From 8ff817eed21d42e2f80f54a5229af8760e97c427 Mon Sep 17 00:00:00 2001 From: Kekoa Kaaikala Date: Fri, 23 Sep 2022 15:41:57 +0000 Subject: [PATCH 1/9] Island: Rename local_network_scan local_network_scan -> scan_local_interfaces --- .../agent_sub_configurations.py | 5 +- .../default_agent_configuration.py | 2 +- monkey/infection_monkey/master/propagator.py | 4 +- .../network_scanning/scan_target_generator.py | 4 +- .../cc/services/reporting/report.py | 2 +- .../configuration/propagation/propagation.js | 12 ++-- .../configuration/propagation/scanTarget.js | 57 ++++++++++--------- .../common/example_agent_configuration.py | 4 +- .../test_agent_configuration.py | 6 +- .../master/test_propagator.py | 6 +- .../test_scan_target_generator.py | 40 ++++++------- 11 files changed, 74 insertions(+), 68 deletions(-) diff --git a/monkey/common/agent_configuration/agent_sub_configurations.py b/monkey/common/agent_configuration/agent_sub_configurations.py index 8c4592d92..a2c74ef90 100644 --- a/monkey/common/agent_configuration/agent_sub_configurations.py +++ b/monkey/common/agent_configuration/agent_sub_configurations.py @@ -79,7 +79,8 @@ class ScanTargetConfiguration(MutableInfectionMonkeyBaseModel): Example: ("1.1.1.1", "2.2.2.2") :param inaccessible_subnets: Subnet ranges that shouldn't be accessible for the agent Example: ("1.1.1.1", "2.2.2.2/24", "myserver") - :param local_network_scan: Whether or not the agent should scan the local network + :param scan_local_interfaces: Whether or not the agent should scan the machine's + network interfaces in addition to the provided subnet ranges :param subnets: Subnet ranges to scan Example: ("192.168.1.1-192.168.2.255", "3.3.3.3", "2.2.2.2/24", "myHostname") @@ -87,7 +88,7 @@ class ScanTargetConfiguration(MutableInfectionMonkeyBaseModel): blocked_ips: Tuple[str, ...] inaccessible_subnets: Tuple[str, ...] - local_network_scan: bool + scan_local_interfaces: bool subnets: Tuple[str, ...] @validator("blocked_ips", each_item=True) diff --git a/monkey/common/agent_configuration/default_agent_configuration.py b/monkey/common/agent_configuration/default_agent_configuration.py index ec50eb422..3f22f9f83 100644 --- a/monkey/common/agent_configuration/default_agent_configuration.py +++ b/monkey/common/agent_configuration/default_agent_configuration.py @@ -78,7 +78,7 @@ FINGERPRINTERS = ( ) SCAN_TARGET_CONFIGURATION = ScanTargetConfiguration( - blocked_ips=tuple(), inaccessible_subnets=tuple(), local_network_scan=True, subnets=tuple() + blocked_ips=tuple(), inaccessible_subnets=tuple(), scan_local_interfaces=True, subnets=tuple() ) NETWORK_SCAN_CONFIGURATION = NetworkScanConfiguration( tcp=TCP_SCAN_CONFIGURATION, diff --git a/monkey/infection_monkey/master/propagator.py b/monkey/infection_monkey/master/propagator.py index 9b14bef2a..822cb6b83 100644 --- a/monkey/infection_monkey/master/propagator.py +++ b/monkey/infection_monkey/master/propagator.py @@ -121,14 +121,14 @@ class Propagator: ranges_to_scan = target_config.subnets inaccessible_subnets = target_config.inaccessible_subnets blocklisted_ips = target_config.blocked_ips - enable_local_network_scan = target_config.local_network_scan + scan_local_interfaces = target_config.scan_local_interfaces return compile_scan_target_list( self._local_network_interfaces, ranges_to_scan, inaccessible_subnets, blocklisted_ips, - enable_local_network_scan, + scan_local_interfaces, ) def _process_scan_results(self, address: NetworkAddress, scan_results: IPScanResults): diff --git a/monkey/infection_monkey/network_scanning/scan_target_generator.py b/monkey/infection_monkey/network_scanning/scan_target_generator.py index 6f66be507..169075bb8 100644 --- a/monkey/infection_monkey/network_scanning/scan_target_generator.py +++ b/monkey/infection_monkey/network_scanning/scan_target_generator.py @@ -18,11 +18,11 @@ def compile_scan_target_list( ranges_to_scan: Sequence[str], inaccessible_subnets: Sequence[str], blocklisted_ips: Sequence[str], - enable_local_network_scan: bool, + scan_local_interfaces: bool, ) -> List[NetworkAddress]: scan_targets = _get_ips_from_subnets_to_scan(ranges_to_scan) - if enable_local_network_scan: + if scan_local_interfaces: scan_targets.extend(_get_ips_to_scan_from_local_interface(local_network_interfaces)) if inaccessible_subnets: diff --git a/monkey/monkey_island/cc/services/reporting/report.py b/monkey/monkey_island/cc/services/reporting/report.py index 656b55da2..cf7988cf3 100644 --- a/monkey/monkey_island/cc/services/reporting/report.py +++ b/monkey/monkey_island/cc/services/reporting/report.py @@ -398,7 +398,7 @@ class ReportService: @classmethod def get_config_scan(cls): agent_configuration = cls._agent_configuration_repository.get_configuration() - return agent_configuration.propagation.network_scan.targets.local_network_scan + return agent_configuration.propagation.network_scan.targets.scan_local_interfaces @staticmethod def get_issue_set(issues): diff --git a/monkey/monkey_island/cc/ui/src/services/configuration/propagation/propagation.js b/monkey/monkey_island/cc/ui/src/services/configuration/propagation/propagation.js index e479de369..108e0c45b 100644 --- a/monkey/monkey_island/cc/ui/src/services/configuration/propagation/propagation.js +++ b/monkey/monkey_island/cc/ui/src/services/configuration/propagation/propagation.js @@ -14,12 +14,12 @@ const PROPAGATION_CONFIGURATION_SCHEMA = { 'minimum': 0, 'default': 2, 'description': 'Amount of hops allowed for the monkey to spread from the ' + - 'Island server. \n' + - ' \u26A0' + - ' Note that setting this value too high may result in the ' + - 'Monkey propagating too far, '+ - 'if "Local network scan" is enabled.\n' + - 'Setting this to 0 will disable all scanning and exploitation.' + 'Island server. \n' + + ' \u26A0' + + ' Note that setting this value too high may result in the ' + + 'Monkey propagating too far, ' + + 'if "Scan local interfaces" is enabled.\n' + + 'Setting this to 0 will disable all scanning and exploitation.' }, 'network_scan': NETWORK_SCAN_CONFIGURATION_SCHEMA } diff --git a/monkey/monkey_island/cc/ui/src/services/configuration/propagation/scanTarget.js b/monkey/monkey_island/cc/ui/src/services/configuration/propagation/scanTarget.js index 8d81b10e4..8045ec99f 100644 --- a/monkey/monkey_island/cc/ui/src/services/configuration/propagation/scanTarget.js +++ b/monkey/monkey_island/cc/ui/src/services/configuration/propagation/scanTarget.js @@ -3,8 +3,9 @@ const SCAN_TARGET_CONFIGURATION_SCHEMA = { 'type': 'object', 'properties': { 'info_box': { - 'info': 'The Monkey scans its subnet if "Local network scan" is checked. '+ - 'Additionally, the Monkey scans machines according to "Scan target list". ' + 'info': 'The Monkey scans for machines on each of the network interfaces of the ' + + 'machine it is running on if "Scan local interfaces" is checked. ' + + 'Additionally, the Monkey scans machines according to "Scan target list". ' }, 'blocked_ips': { 'title': 'Blocked IPs', @@ -27,25 +28,29 @@ const SCAN_TARGET_CONFIGURATION_SCHEMA = { }, 'default': [], 'description': 'Test for network segmentation by providing a list of network segments that should NOT be accessible to each other.\n\n ' + - 'For example, if you configured the following three segments: ' + - '"10.0.0.0/24", "11.0.0.2/32" and "12.2.3.0/24",' + - 'a Monkey running on 10.0.0.5 will try to access machines in ' + - 'the following subnets: ' + - '11.0.0.2/32, 12.2.3.0/24. An alert on successful cross-segment connections ' + - 'will be shown in the reports. \n\n' + - 'Network segments can be IPs, subnets or hosts. Examples:\n' + - '\tDefine a single-IP segment: "192.168.0.1"\n' + - '\tDefine a segment using a network range: ' + - '"192.168.0.5-192.168.0.20"\n' + - '\tDefine a segment using an subnet IP mask: "192.168.0.5/24"\n' + - '\tDefine a single-host segment: "printer.example"' + 'For example, if you configured the following three segments: ' + + '"10.0.0.0/24", "11.0.0.2/32" and "12.2.3.0/24",' + + 'a Monkey running on 10.0.0.5 will try to access machines in ' + + 'the following subnets: ' + + '11.0.0.2/32, 12.2.3.0/24. An alert on successful cross-segment connections ' + + 'will be shown in the reports. \n\n' + + 'Network segments can be IPs, subnets or hosts. Examples:\n' + + '\tDefine a single-IP segment: "192.168.0.1"\n' + + '\tDefine a segment using a network range: ' + + '"192.168.0.5-192.168.0.20"\n' + + '\tDefine a segment using an subnet IP mask: "192.168.0.5/24"\n' + + '\tDefine a single-host segment: "printer.example"' }, - 'local_network_scan': { - 'title': 'Local network scan', + 'scan_local_interaces': { + 'title': 'Scan local interfaces', 'type': 'boolean', - 'default': true, - 'description': 'Determines whether the Monkey will scan the local subnets of machines it runs on, ' + - 'in addition to the IPs that are configured manually in the "Scan target list"' + 'default': false, + 'description': 'Determines whether the Monkey will scan for machines on each the ' + + 'network interfaces of every machines it runs on, in addition to the IPs that ' + + 'are configured manually in the "Scan target list". ' + + 'Note: If a machine has a network interface that is connected to a public ' + + 'network, this setting will cause the Monkey to scan and attempt to exploit ' + + 'machines on the public network.' }, 'subnets': { 'title': 'Scan target list', @@ -57,13 +62,13 @@ const SCAN_TARGET_CONFIGURATION_SCHEMA = { }, 'default': [], 'description': 'List of targets the Monkey will try to scan. Targets can be ' + - 'IPs, subnets or hosts. ' + - 'Examples:\n' + - '\tTarget a specific IP: "192.168.0.1"\n' + - '\tTarget a subnet using a network range: ' + - '"192.168.0.5-192.168.0.20"\n'+ - '\tTarget a subnet using an IP mask: "192.168.0.5/24"\n' + - '\tTarget a specific host: "printer.example"' + 'IPs, subnets or hosts. ' + + 'Examples:\n' + + '\tTarget a specific IP: "192.168.0.1"\n' + + '\tTarget a subnet using a network range: ' + + '"192.168.0.5-192.168.0.20"\n' + + '\tTarget a subnet using an IP mask: "192.168.0.5/24"\n' + + '\tTarget a specific host: "printer.example"' } } diff --git a/monkey/tests/common/example_agent_configuration.py b/monkey/tests/common/example_agent_configuration.py index 25a1dbd5e..a54980c9f 100644 --- a/monkey/tests/common/example_agent_configuration.py +++ b/monkey/tests/common/example_agent_configuration.py @@ -15,12 +15,12 @@ CUSTOM_PBA_CONFIGURATION = { BLOCKED_IPS = ["10.0.0.1", "192.168.1.1"] INACCESSIBLE_SUBNETS = ["172.0.0.0/24", "172.2.2.0/24", "192.168.56.0/24"] -LOCAL_NETWORK_SCAN = True +SCAN_LOCAL_INTERFACES = True SUBNETS = ["10.0.0.2", "10.0.0.2/16"] SCAN_TARGET_CONFIGURATION = { "blocked_ips": BLOCKED_IPS, "inaccessible_subnets": INACCESSIBLE_SUBNETS, - "local_network_scan": LOCAL_NETWORK_SCAN, + "scan_local_interfaces": SCAN_LOCAL_INTERFACES, "subnets": SUBNETS, } diff --git a/monkey/tests/unit_tests/common/agent_configuration/test_agent_configuration.py b/monkey/tests/unit_tests/common/agent_configuration/test_agent_configuration.py index b90490906..6464b1c30 100644 --- a/monkey/tests/unit_tests/common/agent_configuration/test_agent_configuration.py +++ b/monkey/tests/unit_tests/common/agent_configuration/test_agent_configuration.py @@ -9,13 +9,13 @@ from tests.common.example_agent_configuration import ( INACCESSIBLE_SUBNETS, LINUX_COMMAND, LINUX_FILENAME, - LOCAL_NETWORK_SCAN, NETWORK_SCAN_CONFIGURATION, PLUGIN_CONFIGURATION, PLUGIN_NAME, PLUGIN_OPTIONS, PORTS, PROPAGATION_CONFIGURATION, + SCAN_LOCAL_INTERFACES, SCAN_TARGET_CONFIGURATION, SUBNETS, TCP_SCAN_CONFIGURATION, @@ -93,7 +93,7 @@ def test_scan_target_configuration(): assert config.blocked_ips == tuple(BLOCKED_IPS) assert config.inaccessible_subnets == tuple(INACCESSIBLE_SUBNETS) - assert config.local_network_scan == LOCAL_NETWORK_SCAN + assert config.scan_local_interfaces == SCAN_LOCAL_INTERFACES assert config.subnets == tuple(SUBNETS) @@ -174,7 +174,7 @@ def test_network_scan_configuration(): assert config.fingerprinters[0].options == FINGERPRINTERS[0]["options"] assert config.targets.blocked_ips == tuple(BLOCKED_IPS) assert config.targets.inaccessible_subnets == tuple(INACCESSIBLE_SUBNETS) - assert config.targets.local_network_scan == LOCAL_NETWORK_SCAN + assert config.targets.scan_local_interfaces == SCAN_LOCAL_INTERFACES assert config.targets.subnets == tuple(SUBNETS) diff --git a/monkey/tests/unit_tests/infection_monkey/master/test_propagator.py b/monkey/tests/unit_tests/infection_monkey/master/test_propagator.py index 8f1b51274..b07f08ac4 100644 --- a/monkey/tests/unit_tests/infection_monkey/master/test_propagator.py +++ b/monkey/tests/unit_tests/infection_monkey/master/test_propagator.py @@ -170,7 +170,7 @@ def test_scan_result_processing( targets = ScanTargetConfiguration( blocked_ips=[], inaccessible_subnets=[], - local_network_scan=False, + scan_local_interfaces=False, subnets=["10.0.0.1", "10.0.0.2", "10.0.0.3"], ) propagation_config = get_propagation_config(default_agent_configuration, targets) @@ -269,7 +269,7 @@ def test_exploiter_result_processing( targets = ScanTargetConfiguration( blocked_ips=[], inaccessible_subnets=[], - local_network_scan=False, + scan_local_interfaces=False, subnets=["10.0.0.1", "10.0.0.2", "10.0.0.3"], ) propagation_config = get_propagation_config(default_agent_configuration, targets) @@ -310,7 +310,7 @@ def test_scan_target_generation( targets = ScanTargetConfiguration( blocked_ips=["10.0.0.3"], inaccessible_subnets=["10.0.0.128/30", "10.0.0.8/29"], - local_network_scan=True, + scan_local_interfaces=True, subnets=["10.0.0.0/29", "172.10.20.30"], ) propagation_config = get_propagation_config(default_agent_configuration, targets) diff --git a/monkey/tests/unit_tests/infection_monkey/network_scanning/test_scan_target_generator.py b/monkey/tests/unit_tests/infection_monkey/network_scanning/test_scan_target_generator.py index 82179b618..8cd3dc8ff 100644 --- a/monkey/tests/unit_tests/infection_monkey/network_scanning/test_scan_target_generator.py +++ b/monkey/tests/unit_tests/infection_monkey/network_scanning/test_scan_target_generator.py @@ -14,7 +14,7 @@ def compile_ranges_only(ranges): ranges_to_scan=ranges, inaccessible_subnets=[], blocklisted_ips=[], - enable_local_network_scan=False, + scan_local_interfaces=False, ) @@ -88,7 +88,7 @@ def test_blocklisted_ips(): ranges_to_scan=["10.0.0.0/24"], inaccessible_subnets=[], blocklisted_ips=blocklisted_ips, - enable_local_network_scan=False, + scan_local_interfaces=False, ) assert len(scan_targets) == 252 @@ -105,7 +105,7 @@ def test_only_ip_blocklisted(ranges_to_scan): ranges_to_scan=ranges_to_scan, inaccessible_subnets=[], blocklisted_ips=blocklisted_ips, - enable_local_network_scan=False, + scan_local_interfaces=False, ) assert len(scan_targets) == 0 @@ -124,7 +124,7 @@ def test_local_network_interface_ips_removed_from_targets(): ranges_to_scan=["10.0.0.0/24"], inaccessible_subnets=[], blocklisted_ips=[], - enable_local_network_scan=False, + scan_local_interfaces=False, ) assert len(scan_targets) == 252 @@ -142,7 +142,7 @@ def test_no_redundant_targets(): ranges_to_scan=["127.0.0.0", "127.0.0.1", "localhost"], inaccessible_subnets=[], blocklisted_ips=[], - enable_local_network_scan=False, + scan_local_interfaces=False, ) assert len(scan_targets) == 2 @@ -164,7 +164,7 @@ def test_only_scan_ip_is_local(ranges_to_scan): ranges_to_scan=ranges_to_scan, inaccessible_subnets=[], blocklisted_ips=[], - enable_local_network_scan=False, + scan_local_interfaces=False, ) assert len(scan_targets) == 0 @@ -184,7 +184,7 @@ def test_local_network_interface_ips_and_blocked_ips_removed_from_targets(): ranges_to_scan=["10.0.0.0/24", "192.168.1.0/24"], inaccessible_subnets=[], blocklisted_ips=blocked_ips, - enable_local_network_scan=False, + scan_local_interfaces=False, ) assert len(scan_targets) == (2 * (256 - 1)) - len(local_network_interfaces) - ( @@ -206,7 +206,7 @@ def test_local_subnet_added(): ranges_to_scan=[], inaccessible_subnets=[], blocklisted_ips=[], - enable_local_network_scan=True, + scan_local_interfaces=True, ) assert len(scan_targets) == 254 @@ -226,7 +226,7 @@ def test_multiple_local_subnets_added(): ranges_to_scan=[], inaccessible_subnets=[], blocklisted_ips=[], - enable_local_network_scan=True, + scan_local_interfaces=True, ) assert len(scan_targets) == 2 * (255 - 1) @@ -250,7 +250,7 @@ def test_blocklisted_ips_missing_from_local_subnets(): ranges_to_scan=[], inaccessible_subnets=[], blocklisted_ips=blocklisted_ips, - enable_local_network_scan=True, + scan_local_interfaces=True, ) assert len(scan_targets) == 2 * (255 - 1) - len(blocklisted_ips) @@ -267,7 +267,7 @@ def test_local_subnets_and_ranges_added(): ranges_to_scan=["172.33.66.40/30"], inaccessible_subnets=[], blocklisted_ips=[], - enable_local_network_scan=True, + scan_local_interfaces=True, ) assert len(scan_targets) == 254 + 3 @@ -289,7 +289,7 @@ def test_local_network_interfaces_specified_but_disabled(): ranges_to_scan=["172.33.66.40/30"], inaccessible_subnets=[], blocklisted_ips=[], - enable_local_network_scan=False, + scan_local_interfaces=False, ) assert len(scan_targets) == 3 @@ -309,7 +309,7 @@ def test_local_network_interfaces_subnet_masks(): ranges_to_scan=[], inaccessible_subnets=[], blocklisted_ips=[], - enable_local_network_scan=True, + scan_local_interfaces=True, ) assert len(scan_targets) == 4 @@ -328,7 +328,7 @@ def test_segmentation_targets(): ranges_to_scan=[], inaccessible_subnets=inaccessible_subnets, blocklisted_ips=[], - enable_local_network_scan=False, + scan_local_interfaces=False, ) assert len(scan_targets) == 3 @@ -351,7 +351,7 @@ def test_segmentation_clash_with_blocked(): ranges_to_scan=[], inaccessible_subnets=inaccessible_subnets, blocklisted_ips=blocked, - enable_local_network_scan=False, + scan_local_interfaces=False, ) assert len(scan_targets) == 0 @@ -371,7 +371,7 @@ def test_segmentation_clash_with_targets(): ranges_to_scan=targets, inaccessible_subnets=inaccessible_subnets, blocklisted_ips=[], - enable_local_network_scan=False, + scan_local_interfaces=False, ) assert len(scan_targets) == 3 @@ -394,7 +394,7 @@ def test_segmentation_one_network(): ranges_to_scan=targets, inaccessible_subnets=inaccessible_subnets, blocklisted_ips=[], - enable_local_network_scan=False, + scan_local_interfaces=False, ) assert len(scan_targets) == 3 @@ -413,7 +413,7 @@ def test_segmentation_inaccessible_networks(): ranges_to_scan=[], inaccessible_subnets=inaccessible_subnets, blocklisted_ips=[], - enable_local_network_scan=False, + scan_local_interfaces=False, ) assert len(scan_targets) == 0 @@ -437,7 +437,7 @@ def test_invalid_inputs(): ranges_to_scan=targets, inaccessible_subnets=inaccessible_subnets, blocklisted_ips=[], - enable_local_network_scan=False, + scan_local_interfaces=False, ) assert len(scan_targets) == 3 @@ -461,7 +461,7 @@ def test_invalid_blocklisted_ip(): ranges_to_scan=targets, inaccessible_subnets=inaccessible_subnets, blocklisted_ips=blocklisted, - enable_local_network_scan=False, + scan_local_interfaces=False, ) From 9728d22250a3c409294ab07d35111540358f36fc Mon Sep 17 00:00:00 2001 From: vakarisz Date: Mon, 26 Sep 2022 16:14:47 +0300 Subject: [PATCH 2/9] Agent, Island: Rename scan_local_interfaces to scan_my_networks "scan_my_networks" is the shortest way to convey that networks the machine belongs to will get scanned --- .../agent_sub_configurations.py | 4 +- .../default_agent_configuration.py | 2 +- monkey/infection_monkey/master/propagator.py | 4 +- .../network_scanning/scan_target_generator.py | 6 +-- .../cc/services/reporting/report.py | 2 +- .../configuration/propagation/propagation.js | 2 +- .../configuration/propagation/scanTarget.js | 17 ++++---- .../common/example_agent_configuration.py | 4 +- .../test_agent_configuration.py | 6 +-- .../master/test_propagator.py | 6 +-- .../test_scan_target_generator.py | 40 +++++++++---------- 11 files changed, 46 insertions(+), 47 deletions(-) diff --git a/monkey/common/agent_configuration/agent_sub_configurations.py b/monkey/common/agent_configuration/agent_sub_configurations.py index a2c74ef90..691dd1936 100644 --- a/monkey/common/agent_configuration/agent_sub_configurations.py +++ b/monkey/common/agent_configuration/agent_sub_configurations.py @@ -79,7 +79,7 @@ class ScanTargetConfiguration(MutableInfectionMonkeyBaseModel): Example: ("1.1.1.1", "2.2.2.2") :param inaccessible_subnets: Subnet ranges that shouldn't be accessible for the agent Example: ("1.1.1.1", "2.2.2.2/24", "myserver") - :param scan_local_interfaces: Whether or not the agent should scan the machine's + :param scan_my_networks: Whether or not the agent should scan the machine's network interfaces in addition to the provided subnet ranges :param subnets: Subnet ranges to scan Example: ("192.168.1.1-192.168.2.255", "3.3.3.3", "2.2.2.2/24", @@ -88,7 +88,7 @@ class ScanTargetConfiguration(MutableInfectionMonkeyBaseModel): blocked_ips: Tuple[str, ...] inaccessible_subnets: Tuple[str, ...] - scan_local_interfaces: bool + scan_my_networks: bool subnets: Tuple[str, ...] @validator("blocked_ips", each_item=True) diff --git a/monkey/common/agent_configuration/default_agent_configuration.py b/monkey/common/agent_configuration/default_agent_configuration.py index 3f22f9f83..3c90ce914 100644 --- a/monkey/common/agent_configuration/default_agent_configuration.py +++ b/monkey/common/agent_configuration/default_agent_configuration.py @@ -78,7 +78,7 @@ FINGERPRINTERS = ( ) SCAN_TARGET_CONFIGURATION = ScanTargetConfiguration( - blocked_ips=tuple(), inaccessible_subnets=tuple(), scan_local_interfaces=True, subnets=tuple() + blocked_ips=tuple(), inaccessible_subnets=tuple(), scan_my_networks=True, subnets=tuple() ) NETWORK_SCAN_CONFIGURATION = NetworkScanConfiguration( tcp=TCP_SCAN_CONFIGURATION, diff --git a/monkey/infection_monkey/master/propagator.py b/monkey/infection_monkey/master/propagator.py index 822cb6b83..b592ac130 100644 --- a/monkey/infection_monkey/master/propagator.py +++ b/monkey/infection_monkey/master/propagator.py @@ -121,14 +121,14 @@ class Propagator: ranges_to_scan = target_config.subnets inaccessible_subnets = target_config.inaccessible_subnets blocklisted_ips = target_config.blocked_ips - scan_local_interfaces = target_config.scan_local_interfaces + scan_my_networks = target_config.scan_my_networks return compile_scan_target_list( self._local_network_interfaces, ranges_to_scan, inaccessible_subnets, blocklisted_ips, - scan_local_interfaces, + scan_my_networks, ) def _process_scan_results(self, address: NetworkAddress, scan_results: IPScanResults): diff --git a/monkey/infection_monkey/network_scanning/scan_target_generator.py b/monkey/infection_monkey/network_scanning/scan_target_generator.py index 169075bb8..aef2cad30 100644 --- a/monkey/infection_monkey/network_scanning/scan_target_generator.py +++ b/monkey/infection_monkey/network_scanning/scan_target_generator.py @@ -18,12 +18,12 @@ def compile_scan_target_list( ranges_to_scan: Sequence[str], inaccessible_subnets: Sequence[str], blocklisted_ips: Sequence[str], - scan_local_interfaces: bool, + scan_my_networks: bool, ) -> List[NetworkAddress]: scan_targets = _get_ips_from_subnets_to_scan(ranges_to_scan) - if scan_local_interfaces: - scan_targets.extend(_get_ips_to_scan_from_local_interface(local_network_interfaces)) + if scan_my_networks: + scan_targets.extend(_get_ips_to_scan_from_interface(network_interfaces)) if inaccessible_subnets: inaccessible_subnets = _get_segmentation_check_targets( diff --git a/monkey/monkey_island/cc/services/reporting/report.py b/monkey/monkey_island/cc/services/reporting/report.py index cf7988cf3..52ed04df9 100644 --- a/monkey/monkey_island/cc/services/reporting/report.py +++ b/monkey/monkey_island/cc/services/reporting/report.py @@ -398,7 +398,7 @@ class ReportService: @classmethod def get_config_scan(cls): agent_configuration = cls._agent_configuration_repository.get_configuration() - return agent_configuration.propagation.network_scan.targets.scan_local_interfaces + return agent_configuration.propagation.network_scan.targets.scan_my_networks @staticmethod def get_issue_set(issues): diff --git a/monkey/monkey_island/cc/ui/src/services/configuration/propagation/propagation.js b/monkey/monkey_island/cc/ui/src/services/configuration/propagation/propagation.js index 108e0c45b..94c5f86c2 100644 --- a/monkey/monkey_island/cc/ui/src/services/configuration/propagation/propagation.js +++ b/monkey/monkey_island/cc/ui/src/services/configuration/propagation/propagation.js @@ -18,7 +18,7 @@ const PROPAGATION_CONFIGURATION_SCHEMA = { ' \u26A0' + ' Note that setting this value too high may result in the ' + 'Monkey propagating too far, ' + - 'if "Scan local interfaces" is enabled.\n' + + 'if "Scan Agent\'s networks" is enabled.