forked from p15670423/monkey
Island: Refactor encryptors
All encryptors are moved to server_utils/encryption. They were renamed according to the class name. Everywhere that we had use the encryptors I have updated the names. Unit tests are also moved to UTs server_utils/encryption.
This commit is contained in:
parent
803d1c910f
commit
a661dc4fe6
|
@ -1,7 +1,7 @@
|
||||||
from typing import List
|
from typing import List
|
||||||
|
|
||||||
from monkey_island.cc.models.utils.field_encryptors.i_field_encryptor import IFieldEncryptor
|
from monkey_island.cc.models.utils.field_encryptors.i_field_encryptor import IFieldEncryptor
|
||||||
from monkey_island.cc.server_utils.key_encryptor import get_encryptor
|
from monkey_island.cc.server_utils.encryption.data_store_encryptor import get_encryptor
|
||||||
|
|
||||||
|
|
||||||
class StringListEncryptor(IFieldEncryptor):
|
class StringListEncryptor(IFieldEncryptor):
|
||||||
|
|
|
@ -4,8 +4,10 @@ import flask_restful
|
||||||
from flask import request
|
from flask import request
|
||||||
|
|
||||||
from monkey_island.cc.resources.auth.auth import jwt_required
|
from monkey_island.cc.resources.auth.auth import jwt_required
|
||||||
|
from monkey_island.cc.server_utils.encryption.password_based_encryption import (
|
||||||
|
PasswordBasedEncryptor,
|
||||||
|
)
|
||||||
from monkey_island.cc.services.config import ConfigService
|
from monkey_island.cc.services.config import ConfigService
|
||||||
from monkey_island.cc.services.utils.password_encryption import PasswordBasedEncryptor
|
|
||||||
|
|
||||||
|
|
||||||
class ConfigurationExport(flask_restful.Resource):
|
class ConfigurationExport(flask_restful.Resource):
|
||||||
|
|
|
@ -8,13 +8,13 @@ from flask import request
|
||||||
|
|
||||||
from common.utils.exceptions import InvalidConfigurationError
|
from common.utils.exceptions import InvalidConfigurationError
|
||||||
from monkey_island.cc.resources.auth.auth import jwt_required
|
from monkey_island.cc.resources.auth.auth import jwt_required
|
||||||
from monkey_island.cc.services.config import ConfigService
|
from monkey_island.cc.server_utils.encryption.password_based_encryption import (
|
||||||
from monkey_island.cc.services.utils.password_encryption import (
|
|
||||||
InvalidCiphertextError,
|
InvalidCiphertextError,
|
||||||
InvalidCredentialsError,
|
InvalidCredentialsError,
|
||||||
PasswordBasedEncryptor,
|
PasswordBasedEncryptor,
|
||||||
is_encrypted,
|
is_encrypted,
|
||||||
)
|
)
|
||||||
|
from monkey_island.cc.services.config import ConfigService
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
|
@ -27,8 +27,10 @@ from monkey_island.cc.server_utils.consts import ( # noqa: E402
|
||||||
GEVENT_EXCEPTION_LOG,
|
GEVENT_EXCEPTION_LOG,
|
||||||
MONGO_CONNECTION_TIMEOUT,
|
MONGO_CONNECTION_TIMEOUT,
|
||||||
)
|
)
|
||||||
|
from monkey_island.cc.server_utils.encryption.data_store_encryptor import ( # noqa: E402
|
||||||
|
initialize_encryptor,
|
||||||
|
)
|
||||||
from monkey_island.cc.server_utils.island_logger import reset_logger, setup_logging # noqa: E402
|
from monkey_island.cc.server_utils.island_logger import reset_logger, setup_logging # noqa: E402
|
||||||
from monkey_island.cc.server_utils.key_encryptor import initialize_encryptor # noqa: E402
|
|
||||||
from monkey_island.cc.services.initialize import initialize_services # noqa: E402
|
from monkey_island.cc.services.initialize import initialize_services # noqa: E402
|
||||||
from monkey_island.cc.services.reporting.exporter_init import populate_exporter_list # noqa: E402
|
from monkey_island.cc.services.reporting.exporter_init import populate_exporter_list # noqa: E402
|
||||||
from monkey_island.cc.services.utils.network_utils import local_ip_addresses # noqa: E402
|
from monkey_island.cc.services.utils.network_utils import local_ip_addresses # noqa: E402
|
||||||
|
|
|
@ -4,8 +4,8 @@ import os
|
||||||
# is maintained.
|
# is maintained.
|
||||||
from Crypto import Random # noqa: DUO133 # nosec: B413
|
from Crypto import Random # noqa: DUO133 # nosec: B413
|
||||||
|
|
||||||
|
from monkey_island.cc.server_utils.encryption.key_based_encryptor import KeyBasedEncryptor
|
||||||
from monkey_island.cc.server_utils.file_utils import open_new_securely_permissioned_file
|
from monkey_island.cc.server_utils.file_utils import open_new_securely_permissioned_file
|
||||||
from monkey_island.cc.services.utils.key_encryption import KeyBasedEncryptor
|
|
||||||
|
|
||||||
_encryptor = None
|
_encryptor = None
|
||||||
|
|
||||||
|
@ -22,6 +22,8 @@ class DataStoreEncryptor:
|
||||||
else:
|
else:
|
||||||
self._init_key(password_file)
|
self._init_key(password_file)
|
||||||
|
|
||||||
|
self._key_base_encryptor = KeyBasedEncryptor(self._cipher_key)
|
||||||
|
|
||||||
def _init_key(self, password_file_path: str):
|
def _init_key(self, password_file_path: str):
|
||||||
self._cipher_key = Random.new().read(self._BLOCK_SIZE)
|
self._cipher_key = Random.new().read(self._BLOCK_SIZE)
|
||||||
with open_new_securely_permissioned_file(password_file_path, "wb") as f:
|
with open_new_securely_permissioned_file(password_file_path, "wb") as f:
|
||||||
|
@ -32,12 +34,10 @@ class DataStoreEncryptor:
|
||||||
self._cipher_key = f.read()
|
self._cipher_key = f.read()
|
||||||
|
|
||||||
def enc(self, message: str):
|
def enc(self, message: str):
|
||||||
key_encryptor = KeyBasedEncryptor(self._cipher_key)
|
return self._key_base_encryptor.encrypt(message)
|
||||||
return key_encryptor.encrypt(message)
|
|
||||||
|
|
||||||
def dec(self, enc_message: str):
|
def dec(self, enc_message: str):
|
||||||
key_encryptor = KeyBasedEncryptor(self._cipher_key)
|
return self._key_base_encryptor.decrypt(enc_message)
|
||||||
return key_encryptor.decrypt(enc_message)
|
|
||||||
|
|
||||||
|
|
||||||
def initialize_encryptor(password_file_dir):
|
def initialize_encryptor(password_file_dir):
|
|
@ -6,7 +6,7 @@ import logging
|
||||||
from Crypto import Random # noqa: DUO133 # nosec: B413
|
from Crypto import Random # noqa: DUO133 # nosec: B413
|
||||||
from Crypto.Cipher import AES # noqa: DUO133 # nosec: B413
|
from Crypto.Cipher import AES # noqa: DUO133 # nosec: B413
|
||||||
|
|
||||||
from monkey_island.cc.services.utils.i_encryptor import IEncryptor
|
from monkey_island.cc.server_utils.encryption.i_encryptor import IEncryptor
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
|
@ -4,7 +4,7 @@ import logging
|
||||||
|
|
||||||
import pyAesCrypt
|
import pyAesCrypt
|
||||||
|
|
||||||
from monkey_island.cc.services.utils.i_encryptor import IEncryptor
|
from monkey_island.cc.server_utils.encryption.i_encryptor import IEncryptor
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
from monkey_island.cc.server_utils.key_encryptor import get_encryptor
|
from monkey_island.cc.server_utils.encryption.data_store_encryptor import get_encryptor
|
||||||
|
|
||||||
|
|
||||||
def parse_creds(attempt):
|
def parse_creds(attempt):
|
||||||
|
|
|
@ -19,7 +19,7 @@ from common.config_value_paths import (
|
||||||
USER_LIST_PATH,
|
USER_LIST_PATH,
|
||||||
)
|
)
|
||||||
from monkey_island.cc.database import mongo
|
from monkey_island.cc.database import mongo
|
||||||
from monkey_island.cc.server_utils.key_encryptor import get_encryptor
|
from monkey_island.cc.server_utils.encryption.data_store_encryptor import get_encryptor
|
||||||
from monkey_island.cc.services.config_manipulator import update_config_per_mode
|
from monkey_island.cc.services.config_manipulator import update_config_per_mode
|
||||||
from monkey_island.cc.services.config_schema.config_schema import SCHEMA
|
from monkey_island.cc.services.config_schema.config_schema import SCHEMA
|
||||||
from monkey_island.cc.services.mode.island_mode_service import ModeNotSetError, get_mode
|
from monkey_island.cc.services.mode.island_mode_service import ModeNotSetError, get_mode
|
||||||
|
|
|
@ -3,7 +3,7 @@ import copy
|
||||||
import dateutil
|
import dateutil
|
||||||
|
|
||||||
from monkey_island.cc.models import Monkey
|
from monkey_island.cc.models import Monkey
|
||||||
from monkey_island.cc.server_utils.key_encryptor import get_encryptor
|
from monkey_island.cc.server_utils.encryption.data_store_encryptor import get_encryptor
|
||||||
from monkey_island.cc.services.config import ConfigService
|
from monkey_island.cc.services.config import ConfigService
|
||||||
from monkey_island.cc.services.edge.displayed_edge import EdgeService
|
from monkey_island.cc.services.edge.displayed_edge import EdgeService
|
||||||
from monkey_island.cc.services.node import NodeService
|
from monkey_island.cc.services.node import NodeService
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
import logging
|
import logging
|
||||||
|
|
||||||
from monkey_island.cc.server_utils.key_encryptor import get_encryptor
|
from monkey_island.cc.server_utils.encryption.data_store_encryptor import get_encryptor
|
||||||
from monkey_island.cc.services.config import ConfigService
|
from monkey_island.cc.services.config import ConfigService
|
||||||
from monkey_island.cc.services.node import NodeService
|
from monkey_island.cc.services.node import NodeService
|
||||||
from monkey_island.cc.services.telemetry.processing.system_info_collectors.system_info_telemetry_dispatcher import ( # noqa: E501
|
from monkey_island.cc.services.telemetry.processing.system_info_collectors.system_info_telemetry_dispatcher import ( # noqa: E501
|
||||||
|
|
|
@ -5,7 +5,7 @@ from ScoutSuite.providers.base.authentication_strategy import AuthenticationExce
|
||||||
from common.cloud.scoutsuite_consts import CloudProviders
|
from common.cloud.scoutsuite_consts import CloudProviders
|
||||||
from common.config_value_paths import AWS_KEYS_PATH
|
from common.config_value_paths import AWS_KEYS_PATH
|
||||||
from common.utils.exceptions import InvalidAWSKeys
|
from common.utils.exceptions import InvalidAWSKeys
|
||||||
from monkey_island.cc.server_utils.key_encryptor import get_encryptor
|
from monkey_island.cc.server_utils.encryption.data_store_encryptor import get_encryptor
|
||||||
from monkey_island.cc.services.config import ConfigService
|
from monkey_island.cc.services.config import ConfigService
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -5,7 +5,7 @@ import os
|
||||||
|
|
||||||
import pytest
|
import pytest
|
||||||
from tests.unit_tests.monkey_island.cc.mongomock_fixtures import * # noqa: F401,F403,E402
|
from tests.unit_tests.monkey_island.cc.mongomock_fixtures import * # noqa: F401,F403,E402
|
||||||
from tests.unit_tests.monkey_island.cc.services.utils.test_encryption import (
|
from tests.unit_tests.monkey_island.cc.server_utils.encryption.test_password_based_encryption import ( # noqa: E501
|
||||||
MONKEY_CONFIGS_DIR_PATH,
|
MONKEY_CONFIGS_DIR_PATH,
|
||||||
STANDARD_PLAINTEXT_MONKEY_CONFIG_FILENAME,
|
STANDARD_PLAINTEXT_MONKEY_CONFIG_FILENAME,
|
||||||
)
|
)
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
import pytest
|
import pytest
|
||||||
|
|
||||||
from monkey_island.cc.models.utils.field_encryptors.string_list_encryptor import StringListEncryptor
|
from monkey_island.cc.models.utils.field_encryptors.string_list_encryptor import StringListEncryptor
|
||||||
from monkey_island.cc.server_utils.key_encryptor import initialize_encryptor
|
from monkey_island.cc.server_utils.encryption.data_store_encryptor import initialize_encryptor
|
||||||
|
|
||||||
MOCK_STRING_LIST = ["test_1", "test_2"]
|
MOCK_STRING_LIST = ["test_1", "test_2"]
|
||||||
EMPTY_LIST = []
|
EMPTY_LIST = []
|
||||||
|
|
|
@ -1,12 +1,16 @@
|
||||||
import pytest
|
import pytest
|
||||||
|
from tests.unit_tests.monkey_island.cc.server_utils.encryption.test_password_based_encryption import ( # noqa: E501
|
||||||
|
PASSWORD,
|
||||||
|
)
|
||||||
from tests.unit_tests.monkey_island.cc.services.utils.ciphertexts_for_encryption_test import (
|
from tests.unit_tests.monkey_island.cc.services.utils.ciphertexts_for_encryption_test import (
|
||||||
MALFORMED_CIPHER_TEXT_CORRUPTED,
|
MALFORMED_CIPHER_TEXT_CORRUPTED,
|
||||||
)
|
)
|
||||||
from tests.unit_tests.monkey_island.cc.services.utils.test_encryption import PASSWORD
|
|
||||||
|
|
||||||
from common.utils.exceptions import InvalidConfigurationError
|
from common.utils.exceptions import InvalidConfigurationError
|
||||||
from monkey_island.cc.resources.configuration_import import ConfigurationImport
|
from monkey_island.cc.resources.configuration_import import ConfigurationImport
|
||||||
from monkey_island.cc.services.utils.password_encryption import PasswordBasedEncryptor
|
from monkey_island.cc.server_utils.encryption.password_based_encryption import (
|
||||||
|
PasswordBasedEncryptor,
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
def test_is_config_encrypted__json(monkey_config_json):
|
def test_is_config_encrypted__json(monkey_config_json):
|
||||||
|
|
|
@ -1,6 +1,9 @@
|
||||||
import os
|
import os
|
||||||
|
|
||||||
from monkey_island.cc.server_utils.key_encryptor import get_encryptor, initialize_encryptor
|
from monkey_island.cc.server_utils.encryption.data_store_encryptor import (
|
||||||
|
get_encryptor,
|
||||||
|
initialize_encryptor,
|
||||||
|
)
|
||||||
|
|
||||||
PASSWORD_FILENAME = "mongo_key.bin"
|
PASSWORD_FILENAME = "mongo_key.bin"
|
||||||
|
|
|
@ -4,7 +4,7 @@ from tests.unit_tests.monkey_island.cc.services.utils.ciphertexts_for_encryption
|
||||||
VALID_CIPHER_TEXT,
|
VALID_CIPHER_TEXT,
|
||||||
)
|
)
|
||||||
|
|
||||||
from monkey_island.cc.services.utils.password_encryption import (
|
from monkey_island.cc.server_utils.encryption.password_based_encryption import (
|
||||||
InvalidCredentialsError,
|
InvalidCredentialsError,
|
||||||
PasswordBasedEncryptor,
|
PasswordBasedEncryptor,
|
||||||
)
|
)
|
|
@ -5,7 +5,10 @@ import pytest
|
||||||
|
|
||||||
from common.config_value_paths import AWS_KEYS_PATH
|
from common.config_value_paths import AWS_KEYS_PATH
|
||||||
from monkey_island.cc.database import mongo
|
from monkey_island.cc.database import mongo
|
||||||
from monkey_island.cc.server_utils.key_encryptor import get_encryptor, initialize_encryptor
|
from monkey_island.cc.server_utils.encryption.data_store_encryptor import (
|
||||||
|
get_encryptor,
|
||||||
|
initialize_encryptor,
|
||||||
|
)
|
||||||
from monkey_island.cc.services.config import ConfigService
|
from monkey_island.cc.services.config import ConfigService
|
||||||
from monkey_island.cc.services.zero_trust.scoutsuite.scoutsuite_auth_service import (
|
from monkey_island.cc.services.zero_trust.scoutsuite.scoutsuite_auth_service import (
|
||||||
is_aws_keys_setup,
|
is_aws_keys_setup,
|
||||||
|
|
Loading…
Reference in New Issue