From c0fdc9561f22b6350b03e1775a4969d554ebb98b Mon Sep 17 00:00:00 2001 From: Shreya Date: Thu, 22 Apr 2021 16:39:19 +0530 Subject: [PATCH] Fix DUO123 warnings --- .../island_client/monkey_island_requests.py | 22 ++++---- monkey/infection_monkey/control.py | 54 +++++++++---------- monkey/infection_monkey/exploit/drupal.py | 12 ++--- monkey/infection_monkey/exploit/shellshock.py | 4 +- monkey/infection_monkey/exploit/weblogic.py | 8 +-- monkey/infection_monkey/transport/http.py | 2 +- .../cc/server_utils/bootloader_server.py | 4 +- 7 files changed, 52 insertions(+), 54 deletions(-) diff --git a/envs/monkey_zoo/blackbox/island_client/monkey_island_requests.py b/envs/monkey_zoo/blackbox/island_client/monkey_island_requests.py index 4575f465e..fcea862e2 100644 --- a/envs/monkey_zoo/blackbox/island_client/monkey_island_requests.py +++ b/envs/monkey_zoo/blackbox/island_client/monkey_island_requests.py @@ -66,8 +66,8 @@ class MonkeyIslandRequests(object): return request_function_wrapper def get_jwt_from_server(self): - resp = requests.post( - self.addr + "api/auth", # noqa: DUO123 + resp = requests.post( # noqa: DUO123 + self.addr + "api/auth", json={"username": NO_AUTH_CREDS, "password": NO_AUTH_CREDS}, verify=False, ) @@ -75,8 +75,8 @@ class MonkeyIslandRequests(object): @_Decorators.refresh_jwt_token def get(self, url, data=None): - return requests.get( - self.addr + url, # noqa: DUO123 + return requests.get( # noqa: DUO123 + self.addr + url, headers=self.get_jwt_header(), params=data, verify=False, @@ -84,25 +84,25 @@ class MonkeyIslandRequests(object): @_Decorators.refresh_jwt_token def post(self, url, data): - return requests.post( - self.addr + url, data=data, headers=self.get_jwt_header(), verify=False # noqa: DUO123 + return requests.post( # noqa: DUO123 + self.addr + url, data=data, headers=self.get_jwt_header(), verify=False ) @_Decorators.refresh_jwt_token def post_json(self, url, data: Dict): - return requests.post( - self.addr + url, json=data, headers=self.get_jwt_header(), verify=False # noqa: DUO123 + return requests.post( # noqa: DUO123 + self.addr + url, json=data, headers=self.get_jwt_header(), verify=False ) @_Decorators.refresh_jwt_token def patch(self, url, data: Dict): - return requests.patch( - self.addr + url, data=data, headers=self.get_jwt_header(), verify=False # noqa: DUO123 + return requests.patch( # noqa: DUO123 + self.addr + url, data=data, headers=self.get_jwt_header(), verify=False ) @_Decorators.refresh_jwt_token def delete(self, url): - return requests.delete( # noqa: DOU123 + return requests.delete( # noqa: DUO123 self.addr + url, headers=self.get_jwt_header(), verify=False ) diff --git a/monkey/infection_monkey/control.py b/monkey/infection_monkey/control.py index 0df989d99..6fdd585b2 100644 --- a/monkey/infection_monkey/control.py +++ b/monkey/infection_monkey/control.py @@ -64,8 +64,8 @@ class ControlClient(object): if ControlClient.proxies: monkey["tunnel"] = ControlClient.proxies.get("https") - requests.post( - "https://%s/api/monkey" % (WormConfiguration.current_server,), # noqa: DUO123 + requests.post( # noqa: DUO123 + "https://%s/api/monkey" % (WormConfiguration.current_server,), data=json.dumps(monkey), headers={"content-type": "application/json"}, verify=False, @@ -92,8 +92,8 @@ class ControlClient(object): if ControlClient.proxies: debug_message += " through proxies: %s" % ControlClient.proxies LOG.debug(debug_message) - requests.get( - f"https://{server}/api?action=is-up", # noqa: DUO123 + requests.get( # noqa: DUO123 + f"https://{server}/api?action=is-up", verify=False, proxies=ControlClient.proxies, timeout=TIMEOUT_IN_SECONDS, @@ -130,9 +130,8 @@ class ControlClient(object): monkey = {} if ControlClient.proxies: monkey["tunnel"] = ControlClient.proxies.get("https") - requests.patch( - "https://%s/api/monkey/%s" - % (WormConfiguration.current_server, GUID), # noqa: DUO123 + requests.patch( # noqa: DUO123 + "https://%s/api/monkey/%s" % (WormConfiguration.current_server, GUID), data=json.dumps(monkey), headers={"content-type": "application/json"}, verify=False, @@ -155,8 +154,8 @@ class ControlClient(object): return try: telemetry = {"monkey_guid": GUID, "telem_category": telem_category, "data": json_data} - requests.post( - "https://%s/api/telemetry" % (WormConfiguration.current_server,), # noqa: DUO123 + requests.post( # noqa: DUO123 + "https://%s/api/telemetry" % (WormConfiguration.current_server,), data=json.dumps(telemetry), headers={"content-type": "application/json"}, verify=False, @@ -174,8 +173,8 @@ class ControlClient(object): return try: telemetry = {"monkey_guid": GUID, "log": json.dumps(log)} - requests.post( - "https://%s/api/log" % (WormConfiguration.current_server,), # noqa: DUO123 + requests.post( # noqa: DUO123 + "https://%s/api/log" % (WormConfiguration.current_server,), data=json.dumps(telemetry), headers={"content-type": "application/json"}, verify=False, @@ -192,9 +191,8 @@ class ControlClient(object): if not WormConfiguration.current_server: return try: - reply = requests.get( - "https://%s/api/monkey/%s" - % (WormConfiguration.current_server, GUID), # noqa: DUO123 + reply = requests.get( # noqa: DUO123 + "https://%s/api/monkey/%s" % (WormConfiguration.current_server, GUID), verify=False, proxies=ControlClient.proxies, timeout=MEDIUM_REQUEST_TIMEOUT, @@ -230,9 +228,8 @@ class ControlClient(object): if not WormConfiguration.current_server: return try: - requests.patch( - "https://%s/api/monkey/%s" - % (WormConfiguration.current_server, GUID), # noqa: DUO123 + requests.patch( # noqa: DUO123 + "https://%s/api/monkey/%s" % (WormConfiguration.current_server, GUID), data=json.dumps({"config_error": True}), headers={"content-type": "application/json"}, verify=False, @@ -292,9 +289,9 @@ class ControlClient(object): if (monkeyfs.isfile(dest_file)) and (size == monkeyfs.getsize(dest_file)): return dest_file else: - download = requests.get( + download = requests.get( # noqa: DUO123 "https://%s/api/monkey/download/%s" - % (WormConfiguration.current_server, filename), # noqa: DUO123 + % (WormConfiguration.current_server, filename), verify=False, proxies=ControlClient.proxies, timeout=MEDIUM_REQUEST_TIMEOUT, @@ -322,9 +319,8 @@ class ControlClient(object): if not WormConfiguration.current_server: return None, None try: - reply = requests.post( - "https://%s/api/monkey/download" - % (WormConfiguration.current_server,), # noqa: DUO123 + reply = requests.post( # noqa: DUO123 + "https://%s/api/monkey/download" % (WormConfiguration.current_server,), data=json.dumps(host_dict), headers={"content-type": "application/json"}, verify=False, @@ -370,8 +366,8 @@ class ControlClient(object): @staticmethod def get_pba_file(filename): try: - return requests.get( - PBA_FILE_DOWNLOAD % (WormConfiguration.current_server, filename), # noqa: DUO123 + return requests.get( # noqa: DUO123 + PBA_FILE_DOWNLOAD % (WormConfiguration.current_server, filename), verify=False, proxies=ControlClient.proxies, timeout=LONG_REQUEST_TIMEOUT, @@ -382,9 +378,9 @@ class ControlClient(object): @staticmethod def get_T1216_pba_file(): try: - return requests.get( + return requests.get( # noqa: DUO123 urljoin( - f"https://{WormConfiguration.current_server}/", # noqa: DUO123 + f"https://{WormConfiguration.current_server}/", T1216_PBA_FILE_DOWNLOAD_PATH, ), verify=False, @@ -416,7 +412,9 @@ class ControlClient(object): f"https://{WormConfiguration.current_server}/api/monkey_control" f"/check_remote_port/{port}" ) - response = requests.get(url, verify=False, timeout=SHORT_REQUEST_TIMEOUT) + response = requests.get( # noqa: DUO123 + url, verify=False, timeout=SHORT_REQUEST_TIMEOUT + ) response = json.loads(response.content.decode()) return response["status"] == "port_visible" except requests.exceptions.RequestException: @@ -424,7 +422,7 @@ class ControlClient(object): @staticmethod def report_start_on_island(): - requests.post( + requests.post( # noqa: DUO123 f"https://{WormConfiguration.current_server}/api/monkey_control/started_on_island", data=json.dumps({"started_on_island": True}), verify=False, diff --git a/monkey/infection_monkey/exploit/drupal.py b/monkey/infection_monkey/exploit/drupal.py index 50594e656..d1f49432c 100644 --- a/monkey/infection_monkey/exploit/drupal.py +++ b/monkey/infection_monkey/exploit/drupal.py @@ -82,8 +82,8 @@ class DrupalExploiter(WebRCE): """ payload = build_exploitability_check_payload(url) - response = requests.get( - f"{url}?_format=hal_json", # noqa: DUO123 + response = requests.get( # noqa: DUO123 + f"{url}?_format=hal_json", json=payload, headers={"Content-Type": "application/hal+json"}, verify=False, @@ -102,8 +102,8 @@ class DrupalExploiter(WebRCE): base = remove_port(url) payload = build_cmd_execution_payload(base, cmd) - r = requests.get( - f"{url}?_format=hal_json", # noqa: DUO123 + r = requests.get( # noqa: DUO123 + f"{url}?_format=hal_json", json=payload, headers={"Content-Type": "application/hal+json"}, verify=False, @@ -157,9 +157,9 @@ def find_exploitbale_article_ids(base_url: str, lower: int = 1, upper: int = 100 articles = set() while lower < upper: node_url = urljoin(base_url, str(lower)) - response = requests.get( + response = requests.get( # noqa: DUO123 node_url, verify=False, timeout=LONG_REQUEST_TIMEOUT - ) # noqa: DUO123 + ) if response.status_code == 200: if is_response_cached(response): LOG.info(f"Found a cached article at: {node_url}, skipping") diff --git a/monkey/infection_monkey/exploit/shellshock.py b/monkey/infection_monkey/exploit/shellshock.py index f83eb9a15..7bca6b04b 100644 --- a/monkey/infection_monkey/exploit/shellshock.py +++ b/monkey/infection_monkey/exploit/shellshock.py @@ -243,9 +243,9 @@ class ShellShockExploiter(HostExploiter): try: LOG.debug("Header is: %s" % header) LOG.debug("Attack is: %s" % attack) - r = requests.get( + r = requests.get( # noqa: DUO123 url, headers={header: attack}, verify=False, timeout=TIMEOUT - ) # noqa: DUO123 + ) result = r.content.decode() return result except requests.exceptions.RequestException as exc: diff --git a/monkey/infection_monkey/exploit/weblogic.py b/monkey/infection_monkey/exploit/weblogic.py index 017050346..9b158709f 100644 --- a/monkey/infection_monkey/exploit/weblogic.py +++ b/monkey/infection_monkey/exploit/weblogic.py @@ -83,9 +83,9 @@ class WebLogic201710271(WebRCE): else: payload = self.get_exploit_payload("cmd", "/c", command + " 1> NUL 2> NUL") try: - post( + post( # noqa: DUO123 url, data=payload, headers=HEADERS, timeout=EXECUTION_TIMEOUT, verify=False - ) # noqa: DUO123 + ) except Exception as e: LOG.error("Connection error: %s" % e) return False @@ -121,9 +121,9 @@ class WebLogic201710271(WebRCE): def check_if_exploitable_weblogic(self, url, httpd): payload = self.get_test_payload(ip=httpd.local_ip, port=httpd.local_port) try: - post( + post( # noqa: DUO123 url, data=payload, headers=HEADERS, timeout=REQUEST_DELAY, verify=False - ) # noqa: DUO123 + ) except exceptions.ReadTimeout: # Our request will not get response thus we get ReadTimeout error pass diff --git a/monkey/infection_monkey/transport/http.py b/monkey/infection_monkey/transport/http.py index e2b3a69da..fbddce109 100644 --- a/monkey/infection_monkey/transport/http.py +++ b/monkey/infection_monkey/transport/http.py @@ -126,7 +126,7 @@ class HTTPConnectProxyHandler(http.server.BaseHTTPRequestHandler): LOG.info("Received bootloader's request: {}".format(post_data)) try: dest_path = self.path - r = requests.post( + r = requests.post( # noqa: DUO123 url=dest_path, data=post_data, verify=False, diff --git a/monkey/monkey_island/cc/server_utils/bootloader_server.py b/monkey/monkey_island/cc/server_utils/bootloader_server.py index 1532f1a8d..cc2742991 100644 --- a/monkey/monkey_island/cc/server_utils/bootloader_server.py +++ b/monkey/monkey_island/cc/server_utils/bootloader_server.py @@ -33,9 +33,9 @@ class BootloaderHTTPRequestHandler(BaseHTTPRequestHandler): # The island server doesn't always have a correct SSL cert installed # (By default it comes with a self signed one), # that's why we're not verifying the cert in this request. - r = requests.post( + r = requests.post( # noqa: DUO123 url=island_server_path, data=post_data, verify=False, timeout=SHORT_REQUEST_TIMEOUT - ) # noqa: DUO123 + ) try: if r.status_code != 200: