Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Self-signed SSL certificate #1208

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 60 commits into from
Jun 9, 2021
Merged

Self-signed SSL certificate #1208

merged 60 commits into from
Jun 9, 2021

Conversation

@shreyamalviya
Copy link
Contributor

@shreyamalviya shreyamalviya commented Jun 4, 2021
edited
Loading

Fixes #1145

PR Checklist

  • Have you added an explanation of what your changes do and why you'd like to include them?
  • Is the TravisCI build passing?
  • Was the CHANGELOG.md updated to reflect the changes?
  • Was the documentation framework updated to reflect the changes?

Testing Checklist

  • Added relevant unit tests?
  • Have you successfully tested your changes locally? Elaborate:

    Tested by {Running the Monkey locally with relevant config/running Island/...}

  • If applicable, add screenshots or log transcripts of the feature working

Explain Changes

Are the commit messages enough? If not, elaborate.

mssalvatore
mssalvatore requested changes Jun 4, 2021
View reviewed changes
shreyamalviya and others added 11 commits June 7, 2021 13:22
@codecov
Copy link

codecov bot commented Jun 7, 2021
edited
Loading

Codecov Report

Merging #1208 (3841dd7) into develop (00434b9) will increase coverage by 0.19%.
The diff coverage is 77.35%.

❗ Current head 3841dd7 differs from pull request most recent head 6aa7649. Consider uploading reports for the commit 6aa7649 to get more accurate results
Impacted file tree graph

@@             Coverage Diff             @@
##           develop    #1208      +/-   ##
===========================================
+ Coverage    28.72%   28.91%   +0.19%     
===========================================
  Files          428      430       +2     
  Lines        12959    13001      +42     
===========================================
+ Hits          3722     3759      +37     
- Misses        9237     9242       +5
Impacted Files Coverage Δ
monkey/monkey_island/cc/server_setup.py 0.00% <0.00%> (ø)
monkey/monkey_island/cc/setup/config_setup.py 0.00% <0.00%> (ø)
monkey/common/utils/exceptions.py 100.00% <100.00%> (ø)
monkey/monkey_island/cc/server_utils/consts.py 92.85% <100.00%> (+1.19%) ⬆️
monkey/monkey_island/cc/server_utils/file_utils.py 100.00% <100.00%> (ø)
...ey/monkey_island/cc/setup/island_config_options.py 100.00% <100.00%> (ø)
...island/cc/setup/island_config_options_validator.py 100.00% <100.00%> (ø)
monkey/tests/unit_tests/monkey_island/conftest.py 100.00% <100.00%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 00434b9...6aa7649. Read the comment docs.

mssalvatore added 11 commits June 7, 2021 11:08
@mssalvatore
docs: Add a skeleton setup page for Linux AppImage package
a420403
@mssalvatore
docs: Add setup instructions for linux AppImage package
871fce1
@mssalvatore
docs: Small change to docker setup to keep consistent with linux.md
eb04420
@mssalvatore
island: Add a generalized testing function to test_island_config_options
ea0d6f0
@mssalvatore
island: Remove redundant "test_island_config_options" from tests
f2a2efc 
The file is named "test_island_config_options.py". Including
"island_config_options" in every test/function name is reduntant.
@mssalvatore
island: Add tests for ssl_certificate_file
4231f31
@mssalvatore
island: Add tests for ssl_certificate_key_file
f0a109a
@mssalvatore
island: Change _expand_path() from a static to regular function
e4866b1 
_expand_path() is a utility function used by IslandConfigOptions. It
doesn't need to be part of the class. It can potentially be reused by
other modules that require the same functionality.
@mssalvatore
island: Move _expand_path() to file_utils.py so it can be reused
0519153
@mssalvatore
island: move set_home_env() to conftest.py so it can be reused
8744011
@mssalvatore
island: Add unit tests for expand_path()
bf0fe10
@shreyamalviya shreyamalviya marked this pull request as ready for review June 9, 2021 11:06
@shreyamalviya shreyamalviya requested a review from mssalvatore June 9, 2021 11:07
@mssalvatore mssalvatore force-pushed the custom-certificate branch from 94dca1e to dc8e2b0 Compare June 9, 2021 13:29
shreyamalviya
shreyamalviya commented Jun 9, 2021
View reviewed changes
monkey/monkey_island/cc/server_utils/file_utils.py Outdated
return False
elif sid == admins_sid:
continue
# TODO: consider removing; so many system accounts/groups exist, it's likely to fail
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we can know if the ACE is of a built-in account/group, skip those and check others.

mssalvatore
mssalvatore requested changes Jun 9, 2021
View reviewed changes
monkey/monkey_island/cc/server_utils/file_utils.py Outdated
Comment on lines 25 to 26
# checks that admin has any permissions, user has `expected_permissions`,
# and everyone else has no permissions
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

checks that admin has any permissions

I think this comment is misleading. If I'm reading the code correctly, we don't check the admin permissions at all, we just skip/ignore them. We can probably nix this comment.

monkey/monkey_island/cc/setup/island_config_options_validator.py Outdated

def raise_on_invalid_options(options: IslandConfigOptions):
_raise_if_not_isfile(options.crt_path)
_raise_if_incorrect_permissions(options.crt_path, 0o400, 1179817)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lets use constants instead of magic numbers.

monkey/monkey_island/cc/setup/island_config_options_validator.py
Comment on lines +25 to +27
expected_permissions = (
windows_expected_permissions if is_windows_os() else linux_expected_permissions
)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Need unit tests for this.

shreyamalviya and others added 9 commits June 9, 2021 19:37
mssalvatore
mssalvatore reviewed Jun 9, 2021
View reviewed changes
@mssalvatore
island: remove misleading comment
9131f86 
We don't check admin permissions at all, and admin is included in
"everyone else".
@mssalvatore
island: Use config file in ~/.monkey_island if it exists
6aa7649
@mssalvatore mssalvatore merged commit 1c5daf1 into develop Jun 9, 2021
@mssalvatore mssalvatore deleted the custom-certificate branch June 9, 2021 19:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mssalvatore mssalvatore mssalvatore approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Allow users to provide their own signed certificates

3 participants

@shreyamalviya @mssalvatore