Small renamings and minor improvements

2021-02-08 17:42:57 +02:00 · 2021-02-08 17:42:57 +02:00 · a0bb0bc7fe
parent 905ffd029a
commit a0bb0bc7fe
5 changed files with 40 additions and 25 deletions
--- a/monkey/monkey_island/cc/services/zero_trust/scoutsuite/consts/scoutsuite_finding_maps.py
+++ b/monkey/monkey_island/cc/services/zero_trust/scoutsuite/consts/scoutsuite_finding_maps.py
@ -19,7 +19,8 @@ from .rule_names.sqs_rules import SQSRules
 from .rule_names.vpc_rules import VPCRules


-class ScoutSuiteFinding(ABC):
+# Class which links ZT tests and rules to ScoutSuite finding
+class ScoutSuiteFindingMap(ABC):
    @property
    @abstractmethod
    def rules(self) -> List[EC2Rules]:
@ -31,7 +32,7 @@ class ScoutSuiteFinding(ABC):
        pass


-class PermissiveFirewallRules(ScoutSuiteFinding):
+class PermissiveFirewallRules(ScoutSuiteFindingMap):
    rules = [EC2Rules.SECURITY_GROUP_ALL_PORTS_TO_ALL, EC2Rules.SECURITY_GROUP_OPENS_TCP_PORT_TO_ALL,
             EC2Rules.SECURITY_GROUP_OPENS_UDP_PORT_TO_ALL, EC2Rules.SECURITY_GROUP_OPENS_RDP_PORT_TO_ALL,
             EC2Rules.SECURITY_GROUP_OPENS_SSH_PORT_TO_ALL, EC2Rules.SECURITY_GROUP_OPENS_MYSQL_PORT_TO_ALL,
@ -56,7 +57,7 @@ class PermissiveFirewallRules(ScoutSuiteFinding):
    test = zero_trust_consts.TEST_SCOUTSUITE_PERMISSIVE_FIREWALL_RULES


-class UnencryptedData(ScoutSuiteFinding):
+class UnencryptedData(ScoutSuiteFindingMap):
    rules = [EC2Rules.EBS_SNAPSHOT_NOT_ENCRYPTED, EC2Rules.EBS_VOLUME_NOT_ENCRYPTED,
             EC2Rules.EC2_INSTANCE_WITH_USER_DATA_SECRETS,
             ELBv2Rules.ELBV2_LISTENER_ALLOWING_CLEARTEXT, ELBv2Rules.ELBV2_OLDER_SSL_POLICY,
@ -69,7 +70,7 @@ class UnencryptedData(ScoutSuiteFinding):
    test = zero_trust_consts.TEST_SCOUTSUITE_UNENCRYPTED_DATA


-class DataLossPrevention(ScoutSuiteFinding):
+class DataLossPrevention(ScoutSuiteFindingMap):
    rules = [RDSRules.RDS_INSTANCE_BACKUP_DISABLED, RDSRules.RDS_INSTANCE_SHORT_BACKUP_RETENTION_PERIOD,
             RDSRules.RDS_INSTANCE_SINGLE_AZ, S3Rules.S3_BUCKET_NO_MFA_DELETE, S3Rules.S3_BUCKET_NO_VERSIONING,
             ELBv2Rules.ELBV2_NO_DELETION_PROTECTION]
@ -77,7 +78,7 @@ class DataLossPrevention(ScoutSuiteFinding):
    test = zero_trust_consts.TEST_SCOUTSUITE_DATA_LOSS_PREVENTION


-class SecureAuthentication(ScoutSuiteFinding):
+class SecureAuthentication(ScoutSuiteFindingMap):
    rules = [
        IAMRules.IAM_USER_NO_ACTIVE_KEY_ROTATION,
        IAMRules.IAM_PASSWORD_POLICY_MINIMUM_LENGTH,
@ -95,7 +96,7 @@ class SecureAuthentication(ScoutSuiteFinding):
    test = zero_trust_consts.TEST_SCOUTSUITE_SECURE_AUTHENTICATION


-class RestrictivePolicies(ScoutSuiteFinding):
+class RestrictivePolicies(ScoutSuiteFindingMap):
    rules = [
        IAMRules.IAM_ASSUME_ROLE_POLICY_ALLOWS_ALL,
        IAMRules.IAM_EC2_ROLE_WITHOUT_INSTANCES,
@ -157,7 +158,7 @@ class RestrictivePolicies(ScoutSuiteFinding):
    test = zero_trust_consts.TEST_SCOUTSUITE_RESTRICTIVE_POLICIES


-class Logging(ScoutSuiteFinding):
+class Logging(ScoutSuiteFindingMap):
    rules = [
        CloudTrailRules.CLOUDTRAIL_DUPLICATED_GLOBAL_SERVICES_LOGGING,
        CloudTrailRules.CLOUDTRAIL_NO_DATA_LOGGING,
@ -177,7 +178,7 @@ class Logging(ScoutSuiteFinding):
    test = zero_trust_consts.TEST_SCOUTSUITE_LOGGING


