p41275903
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #2139 from guardicore/2104-propagation-credential-endpoint 

2104 propagation credential endpoint
This commit is contained in:
Mike Salvatore 2022-07-28 09:17:12 -04:00 committed by GitHub
parent 85211c3120 6eda7cb4f1
commit adf0a563ce
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 18 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
monkey/monkey_island/cc/resources/propagation_credentials.py
View File

@ -28,44 +28,14 @@ class PropagationCredentials(AbstractResource):
return propagation_credentials, HTTPStatus.OK return propagation_credentials, HTTPStatus.OK
def post(self, collection=None):
credentials = [Credentials.from_mapping(c) for c in request.json]
if collection == _configured_collection:
self._credentials_repository.save_configured_credentials(credentials)
elif collection == _stolen_collection:
self._credentials_repository.save_stolen_credentials(credentials)
elif collection is None:
return {}, HTTPStatus.METHOD_NOT_ALLOWED
else:
return {}, HTTPStatus.NOT_FOUND
return {}, HTTPStatus.NO_CONTENT
def put(self, collection=None): def put(self, collection=None):
credentials = [Credentials.from_mapping(c) for c in request.json] credentials = [Credentials.from_mapping(c) for c in request.json]
if collection == _configured_collection: if collection == _configured_collection:
self._credentials_repository.remove_configured_credentials() self._credentials_repository.remove_configured_credentials()
self._credentials_repository.save_configured_credentials(credentials) self._credentials_repository.save_configured_credentials(credentials)
elif collection == _stolen_collection: elif collection is None or collection == _stolen_collection:
self._credentials_repository.remove_stolen_credentials()
self._credentials_repository.save_stolen_credentials(credentials)
elif collection is None:
return {}, HTTPStatus.METHOD_NOT_ALLOWED return {}, HTTPStatus.METHOD_NOT_ALLOWED
else: else:
return {}, HTTPStatus.NOT_FOUND return {}, HTTPStatus.NOT_FOUND
return {}, HTTPStatus.NO_CONTENT return {}, HTTPStatus.NO_CONTENT
def delete(self, collection=None):
if collection == _configured_collection:
self._credentials_repository.remove_configured_credentials()
elif collection == _stolen_collection:
self._credentials_repository.remove_stolen_credentials()
elif collection is None:
self._credentials_repository.remove_all_credentials()
else:
return {}, HTTPStatus.NOT_FOUND
return {}, HTTPStatus.NO_CONTENT

2
monkey/monkey_island/cc/ui/src/components/pages/ConfigurePage.js
View File

@ -252,7 +252,7 @@ class ConfigurePageComponent extends AuthComponent {
this.props.onStatusChange(); this.props.onStatusChange();
} }
) )
.then(this.authFetch(CONFIGURED_PROPAGATION_CREDENTIALS_URL, {method: 'DELETE'})) ; .then(this.authFetch(CONFIGURED_PROPAGATION_CREDENTIALS_URL, {method: 'PUT', body: '[]'})) ;
}; };
sendPbaRemoveRequest(apiEndpoint) { sendPbaRemoveRequest(apiEndpoint) {

2
monkey/monkey_island/cc/ui/src/components/ui-components/IslandResetModal.tsx
View File

@ -109,7 +109,7 @@ const IslandResetModal = (props: Props) => {
}}) }})
.then(res => { .then(res => {
if (res.status === 200) { if (res.status === 200) {
return auth.authFetch('/api/propagation-credentials/configured-credentials', {method: 'DELETE'}) return auth.authFetch('/api/propagation-credentials/configured-credentials', {method: 'PUT', body:'[]'})
}}) }})
.then(res => { .then(res => {
if (res.status === 200) { if (res.status === 200) {

58
monkey/tests/unit_tests/monkey_island/cc/resources/test_propagation_credentials.py
View File

