Added rule path creators, which helps to extract scoutsuite rules from scoutsuite report data

monkey/common/utils/exceptions.py

@@ -20,3 +20,7 @@ class CredentialsNotRequiredError(RegistrationNotNeededError):
 
 class AlreadyRegisteredError(RegistrationNotNeededError):
     """ Raise to indicate the reason why registration is not required """
+
+
+class RulePathCreatorNotFound(Exception):
+    """ Raise to indicate that ScoutSuite rule doesn't have a path creator"""

monkey/monkey_island/cc/services/zero_trust/scoutsuite/consts/ec2_rules.py

@@ -0,0 +1,22 @@
+from enum import Enum
+
+
+class EC2Rules(Enum):
+    SECURITY_GROUP_ALL_PORTS_TO_ALL = 'ec2-security-group-opens-all-ports-to-all'
+    SECURITY_GROUP_OPENS_TCP_PORT_TO_ALL = 'ec2-security-group-opens-TCP-port-to-all'
+    SECURITY_GROUP_OPENS_UDP_PORT_TO_ALL = 'ec2-security-group-opens-UDP-port-to-all'
+    SECURITY_GROUP_OPENS_RDP_PORT_TO_ALL = 'ec2-security-group-opens-RDP-port-to-all'
+    SECURITY_GROUP_OPENS_SSH_PORT_TO_ALL = 'ec2-security-group-opens-SSH-port-to-all'
+    SECURITY_GROUP_OPENS_MYSQL_PORT_TO_ALL = 'ec2-security-group-opens-MySQL-port-to-all'
+    SECURITY_GROUP_OPENS_MSSQL_PORT_TO_ALL = 'ec2-security-group-opens-MsSQL-port-to-all'
+    SECURITY_GROUP_OPENS_MONGODB_PORT_TO_ALL = 'ec2-security-group-opens-MongoDB-port-to-all'
+    SECURITY_GROUP_OPENS_ORACLE_DB_PORT_TO_ALL = 'ec2-security-group-opens-Oracle DB-port-to-all'
+    SECURITY_GROUP_OPENS_POSTGRESQL_PORT_TO_ALL = 'ec2-security-group-opens-PostgreSQL-port-to-all'
+    SECURITY_GROUP_OPENS_NFS_PORT_TO_ALL = 'ec2-security-group-opens-NFS-port-to-all'
+    SECURITY_GROUP_OPENS_SMTP_PORT_TO_ALL = 'ec2-security-group-opens-SMTP-port-to-all'
+    SECURITY_GROUP_OPENS_DNS_PORT_TO_ALL = 'ec2-security-group-opens-DNS-port-to-all'
+    SECURITY_GROUP_OPENS_ALL_PORTS_TO_SELF = 'ec2-security-group-opens-all-ports-to-self'
+    SECURITY_GROUP_OPENS_ALL_PORTS = 'ec2-security-group-opens-all-ports'
+    SECURITY_GROUP_OPENS_PLAINTEXT_PORT_FTP = 'ec2-security-group-opens-plaintext-port-FTP'
+    SECURITY_GROUP_OPENS_PLAINTEXT_PORT_TELNET = 'ec2-security-group-opens-plaintext-port-Telnet'
+    SECURITY_GROUP_OPENS_PORT_RANGE = 'ec2-security-group-opens-port-range'

monkey/monkey_island/cc/services/zero_trust/scoutsuite/data_parsing/rule_parsing.py

@@ -0,0 +1,28 @@
+from typing import Union
+
+from common.utils.code_utils import get_object_value_by_path
+from common.utils.exceptions import RulePathCreatorNotFound
+from monkey_island.cc.services.zero_trust.scoutsuite.consts.ec2_rules import EC2Rules
+from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.rule_path_creators_list import \
+    RULE_PATH_CREATORS_LIST
+
+
+class RuleParser:
+
+    @staticmethod
+    def get_rule_data(scoutsuite_data, rule_name: Union[EC2Rules]):
+        rule_path = RuleParser.get_rule_path(rule_name)
+        return get_object_value_by_path(scoutsuite_data, rule_path)
+
+    @staticmethod
+    def get_rule_path(rule_name: Union[EC2Rules]):
+        creator = RuleParser.get_rule_path_creator(rule_name)
+        return creator.build_rule_path(rule_name)
+
+    @staticmethod
+    def get_rule_path_creator(rule_name: Union[EC2Rules]):
+        for rule_path_creator in RULE_PATH_CREATORS_LIST:
+            if rule_name in rule_path_creator.supported_rules:
+                return rule_path_creator
+        raise RulePathCreatorNotFound(f"Rule path creator not found for rule {rule_name.value}. Make sure to assign"
+                                      f"this rule to any rule path creators.")

monkey/monkey_island/cc/services/zero_trust/scoutsuite/data_parsing/rule_path_building/abstract_rule_path_creator.py

@@ -0,0 +1,23 @@
+from abc import ABC, abstractmethod
+from typing import List, Union
+
+from monkey_island.cc.services.zero_trust.scoutsuite.consts.ec2_rules import EC2Rules
+from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import SERVICES, FINDINGS, SERVICE_TYPES
+
+
+class AbstractRulePathCreator(ABC):
+
+    @property
+    @abstractmethod
+    def service_type(self) -> SERVICE_TYPES:
+        pass
+
+    @property
+    @abstractmethod
+    def supported_rules(self) -> List[Union[EC2Rules]]:
+        pass
+
+    @classmethod
+    def build_rule_path(cls, rule_name: Union[EC2Rules]) -> List[str]:
+        assert(rule_name in cls.supported_rules)
+        return [SERVICES, cls.service_type.value, FINDINGS, rule_name.value]

monkey/monkey_island/cc/services/zero_trust/scoutsuite/data_parsing/rule_path_building/ec2_rule_path_creator.py

@@ -0,0 +1,11 @@
+from monkey_island.cc.services.zero_trust.scoutsuite.consts.ec2_rules import EC2Rules
+from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import \
+    SERVICE_TYPES
+from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.abstract_rule_path_creator import \
+    AbstractRulePathCreator
+
+
+class EC2RulePathCreator(AbstractRulePathCreator):
+
+    service_type = SERVICE_TYPES.EC2
+    supported_rules = EC2Rules

monkey/monkey_island/cc/services/zero_trust/scoutsuite/data_parsing/rule_path_building/rule_path_creators_list.py

@@ -0,0 +1,4 @@
+from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.ec2_rule_path_creator import \
+    EC2RulePathCreator
+
+RULE_PATH_CREATORS_LIST = [EC2RulePathCreator]