Island: Refactor encryptors

All encryptors are moved to server_utils/encryption. They were renamed according to the class name. Everywhere that we had use the encryptors I have updated the names. Unit tests are also moved to UTs server_utils/encryption.
2021-09-22 22:48:13 +02:00 · 2021-09-22 22:48:13 +02:00 · a661dc4fe6
parent 803d1c910f
commit a661dc4fe6
20 changed files with 38 additions and 24 deletions
--- a/monkey/monkey_island/cc/models/utils/field_encryptors/string_list_encryptor.py
+++ b/monkey/monkey_island/cc/models/utils/field_encryptors/string_list_encryptor.py
@ -1,7 +1,7 @@
 from typing import List

 from monkey_island.cc.models.utils.field_encryptors.i_field_encryptor import IFieldEncryptor
-from monkey_island.cc.server_utils.key_encryptor import get_encryptor
+from monkey_island.cc.server_utils.encryption.data_store_encryptor import get_encryptor


 class StringListEncryptor(IFieldEncryptor):
--- a/monkey/monkey_island/cc/resources/configuration_export.py
+++ b/monkey/monkey_island/cc/resources/configuration_export.py
@ -4,8 +4,10 @@ import flask_restful
 from flask import request

 from monkey_island.cc.resources.auth.auth import jwt_required
+from monkey_island.cc.server_utils.encryption.password_based_encryption import (
+    PasswordBasedEncryptor,
+)
 from monkey_island.cc.services.config import ConfigService
-from monkey_island.cc.services.utils.password_encryption import PasswordBasedEncryptor


 class ConfigurationExport(flask_restful.Resource):
--- a/monkey/monkey_island/cc/resources/configuration_import.py
+++ b/monkey/monkey_island/cc/resources/configuration_import.py
@ -8,13 +8,13 @@ from flask import request

 from common.utils.exceptions import InvalidConfigurationError
 from monkey_island.cc.resources.auth.auth import jwt_required
-from monkey_island.cc.services.config import ConfigService
-from monkey_island.cc.services.utils.password_encryption import (
+from monkey_island.cc.server_utils.encryption.password_based_encryption import (
    InvalidCiphertextError,
    InvalidCredentialsError,
    PasswordBasedEncryptor,
    is_encrypted,
 )
+from monkey_island.cc.services.config import ConfigService

 logger = logging.getLogger(__name__)

--- a/monkey/monkey_island/cc/server_setup.py
+++ b/monkey/monkey_island/cc/server_setup.py
@ -27,8 +27,10 @@ from monkey_island.cc.server_utils.consts import (  # noqa: E402
    GEVENT_EXCEPTION_LOG,
    MONGO_CONNECTION_TIMEOUT,
 )
+from monkey_island.cc.server_utils.encryption.data_store_encryptor import (  # noqa: E402
+    initialize_encryptor,
+)
 from monkey_island.cc.server_utils.island_logger import reset_logger, setup_logging  # noqa: E402
-from monkey_island.cc.server_utils.key_encryptor import initialize_encryptor  # noqa: E402
 from monkey_island.cc.services.initialize import initialize_services  # noqa: E402
 from monkey_island.cc.services.reporting.exporter_init import populate_exporter_list  # noqa: E402
 from monkey_island.cc.services.utils.network_utils import local_ip_addresses  # noqa: E402
--- a/monkey/monkey_island/cc/server_utils/encryption/init.py
+++ b/monkey/monkey_island/cc/server_utils/encryption/init.py
--- a/monkey/monkey_island/cc/server_utils/encryption/data_store_encryptor.py
+++ b/monkey/monkey_island/cc/server_utils/encryption/data_store_encryptor.py
@ -4,8 +4,8 @@ import os
 # is maintained.
 from Crypto import Random  # noqa: DUO133  # nosec: B413

+from monkey_island.cc.server_utils.encryption.key_based_encryptor import KeyBasedEncryptor
 from monkey_island.cc.server_utils.file_utils import open_new_securely_permissioned_file
-from monkey_island.cc.services.utils.key_encryption import KeyBasedEncryptor

 _encryptor = None

@ -22,6 +22,8 @@ class DataStoreEncryptor:
        else:
            self._init_key(password_file)

