From c10b5c9e79e93cc4aee33b145f7a62dcfcbf287f Mon Sep 17 00:00:00 2001
From: Ilija Lazoroski <ilija.la@live.com>
Date: Fri, 8 Apr 2022 14:06:34 +0200
Subject: [PATCH] Island: Remove WebLogic exploiter

---
 .../cc/services/config_schema/basic.py        |  1 -
 .../definitions/exploiter_classes.py          |  9 --------
 .../cc/services/reporting/aws_exporter.py     | 22 ------------------
 .../exploiter_descriptor_enum.py              |  3 ---
 .../report-components/SecurityReport.js       |  6 -----
 .../security/issues/WebLogicIssue.js          | 23 -------------------
 6 files changed, 64 deletions(-)
 delete mode 100644 monkey/monkey_island/cc/ui/src/components/report-components/security/issues/WebLogicIssue.js

diff --git a/monkey/monkey_island/cc/services/config_schema/basic.py b/monkey/monkey_island/cc/services/config_schema/basic.py
index b542d7d7d..0ce28a3d1 100644
--- a/monkey/monkey_island/cc/services/config_schema/basic.py
+++ b/monkey/monkey_island/cc/services/config_schema/basic.py
@@ -18,7 +18,6 @@ BASIC = {
                         "WmiExploiter",
                         "SSHExploiter",
                         "Log4ShellExploiter",
-                        "WebLogicExploiter",
                         "HadoopExploiter",
                         "MSSQLExploiter",
                         "PowerShellExploiter",
diff --git a/monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py b/monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py
index 4745ef4ae..2ecaa977b 100644
--- a/monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py
+++ b/monkey/monkey_island/cc/services/config_schema/definitions/exploiter_classes.py
@@ -53,15 +53,6 @@ EXPLOITER_CLASSES = {
             "link": "https://www.guardicore.com/infectionmonkey/docs/reference"
             "/exploiters/sshexec/",
         },
-        {
-            "type": "string",
-            "enum": ["WebLogicExploiter"],
-            "title": "WebLogic Exploiter",
-            "safe": True,
-            "info": "Exploits CVE-2017-10271 and CVE-2019-2725 vulnerabilities on WebLogic server.",
-            "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters"
-            "/weblogic/",
-        },
         {
             "type": "string",
             "enum": ["HadoopExploiter"],
diff --git a/monkey/monkey_island/cc/services/reporting/aws_exporter.py b/monkey/monkey_island/cc/services/reporting/aws_exporter.py
index 5ec07ecdf..7c6d0903d 100644
--- a/monkey/monkey_island/cc/services/reporting/aws_exporter.py
+++ b/monkey/monkey_island/cc/services/reporting/aws_exporter.py
@@ -81,7 +81,6 @@ class AWSExporter(Exporter):
             "shared_passwords_domain": AWSExporter._handle_shared_passwords_domain_issue,
             "shared_admins_domain": AWSExporter._handle_shared_admins_domain_issue,
             "strong_users_on_crit": AWSExporter._handle_strong_users_on_crit_issue,
-            ExploiterDescriptorEnum.WEBLOGIC.value.class_name: AWSExporter._handle_weblogic_issue,
             ExploiterDescriptorEnum.HADOOP.value.class_name: AWSExporter._handle_hadoop_issue,
         }
 
@@ -386,27 +385,6 @@ class AWSExporter(Exporter):
             instance_id=issue["aws_instance_id"] if "aws_instance_id" in issue else None,
         )
 
-    @staticmethod
-    def _handle_weblogic_issue(issue, instance_arn):
-
-        return AWSExporter._build_generic_finding(
-            severity=10,
-            title="Oracle WebLogic servers are vulnerable to remote code execution.",
-            description="Install Oracle critical patch updates. Or update to the latest "
-            "version. "
-            "Vulnerable versions are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and "
-            "12.2.1.2.0.",
-            recommendation="Oracle WebLogic server at {machine} ({ip_address}) is vulnerable "
-            "to remote code execution attack."
-            "The attack was made possible due to incorrect permission "
-            "assignment in Oracle Fusion Middleware "
-            "(subcomponent: WLS Security).".format(
-                machine=issue["machine"], ip_address=issue["ip_address"]
-            ),
-            instance_arn=instance_arn,
-            instance_id=issue["aws_instance_id"] if "aws_instance_id" in issue else None,
-        )
-
     @staticmethod
     def _handle_hadoop_issue(issue, instance_arn):
 
