Merge branch 'feature/add-support-encrypted-values' into feature/report_exporters

monkey/monkey_island/cc/services/config.py

@@ -891,6 +891,7 @@ SCHEMA = {
     }
 }
 
+# This should be used for config values of array type (array of strings only)
 ENCRYPTED_CONFIG_ARRAYS = \
     [
         ['basic', 'credentials', 'exploit_password_list'],
@@ -902,6 +903,12 @@ ENCRYPTED_CONFIG_ARRAYS = \
         # ['cnc', 'aws_config', 'aws_secret_access_key'],
     ]
 
+# This should be used for config values of string type
+ENCRYPTED_CONFIG_STRINGS = \
+    [
+        
+    ]
+
 
 class ConfigService:
     default_config = None
@@ -941,8 +948,11 @@ class ConfigService:
         config = mongo.db.config.find_one({'name': 'initial' if is_initial_config else 'newconfig'}, {config_key: 1})
         for config_key_part in config_key_as_arr:
             config = config[config_key_part]
-        if should_decrypt and (config_key_as_arr in ENCRYPTED_CONFIG_ARRAYS):
+        if should_decrypt:
-            config = [encryptor.dec(x) for x in config]
+            if config_key_as_arr in ENCRYPTED_CONFIG_ARRAYS:
+                config = [encryptor.dec(x) for x in config]
+            elif config_key_as_arr in ENCRYPTED_CONFIG_STRINGS:
+                config = encryptor.dec(config)
         return config
 
     @staticmethod
@@ -1099,7 +1109,7 @@ class ConfigService:
         """
         Same as decrypt_config but for a flat configuration
         """
-        keys = [config_arr_as_array[2] for config_arr_as_array in ENCRYPTED_CONFIG_ARRAYS]
+        keys = [config_arr_as_array[2] for config_arr_as_array in (ENCRYPTED_CONFIG_ARRAYS + ENCRYPTED_CONFIG_STRINGS)]
         for key in keys:
             if isinstance(flat_config[key], collections.Sequence) and not isinstance(flat_config[key], string_types):
                 # Check if we are decrypting ssh key pair
@@ -1113,18 +1123,26 @@ class ConfigService:
 
     @staticmethod
     def _encrypt_or_decrypt_config(config, is_decrypt=False):
-        for config_arr_as_array in ENCRYPTED_CONFIG_ARRAYS:
+        for config_arr_as_array in (ENCRYPTED_CONFIG_ARRAYS + ENCRYPTED_CONFIG_STRINGS):
             config_arr = config
+            parent_config_arr = None
+
+            # Because the config isn't flat, this for-loop gets the actual config value out of the config
             for config_key_part in config_arr_as_array:
+                parent_config_arr = config_arr
                 config_arr = config_arr[config_key_part]
 
-            for i in range(len(config_arr)):
+            if isinstance(config_arr, collections.Sequence) and not isinstance(config_arr, string_types):
-                # Check if array of shh key pairs and then decrypt
+                for i in range(len(config_arr)):
-                if isinstance(config_arr[i], dict) and 'public_key' in config_arr[i]:
+                    # Check if array of shh key pairs and then decrypt
-                    config_arr[i] = ConfigService.decrypt_ssh_key_pair(config_arr[i]) if is_decrypt else \
+                    if isinstance(config_arr[i], dict) and 'public_key' in config_arr[i]:
-                                    ConfigService.decrypt_ssh_key_pair(config_arr[i], True)
+                        config_arr[i] = ConfigService.decrypt_ssh_key_pair(config_arr[i]) if is_decrypt else \
-                else:
+                                        ConfigService.decrypt_ssh_key_pair(config_arr[i], True)
-                    config_arr[i] = encryptor.dec(config_arr[i]) if is_decrypt else encryptor.enc(config_arr[i])
+                    else:
+                        config_arr[i] = encryptor.dec(config_arr[i]) if is_decrypt else encryptor.enc(config_arr[i])
+            else:
+                parent_config_arr[config_arr_as_array[-1]] =\
+                    encryptor.dec(config_arr) if is_decrypt else encryptor.enc(config_arr)
 
     @staticmethod
     def decrypt_ssh_key_pair(pair, encrypt=False):

monkey/monkey_island/cc/ui/src/components/pages/ReportPage.js

@@ -837,7 +837,7 @@ class ReportPageComponent extends AuthComponent {
     return (
       <li>
         Install Oracle <a href="http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html">
-        critical patch updates.</a> Or change server version. Vulnerable versions are
+        critical patch updates.</a> Or update to the latest version. Vulnerable versions are
         10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0.
         <CollapsibleWellComponent>
           Oracle WebLogic server at <span className="label label-primary">{issue.machine}</span> (<span
@@ -857,7 +857,7 @@ class ReportPageComponent extends AuthComponent {
         Run Hadoop in secure mode (<a href="http://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/SecureMode.html">
         add Kerberos authentication</a>).
         <CollapsibleWellComponent>
-          Oracle WebLogic server at <span className="label label-primary">{issue.machine}</span> (<span
+          The Hadoop server at <span className="label label-primary">{issue.machine}</span> (<span
           className="label label-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to <span
           className="label label-danger">remote code execution</span> attack.
           <br/>

monkey/monkey_island/cc/ui/src/styles/App.css

@@ -138,12 +138,11 @@ body {
     padding-left: 40px;
   }
 }
+
 .main .page-header {
   margin-top: 0;
 }
 
-
-
 .index img {
   margin: 40px auto;
   border-radius: 4px;
@@ -172,6 +171,9 @@ body {
   display: none;
 }
 
+.nav-tabs > li > a {
+  height: 63px
+}
 /*
  * Run Monkey Page
  */
@@ -491,4 +493,5 @@ body {
   .label-danger {
     background-color: #d9534f !important;
   }
+
 }