Feature/secure island db #86
Conversation
|
monkey_island/cc/services/config.py
Outdated
| ConfigService._encrypt_config(config, False) | ||
|
|
||
| @staticmethod | ||
| def _encrypt_config(config, is_decrypt=False): |
There was a problem hiding this comment.
Is this really the best name for this function? Just to avoid code duplication
There was a problem hiding this comment.
What would you suggest?
There was a problem hiding this comment.
I think two functions is better. I just think this will end up confusing
There was a problem hiding this comment.
maybe rename it do _encrypt_or_decrypt_config?
Longer name but I think it solves the confusion, and is only used from withing encrypt_config and decrypt_config
| @@ -794,29 +797,42 @@ | |||
| } | |||
| } | |||
|
|
|||
| ENCRYPTED_CONFIG_ARRAYS = \ | |||
There was a problem hiding this comment.
This is duplicated here (with schema information) and in add_system_info_creds_to_config
Can we avoid this somehow?
There was a problem hiding this comment.
I'm not sure I know what you're talking about
There was a problem hiding this comment.
There are two seperate places in the code where what fields need to be encrypted are listed.
There was a problem hiding this comment.
These 2 places are (sort of) unrelated. It's true that currently the credentials are the only config values being encrypted. Maybe in the future we'll have further secrets we'd want to encrypt but not use in add_system_info_creds_to_config.
There was a problem hiding this comment.
Yeah, the problem is that keeping track of whats encrypted requires a double lookup. If we can't avoid it oh well
There was a problem hiding this comment.
Can't avoid it right now
| @@ -17,60 +20,60 @@ | |||
| "type": "string", | |||
There was a problem hiding this comment.
Can we move this entire schema to a seperate file? Out of 970 lines, 785 are the schema, making the file hard to read.
There was a problem hiding this comment.
Yeah. But let's not do it in this branch. I've added as task to tasklist
| @@ -124,6 +125,8 @@ def process_exploit_telemetry(telemetry_json): | |||
| if new_exploit['result']: | |||
| EdgeService.set_edge_exploited(edge) | |||
|
|
|||
| Telemetry.encrypt_exploit_creds(telemetry_json) | |||
There was a problem hiding this comment.
At this point, what happened to the plain text creds in the telemetry_json which were written to the mongodb under new_exploit?
There was a problem hiding this comment.
If you're asking what happened up to this point, nothing happened. They were sent plain text from the monkey (over HTTPS).
There was a problem hiding this comment.
Meant the line where mongo.db.edge.update
With something that's a deep clone of telemetry_json['data']
which is what's being encrypted later.
We're encrypting the data when we add the creds but it seems the data is also saved without encryption under edges.
| def __init__(self): | ||
| pass | ||
|
|
||
| @staticmethod | ||
| def get_config(is_initial_config=False): | ||
| def get_config(is_initial_config=False, should_decrypt=True): |
There was a problem hiding this comment.
Please document when get_config and get_config_value should each be used
monkey_island/cc/services/config.py
Outdated
| def get_config_value(config_key_as_arr, is_initial_config=False): | ||
| config_key = reduce(lambda x, y: x+'.'+y, config_key_as_arr) | ||
| def get_config_value(config_key_as_arr, is_initial_config=False, should_decrypt=True): | ||
| config_key = reduce(lambda x, y: x + '.' + y, config_key_as_arr) |
There was a problem hiding this comment.
I prefer you use functools.reduce
| return config | ||
|
|
||
| @staticmethod | ||
| def get_config_value(config_key_as_arr, is_initial_config=False): | ||
| config_key = reduce(lambda x, y: x+'.'+y, config_key_as_arr) | ||
| def get_config_value(config_key_as_arr, is_initial_config=False, should_decrypt=True): |
There was a problem hiding this comment.
You're inconsistent on when are you explicit/implict on should_decrypt.
get_config, 2 implicit true, 1 explicit false
get_config_value - all explicitly true
get_flat_config - 1 implicit true
Why? I'm not sure it really matters except I'd rather be explicit where possible, so we know when are we passing plain credentials and we can verify it's always to the monkey.
monkey_island/cc/services/config.py
Outdated
| ConfigService.default_config = config | ||
|
|
||
| @staticmethod | ||
| def get_default_config(should_decrypt=True): |
There was a problem hiding this comment.
Fun with naming
should_decrypt leads to encrypt_config, this does not make sense.
| enum34 | ||
| PyCrypto |
There was a problem hiding this comment.
Add a new line at end.
Feature