Added rule path creators, which helps to extract scoutsuite rules from scoutsuite report data

This commit is contained in:
VakarisZ 2020-09-18 10:01:14 +03:00
parent 5a6a68fde0
commit 0b9b89f639
6 changed files with 92 additions and 0 deletions

View File

@ -20,3 +20,7 @@ class CredentialsNotRequiredError(RegistrationNotNeededError):
class AlreadyRegisteredError(RegistrationNotNeededError): class AlreadyRegisteredError(RegistrationNotNeededError):
""" Raise to indicate the reason why registration is not required """ """ Raise to indicate the reason why registration is not required """
class RulePathCreatorNotFound(Exception):
""" Raise to indicate that ScoutSuite rule doesn't have a path creator"""

View File

@ -0,0 +1,22 @@
from enum import Enum
class EC2Rules(Enum):
SECURITY_GROUP_ALL_PORTS_TO_ALL = 'ec2-security-group-opens-all-ports-to-all'
SECURITY_GROUP_OPENS_TCP_PORT_TO_ALL = 'ec2-security-group-opens-TCP-port-to-all'
SECURITY_GROUP_OPENS_UDP_PORT_TO_ALL = 'ec2-security-group-opens-UDP-port-to-all'
SECURITY_GROUP_OPENS_RDP_PORT_TO_ALL = 'ec2-security-group-opens-RDP-port-to-all'
SECURITY_GROUP_OPENS_SSH_PORT_TO_ALL = 'ec2-security-group-opens-SSH-port-to-all'
SECURITY_GROUP_OPENS_MYSQL_PORT_TO_ALL = 'ec2-security-group-opens-MySQL-port-to-all'
SECURITY_GROUP_OPENS_MSSQL_PORT_TO_ALL = 'ec2-security-group-opens-MsSQL-port-to-all'
SECURITY_GROUP_OPENS_MONGODB_PORT_TO_ALL = 'ec2-security-group-opens-MongoDB-port-to-all'
SECURITY_GROUP_OPENS_ORACLE_DB_PORT_TO_ALL = 'ec2-security-group-opens-Oracle DB-port-to-all'
SECURITY_GROUP_OPENS_POSTGRESQL_PORT_TO_ALL = 'ec2-security-group-opens-PostgreSQL-port-to-all'
SECURITY_GROUP_OPENS_NFS_PORT_TO_ALL = 'ec2-security-group-opens-NFS-port-to-all'
SECURITY_GROUP_OPENS_SMTP_PORT_TO_ALL = 'ec2-security-group-opens-SMTP-port-to-all'
SECURITY_GROUP_OPENS_DNS_PORT_TO_ALL = 'ec2-security-group-opens-DNS-port-to-all'
SECURITY_GROUP_OPENS_ALL_PORTS_TO_SELF = 'ec2-security-group-opens-all-ports-to-self'
SECURITY_GROUP_OPENS_ALL_PORTS = 'ec2-security-group-opens-all-ports'
SECURITY_GROUP_OPENS_PLAINTEXT_PORT_FTP = 'ec2-security-group-opens-plaintext-port-FTP'
SECURITY_GROUP_OPENS_PLAINTEXT_PORT_TELNET = 'ec2-security-group-opens-plaintext-port-Telnet'
SECURITY_GROUP_OPENS_PORT_RANGE = 'ec2-security-group-opens-port-range'

View File

@ -0,0 +1,28 @@
from typing import Union
from common.utils.code_utils import get_object_value_by_path
from common.utils.exceptions import RulePathCreatorNotFound
from monkey_island.cc.services.zero_trust.scoutsuite.consts.ec2_rules import EC2Rules
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.rule_path_creators_list import \
RULE_PATH_CREATORS_LIST
class RuleParser:
@staticmethod
def get_rule_data(scoutsuite_data, rule_name: Union[EC2Rules]):
rule_path = RuleParser.get_rule_path(rule_name)
return get_object_value_by_path(scoutsuite_data, rule_path)
@staticmethod
def get_rule_path(rule_name: Union[EC2Rules]):
creator = RuleParser.get_rule_path_creator(rule_name)
return creator.build_rule_path(rule_name)
@staticmethod
def get_rule_path_creator(rule_name: Union[EC2Rules]):
for rule_path_creator in RULE_PATH_CREATORS_LIST:
if rule_name in rule_path_creator.supported_rules:
return rule_path_creator
raise RulePathCreatorNotFound(f"Rule path creator not found for rule {rule_name.value}. Make sure to assign"
f"this rule to any rule path creators.")

View File

@ -0,0 +1,23 @@
from abc import ABC, abstractmethod
from typing import List, Union
from monkey_island.cc.services.zero_trust.scoutsuite.consts.ec2_rules import EC2Rules
from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import SERVICES, FINDINGS, SERVICE_TYPES
class AbstractRulePathCreator(ABC):
@property
@abstractmethod
def service_type(self) -> SERVICE_TYPES:
pass
@property
@abstractmethod
def supported_rules(self) -> List[Union[EC2Rules]]:
pass
@classmethod
def build_rule_path(cls, rule_name: Union[EC2Rules]) -> List[str]:
assert(rule_name in cls.supported_rules)
return [SERVICES, cls.service_type.value, FINDINGS, rule_name.value]

View File

@ -0,0 +1,11 @@
from monkey_island.cc.services.zero_trust.scoutsuite.consts.ec2_rules import EC2Rules
from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import \
SERVICE_TYPES
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.abstract_rule_path_creator import \
AbstractRulePathCreator
class EC2RulePathCreator(AbstractRulePathCreator):
service_type = SERVICE_TYPES.EC2
supported_rules = EC2Rules

View File

@ -0,0 +1,4 @@
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.ec2_rule_path_creator import \
EC2RulePathCreator
RULE_PATH_CREATORS_LIST = [EC2RulePathCreator]