From 60d16ea4d66b067db0b6b8cb67be67bbf0ed4dab Mon Sep 17 00:00:00 2001
From: Ilija Lazoroski <ilija.la@live.com>
Date: Wed, 23 Feb 2022 13:27:59 +0100
Subject: [PATCH] Island: Remove ShellShock Exploiter

---
 .../cc/services/config_schema/basic.py        |  1 -
 .../definitions/exploiter_classes.py          | 10 -------
 .../cc/services/reporting/aws_exporter.py     | 18 -----------
 .../exploiter_descriptor_enum.py              |  6 ----
 .../processors/shellshock_exploit.py          | 15 ----------
 .../report-components/SecurityReport.js       |  6 ----
 .../security/issues/ShellShockIssue.js        | 30 -------------------
 7 files changed, 86 deletions(-)
 delete mode 100644 monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/processors/shellshock_exploit.py
 delete mode 100644 monkey/monkey_island/cc/ui/src/components/report-components/security/issues/ShellShockIssue.js

diff --git a/monkey/monkey_island/cc/services/config_schema/basic.py b/monkey/monkey_island/cc/services/config_schema/basic.py
index 9151ff259..0f841e968 100644
--- a/monkey/monkey_island/cc/services/config_schema/basic.py
+++ b/monkey/monkey_island/cc/services/config_schema/basic.py
@@ -18,7 +18,6 @@ BASIC = {
                         "WmiExploiter",
                         "SSHExploiter",
                         "Log4ShellExploiter",
-                        "ShellShockExploiter",
                         "ElasticGroovyExploiter",
                         "Struts2Exploiter",
                         "WebLogicExploiter",
diff --git a/monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py b/monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py
index f21bc942d..e9a5ac5ea 100644
--- a/monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py
+++ b/monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py
@@ -53,16 +53,6 @@ EXPLOITER_CLASSES = {
             "link": "https://www.guardicore.com/infectionmonkey/docs/reference"
             "/exploiters/sshexec/",
         },
-        {
-            "type": "string",
-            "enum": ["ShellShockExploiter"],
-            "title": "ShellShock Exploiter",
-            "safe": True,
-            "info": "CVE-2014-6271, based on logic from "
-            "https://github.com/nccgroup/shocker/blob/master/shocker.py .",
-            "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters"
-            "/shellshock/",
-        },
         {
             "type": "string",
             "enum": ["ElasticGroovyExploiter"],
diff --git a/monkey/monkey_island/cc/services/reporting/aws_exporter.py b/monkey/monkey_island/cc/services/reporting/aws_exporter.py
index 927685560..00d738b07 100644
--- a/monkey/monkey_island/cc/services/reporting/aws_exporter.py
+++ b/monkey/monkey_island/cc/services/reporting/aws_exporter.py
@@ -68,7 +68,6 @@ class AWSExporter(Exporter):
                 CredentialType.PASSWORD.value: AWSExporter._handle_ssh_issue,
                 CredentialType.KEY.value: AWSExporter._handle_ssh_key_issue,
             },
-            ExploiterDescriptorEnum.SHELLSHOCK.value.class_name: AWSExporter._handle_shellshock_issue,  # noqa:E501
             "tunnel": AWSExporter._handle_tunnel_issue,
             ExploiterDescriptorEnum.ELASTIC.value.class_name: AWSExporter._handle_elastic_issue,
             ExploiterDescriptorEnum.SMB.value.class_name: {
@@ -295,23 +294,6 @@ class AWSExporter(Exporter):
             instance_id=issue["aws_instance_id"] if "aws_instance_id" in issue else None,
         )
 
-    @staticmethod
-    def _handle_shellshock_issue(issue, instance_arn):
-
-        return AWSExporter._build_generic_finding(
-            severity=10,
-            title="Machines are vulnerable to 'Shellshock'",
-            description="Update your Bash to a ShellShock-patched version.",
-            recommendation="The machine {0} ({1}) is vulnerable to a ShellShock attack. "
-            "The attack was made possible because the HTTP server running on "
-            "TCP port {2} was vulnerable to a "
-            "shell injection attack on the paths: {3}.".format(
-                issue["machine"], issue["ip_address"], issue["port"], issue["paths"]
-            ),
-            instance_arn=instance_arn,
-            instance_id=issue["aws_instance_id"] if "aws_instance_id" in issue else None,
-        )
-
     @staticmethod
     def _handle_smb_password_issue(issue, instance_arn):
 
