forked from p15670423/monkey
island: Add config validation to IslandConfigOptions
This commit is contained in:
parent
a45848ce0c
commit
c19dc9dcad
|
@ -26,7 +26,7 @@ from monkey_island.cc.server_utils.island_logger import reset_logger, setup_logg
|
|||
from monkey_island.cc.services.initialize import initialize_services # noqa: E402
|
||||
from monkey_island.cc.services.reporting.exporter_init import populate_exporter_list # noqa: E402
|
||||
from monkey_island.cc.services.utils.network_utils import local_ip_addresses # noqa: E402
|
||||
from monkey_island.cc.setup.certificate_setup import setup_certificate # noqa: E402
|
||||
from monkey_island.cc.setup import island_config_options # noqa: E402
|
||||
from monkey_island.cc.setup.island_config_options import IslandConfigOptions # noqa: E402
|
||||
from monkey_island.cc.setup.mongo.database_initializer import init_collections # noqa: E402
|
||||
from monkey_island.cc.setup.mongo.mongo_setup import ( # noqa: E402
|
||||
|
@ -43,6 +43,8 @@ def run_monkey_island():
|
|||
island_args = parse_cli_args()
|
||||
config_options, server_config_path = _setup_data_dir(island_args)
|
||||
|
||||
_exit_on_invalid_config_options(config_options)
|
||||
|
||||
_configure_logging(config_options)
|
||||
_initialize_globals(config_options, server_config_path)
|
||||
|
||||
|
@ -66,6 +68,14 @@ def _setup_data_dir(island_args: IslandCmdArgs) -> Tuple[IslandConfigOptions, st
|
|||
exit(1)
|
||||
|
||||
|
||||
def _exit_on_invalid_config_options(config_options: IslandConfigOptions):
|
||||
try:
|
||||
island_config_options.raise_on_invalid_options(config_options)
|
||||
except Exception as ex:
|
||||
print(f"Configuration error: {ex}")
|
||||
exit(1)
|
||||
|
||||
|
||||
def _configure_logging(config_options):
|
||||
reset_logger()
|
||||
setup_logging(config_options.data_dir, config_options.log_level)
|
||||
|
@ -82,8 +92,6 @@ def _start_island_server(should_setup_only, config_options: IslandConfigOptions)
|
|||
populate_exporter_list()
|
||||
app = init_app(MONGO_URL)
|
||||
|
||||
crt_path, key_path = setup_certificate(config_options.crt_path, config_options.key_path)
|
||||
|
||||
init_collections()
|
||||
|
||||
if should_setup_only:
|
||||
|
@ -92,14 +100,23 @@ def _start_island_server(should_setup_only, config_options: IslandConfigOptions)
|
|||
|
||||
bootloader_server_thread = _start_bootloader_server()
|
||||
|
||||
logger.info(
|
||||
f"Using certificate path: {config_options.crt_path}, and key path: "
|
||||
"{config_options.key_path}."
|
||||
)
|
||||
|
||||
if env_singleton.env.is_debug():
|
||||
app.run(host="0.0.0.0", debug=True, ssl_context=(crt_path, key_path))
|
||||
app.run(
|
||||
host="0.0.0.0",
|
||||
debug=True,
|
||||
ssl_context=(config_options.crt_path, config_options.key_path),
|
||||
)
|
||||
else:
|
||||
http_server = WSGIServer(
|
||||
("0.0.0.0", env_singleton.env.get_island_port()),
|
||||
app,
|
||||
certfile=crt_path,
|
||||
keyfile=key_path,
|
||||
certfile=config_options.crt_path,
|
||||
keyfile=config_options.key_path,
|
||||
)
|
||||
_log_init_info()
|
||||
http_server.serve_forever()
|
||||
|
|
|
@ -1,16 +0,0 @@
|
|||
import os
|
||||
|
||||
from common.utils.exceptions import InsecurePermissionsError
|
||||
from monkey_island.cc.server_utils.file_utils import has_expected_permissions
|
||||
|
||||
|
||||
def ensure_file_existence(file: str) -> None:
|
||||
if not os.path.exists(file):
|
||||
raise FileNotFoundError(f"File not found at {file}. Exiting.")
|
||||
|
||||
|
||||
def ensure_file_permissions(file: str) -> None:
|
||||
if not has_expected_permissions(path=file, expected_permissions="0o400"):
|
||||
raise InsecurePermissionsError(
|
||||
f"{file} has insecure permissions. Required permissions: 400. Exiting."
|
||||
)
|
|
@ -1,18 +0,0 @@
|
|||
import logging
|
||||
|
||||
from monkey_island.cc.services.utils.file_handling import (
|
||||
ensure_file_existence,
|
||||
ensure_file_permissions,
|
||||
)
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
def setup_certificate(crt_path: str, key_path: str) -> (str, str):
|
||||
for file in [crt_path, key_path]:
|
||||
ensure_file_existence(file)
|
||||
ensure_file_permissions(file)
|
||||
|
||||
logger.info(f"Using certificate path: {crt_path}, and key path: {key_path}.")
|
||||
|
||||
return crt_path, key_path
|
|
@ -1,5 +1,8 @@
|
|||
from __future__ import annotations
|
||||
|
||||
import os
|
||||
|
||||
from common.utils.exceptions import InsecurePermissionsError
|
||||
from monkey_island.cc.server_utils.consts import (
|
||||
DEFAULT_CERTIFICATE_PATHS,
|
||||
DEFAULT_CRT_PATH,
|
||||
|
@ -8,7 +11,7 @@ from monkey_island.cc.server_utils.consts import (
|
|||
DEFAULT_LOG_LEVEL,
|
||||
DEFAULT_START_MONGO_DB,
|
||||
)
|
||||
from monkey_island.cc.server_utils.file_utils import expand_path
|
||||
from monkey_island.cc.server_utils.file_utils import expand_path, has_expected_permissions
|
||||
|
||||
|
||||
class IslandConfigOptions:
|
||||
|
@ -31,3 +34,23 @@ class IslandConfigOptions:
|
|||
"ssl_certificate_key_file", DEFAULT_KEY_PATH
|
||||
)
|
||||
)
|
||||
|
||||
|
||||
def raise_on_invalid_options(options: IslandConfigOptions):
|
||||
_raise_if_not_isfile(options.crt_path)
|
||||
_raise_if_incorrect_permissions(options.crt_path, 0o400)
|
||||
|
||||
_raise_if_not_isfile(options.key_path)
|
||||
_raise_if_incorrect_permissions(options.key_path, 0o400)
|
||||
|
||||
|
||||
def _raise_if_not_isfile(f: str):
|
||||
if not os.path.isfile(f):
|
||||
raise FileNotFoundError(f"{f} does not exist or is not a regular file.")
|
||||
|
||||
|
||||
def _raise_if_incorrect_permissions(f: str, expected_permissions: int):
|
||||
if not has_expected_permissions(f, expected_permissions):
|
||||
raise InsecurePermissionsError(
|
||||
f"The file {f} has incorrect permissions. Expected: {oct(expected_permissions)}"
|
||||
)
|
||||
|
|
Loading…
Reference in New Issue