p59342861
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

island: Add attack mitigations to mongo upon registration

This commit is contained in:
Shreya Malviya 2021-09-27 13:51:20 +05:30 committed by VakarisZ
parent b791ee16e1
commit 3cbeb3dbf7
2 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
monkey/monkey_island/cc/resources/auth/registration.py
View File

@ -1,4 +1,5 @@
import json import json
import logging
import flask_restful import flask_restful
from flask import make_response, request from flask import make_response, request
@ -7,6 +8,9 @@ import monkey_island.cc.environment.environment_singleton as env_singleton
import monkey_island.cc.resources.auth.password_utils as password_utils import monkey_island.cc.resources.auth.password_utils as password_utils
from common.utils.exceptions import InvalidRegistrationCredentialsError, RegistrationNotNeededError from common.utils.exceptions import InvalidRegistrationCredentialsError, RegistrationNotNeededError
from monkey_island.cc.environment.user_creds import UserCreds from monkey_island.cc.environment.user_creds import UserCreds
from monkey_island.cc.setup.mongo.database_initializer import init_collections
logger = logging.getLogger(__name__)
class Registration(flask_restful.Resource): class Registration(flask_restful.Resource):
@ -18,9 +22,16 @@ class Registration(flask_restful.Resource):
try: try:
env_singleton.env.try_add_user(credentials) env_singleton.env.try_add_user(credentials)
init_collections()
return make_response({"error": ""}, 200) return make_response({"error": ""}, 200)
except (InvalidRegistrationCredentialsError, RegistrationNotNeededError) as e: except (InvalidRegistrationCredentialsError, RegistrationNotNeededError) as e:
return make_response({"error": str(e)}, 400) return make_response({"error": str(e)}, 400)
except Exception as ex:
logger.error(
"Exception raised during registration; most likely an issue with the "
f"mongo collection's initialisation. Exception: {str(ex)}."
)
return make_response({"error": str(ex)}, 400)
def _get_user_credentials_from_request(request): def _get_user_credentials_from_request(request):

3
monkey/monkey_island/cc/server_setup.py
View File

@ -36,7 +36,6 @@ from monkey_island.cc.setup import island_config_options_validator # noqa: E402
from monkey_island.cc.setup.gevent_hub_error_handler import GeventHubErrorHandler # noqa: E402 from monkey_island.cc.setup.gevent_hub_error_handler import GeventHubErrorHandler # noqa: E402
from monkey_island.cc.setup.island_config_options import IslandConfigOptions # noqa: E402 from monkey_island.cc.setup.island_config_options import IslandConfigOptions # noqa: E402
from monkey_island.cc.setup.mongo import mongo_setup # noqa: E402 from monkey_island.cc.setup.mongo import mongo_setup # noqa: E402
from monkey_island.cc.setup.mongo.database_initializer import init_collections # noqa: E402
from monkey_island.cc.setup.mongo.mongo_db_process import MongoDbProcess # noqa: E402 from monkey_island.cc.setup.mongo.mongo_db_process import MongoDbProcess # noqa: E402
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@ -131,8 +130,6 @@ def _start_island_server(should_setup_only, config_options: IslandConfigOptions)
populate_exporter_list() populate_exporter_list()
app = init_app(mongo_setup.MONGO_URL) app = init_app(mongo_setup.MONGO_URL)
init_collections()
if should_setup_only: if should_setup_only:
logger.warning("Setup only flag passed. Exiting.") logger.warning("Setup only flag passed. Exiting.")
return return