infosecn1nja
/
C3
mirror of https://github.com/infosecn1nja/C3.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

O365 fixes for code review

dependabot/npm_and_yarn/Src/WebController/UI/websocket-extensions-0.1.4
Pawel Kurowski 2020-05-13 12:45:28 +02:00
parent f0d79a4683
commit e822c9ba5b
6 changed files with 30 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
Src/Common/FSecure/C3/Interfaces/Channels/Office365.h
View File

@ -36,26 +36,24 @@ namespace FSecure::C3::Interfaces::Channels
static ByteView GetCapability();
protected:
/// Remove one file from server.
/// Remove one item from server.
/// @param id of task.
void RemoveFile(std::string const& id)
void RemoveItem(std::string const& id)
{
auto webClient = HttpClient{ Convert<Utf16>(Derived::ItemEndpont.Decrypt() + SecureString{id}), m_ProxyConfig };
auto webClient = HttpClient{ Convert<Utf16>(Derived::ItemEndpoint.Decrypt() + SecureString{id}), m_ProxyConfig };
auto request = CreateAuthRequest(Method::DEL);
auto resp = webClient.Request(request);
if (resp.GetStatusCode() > 205)
throw std::runtime_error{ OBF("RemoveFile() Error. Task ") + id + OBF(" could not be deleted. HTTP response:") + std::to_string(resp.GetStatusCode()) };
throw std::runtime_error{ OBF("RemoveItem() Error. Task ") + id + OBF(" could not be deleted. HTTP response:") + std::to_string(resp.GetStatusCode()) };
}
/// Removes all file from server.
/// @param ByteView unused.
/// @returns ByteVector empty vector.
void RemoveAllFiles()
/// Removes all items from server.
void RemoveAllItems()
{
auto fileList = ListData();
for (auto& element : fileList.at(OBF("value")))
RemoveFile(element.at(OBF("id")).get<std::string>());
RemoveItem(element.at(OBF("id")).get<std::string>());
}
/// Requests a new access token using the refresh token
@ -65,11 +63,9 @@ namespace FSecure::C3::Interfaces::Channels
try
{
//Token endpoint
auto webClient = HttpClient{ Convert<Utf16>(Derived::TokenEndpoit.Decrypt()), m_ProxyConfig };
auto webClient = HttpClient{ Convert<Utf16>(Derived::TokenEndpoint.Decrypt()), m_ProxyConfig };
auto request = HttpRequest{ Method::POST };
request.SetHeader(Header::ContentType, OBF(L"application/x-www-form-urlencoded; charset=utf-16"));
auto requestBody = SecureString{};
requestBody += OBF("grant_type=password");
requestBody += OBF("&scope=");

15
Src/Common/FSecure/C3/Interfaces/Channels/OneDrive365RestFile.cpp
View File

@ -10,14 +10,15 @@
// Namespaces.
using json = nlohmann::json;
using base64 = cppcodec::base64_rfc4648;
using namespace FSecure::StringConversions;
using namespace FSecure::WinHttp;
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
FSecure::Crypto::String FSecure::C3::Interfaces::Channels::OneDrive365RestFile::RootEndpoint = OBF("https://graph.microsoft.com/v1.0/me/drive/root:/");
FSecure::Crypto::String FSecure::C3::Interfaces::Channels::OneDrive365RestFile::ItemEndpont = OBF("https://graph.microsoft.com/v1.0/me/drive/items/");
FSecure::Crypto::String FSecure::C3::Interfaces::Channels::OneDrive365RestFile::ItemEndpoint = OBF("https://graph.microsoft.com/v1.0/me/drive/items/");
FSecure::Crypto::String FSecure::C3::Interfaces::Channels::OneDrive365RestFile::ListEndpoint = OBF("https://graph.microsoft.com/v1.0/me/drive/root/children");
FSecure::Crypto::String FSecure::C3::Interfaces::Channels::OneDrive365RestFile::TokenEndpoit = OBF("https://login.windows.net/organizations/oauth2/v2.0/token");
FSecure::Crypto::String FSecure::C3::Interfaces::Channels::OneDrive365RestFile::TokenEndpoint = OBF("https://login.windows.net/organizations/oauth2/v2.0/token");
FSecure::Crypto::String FSecure::C3::Interfaces::Channels::OneDrive365RestFile::Scope = OBF("files.readwrite.all");
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
@ -32,11 +33,11 @@ size_t FSecure::C3::Interfaces::Channels::OneDrive365RestFile::OnSendToChannel(B
auto webClient = HttpClient{ Convert<Utf16>(URLwithFilename), m_ProxyConfig };
auto request = CreateAuthRequest(Method::PUT);
auto chunkSize = std::min<size_t>(data.size(), 3 * (1024 * 1024 - 64)); // Send max 4 MB. base64 will expand data by 4/3. 256 bytes are reserved for json schema.
auto chunkSize = std::min<size_t>(data.size(), base64::decoded_max_size(4 * 1024 * 1024 - 256)); // Send max 4 MB. 256 bytes are reserved for json schema.
auto fileData = json{};
fileData[OBF("epoch_time")] = FSecure::Utils::TimeSinceEpoch();
fileData[OBF("high_res_time")] = GetTickCount64();
fileData[OBF("data")] = cppcodec::base64_rfc4648::encode(&data.front(), chunkSize);
fileData[OBF("data")] = base64::encode(&data.front(), chunkSize);
auto body = fileData.dump();
request.SetData(ContentType::TextPlain, { body.begin(), body.end() });
@ -84,8 +85,8 @@ std::vector<FSecure::ByteVector> FSecure::C3::Interfaces::Channels::OneDrive365R
for(auto &element : elements)
{
auto id = element.at(OBF("id")).get<std::string>();
packets.push_back(cppcodec::base64_rfc4648::decode(element.at(OBF("data")).get<std::string>()));
RemoveFile(id);
packets.push_back(base64::decode(element.at(OBF("data")).get<std::string>()));
RemoveItem(id);
}
}
catch (std::exception& exception)
@ -105,7 +106,7 @@ FSecure::ByteVector FSecure::C3::Interfaces::Channels::OneDrive365RestFile::OnRu
case 0:
try
{
RemoveAllFiles();
RemoveAllItems();
}
catch (std::exception const& e)
{