@ -82,43 +82,26 @@ def test_propagation_credentials_endpoint__get_stolen(flask_client, credentials_
assert actual_propagation_credentials[1] == LM_HASH_CREDENTIALS assert actual_propagation_credentials[1] == LM_HASH_CREDENTIALS
@pytest.mark.parametrize("url", [CONFIGURED_CREDENTIALS_URL, STOLEN_CREDENTIALS_URL]) def test_configured_propagation_credentials_endpoint_put(flask_client, credentials_repository):
def test_propagation_credentials_endpoint__post_stolen(flask_client, credentials_repository, url):
pre_populate_repository(url, credentials_repository, [PASSWORD_CREDENTIALS_1])
resp = flask_client.post(
url,
json=[
Credentials.to_mapping(LM_HASH_CREDENTIALS),
Credentials.to_mapping(NT_HASH_CREDENTIALS),
],
)
assert resp.status_code == HTTPStatus.NO_CONTENT
resp = flask_client.get(url)
retrieved_propagation_credentials = [Credentials.from_mapping(creds) for creds in resp.json]
assert resp.status_code == HTTPStatus.OK
assert len(retrieved_propagation_credentials) == 3
assert PASSWORD_CREDENTIALS_1 in retrieved_propagation_credentials
assert LM_HASH_CREDENTIALS in retrieved_propagation_credentials
assert NT_HASH_CREDENTIALS in retrieved_propagation_credentials
@pytest.mark.parametrize("url", [CONFIGURED_CREDENTIALS_URL, STOLEN_CREDENTIALS_URL])
def test_stolen_propagation_credentials_endpoint_delete(flask_client, credentials_repository, url):
pre_populate_repository( pre_populate_repository(
url, credentials_repository, [PASSWORD_CREDENTIALS_1, LM_HASH_CREDENTIALS] CONFIGURED_CREDENTIALS_URL,
credentials_repository,
[PASSWORD_CREDENTIALS_1, LM_HASH_CREDENTIALS],
) )
resp = flask_client.delete(url) resp = flask_client.put(CONFIGURED_CREDENTIALS_URL, json=[])
assert resp.status_code == HTTPStatus.NO_CONTENT assert resp.status_code == HTTPStatus.NO_CONTENT
resp = flask_client.get(url) resp = flask_client.get(CONFIGURED_CREDENTIALS_URL)
assert len(json.loads(resp.text)) == 0 assert len(json.loads(resp.text)) == 0
def test_propagation_credentials_endpoint__propagation_credentials_post_not_allowed(flask_client): def test_stolen_propagation_credentials_endpoint__put_not_allowed(flask_client):
resp = flask_client.post(ALL_CREDENTIALS_URL, json=[]) resp = flask_client.put(STOLEN_CREDENTIALS_URL, json=[])
assert resp.status_code == HTTPStatus.METHOD_NOT_ALLOWED
def test_all_propagation_credentials_endpoint__put_not_allowed(flask_client):
resp = flask_client.put(ALL_CREDENTIALS_URL, json=[])
assert resp.status_code == HTTPStatus.METHOD_NOT_ALLOWED assert resp.status_code == HTTPStatus.METHOD_NOT_ALLOWED
@ -130,17 +113,6 @@ def test_propagation_credentials_endpoint__get_not_found(flask_client):
assert resp.status_code == HTTPStatus.NOT_FOUND assert resp.status_code == HTTPStatus.NOT_FOUND
def test_propagation_credentials_endpoint__post_not_found(flask_client): def test_propagation_credentials_endpoint__put_not_found(flask_client):
resp = flask_client.post( resp = flask_client.put(NON_EXISTENT_COLLECTION_URL, json=[])
NON_EXISTENT_COLLECTION_URL,
json=[
Credentials.to_mapping(LM_HASH_CREDENTIALS),
Credentials.to_mapping(NT_HASH_CREDENTIALS),
],
)
assert resp.status_code == HTTPStatus.NOT_FOUND
def test_propagation_credentials_endpoint__delete_not_found(flask_client):
resp = flask_client.delete(NON_EXISTENT_COLLECTION_URL)
assert resp.status_code == HTTPStatus.NOT_FOUND assert resp.status_code == HTTPStatus.NOT_FOUND