From 35b4fae3260e7a50d0e1ebe3f24e263394bab316 Mon Sep 17 00:00:00 2001 From: vakarisz Date: Wed, 8 Jun 2022 10:55:29 +0300 Subject: [PATCH] Island, Agent: Remove per-agent configuration from agent document Each agent doesn't need to have a separate configuration since the configuration is global and unique agent parameters are not and should not be stored in configuration --- monkey/infection_monkey/control.py | 7 ++--- .../master/control_channel.py | 2 +- monkey/monkey_island/cc/models/monkey.py | 1 - monkey/monkey_island/cc/resources/monkey.py | 28 ++----------------- monkey/monkey_island/cc/services/config.py | 4 ++- 5 files changed, 9 insertions(+), 33 deletions(-) diff --git a/monkey/infection_monkey/control.py b/monkey/infection_monkey/control.py index ce4d14840..b6568a860 100644 --- a/monkey/infection_monkey/control.py +++ b/monkey/infection_monkey/control.py @@ -41,7 +41,6 @@ class ControlClient(object): "ip_addresses": local_ips(), "networks": get_host_subnets(), "description": " ".join(platform.uname()), - "config": WormConfiguration.as_dict(), "parent": parent, "launch_time": agent_process.get_start_time(), } @@ -50,7 +49,7 @@ class ControlClient(object): monkey["tunnel"] = ControlClient.proxies.get("https") requests.post( # noqa: DUO123 - "https://%s/api/agent" % (WormConfiguration.current_server,), + f"https://{WormConfiguration.current_server}/api/agent", data=json.dumps(monkey), headers={"content-type": "application/json"}, verify=False, @@ -173,7 +172,7 @@ class ControlClient(object): return try: reply = requests.get( # noqa: DUO123 - "https://%s/api/agent/%s/legacy" % (WormConfiguration.current_server, GUID), + f"https://{WormConfiguration.current_server}/api/agent/", verify=False, proxies=ControlClient.proxies, timeout=MEDIUM_REQUEST_TIMEOUT, @@ -210,7 +209,7 @@ class ControlClient(object): return try: requests.patch( # noqa: DUO123 - "https://%s/api/agent/%s" % (WormConfiguration.current_server, GUID), + f"https://{WormConfiguration.current_server}/api/agent/{GUID}", data=json.dumps({"config_error": True}), headers={"content-type": "application/json"}, verify=False, diff --git a/monkey/infection_monkey/master/control_channel.py b/monkey/infection_monkey/master/control_channel.py index 53e2cee0b..64f8d0396 100644 --- a/monkey/infection_monkey/master/control_channel.py +++ b/monkey/infection_monkey/master/control_channel.py @@ -49,7 +49,7 @@ class ControlChannel(IControlChannel): def get_config(self) -> dict: try: response = requests.get( # noqa: DUO123 - f"https://{self._control_channel_server}/api/agent/{self._agent_id}", + f"https://{self._control_channel_server}/api/agent", verify=False, proxies=ControlClient.proxies, timeout=SHORT_REQUEST_TIMEOUT, diff --git a/monkey/monkey_island/cc/models/monkey.py b/monkey/monkey_island/cc/models/monkey.py index 8f1db8121..653972456 100644 --- a/monkey/monkey_island/cc/models/monkey.py +++ b/monkey/monkey_island/cc/models/monkey.py @@ -37,7 +37,6 @@ class Monkey(Document): # SCHEMA guid = StringField(required=True) - config = EmbeddedDocumentField("Config") should_stop = BooleanField() dead = BooleanField() description = StringField() diff --git a/monkey/monkey_island/cc/resources/monkey.py b/monkey/monkey_island/cc/resources/monkey.py index 811ccd0ee..8da54376d 100644 --- a/monkey/monkey_island/cc/resources/monkey.py +++ b/monkey/monkey_island/cc/resources/monkey.py @@ -21,28 +21,11 @@ class Monkey(AbstractResource): urls = [ "/api/agent", "/api/agent/", - # API Spec: Resource names should alternate with IDs (/api/agents/123/config-format/xyz) - "/api/agent//", ] # Used by monkey. can't secure. - def get(self, guid=None, config_format=None, **kw): - if not guid: - guid = request.args.get("guid") - - if guid: - monkey_json = mongo.db.monkey.find_one_or_404({"guid": guid}) - # TODO: When the "legacy" format is no longer needed, update this logic and remove the - # "/api/agent//" route. Also considering not - # flattening the config in the first place. - if config_format == "legacy": - ConfigService.decrypt_flat_config(monkey_json["config"]) - else: - ConfigService.format_flat_config_for_agent(monkey_json["config"]) - - return monkey_json - - return {} + def get(self): + return {"config": ConfigService.format_flat_config_for_agent()} # Used by monkey. can't secure. @TestTelemStore.store_exported_telem @@ -54,8 +37,6 @@ class Monkey(AbstractResource): monkey_json = json.loads(request.data) update = {"$set": {"modifytime": datetime.now()}} monkey = NodeService.get_monkey_by_guid(guid) - if "config" in monkey_json: - update["$set"]["config"] = monkey_json["config"] if "config_error" in monkey_json: update["$set"]["config_error"] = monkey_json["config_error"] @@ -89,11 +70,6 @@ class Monkey(AbstractResource): # if new monkey telem, change config according to "new monkeys" config. db_monkey = mongo.db.monkey.find_one({"guid": monkey_json["guid"]}) - # Update monkey configuration - new_config = ConfigService.get_flat_config(False, False) - monkey_json["config"] = monkey_json.get("config", {}) - monkey_json["config"].update(new_config) - # try to find new monkey parent parent = monkey_json.get("parent") parent_to_add = (monkey_json.get("guid"), None) # default values in case of manual run diff --git a/monkey/monkey_island/cc/services/config.py b/monkey/monkey_island/cc/services/config.py index 608c21d99..043d1ff18 100644 --- a/monkey/monkey_island/cc/services/config.py +++ b/monkey/monkey_island/cc/services/config.py @@ -427,11 +427,13 @@ class ConfigService: } @staticmethod - def format_flat_config_for_agent(config: Dict): + def format_flat_config_for_agent(): + config = ConfigService.get_flat_config() ConfigService._remove_credentials_from_flat_config(config) ConfigService._format_payloads_from_flat_config(config) ConfigService._format_pbas_from_flat_config(config) ConfigService._format_propagation_from_flat_config(config) + return config @staticmethod def _remove_credentials_from_flat_config(config: Dict):