Agent: Fix edge case handling in auth_options._get_ssl()

If the host has neither the HTTP or HTTPS port enabled, return False.

monkey/infection_monkey/exploit/powershell_utils/auth_options.py

@@ -26,17 +26,18 @@ def get_auth_options(credentials: Credentials, host: VictimHost) -> AuthOptions:
 
 
 def _get_ssl(credentials: Credentials, host: VictimHost) -> bool:
-    # Check if default PSRemoting ports are open. Prefer with SSL, if both are.
-    if "tcp-5986" in host.services:  # Default for HTTPS
-        use_ssl = True
-    elif "tcp-5985" in host.services:  # Default for HTTP
-        use_ssl = False
-
     # Passwordless login only works with SSL false, AUTH_BASIC and ENCRYPTION_NEVER
     if credentials.secret == "":
-        use_ssl = False
+        return False
 
-    return use_ssl
+    # Check if default PSRemoting ports are open. Prefer with SSL, if both are.
+    if "tcp-5986" in host.services:  # Default for HTTPS
+        return True
+
+    if "tcp-5985" in host.services:  # Default for HTTP
+        return False
+
+    return False
 
 
 def _get_auth_type(credentials: Credentials):

monkey/tests/unit_tests/infection_monkey/exploit/powershell_utils/test_auth_options.py

@@ -53,6 +53,11 @@ def powershell_disabled_host():
     return _create_host(False, False)
 
 
+def test_get_auth_options__ssl_false_with_no_open_ports(powershell_disabled_host):
+    auth_options = get_auth_options(CREDENTIALS_WITH_PASSWORD, powershell_disabled_host)
+    assert auth_options.ssl is False
+
+
 def test_get_auth_options__ssl_true_with_password(https_only_host):
     auth_options = get_auth_options(CREDENTIALS_WITH_PASSWORD, https_only_host)