From d56967bd0b58f7f2471f32c04aeaac3cd14d6aa9 Mon Sep 17 00:00:00 2001 From: Lukas Rist Date: Mon, 4 Mar 2024 16:55:27 +0100 Subject: [PATCH] formatting cleanup --- conpot/core/loggers/json_log.py | 1 - conpot/protocols/ftp/ftp_base_handler.py | 1 - conpot/protocols/http/command_responder.py | 35 ------------------- conpot/protocols/ipmi/fakesession.py | 14 ++++++-- .../protocols/kamstrup_management/commands.py | 1 - .../protocols/kamstrup_meter/decoder_382.py | 1 - conpot/protocols/s7comm/cotp.py | 2 -- conpot/protocols/s7comm/s7.py | 1 - conpot/protocols/s7comm/s7_server.py | 5 --- conpot/protocols/snmp/command_responder.py | 1 - conpot/protocols/snmp/conpot_cmdrsp.py | 2 -- conpot/protocols/snmp/snmp_server.py | 7 ---- conpot/tests/helpers/snmp_client.py | 1 - 13 files changed, 12 insertions(+), 60 deletions(-) diff --git a/conpot/core/loggers/json_log.py b/conpot/core/loggers/json_log.py index 581616d7..fe156177 100644 --- a/conpot/core/loggers/json_log.py +++ b/conpot/core/loggers/json_log.py @@ -27,7 +27,6 @@ def __init__(self, filename, sensorid, public_ip): self.public_ip = public_ip def log(self, event): - if self.public_ip is not None: dst_ip = self.public_ip else: diff --git a/conpot/protocols/ftp/ftp_base_handler.py b/conpot/protocols/ftp/ftp_base_handler.py index a93268a4..f3c5f6f6 100644 --- a/conpot/protocols/ftp/ftp_base_handler.py +++ b/conpot/protocols/ftp/ftp_base_handler.py @@ -120,7 +120,6 @@ class FTPHandlerBase(socketserver.BaseRequestHandler): _ac_out_buffer_size = 4096 # outgoing data buffer size (defaults 4096) def __init__(self, request, client_address, server): - # ------------------------ Environment ------------------------- self.client_sock = request._sock # only commands that are enabled should work! This is configured in the FTPConfig class. diff --git a/conpot/protocols/http/command_responder.py b/conpot/protocols/http/command_responder.py index bf7b9a88..385317ee 100644 --- a/conpot/protocols/http/command_responder.py +++ b/conpot/protocols/http/command_responder.py @@ -38,7 +38,6 @@ class HTTPServer(http.server.BaseHTTPRequestHandler): def log(self, version, request_type, addr, request, response=None): - session = conpot_core.get_session( "http", addr[0], @@ -80,13 +79,11 @@ def log(self, version, request_type, addr, request, response=None): # FIXME: Proper logging def get_entity_headers(self, rqfilename, headers, configuration): - xml_headers = configuration.xpath( '//http/htdocs/node[@name="' + rqfilename + '"]/headers/*' ) if xml_headers: - # retrieve all headers assigned to this entity for header in xml_headers: headers.append((header.attrib["name"], header.text)) @@ -94,7 +91,6 @@ def get_entity_headers(self, rqfilename, headers, configuration): return headers def get_trigger_appendix(self, rqfilename, rqparams, configuration): - xml_triggers = configuration.xpath( '//http/htdocs/node[@name="' + rqfilename + '"]/triggers/*' ) @@ -104,7 +100,6 @@ def get_trigger_appendix(self, rqfilename, rqparams, configuration): # retrieve all subselect triggers assigned to this entity for triggers in xml_triggers: - triggerlist = triggers.text.split(";") trigger_missed = False @@ -118,14 +113,12 @@ def get_trigger_appendix(self, rqfilename, rqparams, configuration): return None def get_entity_trailers(self, rqfilename, configuration): - trailers = [] xml_trailers = configuration.xpath( '//http/htdocs/node[@name="' + rqfilename + '"]/trailers/*' ) if xml_trailers: - # retrieve all headers assigned to this entity for trailer in xml_trailers: trailers.append((trailer.attrib["name"], trailer.text)) @@ -133,13 +126,11 @@ def get_entity_trailers(self, rqfilename, configuration): return trailers def get_status_headers(self, status, headers, configuration): - xml_headers = configuration.xpath( '//http/statuscodes/status[@name="' + str(status) + '"]/headers/*' ) if xml_headers: - # retrieve all headers assigned to this status for header in xml_headers: headers.append((header.attrib["name"], header.text)) @@ -147,14 +138,12 @@ def get_status_headers(self, status, headers, configuration): return headers def get_status_trailers(self, status, configuration): - trailers = [] xml_trailers = configuration.xpath( '//http/statuscodes/status[@name="' + str(status) + '"]/trailers/*' ) if