forked from p15670423/monkey
agent: Rename RansomwareTelem -> FileEncryptionTelem
Ransomware will soon do more than just encrypt files. We should give the telemetry that's related to encrypting files a more descriptive name that better describes what it is reporting.
This commit is contained in:
parent
543f0031a2
commit
49eb1cd996
|
@ -8,4 +8,4 @@ class TelemCategoryEnum:
|
|||
TRACE = "trace"
|
||||
TUNNEL = "tunnel"
|
||||
ATTACK = "attack"
|
||||
RANSOMWARE = "ransomware"
|
||||
FILE_ENCRYPTION = "file_encryption"
|
||||
|
|
|
@ -5,8 +5,8 @@ from typing import List, Optional, Tuple
|
|||
from infection_monkey.ransomware.bitflip_encryptor import BitflipEncryptor
|
||||
from infection_monkey.ransomware.file_selectors import select_production_safe_target_files
|
||||
from infection_monkey.ransomware.valid_file_extensions import VALID_FILE_EXTENSIONS_FOR_ENCRYPTION
|
||||
from infection_monkey.telemetry.file_encryption_telem import FileEncryptionTelem
|
||||
from infection_monkey.telemetry.messengers.i_telemetry_messenger import ITelemetryMessenger
|
||||
from infection_monkey.telemetry.ransomware_telem import RansomwareTelem
|
||||
from infection_monkey.utils.environment import is_windows_os
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
@ -68,5 +68,5 @@ class RansomewarePayload:
|
|||
filepath.rename(new_filepath)
|
||||
|
||||
def _send_telemetry(self, filepath: Path, error: str):
|
||||
encryption_attempt = RansomwareTelem((str(filepath), str(error)))
|
||||
encryption_attempt = FileEncryptionTelem((str(filepath), str(error)))
|
||||
self._telemetry_messenger.send_telemetry(encryption_attempt)
|
||||
|
|
|
@ -6,10 +6,10 @@ from infection_monkey.telemetry.batchable_telem_mixin import BatchableTelemMixin
|
|||
from infection_monkey.telemetry.i_batchable_telem import IBatchableTelem
|
||||
|
||||
|
||||
class RansomwareTelem(BatchableTelemMixin, IBatchableTelem, BaseTelem):
|
||||
class FileEncryptionTelem(BatchableTelemMixin, IBatchableTelem, BaseTelem):
|
||||
def __init__(self, entry: Tuple[str, str]):
|
||||
"""
|
||||
Ransomware telemetry constructor
|
||||
File Encryption telemetry constructor
|
||||
:param attempts: List of tuples with each tuple containing the path
|
||||
of a file it tried encrypting and its result.
|
||||
If ransomware fails completely - list of one tuple
|
||||
|
@ -19,7 +19,7 @@ class RansomwareTelem(BatchableTelemMixin, IBatchableTelem, BaseTelem):
|
|||
|
||||
self._telemetry_entries.append(entry)
|
||||
|
||||
telem_category = TelemCategoryEnum.RANSOMWARE
|
||||
telem_category = TelemCategoryEnum.FILE_ENCRYPTION
|
||||
|
||||
def get_data(self):
|
||||
return {"ransomware_attempts": self._telemetry_entries}
|
||||
return {"files": self._telemetry_entries}
|
|
@ -133,10 +133,10 @@ def test_telemetry_success(ransomware_payload, telemetry_messenger_spy):
|
|||
telem_1 = telemetry_messenger_spy.telemetries[0]
|
||||
telem_2 = telemetry_messenger_spy.telemetries[1]
|
||||
|
||||
assert ALL_ZEROS_PDF in telem_1.get_data()["ransomware_attempts"][0][0]
|
||||
assert telem_1.get_data()["ransomware_attempts"][0][1] == ""
|
||||
assert TEST_KEYBOARD_TXT in telem_2.get_data()["ransomware_attempts"][0][0]
|
||||
assert telem_2.get_data()["ransomware_attempts"][0][1] == ""
|
||||
assert ALL_ZEROS_PDF in telem_1.get_data()["files"][0][0]
|
||||
assert telem_1.get_data()["files"][0][1] == ""
|
||||
assert TEST_KEYBOARD_TXT in telem_2.get_data()["files"][0][0]
|
||||
assert telem_2.get_data()["files"][0][1] == ""
|
||||
|
||||
|
||||
def test_telemetry_failure(monkeypatch, ransomware_payload, telemetry_messenger_spy):
|
||||
|
@ -149,5 +149,5 @@ def test_telemetry_failure(monkeypatch, ransomware_payload, telemetry_messenger_
|
|||
ransomware_payload.run_payload()
|
||||
telem_1 = telemetry_messenger_spy.telemetries[0]
|
||||
|
||||
assert "/file/not/exist" in telem_1.get_data()["ransomware_attempts"][0][0]
|
||||
assert "No such file or directory" in telem_1.get_data()["ransomware_attempts"][0][1]
|
||||
assert "/file/not/exist" in telem_1.get_data()["files"][0][0]
|
||||
assert "No such file or directory" in telem_1.get_data()["files"][0][1]
|
||||
|
|
|
@ -0,0 +1,19 @@
|
|||
import json
|
||||
|
||||
from infection_monkey.telemetry.file_encryption_telem import FileEncryptionTelem
|
||||
|
||||
ENCRYPTION_ATTEMPTS = [("<file1>", "<encryption attempt result>"), ("<file2>", "")]
|
||||
|
||||
|
||||
def test_file_encryption_telem_send(spy_send_telemetry):
|
||||
file_encryption_telem_1 = FileEncryptionTelem(ENCRYPTION_ATTEMPTS[0])
|
||||
file_encryption_telem_2 = FileEncryptionTelem(ENCRYPTION_ATTEMPTS[1])
|
||||
|
||||
file_encryption_telem_1.add_telemetry_to_batch(file_encryption_telem_2)
|
||||
|
||||
file_encryption_telem_1.send()
|
||||
expected_data = {"files": ENCRYPTION_ATTEMPTS}
|
||||
expected_data = json.dumps(expected_data, cls=file_encryption_telem_1.json_encoder)
|
||||
|
||||
assert spy_send_telemetry.data == expected_data
|
||||
assert spy_send_telemetry.telem_category == "file_encryption"
|
|
@ -1,19 +0,0 @@
|
|||
import json
|
||||
|
||||
from infection_monkey.telemetry.ransomware_telem import RansomwareTelem
|
||||
|
||||
ENCRYPTION_ATTEMPTS = [("<file1>", "<encryption attempt result>"), ("<file2>", "")]
|
||||
|
||||
|
||||
def test_ransomware_telem_send(spy_send_telemetry):
|
||||
ransomware_telem_1 = RansomwareTelem(ENCRYPTION_ATTEMPTS[0])
|
||||
ransomware_telem_2 = RansomwareTelem(ENCRYPTION_ATTEMPTS[1])
|
||||
|
||||
ransomware_telem_1.add_telemetry_to_batch(ransomware_telem_2)
|
||||
|
||||
ransomware_telem_1.send()
|
||||
expected_data = {"ransomware_attempts": ENCRYPTION_ATTEMPTS}
|
||||
expected_data = json.dumps(expected_data, cls=ransomware_telem_1.json_encoder)
|
||||
|
||||
assert spy_send_telemetry.data == expected_data
|
||||
assert spy_send_telemetry.telem_category == "ransomware"
|
Loading…
Reference in New Issue