-class ServiceSecurity(ScoutSuiteFinding):
+class ServiceSecurity(ScoutSuiteFindingMap):
    rules = [
        CloudformationRules.CLOUDFORMATION_STACK_WITH_ROLE,
        ELBv2Rules.ELBV2_HTTP_REQUEST_SMUGGLING,
--- a/monkey/monkey_island/cc/services/zero_trust/scoutsuite/consts/scoutsuite_findings_list.py
+++ b/monkey/monkey_island/cc/services/zero_trust/scoutsuite/consts/scoutsuite_findings_list.py
@ -1,8 +1,8 @@
-from .scoutsuite_findings import (DataLossPrevention, Logging,
-                                  PermissiveFirewallRules,
-                                  RestrictivePolicies,
-                                  SecureAuthentication, ServiceSecurity,
-                                  UnencryptedData)
+from .scoutsuite_finding_maps import (DataLossPrevention, Logging,
+                                      PermissiveFirewallRules,
+                                      RestrictivePolicies,
+                                      SecureAuthentication, ServiceSecurity,
+                                      UnencryptedData)

 SCOUTSUITE_FINDINGS = [PermissiveFirewallRules, UnencryptedData, DataLossPrevention, SecureAuthentication,
                       RestrictivePolicies, Logging, ServiceSecurity]
--- a/monkey/monkey_island/cc/services/zero_trust/scoutsuite/data_parsing/rule_parser.py
+++ b/monkey/monkey_island/cc/services/zero_trust/scoutsuite/data_parsing/rule_parser.py
@ -1,3 +1,5 @@
+from enum import Enum
+
 import dpath.util

 from common.utils.exceptions import RulePathCreatorNotFound
@ -5,22 +7,33 @@ from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_buil
    RULE_PATH_CREATORS_LIST


+def __build_rule_to_rule_path_creator_hashmap():
+    hashmap = {}
+    for rule_path_creator in RULE_PATH_CREATORS_LIST:
+        for rule_name in rule_path_creator.supported_rules:
+            hashmap[rule_name] = rule_path_creator
+    return hashmap
+
+
+RULE_TO_RULE_PATH_CREATOR_HASHMAP = __build_rule_to_rule_path_creator_hashmap()
+
+
 class RuleParser:

    @staticmethod
-    def get_rule_data(scoutsuite_data, rule_name):
-        rule_path = RuleParser.get_rule_path(rule_name)
+    def get_rule_data(scoutsuite_data: dict, rule_name: Enum) -> dict:
+        rule_path = RuleParser._get_rule_path(rule_name)
        return dpath.util.get(scoutsuite_data, rule_path)

    @staticmethod
-    def get_rule_path(rule_name):
-        creator = RuleParser.get_rule_path_creator(rule_name)
+    def _get_rule_path(rule_name: Enum):
+        creator = RuleParser._get_rule_path_creator(rule_name)
        return creator.build_rule_path(rule_name)

    @staticmethod
-    def get_rule_path_creator(rule_name):
-        for rule_path_creator in RULE_PATH_CREATORS_LIST:
-            if rule_name in rule_path_creator.supported_rules:
-                return rule_path_creator
-        raise RulePathCreatorNotFound(f"Rule path creator not found for rule {rule_name.value}. Make sure to assign"
-                                      f"this rule to any rule path creators.")
+    def _get_rule_path_creator(rule_name: Enum):
+        try:
+            return RULE_TO_RULE_PATH_CREATOR_HASHMAP[rule_name]
+        except KeyError:
+            raise RulePathCreatorNotFound(f"Rule path creator not found for rule {rule_name.value}. Make sure to assign"
+                                          f"this rule to any rule path creators.")
--- a/monkey/monkey_island/cc/services/zero_trust/scoutsuite/data_parsing/rule_path_building/abstract_rule_path_creator.py
+++ b/monkey/monkey_island/cc/services/zero_trust/scoutsuite/data_parsing/rule_path_building/abstract_rule_path_creator.py
@ -1,4 +1,5 @@
 from abc import ABC, abstractmethod
+from enum import Enum
 from typing import List

 from ...consts.service_consts import FINDINGS, SERVICE_TYPES, SERVICES
@ -17,6 +18,6 @@ class AbstractRulePathCreator(ABC):
        pass

    @classmethod
-    def build_rule_path(cls, rule_name) -> List[str]:
+    def build_rule_path(cls, rule_name: Enum) -> List[str]:
        assert(rule_name in cls.supported_rules)
        return [SERVICES, cls.service_type.value, FINDINGS, rule_name.value]
--- a/monkey/monkey_island/cc/services/zero_trust/test_common/scoutsuite_finding_data.py
+++ b/monkey/monkey_island/cc/services/zero_trust/test_common/scoutsuite_finding_data.py
@ -1,6 +1,6 @@
 from monkey_island.cc.models.zero_trust.scoutsuite_finding_details import ScoutSuiteFindingDetails
 from monkey_island.cc.models.zero_trust.scoutsuite_rule import ScoutSuiteRule
-from ..scoutsuite.consts.scoutsuite_findings import PermissiveFirewallRules, UnencryptedData
+from ..scoutsuite.consts.scoutsuite_finding_maps import PermissiveFirewallRules, UnencryptedData

 SCOUTSUITE_FINDINGS = [
    PermissiveFirewallRules,