Merge pull request #2301 from guardicore/2180-credentials-event-encoding

2180 credentials event encoding
2022-09-16 08:35:45 -04:00 · 2022-09-16 08:35:45 -04:00 · ae073de766
parent 54f1bd2197 ec40a9c6ad
commit ae073de766
13 changed files with 62 additions and 23 deletions
--- a/monkey/common/credentials/init.py
+++ b/monkey/common/credentials/init.py
@ -3,5 +3,6 @@ from .nt_hash import NTHash
 from .password import Password
 from .ssh_keypair import SSHKeypair
 from .username import Username
+from .encoding import get_plaintext, SecretEncodingConfig

 from .credentials import Credentials
--- a/monkey/common/credentials/credentials.py
+++ b/monkey/common/credentials/credentials.py
@ -2,22 +2,14 @@ from __future__ import annotations

 from typing import Optional, Union

-from pydantic import SecretBytes, SecretStr
-
 from ..base_models import InfectionMonkeyBaseModel, InfectionMonkeyModelConfig
 from . import LMHash, NTHash, Password, SSHKeypair, Username
+from .encoding import SecretEncodingConfig

 Secret = Union[Password, LMHash, NTHash, SSHKeypair]
 Identity = Username


-def get_plaintext(secret: Union[SecretStr, SecretBytes, None, str]) -> Optional[str]:
-    if isinstance(secret, (SecretStr, SecretBytes)):
-        return secret.get_secret_value()
-    else:
-        return secret
-
-
 class Credentials(InfectionMonkeyBaseModel):
    """Represents a credential pair (an identity and a secret)"""

@ -27,9 +19,5 @@ class Credentials(InfectionMonkeyBaseModel):
    secret: Optional[Secret]
    """Secret part of credentials, like a password or a hash"""

-    class Config(InfectionMonkeyModelConfig):
-        json_encoders = {
-            # This makes secrets dumpable to json, but not loggable
-            SecretStr: get_plaintext,
-            SecretBytes: get_plaintext,
-        }
+    class Config(SecretEncodingConfig, InfectionMonkeyModelConfig):
+        pass
--- a/monkey/common/credentials/encoding.py
+++ b/monkey/common/credentials/encoding.py
@ -0,0 +1,20 @@
+from __future__ import annotations
+
+from typing import Optional, Union
+
+from pydantic import SecretBytes, SecretStr
+
+
+def get_plaintext(secret: Union[SecretStr, SecretBytes, None, str]) -> Optional[str]:
+    if isinstance(secret, (SecretStr, SecretBytes)):
+        return secret.get_secret_value()
+    else:
+        return secret
+
+
+class SecretEncodingConfig:
+    json_encoders = {
+        # This makes secrets dumpable to json, but not loggable
+        SecretStr: get_plaintext,
+        SecretBytes: get_plaintext,
+    }
--- a/monkey/common/events/credentials_stolen_events.py
+++ b/monkey/common/events/credentials_stolen_events.py
@ -2,8 +2,10 @@ from typing import Sequence

 from pydantic import Field

+from common.base_models import InfectionMonkeyModelConfig
 from common.credentials import Credentials

+from ..credentials.encoding import SecretEncodingConfig
 from . import AbstractAgentEvent


@ -16,3 +18,6 @@ class CredentialsStolenEvent(AbstractAgentEvent):
    """

    stolen_credentials: Sequence[Credentials] = Field(default_factory=list)
+
+    class Config(SecretEncodingConfig, InfectionMonkeyModelConfig):
+        pass
--- a/monkey/infection_monkey/exploit/mssqlexec.py
+++ b/monkey/infection_monkey/exploit/mssqlexec.py
@ -6,7 +6,7 @@ from typing import Sequence, Tuple
 import pymssql

 from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT
-from common.credentials.credentials import get_plaintext
+from common.credentials import get_plaintext
 from common.utils.exceptions import FailedExploitationError
 from infection_monkey.exploit.HostExploiter import HostExploiter
 from infection_monkey.exploit.tools.helpers import get_agent_dst_path
--- a/monkey/infection_monkey/exploit/powershell_utils/powershell_client.py
+++ b/monkey/infection_monkey/exploit/powershell_utils/powershell_client.py
@ -11,7 +11,7 @@ from pypsrp.powershell import PowerShell, RunspacePool
 from typing_extensions import Protocol
 from urllib3 import connectionpool

-from common.credentials.credentials import get_plaintext
+from common.credentials import get_plaintext
 from infection_monkey.exploit.powershell_utils.auth_options import AuthOptions
 from infection_monkey.exploit.powershell_utils.credentials import Credentials, SecretType

--- a/monkey/infection_monkey/exploit/smbexec.py
+++ b/monkey/infection_monkey/exploit/smbexec.py
@ -4,7 +4,7 @@ from impacket.dcerpc.v5 import scmr, transport
 from impacket.dcerpc.v5.scmr import DCERPCSessionError

 from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT
-from common.credentials.credentials import get_plaintext
+from common.credentials import get_plaintext
 from common.utils.attack_utils import ScanStatus, UsageEnum
 from infection_monkey.exploit.HostExploiter import HostExploiter
 from infection_monkey.exploit.tools.helpers import get_agent_dst_path
--- a/monkey/infection_monkey/exploit/sshexec.py
+++ b/monkey/infection_monkey/exploit/sshexec.py
@ -6,7 +6,7 @@ import paramiko

 from common import OperatingSystem
 from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT, MEDIUM_REQUEST_TIMEOUT
-from common.credentials.credentials import get_plaintext
+from common.credentials import get_plaintext
 from common.utils import Timer
 from common.utils.attack_utils import ScanStatus
 from common.utils.exceptions import FailedExploitationError
--- a/monkey/infection_monkey/exploit/tools/smb_tools.py
+++ b/monkey/infection_monkey/exploit/tools/smb_tools.py
@ -10,7 +10,7 @@ from impacket.smb3structs import SMB2_DIALECT_002, SMB2_DIALECT_21
 from impacket.smbconnection import SMB_DIALECT, SMBConnection
 from pydantic import SecretStr

-from common.credentials.credentials import get_plaintext
+from common.credentials import get_plaintext
 from common.utils.attack_utils import ScanStatus
 from infection_monkey.network.tools import get_interface_to_target
 from infection_monkey.telemetry.attack.t1105_telem import T1105Telem
--- a/monkey/infection_monkey/exploit/wmiexec.py
+++ b/monkey/infection_monkey/exploit/wmiexec.py
@ -5,7 +5,7 @@ import traceback

 from impacket.dcerpc.v5.rpcrt import DCERPCException

-from common.credentials.credentials import get_plaintext
+from common.credentials import get_plaintext
 from infection_monkey.exploit.HostExploiter import HostExploiter
 from infection_monkey.exploit.tools.helpers import get_agent_dst_path
 from infection_monkey.exploit.tools.smb_tools import SmbTools
--- a/monkey/tests/unit_tests/common/credentials/test_credentials.py
+++ b/monkey/tests/unit_tests/common/credentials/test_credentials.py
@ -16,8 +16,7 @@ from tests.data_for_tests.propagation_credentials import (
 )

 from common.base_models import InfectionMonkeyBaseModel
-from common.credentials import Credentials
-from common.credentials.credentials import get_plaintext
+from common.credentials import Credentials, get_plaintext


@pytest.mark.parametrize(
--- a/monkey/tests/unit_tests/common/events/init.py
+++ b/monkey/tests/unit_tests/common/events/init.py
--- a/monkey/tests/unit_tests/common/events/test_credentials_stolen_events.py
+++ b/monkey/tests/unit_tests/common/events/test_credentials_stolen_events.py
@ -0,0 +1,26 @@
+from tests.data_for_tests.propagation_credentials import (
+    CREDENTIALS,
+    PLAINTEXT_LM_HASH,
+    PLAINTEXT_NT_HASH,
+    PLAINTEXT_PASSWORD,
+    PLAINTEXT_PRIVATE_KEY,
+)
+from tests.unit_tests.monkey_island.cc.models.test_agent import AGENT_ID
+
+from common.events import CredentialsStolenEvent
+
+TEST_EVENT = CredentialsStolenEvent(stolen_credentials=CREDENTIALS, source=AGENT_ID)
+
+
+def test_credentials_stolen_event_serialization_json():
+    serialized_event = TEST_EVENT.json()
+    assert PLAINTEXT_PASSWORD in serialized_event
+    assert PLAINTEXT_LM_HASH in serialized_event
+    assert PLAINTEXT_NT_HASH in serialized_event
+    assert PLAINTEXT_PRIVATE_KEY in serialized_event
+
+
+def test_credential_stolen_event_deserialization_json():
+    serialized_event = TEST_EVENT.json()
+    deserialized_event = CredentialsStolenEvent.parse_raw(serialized_event)
+    assert deserialized_event == TEST_EVENT