Merge pull request #630 from guardicore/hotfix/fix-monkey-password-encoding

Python 3 hashing requires bytes, not string
This commit is contained in:
Shay Nehmad 2020-04-28 17:17:47 +03:00 committed by GitHub
commit 98636a5495
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 33 additions and 6 deletions

View File

@ -4,7 +4,7 @@ from pathlib import Path
MAJOR = "1" MAJOR = "1"
MINOR = "8" MINOR = "8"
PATCH = "0" PATCH = "1"
build_file_path = Path(__file__).parent.joinpath("BUILD") build_file_path = Path(__file__).parent.joinpath("BUILD")
with open(build_file_path, "r") as build_file: with open(build_file_path, "r") as build_file:
BUILD = build_file.read() BUILD = build_file.read()

View File

@ -1,7 +1,7 @@
from abc import ABCMeta, abstractmethod from abc import ABCMeta, abstractmethod
from datetime import timedelta from datetime import timedelta
import os import os
from Crypto.Hash import SHA3_512 import hashlib
__author__ = 'itay.mizeretz' __author__ = 'itay.mizeretz'
@ -45,10 +45,11 @@ class Environment(object, metaclass=ABCMeta):
def get_auth_expiration_time(self): def get_auth_expiration_time(self):
return self._AUTH_EXPIRATION_TIME return self._AUTH_EXPIRATION_TIME
def hash_secret(self, secret): @staticmethod
h = SHA3_512.new() def hash_secret(secret):
h.update(secret) hash_obj = hashlib.sha3_512()
return h.hexdigest() hash_obj.update(secret.encode('utf-8'))
return hash_obj.hexdigest()
def get_deployment(self): def get_deployment(self):
return self._get_from_config('deployment', 'unknown') return self._get_from_config('deployment', 'unknown')

View File

@ -0,0 +1,26 @@
from monkey_island.cc.auth import User
from monkey_island.cc.testing.IslandTestCase import IslandTestCase
from monkey_island.cc.environment.aws import AwsEnvironment
import hashlib
class TestAwsEnvironment(IslandTestCase):
def test_get_auth_users(self):
env = AwsEnvironment()
# This is "injecting" the instance id to the env. This is the UTs aren't always executed on the same AWS machine
# (might not be an AWS machine at all). Perhaps it would have been more elegant to create a Mock, but not worth it for
# this small test.
env._instance_id = "i-666"
hash_obj = hashlib.sha3_512()
hash_obj.update(b"i-666")
auth_users = env.get_auth_users()
assert isinstance(auth_users, list)
assert len(auth_users) == 1
auth_user = auth_users[0]
assert isinstance(auth_user, User)
assert auth_user.id == 1
assert auth_user.username == "monkey"
assert auth_user.secret == hash_obj.hexdigest()