From d8beba17fdcd5180b0dbd699cf5a856b6e3a8149 Mon Sep 17 00:00:00 2001 From: Kekoa Kaaikala Date: Thu, 25 Aug 2022 18:13:34 +0000 Subject: [PATCH] Agent: Update NetworkInterface to be IPv4Interface --- monkey/infection_monkey/monkey.py | 4 +- monkey/infection_monkey/network/info.py | 12 +--- .../network_scanning/scan_target_generator.py | 8 ++- .../master/test_propagator.py | 2 +- .../test_scan_target_generator.py | 65 +++++++++---------- 5 files changed, 43 insertions(+), 48 deletions(-) diff --git a/monkey/infection_monkey/monkey.py b/monkey/infection_monkey/monkey.py index a9470dd24..2a28d78f9 100644 --- a/monkey/infection_monkey/monkey.py +++ b/monkey/infection_monkey/monkey.py @@ -242,7 +242,7 @@ class InfectionMonkey: def _get_local_network_interfaces(): local_network_interfaces = get_local_network_interfaces() for i in local_network_interfaces: - logger.debug(f"Found local interface {i.address}{i.netmask}") + logger.debug(f"Found local interface {i.ip.compressed}/{i.network.prefixlen}") return local_network_interfaces @@ -375,7 +375,7 @@ class InfectionMonkey: def _running_on_island(self, local_network_interfaces: List[NetworkInterface]) -> bool: server_ip, _ = address_to_ip_port(self._control_client.server_address) - return server_ip in {interface.address for interface in local_network_interfaces} + return server_ip in {interface.ip.compressed for interface in local_network_interfaces} def _is_another_monkey_running(self): return not self._singleton.try_lock() diff --git a/monkey/infection_monkey/network/info.py b/monkey/infection_monkey/network/info.py index 14f06acfe..99545d232 100644 --- a/monkey/infection_monkey/network/info.py +++ b/monkey/infection_monkey/network/info.py @@ -2,7 +2,7 @@ import itertools import socket import struct from collections import namedtuple -from ipaddress import IPv4Network +from ipaddress import IPv4Interface from random import randint # noqa: DUO102 from typing import List @@ -20,18 +20,12 @@ RTF_REJECT = 0x0200 # TODO: We can probably replace both of these namedtuples with classes in Python's ipaddress # library: https://docs.python.org/3/library/ipaddress.html -NetworkInterface = namedtuple("NetworkInterface", ("address", "netmask")) +NetworkInterface = IPv4Interface NetworkAddress = namedtuple("NetworkAddress", ("ip", "domain")) def get_local_network_interfaces() -> List[NetworkInterface]: - network_interfaces = [] - for i in get_host_subnets(): - netmask_bits = IPv4Network(f"{i['addr']}/{i['netmask']}", strict=False).prefixlen - cidr_netmask = f"/{netmask_bits}" - network_interfaces.append(NetworkInterface(i["addr"], cidr_netmask)) - - return network_interfaces + return [IPv4Interface(f"{i['addr']}/{i['netmask']}") for i in get_host_subnets()] def get_host_subnets(): diff --git a/monkey/infection_monkey/network_scanning/scan_target_generator.py b/monkey/infection_monkey/network_scanning/scan_target_generator.py index 2b2221a5a..298b20505 100644 --- a/monkey/infection_monkey/network_scanning/scan_target_generator.py +++ b/monkey/infection_monkey/network_scanning/scan_target_generator.py @@ -75,7 +75,9 @@ def _get_ips_from_ranges_to_scan(ranges_to_scan: List[str]) -> List[NetworkAddre def _get_ips_to_scan_from_local_interface( interfaces: List[NetworkInterface], ) -> List[NetworkAddress]: - ranges = [f"{interface.address}{interface.netmask}" for interface in interfaces] + ranges = [ + f"{interface.ip.compressed}/{interface.network.prefixlen}" for interface in interfaces + ] ranges = NetworkRange.filter_invalid_ranges( ranges, "Local network interface returns an invalid IP:" @@ -86,7 +88,7 @@ def _get_ips_to_scan_from_local_interface( def _remove_interface_ips( scan_targets: List[NetworkAddress], interfaces: List[NetworkInterface] ) -> List[NetworkAddress]: - interface_ips = [interface.address for interface in interfaces] + interface_ips = [interface.ip.compressed for interface in interfaces] return _remove_ips_from_scan_targets(scan_targets, interface_ips) @@ -112,7 +114,7 @@ def _get_segmentation_check_targets( inaccessible_subnets: List[str], local_interfaces: List[NetworkInterface] ) -> List[NetworkAddress]: ips_to_scan = [] - local_ips = [interface.address for interface in local_interfaces] + local_ips = [interface.ip.compressed for interface in local_interfaces] local_ips = NetworkRange.filter_invalid_ranges(local_ips, "Invalid local IP found: ") inaccessible_subnets = NetworkRange.filter_invalid_ranges( diff --git a/monkey/tests/unit_tests/infection_monkey/master/test_propagator.py b/monkey/tests/unit_tests/infection_monkey/master/test_propagator.py index 39912c24f..0ebb6db76 100644 --- a/monkey/tests/unit_tests/infection_monkey/master/test_propagator.py +++ b/monkey/tests/unit_tests/infection_monkey/master/test_propagator.py @@ -294,7 +294,7 @@ def test_exploiter_result_processing( def test_scan_target_generation( telemetry_messenger_spy, mock_ip_scanner, mock_victim_host_factory, default_agent_configuration ): - local_network_interfaces = [NetworkInterface("10.0.0.9", "/29")] + local_network_interfaces = [NetworkInterface("10.0.0.9/29")] p = Propagator( telemetry_messenger_spy, mock_ip_scanner, diff --git a/monkey/tests/unit_tests/infection_monkey/network_scanning/test_scan_target_generator.py b/monkey/tests/unit_tests/infection_monkey/network_scanning/test_scan_target_generator.py index 631d65fa8..2feff418b 100644 --- a/monkey/tests/unit_tests/infection_monkey/network_scanning/test_scan_target_generator.py +++ b/monkey/tests/unit_tests/infection_monkey/network_scanning/test_scan_target_generator.py @@ -112,10 +112,10 @@ def test_only_ip_blocklisted(ranges_to_scan): def test_local_network_interface_ips_removed_from_targets(): local_network_interfaces = [ - NetworkInterface("10.0.0.5", "/24"), - NetworkInterface("10.0.0.32", "/24"), - NetworkInterface("10.0.0.119", "/24"), - NetworkInterface("192.168.1.33", "/24"), + NetworkInterface("10.0.0.5/24"), + NetworkInterface("10.0.0.32/24"), + NetworkInterface("10.0.0.119/24"), + NetworkInterface("192.168.1.33/24"), ] scan_targets = compile_scan_target_list( @@ -128,12 +128,12 @@ def test_local_network_interface_ips_removed_from_targets(): assert len(scan_targets) == 252 for interface in local_network_interfaces: - assert interface.address not in scan_targets + assert interface.ip.compressed not in scan_targets def test_no_redundant_targets(): local_network_interfaces = [ - NetworkInterface("10.0.0.5", "/24"), + NetworkInterface("10.0.0.5/24"), ] scan_targets = compile_scan_target_list( @@ -152,10 +152,10 @@ def test_no_redundant_targets(): @pytest.mark.parametrize("ranges_to_scan", [["10.0.0.5"], []]) def test_only_scan_ip_is_local(ranges_to_scan): local_network_interfaces = [ - NetworkInterface("10.0.0.5", "/24"), - NetworkInterface("10.0.0.32", "/24"), - NetworkInterface("10.0.0.119", "/24"), - NetworkInterface("192.168.1.33", "/24"), + NetworkInterface("10.0.0.5/24"), + NetworkInterface("10.0.0.32/24"), + NetworkInterface("10.0.0.119/24"), + NetworkInterface("192.168.1.33/24"), ] scan_targets = compile_scan_target_list( @@ -171,10 +171,10 @@ def test_only_scan_ip_is_local(ranges_to_scan): def test_local_network_interface_ips_and_blocked_ips_removed_from_targets(): local_network_interfaces = [ - NetworkInterface("10.0.0.5", "/24"), - NetworkInterface("10.0.0.32", "/24"), - NetworkInterface("10.0.0.119", "/24"), - NetworkInterface("192.168.1.33", "/24"), + NetworkInterface("10.0.0.5/24"), + NetworkInterface("10.0.0.32/24"), + NetworkInterface("10.0.0.119/24"), + NetworkInterface("192.168.1.33/24"), ] blocked_ips = ["10.0.0.63", "192.168.1.77", "0.0.0.0"] @@ -191,14 +191,14 @@ def test_local_network_interface_ips_and_blocked_ips_removed_from_targets(): ) for interface in local_network_interfaces: - assert interface.address not in scan_targets + assert interface.ip.compressed not in scan_targets for ip in blocked_ips: assert ip not in scan_targets def test_local_subnet_added(): - local_network_interfaces = [NetworkInterface("10.0.0.5", "/24")] + local_network_interfaces = [NetworkInterface("10.0.0.5/24")] scan_targets = compile_scan_target_list( local_network_interfaces=local_network_interfaces, @@ -216,8 +216,8 @@ def test_local_subnet_added(): def test_multiple_local_subnets_added(): local_network_interfaces = [ - NetworkInterface("10.0.0.5", "/24"), - NetworkInterface("172.33.66.99", "/24"), + NetworkInterface("10.0.0.5/24"), + NetworkInterface("172.33.66.99/24"), ] scan_targets = compile_scan_target_list( @@ -239,8 +239,8 @@ def test_multiple_local_subnets_added(): def test_blocklisted_ips_missing_from_local_subnets(): local_network_interfaces = [ - NetworkInterface("10.0.0.5", "/24"), - NetworkInterface("172.33.66.99", "/24"), + NetworkInterface("10.0.0.5/24"), + NetworkInterface("172.33.66.99/24"), ] blocklisted_ips = ["10.0.0.12", "10.0.0.13", "172.33.66.25"] @@ -259,7 +259,7 @@ def test_blocklisted_ips_missing_from_local_subnets(): def test_local_subnets_and_ranges_added(): - local_network_interfaces = [NetworkInterface("10.0.0.5", "/24")] + local_network_interfaces = [NetworkInterface("10.0.0.5/24")] scan_targets = compile_scan_target_list( local_network_interfaces=local_network_interfaces, @@ -281,7 +281,7 @@ def test_local_subnets_and_ranges_added(): def test_local_network_interfaces_specified_but_disabled(): - local_network_interfaces = [NetworkInterface("10.0.0.5", "/24")] + local_network_interfaces = [NetworkInterface("10.0.0.5/24")] scan_targets = compile_scan_target_list( local_network_interfaces=local_network_interfaces, @@ -299,8 +299,8 @@ def test_local_network_interfaces_specified_but_disabled(): def test_local_network_interfaces_subnet_masks(): local_network_interfaces = [ - NetworkInterface("172.60.145.109", "/30"), - NetworkInterface("172.60.145.144", "/30"), + NetworkInterface("172.60.145.109/30"), + NetworkInterface("172.60.145.144/30"), ] scan_targets = compile_scan_target_list( @@ -318,7 +318,7 @@ def test_local_network_interfaces_subnet_masks(): def test_segmentation_targets(): - local_network_interfaces = [NetworkInterface("172.60.145.109", "/24")] + local_network_interfaces = [NetworkInterface("172.60.145.109/24")] inaccessible_subnets = ["172.60.145.108/30", "172.60.145.144/30"] @@ -338,7 +338,7 @@ def test_segmentation_targets(): def test_segmentation_clash_with_blocked(): local_network_interfaces = [ - NetworkInterface("172.60.145.109", "/30"), + NetworkInterface("172.60.145.109/30"), ] inaccessible_subnets = ["172.60.145.108/30", "172.60.145.149/30"] @@ -358,7 +358,7 @@ def test_segmentation_clash_with_blocked(): def test_segmentation_clash_with_targets(): local_network_interfaces = [ - NetworkInterface("172.60.145.109", "/30"), + NetworkInterface("172.60.145.109/30"), ] inaccessible_subnets = ["172.60.145.108/30", "172.60.145.149/30"] @@ -381,7 +381,7 @@ def test_segmentation_clash_with_targets(): def test_segmentation_one_network(): local_network_interfaces = [ - NetworkInterface("172.60.145.109", "/30"), + NetworkInterface("172.60.145.109/30"), ] inaccessible_subnets = ["172.60.145.1/24"] @@ -401,8 +401,8 @@ def test_segmentation_one_network(): def test_segmentation_inaccessible_networks(): local_network_interfaces = [ - NetworkInterface("172.60.1.1", "/24"), - NetworkInterface("172.60.2.1", "/24"), + NetworkInterface("172.60.1.1/24"), + NetworkInterface("172.60.2.1/24"), ] inaccessible_subnets = ["172.60.144.1/24", "172.60.146.1/24"] @@ -420,8 +420,7 @@ def test_segmentation_inaccessible_networks(): def test_invalid_inputs(): local_network_interfaces = [ - NetworkInterface("172.60.999.109", "/30"), - NetworkInterface("172.60.145.109", "/30"), + NetworkInterface("172.60.145.109/30"), ] inaccessible_subnets = [ @@ -447,7 +446,7 @@ def test_invalid_inputs(): def test_invalid_blocklisted_ip(): - local_network_interfaces = [NetworkInterface("172.60.145.109", "/30")] + local_network_interfaces = [NetworkInterface("172.60.145.109/30")] inaccessible_subnets = ["172.60.147.8/30", "172.60.147.148/30"]