p34709852
/
monkey
forked from p15670423/monkey
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

Fix Windows file permission checking

This commit is contained in:
Shreya 2021-06-09 13:34:26 +05:30 committed by Mike Salvatore
parent f1d85dbc44
commit 438a63b0f4
2 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
monkey/monkey_island/cc/server_utils/file_utils.py
View File

@ -26,12 +26,12 @@ def has_expected_permissions(path: str, expected_permissions: int) -> bool:
sid = ace[-1] sid = ace[-1]
permissions = ace[1] permissions = ace[1]
if sid == user_sid: if sid == user_sid:
if oct(permissions & 0o777) != expected_permissions: if permissions != expected_permissions:
return False return False
elif sid == admins_sid: elif sid == admins_sid:
continue continue
else: else:
if oct(permissions) != 0: # everyone but user & admins should have no permissions if permissions != 2032127: # everyone but user & admins should have no permissions
return False return False
return True return True

12
monkey/monkey_island/cc/setup/island_config_options_validator.py
View File

@ -1,16 +1,17 @@
import os import os
from common.utils.exceptions import InsecurePermissionsError from common.utils.exceptions import InsecurePermissionsError
from monkey_island.cc.environment.utils import is_windows_os
from monkey_island.cc.server_utils.file_utils import has_expected_permissions from monkey_island.cc.server_utils.file_utils import has_expected_permissions
from monkey_island.cc.setup.island_config_options import IslandConfigOptions from monkey_island.cc.setup.island_config_options import IslandConfigOptions
def raise_on_invalid_options(options: IslandConfigOptions): def raise_on_invalid_options(options: IslandConfigOptions):
_raise_if_not_isfile(options.crt_path) _raise_if_not_isfile(options.crt_path)
_raise_if_incorrect_permissions(options.crt_path, 0o400) _raise_if_incorrect_permissions(options.crt_path, 0o400, 1179817)
_raise_if_not_isfile(options.key_path) _raise_if_not_isfile(options.key_path)
_raise_if_incorrect_permissions(options.key_path, 0o400) _raise_if_incorrect_permissions(options.key_path, 0o400, 1179817)
def _raise_if_not_isfile(f: str): def _raise_if_not_isfile(f: str):
@ -18,7 +19,12 @@ def _raise_if_not_isfile(f: str):
raise FileNotFoundError(f"{f} does not exist or is not a regular file.") raise FileNotFoundError(f"{f} does not exist or is not a regular file.")
def _raise_if_incorrect_permissions(f: str, expected_permissions: int): def _raise_if_incorrect_permissions(
f: str, linux_expected_permissions: int, windows_expected_permissions: int
):
expected_permissions = (
windows_expected_permissions if is_windows_os() else linux_expected_permissions
)
if not has_expected_permissions(f, expected_permissions): if not has_expected_permissions(f, expected_permissions):
raise InsecurePermissionsError( raise InsecurePermissionsError(
f"The file {f} has incorrect permissions. Expected: {oct(expected_permissions)}" f"The file {f} has incorrect permissions. Expected: {oct(expected_permissions)}"