Merge pull request #1288 from guardicore/ransomware-target-dir-validators

Validate ransomware target directories
2021-07-06 09:50:47 -04:00 · 2021-07-06 09:50:47 -04:00 · b1ab2525fd
parent b17b85d7e7 4bec9576aa
commit b1ab2525fd
4 changed files with 54 additions and 2 deletions
--- a/monkey/common/common_consts/validation_formats.py
+++ b/monkey/common/common_consts/validation_formats.py
@ -1,3 +1,5 @@
 # Defined in UI on ValidationFormats.js
 IP_RANGE = "ip-range"
 IP = "ip"
+VALID_RANSOMWARE_TARGET_PATH_LINUX = "valid-ransomware-target-path-linux"
+VALID_RANSOMWARE_TARGET_PATH_WINDOWS = "valid-ransomware-target-path-windows"
--- a/monkey/monkey_island/cc/services/config_schema/ransomware.py
+++ b/monkey/monkey_island/cc/services/config_schema/ransomware.py
@ -1,3 +1,8 @@
+from common.common_consts.validation_formats import (
+    VALID_RANSOMWARE_TARGET_PATH_LINUX,
+    VALID_RANSOMWARE_TARGET_PATH_WINDOWS,
+)
+
 RANSOMWARE = {
    "title": "Ransomware",
    "type": "object",
@ -27,6 +32,7 @@ RANSOMWARE = {
                        "linux_target_dir": {
                            "title": "Linux target directory",
                            "type": "string",
+                            "format": VALID_RANSOMWARE_TARGET_PATH_LINUX,
                            "default": "",
                            "description": "A path to a directory on Linux systems that contains "
                            "files that you will allow Infection Monkey to encrypt. If no "
@ -35,6 +41,7 @@ RANSOMWARE = {
                        "windows_target_dir": {
                            "title": "Windows target directory",
                            "type": "string",
+                            "format": VALID_RANSOMWARE_TARGET_PATH_WINDOWS,
                            "default": "",
                            "description": "A path to a directory on Windows systems that contains "
                            "files that you will allow Infection Monkey to encrypt. If no "
--- a/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationErrorMessages.js
+++ b/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationErrorMessages.js
@ -1,4 +1,6 @@
-import {IP, IP_RANGE} from './ValidationFormats';
+import {IP, IP_RANGE, VALID_RANSOMWARE_TARGET_PATH_LINUX, VALID_RANSOMWARE_TARGET_PATH_WINDOWS} from './ValidationFormats';
+
+let invalidDirMessage = 'Invalid directory. Path should be absolute or begin with an environment variable.';

 export default function transformErrors(errors) {
  return errors.map(error => {
@ -8,6 +10,10 @@ export default function transformErrors(errors) {
      error.message = 'Invalid IP range, refer to description for valid examples.'
    } else if (error.name === 'format' && error.params.format === IP) {
      error.message = 'Invalid IP.'
+    } else if (error.name === 'format' && error.params.format === VALID_RANSOMWARE_TARGET_PATH_LINUX) {
+      error.message = invalidDirMessage
+    } else if (error.name === 'format' && error.params.format === VALID_RANSOMWARE_TARGET_PATH_WINDOWS) {
+      error.message = invalidDirMessage
    }
    return error;
  });
--- a/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationFormats.js
+++ b/monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationFormats.js
@ -2,12 +2,31 @@ const ipRegex = '((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0
 const cidrNotationRegex = '([0-9]|1[0-9]|2[0-9]|3[0-2])'
 const hostnameRegex = '^([A-Za-z0-9]*[A-Za-z]+[A-Za-z0-9]*.?)*([A-Za-z0-9]*[A-Za-z]+[A-Za-z0-9]*)$'

+
+const linuxAbsolutePathRegex = /^\// // path starts with `/`
+const linuxPathStartsWithEnvVariableRegex = /^\$/ // path starts with `$`
+const linuxPathStartsWithTildeRegex = /^~/ // path starts with `~`
+
+
+const windowsAbsolutePathRegex = /^([A-Za-z]:(\\|\/))/ // path starts like `C:\` OR `C:/`
+const windowsEnvVarNonNumeric = '[A-Za-z#\\$\'\\(\\)\\*\\+,\\-\\.\\?@\\[\\]_`\\{\\}~ ]'
+const windowsPathStartsWithEnvVariableRegex = new RegExp(
+	`^%(${windowsEnvVarNonNumeric}+(${windowsEnvVarNonNumeric}|\\d)*)%`
+) // path starts like `$` OR `%abc%`
+const windowsUncPathRegex = /^\\{2}/ // Path starts like `\\`
+const emptyRegex = /^$/
+
+
 export const IP_RANGE = 'ip-range';
 export const IP = 'ip';
+export const VALID_RANSOMWARE_TARGET_PATH_LINUX = 'valid-ransomware-target-path-linux'
+export const VALID_RANSOMWARE_TARGET_PATH_WINDOWS = 'valid-ransomware-target-path-windows'

 export const formValidationFormats = {
  [IP_RANGE]: buildIpRangeRegex(),
-  [IP]: buildIpRegex()
+  [IP]: buildIpRegex(),
+  [VALID_RANSOMWARE_TARGET_PATH_LINUX]: buildValidRansomwarePathLinuxRegex(),
+  [VALID_RANSOMWARE_TARGET_PATH_WINDOWS]: buildValidRansomwarePathWindowsRegex()
 };

 function buildIpRangeRegex(){
@ -22,3 +41,21 @@ function buildIpRangeRegex(){
 function buildIpRegex(){
  return new RegExp('^'+ipRegex+'$')
 }
+
+function buildValidRansomwarePathLinuxRegex() {
+  return new RegExp([
+		emptyRegex.source,
+    linuxAbsolutePathRegex.source,
+    linuxPathStartsWithEnvVariableRegex.source,
+    linuxPathStartsWithTildeRegex.source
+  ].join('|'))
+}
+
+function buildValidRansomwarePathWindowsRegex() {
+  return new RegExp([
+		emptyRegex.source,
+    windowsAbsolutePathRegex.source,
+    windowsPathStartsWithEnvVariableRegex.source,
+    windowsUncPathRegex.source
+  ].join('|'))
+}