From 2e781f8e365c2116f4f3a5bc98102033fac86c40 Mon Sep 17 00:00:00 2001 From: vakarisz Date: Tue, 11 Jun 2024 17:46:07 +0300 Subject: [PATCH 1/6] Add build_permission_change_command to ILinuxAgentCommandBuilder --- agentpluginapi/i_linux_agent_command_builder.py | 17 ++++++++++++++++- vulture_allowlist.py | 5 +++++ 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/agentpluginapi/i_linux_agent_command_builder.py b/agentpluginapi/i_linux_agent_command_builder.py index ece057a..6e11894 100644 --- a/agentpluginapi/i_linux_agent_command_builder.py +++ b/agentpluginapi/i_linux_agent_command_builder.py @@ -4,7 +4,7 @@ from typing import Optional from monkeytypes import InfectionMonkeyBaseModel -from pydantic import model_validator +from pydantic import Field, model_validator from .dropper_execution_mode import DropperExecutionMode @@ -20,6 +20,11 @@ class LinuxDownloadOptions(InfectionMonkeyBaseModel): download_url: str +class LinuxPermissionChangeOptions(InfectionMonkeyBaseModel): + file_path: PurePosixPath + permissions: int = Field(ge=0, le=0o777, default=700) + + class LinuxRunOptions(InfectionMonkeyBaseModel): agent_destination_path: PurePosixPath dropper_execution_mode: DropperExecutionMode @@ -47,6 +52,16 @@ def build_download_command(self, download_options: LinuxDownloadOptions): :param download_options: Options needed for the command to be built """ + @abc.abstractmethod + def build_permission_change_command( + self, permission_change_options: LinuxPermissionChangeOptions + ): + """ + Build Agent's binary permission change command + + :param permission_change_options: Options needed for the command to be built + """ + @abc.abstractmethod def build_run_command(self, run_options: LinuxRunOptions): """ diff --git a/vulture_allowlist.py b/vulture_allowlist.py index 4f111c9..6457c0a 100644 --- a/vulture_allowlist.py +++ b/vulture_allowlist.py @@ -29,6 +29,7 @@ WindowsRunOptions, WindowsShell, ) +from agentpluginapi.i_linux_agent_command_builder import LinuxPermissionChangeOptions IAgentEventPublisher.publish IAgentEventPublisher.event @@ -126,6 +127,8 @@ LinuxDownloadOptions.download_url LinuxDownloadOptions.download_method +LinuxPermissionChangeOptions.file_path +LinuxPermissionChangeOptions.permissions LinuxRunOptions.agent_destination_path LinuxRunOptions.dropper_destination_path @@ -134,6 +137,8 @@ ILinuxAgentCommandBuilder.build_download_command ILinuxAgentCommandBuilder.build_run_command +ILinuxAgentCommandBuilder.build_permission_change_command +ILinuxAgentCommandBuilder.permission_change_options ILinuxAgentCommandBuilder.get_command ILinuxAgentCommandBuilder.reset_command ILinuxAgentCommandBuilder.download_options From c2f81eda53d29144cbf95758b58e654a25b501a0 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Tue, 11 Jun 2024 11:19:43 -0400 Subject: [PATCH 2/6] Rename "permission change" to "set permissions" --- agentpluginapi/__init__.py | 1 + agentpluginapi/i_linux_agent_command_builder.py | 8 +++----- vulture_allowlist.py | 10 +++++----- 3 files changed, 9 insertions(+), 10 deletions(-) diff --git a/agentpluginapi/__init__.py b/agentpluginapi/__init__.py index 74c2328..7cb76d9 100644 --- a/agentpluginapi/__init__.py +++ b/agentpluginapi/__init__.py @@ -16,6 +16,7 @@ LinuxDownloadMethod, LinuxDownloadOptions, LinuxRunOptions, + LinuxSetPermissionsOptions, ) from .i_propagation_credentials_repository import IPropagationCredentialsRepository from .i_tcp_port_selector import