Commit Graph

5729 Commits

Author SHA1 Message Date
Shreya c802914cf6 tests: Update tests according to previous changes with `expand_path()` 2021-07-06 19:46:08 +05:30
Shreya 96c3a2ed12 agent, island: Replace import path for `expand_path()` everywhere 2021-07-06 19:45:08 +05:30
Mike Salvatore 6622fc0ff5 Island: Do not set state from props in RansomwareReport 2021-07-06 10:10:33 -04:00
Shreya d0a94e6223 agent, common, island: Move file util `expand_path` to `common/` 2021-07-06 19:40:10 +05:30
Mike Salvatore b1ab2525fd
Merge pull request #1288 from guardicore/ransomware-target-dir-validators
Validate ransomware target directories
2021-07-06 09:50:47 -04:00
Shreya ded6ce0cd0 agent: Use `expand_path()` instead of `os.path` functions in ransomware payload 2021-07-06 19:18:52 +05:30
Mike Salvatore 4bec9576aa Island: Remove extra + from windows environment variable regex 2021-07-06 09:38:32 -04:00
Mike Salvatore 638db3d7e0 Island: Escape '-' character in environment variable regex
Co-authored-by: Shreya Malviya <shreya.malviya@gmail.com>
2021-07-06 09:38:32 -04:00
Mike Salvatore d2dda4519f Island: Allow Windows ransomware target paths to be UNC paths 2021-07-06 09:38:32 -04:00
Mike Salvatore 9d4ee88e09 Island: Do not allow Windows ransomware target paths beginning with "$"
As far as I can tell, environment variables in Windows look like %NAME%.
Variables in powershell begin with $, but file explorer doesn't
recognize paths beginning with $ as valid.
2021-07-06 09:38:32 -04:00
Mike Salvatore df6082b50a Island: Refactor linux/windows ransomware path regexes
Refactored because the escape characters were cumbersome and difficult
to read when regexes were defined as strings. Also allow special
characters in Windows environment variable names as per
https://ss64.com/nt/syntax-variables.html
2021-07-06 09:38:32 -04:00
Shreya dc305d8e16 cc: Add validation format (starts wih `~`) for ransomware linux target directory 2021-07-06 09:38:32 -04:00
Shreya f8a062876c agent: Create `file_utils.py` and add `expand_path()` to it 2021-07-06 19:07:53 +05:30
Shreya e91d7a6282 agent: Change type hint for FileEncryption's `__init__()`'s `filepath` 2021-07-06 19:04:55 +05:30
Mike Salvatore b17b85d7e7
Merge pull request #1299 from guardicore/delimiter-windows-certificate
island: Add delimiter to windows create_certificate
2021-07-06 09:23:30 -04:00
Mike Salvatore 0fd88b8097 Merge pull request #1297 from guardicore/ransomware-report-api-endpoint 2021-07-06 09:22:11 -04:00
Mike Salvatore 832704dd1c
Merge pull request #1298 from guardicore/gevent-ssl-traceback
Gevent ssl traceback
2021-07-06 09:19:44 -04:00
Mike Salvatore 96fc33025e Island: Redirect gevent tracebacks to file and log exceptions
By default, gevent prints exceptions and tracebacks to stderr. This is
obnoxious as it results in large tracebacks intermixed with the output
that the logger prints to the console. This commit redirects this data
to {DATA_DIR}/gevent_exceptions.log. Unfortunately, this would mean that
the user might be left without any indication these exceptions had
occurred, unless they take the time to inspect the
gevent_exceptions.log. Therefore, when an excepion occurs, a message
with just the exception (not the traceback) is logged to WARNING.