4
Src/Common/FSecure/C3/Interfaces/Channels/OneDrive365RestFile.h
View File

@ -32,9 +32,9 @@ namespace FSecure::C3::Interfaces::Channels
static Crypto::String RootEndpoint;
/// Endpoints used by Office365 methods.
static Crypto::String ItemEndpont;
static Crypto::String ItemEndpoint;
static Crypto::String ListEndpoint;
static Crypto::String TokenEndpoit;
static Crypto::String TokenEndpoint;
static Crypto::String Scope;
};
}

17
Src/Common/FSecure/C3/Interfaces/Channels/Outlook365RestTask.cpp
View File

@ -10,13 +10,14 @@
// Namespaces
using json = nlohmann::json;
using base64 = cppcodec::base64_rfc4648;
using namespace FSecure::StringConversions;
using namespace FSecure::WinHttp;
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
FSecure::Crypto::String FSecure::C3::Interfaces::Channels::Outlook365RestTask::ItemEndpont = OBF("https://outlook.office.com/api/v2.0/me/tasks/");
FSecure::Crypto::String FSecure::C3::Interfaces::Channels::Outlook365RestTask::ItemEndpoint = OBF("https://outlook.office.com/api/v2.0/me/tasks/");
FSecure::Crypto::String FSecure::C3::Interfaces::Channels::Outlook365RestTask::ListEndpoint = OBF("https://outlook.office.com/api/v2.0/me/tasks");
FSecure::Crypto::String FSecure::C3::Interfaces::Channels::Outlook365RestTask::TokenEndpoit = OBF("https://login.windows.net/organizations/oauth2/v2.0/token/");
FSecure::Crypto::String FSecure::C3::Interfaces::Channels::Outlook365RestTask::TokenEndpoint = OBF("https://login.windows.net/organizations/oauth2/v2.0/token/");
FSecure::Crypto::String FSecure::C3::Interfaces::Channels::Outlook365RestTask::Scope = OBF("https://outlook.office365.com/.default");
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
@ -27,13 +28,13 @@ size_t FSecure::C3::Interfaces::Channels::Outlook365RestTask::OnSendToChannel(By
try
{
// Construct the HTTP request
auto webClient = HttpClient{ Convert<Utf16>(ItemEndpont.Decrypt()), m_ProxyConfig };
auto webClient = HttpClient{ Convert<Utf16>(ItemEndpoint.Decrypt()), m_ProxyConfig };
auto request = CreateAuthRequest(Method::POST);
auto chunkSize = std::min<size_t>(data.size(), 3 * 1024 * 1024); // Send max 4 MB. base64 will expand data by 4/3.
auto chunkSize = std::min<size_t>(data.size(), base64::decoded_max_size(4 * 1024 * 1024) ); // Send max 4 MB.
auto fileData = json();
fileData[OBF("Subject")] = m_OutboundDirectionName;
fileData[OBF("Body")][OBF("Content")] = cppcodec::base64_rfc4648::encode(&data.front(), chunkSize);
fileData[OBF("Body")][OBF("Content")] = base64::encode(&data.front(), chunkSize);
fileData[OBF("Body")][OBF("ContentType")] = OBF("Text");
auto body = fileData.dump();
@ -60,10 +61,10 @@ std::vector<FSecure::ByteVector> FSecure::C3::Interfaces::Channels::Outlook365Re
auto fileList = ListData(OBF("?top=1000&filter=startswith(Subject,'") + m_InboundDirectionName + OBF("')&orderby=CreatedDateTime"));
for (auto& element : fileList.at(OBF("value")))
packets.emplace_back(cppcodec::base64_rfc4648::decode(element.at(OBF("Body")).at(OBF("Content")).get<std::string>()));
packets.emplace_back(base64::decode(element.at(OBF("Body")).at(OBF("Content")).get<std::string>()));
for (auto& element : fileList.at(OBF("value")))
RemoveFile(element.at(OBF("Id")));
RemoveItem(element.at(OBF("Id")));
}
catch (std::exception& exception)
{
@ -82,7 +83,7 @@ FSecure::ByteVector FSecure::C3::Interfaces::Channels::Outlook365RestTask::OnRun
case 0:
try
{
RemoveAllFiles();
RemoveAllItems();
}
catch (std::exception const& e)
{

4
Src/Common/FSecure/C3/Interfaces/Channels/Outlook365RestTask.h
View File

@ -30,9 +30,9 @@ namespace FSecure::C3::Interfaces::Channels
constexpr static std::chrono::milliseconds s_MinUpdateDelay = 1000ms, s_MaxUpdateDelay = 1000ms;
/// Endpoints used by Office365 methods.
static Crypto::String ItemEndpont;
static Crypto::String ItemEndpoint;
static Crypto::String ListEndpoint;
static Crypto::String TokenEndpoit;
static Crypto::String TokenEndpoint;
static Crypto::String Scope;
};
}

2
Src/Common/FSecure/Crypto/String.h
View File

@ -20,4 +20,4 @@ namespace FSecure::Crypto
SymmetricKey m_Key; // This is poor man implementation, key should be kept in key storage.
ByteVector m_Data;
};
}
}