p59342861
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Island: Require authentication for POST /api/agent-configuration 

The agent should not be submitting new configurations to the Island. The
Island commands the agent, not the other way around.
This commit is contained in:
Mike Salvatore 2022-06-27 09:59:01 -04:00
parent 181ce399a1
commit cb112d5b4f
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
monkey/monkey_island/cc/resources/agent_configuration.py
View File

@ -6,6 +6,7 @@ from common.configuration.agent_configuration import AgentConfiguration as Agent
from common.configuration.agent_configuration import InvalidConfigurationError from common.configuration.agent_configuration import InvalidConfigurationError
from monkey_island.cc.repository import IAgentConfigurationRepository from monkey_island.cc.repository import IAgentConfigurationRepository
from monkey_island.cc.resources.AbstractResource import AbstractResource from monkey_island.cc.resources.AbstractResource import AbstractResource
from monkey_island.cc.resources.request_authentication import jwt_required
class AgentConfiguration(AbstractResource): class AgentConfiguration(AbstractResource):
@ -20,9 +21,8 @@ class AgentConfiguration(AbstractResource):
configuration_json = AgentConfigurationObject.to_json(configuration) configuration_json = AgentConfigurationObject.to_json(configuration)
return make_response(configuration_json, 200) return make_response(configuration_json, 200)
# Used by the agent. Can't secure @jwt_required
def post(self): def post(self):
try: try:
configuration_object = AgentConfigurationObject.from_json(request.data) configuration_object = AgentConfigurationObject.from_json(request.data)
self._agent_configuration_repository.store_configuration(configuration_object) self._agent_configuration_repository.store_configuration(configuration_object)