From e2ede289674142d23c70d37ed951a94238790b7e Mon Sep 17 00:00:00 2001 From: Ilija Lazoroski Date: Thu, 23 Sep 2021 19:04:22 +0200 Subject: [PATCH] Island: Rename get_encryptor and initialize_encryptor Renamed to get_datastore_encryptor and initialize_datastore_encryptor --- .../field_encryptors/string_list_encryptor.py | 6 ++-- monkey/monkey_island/cc/server_setup.py | 4 +-- .../cc/server_utils/encryption/__init__.py | 4 +-- .../encryption/data_store_encryptor.py | 4 +-- .../technique_report_tools.py | 6 ++-- monkey/monkey_island/cc/services/config.py | 30 ++++++++++--------- .../services/telemetry/processing/exploit.py | 4 +-- .../telemetry/processing/system_info.py | 4 +-- .../scoutsuite/scoutsuite_auth_service.py | 4 +-- .../test_string_list_encryptor.py | 4 +-- .../encryption/test_data_store_encryptor.py | 19 +++++++----- .../test_scoutsuite_auth_service.py | 9 ++++-- 12 files changed, 53 insertions(+), 45 deletions(-) diff --git a/monkey/monkey_island/cc/models/utils/field_encryptors/string_list_encryptor.py b/monkey/monkey_island/cc/models/utils/field_encryptors/string_list_encryptor.py index ab9b6a3e5..089155289 100644 --- a/monkey/monkey_island/cc/models/utils/field_encryptors/string_list_encryptor.py +++ b/monkey/monkey_island/cc/models/utils/field_encryptors/string_list_encryptor.py @@ -1,14 +1,14 @@ from typing import List from monkey_island.cc.models.utils.field_encryptors.i_field_encryptor import IFieldEncryptor -from monkey_island.cc.server_utils.encryption import get_encryptor +from monkey_island.cc.server_utils.encryption import get_datastore_encryptor class StringListEncryptor(IFieldEncryptor): @staticmethod def encrypt(value: List[str]): - return [get_encryptor().enc(string) for string in value] + return [get_datastore_encryptor().enc(string) for string in value] @staticmethod def decrypt(value: List[str]): - return [get_encryptor().dec(string) for string in value] + return [get_datastore_encryptor().dec(string) for string in value] diff --git a/monkey/monkey_island/cc/server_setup.py b/monkey/monkey_island/cc/server_setup.py index 7d8bf2d9f..a4e4da485 100644 --- a/monkey/monkey_island/cc/server_setup.py +++ b/monkey/monkey_island/cc/server_setup.py @@ -27,7 +27,7 @@ from monkey_island.cc.server_utils.consts import ( # noqa: E402 GEVENT_EXCEPTION_LOG, MONGO_CONNECTION_TIMEOUT, ) -from monkey_island.cc.server_utils.encryption import initialize_encryptor # noqa: E402 +from monkey_island.cc.server_utils.encryption import initialize_datastore_encryptor # noqa: E402 from monkey_island.cc.server_utils.island_logger import reset_logger, setup_logging # noqa: E402 from monkey_island.cc.services.initialize import initialize_services # noqa: E402 from monkey_island.cc.services.reporting.exporter_init import populate_exporter_list # noqa: E402 @@ -88,7 +88,7 @@ def _configure_logging(config_options): def _initialize_globals(config_options: IslandConfigOptions, server_config_path: str): env_singleton.initialize_from_file(server_config_path) - initialize_encryptor(config_options.data_dir) + initialize_datastore_encryptor(config_options.data_dir) initialize_services(config_options.data_dir) diff --git a/monkey/monkey_island/cc/server_utils/encryption/__init__.py b/monkey/monkey_island/cc/server_utils/encryption/__init__.py index e245575eb..a41240be1 100644 --- a/monkey/monkey_island/cc/server_utils/encryption/__init__.py +++ b/monkey/monkey_island/cc/server_utils/encryption/__init__.py @@ -8,6 +8,6 @@ from monkey_island.cc.server_utils.encryption.password_based_encryption import ( ) from monkey_island.cc.server_utils.encryption.data_store_encryptor import ( DataStoreEncryptor, - get_encryptor, - initialize_encryptor, + get_datastore_encryptor, + initialize_datastore_encryptor, ) diff --git a/monkey/monkey_island/cc/server_utils/encryption/data_store_encryptor.py b/monkey/monkey_island/cc/server_utils/encryption/data_store_encryptor.py index f4125e1bf..215703c02 100644 --- a/monkey/monkey_island/cc/server_utils/encryption/data_store_encryptor.py +++ b/monkey/monkey_island/cc/server_utils/encryption/data_store_encryptor.py @@ -40,11 +40,11 @@ class DataStoreEncryptor: return self._key_base_encryptor.decrypt(enc_message) -def initialize_encryptor(key_file_dir): +def initialize_datastore_encryptor(key_file_dir): global _encryptor _encryptor = DataStoreEncryptor(key_file_dir) -def get_encryptor(): +def get_datastore_encryptor(): return _encryptor diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/technique_report_tools.py b/monkey/monkey_island/cc/services/attack/technique_reports/technique_report_tools.py index 8e8938d93..16884678b 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/technique_report_tools.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/technique_report_tools.py @@ -1,4 +1,4 @@ -from monkey_island.cc.server_utils.encryption import get_encryptor +from monkey_island.cc.server_utils.encryption import get_datastore_encryptor def parse_creds(attempt): @@ -29,7 +29,7 @@ def censor_password(password, plain_chars=3, secret_chars=5): """ if not password: return "" - password = get_encryptor().dec(password) + password = get_datastore_encryptor().dec(password) return password[0:plain_chars] + "*" * secret_chars @@ -42,5 +42,5 @@ def censor_hash(hash_, plain_chars=5): """ if not hash_: return "" - hash_ = get_encryptor().dec(hash_) + hash_ = get_datastore_encryptor().dec(hash_) return hash_[0:plain_chars] + " ..." diff --git a/monkey/monkey_island/cc/services/config.py b/monkey/monkey_island/cc/services/config.py index d5da366d6..973ca104a 100644 --- a/monkey/monkey_island/cc/services/config.py +++ b/monkey/monkey_island/cc/services/config.py @@ -19,7 +19,7 @@ from common.config_value_paths import ( USER_LIST_PATH, ) from monkey_island.cc.database import mongo -from monkey_island.cc.server_utils.encryption import get_encryptor +from monkey_island.cc.server_utils.encryption import get_datastore_encryptor from monkey_island.cc.services.config_manipulator import update_config_per_mode from monkey_island.cc.services.config_schema.config_schema import SCHEMA from monkey_island.cc.services.mode.island_mode_service import ModeNotSetError, get_mode @@ -90,9 +90,9 @@ class ConfigService: if should_decrypt: if config_key_as_arr in ENCRYPTED_CONFIG_VALUES: if isinstance(config, str): - config = get_encryptor().dec(config) + config = get_datastore_encryptor().dec(config) elif isinstance(config, list): - config = [get_encryptor().dec(x) for x in config] + config = [get_datastore_encryptor().dec(x) for x in config] return config @staticmethod @@ -130,7 +130,7 @@ class ConfigService: if item_value in items_from_config: return if should_encrypt: - item_value = get_encryptor().enc(item_value) + item_value = get_datastore_encryptor().enc(item_value) mongo.db.config.update( {"name": "newconfig"}, {"$addToSet": {item_key: item_value}}, upsert=False ) @@ -349,9 +349,11 @@ class ConfigService: ConfigService.decrypt_ssh_key_pair(item) for item in flat_config[key] ] else: - flat_config[key] = [get_encryptor().dec(item) for item in flat_config[key]] + flat_config[key] = [ + get_datastore_encryptor().dec(item) for item in flat_config[key] + ] else: - flat_config[key] = get_encryptor().dec(flat_config[key]) + flat_config[key] = get_datastore_encryptor().dec(flat_config[key]) return flat_config @staticmethod @@ -377,25 +379,25 @@ class ConfigService: ) else: config_arr[i] = ( - get_encryptor().dec(config_arr[i]) + get_datastore_encryptor().dec(config_arr[i]) if is_decrypt - else get_encryptor().enc(config_arr[i]) + else get_datastore_encryptor().enc(config_arr[i]) ) else: parent_config_arr[config_arr_as_array[-1]] = ( - get_encryptor().dec(config_arr) + get_datastore_encryptor().dec(config_arr) if is_decrypt - else get_encryptor().enc(config_arr) + else get_datastore_encryptor().enc(config_arr) ) @staticmethod def decrypt_ssh_key_pair(pair, encrypt=False): if encrypt: - pair["public_key"] = get_encryptor().enc(pair["public_key"]) - pair["private_key"] = get_encryptor().enc(pair["private_key"]) + pair["public_key"] = get_datastore_encryptor().enc(pair["public_key"]) + pair["private_key"] = get_datastore_encryptor().enc(pair["private_key"]) else: - pair["public_key"] = get_encryptor().dec(pair["public_key"]) - pair["private_key"] = get_encryptor().dec(pair["private_key"]) + pair["public_key"] = get_datastore_encryptor().dec(pair["public_key"]) + pair["private_key"] = get_datastore_encryptor().dec(pair["private_key"]) return pair @staticmethod diff --git a/monkey/monkey_island/cc/services/telemetry/processing/exploit.py b/monkey/monkey_island/cc/services/telemetry/processing/exploit.py index bd78e1fe8..7c156930a 100644 --- a/monkey/monkey_island/cc/services/telemetry/processing/exploit.py +++ b/monkey/monkey_island/cc/services/telemetry/processing/exploit.py @@ -3,7 +3,7 @@ import copy import dateutil from monkey_island.cc.models import Monkey -from monkey_island.cc.server_utils.encryption import get_encryptor +from monkey_island.cc.server_utils.encryption import get_datastore_encryptor from monkey_island.cc.services.config import ConfigService from monkey_island.cc.services.edge.displayed_edge import EdgeService from monkey_island.cc.services.node import NodeService @@ -76,4 +76,4 @@ def encrypt_exploit_creds(telemetry_json): credential = attempts[i][field] if credential: # PowerShell exploiter's telem may have `None` here if len(credential) > 0: - attempts[i][field] = get_encryptor().enc(credential) + attempts[i][field] = get_datastore_encryptor().enc(credential) diff --git a/monkey/monkey_island/cc/services/telemetry/processing/system_info.py b/monkey/monkey_island/cc/services/telemetry/processing/system_info.py index 4d54af4d8..ba72e822b 100644 --- a/monkey/monkey_island/cc/services/telemetry/processing/system_info.py +++ b/monkey/monkey_island/cc/services/telemetry/processing/system_info.py @@ -1,6 +1,6 @@ import logging -from monkey_island.cc.server_utils.encryption import get_encryptor +from monkey_island.cc.server_utils.encryption import get_datastore_encryptor from monkey_island.cc.services.config import ConfigService from monkey_island.cc.services.node import NodeService from monkey_island.cc.services.telemetry.processing.system_info_collectors.system_info_telemetry_dispatcher import ( # noqa: E501 @@ -70,7 +70,7 @@ def encrypt_system_info_ssh_keys(ssh_info): for idx, user in enumerate(ssh_info): for field in ["public_key", "private_key", "known_hosts"]: if ssh_info[idx][field]: - ssh_info[idx][field] = get_encryptor().enc(ssh_info[idx][field]) + ssh_info[idx][field] = get_datastore_encryptor().enc(ssh_info[idx][field]) def process_credential_info(telemetry_json): diff --git a/monkey/monkey_island/cc/services/zero_trust/scoutsuite/scoutsuite_auth_service.py b/monkey/monkey_island/cc/services/zero_trust/scoutsuite/scoutsuite_auth_service.py index ece015935..89aa002fa 100644 --- a/monkey/monkey_island/cc/services/zero_trust/scoutsuite/scoutsuite_auth_service.py +++ b/monkey/monkey_island/cc/services/zero_trust/scoutsuite/scoutsuite_auth_service.py @@ -5,7 +5,7 @@ from ScoutSuite.providers.base.authentication_strategy import AuthenticationExce from common.cloud.scoutsuite_consts import CloudProviders from common.config_value_paths import AWS_KEYS_PATH from common.utils.exceptions import InvalidAWSKeys -from monkey_island.cc.server_utils.encryption import get_encryptor +from monkey_island.cc.server_utils.encryption import get_datastore_encryptor from monkey_island.cc.services.config import ConfigService @@ -41,7 +41,7 @@ def set_aws_keys(access_key_id: str, secret_access_key: str, session_token: str) def _set_aws_key(key_type: str, key_value: str): path_to_keys = AWS_KEYS_PATH - encrypted_key = get_encryptor().enc(key_value) + encrypted_key = get_datastore_encryptor().enc(key_value) ConfigService.set_config_value(path_to_keys + [key_type], encrypted_key) diff --git a/monkey/tests/unit_tests/monkey_island/cc/models/utils/field_encryptors/test_string_list_encryptor.py b/monkey/tests/unit_tests/monkey_island/cc/models/utils/field_encryptors/test_string_list_encryptor.py index 9af487e24..a93397392 100644 --- a/monkey/tests/unit_tests/monkey_island/cc/models/utils/field_encryptors/test_string_list_encryptor.py +++ b/monkey/tests/unit_tests/monkey_island/cc/models/utils/field_encryptors/test_string_list_encryptor.py @@ -1,7 +1,7 @@ import pytest from monkey_island.cc.models.utils.field_encryptors.string_list_encryptor import StringListEncryptor -from monkey_island.cc.server_utils.encryption import initialize_encryptor +from monkey_island.cc.server_utils.encryption import initialize_datastore_encryptor MOCK_STRING_LIST = ["test_1", "test_2"] EMPTY_LIST = [] @@ -9,7 +9,7 @@ EMPTY_LIST = [] @pytest.fixture def uses_encryptor(data_for_tests_dir): - initialize_encryptor(data_for_tests_dir) + initialize_datastore_encryptor(data_for_tests_dir) def test_encryption_and_decryption(uses_encryptor): diff --git a/monkey/tests/unit_tests/monkey_island/cc/server_utils/encryption/test_data_store_encryptor.py b/monkey/tests/unit_tests/monkey_island/cc/server_utils/encryption/test_data_store_encryptor.py index fa135c345..bb005fbf7 100644 --- a/monkey/tests/unit_tests/monkey_island/cc/server_utils/encryption/test_data_store_encryptor.py +++ b/monkey/tests/unit_tests/monkey_island/cc/server_utils/encryption/test_data_store_encryptor.py @@ -1,6 +1,9 @@ import os -from monkey_island.cc.server_utils.encryption import get_encryptor, initialize_encryptor +from monkey_island.cc.server_utils.encryption import ( + get_datastore_encryptor, + initialize_datastore_encryptor, +) PASSWORD_FILENAME = "mongo_key.bin" @@ -9,24 +12,24 @@ CYPHERTEXT = "vKgvD6SjRyIh1dh2AM/rnTa0NI/vjfwnbZLbMocWtE4e42WJmSUz2ordtbQrH1Fq" def test_aes_cbc_encryption(data_for_tests_dir): - initialize_encryptor(data_for_tests_dir) + initialize_datastore_encryptor(data_for_tests_dir) - assert get_encryptor().enc(PLAINTEXT) != PLAINTEXT + assert get_datastore_encryptor().enc(PLAINTEXT) != PLAINTEXT def test_aes_cbc_decryption(data_for_tests_dir): - initialize_encryptor(data_for_tests_dir) + initialize_datastore_encryptor(data_for_tests_dir) - assert get_encryptor().dec(CYPHERTEXT) == PLAINTEXT + assert get_datastore_encryptor().dec(CYPHERTEXT) == PLAINTEXT def test_aes_cbc_enc_dec(data_for_tests_dir): - initialize_encryptor(data_for_tests_dir) + initialize_datastore_encryptor(data_for_tests_dir) - assert get_encryptor().dec(get_encryptor().enc(PLAINTEXT)) == PLAINTEXT + assert get_datastore_encryptor().dec(get_datastore_encryptor().enc(PLAINTEXT)) == PLAINTEXT def test_create_new_password_file(tmpdir): - initialize_encryptor(tmpdir) + initialize_datastore_encryptor(tmpdir) assert os.path.isfile(os.path.join(tmpdir, PASSWORD_FILENAME)) diff --git a/monkey/tests/unit_tests/monkey_island/cc/services/zero_trust/scoutsuite/test_scoutsuite_auth_service.py b/monkey/tests/unit_tests/monkey_island/cc/services/zero_trust/scoutsuite/test_scoutsuite_auth_service.py index 3df67330c..2e6c2fd50 100644 --- a/monkey/tests/unit_tests/monkey_island/cc/services/zero_trust/scoutsuite/test_scoutsuite_auth_service.py +++ b/monkey/tests/unit_tests/monkey_island/cc/services/zero_trust/scoutsuite/test_scoutsuite_auth_service.py @@ -5,7 +5,10 @@ import pytest from common.config_value_paths import AWS_KEYS_PATH from monkey_island.cc.database import mongo -from monkey_island.cc.server_utils.encryption import get_encryptor, initialize_encryptor +from monkey_island.cc.server_utils.encryption import ( + get_datastore_encryptor, + initialize_datastore_encryptor, +) from monkey_island.cc.services.config import ConfigService from monkey_island.cc.services.zero_trust.scoutsuite.scoutsuite_auth_service import ( is_aws_keys_setup, @@ -27,8 +30,8 @@ def test_is_aws_keys_setup(tmp_path): assert not is_aws_keys_setup() # Make sure noone changed config path and broke this function - initialize_encryptor(tmp_path) - bogus_key_value = get_encryptor().enc("bogus_aws_key") + initialize_datastore_encryptor(tmp_path) + bogus_key_value = get_datastore_encryptor().enc("bogus_aws_key") dpath.util.set( ConfigService.default_config, AWS_KEYS_PATH + ["aws_secret_access_key"], bogus_key_value )