\n' + 'Setting this to 0 will disable all scanning and exploitation.' }, 'network_scan': NETWORK_SCAN_CONFIGURATION_SCHEMA diff --git a/monkey/monkey_island/cc/ui/src/services/configuration/propagation/scanTarget.js b/monkey/monkey_island/cc/ui/src/services/configuration/propagation/scanTarget.js index 8045ec99f..9b7aad256 100644 --- a/monkey/monkey_island/cc/ui/src/services/configuration/propagation/scanTarget.js +++ b/monkey/monkey_island/cc/ui/src/services/configuration/propagation/scanTarget.js @@ -4,7 +4,7 @@ const SCAN_TARGET_CONFIGURATION_SCHEMA = { 'properties': { 'info_box': { 'info': 'The Monkey scans for machines on each of the network interfaces of the ' + - 'machine it is running on if "Scan local interfaces" is checked. ' + + 'machine it is running on if "Scan Agent\'s networks" is checked. ' + 'Additionally, the Monkey scans machines according to "Scan target list". ' }, 'blocked_ips': { @@ -41,16 +41,15 @@ const SCAN_TARGET_CONFIGURATION_SCHEMA = { '\tDefine a segment using an subnet IP mask: "192.168.0.5/24"\n' + '\tDefine a single-host segment: "printer.example"' }, - 'scan_local_interaces': { - 'title': 'Scan local interfaces', + 'scan_my_networks': { + 'title': 'Scan Agent\'s networks', 'type': 'boolean', 'default': false, - 'description': 'Determines whether the Monkey will scan for machines on each the ' + - 'network interfaces of every machines it runs on, in addition to the IPs that ' + - 'are configured manually in the "Scan target list". ' + - 'Note: If a machine has a network interface that is connected to a public ' + - 'network, this setting will cause the Monkey to scan and attempt to exploit ' + - 'machines on the public network.' + 'description': 'If enabled, the Agent will go over all network interfaces and ' + + 'will scan their networks,' + + ' in addition to the IPs that are configured manually in the "Scan target list". ' + + 'Note: If the Agent runs on a machine within a public network,' + + ' this setting will cause scanning and exploitation attempts on that network.' }, 'subnets': { 'title': 'Scan target list', diff --git a/monkey/tests/common/example_agent_configuration.py b/monkey/tests/common/example_agent_configuration.py index a54980c9f..304e85cee 100644 --- a/monkey/tests/common/example_agent_configuration.py +++ b/monkey/tests/common/example_agent_configuration.py @@ -15,12 +15,12 @@ CUSTOM_PBA_CONFIGURATION = { BLOCKED_IPS = ["10.0.0.1", "192.168.1.1"] INACCESSIBLE_SUBNETS = ["172.0.0.0/24", "172.2.2.0/24", "192.168.56.0/24"] -SCAN_LOCAL_INTERFACES = True +SCAN_MY_NETWORKS = True SUBNETS = ["10.0.0.2", "10.0.0.2/16"] SCAN_TARGET_CONFIGURATION = { "blocked_ips": BLOCKED_IPS, "inaccessible_subnets": INACCESSIBLE_SUBNETS, - "scan_local_interfaces": SCAN_LOCAL_INTERFACES, + "scan_my_networks": SCAN_MY_NETWORKS, "subnets": SUBNETS, } diff --git a/monkey/tests/unit_tests/common/agent_configuration/test_agent_configuration.py b/monkey/tests/unit_tests/common/agent_configuration/test_agent_configuration.py index 6464b1c30..82a870792 100644 --- a/monkey/tests/unit_tests/common/agent_configuration/test_agent_configuration.py +++ b/monkey/tests/unit_tests/common/agent_configuration/test_agent_configuration.py @@ -15,7 +15,7 @@ from tests.common.example_agent_configuration import ( PLUGIN_OPTIONS, PORTS, PROPAGATION_CONFIGURATION, - SCAN_LOCAL_INTERFACES, + SCAN_MY_NETWORKS, SCAN_TARGET_CONFIGURATION, SUBNETS, TCP_SCAN_CONFIGURATION, @@ -93,7 +93,7 @@ def test_scan_target_configuration(): assert config.blocked_ips == tuple(BLOCKED_IPS) assert config.inaccessible_subnets == tuple(INACCESSIBLE_SUBNETS) - assert config.scan_local_interfaces == SCAN_LOCAL_INTERFACES + assert config.scan_my_networks == SCAN_MY_NETWORKS assert config.subnets == tuple(SUBNETS) @@ -174,7 +174,7 @@ def test_network_scan_configuration(): assert config.fingerprinters[0].options == FINGERPRINTERS[0]["options"] assert config.targets.blocked_ips == tuple(BLOCKED_IPS) assert config.targets.inaccessible_subnets == tuple(INACCESSIBLE_SUBNETS) - assert config.targets.scan_local_interfaces == SCAN_LOCAL_INTERFACES + assert config.targets.scan_my_networks == SCAN_MY_NETWORKS assert config.targets.subnets == tuple(SUBNETS) diff --git a/monkey/tests/unit_tests/infection_monkey/master/test_propagator.py b/monkey/tests/unit_tests/infection_monkey/master/test_propagator.py index b07f08ac4..bf3c0003c 100644 --- a/monkey/tests/unit_tests/infection_monkey/master/test_propagator.py +++ b/monkey/tests/unit_tests/infection_monkey/master/test_propagator.py @@ -170,7 +170,7 @@ def test_scan_result_processing( targets = ScanTargetConfiguration( blocked_ips=[], inaccessible_subnets=[], - scan_local_interfaces=False, + scan_my_networks=False, subnets=["10.0.0.1", "10.0.0.2", "10.0.0.3"], ) propagation_config = get_propagation_config(default_agent_configuration, targets) @@ -269,7 +269,7 @@ def test_exploiter_result_processing( targets = ScanTargetConfiguration( blocked_ips=[], inaccessible_subnets=[], - scan_local_interfaces=False, + scan_my_networks=False, subnets=["10.0.0.1", "10.0.0.2", "10.0.0.3"], ) propagation_config = get_propagation_config(default_agent_configuration, targets) @@ -310,7 +310,7 @@ def test_scan_target_generation( targets = ScanTargetConfiguration( blocked_ips=["10.0.0.3"], inaccessible_subnets=["10.0.0.128/30", "10.0.0.8/29"], - scan_local_interfaces=True, + scan_my_networks=True, subnets=["10.0.0.0/29", "172.10.20.30"], ) propagation_config = get_propagation_config(default_agent_configuration, targets) diff --git a/monkey/tests/unit_tests/infection_monkey/network_scanning/test_scan_target_generator.py b/monkey/tests/unit_tests/infection_monkey/network_scanning/test_scan_target_generator.py index 8cd3dc8ff..7aa0b52ab 100644 --- a/monkey/tests/unit_tests/infection_monkey/network_scanning/test_scan_target_generator.py +++ b/monkey/tests/unit_tests/infection_monkey/network_scanning/test_scan_target_generator.py @@ -14,7 +14,7 @@ def compile_ranges_only(ranges): ranges_to_scan=ranges, inaccessible_subnets=[], blocklisted_ips=[], - scan_local_interfaces=False, + scan_my_networks=False, ) @@ -88,7 +88,7 @@ def test_blocklisted_ips(): ranges_to_scan=["10.0.0.0/24"], inaccessible_subnets=[], blocklisted_ips=blocklisted_ips, - scan_local_interfaces=False, + scan_my_networks=False, ) assert len(scan_targets) == 252 @@ -105,7 +105,7 @@ def test_only_ip_blocklisted(ranges_to_scan): ranges_to_scan=ranges_to_scan, inaccessible_subnets=[], blocklisted_ips=blocklisted_ips, - scan_local_interfaces=False, + scan_my_networks=False, ) assert len(scan_targets) == 0 @@ -124,7 +124,7 @@ def test_local_network_interface_ips_removed_from_targets(): ranges_to_scan=["10.0.0.0/24"], inaccessible_subnets=[], blocklisted_ips=[], - scan_local_interfaces=False, + scan_my_networks=False, ) assert