From bb8e9f519282f9e07981d413af1db8a1bd9fbf4b Mon Sep 17 00:00:00 2001
From: Shay Nehmad <shay.nehmad@guardicore.com>
Date: Mon, 29 Jul 2019 10:15:27 +0300
Subject: [PATCH] Fixed CR Comment - exported sensitive fields

---
 monkey/infection_monkey/config.py  | 12 +++++++-----
 monkey/infection_monkey/control.py |  2 +-
 monkey/infection_monkey/main.py    |  2 +-
 3 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/monkey/infection_monkey/config.py b/monkey/infection_monkey/config.py
index 72fc8adf6..077aa705b 100644
--- a/monkey/infection_monkey/config.py
+++ b/monkey/infection_monkey/config.py
@@ -13,9 +13,11 @@ GUID = str(uuid.getnode())
 
 EXTERNAL_CONFIG_FILE = os.path.join(os.path.abspath(os.path.dirname(sys.argv[0])), 'monkey.bin')
 
+SENSITIVE_FIELDS = ["exploit_password_list", "exploit_user_list"]
+HIDDEN_FIELD_REPLACEMENT_CONTENT = "hidden"
+
 
 class Configuration(object):
-
     def from_kv(self, formatted_data):
         # now we won't work at <2.7 for sure
         network_import = importlib.import_module('infection_monkey.network')
@@ -54,9 +56,9 @@ class Configuration(object):
         return result
 
     @staticmethod
-    def filter_sensitive_info(config_dict):
-        config_dict["exploit_password_list"] = ["~REDACTED~"]
-        config_dict["exploit_user_list"] = ["~REDACTED~"]
+    def hide_sensitive_info(config_dict):
+        for field in SENSITIVE_FIELDS:
+            config_dict[field] = HIDDEN_FIELD_REPLACEMENT_CONTENT
         return config_dict
 
     def as_dict(self):
@@ -180,7 +182,7 @@ class Configuration(object):
 
     # TCP Scanner
     HTTP_PORTS = [80, 8080, 443,
-                  8008, # HTTP alternate
+                  8008,  # HTTP alternate
                   7001  # Oracle Weblogic default server port
                   ]
     tcp_target_ports = [22,
diff --git a/monkey/infection_monkey/control.py b/monkey/infection_monkey/control.py
index 874616f00..f6c52be55 100644
--- a/monkey/infection_monkey/control.py
+++ b/monkey/infection_monkey/control.py
@@ -169,7 +169,7 @@ class ControlClient(object):
         try:
             unknown_variables = WormConfiguration.from_kv(reply.json().get('config'))
             LOG.info("New configuration was loaded from server: %r" %
-                     (WormConfiguration.filter_sensitive_info(WormConfiguration.as_dict()),))
+                     (WormConfiguration.hide_sensitive_info(WormConfiguration.as_dict()),))
         except Exception as exc:
             # we don't continue with default conf here because it might be dangerous
             LOG.error("Error parsing JSON reply from control server %s (%s): %s",
diff --git a/monkey/infection_monkey/main.py b/monkey/infection_monkey/main.py
index c880dc7f0..2ddf9127e 100644
--- a/monkey/infection_monkey/main.py
+++ b/monkey/infection_monkey/main.py
@@ -68,7 +68,7 @@ def main():
     else:
         print("Config file wasn't supplied and default path: %s wasn't found, using internal default" % (config_file,))
 
-    print("Loaded Configuration: %r" % WormConfiguration.filter_sensitive_info(WormConfiguration.as_dict()))
+    print("Loaded Configuration: %r" % WormConfiguration.hide_sensitive_info(WormConfiguration.as_dict()))
 
     # Make sure we're not in a machine that has the kill file
     kill_path = os.path.expandvars(