Merge pull request #2393 from guardicore/2269-update-hostexploiter

2269 update hostexploiter
2022-10-04 15:34:08 -04:00 · 2022-10-04 15:34:08 -04:00 · a691a16625
parent 4ace93e417 3172433410
commit a691a16625
3 changed files with 48 additions and 7 deletions
--- a/monkey/infection_monkey/exploit/HostExploiter.py
+++ b/monkey/infection_monkey/exploit/HostExploiter.py
@ -2,13 +2,16 @@ import logging
 import threading
 from abc import abstractmethod
 from datetime import datetime
-from typing import Dict, Sequence
+from ipaddress import IPv4Address
+from typing import Dict, Sequence, Tuple

+from common.agent_events import ExploitationEvent, PropagationEvent
 from common.event_queue import IAgentEventQueue
 from common.utils.exceptions import FailedExploitationError
 from infection_monkey.i_puppet import ExploiterResultData
 from infection_monkey.model import VictimHost
 from infection_monkey.telemetry.messengers.i_telemetry_messenger import ITelemetryMessenger
+from infection_monkey.utils.ids import get_agent_id

 from . import IAgentBinaryRepository

@ -33,7 +36,7 @@ class HostExploiter:
        self.exploit_attempts = []
        self.host = None
        self.telemetry_messenger = None
-        self.event_queue = None
+        self.agent_event_queue = None
        self.options = {}
        self.exploit_result = {}
        self.servers = []
@ -62,7 +65,7 @@ class HostExploiter:
        servers: Sequence[str],
        current_depth: int,
        telemetry_messenger: ITelemetryMessenger,
-        event_queue: IAgentEventQueue,
+        agent_event_queue: IAgentEventQueue,
        agent_binary_repository: IAgentBinaryRepository,
        options: Dict,
        interrupt: threading.Event,
@ -71,7 +74,7 @@ class HostExploiter:
        self.servers = servers
        self.current_depth = current_depth
        self.telemetry_messenger = telemetry_messenger
-        self.event_queue = event_queue
+        self.agent_event_queue = agent_event_queue
        self.agent_binary_repository = agent_binary_repository
        self.options = options
        self.interrupt = interrupt
@ -124,3 +127,37 @@ class HostExploiter:
        """
        powershell = True if "powershell" in cmd.lower() else False
        self.exploit_info["executed_cmds"].append({"cmd": cmd, "powershell": powershell})
+
+    def _publish_exploitation_event(
+        self,
+        target: str,
+        exploitation_success: bool,
+        tags: Tuple[str, ...] = tuple(),
+        error_message: str = "",
+    ):
+        exploitation_event = ExploitationEvent(
+            source=get_agent_id(),
+            target=IPv4Address(target),
+            success=exploitation_success,
+            exploiter_name=self.__class__.__name__,
+            error_message=error_message,
+            tags=frozenset(tags),
+        )
+        self.agent_event_queue.publish(exploitation_event)
+
+    def _publish_propagation_event(
+        self,
+        target: str,
+        propagation_success: bool,
+        tags: Tuple[str, ...] = tuple(),
+        error_message: str = "",
+    ):
+        propagation_event = PropagationEvent(
+            source=get_agent_id(),
+            target=IPv4Address(target),
+            success=propagation_success,
+            exploiter_name=self.__class__.__name__,
+            error_message=error_message,
+            tags=frozenset(tags),
+        )
+        self.agent_event_queue.publish(propagation_event)
--- a/monkey/tests/unit_tests/infection_monkey/exploit/test_powershell.py
+++ b/monkey/tests/unit_tests/infection_monkey/exploit/test_powershell.py
@ -38,7 +38,7 @@ def powershell_arguments(http_and_https_both_enabled_host):
        "options": options,
        "current_depth": 2,
        "telemetry_messenger": MagicMock(),
-        "event_queue": MagicMock(),
+        "agent_event_queue": MagicMock(),
        "agent_binary_repository": mock_agent_binary_repository,
        "interrupt": threading.Event(),
    }
--- a/vulture_allowlist.py
+++ b/vulture_allowlist.py
@ -10,6 +10,10 @@ from common.agent_configuration.agent_sub_configurations import (
 from common.agent_events import ExploitationEvent, PingScanEvent, PropagationEvent, TCPScanEvent
 from common.credentials import Credentials, LMHash, NTHash
 from common.types import NetworkPort
+from infection_monkey.exploit.HostExploiter.HostExploiter import (
+    _publish_exploitation_event,
+    _publish_propagation_event,
+)
 from infection_monkey.exploit.log4shell_utils.ldap_server import LDAPServerFactory
 from monkey_island.cc.event_queue import IslandEventTopic, PyPubSubIslandEventQueue
 from monkey_island.cc.models import Report
@ -316,8 +320,8 @@ TCPScanEvent
 TCPScanEvent.port_status

 # TODO: Remove once #2269 is close
-PropagationEvent
-ExploitationEvent
+_publish_exploitation_event,
+_publish_propagation_event,

 # pydantic base models
 underscore_attrs_are_private