From 49eb1cd996a906b1109c2046dd11fa04b1a27190 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Mon, 28 Jun 2021 13:13:16 -0400 Subject: [PATCH] agent: Rename RansomwareTelem -> FileEncryptionTelem Ransomware will soon do more than just encrypt files. We should give the telemetry that's related to encrypting files a more descriptive name that better describes what it is reporting. --- .../common/common_consts/telem_categories.py | 2 +- .../ransomware/ransomware_payload.py | 4 ++-- ...ware_telem.py => file_encryption_telem.py} | 8 ++++---- .../ransomware/test_ransomware_payload.py | 12 ++++++------ .../telemetry/test_file_encryption_telem.py | 19 +++++++++++++++++++ .../telemetry/test_ransomware_telem.py | 19 ------------------- 6 files changed, 32 insertions(+), 32 deletions(-) rename monkey/infection_monkey/telemetry/{ransomware_telem.py => file_encryption_telem.py} (77%) create mode 100644 monkey/tests/unit_tests/infection_monkey/telemetry/test_file_encryption_telem.py delete mode 100644 monkey/tests/unit_tests/infection_monkey/telemetry/test_ransomware_telem.py diff --git a/monkey/common/common_consts/telem_categories.py b/monkey/common/common_consts/telem_categories.py index dc083d4ab..8c39abd74 100644 --- a/monkey/common/common_consts/telem_categories.py +++ b/monkey/common/common_consts/telem_categories.py @@ -8,4 +8,4 @@ class TelemCategoryEnum: TRACE = "trace" TUNNEL = "tunnel" ATTACK = "attack" - RANSOMWARE = "ransomware" + FILE_ENCRYPTION = "file_encryption" diff --git a/monkey/infection_monkey/ransomware/ransomware_payload.py b/monkey/infection_monkey/ransomware/ransomware_payload.py index da300a175..f500ce67c 100644 --- a/monkey/infection_monkey/ransomware/ransomware_payload.py +++ b/monkey/infection_monkey/ransomware/ransomware_payload.py @@ -5,8 +5,8 @@ from typing import List, Optional, Tuple from infection_monkey.ransomware.bitflip_encryptor import BitflipEncryptor from infection_monkey.ransomware.file_selectors import select_production_safe_target_files from infection_monkey.ransomware.valid_file_extensions import VALID_FILE_EXTENSIONS_FOR_ENCRYPTION +from infection_monkey.telemetry.file_encryption_telem import FileEncryptionTelem from infection_monkey.telemetry.messengers.i_telemetry_messenger import ITelemetryMessenger -from infection_monkey.telemetry.ransomware_telem import RansomwareTelem from infection_monkey.utils.environment import is_windows_os LOG = logging.getLogger(__name__) @@ -68,5 +68,5 @@ class RansomewarePayload: filepath.rename(new_filepath) def _send_telemetry(self, filepath: Path, error: str): - encryption_attempt = RansomwareTelem((str(filepath), str(error))) + encryption_attempt = FileEncryptionTelem((str(filepath), str(error))) self._telemetry_messenger.send_telemetry(encryption_attempt) diff --git a/monkey/infection_monkey/telemetry/ransomware_telem.py b/monkey/infection_monkey/telemetry/file_encryption_telem.py similarity index 77% rename from monkey/infection_monkey/telemetry/ransomware_telem.py rename to monkey/infection_monkey/telemetry/file_encryption_telem.py index 64cce13c2..4ea2ada0d 100644 --- a/monkey/infection_monkey/telemetry/ransomware_telem.py +++ b/monkey/infection_monkey/telemetry/file_encryption_telem.py @@ -6,10 +6,10 @@ from infection_monkey.telemetry.batchable_telem_mixin import BatchableTelemMixin from infection_monkey.telemetry.i_batchable_telem import IBatchableTelem -class RansomwareTelem(BatchableTelemMixin, IBatchableTelem, BaseTelem): +class FileEncryptionTelem(BatchableTelemMixin, IBatchableTelem, BaseTelem): def __init__(self, entry: Tuple[str, str]): """ - Ransomware telemetry constructor + File Encryption telemetry constructor :param attempts: List of tuples with each tuple containing the path of a file it tried encrypting and its result. If ransomware fails completely - list of one tuple @@ -19,7 +19,7 @@ class RansomwareTelem(BatchableTelemMixin, IBatchableTelem, BaseTelem): self._telemetry_entries.append(entry) - telem_category = TelemCategoryEnum.RANSOMWARE + telem_category = TelemCategoryEnum.FILE_ENCRYPTION def get_data(self): - return {"ransomware_attempts": self._telemetry_entries} + return {"files": self._telemetry_entries} diff --git a/monkey/tests/unit_tests/infection_monkey/ransomware/test_ransomware_payload.py b/monkey/tests/unit_tests/infection_monkey/ransomware/test_ransomware_payload.py index f26463ed1..bead17ed5 100644 --- a/monkey/tests/unit_tests/infection_monkey/ransomware/test_ransomware_payload.py +++ b/monkey/tests/unit_tests/infection_monkey/ransomware/test_ransomware_payload.py @@ -133,10 +133,10 @@ def test_telemetry_success(ransomware_payload, telemetry_messenger_spy): telem_1 = telemetry_messenger_spy.telemetries[0] telem_2 = telemetry_messenger_spy.telemetries[1] - assert ALL_ZEROS_PDF in telem_1.get_data()["ransomware_attempts"][0][0] - assert telem_1.get_data()["ransomware_attempts"][0][1] == "" - assert TEST_KEYBOARD_TXT in telem_2.get_data()["ransomware_attempts"][0][0] - assert telem_2.get_data()["ransomware_attempts"][0][1] == "" + assert ALL_ZEROS_PDF in telem_1.get_data()["files"][0][0] + assert telem_1.get_data()["files"][0][1] == "" + assert TEST_KEYBOARD_TXT in telem_2.get_data()["files"][0][0] + assert telem_2.get_data()["files"][0][1] == "" def test_telemetry_failure(monkeypatch, ransomware_payload, telemetry_messenger_spy): @@ -149,5 +149,5 @@ def test_telemetry_failure(monkeypatch, ransomware_payload, telemetry_messenger_ ransomware_payload.run_payload() telem_1 = telemetry_messenger_spy.telemetries[0] - assert "/file/not/exist" in telem_1.get_data()["ransomware_attempts"][0][0] - assert "No such file or directory" in telem_1.get_data()["ransomware_attempts"][0][1] + assert "/file/not/exist" in telem_1.get_data()["files"][0][0] + assert "No such file or directory" in telem_1.get_data()["files"][0][1] diff --git a/monkey/tests/unit_tests/infection_monkey/telemetry/test_file_encryption_telem.py b/monkey/tests/unit_tests/infection_monkey/telemetry/test_file_encryption_telem.py new file mode 100644 index 000000000..6152942e6 --- /dev/null +++ b/monkey/tests/unit_tests/infection_monkey/telemetry/test_file_encryption_telem.py @@ -0,0 +1,19 @@ +import json + +from infection_monkey.telemetry.file_encryption_telem import FileEncryptionTelem + +ENCRYPTION_ATTEMPTS = [("", ""), ("", "")] + + +def test_file_encryption_telem_send(spy_send_telemetry): + file_encryption_telem_1 = FileEncryptionTelem(ENCRYPTION_ATTEMPTS[0]) + file_encryption_telem_2 = FileEncryptionTelem(ENCRYPTION_ATTEMPTS[1]) + + file_encryption_telem_1.add_telemetry_to_batch(file_encryption_telem_2) + + file_encryption_telem_1.send() + expected_data = {"files": ENCRYPTION_ATTEMPTS} + expected_data = json.dumps(expected_data, cls=file_encryption_telem_1.json_encoder) + + assert spy_send_telemetry.data == expected_data + assert spy_send_telemetry.telem_category == "file_encryption" diff --git a/monkey/tests/unit_tests/infection_monkey/telemetry/test_ransomware_telem.py b/monkey/tests/unit_tests/infection_monkey/telemetry/test_ransomware_telem.py deleted file mode 100644 index e2e674ecd..000000000 --- a/monkey/tests/unit_tests/infection_monkey/telemetry/test_ransomware_telem.py +++ /dev/null @@ -1,19 +0,0 @@ -import json - -from infection_monkey.telemetry.ransomware_telem import RansomwareTelem - -ENCRYPTION_ATTEMPTS = [("", ""), ("", "")] - - -def test_ransomware_telem_send(spy_send_telemetry): - ransomware_telem_1 = RansomwareTelem(ENCRYPTION_ATTEMPTS[0]) - ransomware_telem_2 = RansomwareTelem(ENCRYPTION_ATTEMPTS[1]) - - ransomware_telem_1.add_telemetry_to_batch(ransomware_telem_2) - - ransomware_telem_1.send() - expected_data = {"ransomware_attempts": ENCRYPTION_ATTEMPTS} - expected_data = json.dumps(expected_data, cls=ransomware_telem_1.json_encoder) - - assert spy_send_telemetry.data == expected_data - assert spy_send_telemetry.telem_category == "ransomware"