forked from p34709852/monkey
Merge pull request #1303 from guardicore/ransomeware_cwd_encryption_bugfix
Ransomeware bugfix: cwd encryption by default
This commit is contained in:
commit
9ed2145810
|
@ -1,5 +1,11 @@
|
||||||
import os
|
import os
|
||||||
|
|
||||||
|
|
||||||
|
class InvalidPath(Exception):
|
||||||
|
pass
|
||||||
|
|
||||||
|
|
||||||
def expand_path(path: str) -> str:
|
def expand_path(path: str) -> str:
|
||||||
|
if not path:
|
||||||
|
raise InvalidPath("Empty path provided")
|
||||||
return os.path.expandvars(os.path.expanduser(path))
|
return os.path.expandvars(os.path.expanduser(path))
|
||||||
|
|
|
@ -4,7 +4,7 @@ from pathlib import Path
|
||||||
from pprint import pformat
|
from pprint import pformat
|
||||||
from typing import List, Optional, Tuple
|
from typing import List, Optional, Tuple
|
||||||
|
|
||||||
from common.utils.file_utils import expand_path
|
from common.utils.file_utils import InvalidPath, expand_path
|
||||||
from infection_monkey.ransomware.bitflip_encryptor import BitflipEncryptor
|
from infection_monkey.ransomware.bitflip_encryptor import BitflipEncryptor
|
||||||
from infection_monkey.ransomware.file_selectors import select_production_safe_target_files
|
from infection_monkey.ransomware.file_selectors import select_production_safe_target_files
|
||||||
from infection_monkey.ransomware.targeted_file_extensions import TARGETED_FILE_EXTENSIONS
|
from infection_monkey.ransomware.targeted_file_extensions import TARGETED_FILE_EXTENSIONS
|
||||||
|
@ -28,15 +28,7 @@ class RansomwarePayload:
|
||||||
self._encryption_enabled = config["encryption"]["enabled"]
|
self._encryption_enabled = config["encryption"]["enabled"]
|
||||||
self._readme_enabled = config["other_behaviors"]["readme"]
|
self._readme_enabled = config["other_behaviors"]["readme"]
|
||||||
|
|
||||||
target_directories = config["encryption"]["directories"]
|
self._target_dir = RansomwarePayload.get_target_dir(config)
|
||||||
self._target_dir = Path(
|
|
||||||
expand_path(
|
|
||||||
target_directories["windows_target_dir"]
|
|
||||||
if is_windows_os()
|
|
||||||
else target_directories["linux_target_dir"]
|
|
||||||
)
|
|
||||||
)
|
|
||||||
|
|
||||||
self._new_file_extension = EXTENSION
|
self._new_file_extension = EXTENSION
|
||||||
self._valid_file_extensions_for_encryption = TARGETED_FILE_EXTENSIONS.copy()
|
self._valid_file_extensions_for_encryption = TARGETED_FILE_EXTENSIONS.copy()
|
||||||
self._valid_file_extensions_for_encryption.discard(self._new_file_extension)
|
self._valid_file_extensions_for_encryption.discard(self._new_file_extension)
|
||||||
|
@ -44,8 +36,22 @@ class RansomwarePayload:
|
||||||
self._encryptor = BitflipEncryptor(chunk_size=CHUNK_SIZE)
|
self._encryptor = BitflipEncryptor(chunk_size=CHUNK_SIZE)
|
||||||
self._telemetry_messenger = telemetry_messenger
|
self._telemetry_messenger = telemetry_messenger
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def get_target_dir(config: dict):
|
||||||
|
target_directories = config["encryption"]["directories"]
|
||||||
|
if is_windows_os():
|
||||||
|
target_dir_field = target_directories["windows_target_dir"]
|
||||||
|
else:
|
||||||
|
target_dir_field = target_directories["linux_target_dir"]
|
||||||
|
|
||||||
|
try:
|
||||||
|
return Path(expand_path(target_dir_field))
|
||||||
|
except InvalidPath as e:
|
||||||
|
LOG.debug(f"Target ransomware dir set to None: {e}")
|
||||||
|
return None
|
||||||
|
|
||||||
def run_payload(self):
|
def run_payload(self):
|
||||||
if self._encryption_enabled:
|
if self._encryption_enabled and self._target_dir:
|
||||||
LOG.info("Running ransomware payload")
|
LOG.info("Running ransomware payload")
|
||||||
file_list = self._find_files()
|
file_list = self._find_files()
|
||||||
self._encrypt_files(file_list)
|
self._encrypt_files(file_list)
|
||||||
|
|
|
@ -1,6 +1,8 @@
|
||||||
import os
|
import os
|
||||||
|
|
||||||
from common.utils.file_utils import expand_path
|
import pytest
|
||||||
|
|
||||||
|
from common.utils.file_utils import InvalidPath, expand_path
|
||||||
|
|
||||||
|
|
||||||
def test_expand_user(patched_home_env):
|
def test_expand_user(patched_home_env):
|
||||||
|
@ -15,3 +17,8 @@ def test_expand_vars(patched_home_env):
|
||||||
expected_path = os.path.join(patched_home_env, "test")
|
expected_path = os.path.join(patched_home_env, "test")
|
||||||
|
|
||||||
assert expand_path(input_path) == expected_path
|
assert expand_path(input_path) == expected_path
|
||||||
|
|
||||||
|
|
||||||
|
def test_expand_path__empty_path_provided():
|
||||||
|
with pytest.raises(InvalidPath):
|
||||||
|
expand_path("")
|
||||||
|
|
Loading…
Reference in New Issue