Mike Salvatore
6622fc0ff5
Island: Do not set state from props in RansomwareReport
2021-07-06 10:10:33 -04:00
Shreya
d0a94e6223
agent, common, island: Move file util `expand_path` to `common/`
2021-07-06 19:40:10 +05:30
Mike Salvatore
b1ab2525fd
Merge pull request #1288 from guardicore/ransomware-target-dir-validators
...
Validate ransomware target directories
2021-07-06 09:50:47 -04:00
Shreya
ded6ce0cd0
agent: Use `expand_path()` instead of `os.path` functions in ransomware payload
2021-07-06 19:18:52 +05:30
Mike Salvatore
4bec9576aa
Island: Remove extra + from windows environment variable regex
2021-07-06 09:38:32 -04:00
Mike Salvatore
638db3d7e0
Island: Escape '-' character in environment variable regex
...
Co-authored-by: Shreya Malviya <shreya.malviya@gmail.com>
2021-07-06 09:38:32 -04:00
Mike Salvatore
d2dda4519f
Island: Allow Windows ransomware target paths to be UNC paths
2021-07-06 09:38:32 -04:00
Mike Salvatore
9d4ee88e09
Island: Do not allow Windows ransomware target paths beginning with "$"
...
As far as I can tell, environment variables in Windows look like %NAME%.
Variables in powershell begin with $, but file explorer doesn't
recognize paths beginning with $ as valid.
2021-07-06 09:38:32 -04:00
Mike Salvatore
df6082b50a
Island: Refactor linux/windows ransomware path regexes
...
Refactored because the escape characters were cumbersome and difficult
to read when regexes were defined as strings. Also allow special
characters in Windows environment variable names as per
https://ss64.com/nt/syntax-variables.html
2021-07-06 09:38:32 -04:00
Shreya
dc305d8e16
cc: Add validation format (starts wih `~`) for ransomware linux target directory
2021-07-06 09:38:32 -04:00
Shreya
f8a062876c
agent: Create `file_utils.py` and add `expand_path()` to it
2021-07-06 19:07:53 +05:30
Shreya
e91d7a6282
agent: Change type hint for FileEncryption's `__init__()`'s `filepath`
2021-07-06 19:04:55 +05:30
Mike Salvatore
b17b85d7e7
Merge pull request #1299 from guardicore/delimiter-windows-certificate
...
island: Add delimiter to windows create_certificate
2021-07-06 09:23:30 -04:00
Mike Salvatore
0fd88b8097
Merge pull request #1297 from guardicore/ransomware-report-api-endpoint
2021-07-06 09:22:11 -04:00
Mike Salvatore
832704dd1c
Merge pull request #1298 from guardicore/gevent-ssl-traceback
...
Gevent ssl traceback
2021-07-06 09:19:44 -04:00
Mike Salvatore
96fc33025e
Island: Redirect gevent tracebacks to file and log exceptions
...
By default, gevent prints exceptions and tracebacks to stderr. This is
obnoxious as it results in large tracebacks intermixed with the output
that the logger prints to the console. This commit redirects this data
to {DATA_DIR}/gevent_exceptions.log. Unfortunately, this would mean that
the user might be left without any indication these exceptions had
occurred, unless they take the time to inspect the
gevent_exceptions.log. Therefore, when an excepion occurs, a message
with just the exception (not the traceback) is logged to WARNING.
Fixes #859
2021-07-06 08:39:30 -04:00
Shreya
4d8258ddbd
cc: Change order of report tab imports to match the order in which they're shown
2021-07-06 16:23:27 +05:30
Shreya
c78c955551
CHANGELOG: Add ransomware report API endpoint
2021-07-06 16:16:35 +05:30
Shreya
6d32f85120
island: Remove responsibility to decide whether the report should be displayed, from the backend
2021-07-06 16:14:22 +05:30
Ilija Lazoroski
695e266943
island: Add delimiter to windows create_certificate
2021-07-06 12:43:32 +02:00
Shreya
231fa6f99f
cc: Add dummy code to frontend to check if ransomware report tab should be showed
2021-07-06 15:44:40 +05:30
Mike Salvatore
524fd0f55e
Merge pull request #1248 from guardicore/string-templating-dropper-upgrader
...
Added string templating functions for infection monkey dropper.