diff --git a/monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py b/monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py
index 1555b4b61..91855329e 100644
--- a/monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py
+++ b/monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py
@@ -11,9 +11,6 @@ from monkey_island.cc.services.reporting.issue_processing.exploit_processing.pro
 from monkey_island.cc.services.reporting.issue_processing.exploit_processing.processors.log4shell import (  # noqa: E501
     Log4ShellProcessor,
 )
-from monkey_island.cc.services.reporting.issue_processing.exploit_processing.processors.shellshock_exploit import (  # noqa: E501
-    ShellShockExploitProcessor,
-)
 from monkey_island.cc.services.reporting.issue_processing.exploit_processing.processors.zerologon import (  # noqa: E501
     ZerologonExploitProcessor,
 )
@@ -34,9 +31,6 @@ class ExploiterDescriptorEnum(Enum):
     ELASTIC = ExploiterDescriptor(
         "ElasticGroovyExploiter", "Elastic Groovy Exploiter", ExploitProcessor
     )
-    SHELLSHOCK = ExploiterDescriptor(
-        "ShellShockExploiter", "ShellShock Exploiter", ShellShockExploitProcessor
-    )
     STRUTS2 = ExploiterDescriptor("Struts2Exploiter", "Struts2 Exploiter", ExploitProcessor)
     WEBLOGIC = ExploiterDescriptor(
         "WebLogicExploiter", "Oracle WebLogic Exploiter", ExploitProcessor
diff --git a/monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/processors/shellshock_exploit.py b/monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/processors/shellshock_exploit.py
deleted file mode 100644
index bd047fbf5..000000000
--- a/monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/processors/shellshock_exploit.py
+++ /dev/null
@@ -1,15 +0,0 @@
-from monkey_island.cc.services.reporting.issue_processing.exploit_processing.processors.exploit import (  # noqa: E501
-    ExploiterReportInfo,
-    ExploitProcessor,
-)
-
-
-class ShellShockExploitProcessor:
-    @staticmethod
-    def get_exploit_info_by_dict(class_name: str, exploit_dict: dict) -> ExploiterReportInfo:
-        exploit_info = ExploitProcessor.get_exploit_info_by_dict(class_name, exploit_dict)
-
-        urls = exploit_dict["data"]["info"]["vulnerable_urls"]
-        exploit_info.port = urls[0].split(":")[2].split("/")[0]
-        exploit_info.paths = ["/" + url.split(":")[2].split("/")[1] for url in urls]
-        return exploit_info
diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js b/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js
index 270db721a..a923d01f2 100644
--- a/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js
+++ b/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js
@@ -28,7 +28,6 @@ import {drupalIssueOverview, drupalIssueReport} from './security/issues/DrupalIs
 import {wmiPasswordIssueReport, wmiPthIssueReport} from './security/issues/WmiIssue';
 import {sshKeysReport, shhIssueReport, sshIssueOverview} from './security/issues/SshIssue';
 import {elasticIssueOverview, elasticIssueReport} from './security/issues/ElasticIssue';
-import {shellShockIssueOverview, shellShockIssueReport} from './security/issues/ShellShockIssue';
 import {log4shellIssueOverview, log4shellIssueReport} from './security/issues/Log4ShellIssue';
 import {
   crossSegmentIssueOverview,
@@ -125,11 +124,6 @@ class ReportPageComponent extends AuthComponent {
         [this.issueContentTypes.REPORT]: elasticIssueReport,
         [this.issueContentTypes.TYPE]: this.issueTypes.DANGER
       },
-      'ShellShockExploiter': {
-        [this.issueContentTypes.OVERVIEW]: shellShockIssueOverview,
-        [this.issueContentTypes.REPORT]: shellShockIssueReport,
-        [this.issueContentTypes.TYPE]: this.issueTypes.DANGER
-      },
       'PowerShellExploiter': {
         [this.issueContentTypes.OVERVIEW]: powershellIssueOverview,
         [this.issueContentTypes.REPORT]: powershellIssueReport,
diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/ShellShockIssue.js b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/ShellShockIssue.js
deleted file mode 100644
index b2496fb21..000000000
--- a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/ShellShockIssue.js
+++ /dev/null
@@ -1,30 +0,0 @@
-import React from 'react';
-import CollapsibleWellComponent from '../CollapsibleWell';
-
-export function shellShockIssueOverview() {
-  return (<li>Machines are vulnerable to ‘Shellshock’ (<a
-    href="https://www.cvedetails.com/cve/CVE-2014-6271">CVE-2014-6271</a>).
-  </li>)
-}
-
-
-function getShellshockPathListBadges(paths) {
-  return paths.map(path => <span className="badge badge-warning" style={{margin: '2px'}} key={path}>{path}</span>);
-}
-
-export function shellShockIssueReport(issue) {
-  return (
-    <>
-      Update your Bash to a ShellShock-patched version.
-      <CollapsibleWellComponent>
-        The machine <span className="badge badge-primary">{issue.machine}</span> (<span
-        className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
-        className="badge badge-danger">ShellShock</span> attack.
-        <br/>
-        The attack was made possible because the HTTP server running on TCP port <span
-        className="badge badge-info">{issue.port}</span> was vulnerable to a shell injection attack on the
-        paths: {getShellshockPathListBadges(issue.paths)}.
-      </CollapsibleWellComponent>
-    </>
-  );
-}