p15693087
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

Implemented safety check on import.

This commit is contained in:
VakarisZ 2021-06-02 17:02:10 +03:00
parent 500f270aa9
commit fc1f12c24d
3 changed files with 84 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
monkey/monkey_island/cc/resources/configuration_import.py
View File

@ -21,6 +21,8 @@ class ResponseContents:
import_status: str = "imported" import_status: str = "imported"
message: str = "" message: str = ""
status_code: int = 200 status_code: int = 200
config: str = ""
config_schema: str = ""
def form_response(self): def form_response(self):
return self.__dict__, self.status_code return self.__dict__, self.status_code
@ -40,8 +42,17 @@ class ConfigurationImport(flask_restful.Resource):
config = json.loads(request_contents["config"]) config = json.loads(request_contents["config"])
except JSONDecodeError: except JSONDecodeError:
config = decrypt_config(request_contents["config"], request_contents["password"]) config = decrypt_config(request_contents["config"], request_contents["password"])
ConfigurationImport.import_config(config)
return ResponseContents().form_response() if request_contents["unsafeOptionsVerified"]:
ConfigurationImport.import_config(config)
return ResponseContents().form_response()
else:
return ResponseContents(
config=config,
config_schema=ConfigService.get_config_schema(),
import_status="unsafe_options_verification_required",
status_code=403,
).form_response()
except InvalidCredentialsError: except InvalidCredentialsError:
return ResponseContents( return ResponseContents(
import_status="wrong_password", message="Wrong password supplied", status_code=403 import_status="wrong_password", message="Wrong password supplied", status_code=403

100
monkey/monkey_island/cc/ui/src/components/configuration-components/ImportConfigModal.tsx
View File