Fixes #859
2021-07-06 08:39:30 -04:00
Shreya 4d8258ddbd cc: Change order of report tab imports to match the order in which they're shown 2021-07-06 16:23:27 +05:30
Shreya c78c955551 CHANGELOG: Add ransomware report API endpoint 2021-07-06 16:16:35 +05:30
Shreya 6d32f85120 island: Remove responsibility to decide whether the report should be displayed, from the backend 2021-07-06 16:14:22 +05:30
Ilija Lazoroski 695e266943 island: Add delimiter to windows create_certificate 2021-07-06 12:43:32 +02:00
Shreya 231fa6f99f cc: Add dummy code to frontend to check if ransomware report tab should be showed 2021-07-06 15:44:40 +05:30
Mike Salvatore 524fd0f55e
Merge pull request #1248 from guardicore/string-templating-dropper-upgrader
Added string templating functions for infection monkey dropper.
2021-07-05 19:27:11 -04:00
Mike Salvatore ebbdbc8dcb Island: Add GeventHubErrorHandler to log gevent exceptions 2021-07-05 12:26:40 -04:00
Mike Salvatore f86ff4fbd7 Island: Set log and error_log parameters on WSGIServer constructor
Provides WSGIServer with a logger for INFO log messages and ERROR log
messages.

https://www.gevent.org/api/gevent.pywsgi.html#gevent.pywsgi.WSGIServer
2021-07-05 12:26:37 -04:00
Shreya 8afd69634c tests: Add unit test for ransomware target dir path with env variables 2021-07-05 19:13:36 +05:30
Mike Salvatore 19e9fe5fb9 appimage: Upgrade python version to 3.7.11 2021-07-05 08:29:01 -04:00
Mike Salvatore b4b690491e Update changelog 2021-07-05 08:18:14 -04:00
Mike Salvatore 94bf91c447
Merge pull request #1286 from guardicore/ransomware-config-ui-description
Ransomware config UI description
2021-07-05 07:30:47 -04:00
Shreya 7b167ba0c4 island: Add API endpoint for ransomware report 2021-07-05 16:17:40 +05:30
Shreya 2f090f0060 cc: Only show ransomware report tab if `show` in ransomware report telemetry is `true` 2021-07-05 15:04:10 +05:30
Mike Salvatore 01b9c41c6e Remove mock_home_env() from vulture_allowlist.py 2021-07-02 18:59:24 -04:00
Mike Salvatore f4102aaa3a Remove unused mock_home_env() pytest fixture
This was replaced with patched_home_env() but never removed.
2021-07-02 09:31:45 -04:00
VakarisZ 8ef6a50180 Fix a bug in ransomware directories that caused environmental variables to not be expanded 2021-07-02 15:11:30 +03:00
Shreya 3496c717a9 cc, common: Split ransomware dir path validator regex expressions and rename related stuff to accurately describe it 2021-07-02 16:39:03 +05:30
Shreya 54072b6632 cc: Make whitespace-only a valid input for ransomware target directory paths 2021-07-02 16:09:50 +05:30
Shreya 1768c0cdf6 cc: Fix regex bug when validating ransomware target directories 2021-07-02 16:04:46 +05:30
Shreya 46ac53c5d1 cc: Add ransomware report tab 2021-07-02 13:53:45 +05:30
Shreya 3d48a11fc2 cc: Add regex validators for ransomware directory path validation 2021-07-01 13:32:10 +05:30
Shreya 8af93c4304 cc: Add ransomware directory path validation error messages 2021-07-01 13:31:39 +05:30
Shreya 73c61ebcf0 island: Add ransomware directory path validators to ransomware schema 2021-07-01 13:31:10 +05:30
Shreya 0a1782a928 common: Add validator constants for valid ransomware directory paths 2021-07-01 13:30:55 +05:30
Mike Salvatore e1263ec753 Island: Add a ransomware description to the ransomware config_schema 2021-06-30 14:10:15 -04:00
Mike Salvatore 938022fc52 Island: Allow HTML in config_schema descriptions to be renedered 2021-06-30 14:09:26 -04:00
Mike Salvatore f698c889e3 Docs: Move ransomware from References to Use Cases 2021-06-30 11:40:06 -04:00
Mike Salvatore b19044e4e8 Docs: Fix "The Infection Monkey" consistency in ransomware.md 2021-06-30 11:37:32 -04:00
Mike Salvatore f023399a36
Merge pull request #1285 from guardicore/ransomware_dir_hide_ui
Ransomware: hide directory fields if encryption is disabled
2021-06-30 10:46:13 -04:00
Mike Salvatore 8735724c90
Merge pull request #1283 from guardicore/config-log-formatting
Agent: Format config log messages so they are readable
2021-06-30 10:19:05 -04:00
Mike Salvatore bfa6bcaeb2 Island: Reword descriptions in ransomware config schema 2021-06-30 10:10:44 -04:00