df554ae Refactor form data in ConfigurePage.js to be held in state 
This change will allow dynamically modifying other state parameters and re-rendering on form data change
 2021-06-30 15:58:30 +03:00
VakarisZ a82850cb64 Add ransomware directories property to UISchema object 
This addition is required to manipulate the UI components in ransomware configuration UI without the need to create object's properties. Otherwise we'd have to create ransomware.encryption.directories in UI schema using code.
 2021-06-30 15:58:30 +03:00
Mike Salvatore ebab7be32b Docs: Improve language regarding ransomware targeted file extensions 2021-06-30 08:41:26 -04:00
Mike Salvatore 2427393e4a Agent: Rename VALID_FILE_EXTENSIONS_FOR_ENCRYPTION 2021-06-30 08:41:00 -04:00
Mike Salvatore f3e797694b Agent: Format config log messages so they are readable 2021-06-30 08:07:11 -04:00
Mike Salvatore 3fb8c06102
Merge pull request #1280 from guardicore/ransomware-encryption-bool 
Add encryption checkbox to ransomware config page
 2021-06-30 07:46:22 -04:00
Mike Salvatore 169bb34106 Agent: Simplify and improve logging in RansomwarePayload 2021-06-30 07:43:18 -04:00
Mike Salvatore 946641f9a2 Rename {windows,linux}_dir to *_target_dir for consistency 2021-06-30 07:29:53 -04:00
Mike Salvatore 9a58d5bc7a Island: Reword ransomware target directory descriptions 2021-06-30 07:24:37 -04:00
Mike Salvatore 771aa747a8 Agent: encryption_enabled renamed using "private" naming convention 2021-06-30 06:53:27 -04:00