Merge pull request #1991 from guardicore/1974-log-hashes-on-initialize

1974 log hashes on initialize

monkey/common/utils/file_utils.py

@@ -1,7 +1,9 @@
 import hashlib
 import os
 from pathlib import Path
-from typing import Iterable
+from typing import BinaryIO, Iterable
+
+MAX_BLOCK_SIZE = 65536
 
 
 class InvalidPath(Exception):
@@ -15,10 +17,26 @@ def expand_path(path: str) -> Path:
     return Path(os.path.expandvars(os.path.expanduser(path)))
 
 
-def get_file_sha256_hash(filepath: Path):
+def get_file_sha256_hash(filepath: Path) -> str:
-    sha256 = hashlib.sha256()
+    """
+    Calculates sha256 hash from a file path
+
+    :param filepath: A Path object which defines file on the system
+    :return sha256 hash of the file
+    """
     with open(filepath, "rb") as f:
-        for block in iter(lambda: f.read(65536), b""):
+        return get_binary_io_sha256_hash(f)
+
+
+def get_binary_io_sha256_hash(binary: BinaryIO) -> str:
+    """
+    Calculates sha256 hash from a file-like object
+
+    :param binary: file-like object from which we calculate the hash
+    :return: sha256 hash from the file-like object
+    """
+    sha256 = hashlib.sha256()
+    for block in iter(lambda: binary.read(MAX_BLOCK_SIZE), b""):
         sha256.update(block)
 
     return sha256.hexdigest()

monkey/monkey_island/cc/repository/__init__.py

@@ -1,2 +1,3 @@
 from .file_storage import FileRetrievalError, IFileRepository, LocalStorageFileRepository
-from .i_agent_binary_repository import IAgentBinaryRepository, AgentRetrivalError
+from .i_agent_binary_repository import IAgentBinaryRepository, AgentRetrievalError
+from .agent_binary_repository import AgentBinaryRepository

monkey/monkey_island/cc/repository/agent_binary_repository.py

@@ -1,6 +1,6 @@
 from typing import BinaryIO
 
-from . import AgentRetrivalError, FileRetrivalError, IAgentBinaryRepository, IFileRepository
+from . import AgentRetrievalError, FileRetrievalError, IAgentBinaryRepository, IFileRepository
 
 LINUX_AGENT_FILE_NAME = "monkey-linux-64"
 WINDOWS_AGENT_FILE_NAME = "monkey-windows-64.exe"
@@ -10,18 +10,18 @@ class AgentBinaryRepository(IAgentBinaryRepository):
     def __init__(self, file_repository: IFileRepository):
         self._file_repository = file_repository
 
-    def __get_binary(self, filename) -> BinaryIO:
+    def get_linux_binary(self) -> BinaryIO:
+        return self._get_binary(LINUX_AGENT_FILE_NAME)
+
+    def get_windows_binary(self) -> BinaryIO:
+        return self._get_binary(WINDOWS_AGENT_FILE_NAME)
+
+    def _get_binary(self, filename: str) -> BinaryIO:
         try:
             agent_binary = self._file_repository.open_file(filename)
             return agent_binary
-        except FileRetrivalError as err:
+        except FileRetrievalError as err:
-            raise AgentRetrivalError(
+            raise AgentRetrievalError(
                 f"An error occurred while retrieving the {filename}"
                 f" agent binary from {self._file_repository}: {err}"
             )
-
-    def get_linux_binary(self) -> BinaryIO:
-        self.__get_binary(LINUX_AGENT_FILE_NAME)
-
-    def get_windows_binary(self) -> BinaryIO:
-        self.__get_binary(WINDOWS_AGENT_FILE_NAME)

monkey/monkey_island/cc/repository/i_agent_binary_repository.py

@@ -2,7 +2,7 @@ import abc
 from typing import BinaryIO
 
 
-class AgentRetrivalError(IOError):
+class AgentRetrievalError(IOError):
     pass
 
 

monkey/monkey_island/cc/resources/agent_binaries.py

@@ -1,4 +1,3 @@
-import hashlib
 import logging
 from pathlib import Path
 
@@ -31,23 +30,6 @@ class AgentBinaries(AbstractResource):
             logger.error(ex)
             return make_response({"error": str(ex)}, 404)
 
-    @staticmethod
-    def log_executable_hashes():
-        """
-        Logs all the hashes of the monkey executables for debugging ease (can check what Monkey
-        version you have etc.).
-        """
-        filenames = set(AGENTS.values())
-        for filename in filenames:
-            filepath = get_executable_full_path(filename)
-            if filepath.is_file():
-                with open(filepath, "rb") as monkey_exec_file:
-                    file_contents = monkey_exec_file.read()
-                    file_sha256_hash = hashlib.sha256(file_contents).hexdigest()
-                    logger.debug(f"{filename} SHA-256 hash: {file_sha256_hash}")
-            else:
-                logger.debug(f"No monkey executable for {filepath}")
-
 
 def get_agent_executable_path(os: str) -> Path:
     try:

monkey/monkey_island/cc/server_setup.py

@@ -21,7 +21,6 @@ from common.version import get_version  # noqa: E402
 from monkey_island.cc.app import init_app  # noqa: E402
 from monkey_island.cc.arg_parser import IslandCmdArgs  # noqa: E402
 from monkey_island.cc.arg_parser import parse_cli_args  # noqa: E402
-from monkey_island.cc.resources import AgentBinaries  # noqa: E402
 from monkey_island.cc.server_utils.consts import (  # noqa: E402
     GEVENT_EXCEPTION_LOG,
     MONGO_CONNECTION_TIMEOUT,
@@ -154,8 +153,6 @@ def _start_island_server(
 
 
 def _log_init_info():
-    AgentBinaries.log_executable_hashes()
-
     logger.info("Monkey Island Server is running!")
     logger.info(f"version: {get_version()}")
 

monkey/monkey_island/cc/services/initialize.py

@@ -1,9 +1,12 @@
+import logging
 from pathlib import Path
 
 from common import DIContainer
 from common.aws import AWSInstance
+from common.utils.file_utils import get_binary_io_sha256_hash
 from monkey_island.cc.repository import (
     AgentBinaryRepository,
+    AgentRetrievalError,
     IAgentBinaryRepository,
     IFileRepository,
     LocalStorageFileRepository,
@@ -16,6 +19,8 @@ from monkey_island.cc.services.run_local_monkey import LocalMonkeyRunService
 from . import AuthenticationService, JsonFileUserDatastore
 from .reporting.report import ReportService
 
+logger = logging.getLogger(__name__)
+
 AGENT_BINARIES_PATH = Path(MONKEY_ISLAND_ABS_PATH) / "cc" / "binaries"
 
 
@@ -40,4 +45,32 @@ def initialize_services(data_dir: Path) -> DIContainer:
 
 def _build_agent_binary_repository():
     file_repository = LocalStorageFileRepository(AGENT_BINARIES_PATH)
-    return AgentBinaryRepository(file_repository)
+    agent_binary_repository = AgentBinaryRepository(file_repository)
+
+    _log_agent_binary_hashes(agent_binary_repository)
+
+    return agent_binary_repository
+
+
+def _log_agent_binary_hashes(agent_binary_repository: IAgentBinaryRepository):
+    """
+    Logs all the hashes of the agent executables for debbuging ease
+
+    :param agent_binary_repository: Used to retrieve the agent binaries
+    """
+    agent_binaries = {
+        "Linux": agent_binary_repository.get_linux_binary,
+        "Windows": agent_binary_repository.get_windows_binary,
+    }
+    agent_hashes = {}
+
+    for os, get_agent_binary in agent_binaries.items():
+        try:
+            agent_binary = get_agent_binary()
+            binary_sha256_hash = get_binary_io_sha256_hash(agent_binary)
+            agent_hashes[os] = binary_sha256_hash
+        except AgentRetrievalError as err:
+            logger.error(f"No agent available for {os}: {err}")
+
+    for os, binary_sha256_hash in agent_hashes.items():
+        logger.info(f"{os} agent: SHA-256 hash: {binary_sha256_hash}")

monkey/tests/unit_tests/common/utils/test_common_file_utils.py

@@ -1,4 +1,5 @@
 import os
+from io import BytesIO
 
 import pytest
 from tests.utils import add_files_to_dir, add_subdirs_to_dir
@@ -7,6 +8,7 @@ from common.utils.file_utils import (
     InvalidPath,
     expand_path,
     get_all_regular_files_in_directory,
+    get_binary_io_sha256_hash,
     get_file_sha256_hash,
 )
 
@@ -34,6 +36,11 @@ def test_get_file_sha256_hash(stable_file, stable_file_sha256_hash):
     assert get_file_sha256_hash(stable_file) == stable_file_sha256_hash
 
 
+def test_get_binary_sha256_hash():
+    expected_hash = "a591a6d40bf420404a011733cfb7b190d62c65bf0bcda32b57b277d9ad9f146e"
+    assert get_binary_io_sha256_hash(BytesIO(b"Hello World")) == expected_hash
+
+
 SUBDIRS = ["subdir1", "subdir2"]
 FILES = ["file.jpg.zip", "file.xyz", "1.tar", "2.tgz", "2.png", "2.mpg"]