forked from p15670423/monkey
Refactor dictionary and sensitive mongo field encryption by moving it to server_utils/encryption
This commit is contained in:
parent
8b9973238e
commit
1160ac6af0
|
@ -7,4 +7,4 @@ from .creds import Creds
|
||||||
from .monkey import Monkey
|
from .monkey import Monkey
|
||||||
from .monkey_ttl import MonkeyTtl
|
from .monkey_ttl import MonkeyTtl
|
||||||
from .pba_results import PbaResults
|
from .pba_results import PbaResults
|
||||||
from .report import Report
|
from monkey_island.cc.models.report.report import Report
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
from .report_dal import save_report, get_report
|
|
@ -5,8 +5,13 @@ from typing import List
|
||||||
from monkey_island.cc.database import mongo
|
from monkey_island.cc.database import mongo
|
||||||
from monkey_island.cc.models import CommandControlChannel
|
from monkey_island.cc.models import CommandControlChannel
|
||||||
from monkey_island.cc.models.telemetries.telemetry import Telemetry
|
from monkey_island.cc.models.telemetries.telemetry import Telemetry
|
||||||
from monkey_island.cc.utils import FieldNotFoundError, SensitiveField, dict_encryptor
|
from monkey_island.cc.server_utils.encryption import (
|
||||||
from monkey_island.cc.utils.field_encryptors import MimikatzResultsEncryptor
|
FieldNotFoundError,
|
||||||
|
MimikatzResultsEncryptor,
|
||||||
|
SensitiveField,
|
||||||
|
decrypt_dict,
|
||||||
|
encrypt_dict,
|
||||||
|
)
|
||||||
|
|
||||||
sensitive_fields = [
|
sensitive_fields = [
|
||||||
SensitiveField("data.credentials", MimikatzResultsEncryptor),
|
SensitiveField("data.credentials", MimikatzResultsEncryptor),
|
||||||
|
@ -16,7 +21,7 @@ sensitive_fields = [
|
||||||
|
|
||||||
def save_telemetry(telemetry_dict: dict):
|
def save_telemetry(telemetry_dict: dict):
|
||||||
try:
|
try:
|
||||||
telemetry_dict = dict_encryptor.encrypt(sensitive_fields, telemetry_dict)
|
telemetry_dict = encrypt_dict(sensitive_fields, telemetry_dict)
|
||||||
except FieldNotFoundError:
|
except FieldNotFoundError:
|
||||||
pass # Not all telemetries require encryption
|
pass # Not all telemetries require encryption
|
||||||
|
|
||||||
|
@ -40,7 +45,7 @@ def get_telemetry_by_query(query: dict, output_fields=None) -> List[dict]:
|
||||||
decrypted_list = []
|
decrypted_list = []
|
||||||
for telemetry in telemetries:
|
for telemetry in telemetries:
|
||||||
try:
|
try:
|
||||||
decrypted_list.append(dict_encryptor.decrypt(sensitive_fields, telemetry))
|
decrypted_list.append(decrypt_dict(sensitive_fields, telemetry))
|
||||||
except FieldNotFoundError:
|
except FieldNotFoundError:
|
||||||
decrypted_list.append(telemetry)
|
decrypted_list.append(telemetry)
|
||||||
return decrypted_list
|
return decrypted_list
|
||||||
|
|
|
@ -11,3 +11,11 @@ from monkey_island.cc.server_utils.encryption.data_store_encryptor import (
|
||||||
get_datastore_encryptor,
|
get_datastore_encryptor,
|
||||||
initialize_datastore_encryptor,
|
initialize_datastore_encryptor,
|
||||||
)
|
)
|
||||||
|
from .dict_encryption.dict_encryptor import (
|
||||||
|
SensitiveField,
|
||||||
|
encrypt_dict,
|
||||||
|
decrypt_dict,
|
||||||
|
FieldNotFoundError,
|
||||||
|
)
|
||||||
|
from .dict_encryption.field_encryptors.mimikatz_results_encryptor import MimikatzResultsEncryptor
|
||||||
|
from .dict_encryption.field_encryptors.string_list_encryptor import StringListEncryptor
|
||||||
|
|
|
@ -3,7 +3,9 @@ from typing import Callable, List, Type
|
||||||
|
|
||||||
import dpath.util
|
import dpath.util
|
||||||
|
|
||||||
from monkey_island.cc.utils.field_encryptors import IFieldEncryptor
|
from monkey_island.cc.server_utils.encryption.dict_encryption.field_encryptors import (
|
||||||
|
IFieldEncryptor,
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
class FieldNotFoundError(Exception):
|
class FieldNotFoundError(Exception):
|
||||||
|
@ -17,7 +19,7 @@ class SensitiveField:
|
||||||
field_encryptor: Type[IFieldEncryptor]
|
field_encryptor: Type[IFieldEncryptor]
|
||||||
|
|
||||||
|
|
||||||
def encrypt(sensitive_fields: List[SensitiveField], document_dict: dict) -> dict:
|
def encrypt_dict(sensitive_fields: List[SensitiveField], document_dict: dict) -> dict:
|
||||||
for sensitive_field in sensitive_fields:
|
for sensitive_field in sensitive_fields:
|
||||||
_apply_operation_to_document_field(
|
_apply_operation_to_document_field(
|
||||||
document_dict, sensitive_field, sensitive_field.field_encryptor.encrypt
|
document_dict, sensitive_field, sensitive_field.field_encryptor.encrypt
|
||||||
|
@ -26,7 +28,7 @@ def encrypt(sensitive_fields: List[SensitiveField], document_dict: dict) -> dict
|
||||||
return document_dict
|
return document_dict
|
||||||
|
|
||||||
|
|
||||||
def decrypt(sensitive_fields: List[SensitiveField], document_dict: dict) -> dict:
|
def decrypt_dict(sensitive_fields: List[SensitiveField], document_dict: dict) -> dict:
|
||||||
for sensitive_field in sensitive_fields:
|
for sensitive_field in sensitive_fields:
|
||||||
_apply_operation_to_document_field(
|
_apply_operation_to_document_field(
|
||||||
document_dict, sensitive_field, sensitive_field.field_encryptor.decrypt
|
document_dict, sensitive_field, sensitive_field.field_encryptor.decrypt
|
|
@ -1,7 +1,9 @@
|
||||||
import logging
|
import logging
|
||||||
|
|
||||||
from monkey_island.cc.server_utils.encryption import get_datastore_encryptor
|
from monkey_island.cc.server_utils.encryption import get_datastore_encryptor
|
||||||
from monkey_island.cc.utils.field_encryptors import IFieldEncryptor
|
from monkey_island.cc.server_utils.encryption.dict_encryption.field_encryptors import (
|
||||||
|
IFieldEncryptor,
|
||||||
|
)
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
|
@ -1,7 +1,9 @@
|
||||||
from typing import List
|
from typing import List
|
||||||
|
|
||||||
from monkey_island.cc.server_utils.encryption import get_datastore_encryptor
|
from monkey_island.cc.server_utils.encryption import get_datastore_encryptor
|
||||||
from monkey_island.cc.utils.field_encryptors import IFieldEncryptor
|
from monkey_island.cc.server_utils.encryption.dict_encryption.field_encryptors import (
|
||||||
|
IFieldEncryptor,
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
class StringListEncryptor(IFieldEncryptor):
|
class StringListEncryptor(IFieldEncryptor):
|
|
@ -1 +0,0 @@
|
||||||
from .dict_encryptor import FieldNotFoundError, SensitiveField
|
|
|
@ -6,8 +6,10 @@ import pytest
|
||||||
|
|
||||||
from monkey_island.cc.models.telemetries import get_telemetry_by_query, save_telemetry
|
from monkey_island.cc.models.telemetries import get_telemetry_by_query, save_telemetry
|
||||||
from monkey_island.cc.models.telemetries.telemetry import Telemetry
|
from monkey_island.cc.models.telemetries.telemetry import Telemetry
|
||||||
from monkey_island.cc.utils import SensitiveField
|
from monkey_island.cc.server_utils.encryption import SensitiveField
|
||||||
from monkey_island.cc.utils.field_encryptors import MimikatzResultsEncryptor
|
from monkey_island.cc.server_utils.encryption.dict_encryption.field_encryptors import (
|
||||||
|
MimikatzResultsEncryptor,
|
||||||
|
)
|
||||||
|
|
||||||
MOCK_CREDENTIALS = {
|
MOCK_CREDENTIALS = {
|
||||||
"Vakaris": {
|
"Vakaris": {
|
||||||
|
|
|
@ -4,8 +4,11 @@ from typing import List
|
||||||
import pytest