@ -1,11 +1,14 @@
import {Button, Modal, Form, Alert} from 'react-bootstrap'; import {Button, Modal, Form, Alert} from 'react-bootstrap';
import React, {useEffect, useState} from 'react'; import React, {useEffect, useState} from 'react';
import {faExclamationCircle} from '@fortawesome/free-solid-svg-icons/faExclamationCircle';
import {FontAwesomeIcon} from '@fortawesome/react-fontawesome';
import AuthComponent from '../AuthComponent'; import AuthComponent from '../AuthComponent';
import '../../styles/components/configuration-components/ImportConfigModal.scss'; import '../../styles/components/configuration-components/ImportConfigModal.scss';
import UnsafeOptionsConfirmationModal
from '../configuration-components/UnsafeOptionsConfirmationModal.js';
import UploadStatusIcon, {UploadStatuses} from '../ui-components/UploadStatusIcon'; import UploadStatusIcon, {UploadStatuses} from '../ui-components/UploadStatusIcon';
import {faExclamationCircle} from '@fortawesome/free-solid-svg-icons/faExclamationCircle'; import isUnsafeOptionSelected from '../utils/SafeOptionValidator.js';
import {FontAwesomeIcon} from '@fortawesome/react-fontawesome';
type Props = { type Props = {
@ -19,9 +22,15 @@ const ConfigImportModal = (props: Props) => {
const [uploadStatus, setUploadStatus] = useState(UploadStatuses.clean); const [uploadStatus, setUploadStatus] = useState(UploadStatuses.clean);
const [configContents, setConfigContents] = useState(null); const [configContents, setConfigContents] = useState(null);
const [candidateConfig, setCandidateConfig] = useState(null);
const [password, setPassword] = useState(''); const [password, setPassword] = useState('');
const [showPassword, setShowPassword] = useState(false); const [showPassword, setShowPassword] = useState(false);
const [errorMessage, setErrorMessage] = useState(''); const [errorMessage, setErrorMessage] = useState('');
const [unsafeOptionsVerified, setUnsafeOptionsVerified] = useState(false);
const [showUnsafeOptionsConfirmation,
setShowUnsafeOptionsConfirmation] = useState(false);
const [fileFieldKey, setFileFieldKey] = useState(Date.now());
const authComponent = new AuthComponent({}); const authComponent = new AuthComponent({});
useEffect(() => { useEffect(() => {
@ -38,21 +47,31 @@ const ConfigImportModal = (props: Props) => {
headers: {'Content-Type': 'application/json'}, headers: {'Content-Type': 'application/json'},
body: JSON.stringify({ body: JSON.stringify({
config: configContents, config: configContents,
password: password password: password,
unsafeOptionsVerified: unsafeOptionsVerified
}) })
} }
).then(res => res.json()) ).then(res => res.json())
.then(res => { .then(res => {
if (res['import_status'] === 'password_required') { if (res['import_status'] === 'password_required') {
setUploadStatus(UploadStatuses.success);
setShowPassword(true); setShowPassword(true);
} else if (res['import_status'] === 'wrong_password'){ } else if (res['import_status'] === 'wrong_password') {
setErrorMessage(res['message']); setErrorMessage(res['message']);
} } else if (res['import_status'] === 'invalid_configuration') {
if (res['import_status'] === 'invalid_configuration'){
setUploadStatus(UploadStatuses.error); setUploadStatus(UploadStatuses.error);
setErrorMessage(res['message']); setErrorMessage(res['message']);
} else { } else if (res['import_status'] === 'unsafe_options_verification_required') {
setUploadStatus(UploadStatuses.success); if (isUnsafeOptionSelected(res['config_schema'], res['config'])) {
setShowUnsafeOptionsConfirmation(true);
setCandidateConfig(JSON.stringify(res['config']));
} else {
setUnsafeOptionsVerified(true);
setConfigContents(res['config']);
}
} else if (res['import_status'] === 'imported'){
resetState();
props.onClose(true);
} }
return res['import_status']; return res['import_status'];
}) })
@ -68,6 +87,9 @@ const ConfigImportModal = (props: Props) => {
setConfigContents(null); setConfigContents(null);
setErrorMessage(''); setErrorMessage('');
setShowPassword(false); setShowPassword(false);
setShowUnsafeOptionsConfirmation(false);
setUnsafeOptionsVerified(false);
setFileFieldKey(Date.now()); // Resets the file input
} }
function uploadFile(event) { function uploadFile(event) {
@ -76,50 +98,66 @@ const ConfigImportModal = (props: Props) => {
setConfigContents(event.target.result); setConfigContents(event.target.result);
}; };
reader.readAsText(event.target.files[0]); reader.readAsText(event.target.files[0]);
} }
function onImportClick() { function showVerificationDialog() {
sendConfigToServer().then((importStatus) => { return (
if(importStatus === 'imported'){ <UnsafeOptionsConfirmationModal
resetState(); show={showUnsafeOptionsConfirmation}
props.onClose(true); onCancelClick={() => {
} resetState();
}); }}
onContinueClick={() => {
setUnsafeOptionsVerified(true);
setConfigContents(candidateConfig);
}}
/>
);
} }
return ( return (
<Modal show={props.show} <
onHide={()=> {resetState(); props.onClose(false)}} Modal
size={'lg'} show={props.show}
className={'config-import-modal'}> onHide={() => {
<Modal.Header closeButton> resetState();
<Modal.Title>Configuration import</Modal.Title> props.onClose(false)
}}
size={'lg'}
className={'config-import-modal'}>
< Modal.Header
closeButton>
< Modal.Title>
Configuration
import
</Modal.Title>
</Modal.Header> </Modal.Header>
<Modal.Body> <Modal.Body>
{showVerificationDialog()}
<div className={`mb-3 config-import-option`}> <div className={`mb-3 config-import-option`}>
<Form> <Form>
<Form.File id='exampleFormControlFile1' <Form.File id='importConfigFileSelector'
label='Please choose a configuration file' label='Please choose a configuration file'
accept='.conf' accept='.conf'
onChange={uploadFile} onChange={uploadFile}
className={'file-input'}/> className={'file-input'}
key={fileFieldKey}/>
<UploadStatusIcon status={uploadStatus}/> <UploadStatusIcon status={uploadStatus}/>
{showPassword && <PasswordInput onChange={setPassword} />} {showPassword && <PasswordInput onChange={setPassword}/>}
{ errorMessage && {errorMessage &&
<Alert variant={'danger'} className={'import-error'}> <Alert variant={'danger'} className={'import-error'}>
<FontAwesomeIcon icon={faExclamationCircle} style={{'marginRight': '5px'}}/> <FontAwesomeIcon icon={faExclamationCircle} style={{'marginRight': '5px'}}/>
{errorMessage} {errorMessage}
</Alert> </Alert>
} }
</Form> </Form>
</div> </div>
</Modal.Body> </Modal.Body>
<Modal.Footer> <Modal.Footer>
<Button variant={'info'} <Button variant={'info'}
onClick={onImportClick} onClick={sendConfigToServer}
disabled={isImportDisabled()}> disabled={isImportDisabled()}>
Import Import
</Button> </Button>

3
vulture_allowlist.py
View File

@ -169,7 +169,8 @@ build_from_config_file_contents # unused method 'build_from_config_file_content
mock_port_in_env_singleton # monkey\tests\unit_tests\monkey_island\cc\services\test_config.py:26: mock_port_in_env_singleton # monkey\tests\unit_tests\monkey_island\cc\services\test_config.py:26:
ISLAND # unused variable (monkey/monkey_island/cc/services/utils/node_states.py:14) ISLAND # unused variable (monkey/monkey_island/cc/services/utils/node_states.py:14)
MONKEY_LINUX_RUNNING # unused variable (monkey/monkey_island/cc/services/utils/node_states.py:26) MONKEY_LINUX_RUNNING # unused variable (monkey/monkey_island/cc/services/utils/node_states.py:26)
import_status # \monkey_island\cc\resources\configuration_import.py:19 import_status # monkey_island\cc\resources\configuration_import.py:19
config_schema # monkey_island\cc\resources\configuration_import.py:25
# these are not needed for it to work, but may be useful extra information to understand what's going on # these are not needed for it to work, but may be useful extra information to understand what's going on
WINDOWS_PBA_TYPE # unused variable (monkey/monkey_island/cc/resources/pba_file_upload.py:23) WINDOWS_PBA_TYPE # unused variable (monkey/monkey_island/cc/resources/pba_file_upload.py:23)