Merge pull request #1309 from guardicore/1287/ransomware-readme-config-dirs

Ransomware README with configurable directories
2021-07-09 15:47:22 -04:00 · 2021-07-09 15:47:22 -04:00 · af739b6c99
parent fb50ba1e55 eb36869e71
commit af739b6c99
4 changed files with 35 additions and 7 deletions
--- a/monkey/infection_monkey/ransomware/ransomware_payload.py
+++ b/monkey/infection_monkey/ransomware/ransomware_payload.py
@ -56,12 +56,17 @@ class RansomwarePayload:
            return None

    def run_payload(self):
-        if self._encryption_enabled and self._target_dir:
-            LOG.info("Running ransomware payload")
+        if not self._target_dir:
+            return
+
+        LOG.info("Running ransomware payload")
+
+        if self._encryption_enabled:
            file_list = self._find_files()
            self._encrypt_files(file_list)

-        self._leave_readme()
+        if self._readme_enabled:
+            self._leave_readme()

    def _find_files(self) -> List[Path]:
        LOG.info(f"Collecting files in {self._target_dir}")
@ -92,8 +97,6 @@ class RansomwarePayload:
        self._telemetry_messenger.send_telemetry(encryption_attempt)

    def _leave_readme(self):
-        if not self._readme_enabled:
-            return

        readme_dest_path = self._target_dir / README_DEST

--- a/monkey/monkey_island/cc/services/config_schema/ransomware.py
+++ b/monkey/monkey_island/cc/services/config_schema/ransomware.py
@ -49,6 +49,12 @@ RANSOMWARE = {
                        },
                    },
                },
+                "readme_note": {
+                    "title": "",
+                    "type": "object",
+                    "description": "Note: A README.txt will be left in the specified target "
+                    "directory.",
+                },
            },
        },
        "other_behaviors": {
--- a/monkey/monkey_island/cc/ui/src/components/configuration-components/UiSchema.js
+++ b/monkey/monkey_island/cc/ui/src/components/configuration-components/UiSchema.js
@ -75,8 +75,10 @@ export default function UiSchema(props) {
      encryption: {
        directories: {
            // Directory inputs are dynamically hidden
-        }
-      }
+        },
+      enabled: {'ui:widget': 'hidden'}
+      },
+      other_behaviors : {'ui:widget': 'hidden'}
    },
    internal: {
      general: {
--- a/monkey/tests/unit_tests/infection_monkey/ransomware/test_ransomware_payload.py
+++ b/monkey/tests/unit_tests/infection_monkey/ransomware/test_ransomware_payload.py
@ -244,3 +244,20 @@ def test_readme_already_exists(
    ).run_payload()

    mock_copy_file.assert_not_called()
+
+
+def test_no_readme_if_no_directory(
+    monkeypatch, ransomware_payload_config, telemetry_messenger_spy, ransomware_target
+):
+    monkeypatch.setattr(ransomware_payload_module, "TARGETED_FILE_EXTENSIONS", set()),
+    mock_copy_file = MagicMock()
+
+    ransomware_payload_config["encryption"]["directories"]["linux_target_dir"] = ""
+    ransomware_payload_config["encryption"]["directories"]["windows_target_dir"] = ""
+    ransomware_payload_config["other_behaviors"]["readme"] = True
+
+    RansomwarePayload(
+        ransomware_payload_config, telemetry_messenger_spy, mock_copy_file
+    ).run_payload()
+
+    mock_copy_file.assert_not_called()