+        self._key_base_encryptor = KeyBasedEncryptor(self._cipher_key)
+
    def _init_key(self, password_file_path: str):
        self._cipher_key = Random.new().read(self._BLOCK_SIZE)
        with open_new_securely_permissioned_file(password_file_path, "wb") as f:
@ -32,12 +34,10 @@ class DataStoreEncryptor:
            self._cipher_key = f.read()

    def enc(self, message: str):
-        key_encryptor = KeyBasedEncryptor(self._cipher_key)
-        return key_encryptor.encrypt(message)
+        return self._key_base_encryptor.encrypt(message)

    def dec(self, enc_message: str):
-        key_encryptor = KeyBasedEncryptor(self._cipher_key)
-        return key_encryptor.decrypt(enc_message)
+        return self._key_base_encryptor.decrypt(enc_message)


 def initialize_encryptor(password_file_dir):
--- a/monkey/monkey_island/cc/server_utils/encryption/i_encryptor.py
+++ b/monkey/monkey_island/cc/server_utils/encryption/i_encryptor.py
--- a/monkey/monkey_island/cc/server_utils/encryption/key_based_encryptor.py
+++ b/monkey/monkey_island/cc/server_utils/encryption/key_based_encryptor.py
@ -6,7 +6,7 @@ import logging
 from Crypto import Random  # noqa: DUO133  # nosec: B413
 from Crypto.Cipher import AES  # noqa: DUO133  # nosec: B413

-from monkey_island.cc.services.utils.i_encryptor import IEncryptor
+from monkey_island.cc.server_utils.encryption.i_encryptor import IEncryptor

 logger = logging.getLogger(__name__)

--- a/monkey/monkey_island/cc/server_utils/encryption/password_based_encryption.py
+++ b/monkey/monkey_island/cc/server_utils/encryption/password_based_encryption.py
@ -4,7 +4,7 @@ import logging

 import pyAesCrypt

-from monkey_island.cc.services.utils.i_encryptor import IEncryptor
+from monkey_island.cc.server_utils.encryption.i_encryptor import IEncryptor

 logger = logging.getLogger(__name__)

--- a/monkey/monkey_island/cc/services/attack/technique_reports/technique_report_tools.py
+++ b/monkey/monkey_island/cc/services/attack/technique_reports/technique_report_tools.py
@ -1,4 +1,4 @@
-from monkey_island.cc.server_utils.key_encryptor import get_encryptor
+from monkey_island.cc.server_utils.encryption.data_store_encryptor import get_encryptor


 def parse_creds(attempt):
--- a/monkey/monkey_island/cc/services/config.py
+++ b/monkey/monkey_island/cc/services/config.py
@ -19,7 +19,7 @@ from common.config_value_paths import (
    USER_LIST_PATH,
 )
 from monkey_island.cc.database import mongo
-from monkey_island.cc.server_utils.key_encryptor import get_encryptor
+from monkey_island.cc.server_utils.encryption.data_store_encryptor import get_encryptor
 from monkey_island.cc.services.config_manipulator import update_config_per_mode
 from monkey_island.cc.services.config_schema.config_schema import SCHEMA
 from monkey_island.cc.services.mode.island_mode_service import ModeNotSetError, get_mode
--- a/monkey/monkey_island/cc/services/telemetry/processing/exploit.py
+++ b/monkey/monkey_island/cc/services/telemetry/processing/exploit.py
@ -3,7 +3,7 @@ import copy
 import dateutil

 from monkey_island.cc.models import Monkey
-from monkey_island.cc.server_utils.key_encryptor import get_encryptor
+from monkey_island.cc.server_utils.encryption.data_store_encryptor import get_encryptor
 from monkey_island.cc.services.config import ConfigService
 from monkey_island.cc.services.edge.displayed_edge import EdgeService
 from monkey_island.cc.services.node import NodeService
--- a/monkey/monkey_island/cc/services/telemetry/processing/system_info.py
+++ b/monkey/monkey_island/cc/services/telemetry/processing/system_info.py
@ -1,6 +1,6 @@
 import logging

-from monkey_island.cc.server_utils.key_encryptor import get_encryptor
+from monkey_island.cc.server_utils.encryption.data_store_encryptor import get_encryptor
 from monkey_island.cc.services.config import ConfigService
 from monkey_island.cc.services.node import NodeService
 from monkey_island.cc.services.telemetry.processing.system_info_collectors.system_info_telemetry_dispatcher import (  # noqa: E501
--- a/monkey/monkey_island/cc/services/zero_trust/scoutsuite/scoutsuite_auth_service.py
+++ b/monkey/monkey_island/cc/services/zero_trust/scoutsuite/scoutsuite_auth_service.py
@ -5,7 +5,7 @@ from ScoutSuite.providers.base.authentication_strategy import AuthenticationExce
 from common.cloud.scoutsuite_consts import CloudProviders
 from common.config_value_paths import AWS_KEYS_PATH
 from common.utils.exceptions import InvalidAWSKeys
-from monkey_island.cc.server_utils.key_encryptor import get_encryptor
+from monkey_island.cc.server_utils.encryption.data_store_encryptor import get_encryptor
 from monkey_island.cc.services.config import ConfigService


