UI: Change advanced multi select to work with plugins

2022-07-01 13:24:57 +03:00 · 2022-07-01 13:24:57 +03:00 · 3339a2a957
parent 6a7dce50f0
commit 3339a2a957
4 changed files with 92 additions and 64 deletions
--- a/monkey/monkey_island/cc/ui/src/components/configuration-components/UiSchema.js
+++ b/monkey/monkey_island/cc/ui/src/components/configuration-components/UiSchema.js
@ -6,15 +6,17 @@ export default function UiSchema(props) {
    propagation: {
      exploitation: {
        brute_force: {
+          classNames: 'config-template-no-header',
+          'ui:widget': AdvancedMultiSelect,
          brute_force_classes: {
            classNames: 'config-template-no-header',
-            'ui:widget': AdvancedMultiSelect
          }
        },
        vulnerability: {
+          classNames: 'config-template-no-header',
          vulnerability_classes: {
            classNames: 'config-template-no-header',
-            'ui:widget': AdvancedMultiSelect
+            //'ui:widget': AdvancedMultiSelect
          }
        }
      },
--- a/monkey/monkey_island/cc/ui/src/components/ui-components/AdvancedMultiSelect.js
+++ b/monkey/monkey_island/cc/ui/src/components/ui-components/AdvancedMultiSelect.js
@ -6,7 +6,7 @@ import {cloneDeep} from 'lodash';
 import {getDefaultPaneParams, InfoPane, WarningType} from './InfoPane';
 import {MasterCheckbox, MasterCheckboxState} from './MasterCheckbox';
 import ChildCheckboxContainer from './ChildCheckbox';
-import {getFullDefinitionByKey} from './JsonSchemaHelpers';
+import {getFullDefinitionByKey, getObjectFromRegistryByRef} from './JsonSchemaHelpers';

 function AdvancedMultiSelectHeader(props) {
  const {
@ -17,6 +17,7 @@ function AdvancedMultiSelectHeader(props) {
    onResetClick
  } = props;

+
  return (
    <Card.Header className="d-flex justify-content-between">
      <MasterCheckbox title={title} onClick={onCheckboxClick} checkboxState={checkboxState}/>
@ -31,23 +32,50 @@ function AdvancedMultiSelectHeader(props) {
 class AdvancedMultiSelect extends React.Component {
  constructor(props) {
    super(props);
-
    this.defaultValues = props.schema.default;
    this.infoPaneRefString = props.schema.items.$ref;
    this.registry = props.registry;
    this.enumOptions = props.options.enumOptions.sort(this.compareOptions);
+    this.value = JSON.parse(JSON.stringify(props.value)).map(v => v.name);

    this.state = {
-      masterCheckboxState: this.getMasterCheckboxState(props.value),
-      hideReset: this.getHideResetState(props.value),
+      masterCheckboxState: this.getMasterCheckboxState(this.value),
+      hideReset: this.getHideResetState(this.value),
      infoPaneParams: getDefaultPaneParams(
        this.infoPaneRefString,
        this.registry,
-        this.isUnsafeOptionSelected(props.value)
-      )
+        this.isUnsafeOptionSelected(this.value)
+      ),
+      pluginDefinitions: getObjectFromRegistryByRef(this.infoPaneRefString, this.registry).pluginDefs,
+      value: JSON.parse(JSON.stringify(props.value)).map(v => v.name)
    };
  }

+  onChange = (strValues) => {
+    console.log("Values");
+    console.log(this.props);
+    console.log(this.state);
+    console.log(strValues);
+    let newValues = [];
+    for (let j = 0; j < strValues.length; j++){
+      let found = false;
+      for (let i = 0; i < this.props.value.length; i++){
+        if(strValues[j] === this.props.value[i]['name']){
+          newValues.push(JSON.parse(JSON.stringify(this.props.value[i])))
+          found = true;
+          break;
+        }
+      }
+      if(! found){
+        newValues.push(this.state.pluginDefinitions[strValues[j]]);
+      }
+    }
+    newValues = JSON.parse(JSON.stringify(newValues));
+    console.log(newValues);
+    this.props.onChange(newValues)
+    this.setState({value: newValues.map(v => v.name)});
+  }
+
  // Sort options alphabetically. "Unsafe" options float to the top so that they
  // do not get selected and hidden at the bottom of the list.
  compareOptions = (a, b) => {
@ -76,14 +104,14 @@ class AdvancedMultiSelect extends React.Component {

  onChildCheckboxClick = (value) => {
    let selectValues = this.getSelectValuesAfterClick(value);
-    this.props.onChange(selectValues);
+    this.onChange(selectValues);

    this.setMasterCheckboxState(selectValues);
    this.setHideResetState(selectValues);
  }

  getSelectValuesAfterClick(clickedValue) {
-    const valueArray = cloneDeep(this.props.value);
+    const valueArray = cloneDeep(this.state.value);

    if (valueArray.includes(clickedValue)) {
      return valueArray.filter(e => e !== clickedValue);
@ -169,7 +197,6 @@ class AdvancedMultiSelect extends React.Component {
      multiple,
      required,
      schema,
-      value
    } = this.props;

    return (
@ -182,7 +209,7 @@ class AdvancedMultiSelect extends React.Component {
        <ChildCheckboxContainer id={id} multiple={multiple} required={required}
          autoFocus={autofocus} isSafe={this.isSafe}
          onPaneClick={this.setPaneInfo} onCheckboxClick={this.onChildCheckboxClick}
-          selectedValues={value} enumOptions={this.enumOptions}/>
+          selectedValues={this.state.value} enumOptions={this.enumOptions}/>

        <InfoPane title={this.state.infoPaneParams.title}
          body={this.state.infoPaneParams.content}
@ -193,7 +220,7 @@ class AdvancedMultiSelect extends React.Component {
  }

  componentDidUpdate(_prevProps) {
-    this.setMasterCheckboxState(this.props.value);
+    this.setMasterCheckboxState(this.value);
  }
 }

