From b06d92331da4d96e3a168631289076c1dea704a4 Mon Sep 17 00:00:00 2001 From: Daniel Goldberg Date: Tue, 27 Mar 2018 12:51:05 +0300 Subject: [PATCH] Fix horrid encryption bug where monkeys would not receive new credentials. Note the change in config.py is not optimal but should be fixed as part of another PR --- monkey_island/cc/resources/monkey.py | 4 +++- monkey_island/cc/services/config.py | 14 ++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/monkey_island/cc/resources/monkey.py b/monkey_island/cc/resources/monkey.py index 997e2a72e..80dd14604 100644 --- a/monkey_island/cc/resources/monkey.py +++ b/monkey_island/cc/resources/monkey.py @@ -24,6 +24,7 @@ class Monkey(flask_restful.Resource): if guid: monkey_json = mongo.db.monkey.find_one_or_404({"guid": guid}) + monkey_json['config'] = ConfigService.decrypt_flat_config(monkey_json['config']) return monkey_json return {} @@ -65,7 +66,8 @@ class Monkey(flask_restful.Resource): # if new monkey telem, change config according to "new monkeys" config. db_monkey = mongo.db.monkey.find_one({"guid": monkey_json["guid"]}) if not db_monkey: - new_config = ConfigService.get_flat_config(False, True) + # we pull it encrypted because we then decrypt it for the monkey in get + new_config = ConfigService.get_flat_config(False, False) monkey_json['config'] = monkey_json.get('config', {}) monkey_json['config'].update(new_config) else: diff --git a/monkey_island/cc/services/config.py b/monkey_island/cc/services/config.py index 75c3f058f..1b4756ea9 100644 --- a/monkey_island/cc/services/config.py +++ b/monkey_island/cc/services/config.py @@ -1,4 +1,5 @@ import copy +import collections import functools from jsonschema import Draft4Validator, validators @@ -985,6 +986,19 @@ class ConfigService: def encrypt_config(config): ConfigService._encrypt_or_decrypt_config(config, False) + @staticmethod + def decrypt_flat_config(flat_config): + """ + Same as decrypt_config but for a flat configuration + """ + keys = [config_arr_as_array[2] for config_arr_as_array in ENCRYPTED_CONFIG_ARRAYS] + for key in keys: + if isinstance(flat_config[key], collections.Sequence) and not isinstance(flat_config[key], basestring): + flat_config[key] = [encryptor.dec(item) for item in flat_config[key]] + else: + flat_config[key] = encryptor.dec(flat_config[key]) + return flat_config + @staticmethod def _encrypt_or_decrypt_config(config, is_decrypt=False): for config_arr_as_array in ENCRYPTED_CONFIG_ARRAYS: