From cb112d5b4f3d8f7bedead7aa787ccf41f68ab7fd Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Mon, 27 Jun 2022 09:59:01 -0400 Subject: [PATCH] Island: Require authentication for POST /api/agent-configuration The agent should not be submitting new configurations to the Island. The Island commands the agent, not the other way around. --- monkey/monkey_island/cc/resources/agent_configuration.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/monkey/monkey_island/cc/resources/agent_configuration.py b/monkey/monkey_island/cc/resources/agent_configuration.py index 2a470e2ae..0f9279bba 100644 --- a/monkey/monkey_island/cc/resources/agent_configuration.py +++ b/monkey/monkey_island/cc/resources/agent_configuration.py @@ -6,6 +6,7 @@ from common.configuration.agent_configuration import AgentConfiguration as Agent from common.configuration.agent_configuration import InvalidConfigurationError from monkey_island.cc.repository import IAgentConfigurationRepository from monkey_island.cc.resources.AbstractResource import AbstractResource +from monkey_island.cc.resources.request_authentication import jwt_required class AgentConfiguration(AbstractResource): @@ -20,9 +21,8 @@ class AgentConfiguration(AbstractResource): configuration_json = AgentConfigurationObject.to_json(configuration) return make_response(configuration_json, 200) - # Used by the agent. Can't secure + @jwt_required def post(self): - try: configuration_object = AgentConfigurationObject.from_json(request.data) self._agent_configuration_repository.store_configuration(configuration_object)