Fixed trivial bugs like missing imports in issue UI files

2021-03-31 11:50:53 +03:00 · 2021-03-31 11:50:53 +03:00 · c504b21d33
parent 2b3351baec
commit c504b21d33
17 changed files with 85 additions and 5 deletions
--- a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/AzurePasswordIssue.js
+++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/AzurePasswordIssue.js
@ -1,4 +1,5 @@
 import React from 'react';
+import CollapsibleWellComponent from '../CollapsibleWell';

 export function AzurePasswordIssueOverview() {
  return (<li>Azure machines expose plaintext passwords. (<a
--- a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/CrossSegmentIssue.js
+++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/CrossSegmentIssue.js
@ -27,10 +27,10 @@ export function generateCrossSegmentIssue(crossSegmentIssue) {

 export function generateCrossSegmentIssueListItem(issue) {
    if (issue['is_self']) {
-      return this.generateCrossSegmentSingleHostMessage(issue);
+      return generateCrossSegmentSingleHostMessage(issue);
    }

-    return this.generateCrossSegmentMultiHostMessage(issue);
+    return generateCrossSegmentMultiHostMessage(issue);
  }

 export function generateCrossSegmentSingleHostMessage(issue) {
--- a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/DrupalIssue.js
+++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/DrupalIssue.js
@ -1,4 +1,5 @@
 import React from 'react';
+import CollapsibleWellComponent from '../CollapsibleWell';

 export function DrupalIssueOverview() {
  return (<li>Drupal server/s are vulnerable to <a
--- a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/ElasticIssue.js
+++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/ElasticIssue.js
@ -1,4 +1,5 @@
 import React from 'react';
+import CollapsibleWellComponent from '../CollapsibleWell';

 export function ElasticIssueOverview() {
  return (<li>Elasticsearch servers are vulnerable to <a
--- a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/HadoopIssue.js
+++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/HadoopIssue.js
@ -1,4 +1,5 @@
 import React from 'react';
+import CollapsibleWellComponent from '../CollapsibleWell';

 export function HadoopIssueOverview() {
  return (<li>Hadoop/Yarn servers are vulnerable to remote code execution.</li>)
--- a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/MS08_067Issue.js
+++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/MS08_067Issue.js
@ -1,4 +1,5 @@
 import React from 'react';
+import CollapsibleWellComponent from '../CollapsibleWell';

 export function MS08_067IssueOverview() {
  return (<li>Machines are vulnerable to ‘Conficker’ (<a
--- a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/MssqlIssue.js
+++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/MssqlIssue.js
@ -1,4 +1,5 @@
 import React from 'react';
+import CollapsibleWellComponent from '../CollapsibleWell';

 export function MssqlIssueOverview() {
  return (<li>MS-SQL servers are vulnerable to remote code execution via xp_cmdshell command.</li>)
--- a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/SambacryIssue.js
+++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/SambacryIssue.js
@ -1,4 +1,5 @@
 import React from 'react';
+import CollapsibleWellComponent from '../CollapsibleWell';

 export function SambacryIssueOverview() {
   return (<li>Samba servers are vulnerable to ‘SambaCry’ (<a
--- a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/SharedPasswordsIssue.js
+++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/SharedPasswordsIssue.js
@ -1,4 +1,6 @@
 import React from 'react';
+import CollapsibleWellComponent from '../CollapsibleWell';
+import {generateInfoBadges} from './utils';

 export function sharedPasswordsIssueOverview() {
   return (<li key={"shared_passwords"}>Multiple users have the same password</li>)
@ -15,7 +17,7 @@ export function generateSharedCredsDomainIssue(issue) {
        Some domain users are sharing passwords, this should be fixed by changing passwords.
        <CollapsibleWellComponent>
          These users are sharing access password:
-          {this.generateInfoBadges(issue.shared_with)}.
+          {generateInfoBadges(issue.shared_with)}.
        </CollapsibleWellComponent>
      </>
    );
@ -27,7 +29,7 @@ export function generateSharedCredsIssue(issue) {
        Some users are sharing passwords, this should be fixed by changing passwords.
        <CollapsibleWellComponent>
          These users are sharing access password:
-          {this.generateInfoBadges(issue.shared_with)}.
+          {generateInfoBadges(issue.shared_with)}.
        </CollapsibleWellComponent>
      </>
    );
@ -42,7 +44,7 @@ export function generateSharedLocalAdminsIssue(issue) {
        <CollapsibleWellComponent>
          Here is a list of machines which the account <span
          className="badge badge-primary">{issue.username}</span> is defined as an administrator:
-          {this.generateInfoBadges(issue.shared_machines)}
+          {generateInfoBadges(issue.shared_machines)}
        </CollapsibleWellComponent>
      </>
    );
--- a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/ShellShockIssue.js
+++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/ShellShockIssue.js
@ -1,4 +1,5 @@
 import React from 'react';
+import CollapsibleWellComponent from '../CollapsibleWell';

 export function ShellShockIssueOverview() {
  return (<li>Machines are vulnerable to ‘Shellshock’ (<a
--- a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/SshIssue.js
+++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/SshIssue.js
@ -1,4 +1,5 @@
 import React from 'react';
+import CollapsibleWellComponent from '../CollapsibleWell';

 export function SshIssueOverview() {
  return (<li>Stolen SSH keys are used to exploit other machines.</li>)
--- a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/StrongUsersOnCritIssue.js
+++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/StrongUsersOnCritIssue.js
@ -1,4 +1,5 @@
 import React from 'react';
+import CollapsibleWellComponent from '../CollapsibleWell';

 export function generateStrongUsersOnCritIssue(issue) {
    return (
--- a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/Struts2Issue.js
+++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/Struts2Issue.js
@ -1,4 +1,5 @@
 import React from 'react';
+import CollapsibleWellComponent from '../CollapsibleWell';

 export function Struts2IssueOverview() {
  return (<li>Struts2 servers are vulnerable to remote code execution. (<a
--- a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/TunnelIssue.js
+++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/TunnelIssue.js
@ -1,4 +1,5 @@
 import React from 'react';
+import CollapsibleWellComponent from '../CollapsibleWell';

 export function generateTunnelIssueOverview(){
  return (<li key="tunnel">Weak segmentation - Machines were able to communicate over unused ports.</li>)
--- a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/VsftpdIssue.js
+++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/VsftpdIssue.js
@ -1,4 +1,5 @@
 import React from 'react';
+import CollapsibleWellComponent from '../CollapsibleWell';

 export function VsftpdIssueOverview() {
  return (<li>VSFTPD is vulnerable to <a
--- a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/WebLogicIssue.js
+++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/WebLogicIssue.js
@ -1,4 +1,5 @@
 import React from 'react';
+import CollapsibleWellComponent from '../CollapsibleWell';

 export function WebLogicIssueOverview() {
  return (<li>Oracle WebLogic servers are susceptible to a remote code execution vulnerability.</li>)
--- a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/ZerologonIssue.js
+++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/ZerologonIssue.js
@ -0,0 +1,64 @@
+import React from 'react';
+import CollapsibleWellComponent from '../CollapsibleWell';
+import WarningIcon from '../../../ui-components/WarningIcon';
+import {Button} from 'react-bootstrap';
+
+export function ZerologonIssueOverview() {
+  return (
+    <li>
+      Some Windows domain controllers are vulnerable to 'Zerologon' (
+      <Button variant={'link'}
+              href='https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472'
+              target={'_blank'}
+              className={'security-report-link'}>
+        CVE-2020-1472
+      </Button>).
+    </li>
+  )
+}
+
+export function ZerologonOverviewWithFailedPassResetWarning() {
+  let overview = [ZerologonIssueOverview()];
+  overview.push(
+    <li>
+      <span className={'zero-logon-overview-pass-restore-failed'}>
+        <WarningIcon/>
+        Automatic password restoration on a domain controller failed!
+        <Button variant={'link'}
+                href={'https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/zerologon/'}
+                target={'_blank'}
+                className={'security-report-link'}>
+          Restore your domain controller's password manually.
+        </Button>
+      </span>
+    </li>
+  )
+  return overview;
+}
+
+export function ZerologonIssueReport(issue) {
+  return (
+    <>
+      Install Windows security updates.
+      <CollapsibleWellComponent>
+        The machine <span className="badge badge-primary">{issue.machine}</span> (<span
+        className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to a <span
+        className="badge badge-danger">Zerologon exploit</span>.
+        <br/>
+        The attack was possible because the latest security updates from Microsoft
+        have not been applied to this machine. For more information about this
+        vulnerability, read <a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472">
+        Microsoft's documentation.</a>
+        {!issue.password_restored ?
+          <div className={'info-pane-warning'} key={'warning'}>
+            <br/><WarningIcon/>
+            <span>
+              The domain controller's password was changed during the exploit and could not be restored successfully.
+              Instructions on how to manually reset the domain controller's password can be found <a
+              href="https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/zerologon/">here</a>.
+            </span>
+          </div> : null}
+      </CollapsibleWellComponent>
+    </>
+  );
+}