bunny-lab/Borealis-Github-Replica
1
0
Fork 0
mirror of https://github.com/bunny-lab-io/Borealis.git synced 2025-10-26 23:41:58 -06:00
Code Issues Packages Projects Releases Wiki Activity

fix: harden dpapi protect fallback

Browse Source
This commit is contained in:
Nicole Rappe
2025-10-17 20:58:26 -06:00
parent bfc559e0be
commit a8ebff04a3
1 changed files with 24 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
Data/Agent/security.py
View File

@@ -42,8 +42,18 @@ def _protect(data: bytes, *, scope_system: bool) -> bytes:
flags = 0 flags = 0
if scope_system: if scope_system:
flags = getattr(win32crypt, "CRYPTPROTECT_LOCAL_MACHINE", 0x4) flags = getattr(win32crypt, "CRYPTPROTECT_LOCAL_MACHINE", 0x4)
try:
protected = win32crypt.CryptProtectData(data, None, None, None, None, flags) # type: ignore[attr-defined] protected = win32crypt.CryptProtectData(data, None, None, None, None, flags) # type: ignore[attr-defined]
return protected[1] except Exception:
return data
blob = protected[1]
if isinstance(blob, memoryview):
return blob.tobytes()
if isinstance(blob, bytearray):
return bytes(blob)
if isinstance(blob, bytes):
return blob
return data
def _unprotect(data: bytes, *, scope_system: bool) -> bytes: def _unprotect(data: bytes, *, scope_system: bool) -> bytes:
@@ -52,8 +62,18 @@ def _unprotect(data: bytes, *, scope_system: bool) -> bytes:
flags = 0 flags = 0
if scope_system: if scope_system:
flags = getattr(win32crypt, "CRYPTPROTECT_LOCAL_MACHINE", 0x4) flags = getattr(win32crypt, "CRYPTPROTECT_LOCAL_MACHINE", 0x4)
try:
unwrapped = win32crypt.CryptUnprotectData(data, None, None, None, None, flags) # type: ignore[attr-defined] unwrapped = win32crypt.CryptUnprotectData(data, None, None, None, None, flags) # type: ignore[attr-defined]
return unwrapped[1] except Exception:
return data
blob = unwrapped[1]
if isinstance(blob, memoryview):
return blob.tobytes()
if isinstance(blob, bytearray):
return bytes(blob)
if isinstance(blob, bytes):
return blob
return data
def _fingerprint_der(public_der: bytes) -> str: def _fingerprint_der(public_der: bytes) -> str: