From f5134f1d3bdc6a975183c34799ae461ce422cb85 Mon Sep 17 00:00:00 2001 From: vakaris_zilius Date: Thu, 9 Jun 2022 08:08:03 +0000 Subject: [PATCH] Island: Decouple propagation credentials from per-agent config --- .../master/control_channel.py | 2 +- .../cc/resources/propagation_credentials.py | 10 +++---- monkey/monkey_island/cc/services/config.py | 28 ------------------- 3 files changed, 5 insertions(+), 35 deletions(-) diff --git a/monkey/infection_monkey/master/control_channel.py b/monkey/infection_monkey/master/control_channel.py index 64f8d0396..028437faf 100644 --- a/monkey/infection_monkey/master/control_channel.py +++ b/monkey/infection_monkey/master/control_channel.py @@ -68,7 +68,7 @@ class ControlChannel(IControlChannel): def get_credentials_for_propagation(self) -> PropagationCredentials: propagation_credentials_url = ( - f"https://{self._control_channel_server}/api/propagation-credentials/{self._agent_id}" + f"https://{self._control_channel_server}/api/propagation-credentials" ) try: response = requests.get( # noqa: DUO123 diff --git a/monkey/monkey_island/cc/resources/propagation_credentials.py b/monkey/monkey_island/cc/resources/propagation_credentials.py index 340f473b3..d2d03730c 100644 --- a/monkey/monkey_island/cc/resources/propagation_credentials.py +++ b/monkey/monkey_island/cc/resources/propagation_credentials.py @@ -1,17 +1,15 @@ -from monkey_island.cc.database import mongo from monkey_island.cc.resources.AbstractResource import AbstractResource from monkey_island.cc.services.config import ConfigService class PropagationCredentials(AbstractResource): - urls = ["/api/propagation-credentials/"] + urls = ["/api/propagation-credentials"] - def get(self, guid: str): - monkey_json = mongo.db.monkey.find_one_or_404({"guid": guid}) - ConfigService.decrypt_flat_config(monkey_json["config"]) + def get(self): + config = ConfigService.get_flat_config(should_decrypt=True) propagation_credentials = ConfigService.get_config_propagation_credentials_from_flat_config( - monkey_json["config"] + config ) return {"propagation_credentials": propagation_credentials} diff --git a/monkey/monkey_island/cc/services/config.py b/monkey/monkey_island/cc/services/config.py index a1c29cc32..68535e5f1 100644 --- a/monkey/monkey_island/cc/services/config.py +++ b/monkey/monkey_island/cc/services/config.py @@ -327,34 +327,6 @@ class ConfigService: def encrypt_config(config): ConfigService._encrypt_or_decrypt_config(config, False) - @staticmethod - def decrypt_flat_config(flat_config, is_island=False): - """ - Same as decrypt_config but for a flat configuration - """ - keys = [config_arr_as_array[-1] for config_arr_as_array in ENCRYPTED_CONFIG_VALUES] - - for key in keys: - if isinstance(flat_config[key], collections.Sequence) and not isinstance( - flat_config[key], str - ): - # Check if we are decrypting ssh key pair - if ( - flat_config[key] - and isinstance(flat_config[key][0], dict) - and "public_key" in flat_config[key][0] - ): - flat_config[key] = [ - decrypt_dict(SENSITIVE_SSH_KEY_FIELDS, item) for item in flat_config[key] - ] - else: - flat_config[key] = [ - get_datastore_encryptor().decrypt(item) for item in flat_config[key] - ] - else: - flat_config[key] = get_datastore_encryptor().decrypt(flat_config[key]) - return flat_config - @staticmethod def _encrypt_or_decrypt_config(config, is_decrypt=False): for config_arr_as_array in ENCRYPTED_CONFIG_VALUES: