diff --git a/monkey/monkey_island/cc/environment/utils.py b/monkey/monkey_island/cc/environment/utils.py deleted file mode 100644 index 94943106a..000000000 --- a/monkey/monkey_island/cc/environment/utils.py +++ /dev/null @@ -1,103 +0,0 @@ -import logging -import os -import platform -import stat - - -def is_windows_os() -> bool: - return platform.system() == "Windows" - - -if is_windows_os(): - import win32file - import win32job - import win32security - - import monkey_island.cc.environment.windows_permissions as windows_permissions - -LOG = logging.getLogger(__name__) - - -def create_secure_directory(path: str): - if not os.path.isdir(path): - if is_windows_os(): - _create_secure_directory_windows(path) - else: - _create_secure_directory_linux(path) - - -def _create_secure_directory_linux(path: str): - try: - # Don't split directory creation and permission setting - # because it will temporarily create an accessible directory which anyone can use. - os.mkdir(path, mode=stat.S_IRWXU) - - except Exception as ex: - LOG.error(f'Could not create a directory at "{path}": {str(ex)}') - raise ex - - -def _create_secure_directory_windows(path: str): - try: - security_attributes = win32security.SECURITY_ATTRIBUTES() - security_attributes.SECURITY_DESCRIPTOR = ( - windows_permissions.get_security_descriptor_for_owner_only_perms() - ) - win32file.CreateDirectory(path, security_attributes) - - except Exception as ex: - LOG.error(f'Could not create a directory at "{path}": {str(ex)}') - raise ex - - -def create_secure_file(path: str): - if not os.path.isfile(path): - if is_windows_os(): - _create_secure_file_windows(path) - else: - _create_secure_file_linux(path) - - -def _create_secure_file_linux(path: str): - try: - flags = ( - os.O_RDWR | os.O_CREAT | os.O_EXCL - ) # read/write, create new, throw error if file exists - mode = stat.S_IRWXU # read/write/execute permissions to owner - os.close(os.open(path, flags, mode)) - - except Exception as ex: - LOG.error(f'Could not create a file at "{path}": {str(ex)}') - raise ex - - -def _create_secure_file_windows(path: str): - try: - file_access = win32file.GENERIC_READ | win32file.GENERIC_WRITE - file_sharing = ( - win32file.FILE_SHARE_READ - ) # subsequent open operations on the object will succeed only if read access is requested - security_attributes = win32security.SECURITY_ATTRIBUTES() - security_attributes.SECURITY_DESCRIPTOR = ( - windows_permissions.get_security_descriptor_for_owner_only_perms() - ) - file_creation = win32file.CREATE_NEW # fails if file exists - file_attributes = win32file.FILE_FLAG_BACKUP_SEMANTICS - - win32file.CloseHandle( - win32file.CreateFile( - path, - file_access, - file_sharing, - security_attributes, - file_creation, - file_attributes, - win32job.CreateJobObject( - None, "" - ), # https://stackoverflow.com/questions/46800142/in-python-with-pywin32-win32job-the-createjobobject-function-how-do-i-pass-nu # noqa: E501 - ) - ) - - except Exception as ex: - LOG.error(f'Could not create a file at "{path}": {str(ex)}') - raise ex diff --git a/monkey/monkey_island/cc/server_utils/consts.py b/monkey/monkey_island/cc/server_utils/consts.py index ef5d0733c..cfa426d93 100644 --- a/monkey/monkey_island/cc/server_utils/consts.py +++ b/monkey/monkey_island/cc/server_utils/consts.py @@ -1,7 +1,7 @@ import os from pathlib import Path -from monkey_island.cc.environment.utils import is_windows_os +from monkey_island.cc.server_utils.file_utils import is_windows_os from monkey_island.cc.server_utils import file_utils __author__ = "itay.mizeretz" diff --git a/monkey/monkey_island/cc/server_utils/encryptor.py b/monkey/monkey_island/cc/server_utils/encryptor.py index cfa5b751c..abeb34dc3 100644 --- a/monkey/monkey_island/cc/server_utils/encryptor.py +++ b/monkey/monkey_island/cc/server_utils/encryptor.py @@ -6,7 +6,7 @@ import os from Crypto import Random # noqa: DUO133 # nosec: B413 from Crypto.Cipher import AES # noqa: DUO133 # nosec: B413 -from monkey_island.cc.environment.utils import create_secure_file +from monkey_island.cc.server_utils.file_utils import create_secure_file __author__ = "itay.mizeretz" diff --git a/monkey/monkey_island/cc/server_utils/file_utils.py b/monkey/monkey_island/cc/server_utils/file_utils.py index 225fb8732..a495fb5f0 100644 --- a/monkey/monkey_island/cc/server_utils/file_utils.py +++ b/monkey/monkey_island/cc/server_utils/file_utils.py @@ -1,5 +1,107 @@ import os +import logging +import platform +import stat + +LOG = logging.getLogger(__name__) + + +def is_windows_os() -> bool: + return platform.system() == "Windows" + + +if is_windows_os(): + import win32file + import win32job + import win32security + + import monkey_island.cc.server_utils.windows_permissions as windows_permissions def expand_path(path: str) -> str: return os.path.expandvars(os.path.expanduser(path)) + + +def create_secure_directory(path: str): + if not os.path.isdir(path): + if is_windows_os(): + _create_secure_directory_windows(path) + else: + _create_secure_directory_linux(path) + + +def _create_secure_directory_linux(path: str): + try: + # Don't split directory creation and permission setting + # because it will temporarily create an accessible directory which anyone can use. + os.mkdir(path, mode=stat.S_IRWXU) + + except Exception as ex: + LOG.error(f'Could not create a directory at "{path}": {str(ex)}') + raise ex + + +def _create_secure_directory_windows(path: str): + try: + security_attributes = win32security.SECURITY_ATTRIBUTES() + security_attributes.SECURITY_DESCRIPTOR = ( + windows_permissions.get_security_descriptor_for_owner_only_perms() + ) + win32file.CreateDirectory(path, security_attributes) + + except Exception as ex: + LOG.error(f'Could not create a directory at "{path}": {str(ex)}') + raise ex + + +def create_secure_file(path: str): + if not os.path.isfile(path): + if is_windows_os(): + _create_secure_file_windows(path) + else: + _create_secure_file_linux(path) + + +def _create_secure_file_linux(path: str): + try: + flags = ( + os.O_RDWR | os.O_CREAT | os.O_EXCL + ) # read/write, create new, throw error if file exists + mode = stat.S_IRWXU # read/write/execute permissions to owner + os.close(os.open(path, flags, mode)) + + except Exception as ex: + LOG.error(f'Could not create a file at "{path}": {str(ex)}') + raise ex + + +def _create_secure_file_windows(path: str): + try: + file_access = win32file.GENERIC_READ | win32file.GENERIC_WRITE + file_sharing = ( + win32file.FILE_SHARE_READ + ) # subsequent open operations on the object will succeed only if read access is requested + security_attributes = win32security.SECURITY_ATTRIBUTES() + security_attributes.SECURITY_DESCRIPTOR = ( + windows_permissions.get_security_descriptor_for_owner_only_perms() + ) + file_creation = win32file.CREATE_NEW # fails if file exists + file_attributes = win32file.FILE_FLAG_BACKUP_SEMANTICS + + win32file.CloseHandle( + win32file.CreateFile( + path, + file_access, + file_sharing, + security_attributes, + file_creation, + file_attributes, + win32job.CreateJobObject( + None, "" + ), # https://stackoverflow.com/questions/46800142/in-python-with-pywin32-win32job-the-createjobobject-function-how-do-i-pass-nu # noqa: E501 + ) + ) + + except Exception as ex: + LOG.error(f'Could not create a file at "{path}": {str(ex)}') + raise ex diff --git a/monkey/monkey_island/cc/environment/windows_permissions.py b/monkey/monkey_island/cc/server_utils/windows_permissions.py similarity index 100% rename from monkey/monkey_island/cc/environment/windows_permissions.py rename to monkey/monkey_island/cc/server_utils/windows_permissions.py diff --git a/monkey/monkey_island/cc/setup/config_setup.py b/monkey/monkey_island/cc/setup/config_setup.py index 103137a91..ef965e560 100644 --- a/monkey/monkey_island/cc/setup/config_setup.py +++ b/monkey/monkey_island/cc/setup/config_setup.py @@ -2,7 +2,7 @@ from typing import Tuple from monkey_island.cc.arg_parser import IslandCmdArgs from monkey_island.cc.environment import server_config_handler -from monkey_island.cc.environment.utils import create_secure_directory +from monkey_island.cc.server_utils.file_utils import create_secure_directory from monkey_island.cc.server_utils import file_utils from monkey_island.cc.server_utils.consts import DEFAULT_SERVER_CONFIG_PATH from monkey_island.cc.setup.island_config_options import IslandConfigOptions diff --git a/monkey/monkey_island/cc/setup/mongo/mongo_setup.py b/monkey/monkey_island/cc/setup/mongo/mongo_setup.py index 0ab8ca0c0..02e097c68 100644 --- a/monkey/monkey_island/cc/setup/mongo/mongo_setup.py +++ b/monkey/monkey_island/cc/setup/mongo/mongo_setup.py @@ -5,7 +5,7 @@ import sys import time from monkey_island.cc.database import get_db_version, is_db_server_up -from monkey_island.cc.environment.utils import create_secure_directory +from monkey_island.cc.server_utils.file_utils import create_secure_directory from monkey_island.cc.setup.mongo import mongo_connector from monkey_island.cc.setup.mongo.mongo_connector import MONGO_DB_HOST, MONGO_DB_NAME, MONGO_DB_PORT from monkey_island.cc.setup.mongo.mongo_db_process import MongoDbProcess