p15693087
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

Secure all endpoints

This commit is contained in:
Itay Mizeretz 2018-02-22 16:21:03 +02:00
parent 9e169980e3
commit 9bb7148f50
9 changed files with 28 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
monkey_island/cc/resources/monkey.py
View File

@ -15,23 +15,20 @@ __author__ = 'Barak'
class Monkey(flask_restful.Resource):
# Used by monkey. can't secure.
def get(self, guid=None, **kw):
NodeService.update_dead_monkeys() # refresh monkeys status
if not guid:
guid = request.args.get('guid')
timestamp = request.args.get('timestamp')
if guid:
monkey_json = mongo.db.monkey.find_one_or_404({"guid": guid})
return monkey_json
else:
result = {'timestamp': datetime.now().isoformat()}
find_filter = {}
if timestamp is not None:
find_filter['modifytime'] = {'$gt': dateutil.parser.parse(timestamp)}
result['objects'] = [x for x in mongo.db.monkey.find(find_filter)]
return result
return {}
# Used by monkey. can't secure.
def patch(self, guid):
monkey_json = json.loads(request.data)
update = {"$set": {'modifytime': datetime.now()}}
@ -51,6 +48,7 @@ class Monkey(flask_restful.Resource):
return mongo.db.monkey.update({"_id": monkey["_id"]}, update, upsert=False)
# Used by monkey. can't secure.
def post(self, **kw):
monkey_json = json.loads(request.data)
monkey_json['creds'] = []

7
monkey_island/cc/resources/monkey_configuration.py
View File

@ -1,18 +1,20 @@
import json
from flask import request, jsonify
import flask_restful
from flask import request, jsonify
from cc.database import mongo
from cc.auth import jwt_required
from cc.services.config import ConfigService
__author__ = 'Barak'
class MonkeyConfiguration(flask_restful.Resource):
@jwt_required()
def get(self):
return jsonify(schema=ConfigService.get_config_schema(), configuration=ConfigService.get_config())
@jwt_required()
def post(self):
config_json = json.loads(request.data)
if config_json.has_key('reset'):
@ -20,4 +22,3 @@ class MonkeyConfiguration(flask_restful.Resource):
else:
ConfigService.update_config(config_json)
return self.get()

3
monkey_island/cc/resources/monkey_download.py
View File

@ -47,9 +47,12 @@ def get_monkey_executable(host_os, machine):
class MonkeyDownload(flask_restful.Resource):
# Used by monkey. can't secure.
def get(self, path):
return send_from_directory('binaries', path)
# Used by monkey. can't secure.
def post(self):
host_json = json.loads(request.data)
host_os = host_json.get('os')

2
monkey_island/cc/resources/netmap.py
View File

@ -1,5 +1,6 @@
import flask_restful
from cc.auth import jwt_required
from cc.services.edge import EdgeService
from cc.services.node import NodeService
from cc.database import mongo
@ -8,6 +9,7 @@ __author__ = 'Barak'
class NetMap(flask_restful.Resource):
@jwt_required()
def get(self, **kw):
monkeys = [NodeService.monkey_to_net_node(x) for x in mongo.db.monkey.find({})]
nodes = [NodeService.node_to_net_node(x) for x in mongo.db.node.find({})]

2
monkey_island/cc/resources/node.py
View File

@ -1,12 +1,14 @@
from flask import request
import flask_restful
from cc.auth import jwt_required
from cc.services.node import NodeService
__author__ = 'Barak'
class Node(flask_restful.Resource):
@jwt_required()
def get(self):
node_id = request.args.get('id')
if node_id:

3
monkey_island/cc/resources/report.py
View File

@ -1,10 +1,13 @@
import flask_restful
from cc.auth import jwt_required
from cc.services.report import ReportService
__author__ = "itay.mizeretz"
class Report(flask_restful.Resource):
@jwt_required()
def get(self):
return ReportService.get_report()

3
monkey_island/cc/resources/root.py
View File

@ -3,6 +3,7 @@ from datetime import datetime
import flask_restful
from flask import request, make_response, jsonify
from cc.auth import jwt_required
from cc.database import mongo
from cc.services.config import ConfigService
from cc.services.node import NodeService
@ -13,6 +14,8 @@ __author__ = 'Barak'
class Root(flask_restful.Resource):
@jwt_required()
def get(self, action=None):
if not action:
action = request.args.get('action')

3
monkey_island/cc/resources/telemetry.py
View File

@ -7,6 +7,7 @@ import dateutil
import flask_restful
from flask import request
from cc.auth import jwt_required
from cc.database import mongo
from cc.services.config import ConfigService
from cc.services.edge import EdgeService
@ -16,6 +17,7 @@ __author__ = 'Barak'
class Telemetry(flask_restful.Resource):
@jwt_required()
def get(self, **kw):
monkey_guid = request.args.get('monkey_guid')
telem_type = request.args.get('telem_type')
@ -36,6 +38,7 @@ class Telemetry(flask_restful.Resource):
result['objects'] = self.telemetry_to_displayed_telemetry(mongo.db.telemetry.find(find_filter))
return result
# Used by monkey. can't secure.
def post(self):
telemetry_json = json.loads(request.data)
telemetry_json['timestamp'] = datetime.now()

2
monkey_island/cc/resources/telemetry_feed.py
View File

@ -5,6 +5,7 @@ import flask_restful
from flask import request
import flask_pymongo
from cc.auth import jwt_required
from cc.database import mongo
from cc.services.node import NodeService
@ -12,6 +13,7 @@ __author__ = 'itay.mizeretz'
class TelemetryFeed(flask_restful.Resource):
@jwt_required()
def get(self, **kw):
timestamp = request.args.get('timestamp')
if "null" == timestamp or timestamp is None: # special case to avoid ugly JS code...