From 820d47c9ccf2741befc2abdd5dbd7d2569b8f47a Mon Sep 17 00:00:00 2001 From: Shreya Malviya Date: Tue, 26 Oct 2021 19:24:50 +0530 Subject: [PATCH] Agent: Change logic for generating random password --- .../actions/communicate_as_backdoor_user.py | 2 +- .../utils/random_password_generator.py | 8 +++++--- .../utils/test_random_password_generator.py | 11 ++++++++--- 3 files changed, 14 insertions(+), 7 deletions(-) diff --git a/monkey/infection_monkey/post_breach/actions/communicate_as_backdoor_user.py b/monkey/infection_monkey/post_breach/actions/communicate_as_backdoor_user.py index 8e0758c77..dba5daad4 100644 --- a/monkey/infection_monkey/post_breach/actions/communicate_as_backdoor_user.py +++ b/monkey/infection_monkey/post_breach/actions/communicate_as_backdoor_user.py @@ -41,7 +41,7 @@ class CommunicateAsBackdoorUser(PBA): def run(self): username = CommunicateAsBackdoorUser.get_random_new_user_name() try: - password = get_random_password() + password = get_random_password(14) with create_auto_new_user(username, password) as new_user: http_request_commandline = ( CommunicateAsBackdoorUser.get_commandline_for_http_request( diff --git a/monkey/infection_monkey/utils/random_password_generator.py b/monkey/infection_monkey/utils/random_password_generator.py index 273343c22..3d77f1629 100644 --- a/monkey/infection_monkey/utils/random_password_generator.py +++ b/monkey/infection_monkey/utils/random_password_generator.py @@ -1,8 +1,10 @@ import secrets +import string -SECRET_BYTE_LENGTH = 32 +SECRET_LENGTH = 32 -def get_random_password(length: int = SECRET_BYTE_LENGTH) -> str: - password = secrets.token_urlsafe(length) +def get_random_password(length: int = SECRET_LENGTH) -> str: + alphabet = string.ascii_letters + string.digits + string.punctuation + password = "".join(secrets.choice(alphabet) for i in range(length)) return password diff --git a/monkey/tests/unit_tests/infection_monkey/utils/test_random_password_generator.py b/monkey/tests/unit_tests/infection_monkey/utils/test_random_password_generator.py index bdd97cdfd..6131fa34b 100644 --- a/monkey/tests/unit_tests/infection_monkey/utils/test_random_password_generator.py +++ b/monkey/tests/unit_tests/infection_monkey/utils/test_random_password_generator.py @@ -2,12 +2,17 @@ from infection_monkey.utils.random_password_generator import get_random_password def test_get_random_password__length(): - password_byte_length = len(get_random_password().encode()) + password_length = len(get_random_password()) # 32 is the recommended secure byte length for secrets - assert password_byte_length >= 32 + assert password_length == 32 + + +def test_get_random_password__custom_length(): + password_length = len(get_random_password(14)) + assert password_length == 14 def test_get_random_password__randomness(): random_password1 = get_random_password() random_password2 = get_random_password() - assert not random_password1 == random_password2 + assert random_password1 != random_password2