len(scan_targets) == 252 @@ -142,7 +142,7 @@ def test_no_redundant_targets(): ranges_to_scan=["127.0.0.0", "127.0.0.1", "localhost"], inaccessible_subnets=[], blocklisted_ips=[], - scan_local_interfaces=False, + scan_my_networks=False, ) assert len(scan_targets) == 2 @@ -164,7 +164,7 @@ def test_only_scan_ip_is_local(ranges_to_scan): ranges_to_scan=ranges_to_scan, inaccessible_subnets=[], blocklisted_ips=[], - scan_local_interfaces=False, + scan_my_networks=False, ) assert len(scan_targets) == 0 @@ -184,7 +184,7 @@ def test_local_network_interface_ips_and_blocked_ips_removed_from_targets(): ranges_to_scan=["10.0.0.0/24", "192.168.1.0/24"], inaccessible_subnets=[], blocklisted_ips=blocked_ips, - scan_local_interfaces=False, + scan_my_networks=False, ) assert len(scan_targets) == (2 * (256 - 1)) - len(local_network_interfaces) - ( @@ -206,7 +206,7 @@ def test_local_subnet_added(): ranges_to_scan=[], inaccessible_subnets=[], blocklisted_ips=[], - scan_local_interfaces=True, + scan_my_networks=True, ) assert len(scan_targets) == 254 @@ -226,7 +226,7 @@ def test_multiple_local_subnets_added(): ranges_to_scan=[], inaccessible_subnets=[], blocklisted_ips=[], - scan_local_interfaces=True, + scan_my_networks=True, ) assert len(scan_targets) == 2 * (255 - 1) @@ -250,7 +250,7 @@ def test_blocklisted_ips_missing_from_local_subnets(): ranges_to_scan=[], inaccessible_subnets=[], blocklisted_ips=blocklisted_ips, - scan_local_interfaces=True, + scan_my_networks=True, ) assert len(scan_targets) == 2 * (255 - 1) - len(blocklisted_ips) @@ -267,7 +267,7 @@ def test_local_subnets_and_ranges_added(): ranges_to_scan=["172.33.66.40/30"], inaccessible_subnets=[], blocklisted_ips=[], - scan_local_interfaces=True, + scan_my_networks=True, ) assert len(scan_targets) == 254 + 3 @@ -289,7 +289,7 @@ def test_local_network_interfaces_specified_but_disabled(): ranges_to_scan=["172.33.66.40/30"], inaccessible_subnets=[], blocklisted_ips=[], - scan_local_interfaces=False, + scan_my_networks=False, ) assert len(scan_targets) == 3 @@ -309,7 +309,7 @@ def test_local_network_interfaces_subnet_masks(): ranges_to_scan=[], inaccessible_subnets=[], blocklisted_ips=[], - scan_local_interfaces=True, + scan_my_networks=True, ) assert len(scan_targets) == 4 @@ -328,7 +328,7 @@ def test_segmentation_targets(): ranges_to_scan=[], inaccessible_subnets=inaccessible_subnets, blocklisted_ips=[], - scan_local_interfaces=False, + scan_my_networks=False, ) assert len(scan_targets) == 3 @@ -351,7 +351,7 @@ def test_segmentation_clash_with_blocked(): ranges_to_scan=[], inaccessible_subnets=inaccessible_subnets, blocklisted_ips=blocked, - scan_local_interfaces=False, + scan_my_networks=False, ) assert len(scan_targets) == 0 @@ -371,7 +371,7 @@ def test_segmentation_clash_with_targets(): ranges_to_scan=targets, inaccessible_subnets=inaccessible_subnets, blocklisted_ips=[], - scan_local_interfaces=False, + scan_my_networks=False, ) assert len(scan_targets) == 3 @@ -394,7 +394,7 @@ def test_segmentation_one_network(): ranges_to_scan=targets, inaccessible_subnets=inaccessible_subnets, blocklisted_ips=[], - scan_local_interfaces=False, + scan_my_networks=False, ) assert len(scan_targets) == 3 @@ -413,7 +413,7 @@ def test_segmentation_inaccessible_networks(): ranges_to_scan=[], inaccessible_subnets=inaccessible_subnets, blocklisted_ips=[], - scan_local_interfaces=False, + scan_my_networks=False, ) assert len(scan_targets) == 0 @@ -437,7 +437,7 @@ def test_invalid_inputs(): ranges_to_scan=targets, inaccessible_subnets=inaccessible_subnets, blocklisted_ips=[], - scan_local_interfaces=False, + scan_my_networks=False, ) assert len(scan_targets) == 3 @@ -461,7 +461,7 @@ def test_invalid_blocklisted_ip(): ranges_to_scan=targets, inaccessible_subnets=inaccessible_subnets, blocklisted_ips=blocklisted, - scan_local_interfaces=False, + scan_my_networks=False, ) From 1bf610a4a89a0d90a4cc6b10f48603c41db27dce Mon Sep 17 00:00:00 2001 From: Kekoa Kaaikala Date: Mon, 26 Sep 2022 19:51:14 +0000 Subject: [PATCH 3/9] Agent: Fix missing names --- .../network_scanning/scan_target_generator.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/monkey/infection_monkey/network_scanning/scan_target_generator.py b/monkey/infection_monkey/network_scanning/scan_target_generator.py index aef2cad30..d561dfd69 100644 --- a/monkey/infection_monkey/network_scanning/scan_target_generator.py +++ b/monkey/infection_monkey/network_scanning/scan_target_generator.py @@ -23,7 +23,7 @@ def compile_scan_target_list( scan_targets = _get_ips_from_subnets_to_scan(ranges_to_scan) if scan_my_networks: - scan_targets.extend(_get_ips_to_scan_from_interface(network_interfaces)) + scan_targets.extend(_get_ips_to_scan_from_interface(local_network_interfaces)) if inaccessible_subnets: inaccessible_subnets = _get_segmentation_check_targets( @@ -76,7 +76,7 @@ def _get_ips_from_ranges_to_scan(network_ranges: List[NetworkRange]) -> List[Net return scan_targets -def _get_ips_to_scan_from_local_interface( +def _get_ips_to_scan_from_interface( interfaces: List[IPv4Interface], ) -> List[NetworkAddress]: ranges = [str(interface) for interface in interfaces] From 311c294033455d1f2670e14cdcf7186857c79779 Mon Sep 17 00:00:00 2001 From: Kekoa Kaaikala Date: Mon, 26 Sep 2022 20:12:57 +0000 Subject: [PATCH 4/9] Agent: Fix mypy issues in scan_target_generator.py --- monkey/common/network/network_range.py | 4 +- monkey/infection_monkey/network/info.py | 4 +- .../network_scanning/scan_target_generator.py | 44 ++++++++++--------- 3 files changed, 28 insertions(+), 24 deletions(-) diff --git a/monkey/common/network/network_range.py b/monkey/common/network/network_range.py index 1dfd46aa8..df32801e4 100644 --- a/monkey/common/network/network_range.py +++ b/monkey/common/network/network_range.py @@ -4,7 +4,7 @@ import random import socket import struct from abc import ABCMeta, abstractmethod -from typing import List, Tuple +from typing import Iterable, List, Tuple logger = logging.getLogger(__name__) @@ -58,7 +58,7 @@ class NetworkRange(object, metaclass=ABCMeta): return SingleIpRange(ip_address=address_str) @staticmethod - def filter_invalid_ranges(ranges: List[str], error_msg: str) -> List[str]: + def filter_invalid_ranges(ranges: Iterable[str], error_msg: str) -> List[str]: valid_ranges = [] for target_range in ranges: try: diff --git a/monkey/infection_monkey/network/info.py b/monkey/infection_monkey/network/info.py index 8cc12038d..916c642c4 100644 --- a/monkey/infection_monkey/network/info.py +++ b/monkey/infection_monkey/network/info.py @@ -4,7 +4,7 @@ import struct from dataclasses import dataclass from random import shuffle # noqa: DUO102 from threading import Lock -from typing import Dict, Set +from typing import Dict, Optional, Set import netifaces import psutil @@ -25,7 +25,7 @@ RTF_REJECT = 0x0200 @dataclass class NetworkAddress: ip: str - domain: str + domain: Optional[str] def get_host_subnets(): diff --git a/monkey/infection_monkey/network_scanning/scan_target_generator.py b/monkey/infection_monkey/network_scanning/scan_target_generator.py index d561dfd69..fa4034792 100644 --- a/monkey/infection_monkey/network_scanning/scan_target_generator.py +++ b/monkey/infection_monkey/network_scanning/scan_target_generator.py @@ -2,15 +2,19 @@ import itertools import logging import socket from ipaddress import IPv4Interface -from typing import Dict, List, Sequence +from typing import Dict, Iterable, List, Optional, Sequence + +from typing_extensions import Protocol, runtime_checkable from common.network.network_range import InvalidNetworkRangeError, NetworkRange from infection_monkey.network import NetworkAddress logger = logging.getLogger(__name__) -# TODO: We can probably reduce code and save ourselves some trouble if we use IPv4Address and -# IPv4Network. See https://docs.python.org/3/library/ipaddress.html + +@runtime_checkable +class HasDomain(Protocol): + domain_name: str def compile_scan_target_list( @@ -26,10 +30,10 @@ def compile_scan_target_list( scan_targets.extend(_get_ips_to_scan_from_interface(local_network_interfaces)) if inaccessible_subnets: - inaccessible_subnets = _get_segmentation_check_targets( + other_targets = _get_segmentation_check_targets( inaccessible_subnets, local_network_interfaces ) - scan_targets.extend(inaccessible_subnets) + scan_targets.extend(other_targets) scan_targets = _remove_interface_ips(scan_targets, local_network_interfaces) scan_targets = _remove_blocklisted_ips(scan_targets, blocklisted_ips) @@ -39,8 +43,8 @@ def compile_scan_target_list( return scan_targets -def _remove_redundant_targets(targets: List[NetworkAddress]) -> List[NetworkAddress]: - reverse_dns: Dict[str, str] = {} +def _remove_redundant_targets(targets: Sequence[NetworkAddress]) -> List[NetworkAddress]: + reverse_dns: Dict[str, Optional[str]] = {} for target in targets: domain_name = target.domain ip = target.ip @@ -52,14 +56,14 @@ def _remove_redundant_targets(targets: List[NetworkAddress]) -> List[NetworkAddr def _range_to_addresses(range_obj: NetworkRange) -> List[NetworkAddress]: addresses = [] for address in range_obj: - if hasattr(range_obj, "domain_name"): + if isinstance(range_obj, HasDomain): addresses.append(NetworkAddress(address, range_obj.domain_name)) else: addresses.append(NetworkAddress(address, None)) return addresses -def _get_ips_from_subnets_to_scan(subnets_to_scan: List[str]) -> List[NetworkAddress]: +def _get_ips_from_subnets_to_scan(subnets_to_scan: Iterable[str]) -> List[NetworkAddress]: ranges_to_scan = NetworkRange.filter_invalid_ranges( subnets_to_scan, "Bad network range input for targets to scan:" ) @@ -68,7 +72,7 @@ def _get_ips_from_subnets_to_scan(subnets_to_scan: List[str]) -> List[NetworkAdd return _get_ips_from_ranges_to_scan(network_ranges) -def _get_ips_from_ranges_to_scan(network_ranges: List[NetworkRange]) -> List[NetworkAddress]: +def _get_ips_from_ranges_to_scan(network_ranges: Iterable[NetworkRange]) -> List[NetworkAddress]: scan_targets = [] for _range in network_ranges: @@ -77,8 +81,8 @@ def _get_ips_from_ranges_to_scan(network_ranges: List[NetworkRange]) -> List[Net def _get_ips_to_scan_from_interface( - interfaces: List[IPv4Interface], -) -> List[NetworkAddress]: + interfaces: Sequence[IPv4Interface], +) -> Sequence[NetworkAddress]: ranges = [str(interface) for interface in interfaces] ranges = NetworkRange.filter_invalid_ranges( @@ -88,14 +92,14 @@ def _get_ips_to_scan_from_interface( def _remove_interface_ips( - scan_targets: List[NetworkAddress], interfaces: List[IPv4Interface] + scan_targets: Sequence[NetworkAddress], interfaces: Iterable[IPv4Interface] ) -> List[NetworkAddress]: interface_ips = [str(interface.ip) for interface in interfaces] return _remove_ips_from_scan_targets(scan_targets, interface_ips) def _remove_blocklisted_ips( - scan_targets: List[NetworkAddress], blocked_ips: List[str] + scan_targets: Sequence[NetworkAddress], blocked_ips: Sequence[str] ) -> List[NetworkAddress]: filtered_blocked_ips = NetworkRange.filter_invalid_ranges( blocked_ips, "Invalid blocked IP provided:" @@ -106,15 +110,15 @@ def _remove_blocklisted_ips( def _remove_ips_from_scan_targets( - scan_targets: List[NetworkAddress], ips_to_remove: List[str] + scan_targets: Sequence[NetworkAddress], ips_to_remove: Iterable[str] ) -> List[NetworkAddress]: ips_to_remove_set = set(ips_to_remove) return [address for address in scan_targets if address.ip not in ips_to_remove_set] def _get_segmentation_check_targets( - inaccessible_subnets: List[str], local_interfaces: List[IPv4Interface] -) -> List[NetworkAddress]: + inaccessible_subnets: Iterable[str], local_interfaces: Iterable[IPv4Interface] +) -> Sequence[NetworkAddress]: ips_to_scan = [] local_ips = [str(interface.ip) for interface in local_interfaces] @@ -134,17 +138,17 @@ def _get_segmentation_check_targets( return ips_to_scan -def _convert_to_range_object(subnets: List[str]) -> List[NetworkRange]: +def _convert_to_range_object(subnets: Iterable[str]) -> List[NetworkRange]: return [NetworkRange.get_range_obj(subnet) for subnet in subnets] def _is_segmentation_check_required( - local_ips: List[str], subnet1: NetworkRange, subnet2: NetworkRange + local_ips: Sequence[str], subnet1: NetworkRange, subnet2: NetworkRange ): return _is_any_ip_in_subnet(local_ips, subnet1) and not _is_any_ip_in_subnet(local_ips, subnet2) -def _is_any_ip_in_subnet(ip_addresses: List[str], subnet: NetworkRange): +def _is_any_ip_in_subnet(ip_addresses: Iterable[str], subnet: NetworkRange): for