Self-signed SSL certificate#1208
Conversation
…y/monkey_island/cc/setup/certificate_setup.py
Codecov Report
@@ Coverage Diff @@
## develop #1208 +/- ##
===========================================
+ Coverage 28.72% 28.91% +0.19%
===========================================
Files 428 430 +2
Lines 12959 13001 +42
===========================================
+ Hits 3722 3759 +37
- Misses 9237 9242 +5
Continue to review full report at Codecov.
|
The file is named "test_island_config_options.py". Including "island_config_options" in every test/function name is reduntant.
_expand_path() is a utility function used by IslandConfigOptions. It doesn't need to be part of the class. It can potentially be reused by other modules that require the same functionality.
3841dd7 to
2e3a22d
Compare
94dca1e to
dc8e2b0
Compare
| return False | ||
| elif sid == admins_sid: | ||
| continue | ||
| # TODO: consider removing; so many system accounts/groups exist, it's likely to fail |
There was a problem hiding this comment.
If we can know if the ACE is of a built-in account/group, skip those and check others.
| # checks that admin has any permissions, user has `expected_permissions`, | ||
| # and everyone else has no permissions |
There was a problem hiding this comment.
checks that admin has any permissions
I think this comment is misleading. If I'm reading the code correctly, we don't check the admin permissions at all, we just skip/ignore them. We can probably nix this comment.
|
|
||
| def raise_on_invalid_options(options: IslandConfigOptions): | ||
| _raise_if_not_isfile(options.crt_path) | ||
| _raise_if_incorrect_permissions(options.crt_path, 0o400, 1179817) |
There was a problem hiding this comment.
Lets use constants instead of magic numbers.
| expected_permissions = ( | ||
| windows_expected_permissions if is_windows_os() else linux_expected_permissions | ||
| ) |
There was a problem hiding this comment.
Need unit tests for this.
Removed code to display it in octal since it makes no sense on Windows. Added `oct()` around linux permissions when expected_permissions is being defined.
We don't check admin permissions at all, and admin is included in "everyone else".
Fixes #1145
PR Checklist
Testing Checklist
Explain Changes
Are the commit messages enough? If not, elaborate.