From 2728404a150d225188ea013f8946974ecb553fcb Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Tue, 1 Feb 2022 14:56:45 -0500 Subject: [PATCH] Island: Remove ScoutSuiteZTFindingService --- .../scoutsuite_zt_finding_service.py | 81 ------------------- .../test_scoutsuite_zt_finding_service.py | 45 ----------- 2 files changed, 126 deletions(-) delete mode 100644 monkey/monkey_island/cc/services/zero_trust/scoutsuite/scoutsuite_zt_finding_service.py delete mode 100644 monkey/tests/unit_tests/monkey_island/cc/services/zero_trust/scoutsuite/test_scoutsuite_zt_finding_service.py diff --git a/monkey/monkey_island/cc/services/zero_trust/scoutsuite/scoutsuite_zt_finding_service.py b/monkey/monkey_island/cc/services/zero_trust/scoutsuite/scoutsuite_zt_finding_service.py deleted file mode 100644 index 3d0cf8413..000000000 --- a/monkey/monkey_island/cc/services/zero_trust/scoutsuite/scoutsuite_zt_finding_service.py +++ /dev/null @@ -1,81 +0,0 @@ -from typing import List - -from common.common_consts import zero_trust_consts -from monkey_island.cc.models.zero_trust.scoutsuite_finding import ScoutSuiteFinding -from monkey_island.cc.models.zero_trust.scoutsuite_finding_details import ScoutSuiteFindingDetails -from monkey_island.cc.models.zero_trust.scoutsuite_rule import ScoutSuiteRule -from monkey_island.cc.services.zero_trust.scoutsuite.consts.scoutsuite_finding_maps import ( - ScoutSuiteFindingMap, -) -from monkey_island.cc.services.zero_trust.scoutsuite.scoutsuite_rule_service import ( - ScoutSuiteRuleService, -) - - -class ScoutSuiteZTFindingService: - @staticmethod - def process_rule(finding: ScoutSuiteFindingMap, rule: ScoutSuiteRule): - existing_findings = ScoutSuiteFinding.objects(test=finding.test) - assert len(existing_findings) < 2, "More than one finding exists for {}".format( - finding.test - ) - - if len(existing_findings) == 0: - ScoutSuiteZTFindingService._create_new_finding_from_rule(finding, rule) - else: - ScoutSuiteZTFindingService.add_rule(existing_findings[0], rule) - - @staticmethod - def _create_new_finding_from_rule(finding: ScoutSuiteFindingMap, rule: ScoutSuiteRule): - details = ScoutSuiteFindingDetails() - details.scoutsuite_rules = [rule] - details.save() - status = ScoutSuiteZTFindingService.get_finding_status_from_rules(details.scoutsuite_rules) - ScoutSuiteFinding.save_finding(finding.test, status, details) - - @staticmethod - def get_finding_status_from_rules(rules: List[ScoutSuiteRule]) -> str: - if len(rules) == 0: - return zero_trust_consts.STATUS_UNEXECUTED - elif filter(lambda x: ScoutSuiteRuleService.is_rule_dangerous(x), rules): - return zero_trust_consts.STATUS_FAILED - elif filter(lambda x: ScoutSuiteRuleService.is_rule_warning(x), rules): - return zero_trust_consts.STATUS_VERIFY - else: - return zero_trust_consts.STATUS_PASSED - - @staticmethod - def add_rule(finding: ScoutSuiteFinding, rule: ScoutSuiteRule): - ScoutSuiteZTFindingService.change_finding_status_by_rule(finding, rule) - finding.save() - finding.details.fetch().add_rule(rule) - - @staticmethod - def change_finding_status_by_rule(finding: ScoutSuiteFinding, rule: ScoutSuiteRule): - rule_status = ScoutSuiteZTFindingService.get_finding_status_from_rules([rule]) - finding_status = finding.status - new_finding_status = ScoutSuiteZTFindingService.get_finding_status_from_rule_status( - finding_status, rule_status - ) - if finding_status != new_finding_status: - finding.status = new_finding_status - - @staticmethod - def get_finding_status_from_rule_status(finding_status: str, rule_status: str) -> str: - if ( - finding_status == zero_trust_consts.STATUS_FAILED - or rule_status == zero_trust_consts.STATUS_FAILED - ): - return zero_trust_consts.STATUS_FAILED - elif ( - finding_status == zero_trust_consts.STATUS_VERIFY - or rule_status == zero_trust_consts.STATUS_VERIFY - ): - return zero_trust_consts.STATUS_VERIFY - elif ( - finding_status == zero_trust_consts.STATUS_PASSED - or rule_status == zero_trust_consts.STATUS_PASSED - ): - return zero_trust_consts.STATUS_PASSED - else: - return zero_trust_consts.STATUS_UNEXECUTED diff --git a/monkey/tests/unit_tests/monkey_island/cc/services/zero_trust/scoutsuite/test_scoutsuite_zt_finding_service.py b/monkey/tests/unit_tests/monkey_island/cc/services/zero_trust/scoutsuite/test_scoutsuite_zt_finding_service.py deleted file mode 100644 index 33e9fd34b..000000000 --- a/monkey/tests/unit_tests/monkey_island/cc/services/zero_trust/scoutsuite/test_scoutsuite_zt_finding_service.py +++ /dev/null @@ -1,45 +0,0 @@ -import pytest -from tests.unit_tests.monkey_island.cc.services.zero_trust.test_common.scoutsuite_finding_data import ( # noqa: E501 - RULES, - SCOUTSUITE_FINDINGS, -) - -from monkey_island.cc.models.zero_trust.finding import Finding -from monkey_island.cc.models.zero_trust.scoutsuite_finding import ScoutSuiteFinding -from monkey_island.cc.services.zero_trust.scoutsuite.scoutsuite_zt_finding_service import ( - ScoutSuiteZTFindingService, -) - - -class TestScoutSuiteZTFindingService: - @pytest.mark.usefixtures("uses_database") - def test_process_rule(self): - # Creates new PermissiveFirewallRules finding with a rule - ScoutSuiteZTFindingService.process_rule(SCOUTSUITE_FINDINGS[0], RULES[0]) - findings = list(Finding.objects()) - assert len(findings) == 1 - assert type(findings[0]) == ScoutSuiteFinding - # Assert that details were created properly - details = findings[0].details.fetch() - assert len(details.scoutsuite_rules) == 1 - assert details.scoutsuite_rules[0] == RULES[0] - - # Rule processing should add rule to an already existing finding - ScoutSuiteZTFindingService.process_rule(SCOUTSUITE_FINDINGS[0], RULES[1]) - findings = list(ScoutSuiteFinding.objects()) - assert len(findings) == 1 - assert type(findings[0]) == ScoutSuiteFinding - # Assert that details were created properly - details = findings[0].details.fetch() - assert len(details.scoutsuite_rules) == 2 - assert details.scoutsuite_rules[1] == RULES[1] - - # New finding created - ScoutSuiteZTFindingService.process_rule(SCOUTSUITE_FINDINGS[1], RULES[1]) - findings = list(Finding.objects()) - assert len(findings) == 2 - assert type(findings[0]) == ScoutSuiteFinding - # Assert that details were created properly - details = findings[1].details.fetch() - assert len(details.scoutsuite_rules) == 1 - assert details.scoutsuite_rules[0] == RULES[1]