--- a/monkey/monkey_island/cc/ui/src/services/configuration/definitions/exploitation.js
+++ b/monkey/monkey_island/cc/ui/src/services/configuration/definitions/exploitation.js
@ -6,41 +6,37 @@ export const exploitationConfigurationSchema = {
  'description': 'Choose which exploiters the Monkey will attempt.',
  'properties': {
    'brute_force': {
-      'title': 'Brute force exploiter',
-      'type': 'object',
-      'properties': {
-        'brute_force_classes': {
-          'type': 'array',
-          'uniqueItems': true,
-          'items': {
-            '$ref': '#/definitions/brute_force_classes'
-          },
-          'default' : [
-            'SmbExploiter',
-            'WmiExploiter',
-            'SSHExploiter',
-            'MSSQLExploiter'
-          ]
-        }
+      'title': 'Brute force exploiters',
+      'type': 'array',
+      'uniqueItems': true,
+      'items': {
+        '$ref': '#/definitions/brute_force_classes'
+      },
+      'default': [
+        'SmbExploiter',
+        'WmiExploiter',
+        'SSHExploiter',
+        'MSSQLExploiter'
+      ]
+    }
+  },
+  'vulnerability': {
+    'title': 'Vulnerability Exploiters',
+    'type': 'object',
+    'properties': {
+      'vulnerability_classes': {
+        'title': 'Vulnerability Exploiters',
+        'type': 'array',
+        'uniqueItems': true,
+        'items': {
+          '$ref': '#/definitions/vulnerability_classes'
+        },
+        'default': [
+          'Log4ShellExploiter',
+          'HadoopExploiter'
+        ]
      }
-    },
-    'vulnerability': {
-      'title': 'Vulnerability Exploiters',
-      'type': 'object',
-      'properties': {
-        'vulnerability_classes': {
-          'type': 'array',
-          'uniqueItems': true,
-          'items': {
-            '$ref': '#/definitions/vulnerability_classes'
-          },
-          'default' : [
-            'Log4ShellExploiter',
-            'HadoopExploiter'
-]
-        }
-      }
-    },
-    'options': exploitationOptionsConfigurationSchema
-  }
+    }
+  },
+  'options': exploitationOptionsConfigurationSchema
 };
--- a/monkey/monkey_island/cc/ui/src/services/configuration/definitions/exploiter_classes.js
+++ b/monkey/monkey_island/cc/ui/src/services/configuration/definitions/exploiter_classes.js
@ -5,24 +5,40 @@ export const bruteForceExploiters = {
    + ' Note that using unsafe exploits may cause crashes of the exploited ' +
    'machine/service.',
    'type': 'string',
+    'pluginDefs': {
+     'SmbExploiter': {'name': 'SmbExploiter', 'options': {}},
+     'PowerShellExploiter': {'name': 'PowerShellExploiter', 'options': {}},
+     'WmiExploiter': {'name': 'WmiExploiter', 'options': {}},
+     'MSSQLExploiter': {'name': 'MSSQLExploiter', 'options': {}},
+     'SSHExploiter': {'name': 'SSHExploiter', 'options': {}}
+    },
    'anyOf': [
        {
            'type': 'string',
            'enum': ['SmbExploiter'],
            'title': 'SMB Exploiter',
            'safe': true,
-            'attack_techniques': ['T1110', 'T1075', 'T1035'],
            'info': 'Brute forces using credentials provided by user and' +
            ' hashes gathered by mimikatz.',
            'link': 'https://www.guardicore.com/infectionmonkey/docs/reference' +
            '/exploiters/smbexec/'
        },
+        {
+          'type': 'string',
+          'enum': ['PowerShellExploiter'],
+          'title': 'PowerShell Remoting Exploiter',
+          'info': 'Exploits PowerShell remote execution setups. PowerShell Remoting uses Windows ' +
+          'Remote Management (WinRM) to allow users to run PowerShell commands on remote ' +
+          'computers.',
+          'safe': true,
+          'link': 'https://www.guardicore.com/infectionmonkey' +
+          '/docs/reference/exploiters/powershell'
+        },
        {
            'type': 'string',
            'enum': ['WmiExploiter'],
            'title': 'WMI Exploiter',
            'safe': true,
-            'attack_techniques': ['T1110', 'T1106'],
            'info': 'Brute forces WMI (Windows Management Instrumentation) ' +
            'using credentials provided by user and hashes gathered by ' +
            'mimikatz.',
@ -34,7 +50,6 @@ export const bruteForceExploiters = {
            'enum': ['MSSQLExploiter'],
            'title': 'MSSQL Exploiter',
            'safe': true,
-            'attack_techniques': ['T1110'],
            'info': 'Tries to brute force into MsSQL server and uses insecure ' +
            'configuration to execute commands on server.',
            'link': 'https://www.guardicore.com/infectionmonkey/docs/reference' +
@ -45,7 +60,6 @@ export const bruteForceExploiters = {
            'enum': ['SSHExploiter'],
            'title': 'SSH Exploiter',
            'safe': true,
-            'attack_techniques': ['T1110', 'T1145', 'T1106'],
            'info': 'Brute forces using credentials provided by user and SSH keys ' +
            'gathered from systems.',
            'link': 'https://www.guardicore.com/infectionmonkey/docs/reference' +
@ -77,17 +91,6 @@ export const vulnerabilityExploiters = {
      'link': 'https://www.guardicore.com/infectionmonkey' +
      '/docs/reference/exploiters/zerologon/'
    },
-    {
-      'type': 'string',
-      'enum': ['PowerShellExploiter'],
-      'title': 'PowerShell Remoting Exploiter',
-      'info': 'Exploits PowerShell remote execution setups. PowerShell Remoting uses Windows ' +
-      'Remote Management (WinRM) to allow users to run PowerShell commands on remote ' +
-      'computers.',
-      'safe': true,
-      'link': 'https://www.guardicore.com/infectionmonkey' +
-      '/docs/reference/exploiters/powershell'
-    },
    {
      'type': 'string',
      'enum': ['Log4ShellExploiter'],