|
import pytest
|
||||||
|
|
||||||
from monkey_island.cc.models import Report
|
from monkey_island.cc.models import Report
|
||||||
from monkey_island.cc.utils import SensitiveField
|
from monkey_island.cc.models.report import get_report, save_report
|
||||||
from monkey_island.cc.utils.field_encryptors import IFieldEncryptor
|
from monkey_island.cc.server_utils.encryption import SensitiveField
|
||||||
|
from monkey_island.cc.server_utils.encryption.dict_encryption.field_encryptors import (
|
||||||
|
IFieldEncryptor,
|
||||||
|
)
|
||||||
|
|
||||||
MOCK_SENSITIVE_FIELD_CONTENTS = ["the_string", "the_string2"]
|
MOCK_SENSITIVE_FIELD_CONTENTS = ["the_string", "the_string2"]
|
||||||
MOCK_REPORT_DICT = {
|
MOCK_REPORT_DICT = {
|
||||||
|
@ -42,26 +45,28 @@ def patch_sensitive_fields(monkeypatch):
|
||||||
SensitiveField("overview.foo.the_key", MockStringListEncryptor),
|
SensitiveField("overview.foo.the_key", MockStringListEncryptor),
|
||||||
SensitiveField("overview.bar.the_key", MockStringListEncryptor),
|
SensitiveField("overview.bar.the_key", MockStringListEncryptor),
|
||||||
]
|
]
|
||||||
monkeypatch.setattr("monkey_island.cc.models.report.sensitive_fields", mock_sensitive_fields)
|
monkeypatch.setattr(
|
||||||
|
"monkey_island.cc.models.report.report_dal.sensitive_fields", mock_sensitive_fields
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
@pytest.mark.usefixtures("uses_database")
|
@pytest.mark.usefixtures("uses_database")
|
||||||
def test_report_encryption():
|
def test_report_encryption():
|
||||||
Report.save_report(MOCK_REPORT_DICT)
|
save_report(MOCK_REPORT_DICT)
|
||||||
|
|
||||||
assert Report.objects.first()["overview"]["foo"]["the_key"] == ["ENCRYPTED_0", "ENCRYPTED_1"]
|
assert Report.objects.first()["overview"]["foo"]["the_key"] == ["ENCRYPTED_0", "ENCRYPTED_1"]
|
||||||
assert Report.objects.first()["overview"]["bar"]["the_key"] == []
|
assert Report.objects.first()["overview"]["bar"]["the_key"] == []
|
||||||
assert Report.get_report()["overview"]["foo"]["the_key"] == MOCK_SENSITIVE_FIELD_CONTENTS
|
assert get_report()["overview"]["foo"]["the_key"] == MOCK_SENSITIVE_FIELD_CONTENTS
|
||||||
|
|
||||||
|
|
||||||
@pytest.mark.usefixtures("uses_database")
|
@pytest.mark.usefixtures("uses_database")
|
||||||
def test_report_dot_encoding():
|
def test_report_dot_encoding():
|
||||||
mrd = copy.deepcopy(MOCK_REPORT_DICT)
|
mrd = copy.deepcopy(MOCK_REPORT_DICT)
|
||||||
mrd["meta_info"] = {"foo.bar": "baz"}
|
mrd["meta_info"] = {"foo.bar": "baz"}
|
||||||
Report.save_report(mrd)
|
save_report(mrd)
|
||||||
|
|
||||||
assert "foo.bar" not in Report.objects.first()["meta_info"]
|
assert "foo.bar" not in Report.objects.first()["meta_info"]
|
||||||
assert "foo,,,bar" in Report.objects.first()["meta_info"]
|
assert "foo,,,bar" in Report.objects.first()["meta_info"]
|
||||||
|
|
||||||
report = Report.get_report()
|
report = get_report()
|
||||||
assert "foo.bar" in report["meta_info"]
|
assert "foo.bar" in report["meta_info"]
|
|
@ -1,7 +1,9 @@
|
||||||
import pytest
|
import pytest
|
||||||
|
|
||||||
from monkey_island.cc.server_utils.encryption import initialize_datastore_encryptor
|
from monkey_island.cc.server_utils.encryption import initialize_datastore_encryptor
|
||||||
from monkey_island.cc.utils.field_encryptors import StringListEncryptor
|
from monkey_island.cc.server_utils.encryption.dict_encryption.field_encryptors import (
|
||||||
|
StringListEncryptor,
|
||||||
|
)
|
||||||
|
|
||||||
MOCK_STRING_LIST = ["test_1", "test_2"]
|
MOCK_STRING_LIST = ["test_1", "test_2"]
|
||||||
EMPTY_LIST = []
|
EMPTY_LIST = []
|
||||||
|
|
Loading…
Reference in New Issue