p41275903
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix DUO123 warnings

This commit is contained in:
Shreya 2021-04-22 16:39:19 +05:30 committed by Mike Salvatore
parent b0be14193d
commit c0fdc9561f
7 changed files with 52 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
envs/monkey_zoo/blackbox/island_client/monkey_island_requests.py
View File

@ -66,8 +66,8 @@ class MonkeyIslandRequests(object):
return request_function_wrapper
def get_jwt_from_server(self):
resp = requests.post(
self.addr + "api/auth", # noqa: DUO123
resp = requests.post( # noqa: DUO123
self.addr + "api/auth",
json={"username": NO_AUTH_CREDS, "password": NO_AUTH_CREDS},
verify=False,
)
@ -75,8 +75,8 @@ class MonkeyIslandRequests(object):
@_Decorators.refresh_jwt_token
def get(self, url, data=None):
return requests.get(
self.addr + url, # noqa: DUO123
return requests.get( # noqa: DUO123
self.addr + url,
headers=self.get_jwt_header(),
params=data,
verify=False,
@ -84,25 +84,25 @@ class MonkeyIslandRequests(object):
@_Decorators.refresh_jwt_token
def post(self, url, data):
return requests.post(
self.addr + url, data=data, headers=self.get_jwt_header(), verify=False # noqa: DUO123
return requests.post( # noqa: DUO123
self.addr + url, data=data, headers=self.get_jwt_header(), verify=False
)
@_Decorators.refresh_jwt_token
def post_json(self, url, data: Dict):
return requests.post(
self.addr + url, json=data, headers=self.get_jwt_header(), verify=False # noqa: DUO123
return requests.post( # noqa: DUO123
self.addr + url, json=data, headers=self.get_jwt_header(), verify=False
)
@_Decorators.refresh_jwt_token
def patch(self, url, data: Dict):
return requests.patch(
self.addr + url, data=data, headers=self.get_jwt_header(), verify=False # noqa: DUO123
return requests.patch( # noqa: DUO123
self.addr + url, data=data, headers=self.get_jwt_header(), verify=False
)
@_Decorators.refresh_jwt_token
def delete(self, url):
return requests.delete( # noqa: DOU123
return requests.delete( # noqa: DUO123
self.addr + url, headers=self.get_jwt_header(), verify=False
)

54
monkey/infection_monkey/control.py
View File

@ -64,8 +64,8 @@ class ControlClient(object):
if ControlClient.proxies:
monkey["tunnel"] = ControlClient.proxies.get("https")
requests.post(
"https://%s/api/monkey" % (WormConfiguration.current_server,), # noqa: DUO123
requests.post( # noqa: DUO123
"https://%s/api/monkey" % (WormConfiguration.current_server,),
data=json.dumps(monkey),
headers={"content-type": "application/json"},
verify=False,
@ -92,8 +92,8 @@ class ControlClient(object):
if ControlClient.proxies:
debug_message += " through proxies: %s" % ControlClient.proxies
LOG.debug(debug_message)
requests.get(
f"https://{server}/api?action=is-up", # noqa: DUO123
requests.get( # noqa: DUO123
f"https://{server}/api?action=is-up",
verify=False,
proxies=ControlClient.proxies,
timeout=TIMEOUT_IN_SECONDS,
@ -130,9 +130,8 @@ class ControlClient(object):
monkey = {}
if ControlClient.proxies:
monkey["tunnel"] = ControlClient.proxies.get("https")
requests.patch(
"https://%s/api/monkey/%s"
% (WormConfiguration.current_server, GUID), # noqa: DUO123
requests.patch( # noqa: DUO123
"https://%s/api/monkey/%s" % (WormConfiguration.current_server, GUID),
data=json.dumps(monkey),
headers={"content-type": "application/json"},
verify=False,
@ -155,8 +154,8 @@ class ControlClient(object):
return
try:
telemetry = {"monkey_guid": GUID, "telem_category": telem_category, "data": json_data}
requests.post(
"https://%s/api/telemetry" % (WormConfiguration.current_server,), # noqa: DUO123
requests.post( # noqa: DUO123
"https://%s/api/telemetry" % (WormConfiguration.current_server,),
data=json.dumps(telemetry),
headers={"content-type": "application/json"},
verify=False,
@ -174,8 +173,8 @@ class ControlClient(object):
return
try:
telemetry = {"monkey_guid": GUID, "log": json.dumps(log)}
requests.post(
"https://%s/api/log" % (WormConfiguration.current_server,), # noqa: DUO123
requests.post( # noqa: DUO123
"https://%s/api/log" % (WormConfiguration.current_server,),
data=json.dumps(telemetry),
headers={"content-type": "application/json"},
verify=False,
@ -192,9 +191,8 @@ class ControlClient(object):
if not WormConfiguration.current_server:
return
try:
reply = requests.get(
"https://%s/api/monkey/%s"
% (WormConfiguration.current_server, GUID), # noqa: DUO123
reply = requests.get( # noqa: DUO123
"https://%s/api/monkey/%s" % (WormConfiguration.current_server, GUID),
verify=False,
proxies=ControlClient.proxies,
timeout=MEDIUM_REQUEST_TIMEOUT,
@ -230,9 +228,8 @@ class ControlClient(object):
if not WormConfiguration.current_server:
return
try:
requests.patch(
"https://%s/api/monkey/%s"
% (WormConfiguration.current_server, GUID), # noqa: DUO123
requests.patch( # noqa: DUO123
"https://%s/api/monkey/%s" % (WormConfiguration.current_server, GUID),
data=json.dumps({"config_error": True}),
headers={"content-type": "application/json"},
verify=False,
@ -292,9 +289,9 @@ class ControlClient(object):
if (monkeyfs.isfile(dest_file)) and (size == monkeyfs.getsize(dest_file)):
return dest_file
else:
download = requests.get(
download = requests.get( # noqa: DUO123
"https://%s/api/monkey/download/%s"
% (WormConfiguration.current_server, filename), # noqa: DUO123
% (WormConfiguration.current_server, filename),
verify=False,
proxies=ControlClient.proxies,
timeout=MEDIUM_REQUEST_TIMEOUT,
@ -322,9 +319,8 @@ class ControlClient(object):
if not WormConfiguration.current_server:
return None, None
try:
reply = requests.post(
"https://%s/api/monkey/download"
% (WormConfiguration.current_server,), # noqa: DUO123
reply = requests.post( # noqa: DUO123
"https://%s/api/monkey/download" % (WormConfiguration.current_server,),
data=json.dumps(host_dict),
headers={"content-type": "application/json"},
verify=False,
@ -370,8 +366,8 @@ class ControlClient(object):
@staticmethod
def get_pba_file(filename):
try:
return requests.get(
PBA_FILE_DOWNLOAD % (WormConfiguration.current_server, filename), # noqa: DUO123
return requests.get( # noqa: DUO123
PBA_FILE_DOWNLOAD % (WormConfiguration.current_server, filename),
verify=False,
proxies=ControlClient.proxies,
timeout=LONG_REQUEST_TIMEOUT,
@ -382,9 +378,9 @@ class ControlClient(object):
@staticmethod
def get_T1216_pba_file():
try:
return requests.get(
return requests.get( # noqa: DUO123
urljoin(
f"https://{WormConfiguration.current_server}/", # noqa: DUO123
f"https://{WormConfiguration.current_server}/",
T1216_PBA_FILE_DOWNLOAD_PATH,
),
verify=False,
@ -416,7 +412,9 @@ class ControlClient(object):
f"https://{WormConfiguration.current_server}/api/monkey_control"
f"/check_remote_port/{port}"
)
response = requests.get(url, verify=False, timeout=SHORT_REQUEST_TIMEOUT)
response = requests.get( # noqa: DUO123
url, verify=False, timeout=SHORT_REQUEST_TIMEOUT
)
response = json.loads(response.content.decode())
return response["status"] == "port_visible"
except requests.exceptions.RequestException:
@ -424,7 +422,7 @@ class ControlClient(object):
@staticmethod
def report_start_on_island():
requests.post(
requests.post( # noqa: DUO123
f"https://{WormConfiguration.current_server}/api/monkey_control/started_on_island",
data=json.dumps({"started_on_island": True}),
verify=False,

12
monkey/infection_monkey/exploit/drupal.py
View File

@ -82,8 +82,8 @@ class DrupalExploiter(WebRCE):
"""
payload = build_exploitability_check_payload(url)
response = requests.get(
f"{url}?_format=hal_json", # noqa: DUO123
response = requests.get( # noqa: DUO123
f"{url}?_format=hal_json",
json=payload,
headers={"Content-Type": "application/hal+json"},
verify=False,
@ -102,8 +102,8 @@ class DrupalExploiter(WebRCE):
base = remove_port(url)
payload = build_cmd_execution_payload(base, cmd)
r = requests.get(
f"{url}?_format=hal_json", # noqa: DUO123
r = requests.get( # noqa: DUO123
f"{url}?_format=hal_json",
json=payload,
headers={"Content-Type": "application/hal+json"},
verify=False,
@ -157,9 +157,9 @@ def find_exploitbale_article_ids(base_url: str, lower: int = 1, upper: int = 100
articles = set()
while lower < upper:
node_url = urljoin(base_url, str(lower))
response = requests.get(
response = requests.get( # noqa: DUO123
node_url, verify=False, timeout=LONG_REQUEST_TIMEOUT
) # noqa: DUO123
)
if response.status_code == 200:
if is_response_cached(response):
LOG.info(f"Found a cached article at: {node_url}, skipping")

4
monkey/infection_monkey/exploit/shellshock.py
View File

@ -243,9 +243,9 @@ class ShellShockExploiter(HostExploiter):
try:
LOG.debug("Header is: %s" % header)
LOG.debug("Attack is: %s" % attack)
r = requests.get(
r = requests.get( # noqa: DUO123
url, headers={header: attack}, verify=False, timeout=TIMEOUT
) # noqa: DUO123
)
result = r.content.decode()
return result
except requests.exceptions.RequestException as exc:

8
monkey/infection_monkey/exploit/weblogic.py
View File

@ -83,9 +83,9 @@ class WebLogic201710271(WebRCE):
else:
payload = self.get_exploit_payload("cmd", "/c", command + " 1> NUL 2> NUL")
try:
post(
post( # noqa: DUO123
url, data=payload, headers=HEADERS, timeout=EXECUTION_TIMEOUT, verify=False
) # noqa: DUO123
)
except Exception as e:
LOG.error("Connection error: %s" % e)
return False
@ -121,9 +121,9 @@ class WebLogic201710271(WebRCE):
def check_if_exploitable_weblogic(self, url, httpd):
payload = self.get_test_payload(ip=httpd.local_ip, port=httpd.local_port)
try:
post(
post( # noqa: DUO123
url, data=payload, headers=HEADERS, timeout=REQUEST_DELAY, verify=False
) # noqa: DUO123
)
except exceptions.ReadTimeout:
# Our request will not get response thus we get ReadTimeout error
pass

2
monkey/infection_monkey/transport/http.py
View File

@ -126,7 +126,7 @@ class HTTPConnectProxyHandler(http.server.BaseHTTPRequestHandler):
LOG.info("Received bootloader's request: {}".format(post_data))
try:
dest_path = self.path
r = requests.post(
r = requests.post( # noqa: DUO123
url=dest_path,
data=post_data,
verify=False,

4
monkey/monkey_island/cc/server_utils/bootloader_server.py
View File

@ -33,9 +33,9 @@ class BootloaderHTTPRequestHandler(BaseHTTPRequestHandler):
# The island server doesn't always have a correct SSL cert installed
# (By default it comes with a self signed one),
# that's why we're not verifying the cert in this request.
r = requests.post(
r = requests.post( # noqa: DUO123
url=island_server_path, data=post_data, verify=False, timeout=SHORT_REQUEST_TIMEOUT
) # noqa: DUO123
)
try:
if r.status_code != 200: