From 708d1a697dc257a9645dec66f634bc26e7bc6960 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Thu, 1 Oct 2020 12:54:41 +0300 Subject: [PATCH] Improved configuration by removing unused method and separating config value paths to a separate file --- monkey/infection_monkey/config.py | 10 -------- monkey/monkey_island/cc/services/config.py | 24 +++++++++++-------- .../config_schema/config_value_paths.py | 13 ++++++++++ .../cc/services/reporting/report.py | 12 ++++++---- 4 files changed, 34 insertions(+), 25 deletions(-) create mode 100644 monkey/monkey_island/cc/services/config_schema/config_value_paths.py diff --git a/monkey/infection_monkey/config.py b/monkey/infection_monkey/config.py index 1fbcb876b..2917524c5 100644 --- a/monkey/infection_monkey/config.py +++ b/monkey/infection_monkey/config.py @@ -36,16 +36,6 @@ class Configuration(object): self.max_depth = self.depth return unknown_items - def from_json(self, json_data): - """ - Gets a json data object, parses it and applies it to the configuration - :param json_data: - :return: - """ - formatted_data = json.loads(json_data) - result = self.from_kv(formatted_data) - return result - @staticmethod def hide_sensitive_info(config_dict): for field in SENSITIVE_FIELDS: diff --git a/monkey/monkey_island/cc/services/config.py b/monkey/monkey_island/cc/services/config.py index 10ce690c0..e67abc1f3 100644 --- a/monkey/monkey_island/cc/services/config.py +++ b/monkey/monkey_island/cc/services/config.py @@ -14,6 +14,10 @@ from monkey_island.cc.services.config_schema.config_schema import SCHEMA __author__ = "itay.mizeretz" +from monkey_island.cc.services.config_schema.config_value_paths import STARTED_ON_ISLAND_PATH, \ + EXPORT_MONKEY_TELEMS_PATH, SSH_KEYS_PATH, USER_LIST_PATH, PASSWORD_LIST_PATH, \ + LM_HASH_LIST_PATH, NTLM_HASH_LIST_PATH, AWS_KEYS_PATH + logger = logging.getLogger(__name__) # This should be used for config values of array type (array of strings only) @@ -118,34 +122,34 @@ class ConfigService: @staticmethod def creds_add_username(username): - ConfigService.add_item_to_config_set_if_dont_exist('basic.credentials.exploit_user_list', + ConfigService.add_item_to_config_set_if_dont_exist(USER_LIST_PATH, username, should_encrypt=False) @staticmethod def creds_add_password(password): - ConfigService.add_item_to_config_set_if_dont_exist('basic.credentials.exploit_password_list', + ConfigService.add_item_to_config_set_if_dont_exist(PASSWORD_LIST_PATH, password, should_encrypt=True) @staticmethod def creds_add_lm_hash(lm_hash): - ConfigService.add_item_to_config_set_if_dont_exist('internal.exploits.exploit_lm_hash_list', + ConfigService.add_item_to_config_set_if_dont_exist(LM_HASH_LIST_PATH, lm_hash, should_encrypt=True) @staticmethod def creds_add_ntlm_hash(ntlm_hash): - ConfigService.add_item_to_config_set_if_dont_exist('internal.exploits.exploit_ntlm_hash_list', + ConfigService.add_item_to_config_set_if_dont_exist(NTLM_HASH_LIST_PATH, ntlm_hash, should_encrypt=True) @staticmethod def ssh_add_keys(public_key, private_key, user, ip): if not ConfigService.ssh_key_exists( - ConfigService.get_config_value(['internal', 'exploits', 'exploit_ssh_keys'], False, False), user, ip): + ConfigService.get_config_value(SSH_KEYS_PATH, False, False), user, ip): ConfigService.add_item_to_config_set_if_dont_exist( - 'internal.exploits.exploit_ssh_keys', + SSH_KEYS_PATH, { "public_key": public_key, "private_key": private_key, @@ -280,7 +284,7 @@ class ConfigService: """ Same as decrypt_config but for a flat configuration """ - keys = [config_arr_as_array[2] for config_arr_as_array in ENCRYPTED_CONFIG_ARRAYS] + keys = [config_arr_as_array[-1] for config_arr_as_array in ENCRYPTED_CONFIG_VALUES] for key in keys: if isinstance(flat_config[key], collections.Sequence) and not isinstance(flat_config[key], str): @@ -295,7 +299,7 @@ class ConfigService: @staticmethod def _encrypt_or_decrypt_config(config, is_decrypt=False): - for config_arr_as_array in ENCRYPTED_CONFIG_ARRAYS: + for config_arr_as_array in ENCRYPTED_CONFIG_VALUES: config_arr = config parent_config_arr = None @@ -328,8 +332,8 @@ class ConfigService: @staticmethod def is_test_telem_export_enabled(): - return ConfigService.get_config_value(['internal', 'testing', 'export_monkey_telems']) + return ConfigService.get_config_value(EXPORT_MONKEY_TELEMS_PATH) @staticmethod def set_started_on_island(value: bool): - ConfigService.set_config_value(['internal', 'general', 'started_on_island'], value) + ConfigService.set_config_value(STARTED_ON_ISLAND_PATH, value) diff --git a/monkey/monkey_island/cc/services/config_schema/config_value_paths.py b/monkey/monkey_island/cc/services/config_schema/config_value_paths.py new file mode 100644 index 000000000..5ddbe8605 --- /dev/null +++ b/monkey/monkey_island/cc/services/config_schema/config_value_paths.py @@ -0,0 +1,13 @@ +AWS_KEYS_PATH = ['internal', 'monkey', 'aws_keys'] +STARTED_ON_ISLAND_PATH = ['internal', 'general', 'started_on_island'] +EXPORT_MONKEY_TELEMS_PATH = ['internal', 'testing', 'export_monkey_telems'] +CURRENT_SERVER_PATH = ['internal', 'island_server', 'current_server'] +SSH_KEYS_PATH = ['internal', 'exploits', 'exploit_ssh_keys'] +INACCESSIBLE_SUBNETS_PATH = ['basic_network', 'network_analysis', 'inaccessible_subnets'] +USER_LIST_PATH = ['basic', 'credentials', 'exploit_user_list'] +PASSWORD_LIST_PATH = ['basic', 'credentials', 'exploit_password_list'] +EXPLOITER_CLASSES_PATH = ['basic', 'exploiters', 'exploiter_classes'] +SUBNET_SCAN_LIST_PATH = ['basic_network', 'scope', 'subnet_scan_list'] +LOCAL_NETWORK_SCAN_PATH = ['basic_network', 'scope', 'local_network_scan'] +LM_HASH_LIST_PATH = ['internal', 'exploits', 'exploit_lm_hash_list'] +NTLM_HASH_LIST_PATH = ['internal', 'exploits', 'exploit_ntlm_hash_list'] diff --git a/monkey/monkey_island/cc/services/reporting/report.py b/monkey/monkey_island/cc/services/reporting/report.py index d60d53dec..8b7a2123f 100644 --- a/monkey/monkey_island/cc/services/reporting/report.py +++ b/monkey/monkey_island/cc/services/reporting/report.py @@ -12,6 +12,8 @@ from monkey_island.cc.database import mongo from monkey_island.cc.models import Monkey from monkey_island.cc.network_utils import get_subnets, local_ip_addresses from monkey_island.cc.services.config import ConfigService +from monkey_island.cc.services.config_schema.config_value_paths import USER_LIST_PATH, \ + PASSWORD_LIST_PATH, EXPLOITER_CLASSES_PATH, SUBNET_SCAN_LIST_PATH, LOCAL_NETWORK_SCAN_PATH from monkey_island.cc.services.configuration.utils import \ get_config_network_segments_as_subnet_groups from monkey_island.cc.services.node import NodeService @@ -619,15 +621,15 @@ class ReportService: @staticmethod def get_config_users(): - return ConfigService.get_config_value(['basic', 'credentials', 'exploit_user_list'], True, True) + return ConfigService.get_config_value(USER_LIST_PATH, True, True) @staticmethod def get_config_passwords(): - return ConfigService.get_config_value(['basic', 'credentials', 'exploit_password_list'], True, True) + return ConfigService.get_config_value(PASSWORD_LIST_PATH, True, True) @staticmethod def get_config_exploits(): - exploits_config_value = ['basic', 'exploiters', 'exploiter_classes'] + exploits_config_value = EXPLOITER_CLASSES_PATH default_exploits = ConfigService.get_default_config(False) for namespace in exploits_config_value: default_exploits = default_exploits[namespace] @@ -641,11 +643,11 @@ class ReportService: @staticmethod def get_config_ips(): - return ConfigService.get_config_value(['basic_network', 'scope', 'subnet_scan_list'], True, True) + return ConfigService.get_config_value(SUBNET_SCAN_LIST_PATH, True, True) @staticmethod def get_config_scan(): - return ConfigService.get_config_value(['basic_network', 'scope', 'local_network_scan'], True, True) + return ConfigService.get_config_value(LOCAL_NETWORK_SCAN_PATH, True, True) @staticmethod def get_issues_overview(issues, config_users, config_passwords):