Fix horrid encryption bug where monkeys would not receive new credentials.

Note the change in config.py is not optimal but should be fixed as part of another PR
2018-03-27 12:51:05 +03:00 · 2018-03-27 12:51:05 +03:00 · b06d92331d
parent 9b44fc8b98
commit b06d92331d
2 changed files with 17 additions and 1 deletions
--- a/monkey_island/cc/resources/monkey.py
+++ b/monkey_island/cc/resources/monkey.py
@ -24,6 +24,7 @@ class Monkey(flask_restful.Resource):

        if guid:
            monkey_json = mongo.db.monkey.find_one_or_404({"guid": guid})
+            monkey_json['config'] = ConfigService.decrypt_flat_config(monkey_json['config'])
            return monkey_json

        return {}
@ -65,7 +66,8 @@ class Monkey(flask_restful.Resource):
        # if new monkey telem, change config according to "new monkeys" config.
        db_monkey = mongo.db.monkey.find_one({"guid": monkey_json["guid"]})
        if not db_monkey:
-            new_config = ConfigService.get_flat_config(False, True)
+            # we pull it encrypted because we then decrypt it for the monkey in get
+            new_config = ConfigService.get_flat_config(False, False)
            monkey_json['config'] = monkey_json.get('config', {})
            monkey_json['config'].update(new_config)
        else:
--- a/monkey_island/cc/services/config.py
+++ b/monkey_island/cc/services/config.py
@ -1,4 +1,5 @@
 import copy
+import collections
 import functools
 from jsonschema import Draft4Validator, validators

@ -985,6 +986,19 @@ class ConfigService:
    def encrypt_config(config):
        ConfigService._encrypt_or_decrypt_config(config, False)

+    @staticmethod
+    def decrypt_flat_config(flat_config):
+        """
+        Same as decrypt_config but for a flat configuration
+        """
+        keys = [config_arr_as_array[2] for config_arr_as_array in ENCRYPTED_CONFIG_ARRAYS]
+        for key in keys:
+            if isinstance(flat_config[key], collections.Sequence) and not isinstance(flat_config[key], basestring):
+                flat_config[key] = [encryptor.dec(item) for item in flat_config[key]]
+            else:
+                flat_config[key] = encryptor.dec(flat_config[key])
+        return flat_config
+
    @staticmethod
    def _encrypt_or_decrypt_config(config, is_decrypt=False):
        for config_arr_as_array in ENCRYPTED_CONFIG_ARRAYS: