p15693087
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

Merge pull request #1288 from guardicore/ransomware-target-dir-validators 

Validate ransomware target directories
This commit is contained in:
Mike Salvatore 2021-07-06 09:50:47 -04:00 committed by GitHub
parent b17b85d7e7 4bec9576aa
commit b1ab2525fd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 54 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
monkey/common/common_consts/validation_formats.py
View File

@ -1,3 +1,5 @@
# Defined in UI on ValidationFormats.js # Defined in UI on ValidationFormats.js
IP_RANGE = "ip-range" IP_RANGE = "ip-range"
IP = "ip" IP = "ip"
VALID_RANSOMWARE_TARGET_PATH_LINUX = "valid-ransomware-target-path-linux"
VALID_RANSOMWARE_TARGET_PATH_WINDOWS = "valid-ransomware-target-path-windows"

7
monkey/monkey_island/cc/services/config_schema/ransomware.py
View File

@ -1,3 +1,8 @@
from common.common_consts.validation_formats import (
VALID_RANSOMWARE_TARGET_PATH_LINUX,
VALID_RANSOMWARE_TARGET_PATH_WINDOWS,
)
RANSOMWARE = { RANSOMWARE = {
"title": "Ransomware", "title": "Ransomware",
"type": "object", "type": "object",
@ -27,6 +32,7 @@ RANSOMWARE = {
"linux_target_dir": { "linux_target_dir": {
"title": "Linux target directory", "title": "Linux target directory",
"type": "string", "type": "string",
"format": VALID_RANSOMWARE_TARGET_PATH_LINUX,
"default": "", "default": "",
"description": "A path to a directory on Linux systems that contains " "description": "A path to a directory on Linux systems that contains "
"files that you will allow Infection Monkey to encrypt. If no " "files that you will allow Infection Monkey to encrypt. If no "
@ -35,6 +41,7 @@ RANSOMWARE = {
"windows_target_dir": { "windows_target_dir": {
"title": "Windows target directory", "title": "Windows target directory",
"type": "string", "type": "string",
"format": VALID_RANSOMWARE_TARGET_PATH_WINDOWS,
"default": "", "default": "",
"description": "A path to a directory on Windows systems that contains " "description": "A path to a directory on Windows systems that contains "
"files that you will allow Infection Monkey to encrypt. If no " "files that you will allow Infection Monkey to encrypt. If no "

8
monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationErrorMessages.js
View File

@ -1,4 +1,6 @@
import {IP, IP_RANGE} from './ValidationFormats'; import {IP, IP_RANGE, VALID_RANSOMWARE_TARGET_PATH_LINUX, VALID_RANSOMWARE_TARGET_PATH_WINDOWS} from './ValidationFormats';
let invalidDirMessage = 'Invalid directory. Path should be absolute or begin with an environment variable.';
export default function transformErrors(errors) { export default function transformErrors(errors) {
return errors.map(error => { return errors.map(error => {
@ -8,6 +10,10 @@ export default function transformErrors(errors) {
error.message = 'Invalid IP range, refer to description for valid examples.' error.message = 'Invalid IP range, refer to description for valid examples.'
} else if (error.name === 'format' && error.params.format === IP) { } else if (error.name === 'format' && error.params.format === IP) {
error.message = 'Invalid IP.' error.message = 'Invalid IP.'
} else if (error.name === 'format' && error.params.format === VALID_RANSOMWARE_TARGET_PATH_LINUX) {
error.message = invalidDirMessage
} else if (error.name === 'format' && error.params.format === VALID_RANSOMWARE_TARGET_PATH_WINDOWS) {
error.message = invalidDirMessage
} }
return error; return error;
}); });

39
monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationFormats.js
View File

@ -2,12 +2,31 @@ const ipRegex = '((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0
const cidrNotationRegex = '([0-9]|1[0-9]|2[0-9]|3[0-2])' const cidrNotationRegex = '([0-9]|1[0-9]|2[0-9]|3[0-2])'
const hostnameRegex = '^([A-Za-z0-9]*[A-Za-z]+[A-Za-z0-9]*.?)*([A-Za-z0-9]*[A-Za-z]+[A-Za-z0-9]*)$' const hostnameRegex = '^([A-Za-z0-9]*[A-Za-z]+[A-Za-z0-9]*.?)*([A-Za-z0-9]*[A-Za-z]+[A-Za-z0-9]*)$'
const linuxAbsolutePathRegex = /^\// // path starts with `/`
const linuxPathStartsWithEnvVariableRegex = /^\$/ // path starts with `$`
const linuxPathStartsWithTildeRegex = /^~/ // path starts with `~`
const windowsAbsolutePathRegex = /^([A-Za-z]:(\\|\/))/ // path starts like `C:\` OR `C:/`
const windowsEnvVarNonNumeric = '[A-Za-z#\\$\'\\(\\)\\*\\+,\\-\\.\\?@\\[\\]_`\\{\\}~ ]'
const windowsPathStartsWithEnvVariableRegex = new RegExp(
`^%(${windowsEnvVarNonNumeric}+(${windowsEnvVarNonNumeric}|\\d)*)%`
) // path starts like `$` OR `%abc%`
const windowsUncPathRegex = /^\\{2}/ // Path starts like `\\`
const emptyRegex = /^$/
export const IP_RANGE = 'ip-range'; export const IP_RANGE = 'ip-range';
export const IP = 'ip'; export const IP = 'ip';
export const VALID_RANSOMWARE_TARGET_PATH_LINUX = 'valid-ransomware-target-path-linux'
export const VALID_RANSOMWARE_TARGET_PATH_WINDOWS = 'valid-ransomware-target-path-windows'
export const formValidationFormats = { export const formValidationFormats = {
[IP_RANGE]: buildIpRangeRegex(), [IP_RANGE]: buildIpRangeRegex(),
[IP]: buildIpRegex() [IP]: buildIpRegex(),
[VALID_RANSOMWARE_TARGET_PATH_LINUX]: buildValidRansomwarePathLinuxRegex(),
[VALID_RANSOMWARE_TARGET_PATH_WINDOWS]: buildValidRansomwarePathWindowsRegex()
}; };
function buildIpRangeRegex(){ function buildIpRangeRegex(){
@ -22,3 +41,21 @@ function buildIpRangeRegex(){
function buildIpRegex(){ function buildIpRegex(){
return new RegExp('^'+ipRegex+'$') return new RegExp('^'+ipRegex+'$')
} }
function buildValidRansomwarePathLinuxRegex() {
return new RegExp([
emptyRegex.source,
linuxAbsolutePathRegex.source,
linuxPathStartsWithEnvVariableRegex.source,
linuxPathStartsWithTildeRegex.source
].join('|'))
}
function buildValidRansomwarePathWindowsRegex() {
return new RegExp([
emptyRegex.source,
windowsAbsolutePathRegex.source,
windowsPathStartsWithEnvVariableRegex.source,
windowsUncPathRegex.source
].join('|'))
}