forked from p15670423/monkey
Merge pull request #630 from guardicore/hotfix/fix-monkey-password-encoding
Python 3 hashing requires bytes, not string
This commit is contained in:
commit
98636a5495
|
@ -4,7 +4,7 @@ from pathlib import Path
|
||||||
|
|
||||||
MAJOR = "1"
|
MAJOR = "1"
|
||||||
MINOR = "8"
|
MINOR = "8"
|
||||||
PATCH = "0"
|
PATCH = "1"
|
||||||
build_file_path = Path(__file__).parent.joinpath("BUILD")
|
build_file_path = Path(__file__).parent.joinpath("BUILD")
|
||||||
with open(build_file_path, "r") as build_file:
|
with open(build_file_path, "r") as build_file:
|
||||||
BUILD = build_file.read()
|
BUILD = build_file.read()
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
from abc import ABCMeta, abstractmethod
|
from abc import ABCMeta, abstractmethod
|
||||||
from datetime import timedelta
|
from datetime import timedelta
|
||||||
import os
|
import os
|
||||||
from Crypto.Hash import SHA3_512
|
import hashlib
|
||||||
|
|
||||||
__author__ = 'itay.mizeretz'
|
__author__ = 'itay.mizeretz'
|
||||||
|
|
||||||
|
@ -45,10 +45,11 @@ class Environment(object, metaclass=ABCMeta):
|
||||||
def get_auth_expiration_time(self):
|
def get_auth_expiration_time(self):
|
||||||
return self._AUTH_EXPIRATION_TIME
|
return self._AUTH_EXPIRATION_TIME
|
||||||
|
|
||||||
def hash_secret(self, secret):
|
@staticmethod
|
||||||
h = SHA3_512.new()
|
def hash_secret(secret):
|
||||||
h.update(secret)
|
hash_obj = hashlib.sha3_512()
|
||||||
return h.hexdigest()
|
hash_obj.update(secret.encode('utf-8'))
|
||||||
|
return hash_obj.hexdigest()
|
||||||
|
|
||||||
def get_deployment(self):
|
def get_deployment(self):
|
||||||
return self._get_from_config('deployment', 'unknown')
|
return self._get_from_config('deployment', 'unknown')
|
||||||
|
|
|
@ -0,0 +1,26 @@
|
||||||
|
from monkey_island.cc.auth import User
|
||||||
|
from monkey_island.cc.testing.IslandTestCase import IslandTestCase
|
||||||
|
from monkey_island.cc.environment.aws import AwsEnvironment
|
||||||
|
|
||||||
|
import hashlib
|
||||||
|
|
||||||
|
|
||||||
|
class TestAwsEnvironment(IslandTestCase):
|
||||||
|
def test_get_auth_users(self):
|
||||||
|
env = AwsEnvironment()
|
||||||
|
# This is "injecting" the instance id to the env. This is the UTs aren't always executed on the same AWS machine
|
||||||
|
# (might not be an AWS machine at all). Perhaps it would have been more elegant to create a Mock, but not worth it for
|
||||||
|
# this small test.
|
||||||
|
env._instance_id = "i-666"
|
||||||
|
hash_obj = hashlib.sha3_512()
|
||||||
|
hash_obj.update(b"i-666")
|
||||||
|
auth_users = env.get_auth_users()
|
||||||
|
assert isinstance(auth_users, list)
|
||||||
|
assert len(auth_users) == 1
|
||||||
|
auth_user = auth_users[0]
|
||||||
|
assert isinstance(auth_user, User)
|
||||||
|
assert auth_user.id == 1
|
||||||
|
assert auth_user.username == "monkey"
|
||||||
|
assert auth_user.secret == hash_obj.hexdigest()
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue