Fixed custom PBA upload path to use abstract path in island dir rather than flask cwd.

This commit is contained in:
VakarisZ 2021-01-08 17:02:33 +02:00
parent 1f129757a4
commit 78aaa4091d
3 changed files with 17 additions and 14 deletions

View File

@ -1,10 +1,14 @@
import logging
import flask_restful import flask_restful
from flask import send_from_directory from flask import send_from_directory
from monkey_island.cc.services.post_breach_files import UPLOADS_DIR_NAME from monkey_island.cc.services.post_breach_files import ABS_UPLOAD_PATH
__author__ = 'VakarisZ' __author__ = 'VakarisZ'
LOG = logging.getLogger(__name__)
class PBAFileDownload(flask_restful.Resource): class PBAFileDownload(flask_restful.Resource):
""" """
@ -13,4 +17,4 @@ class PBAFileDownload(flask_restful.Resource):
# Used by monkey. can't secure. # Used by monkey. can't secure.
def get(self, path): def get(self, path):
return send_from_directory(UPLOADS_DIR_NAME, path) return send_from_directory(ABS_UPLOAD_PATH, path)

View File

@ -9,8 +9,7 @@ from werkzeug.utils import secure_filename
from monkey_island.cc.resources.auth.auth import jwt_required from monkey_island.cc.resources.auth.auth import jwt_required
from monkey_island.cc.services.config import ConfigService from monkey_island.cc.services.config import ConfigService
from monkey_island.cc.services.post_breach_files import ( from monkey_island.cc.services.post_breach_files import (
PBA_LINUX_FILENAME_PATH, PBA_UPLOAD_PATH, PBA_WINDOWS_FILENAME_PATH, ABS_UPLOAD_PATH, PBA_LINUX_FILENAME_PATH, PBA_WINDOWS_FILENAME_PATH)
UPLOADS_DIR)
__author__ = 'VakarisZ' __author__ = 'VakarisZ'
@ -19,9 +18,6 @@ LOG = logging.getLogger(__name__)
LINUX_PBA_TYPE = 'PBAlinux' LINUX_PBA_TYPE = 'PBAlinux'
WINDOWS_PBA_TYPE = 'PBAwindows' WINDOWS_PBA_TYPE = 'PBAwindows'
# This path is used by flask, which means that local directory is different from UPLOADS_DIR
FLASK_UPLOAD_PATH = PBA_UPLOAD_PATH[-1]
class FileUpload(flask_restful.Resource): class FileUpload(flask_restful.Resource):
""" """
@ -29,7 +25,7 @@ class FileUpload(flask_restful.Resource):
""" """
def __init__(self): def __init__(self):
# Create all directories on the way if they don't exist # Create all directories on the way if they don't exist
UPLOADS_DIR.mkdir(parents=True, exist_ok=True) ABS_UPLOAD_PATH.mkdir(parents=True, exist_ok=True)
@jwt_required @jwt_required
def get(self, file_type): def get(self, file_type):
@ -43,7 +39,8 @@ class FileUpload(flask_restful.Resource):
filename = ConfigService.get_config_value(copy.deepcopy(PBA_LINUX_FILENAME_PATH)) filename = ConfigService.get_config_value(copy.deepcopy(PBA_LINUX_FILENAME_PATH))
else: else:
filename = ConfigService.get_config_value(copy.deepcopy(PBA_WINDOWS_FILENAME_PATH)) filename = ConfigService.get_config_value(copy.deepcopy(PBA_WINDOWS_FILENAME_PATH))
return send_from_directory(FLASK_UPLOAD_PATH, filename) LOG.info(f"Current dir:{os.getcwd()}")
return send_from_directory(ABS_UPLOAD_PATH, filename)
@jwt_required @jwt_required
def post(self, file_type): def post(self, file_type):
@ -68,7 +65,7 @@ class FileUpload(flask_restful.Resource):
""" """
filename_path = PBA_LINUX_FILENAME_PATH if file_type == 'PBAlinux' else PBA_WINDOWS_FILENAME_PATH filename_path = PBA_LINUX_FILENAME_PATH if file_type == 'PBAlinux' else PBA_WINDOWS_FILENAME_PATH
filename = ConfigService.get_config_value(filename_path) filename = ConfigService.get_config_value(filename_path)
file_path = UPLOADS_DIR.joinpath(filename) file_path = ABS_UPLOAD_PATH.joinpath(filename)
try: try:
if os.path.exists(file_path): if os.path.exists(file_path):
os.remove(file_path) os.remove(file_path)
@ -87,7 +84,7 @@ class FileUpload(flask_restful.Resource):
:return: filename string :return: filename string
""" """
filename = secure_filename(request_.files['filepond'].filename) filename = secure_filename(request_.files['filepond'].filename)
file_path = UPLOADS_DIR.joinpath(filename).absolute() file_path = ABS_UPLOAD_PATH.joinpath(filename).absolute()
request_.files['filepond'].save(str(file_path)) request_.files['filepond'].save(str(file_path))
ConfigService.set_config_value((PBA_LINUX_FILENAME_PATH if is_linux else PBA_WINDOWS_FILENAME_PATH), filename) ConfigService.set_config_value((PBA_LINUX_FILENAME_PATH if is_linux else PBA_WINDOWS_FILENAME_PATH), filename)
return filename return filename

View File

@ -12,8 +12,10 @@ logger = logging.getLogger(__name__)
PBA_WINDOWS_FILENAME_PATH = ['monkey', 'post_breach', 'PBA_windows_filename'] PBA_WINDOWS_FILENAME_PATH = ['monkey', 'post_breach', 'PBA_windows_filename']
PBA_LINUX_FILENAME_PATH = ['monkey', 'post_breach', 'PBA_linux_filename'] PBA_LINUX_FILENAME_PATH = ['monkey', 'post_breach', 'PBA_linux_filename']
UPLOADS_DIR_NAME = 'userUploads' UPLOADS_DIR_NAME = 'userUploads'
PBA_UPLOAD_PATH = ['monkey_island', 'cc', UPLOADS_DIR_NAME]
UPLOADS_DIR = Path(*PBA_UPLOAD_PATH)
_PBA_UPLOAD_PATH = [os.getcwd(), 'monkey_island', 'cc', UPLOADS_DIR_NAME]
ABS_UPLOAD_PATH = Path(*_PBA_UPLOAD_PATH)
def remove_PBA_files(): def remove_PBA_files():
@ -27,7 +29,7 @@ def remove_PBA_files():
def remove_file(file_name): def remove_file(file_name):
file_path = os.path.join(UPLOADS_DIR, file_name) file_path = os.path.join(ABS_UPLOAD_PATH, file_name)
try: try:
if os.path.exists(file_path): if os.path.exists(file_path):
os.remove(file_path) os.remove(file_path)