Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

2002 config encryption in UI #2050

Merged
merged 9 commits into from
Jun 30, 2022
Merged

2002 config encryption in UI #2050

merged 9 commits into from
Jun 30, 2022

Conversation

VakarisZ
Copy link
Contributor

@VakarisZ VakarisZ commented Jun 29, 2022
edited
Loading

What does this PR do?

Fixes #2002

Add any further explanations here.

PR Checklist

  • Have you added an explanation of what your changes do and why you'd like to include them?
  • Is the TravisCI build passing?
  • Was the CHANGELOG.md updated to reflect the changes?
  • Was the documentation framework updated to reflect the changes?
  • Have you checked that you haven't introduced any duplicate code?

Testing Checklist

  • Added relevant unit tests?
  • Have you successfully tested your changes locally? Elaborate:

    Tested by running these cases and more:
    UNSAFE_ENCRYPTED.conf
    UNSAFE_UNENCRYPTED.conf
    SAFE_UNENCRYPTED_OUTDATED.conf.bak
    SAFE_UNENCRYPTED.conf
    SAFE_ENCRYPTED.conf
    SAFE_ENCRYPTED_MALFORMED.conf
    SAFE_UNENCRYPTED_MALFORMED.conf
    SAFE_UNENCRYPTED_OUTDATED.conf

  • If applicable, add screenshots or log transcripts of the feature working

mssalvatore
mssalvatore reviewed Jun 29, 2022
View reviewed changes
monkey/monkey_island/cc/ui/src/components/utils/PasswordBasedEncryptor.tsx
import Utf8 from 'crypto-js/enc-utf8';

export function encryptText(content: string, password: string): string {
return AES.encrypt(content, password).toString();
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it safe to convert this to a string? It will have characters that cannot be represented, which is problematic if we're going to insert this into a JSON string. If we want to return a string, we might consider base64 encoding.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AES.encrypt(content, password) already returns base64, maybe the .toString(); is not required, but that's how it's shown in the documentation, I guess it doesn't bother me and explains that our end result is a string

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It might pay to be more specific and specify the encoder:

image

@VakarisZ
UI: Create password based encryptor using crypto-js library
69ca2d5 
Password based encryptor is required for configuration encryption
@VakarisZ
UI: Submit config before exporting
20c68ff 
Previously config was not getting submitted before exporting. This could cause a misunderstanding where user exports a different configuration to the one he sees on the screen
@VakarisZ
UI: Change ExportConfigModal.tsx to encrypt config on UI
6cef18b
@VakarisZ
UI: Change config export to include metadata about encryption
5a531bc 
New format of {metadata: {encrypted: true}, contents: {...}} will simplify the logic of configuration import since we'll know if it's encrypted beforehand
@VakarisZ
UI: Change configuration import to validate and decrypt on UI
37152c2
@VakarisZ VakarisZ force-pushed the 2002-config-encryption-in-ui branch from 8c53bcc to 37152c2 Compare June 30, 2022 08:33
@VakarisZ VakarisZ marked this pull request as ready for review June 30, 2022 08:36
@codecov
Copy link

codecov bot commented Jun 30, 2022
edited
Loading

Codecov Report

Merging #2050 (9f0169e) into develop (8cb9c44) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff            @@
##           develop    #2050   +/-   ##
========================================
  Coverage    57.52%   57.52%           
========================================
  Files          478      478           
  Lines        12888    12888           
========================================
  Hits          7414     7414           
  Misses        5474     5474

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 8cb9c44...9f0169e. Read the comment docs.

@VakarisZ VakarisZ merged commit fe36f86 into develop Jun 30, 2022
@VakarisZ VakarisZ deleted the 2002-config-encryption-in-ui branch June 30, 2022 12:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mssalvatore mssalvatore mssalvatore approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Move config import/export encryption to the UI
2 participants
@VakarisZ @mssalvatore