xml_trailers: - # retrieve all trailers assigned to this status for trailer in xml_trailers: trailers.append((trailer.attrib["name"], trailer.text)) @@ -189,7 +178,6 @@ def send_response(self, code, message=None): # - self.send_header('Date', self.date_time_string()) def substitute_template_fields(self, payload): - # initialize parser with our payload parser = TemplateParser(payload) @@ -251,7 +239,6 @@ def load_status( # If the requested resource resides on our filesystem, # we try retrieve all metadata and the resource itself from there. if source == "filesystem": - # retrieve headers from entities configuration block headers = self.get_status_headers(status, headers, configuration) @@ -300,7 +287,6 @@ def load_status( # originally targeted resource to a remote system. elif source == "proxy": - # open a connection to the remote system. # If something goes wrong, fall back to 503. @@ -331,7 +317,6 @@ def load_status( # valid Content-Length header: for i, header in enumerate(headers): - if ( header[0].lower() == "transfer-encoding" and header[1].lower() == "chunked" @@ -342,12 +327,10 @@ def load_status( status = remotestatus except: - # before falling back to 503, we check if we are ALREADY dealing with a 503 # to prevent an infinite request handling loop... if status != 503: - # we're handling another error here. # generate a 503 response from configuration. (status, headers, trailers, payload, chunks) = self.load_status( @@ -360,7 +343,6 @@ def load_status( ) else: - # oops, we're heading towards an infinite loop here, # generate a minimal 503 response regardless of the configuration. status = 503 @@ -428,7 +410,6 @@ def load_entity(self, requeststring, headers, configuration, docpath): # If the requested resource resides on our filesystem, # we try retrieve all metadata and the resource itself from there. if source == "filesystem": - # handle STATUS tag # ( filesystem only, since proxied requests come with their own status ) entity_status = configuration.xpath( @@ -497,7 +478,6 @@ def load_entity(self, requeststring, headers, configuration, docpath): # so we act as a proxy between client and target system elif source == "proxy": - # open a connection to the remote system. # If something goes wrong, fall back to 503 @@ -644,7 +624,6 @@ def do_TRACE(self): # check configuration: are we allowed to use this method? if self.server.disable_method_trace is True: - # Method disabled by configuration. Fall back to 501. status = 501 (status, headers, _, payload, _) = self.load_status( @@ -652,7 +631,6 @@ def do_TRACE(self): ) else: - # Method is enabled status = 200 payload = "" @@ -709,7 +687,6 @@ def do_HEAD(self): # check configuration: are we allowed to use this method? if self.server.disable_method_head is True: - # Method disabled by configuration. Fall back to 501. status = 501 (status, headers, _, _, _) = self.load_status( @@ -717,7 +694,6 @@ def do_HEAD(self): ) else: - # try to find a configuration item for this HEAD request try: entity_xml = configuration.xpath( @@ -784,7 +760,6 @@ def do_OPTIONS(self): # check configuration: are we allowed to use this method? if self.server.disable_method_options is True: - # Method disabled by configuration. Fall back to 501. status = 501 (status, headers, _, payload, _) = self.load_status( @@ -792,7 +767,6 @@ def do_OPTIONS(self): ) else: - status = 200 payload = "" @@ -1013,12 +987,10 @@ def handle_startendtag(self, tag, attrs): # only parse tags that are conpot template tags ( ) if tag == "condata": - # initialize original tag (needed for value replacement) origin = "<" + tag for attribute in attrs: - # extend original tag origin = origin + " " + attribute[0] + '="' + attribute[1] + '"' @@ -1078,10 +1050,8 @@ def __init__(self, server_address, RequestHandlerClass, template, docpath): xml_config = self.configuration.xpath("//http/global/config/*") if xml_config: - # retrieve all global configuration entities for entity in xml_config: - if entity.attrib["name"] == "protocol_version": RequestHandlerClass.protocol_version = entity.text @@ -1125,7 +1095,6 @@ def __init__(self, server_address, RequestHandlerClass, template, docpath): self.global_headers = [] xml_headers = self.configuration.xpath("//http/global/headers/*") if xml_headers: - # retrieve all headers assigned to this status code for header in xml_headers: if ( @@ -1144,13 +1113,11 @@ def __init__(self, server_address, RequestHandlerClass, template, docpath): self.global_headers.append((header.attrib["name"], header.text)) def config_sanitize_tarpit(self, value): - # checks tarpit value for being either a single int or float, # or a series of two concatenated integers and/or floats seperated by semicolon and returns # either the (sanitized) value or zero. if value is not None: - x, _, y = value.partition(";") try: @@ -1172,7 +1139,6 @@ def config_sanitize_tarpit(self, value): return "0;0" def do_tarpit(self, delay): - # sleeps the thread for $delay ( should be either 1 float to apply a static period of time to sleep, # or 2 floats seperated by semicolon to sleep a randomized period of time determined by ( rand[x;y] ) @@ -1191,7 +1157,6 @@ def do_tarpit(self, delay): class CommandResponder(object): def __init__(self, host, port, template, docpath): - # Create HTTP server class self.httpd = SubHTTPServer((host, port), HTTPServer, template, docpath) self.server_port = self.httpd.server_port diff --git a/conpot/protocols/ipmi/fakesession.py b/conpot/protocols/ipmi/fakesession.py index 5121bf48..2f2ba225 100644 --- a/conpot/protocols/ipmi/fakesession.py +++ b/conpot/protocols/ipmi/fakesession.py @@ -124,7 +124,12 @@ def _ipmi20(self, rawdata): iv = rawdata[16:32] cipher = Cipher(algorithms.AES(self.aeskey), modes.CBC(iv)) decryptor = cipher.decryptor() - decrypted = decryptor.update(struct.pack("%dB" % len(payload[16:]), *payload[16:])) + decryptor.finalize() + decrypted = ( + decryptor.update( + struct.pack("%dB" % len(payload[16:]), *payload[16:]) + ) + + decryptor.finalize() + ) payload = struct.unpack("%dB" % len(decrypted), decrypted) padsize = payload[-1] + 1 payload = list(payload[:-padsize]) @@ -316,7 +321,12 @@ def send_payload( payloadtocrypt = self._aespad(payload) cipher = Cipher(algorithms.AES(self.aeskey), modes.CBC(iv)) encryptor = cipher.encryptor() - crypted = encryptor.update(struct.pack("%dB" % len(payloadtocrypt), *payloadtocrypt)) + encryptor.finalize() + crypted = ( + encryptor.update( + struct.pack("%dB" % len(payloadtocrypt), *payloadtocrypt) + ) + + encryptor.finalize() + ) crypted = list(struct.unpack("%dB" % len(crypted), crypted)) message += crypted else: diff --git a/conpot/protocols/kamstrup_management/commands.py b/conpot/protocols/kamstrup_management/commands.py index 650e9f59..d388806f 100644 --- a/conpot/protocols/kamstrup_management/commands.py +++ b/conpot/protocols/kamstrup_management/commands.py @@ -374,7 +374,6 @@ def run(self, params=None): if params: params_split = params.split(" ") if len(params_split) >= 10: - if params_split[0] == "1": databus.set_value("use_dhcp", "YES") else: diff --git a/conpot/protocols/kamstrup_meter/decoder_382.py b/conpot/protocols/kamstrup_meter/decoder_382.py index c19a0e48..91186b87 100644 --- a/conpot/protocols/kamstrup_meter/decoder_382.py +++ b/conpot/protocols/kamstrup_meter/decoder_382.py @@ -26,7 +26,6 @@ class Decoder382(object): - REGISTERS = { 0x01: "Energy in", 0x02: "Energy out", diff --git a/conpot/protocols/s7comm/cotp.py b/conpot/protocols/s7comm/cotp.py index 44254e61..95980b95 100644 --- a/conpot/protocols/s7comm/cotp.py +++ b/conpot/protocols/s7comm/cotp.py @@ -43,7 +43,6 @@ def pack(self): ) def parse(self, packet): - try: header = unpack("!BBB", packet[:3]) except struct.error: @@ -88,7 +87,6 @@ def __init__( # "n" Block repeats until end of packet def dissect(self, packet): - # dissect fixed header try: fixed_header = unpack("!HHB", packet[:5]) diff --git a/conpot/protocols/s7comm/s7.py b/conpot/protocols/s7comm/s7.py index 64801ea0..2d121e77 100644 --- a/conpot/protocols/s7comm/s7.py +++ b/conpot/protocols/s7comm/s7.py @@ -223,7 +223,6 @@ def request_ssl_17(self, data_ssl_index): current_ssl = S7.ssl_lists["W#16#xy11"] if data_ssl_index == 1: # 0x0001 - component identification - ssl_index_description = "Component identification" ssl_resp_data = pack( diff --git a/conpot/protocols/s7comm/s7_server.py b/conpot/protocols/s7comm/s7_server.py index a815e0f0..38067d7d 100644 --- a/conpot/protocols/s7comm/s7_server.py +++ b/conpot/protocols/s7comm/s7_server.py @@ -43,7 +43,6 @@ def cleanse_byte_string(packet): @conpot_protocol class S7Server(object): def __init__(self, template, template_directory, args): - self.timeout = 5 self.ssl_lists = {} self.server = None @@ -86,7 +85,6 @@ def handle(self, sock, address): try: while True: - data = sock.recv(4, socket.MSG_WAITALL) if len(data) == 0: session.add_event({"type": "CONNECTION_LOST"}) @@ -103,7 +101,6 @@ def handle(self, sock, address): tpkt_packet = TPKT().parse(cleanse_byte_string(data)) cotp_base_packet = COTP_BASE_packet().parse(tpkt_packet.payload) if cotp_base_packet.tpdu_type == 0xE0: - # connection request cotp_cr_request = COTP_ConnectionRequest().dissect( cotp_base_packet.payload @@ -174,10 +171,8 @@ def handle(self, sock, address): # request pdu if S7_packet.pdu_type == 1: - # 0xf0 == Request for connect / pdu negotiate if S7_packet.param == 0xF0: - # create S7 response packet s7_resp_negotiate_packet = S7( 3, 0, S7_packet.request_id, 0, S7_packet.parameters diff --git a/conpot/protocols/snmp/command_responder.py b/conpot/protocols/snmp/command_responder.py index dd0d094e..1d4fc9da 100644 --- a/conpot/protocols/snmp/command_responder.py +++ b/conpot/protocols/snmp/command_responder.py @@ -47,7 +47,6 @@ def getTimerResolution(self): class CommandResponder(object): def __init__(self, host, port, raw_mibs, compiled_mibs): - self.oid_mapping = {} self.databus_mediator = DatabusMediator(self.oid_mapping) # mapping between OID and databus keys diff --git a/conpot/protocols/snmp/conpot_cmdrsp.py b/conpot/protocols/snmp/conpot_cmdrsp.py index 633fa3b6..e67e4ee3 100644 --- a/conpot/protocols/snmp/conpot_cmdrsp.py +++ b/conpot/protocols/snmp/conpot_cmdrsp.py @@ -55,7 +55,6 @@ def log(self, version, msg_type, addr, req_varBinds, res_varBinds=None, sock=Non ) def do_tarpit(self, delay): - # sleeps the thread for $delay ( should be either 1 float to apply a static period of time to sleep, # or 2 floats seperated by semicolon to sleep a randomized period of time determined by ( rand[x;y] ) @@ -72,7 +71,6 @@ def do_tarpit(self, delay): gevent.sleep(random.uniform(float(lbound), float(ubound))) def check_evasive(self, state, threshold, addr, cmd): - # checks if current states are > thresholds and returns True if the request # is considered to be a DoS request. diff --git a/conpot/protocols/snmp/snmp_server.py b/conpot/protocols/snmp/snmp_server.py index cc0e277f..a9b5ad64 100644 --- a/conpot/protocols/snmp/snmp_server.py +++ b/conpot/protocols/snmp/snmp_server.py @@ -46,10 +46,8 @@ def xml_general_config(self, dom): snmp_config = dom.xpath("//snmp/config/*") if snmp_config: for entity in snmp_config: - # TARPIT: individual response delays if entity.attrib["name"].lower() == "tarpit": - if entity.attrib["command"].lower() == "get": self.cmd_responder.resp_app_get.tarpit = ( self.config_sanitize_tarpit(entity.text) @@ -69,7 +67,6 @@ def xml_general_config(self, dom): # EVASION: response thresholds if entity.attrib["name"].lower() == "evasion": - if entity.attrib["command"].lower() == "get": self.cmd_responder.resp_app_get.threshold = ( self.config_sanitize_threshold(entity.text) @@ -118,13 +115,11 @@ def xml_mib_config(self): ) def config_sanitize_tarpit(self, value): - # checks tarpit value for being either a single int or float, # or a series of two concatenated integers and/or floats separated by semicolon and returns # either the (sanitized) value or zero. if value is not None: - x, _, y = value.partition(";") try: @@ -148,12 +143,10 @@ def config_sanitize_tarpit(self, value): return "0;0" def config_sanitize_threshold(self, value): - # checks DoS thresholds for being either a single int or a series of two concatenated integers # separated by semicolon and returns either the (sanitized) value or zero. if value is not None: - x, _, y = value.partition(";") try: diff --git a/conpot/tests/helpers/snmp_client.py b/conpot/tests/helpers/snmp_client.py index 40dd52cc..4505e965 100644 --- a/conpot/tests/helpers/snmp_client.py +++ b/conpot/tests/helpers/snmp_client.py @@ -8,7 +8,6 @@ class SNMPClient(object): def __init__(self, host, port): - # Create SNMP engine instance self.snmpEngine = engine.SnmpEngine()