forked from p15670423/monkey
Added rule path creators, which helps to extract scoutsuite rules from scoutsuite report data
This commit is contained in:
parent
5a6a68fde0
commit
0b9b89f639
|
@ -20,3 +20,7 @@ class CredentialsNotRequiredError(RegistrationNotNeededError):
|
||||||
|
|
||||||
class AlreadyRegisteredError(RegistrationNotNeededError):
|
class AlreadyRegisteredError(RegistrationNotNeededError):
|
||||||
""" Raise to indicate the reason why registration is not required """
|
""" Raise to indicate the reason why registration is not required """
|
||||||
|
|
||||||
|
|
||||||
|
class RulePathCreatorNotFound(Exception):
|
||||||
|
""" Raise to indicate that ScoutSuite rule doesn't have a path creator"""
|
||||||
|
|
|
@ -0,0 +1,22 @@
|
||||||
|
from enum import Enum
|
||||||
|
|
||||||
|
|
||||||
|
class EC2Rules(Enum):
|
||||||
|
SECURITY_GROUP_ALL_PORTS_TO_ALL = 'ec2-security-group-opens-all-ports-to-all'
|
||||||
|
SECURITY_GROUP_OPENS_TCP_PORT_TO_ALL = 'ec2-security-group-opens-TCP-port-to-all'
|
||||||
|
SECURITY_GROUP_OPENS_UDP_PORT_TO_ALL = 'ec2-security-group-opens-UDP-port-to-all'
|
||||||
|
SECURITY_GROUP_OPENS_RDP_PORT_TO_ALL = 'ec2-security-group-opens-RDP-port-to-all'
|
||||||
|
SECURITY_GROUP_OPENS_SSH_PORT_TO_ALL = 'ec2-security-group-opens-SSH-port-to-all'
|
||||||
|
SECURITY_GROUP_OPENS_MYSQL_PORT_TO_ALL = 'ec2-security-group-opens-MySQL-port-to-all'
|
||||||
|
SECURITY_GROUP_OPENS_MSSQL_PORT_TO_ALL = 'ec2-security-group-opens-MsSQL-port-to-all'
|
||||||
|
SECURITY_GROUP_OPENS_MONGODB_PORT_TO_ALL = 'ec2-security-group-opens-MongoDB-port-to-all'
|
||||||
|
SECURITY_GROUP_OPENS_ORACLE_DB_PORT_TO_ALL = 'ec2-security-group-opens-Oracle DB-port-to-all'
|
||||||
|
SECURITY_GROUP_OPENS_POSTGRESQL_PORT_TO_ALL = 'ec2-security-group-opens-PostgreSQL-port-to-all'
|
||||||
|
SECURITY_GROUP_OPENS_NFS_PORT_TO_ALL = 'ec2-security-group-opens-NFS-port-to-all'
|
||||||
|
SECURITY_GROUP_OPENS_SMTP_PORT_TO_ALL = 'ec2-security-group-opens-SMTP-port-to-all'
|
||||||
|
SECURITY_GROUP_OPENS_DNS_PORT_TO_ALL = 'ec2-security-group-opens-DNS-port-to-all'
|
||||||
|
SECURITY_GROUP_OPENS_ALL_PORTS_TO_SELF = 'ec2-security-group-opens-all-ports-to-self'
|
||||||
|
SECURITY_GROUP_OPENS_ALL_PORTS = 'ec2-security-group-opens-all-ports'
|
||||||
|
SECURITY_GROUP_OPENS_PLAINTEXT_PORT_FTP = 'ec2-security-group-opens-plaintext-port-FTP'
|
||||||
|
SECURITY_GROUP_OPENS_PLAINTEXT_PORT_TELNET = 'ec2-security-group-opens-plaintext-port-Telnet'
|
||||||
|
SECURITY_GROUP_OPENS_PORT_RANGE = 'ec2-security-group-opens-port-range'
|
|
@ -0,0 +1,28 @@
|
||||||
|
from typing import Union
|
||||||
|
|
||||||
|
from common.utils.code_utils import get_object_value_by_path
|
||||||
|
from common.utils.exceptions import RulePathCreatorNotFound
|
||||||
|
from monkey_island.cc.services.zero_trust.scoutsuite.consts.ec2_rules import EC2Rules
|
||||||
|
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.rule_path_creators_list import \
|
||||||
|
RULE_PATH_CREATORS_LIST
|
||||||
|
|
||||||
|
|
||||||
|
class RuleParser:
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def get_rule_data(scoutsuite_data, rule_name: Union[EC2Rules]):
|
||||||
|
rule_path = RuleParser.get_rule_path(rule_name)
|
||||||
|
return get_object_value_by_path(scoutsuite_data, rule_path)
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def get_rule_path(rule_name: Union[EC2Rules]):
|
||||||
|
creator = RuleParser.get_rule_path_creator(rule_name)
|
||||||
|
return creator.build_rule_path(rule_name)
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def get_rule_path_creator(rule_name: Union[EC2Rules]):
|
||||||
|
for rule_path_creator in RULE_PATH_CREATORS_LIST:
|
||||||
|
if rule_name in rule_path_creator.supported_rules:
|
||||||
|
return rule_path_creator
|
||||||
|
raise RulePathCreatorNotFound(f"Rule path creator not found for rule {rule_name.value}. Make sure to assign"
|
||||||
|
f"this rule to any rule path creators.")
|
|
@ -0,0 +1,23 @@
|
||||||
|
from abc import ABC, abstractmethod
|
||||||
|
from typing import List, Union
|
||||||
|
|
||||||
|
from monkey_island.cc.services.zero_trust.scoutsuite.consts.ec2_rules import EC2Rules
|
||||||
|
from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import SERVICES, FINDINGS, SERVICE_TYPES
|
||||||
|
|
||||||
|
|
||||||
|
class AbstractRulePathCreator(ABC):
|
||||||
|
|
||||||
|
@property
|
||||||
|
@abstractmethod
|
||||||
|
def service_type(self) -> SERVICE_TYPES:
|
||||||
|
pass
|
||||||
|
|
||||||
|
@property
|
||||||
|
@abstractmethod
|
||||||
|
def supported_rules(self) -> List[Union[EC2Rules]]:
|
||||||
|
pass
|
||||||
|
|
||||||
|
@classmethod
|
||||||
|
def build_rule_path(cls, rule_name: Union[EC2Rules]) -> List[str]:
|
||||||
|
assert(rule_name in cls.supported_rules)
|
||||||
|
return [SERVICES, cls.service_type.value, FINDINGS, rule_name.value]
|
|
@ -0,0 +1,11 @@
|
||||||
|
from monkey_island.cc.services.zero_trust.scoutsuite.consts.ec2_rules import EC2Rules
|
||||||
|
from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import \
|
||||||
|
SERVICE_TYPES
|
||||||
|
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.abstract_rule_path_creator import \
|
||||||
|
AbstractRulePathCreator
|
||||||
|
|
||||||
|
|
||||||
|
class EC2RulePathCreator(AbstractRulePathCreator):
|
||||||
|
|
||||||
|
service_type = SERVICE_TYPES.EC2
|
||||||
|
supported_rules = EC2Rules
|
|
@ -0,0 +1,4 @@
|
||||||
|
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.ec2_rule_path_creator import \
|
||||||
|
EC2RulePathCreator
|
||||||
|
|
||||||
|
RULE_PATH_CREATORS_LIST = [EC2RulePathCreator]
|
Loading…
Reference in New Issue