p17860254
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Island: Refactor linux/windows ransomware path regexes 

Refactored because the escape characters were cumbersome and difficult
to read when regexes were defined as strings. Also allow special
characters in Windows environment variable names as per
https://ss64.com/nt/syntax-variables.html
This commit is contained in:
Mike Salvatore 2021-07-05 13:46:01 -04:00
parent dc305d8e16
commit df6082b50a
1 changed files with 18 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
monkey/monkey_island/cc/ui/src/components/configuration-components/ValidationFormats.js
View File

@ -2,14 +2,19 @@ const ipRegex = '((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0
const cidrNotationRegex = '([0-9]|1[0-9]|2[0-9]|3[0-2])' const cidrNotationRegex = '([0-9]|1[0-9]|2[0-9]|3[0-2])'
const hostnameRegex = '^([A-Za-z0-9]*[A-Za-z]+[A-Za-z0-9]*.?)*([A-Za-z0-9]*[A-Za-z]+[A-Za-z0-9]*)$' const hostnameRegex = '^([A-Za-z0-9]*[A-Za-z]+[A-Za-z0-9]*.?)*([A-Za-z0-9]*[A-Za-z]+[A-Za-z0-9]*)$'
const linuxAbsolutePathRegex = '^/' // path starts with `/`
const linuxPathStartsWithEnvVariableRegex = '^\\$' // path starts with `$`
const linuxPathStartsWithTilde = '^~' // path starts with `~`
const windowsAbsolutePathRegex = '^([A-Za-z]:(\\\\|\\/))' // path starts like `C:\` OR `C:/` const linuxAbsolutePathRegex = /^\// // path starts with `/`
const windowsPathStartsWithEnvVariableRegex = '^\\$|^(%\\w*\\d*\\s*%)' // path starts like `$` OR `%abc%` const linuxPathStartsWithEnvVariableRegex = /^\$/ // path starts with `$`
const linuxPathStartsWithTildeRegex = /^~/ // path starts with `~`
const whitespacesOnlyRegex = '^\\s*$'
const windowsAbsolutePathRegex = /^([A-Za-z]:(\\|\/))/ // path starts like `C:\` OR `C:/`
const windowsEnvVarNonNumeric = '[A-Za-z#\\$\'\\(\\)\\*\\+,-\\.\\?@\\[\\]_`\\{\\}~+ ]'
const windowsPathStartsWithEnvVariableRegex = new RegExp(
`^\\$|^%(${windowsEnvVarNonNumeric}+(${windowsEnvVarNonNumeric}|\\d)*)%`
);// path starts like `$` OR `%abc%`
const emptyRegex = /^$/
export const IP_RANGE = 'ip-range'; export const IP_RANGE = 'ip-range';
@ -39,17 +44,17 @@ function buildIpRegex(){
function buildValidRansomwarePathLinuxRegex() { function buildValidRansomwarePathLinuxRegex() {
return new RegExp([ return new RegExp([
whitespacesOnlyRegex, emptyRegex.source,
linuxAbsolutePathRegex, linuxAbsolutePathRegex.source,
linuxPathStartsWithEnvVariableRegex, linuxPathStartsWithEnvVariableRegex.source,
linuxPathStartsWithTilde linuxPathStartsWithTildeRegex.source
].join('|')) ].join('|'))
} }
function buildValidRansomwarePathWindowsRegex() { function buildValidRansomwarePathWindowsRegex() {
return new RegExp([ return new RegExp([
whitespacesOnlyRegex, emptyRegex.source,
windowsAbsolutePathRegex, windowsAbsolutePathRegex.source,
windowsPathStartsWithEnvVariableRegex windowsPathStartsWithEnvVariableRegex.source
].join('|')) ].join('|'))
} }