Add initial implementation of encrypting config and saving it on export

This commit is contained in:
Shreya 2021-05-28 14:38:29 +05:30 committed by VakarisZ
parent 7954dbe1e7
commit 338404799e
3 changed files with 83 additions and 0 deletions

View File

@ -20,6 +20,7 @@ from monkey_island.cc.resources.blackbox.telemetry_blackbox_endpoint import (
)
from monkey_island.cc.resources.bootloader import Bootloader
from monkey_island.cc.resources.client_run import ClientRun
from monkey_island.cc.resources.configuration_export import ConfigurationExport
from monkey_island.cc.resources.edge import Edge
from monkey_island.cc.resources.environment import Environment
from monkey_island.cc.resources.island_configuration import IslandConfiguration
@ -135,6 +136,7 @@ def init_api_resources(api):
)
api.add_resource(MonkeyConfiguration, "/api/configuration", "/api/configuration/")
api.add_resource(IslandConfiguration, "/api/configuration/island", "/api/configuration/island/")
api.add_resource(ConfigurationExport, "/api/configuration/export", "/api/configuration/export/")
api.add_resource(
MonkeyDownload,
"/api/monkey/download",

View File

@ -0,0 +1,42 @@
import json
import os
import flask_restful
from flask import jsonify, request
from monkey_island.cc.resources.auth.auth import jwt_required
from monkey_island.cc.server_utils.consts import DEFAULT_DATA_DIR
from monkey_island.cc.services.config import ConfigService
from monkey_island.cc.services.utils.file_handler import encrypt_file_with_password
class ConfigurationExport(flask_restful.Resource):
@jwt_required
def get(self):
return jsonify(
config_encrypted=self.file_encryption_successful,
plaintext_removed=self.plaintext_file_removal_successful,
)
@jwt_required
def post(self):
data = json.loads(request.data)
config = ConfigService.get_config()
config_filename = "monkey.conf"
plaintext_config_path = os.path.join(DEFAULT_DATA_DIR, config_filename)
with open(plaintext_config_path) as file:
json.dump(config, file)
self.file_encryption_successful = self.plaintext_file_removal_successful = False
if "password" in data:
encrypted_config_path = os.path.join(DEFAULT_DATA_DIR, f"encrypted_{config_filename}")
(
self.file_encryption_successful,
self.plaintext_file_removal_successful,
) = encrypt_file_with_password(
plaintext_config_path, encrypted_config_path, data["password"]
)
return self.get()

View File

@ -0,0 +1,39 @@
import logging
import os
from typing import Optional, Tuple
import pyAesCrypt
logger = logging.getLogger(__name__)
def encrypt_file_with_password(
plaintext_file_path: str,
encrypted_file_path: str,
password: str,
should_remove_plaintext_file: bool = True,
) -> Tuple[bool, Optional[bool]]:
file_encryption_successful = False
try:
pyAesCrypt.encryptFile(plaintext_file_path, encrypted_file_path, password)
file_encryption_successful = True
except Exception as ex:
logger.error(f"Could not encrypt config file: {str(ex)}")
plaintext_file_removal_successful = False
if file_encryption_successful and should_remove_plaintext_file:
plaintext_file_removal_successful = remove_file(plaintext_file_path)
return file_encryption_successful, plaintext_file_removal_successful
def remove_file(path: str) -> bool:
file_removal_successful = False
try:
os.remove_file(path)
file_removal_successful = True
except Exception as ex:
logger.error(f"Could not remove plaintext file: {str(ex)}")
return file_removal_successful