--- a/monkey/tests/unit_tests/monkey_island/cc/conftest.py
+++ b/monkey/tests/unit_tests/monkey_island/cc/conftest.py
@ -5,7 +5,7 @@ import os

 import pytest
 from tests.unit_tests.monkey_island.cc.mongomock_fixtures import *  # noqa: F401,F403,E402
-from tests.unit_tests.monkey_island.cc.services.utils.test_encryption import (
+from tests.unit_tests.monkey_island.cc.server_utils.encryption.test_password_based_encryption import (  # noqa: E501
    MONKEY_CONFIGS_DIR_PATH,
    STANDARD_PLAINTEXT_MONKEY_CONFIG_FILENAME,
 )
--- a/monkey/tests/unit_tests/monkey_island/cc/models/utils/field_encryptors/test_string_list_encryptor.py
+++ b/monkey/tests/unit_tests/monkey_island/cc/models/utils/field_encryptors/test_string_list_encryptor.py
@ -1,7 +1,7 @@
 import pytest

 from monkey_island.cc.models.utils.field_encryptors.string_list_encryptor import StringListEncryptor
-from monkey_island.cc.server_utils.key_encryptor import initialize_encryptor
+from monkey_island.cc.server_utils.encryption.data_store_encryptor import initialize_encryptor

 MOCK_STRING_LIST = ["test_1", "test_2"]
 EMPTY_LIST = []
--- a/monkey/tests/unit_tests/monkey_island/cc/resources/test_configuration_import.py
+++ b/monkey/tests/unit_tests/monkey_island/cc/resources/test_configuration_import.py
@ -1,12 +1,16 @@
 import pytest
+from tests.unit_tests.monkey_island.cc.server_utils.encryption.test_password_based_encryption import (  # noqa: E501
+    PASSWORD,
+)
 from tests.unit_tests.monkey_island.cc.services.utils.ciphertexts_for_encryption_test import (
    MALFORMED_CIPHER_TEXT_CORRUPTED,
 )
-from tests.unit_tests.monkey_island.cc.services.utils.test_encryption import PASSWORD

 from common.utils.exceptions import InvalidConfigurationError
 from monkey_island.cc.resources.configuration_import import ConfigurationImport
-from monkey_island.cc.services.utils.password_encryption import PasswordBasedEncryptor
+from monkey_island.cc.server_utils.encryption.password_based_encryption import (
+    PasswordBasedEncryptor,
+)


 def test_is_config_encrypted__json(monkey_config_json):
--- a/monkey/tests/unit_tests/monkey_island/cc/server_utils/encryption/test_data_store_encryptor.py
+++ b/monkey/tests/unit_tests/monkey_island/cc/server_utils/encryption/test_data_store_encryptor.py
@ -1,6 +1,9 @@
 import os

-from monkey_island.cc.server_utils.key_encryptor import get_encryptor, initialize_encryptor
+from monkey_island.cc.server_utils.encryption.data_store_encryptor import (
+    get_encryptor,
+    initialize_encryptor,
+)

 PASSWORD_FILENAME = "mongo_key.bin"

--- a/monkey/tests/unit_tests/monkey_island/cc/server_utils/encryption/test_password_based_encryption.py
+++ b/monkey/tests/unit_tests/monkey_island/cc/server_utils/encryption/test_password_based_encryption.py
@ -4,7 +4,7 @@ from tests.unit_tests.monkey_island.cc.services.utils.ciphertexts_for_encryption
    VALID_CIPHER_TEXT,
 )

-from monkey_island.cc.services.utils.password_encryption import (
+from monkey_island.cc.server_utils.encryption.password_based_encryption import (
    InvalidCredentialsError,
    PasswordBasedEncryptor,
 )
--- a/monkey/tests/unit_tests/monkey_island/cc/services/zero_trust/scoutsuite/test_scoutsuite_auth_service.py
+++ b/monkey/tests/unit_tests/monkey_island/cc/services/zero_trust/scoutsuite/test_scoutsuite_auth_service.py
@ -5,7 +5,10 @@ import pytest

 from common.config_value_paths import AWS_KEYS_PATH
 from monkey_island.cc.database import mongo
-from monkey_island.cc.server_utils.key_encryptor import get_encryptor, initialize_encryptor
+from monkey_island.cc.server_utils.encryption.data_store_encryptor import (
+    get_encryptor,
+    initialize_encryptor,
+)
 from monkey_island.cc.services.config import ConfigService
 from monkey_island.cc.services.zero_trust.scoutsuite.scoutsuite_auth_service import (
    is_aws_keys_setup,