2021-07-05 19:27:11 -04:00
Mike Salvatore
ebbdbc8dcb
Island: Add GeventHubErrorHandler to log gevent exceptions
2021-07-05 12:26:40 -04:00
Mike Salvatore
f86ff4fbd7
Island: Set log and error_log parameters on WSGIServer constructor
...
Provides WSGIServer with a logger for INFO log messages and ERROR log
messages.
https://www.gevent.org/api/gevent.pywsgi.html#gevent.pywsgi.WSGIServer
2021-07-05 12:26:37 -04:00
Shreya
8afd69634c
tests: Add unit test for ransomware target dir path with env variables
2021-07-05 19:13:36 +05:30
Mike Salvatore
19e9fe5fb9
appimage: Upgrade python version to 3.7.11
2021-07-05 08:29:01 -04:00
Mike Salvatore
b4b690491e
Update changelog
2021-07-05 08:18:14 -04:00
Mike Salvatore
94bf91c447
Merge pull request #1286 from guardicore/ransomware-config-ui-description
...
Ransomware config UI description
2021-07-05 07:30:47 -04:00
Shreya
7b167ba0c4
island: Add API endpoint for ransomware report
2021-07-05 16:17:40 +05:30
Shreya
2f090f0060
cc: Only show ransomware report tab if `show` in ransomware report telemetry is `true`
2021-07-05 15:04:10 +05:30
Mike Salvatore
01b9c41c6e
Remove mock_home_env() from vulture_allowlist.py
2021-07-02 18:59:24 -04:00
Mike Salvatore
f4102aaa3a
Remove unused mock_home_env() pytest fixture
...
This was replaced with patched_home_env() but never removed.
2021-07-02 09:31:45 -04:00
VakarisZ
8ef6a50180
Fix a bug in ransomware directories that caused environmental variables to not be expanded
2021-07-02 15:11:30 +03:00
Shreya
3496c717a9
cc, common: Split ransomware dir path validator regex expressions and rename related stuff to accurately describe it
2021-07-02 16:39:03 +05:30
Shreya
54072b6632
cc: Make whitespace-only a valid input for ransomware target directory paths
2021-07-02 16:09:50 +05:30
Shreya
1768c0cdf6
cc: Fix regex bug when validating ransomware target directories
2021-07-02 16:04:46 +05:30
Shreya
46ac53c5d1
cc: Add ransomware report tab
2021-07-02 13:53:45 +05:30
Shreya
3d48a11fc2
cc: Add regex validators for ransomware directory path validation
2021-07-01 13:32:10 +05:30
Shreya
8af93c4304
cc: Add ransomware directory path validation error messages
2021-07-01 13:31:39 +05:30
Shreya
73c61ebcf0
island: Add ransomware directory path validators to ransomware schema
2021-07-01 13:31:10 +05:30
Shreya
0a1782a928
common: Add validator constants for valid ransomware directory paths
2021-07-01 13:30:55 +05:30
Mike Salvatore
e1263ec753
Island: Add a ransomware description to the ransomware config_schema
2021-06-30 14:10:15 -04:00
Mike Salvatore
938022fc52
Island: Allow HTML in config_schema descriptions to be renedered
2021-06-30 14:09:26 -04:00
Mike Salvatore
f698c889e3
Docs: Move ransomware from References to Use Cases
2021-06-30 11:40:06 -04:00
Mike Salvatore
b19044e4e8
Docs: Fix "The Infection Monkey" consistency in ransomware.md
2021-06-30 11:37:32 -04:00
Mike Salvatore
f023399a36
Merge pull request #1285 from guardicore/ransomware_dir_hide_ui
...
Ransomware: hide directory fields if encryption is disabled
2021-06-30 10:46:13 -04:00
Mike Salvatore
8735724c90
Merge pull request #1283 from guardicore/config-log-formatting
...
Agent: Format config log messages so they are readable
2021-06-30 10:19:05 -04:00
Mike Salvatore
bfa6bcaeb2
Island: Reword descriptions in ransomware config schema
2021-06-30 10:10:44 -04:00
Mike Salvatore
adc7996ab8
Docs: Rework ransomware documentation
2021-06-30 10:10:04 -04:00
Mike Salvatore
dcffe2a850
Merge pull request #1284 from guardicore/ransomware-targeted-files
...
Ransomware targeted files
2021-06-30 09:51:43 -04:00