Log4Shell: Add options

Issue #3388
PR #3435

monkey/agent_plugins/exploiters/log4shell/src/log4shell_options.py

@@ -0,0 +1,32 @@
+from typing import List
+
+from pydantic import Field
+
+from common.base_models import InfectionMonkeyBaseModel
+from common.types import NetworkPort
+
+
+class Log4ShellOptions(InfectionMonkeyBaseModel):
+    target_ports: List[NetworkPort] = Field(
+        default=[],
+        description="A list of HTTP ports that the Log4Shell exploiter will try to exploit.",
+    )
+    try_all_discovered_http_ports: bool = Field(
+        default=False,
+        description=(
+            "Attempt to exploit Log4Shell on all HTTP ports discovered from network scanning."
+        ),
+    )
+    exploit_download_timeout: float = Field(
+        gt=0.0,
+        default=5.0,
+        description="The maximum time (in seconds) to wait for the victim to download the exploit.",
+    )
+    agent_binary_download_timeout: float = Field(
+        gt=0.0,
+        default=15.0,
+        description=(
+            "The maximum time (in seconds) to wait for a successfully exploited server to download "
+            "the agent binary."
+        ),
+    )

monkey/tests/unit_tests/agent_plugins/exploiters/log4shell/test_log4shell_options.py

@@ -0,0 +1,56 @@
+import pydantic
+import pytest
+from agent_plugins.exploiters.log4shell.src.log4shell_options import Log4ShellOptions
+
+LOG4SHELL_OPTIONS_DICT = {
+    "target_ports": [1234],
+    "try_all_discovered_http_ports": True,
+    "exploit_download_timeout": 10.0,
+    "agent_binary_download_timeout": 60.0,
+}
+LOG4SHELL_OPTIONS_OBJECT = Log4ShellOptions(
+    target_ports=[1234],
+    try_all_discovered_http_ports=True,
+    exploit_download_timeout=10.0,
+    agent_binary_download_timeout=60.0,
+)
+
+TARGET_PORTS_EXCEPTION = {"target_ports": [-1, 70000]}
+EXPLOIT_DOWNLOAD_TIMEOUT_EXCEPTION = {"exploit_download_timeout": 0}
+AGENT_DOWNLOAD_TIMEOUT_EXCEPTION = {"agent_binary_download_timeout": -100}
+
+
+def test_log4shell_options__serialization():
+    assert LOG4SHELL_OPTIONS_OBJECT.dict(simplify=True) == LOG4SHELL_OPTIONS_DICT
+
+
+def test_log4shell_options__full_serialization():
+    assert (
+        Log4ShellOptions(**LOG4SHELL_OPTIONS_OBJECT.dict(simplify=True)) == LOG4SHELL_OPTIONS_OBJECT
+    )
+
+
+def test_hadoop_options__deserialization():
+    assert Log4ShellOptions(**LOG4SHELL_OPTIONS_DICT) == LOG4SHELL_OPTIONS_OBJECT
+
+
+def test_log4shell_options__default():
+    log4shell_options = Log4ShellOptions()
+
+    assert log4shell_options.target_ports == []
+    assert log4shell_options.try_all_discovered_http_ports is False
+    assert log4shell_options.exploit_download_timeout == 5.0
+    assert log4shell_options.agent_binary_download_timeout == 15.0
+
+
+@pytest.mark.parametrize(
+    "options_dict",
+    [
+        TARGET_PORTS_EXCEPTION,
+        EXPLOIT_DOWNLOAD_TIMEOUT_EXCEPTION,
+        AGENT_DOWNLOAD_TIMEOUT_EXCEPTION,
+    ],
+)
+def test_log4shell_options_constrains(options_dict):
+    with pytest.raises((pydantic.errors.NumberNotGeError, pydantic.errors.NumberNotGtError)):
+        Log4ShellOptions(**options_dict)

vulture_allowlist.py

@@ -1,4 +1,5 @@
 from agent_plugins.exploiters.hadoop.plugin import Plugin as HadoopPlugin
+from agent_plugins.exploiters.log4shell.src.log4shell_options import Log4ShellOptions
 from agent_plugins.exploiters.mssql.src.mssql_options import MSSQLOptions
 from agent_plugins.exploiters.smb.plugin import Plugin as SMBPlugin
 from agent_plugins.exploiters.snmp.src.snmp_exploit_client import SNMPResult
@@ -155,3 +156,7 @@
 commands.build_dropper_script_download_command
 commands.download_command_windows_powershell_webclient
 commands.download_command_windows_powershell_webrequest
+
+# Remove after #3388 is completed
+Log4ShellOptions
+Log4ShellOptions.exploit_download_timeout