From 5c5ae5bb0df67e65c340bdbded257a4954b6f185 Mon Sep 17 00:00:00 2001 From: Shreya Malviya Date: Mon, 27 Jun 2022 12:07:58 -0700 Subject: [PATCH] Island: Modify ConfigurationImport and ConfigurationExport to work without PasswordBasedStringEncryptor --- .../cc/resources/configuration_export.py | 16 +------------- .../cc/resources/configuration_import.py | 22 +------------------ 2 files changed, 2 insertions(+), 36 deletions(-) diff --git a/monkey/monkey_island/cc/resources/configuration_export.py b/monkey/monkey_island/cc/resources/configuration_export.py index e10e5d1a3..0865a2558 100644 --- a/monkey/monkey_island/cc/resources/configuration_export.py +++ b/monkey/monkey_island/cc/resources/configuration_export.py @@ -1,10 +1,5 @@ -import json - -from flask import request - from monkey_island.cc.resources.AbstractResource import AbstractResource from monkey_island.cc.resources.request_authentication import jwt_required -from monkey_island.cc.server_utils.encryption import PasswordBasedStringEncryptor from monkey_island.cc.services.config import ConfigService @@ -13,17 +8,8 @@ class ConfigurationExport(AbstractResource): @jwt_required def post(self): - data = json.loads(request.data) - should_encrypt = data["should_encrypt"] - plaintext_config = ConfigService.get_config() config_export = plaintext_config - if should_encrypt: - password = data["password"] - plaintext_config = json.dumps(plaintext_config) - pb_encryptor = PasswordBasedStringEncryptor(password) - config_export = pb_encryptor.encrypt(plaintext_config) - - return {"config_export": config_export, "encrypted": should_encrypt} + return {"config_export": config_export, "encrypted": False} diff --git a/monkey/monkey_island/cc/resources/configuration_import.py b/monkey/monkey_island/cc/resources/configuration_import.py index 15ab3e41f..8f5d73afa 100644 --- a/monkey/monkey_island/cc/resources/configuration_import.py +++ b/monkey/monkey_island/cc/resources/configuration_import.py @@ -8,12 +8,7 @@ from flask import request from common.utils.exceptions import InvalidConfigurationError from monkey_island.cc.resources.AbstractResource import AbstractResource from monkey_island.cc.resources.request_authentication import jwt_required -from monkey_island.cc.server_utils.encryption import ( - InvalidCiphertextError, - InvalidCredentialsError, - PasswordBasedStringEncryptor, - is_encrypted, -) +from monkey_island.cc.server_utils.encryption import InvalidCiphertextError, InvalidCredentialsError from monkey_island.cc.services.config import ConfigService logger = logging.getLogger(__name__) @@ -75,9 +70,6 @@ class ConfigurationImport(AbstractResource): def _get_plaintext_config_from_request(request_contents: dict) -> dict: try: config = request_contents["config"] - if ConfigurationImport.is_config_encrypted(request_contents["config"]): - pb_encryptor = PasswordBasedStringEncryptor(request_contents["password"]) - config = pb_encryptor.decrypt(config) return json.loads(config) except (JSONDecodeError, InvalidCiphertextError): logger.exception( @@ -89,15 +81,3 @@ class ConfigurationImport(AbstractResource): def import_config(config_json): if not ConfigService.update_config(config_json, should_encrypt=True): raise InvalidConfigurationError - - @staticmethod - def is_config_encrypted(config: str): - try: - if config.startswith("{"): - return False - elif is_encrypted(config): - return True - else: - raise InvalidConfigurationError - except Exception: - raise InvalidConfigurationError