diff --git a/monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py b/monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py
index 8bab1f296..63785acc6 100644
--- a/monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py
+++ b/monkey/monkey_island/cc/services/reporting/issue_processing/exploit_processing/exploiter_descriptor_enum.py
@@ -28,9 +28,6 @@ class ExploiterDescriptorEnum(Enum):
     SMB = ExploiterDescriptor("SmbExploiter", "SMB Exploiter", CredExploitProcessor)
     WMI = ExploiterDescriptor("WmiExploiter", "WMI Exploiter", CredExploitProcessor)
     SSH = ExploiterDescriptor("SSHExploiter", "SSH Exploiter", CredExploitProcessor)
-    WEBLOGIC = ExploiterDescriptor(
-        "WebLogicExploiter", "Oracle WebLogic Exploiter", ExploitProcessor
-    )
     HADOOP = ExploiterDescriptor("HadoopExploiter", "Hadoop/Yarn Exploiter", ExploitProcessor)
     MSSQL = ExploiterDescriptor("MSSQLExploiter", "MSSQL Exploiter", ExploitProcessor)
     ZEROLOGON = ExploiterDescriptor(
diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js b/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js
index 2ac11c211..a23cd6eb8 100644
--- a/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js
+++ b/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js
@@ -20,7 +20,6 @@ import guardicoreLogoImage from '../../images/guardicore-logo.png'
 import {faExclamationTriangle} from '@fortawesome/free-solid-svg-icons';
 import '../../styles/App.css';
 import {smbPasswordReport, smbPthReport} from './security/issues/SmbIssue';
-import {webLogicIssueOverview, webLogicIssueReport} from './security/issues/WebLogicIssue';
 import {hadoopIssueOverview, hadoopIssueReport} from './security/issues/HadoopIssue';
 import {mssqlIssueOverview, mssqlIssueReport} from './security/issues/MssqlIssue';
 import {wmiPasswordIssueReport, wmiPthIssueReport} from './security/issues/WmiIssue';
@@ -76,11 +75,6 @@ class ReportPageComponent extends AuthComponent {
         },
         [this.issueContentTypes.TYPE]: this.issueTypes.DANGER
       },
-      'WebLogicExploiter': {
-        [this.issueContentTypes.OVERVIEW]: webLogicIssueOverview,
-        [this.issueContentTypes.REPORT]: webLogicIssueReport,
-        [this.issueContentTypes.TYPE]: this.issueTypes.DANGER
-      },
       'HadoopExploiter': {
         [this.issueContentTypes.OVERVIEW]: hadoopIssueOverview,
         [this.issueContentTypes.REPORT]: hadoopIssueReport,
diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/WebLogicIssue.js b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/WebLogicIssue.js
deleted file mode 100644
index e7678c448..000000000
--- a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/WebLogicIssue.js
+++ /dev/null
@@ -1,23 +0,0 @@
-import React from 'react';
-import CollapsibleWellComponent from '../CollapsibleWell';
-
-export function webLogicIssueOverview() {
-  return (<li>Oracle WebLogic servers are susceptible to a remote code execution vulnerability.</li>)
-}
-
-export function webLogicIssueReport(issue) {
-  return (
-      <>
-        Update Oracle WebLogic server to the latest supported version.
-        <CollapsibleWellComponent>
-          Oracle WebLogic server at <span className="badge badge-primary">{issue.machine}</span> (<span
-          className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to one of <span
-          className="badge badge-danger">remote code execution</span> attacks.
-          <br/>
-          The attack was made possible due to one of the following vulnerabilities:
-          <a href={'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10271'}> CVE-2017-10271</a> or
-          <a href={'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2725'}> CVE-2019-2725</a>
-        </CollapsibleWellComponent>
-      </>
-    );
-}