forked from p15670423/monkey
island: Add functions to create a file securely on Linux and Windows
This commit is contained in:
Shreya
parent
5d7d86aedc
commit
ff85360639
|
|
@ -29,6 +29,7 @@ def _create_secure_directory_linux(path: str):
|
||||||
# Don't split directory creation and permission setting
|
# Don't split directory creation and permission setting
|
||||||
# because it will temporarily create an accessible directory which anyone can use.
|
# because it will temporarily create an accessible directory which anyone can use.
|
||||||
os.mkdir(path, mode=0o700)
|
os.mkdir(path, mode=0o700)
|
||||||
|
|
||||||
except Exception as ex:
|
except Exception as ex:
|
||||||
LOG.error(f'Could not create a directory at "{path}": {str(ex)}')
|
LOG.error(f'Could not create a directory at "{path}": {str(ex)}')
|
||||||
raise ex
|
raise ex
|
||||||
|
|
@ -41,6 +42,57 @@ def _create_secure_directory_windows(path: str):
|
||||||
windows_permissions.get_security_descriptor_for_owner_only_perms()
|
windows_permissions.get_security_descriptor_for_owner_only_perms()
|
||||||
)
|
)
|
||||||
win32file.CreateDirectory(path, security_attributes)
|
win32file.CreateDirectory(path, security_attributes)
|
||||||
|
|
||||||
except Exception as ex:
|
except Exception as ex:
|
||||||
LOG.error(f'Could not create a directory at "{path}": {str(ex)}')
|
LOG.error(f'Could not create a directory at "{path}": {str(ex)}')
|
||||||
raise ex
|
raise ex
|
||||||
|
|
||||||
|
|
||||||
|
def create_secure_file(path: str):
|
||||||
|
if not os.path.isfile(path):
|
||||||
|
if is_windows_os():
|
||||||
|
_create_secure_file_windows(path)
|
||||||
|
else:
|
||||||
|
_create_secure_file_linux(path)
|
||||||
|
|
||||||
|
|
||||||
|
def _create_secure_file_linux(path: str):
|
||||||
|
try:
|
||||||
|
flags = os.O_RDWR | os.O_CREAT # read/write, create new
|
||||||
|
mode = 0o700 # read/write/execute permissions to owner
|
||||||
|
|
||||||
|
with os.open(path, flags, mode) as _:
|
||||||
|
pass
|
||||||
|
|
||||||
|
except Exception as ex:
|
||||||
|
LOG.error(f'Could not create a file at "{path}": {str(ex)}')
|
||||||
|
raise ex
|
||||||
|
|
||||||
|
|
||||||
|
def _create_secure_file_windows(path: str):
|
||||||
|
try:
|
||||||
|
file_access = win32file.GENERIC_READ | win32file.GENERIC_WRITE
|
||||||
|
file_sharing = (
|
||||||
|
win32file.FILE_SHARE_READ
|
||||||
|
) # subsequent open operations on the object will succeed only if read access is requested
|
||||||
|
security_attributes = win32security.SECURITY_ATTRIBUTES()
|
||||||
|
security_attributes.SECURITY_DESCRIPTOR = (
|
||||||
|
windows_permissions.get_security_descriptor_for_owner_only_perms()
|
||||||
|
)
|
||||||
|
file_creation = win32file.CREATE_NEW # fails if file exists
|
||||||
|
file_attributes = win32file.FILE_ATTRIBUTE_NORMAL
|
||||||
|
|
||||||
|
with win32file.CreateFile(
|
||||||
|
fileName=path,
|
||||||
|
desiredAccess=file_access,
|
||||||
|
shareMode=file_sharing,
|
||||||
|
attributes=security_attributes,
|
||||||
|
CreationDisposition=file_creation,
|
||||||
|
flagsAndAttributes=file_attributes,
|
||||||
|
hTemplateFile=win32file.NULL,
|
||||||
|
) as _:
|
||||||
|
pass
|
||||||
|
|
||||||
|
except Exception as ex:
|
||||||
|
LOG.error(f'Could not create a file at "{path}": {str(ex)}')
|
||||||
|
raise ex
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue