island: Add functions to create a file securely on Linux and Windows

2021-06-14 13:20:19 +05:30 · 2021-06-14 13:20:19 +05:30 · ff85360639
parent 5d7d86aedc
commit ff85360639
1 changed files with 52 additions and 0 deletions
--- a/monkey/monkey_island/cc/environment/utils.py
+++ b/monkey/monkey_island/cc/environment/utils.py
@ -29,6 +29,7 @@ def _create_secure_directory_linux(path: str):
        # Don't split directory creation and permission setting
        # because it will temporarily create an accessible directory which anyone can use.
        os.mkdir(path, mode=0o700)
+
    except Exception as ex:
        LOG.error(f'Could not create a directory at "{path}": {str(ex)}')
        raise ex
@ -41,6 +42,57 @@ def _create_secure_directory_windows(path: str):
            windows_permissions.get_security_descriptor_for_owner_only_perms()
        )
        win32file.CreateDirectory(path, security_attributes)
+
    except Exception as ex:
        LOG.error(f'Could not create a directory at "{path}": {str(ex)}')
        raise ex
+
+
+def create_secure_file(path: str):
+    if not os.path.isfile(path):
+        if is_windows_os():
+            _create_secure_file_windows(path)
+        else:
+            _create_secure_file_linux(path)
+
+
+def _create_secure_file_linux(path: str):
+    try:
+        flags = os.O_RDWR | os.O_CREAT  # read/write, create new
+        mode = 0o700  # read/write/execute permissions to owner
+
+        with os.open(path, flags, mode) as _:
+            pass
+
+    except Exception as ex:
+        LOG.error(f'Could not create a file at "{path}": {str(ex)}')
+        raise ex
+
+
+def _create_secure_file_windows(path: str):
+    try:
+        file_access = win32file.GENERIC_READ | win32file.GENERIC_WRITE
+        file_sharing = (
+            win32file.FILE_SHARE_READ
+        )  # subsequent open operations on the object will succeed only if read access is requested
+        security_attributes = win32security.SECURITY_ATTRIBUTES()
+        security_attributes.SECURITY_DESCRIPTOR = (
+            windows_permissions.get_security_descriptor_for_owner_only_perms()
+        )
+        file_creation = win32file.CREATE_NEW  # fails if file exists
+        file_attributes = win32file.FILE_ATTRIBUTE_NORMAL
+
+        with win32file.CreateFile(
+            fileName=path,
+            desiredAccess=file_access,
+            shareMode=file_sharing,
+            attributes=security_attributes,
+            CreationDisposition=file_creation,
+            flagsAndAttributes=file_attributes,
+            hTemplateFile=win32file.NULL,
+        ) as _:
+            pass
+
+    except Exception as ex:
+        LOG.error(f'Could not create a file at "{path}": {str(ex)}')
+        raise ex