Merge pull request #2356 from guardicore/2299-local-network-scan-ui-tooltip

Info box in UI for Scan Agent's networks
This commit is contained in:
Mike Salvatore 2022-09-28 15:41:09 -04:00 committed by GitHub
commit 83f0ebfda4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 72 additions and 51 deletions

View File

@ -78,7 +78,7 @@ FINGERPRINTERS = (
)
SCAN_TARGET_CONFIGURATION = ScanTargetConfiguration(
blocked_ips=tuple(), inaccessible_subnets=tuple(), scan_my_networks=True, subnets=tuple()
blocked_ips=tuple(), inaccessible_subnets=tuple(), scan_my_networks=False, subnets=tuple()
)
NETWORK_SCAN_CONFIGURATION = NetworkScanConfiguration(
tcp=TCP_SCAN_CONFIGURATION,

View File

@ -1,6 +1,7 @@
import AdvancedMultiSelect from '../ui-components/AdvancedMultiSelect';
import InfoBox from './InfoBox';
import TextBox from './TextBox.js';
import WarningBox from './WarningBox';
import PbaInput from './PbaInput';
import { API_PBA_LINUX, API_PBA_WINDOWS } from '../pages/ConfigurePage';
import SensitiveTextInput from '../ui-components/SensitiveTextInput';
@ -60,9 +61,6 @@ export default function UiSchema(props) {
},
network_scan: {
targets: {
info_box: {
'ui:field': InfoBox
},
blocked_ips: {
items: {
classNames: 'config-template-no-header'
@ -73,6 +71,9 @@ export default function UiSchema(props) {
classNames: 'config-template-no-header'
}
},
info_box_scan_my_networks: {
'ui:field': WarningBox
},
subnets: {
items: {
classNames: 'config-template-no-header'

View File

@ -0,0 +1,17 @@
import * as React from 'react';
import { FontAwesomeIcon } from '@fortawesome/react-fontawesome';
import { faExclamationTriangle } from '@fortawesome/free-solid-svg-icons/faExclamationTriangle';
class WarningBox extends React.Component {
render() {
return (
<div className='alert alert-warning'>
<FontAwesomeIcon icon={faExclamationTriangle} style={{ 'marginRight': '5px' }} />
{this.props.schema.info}
</div>
);
}
}
export default WarningBox;

View File

@ -1,12 +1,10 @@
const SCAN_TARGET_CONFIGURATION_SCHEMA = {
'title': 'Network',
'type': 'object',
'description': 'If "Scan Agent\'s networks" is checked, the Monkey scans for machines on each ' +
'of the network interfaces of the machine it is running on.\nAdditionally, the Monkey scans ' +
'machines according to "Scan target list" and skips machines in "Blocked IPs".',
'properties': {
'info_box': {
'info': 'The Monkey scans for machines on each of the network interfaces of the ' +
'machine it is running on if "Scan Agent\'s networks" is checked. ' +
'Additionally, the Monkey scans machines according to "Scan target list". '
},
'blocked_ips': {
'title': 'Blocked IPs',
'type': 'array',
@ -18,6 +16,33 @@ const SCAN_TARGET_CONFIGURATION_SCHEMA = {
'default': [],
'description': 'List of IPs that the monkey will not scan.'
},
'info_box_scan_my_networks': {
'info': 'If the agent runs on a machine that has a publicly-facing network interface, ' +
'this setting could cause scanning and exploitation of systems outside your organization.'
},
'scan_my_networks': {
'title': 'Scan Agent\'s networks',
'type': 'boolean',
'default': false
},
'subnets': {
'title': 'Scan target list',
'type': 'array',
'uniqueItems': true,
'items': {
'type': 'string',
'format': 'ip-range'
},
'default': [],
'description': 'List of targets the Monkey will try to scan. Targets can be ' +
'IPs, subnets or hosts. ' +
'Examples:\n' +
'\tTarget a specific IP: "192.168.0.1"\n' +
'\tTarget a subnet using a network range: ' +
'"192.168.0.5-192.168.0.20"\n' +
'\tTarget a subnet using an IP mask: "192.168.0.5/24"\n' +
'\tTarget a specific host: "printer.example"'
},
'inaccessible_subnets': {
'title': 'Network segmentation testing',
'type': 'array',
@ -40,36 +65,7 @@ const SCAN_TARGET_CONFIGURATION_SCHEMA = {
'"192.168.0.5-192.168.0.20"\n' +
'\tDefine a segment using an subnet IP mask: "192.168.0.5/24"\n' +
'\tDefine a single-host segment: "printer.example"'
},
'scan_my_networks': {
'title': 'Scan Agent\'s networks',
'type': 'boolean',
'default': false,
'description': 'If enabled, the Agent will go over all network interfaces and ' +
'will scan their networks,' +
' in addition to the IPs that are configured manually in the "Scan target list". ' +
'Note: If the Agent runs on a machine within a public network,' +
' this setting will cause scanning and exploitation attempts on that network.'
},
'subnets': {
'title': 'Scan target list',
'type': 'array',
'uniqueItems': true,
'items': {
'type': 'string',
'format': 'ip-range'
},
'default': [],
'description': 'List of targets the Monkey will try to scan. Targets can be ' +
'IPs, subnets or hosts. ' +
'Examples:\n' +
'\tTarget a specific IP: "192.168.0.1"\n' +
'\tTarget a subnet using a network range: ' +
'"192.168.0.5-192.168.0.20"\n' +
'\tTarget a subnet using an IP mask: "192.168.0.5/24"\n' +
'\tTarget a specific host: "printer.example"'
}
}
}
export default SCAN_TARGET_CONFIGURATION_SCHEMA;

View File

@ -17,7 +17,8 @@
color: $black;
}
.config-nav .nav-item > a:hover:not(.active), .config-nav .nav-item > a:focus:not(.active){
.config-nav .nav-item>a:hover:not(.active),
.config-nav .nav-item>a:focus:not(.active) {
text-decoration: none;
background-color: $light-gray;
}
@ -58,3 +59,9 @@
color: #FFC107;
margin-left: .75em;
}
.alert-info .warning-icon {
text-transform: uppercase;
color: #FFC107;
margin-right: .5em;
}