p15693087
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

Add exception handling for config decryption

This commit is contained in:
Shreya 2021-06-01 15:45:20 +05:30 committed by VakarisZ
parent d67e84a6a7
commit b9fb4c6902
3 changed files with 40 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
monkey/common/utils/exceptions.py
View File

@ -55,12 +55,16 @@ class DomainControllerNameFetchError(FailedExploitationError):
class InvalidCredentialsError(Exception):
""" Raise when credentials supplied are invalid"""
""" Raise when credentials supplied are invalid """
class NoCredentialsError(Exception):
""" Raise when no credentials have been supplied"""
""" Raise when no credentials have been supplied """
class InvalidConfigurationError(Exception):
""" Raise when configuration is invalid """
class FailedDecryption(Exception):
""" Raise when any kind of decryption fails """

29
monkey/monkey_island/cc/resources/temp_configuration.py
View File

@ -6,10 +6,12 @@ from flask import request
from common.utils.exceptions import (
InvalidConfigurationError,
InvalidCredentialsError,
# InvalidCredentialsError,
NoCredentialsError,
FailedDecryption,
)
from monkey_island.cc.resources.auth.auth import jwt_required
from monkey_island.cc.services.utils.config_encryption import decrypt_config
@dataclass
@ -30,12 +32,19 @@ class TempConfiguration(flask_restful.Resource):
def post(self):
request_contents = json.loads(request.data)
try:
self.decrypt(request_contents["password"])
decrypt_config(request_contents["encrypted_config"], request_contents["password"])
self.import_config()
return ResponseContents().form_response()
except InvalidCredentialsError:
# except InvalidCredentialsError:
# return ResponseContents(
# import_status="wrong_password", message="Wrong password supplied", status_code=403
# ).form_response()
except FailedDecryption as ex:
return ResponseContents(
import_status="wrong_password", message="Wrong password supplied", status_code=403
import_status="decryption_failure",
message="Decryptioon of configuration failed. Error thrown during decryption: "
+ f"{str(ex)}",
status_code=403,
).form_response()
except InvalidConfigurationError:
return ResponseContents(
@ -52,12 +61,12 @@ class TempConfiguration(flask_restful.Resource):
status_code=403,
).form_response()
def decrypt(self, password=""):
if not password:
raise NoCredentialsError
if not password == "abc":
raise InvalidCredentialsError
return False
# def decrypt(self, password=""):
# if not password:
# raise NoCredentialsError
# if not password == "abc":
# raise InvalidCredentialsError
# return False
def import_config(self):
return True

22
monkey/monkey_island/cc/services/utils/config_encryption.py
View File

@ -4,6 +4,8 @@ from typing import Dict
import pyAesCrypt
from common.utils.exceptions import FailedDecryption, NoCredentialsError
# TODO use from pyAesCrypt
BUFFER_SIZE = 64 * 1024
@ -21,18 +23,24 @@ def encrypt_config(config: Dict, password: str) -> str:
def decrypt_config(enc_config: bytes, password: str) -> Dict:
if not password:
raise NoCredentialsError
ciphertext_config_stream = io.BytesIO(enc_config)
dec_plaintext_config_stream = io.BytesIO()
len_ciphertext_config_stream = len(ciphertext_config_stream.getvalue())
pyAesCrypt.decryptStream(
ciphertext_config_stream,
dec_plaintext_config_stream,
password,
BUFFER_SIZE,
len_ciphertext_config_stream,
)
try:
pyAesCrypt.decryptStream(
ciphertext_config_stream,
dec_plaintext_config_stream,
password,
BUFFER_SIZE,
len_ciphertext_config_stream,
)
except ValueError as ex:
raise FailedDecryption(str(ex))
plaintext_config = json.loads(dec_plaintext_config_stream.getvalue().decode("utf-8"))
return plaintext_config