ip_address in ip_addresses: if subnet.is_in_range(ip_address): return True From 182a566087872fdb31af0cbc10b368d6b9e47f1c Mon Sep 17 00:00:00 2001 From: vakarisz Date: Tue, 27 Sep 2022 11:33:30 +0300 Subject: [PATCH 5/9] Agent: Simplify scan_target_generator.py The responsibility of type-hints are not to implement logic. Implementing logic via type-hints diminishes readability, because it forces you to cross-reference a class instead of just exposing the logic where it's used --- .../network_scanning/scan_target_generator.py | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/monkey/infection_monkey/network_scanning/scan_target_generator.py b/monkey/infection_monkey/network_scanning/scan_target_generator.py index fa4034792..e1cd93c03 100644 --- a/monkey/infection_monkey/network_scanning/scan_target_generator.py +++ b/monkey/infection_monkey/network_scanning/scan_target_generator.py @@ -4,19 +4,12 @@ import socket from ipaddress import IPv4Interface from typing import Dict, Iterable, List, Optional, Sequence -from typing_extensions import Protocol, runtime_checkable - from common.network.network_range import InvalidNetworkRangeError, NetworkRange from infection_monkey.network import NetworkAddress logger = logging.getLogger(__name__) -@runtime_checkable -class HasDomain(Protocol): - domain_name: str - - def compile_scan_target_list( local_network_interfaces: Sequence[IPv4Interface], ranges_to_scan: Sequence[str], @@ -56,10 +49,11 @@ def _remove_redundant_targets(targets: Sequence[NetworkAddress]) -> List[Network def _range_to_addresses(range_obj: NetworkRange) -> List[NetworkAddress]: addresses = [] for address in range_obj: - if isinstance(range_obj, HasDomain): - addresses.append(NetworkAddress(address, range_obj.domain_name)) - else: - addresses.append(NetworkAddress(address, None)) + try: + domain = range_obj.domain_name # type: ignore + except AttributeError: + domain = None + addresses.append(NetworkAddress(address, domain)) return addresses From b9cf2008326ea26a0559a8898840af7f205e1d8e Mon Sep 17 00:00:00 2001 From: vakarisz Date: Tue, 27 Sep 2022 11:50:20 +0300 Subject: [PATCH 6/9] Agent: Change return typehint to be more specific --- .../infection_monkey/network_scanning/scan_target_generator.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/monkey/infection_monkey/network_scanning/scan_target_generator.py b/monkey/infection_monkey/network_scanning/scan_target_generator.py index e1cd93c03..5e0e06ae5 100644 --- a/monkey/infection_monkey/network_scanning/scan_target_generator.py +++ b/monkey/infection_monkey/network_scanning/scan_target_generator.py @@ -76,7 +76,7 @@ def _get_ips_from_ranges_to_scan(network_ranges: Iterable[NetworkRange]) -> List def _get_ips_to_scan_from_interface( interfaces: Sequence[IPv4Interface], -) -> Sequence[NetworkAddress]: +) -> List[NetworkAddress]: ranges = [str(interface) for interface in interfaces] ranges = NetworkRange.filter_invalid_ranges( From e2f0a2dfc00390d570de61a46200d8728ea6bce4 Mon Sep 17 00:00:00 2001 From: vakarisz Date: Tue, 27 Sep 2022 11:51:27 +0300 Subject: [PATCH 7/9] Common: Improve comment's readability in agent_sub_configurations.py --- monkey/common/agent_configuration/agent_sub_configurations.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/monkey/common/agent_configuration/agent_sub_configurations.py b/monkey/common/agent_configuration/agent_sub_configurations.py index 691dd1936..41c416911 100644 --- a/monkey/common/agent_configuration/agent_sub_configurations.py +++ b/monkey/common/agent_configuration/agent_sub_configurations.py @@ -79,8 +79,8 @@ class ScanTargetConfiguration(MutableInfectionMonkeyBaseModel): Example: ("1.1.1.1", "2.2.2.2") :param inaccessible_subnets: Subnet ranges that shouldn't be accessible for the agent Example: ("1.1.1.1", "2.2.2.2/24", "myserver") - :param scan_my_networks: Whether or not the agent should scan the machine's - network interfaces in addition to the provided subnet ranges + :param scan_my_networks: If true the Agent will scan networks it belongs to + in addition to the provided subnet ranges :param subnets: Subnet ranges to scan Example: ("192.168.1.1-192.168.2.255", "3.3.3.3", "2.2.2.2/24", "myHostname") From 80328159f0d0fd18124d616b0984426763cc4d59 Mon Sep 17 00:00:00 2001 From: Shreya Malviya Date: Tue, 27 Sep 2022 16:30:28 +0530 Subject: [PATCH 8/9] Agent: Change return type hint of _get_segmentation_check_targets() to be more specific --- .../infection_monkey/network_scanning/scan_target_generator.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/monkey/infection_monkey/network_scanning/scan_target_generator.py b/monkey/infection_monkey/network_scanning/scan_target_generator.py index 5e0e06ae5..d601ea024 100644 --- a/monkey/infection_monkey/network_scanning/scan_target_generator.py +++ b/monkey/infection_monkey/network_scanning/scan_target_generator.py @@ -112,7 +112,7 @@ def _remove_ips_from_scan_targets( def _get_segmentation_check_targets( inaccessible_subnets: Iterable[str], local_interfaces: Iterable[IPv4Interface] -) -> Sequence[NetworkAddress]: +) -> List[NetworkAddress]: ips_to_scan = [] local_ips = [str(interface.ip) for interface in local_interfaces] From 688a41a11e2d570acd8248907332ab0d925ef49d Mon Sep 17 00:00:00 2001 From: Shreya Malviya Date: Tue, 27 Sep 2022 16:32:09 +0530 Subject: [PATCH 9/9] BB: Rename local_network_scan -> scan_my_networks in test_configurations/noop.py --- envs/monkey_zoo/blackbox/test_configurations/noop.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/envs/monkey_zoo/blackbox/test_configurations/noop.py b/envs/monkey_zoo/blackbox/test_configurations/noop.py index 337bdfffa..0fe4d380b 100644 --- a/envs/monkey_zoo/blackbox/test_configurations/noop.py +++ b/envs/monkey_zoo/blackbox/test_configurations/noop.py @@ -22,7 +22,7 @@ _custom_pba_configuration = CustomPBAConfiguration( _tcp_scan_configuration = TCPScanConfiguration(timeout=3.0, ports=[]) _icmp_scan_configuration = ICMPScanConfiguration(timeout=1.0) _scan_target_configuration = ScanTargetConfiguration( - blocked_ips=[], inaccessible_subnets=[], local_network_scan=False, subnets=[] + blocked_ips=[], inaccessible_subnets=[], scan_my_networks=False, subnets=[] ) _network_scan_configuration = NetworkScanConfiguration( tcp=_tcp_scan_configuration,