ITCPPortSelector diff --git a/agentpluginapi/i_linux_agent_command_builder.py b/agentpluginapi/i_linux_agent_command_builder.py index 6e11894..55d33b2 100644 --- a/agentpluginapi/i_linux_agent_command_builder.py +++ b/agentpluginapi/i_linux_agent_command_builder.py @@ -20,7 +20,7 @@ class LinuxDownloadOptions(InfectionMonkeyBaseModel): download_url: str -class LinuxPermissionChangeOptions(InfectionMonkeyBaseModel): +class LinuxSetPermissionsOptions(InfectionMonkeyBaseModel): file_path: PurePosixPath permissions: int = Field(ge=0, le=0o777, default=700) @@ -53,13 +53,11 @@ def build_download_command(self, download_options: LinuxDownloadOptions): """ @abc.abstractmethod - def build_permission_change_command( - self, permission_change_options: LinuxPermissionChangeOptions - ): + def build_set_permissions_command(self, set_permissions_options: LinuxSetPermissionsOptions): """ Build Agent's binary permission change command - :param permission_change_options: Options needed for the command to be built + :param set_permissions_options: Options needed for the command to be built """ @abc.abstractmethod diff --git a/vulture_allowlist.py b/vulture_allowlist.py index 6457c0a..80e1eae 100644 --- a/vulture_allowlist.py +++ b/vulture_allowlist.py @@ -29,7 +29,7 @@ WindowsRunOptions, WindowsShell, ) -from agentpluginapi.i_linux_agent_command_builder import LinuxPermissionChangeOptions +from agentpluginapi.i_linux_agent_command_builder import LinuxSetPermissionsOptions IAgentEventPublisher.publish IAgentEventPublisher.event @@ -127,8 +127,8 @@ LinuxDownloadOptions.download_url LinuxDownloadOptions.download_method -LinuxPermissionChangeOptions.file_path -LinuxPermissionChangeOptions.permissions +LinuxSetPermissionsOptions.file_path +LinuxSetPermissionsOptions.permissions LinuxRunOptions.agent_destination_path LinuxRunOptions.dropper_destination_path @@ -137,8 +137,8 @@ ILinuxAgentCommandBuilder.build_download_command ILinuxAgentCommandBuilder.build_run_command -ILinuxAgentCommandBuilder.build_permission_change_command -ILinuxAgentCommandBuilder.permission_change_options +ILinuxAgentCommandBuilder.build_set_permissions_command +ILinuxAgentCommandBuilder.set_permissions_options ILinuxAgentCommandBuilder.get_command ILinuxAgentCommandBuilder.reset_command ILinuxAgentCommandBuilder.download_options From 96ef6c5aa6294d70d7ab46c00b9ceb38b2a79f43 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Tue, 11 Jun 2024 11:21:12 -0400 Subject: [PATCH 3/6] Fix "abstractclassmethod" typo in command builder interfaces --- agentpluginapi/i_linux_agent_command_builder.py | 2 +- agentpluginapi/i_windows_agent_command_builder.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/agentpluginapi/i_linux_agent_command_builder.py b/agentpluginapi/i_linux_agent_command_builder.py index 55d33b2..8c0a612 100644 --- a/agentpluginapi/i_linux_agent_command_builder.py +++ b/agentpluginapi/i_linux_agent_command_builder.py @@ -74,7 +74,7 @@ def get_command(self) -> str: Gets the resulting command """ - @abc.abstractclassmethod + @abc.abstractmethod def reset_command(self): """ Resets the command diff --git a/agentpluginapi/i_windows_agent_command_builder.py b/agentpluginapi/i_windows_agent_command_builder.py index 8f53d7b..f7ad408 100644 --- a/agentpluginapi/i_windows_agent_command_builder.py +++ b/agentpluginapi/i_windows_agent_command_builder.py @@ -67,7 +67,7 @@ def get_command(self) -> str: Gets the resulting command """ - @abc.abstractclassmethod + @abc.abstractmethod def reset_command(self): """ Resets the command From 3df28243e27151ebf78763f385d525c1a57a679f Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Tue, 11 Jun 2024 11:21:43 -0400 Subject: [PATCH 4/6] Use octal for default permissions --- agentpluginapi/i_linux_agent_command_builder.py | 2 +- tests/test_i_linux_agent_command_builder.py | 11 ++++++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/agentpluginapi/i_linux_agent_command_builder.py b/agentpluginapi/i_linux_agent_command_builder.py index 8c0a612..5435dc4 100644 --- a/agentpluginapi/i_linux_agent_command_builder.py +++ b/agentpluginapi/i_linux_agent_command_builder.py @@ -22,7 +22,7 @@ class LinuxDownloadOptions(InfectionMonkeyBaseModel): class LinuxSetPermissionsOptions(InfectionMonkeyBaseModel): file_path: PurePosixPath - permissions: int = Field(ge=0, le=0o777, default=700) + permissions: int = Field(ge=0, le=0o777, default=0o700) class LinuxRunOptions(InfectionMonkeyBaseModel): diff --git a/tests/test_i_linux_agent_command_builder.py b/tests/test_i_linux_agent_command_builder.py index 626e383..2eba631 100644 --- a/tests/test_i_linux_agent_command_builder.py +++ b/tests/test_i_linux_agent_command_builder.py @@ -2,7 +2,7 @@ import pytest -from agentpluginapi import DropperExecutionMode, LinuxRunOptions +from agentpluginapi import DropperExecutionMode, LinuxRunOptions, LinuxSetPermissionsOptions @pytest.mark.parametrize( @@ -15,3 +15,12 @@ def test_linux_run_options(dropper_execution_mode: DropperExecutionMode): dropper_execution_mode=dropper_execution_mode, dropper_destination_path=PurePosixPath("/tmp/dropper"), ) + + +@pytest.mark.parametrize("permissions", [0o1000, -0o1]) +def test_linux_permissions_options(permissions: int): + with pytest.raises(ValueError): + LinuxSetPermissionsOptions( + agent_destination_path=PurePosixPath("/tmp/agent"), + permissions=permissions, + ) From 2282572a410d0af04783865e696ab23fac789efe Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Tue, 11 Jun 2024 11:22:36 -0400 Subject: [PATCH 5/6] Make agent path name consistent in LinuxSetPermissionsOptions The name of this member is changed to be consistent with the other `Options` models. --- agentpluginapi/i_linux_agent_command_builder.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/agentpluginapi/i_linux_agent_command_builder.py b/agentpluginapi/i_linux_agent_command_builder.py index 5435dc4..032b78b 100644 --- a/agentpluginapi/i_linux_agent_command_builder.py +++ b/agentpluginapi/i_linux_agent_command_builder.py @@ -21,7 +21,7 @@ class LinuxDownloadOptions(InfectionMonkeyBaseModel): class LinuxSetPermissionsOptions(InfectionMonkeyBaseModel): - file_path: PurePosixPath + agent_destination_path: PurePosixPath permissions: int = Field(ge=0, le=0o777, default=0o700) From a4175150f688652e04e9020439f7015b7f6ad1a0 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Tue, 11 Jun 2024 11:24:16 -0400 Subject: [PATCH 6/6] Add changelog entry for set_permissions_command() --- CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index ec79b05..bfa1f4e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to the [PEP 440 version scheme](https://peps.python.org/pep-0440/#version-scheme). +## [Unreleased] +### Added +- ILinuxAgentCommandBuilder.build_set_permissions_command(). + https://github.com/guardicore/monkey/issues/4187 + ## [v0.8.0] - 2024-06-10 ### Changed - `ReservationID` from a UUID to a string.