Closed ilija-lazoroski closed 1 month ago
This is simplified multiissue.tar.zip. Unzip, untar and run python main.py
. You should not have monkey-plugintoolbox
installed anywhere.
We decided on a different solution than the one described below. See https://github.com/guardicore/monkey/issues/4126#issuecomment-2117748271
I was able to make the following changes to the main.py
in mutliissue.tar
and get it to work:
4a5
> from multiprocessing.context import BaseContext
47a49,56
> class CallableWrapper:
> def __init__(self, func):
> self._func = func
>
> def __call__(self):
> return self._func()
>
>
49c58,59
< def __init__(self, server: StubServer):
---
> def __init__(self, context: BaseContext, server: StubServer):
> self._context = context
53c63,65
< self._server.register(transform)
---
> SyncManager.register("CallableWrapper", CallableWrapper, exposed=["__call__"])
> manager = self._context.Manager()
> self._server.register(manager.CallableWrapper(transform))
66c78
< stub_registrar = StubRegistrar(stub_server)
---
> stub_registrar = StubRegistrar(stub_server, context)
SyncManager
(process) being createdWhile it's not ideal that new SyncManager
processes are created per registration, it may be unavoidable. The manager process needs to be able to import the function, which means it needs to be started with the same import path as the plugin process. In order to keep plugins isolated, each plugin must therefore have its own manager process.
The new manager process appears to be automatically cleaned up when it is no longer needed.
In order to reduce the number of processes that get opened, we should modify the interface for IHTTPAgentBinaryServerRegistrar
slightly. Currently, its reserve_download()
method accepts an AgentBinaryTransform
, which is a callable. By default, use_agent_binary()
is passed. This function is essentially a NOP. Instead, the interface for reserve_download()
should accept (and default to) None
for the agent_binary_transform
parameter. If agent_binary_transform is None
, then no manager process needs to be started.
IHTTPAgentBinaryServerRegistrar
and any implementations in accordance with the ##Analysis section of this comment.The proposed solution didn't solve all of the issues. Rather than invest more time into this, we decided to solve this a different way. A callable that manipulates the binary is probably more heavy-handed than necessary. The majority of use cases can be covered by using a template instead of a callback.
Describe the bug
Migrating
plugintoolbox.build_bash_dropper
I stumbled across a weird issue where multiprocessing couldn't findplugintoolbox
module but this module has been installed into the SNMP plugin. In the SNMP pluginbuild_bash_dropper
is used in partial and then passed toIHTTPAgentBinaryRegistrar.reserver_download
and because the Agent doesn't haveplugintoolbox
it raises:To Reproduce
Steps to reproduce the behavior:
Expected behavior
This should not happen. Period 😄
Possible solutions
build_bash_dropper
in the plugin implementation. This will duplicate code both inplugintoolbox
and the plugin source code until we fix it.The best solution will probably be to pass a proxy object instead of passing the function directly. That would be unfortunate, though, because we want the plugins to remain ignorant of multiprocessing. There may be some way that the IHTTPAgentBinaryServerRegistrar can wrap the function in a proxy object before passing it across the boundary.