From ff85360639d318096c5283d87ca626177e3a04e2 Mon Sep 17 00:00:00 2001
From: Shreya <shreya.malviya@gmail.com>
Date: Mon, 14 Jun 2021 13:20:19 +0530
Subject: [PATCH] island: Add functions to create a file securely on Linux and
 Windows

---
 monkey/monkey_island/cc/environment/utils.py | 52 ++++++++++++++++++++
 1 file changed, 52 insertions(+)

diff --git a/monkey/monkey_island/cc/environment/utils.py b/monkey/monkey_island/cc/environment/utils.py
index 524b9d5a8..7c822edd1 100644
--- a/monkey/monkey_island/cc/environment/utils.py
+++ b/monkey/monkey_island/cc/environment/utils.py
@@ -29,6 +29,7 @@ def _create_secure_directory_linux(path: str):
         # Don't split directory creation and permission setting
         # because it will temporarily create an accessible directory which anyone can use.
         os.mkdir(path, mode=0o700)
+
     except Exception as ex:
         LOG.error(f'Could not create a directory at "{path}": {str(ex)}')
         raise ex
@@ -41,6 +42,57 @@ def _create_secure_directory_windows(path: str):
             windows_permissions.get_security_descriptor_for_owner_only_perms()
         )
         win32file.CreateDirectory(path, security_attributes)
+
     except Exception as ex:
         LOG.error(f'Could not create a directory at "{path}": {str(ex)}')
         raise ex
+
+
+def create_secure_file(path: str):
+    if not os.path.isfile(path):
+        if is_windows_os():
+            _create_secure_file_windows(path)
+        else:
+            _create_secure_file_linux(path)
+
+
+def _create_secure_file_linux(path: str):
+    try:
+        flags = os.O_RDWR | os.O_CREAT  # read/write, create new
+        mode = 0o700  # read/write/execute permissions to owner
+
+        with os.open(path, flags, mode) as _:
+            pass
+
+    except Exception as ex:
+        LOG.error(f'Could not create a file at "{path}": {str(ex)}')
+        raise ex
+
+
+def _create_secure_file_windows(path: str):
+    try:
+        file_access = win32file.GENERIC_READ | win32file.GENERIC_WRITE
+        file_sharing = (
+            win32file.FILE_SHARE_READ
+        )  # subsequent open operations on the object will succeed only if read access is requested
+        security_attributes = win32security.SECURITY_ATTRIBUTES()
+        security_attributes.SECURITY_DESCRIPTOR = (
+            windows_permissions.get_security_descriptor_for_owner_only_perms()
+        )
+        file_creation = win32file.CREATE_NEW  # fails if file exists
+        file_attributes = win32file.FILE_ATTRIBUTE_NORMAL
+
+        with win32file.CreateFile(
+            fileName=path,
+            desiredAccess=file_access,
+            shareMode=file_sharing,
+            attributes=security_attributes,
+            CreationDisposition=file_creation,
+            flagsAndAttributes=file_attributes,
+            hTemplateFile=win32file.NULL,
+        ) as _:
+            pass
+
+    except Exception as ex:
+        LOG.error(f'Could not create a file at "{path}": {str(ex)}')
+        raise ex