Renamed all zero trust tests to zero trust checks in back-end. This increases readability, because it differentiates unit test code from production code

This commit is contained in:
VakarisZ 2020-09-08 12:41:59 +03:00
parent 3490be1d8f
commit 4e1e9907b1
15 changed files with 45 additions and 50 deletions

View File

@ -9,8 +9,8 @@ from monkey_island.cc.services.edge.displayed_edge import EdgeService
from monkey_island.cc.services.node import NodeService from monkey_island.cc.services.node import NodeService
from monkey_island.cc.services.telemetry.processing.utils import \ from monkey_island.cc.services.telemetry.processing.utils import \
get_edge_by_scan_or_exploit_telemetry get_edge_by_scan_or_exploit_telemetry
from monkey_island.cc.services.telemetry.zero_trust_tests.machine_exploited import \ from monkey_island.cc.services.telemetry.zero_trust_checks.machine_exploited import \
test_machine_exploited check_machine_exploited
def process_exploit_telemetry(telemetry_json): def process_exploit_telemetry(telemetry_json):
@ -19,7 +19,7 @@ def process_exploit_telemetry(telemetry_json):
update_network_with_exploit(edge, telemetry_json) update_network_with_exploit(edge, telemetry_json)
update_node_credentials_from_successful_attempts(edge, telemetry_json) update_node_credentials_from_successful_attempts(edge, telemetry_json)
test_machine_exploited( check_machine_exploited(
current_monkey=Monkey.get_single_monkey_by_guid(telemetry_json['monkey_guid']), current_monkey=Monkey.get_single_monkey_by_guid(telemetry_json['monkey_guid']),
exploit_successful=telemetry_json['data']['result'], exploit_successful=telemetry_json['data']['result'],
exploiter=telemetry_json['data']['exploiter'], exploiter=telemetry_json['data']['exploiter'],

View File

@ -3,8 +3,8 @@ import copy
from common.common_consts.post_breach_consts import POST_BREACH_COMMUNICATE_AS_NEW_USER from common.common_consts.post_breach_consts import POST_BREACH_COMMUNICATE_AS_NEW_USER
from monkey_island.cc.database import mongo from monkey_island.cc.database import mongo
from monkey_island.cc.models import Monkey from monkey_island.cc.models import Monkey
from monkey_island.cc.services.telemetry.zero_trust_tests.communicate_as_new_user import \ from monkey_island.cc.services.telemetry.zero_trust_checks.communicate_as_new_user import \
test_new_user_communication check_new_user_communication
EXECUTION_WITHOUT_OUTPUT = "(PBA execution produced no output)" EXECUTION_WITHOUT_OUTPUT = "(PBA execution produced no output)"
@ -13,7 +13,7 @@ def process_communicate_as_new_user_telemetry(telemetry_json):
current_monkey = Monkey.get_single_monkey_by_guid(telemetry_json['monkey_guid']) current_monkey = Monkey.get_single_monkey_by_guid(telemetry_json['monkey_guid'])
message = telemetry_json['data']['result'][0] message = telemetry_json['data']['result'][0]
success = telemetry_json['data']['result'][1] success = telemetry_json['data']['result'][1]
test_new_user_communication(current_monkey, success, message) check_new_user_communication(current_monkey, success, message)
POST_BREACH_TELEMETRY_PROCESSING_FUNCS = { POST_BREACH_TELEMETRY_PROCESSING_FUNCS = {

View File

@ -4,19 +4,19 @@ from monkey_island.cc.services.edge.edge import EdgeService
from monkey_island.cc.services.node import NodeService from monkey_island.cc.services.node import NodeService
from monkey_island.cc.services.telemetry.processing.utils import \ from monkey_island.cc.services.telemetry.processing.utils import \
get_edge_by_scan_or_exploit_telemetry get_edge_by_scan_or_exploit_telemetry
from monkey_island.cc.services.telemetry.zero_trust_tests.data_endpoints import \ from monkey_island.cc.services.telemetry.zero_trust_checks.data_endpoints import \
test_open_data_endpoints check_open_data_endpoints
from monkey_island.cc.services.telemetry.zero_trust_tests.segmentation import \ from monkey_island.cc.services.telemetry.zero_trust_checks.segmentation import \
test_segmentation_violation check_segmentation_violation
def process_scan_telemetry(telemetry_json): def process_scan_telemetry(telemetry_json):
update_edges_and_nodes_based_on_scan_telemetry(telemetry_json) update_edges_and_nodes_based_on_scan_telemetry(telemetry_json)
test_open_data_endpoints(telemetry_json) check_open_data_endpoints(telemetry_json)
current_monkey = Monkey.get_single_monkey_by_guid(telemetry_json['monkey_guid']) current_monkey = Monkey.get_single_monkey_by_guid(telemetry_json['monkey_guid'])
target_ip = telemetry_json['data']['machine']['ip_addr'] target_ip = telemetry_json['data']['machine']['ip_addr']
test_segmentation_violation(current_monkey, target_ip) check_segmentation_violation(current_monkey, target_ip)
def update_edges_and_nodes_based_on_scan_telemetry(telemetry_json): def update_edges_and_nodes_based_on_scan_telemetry(telemetry_json):

View File

@ -2,8 +2,8 @@ import logging
from monkey_island.cc.models import Monkey from monkey_island.cc.models import Monkey
from monkey_island.cc.services.node import NodeService from monkey_island.cc.services.node import NodeService
from monkey_island.cc.services.telemetry.zero_trust_tests.segmentation import \ from monkey_island.cc.services.telemetry.zero_trust_checks.segmentation import \
test_passed_findings_for_unreached_segments check_passed_findings_for_unreached_segments
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@ -18,7 +18,7 @@ def process_state_telemetry(telemetry_json):
if telemetry_json['data']['done']: if telemetry_json['data']['done']:
current_monkey = Monkey.get_single_monkey_by_guid(telemetry_json['monkey_guid']) current_monkey = Monkey.get_single_monkey_by_guid(telemetry_json['monkey_guid'])
test_passed_findings_for_unreached_segments(current_monkey) check_passed_findings_for_unreached_segments(current_monkey)
if telemetry_json['data']['version']: if telemetry_json['data']['version']:
logger.info(f"monkey {telemetry_json['monkey_guid']} has version {telemetry_json['data']['version']}") logger.info(f"monkey {telemetry_json['monkey_guid']} has version {telemetry_json['data']['version']}")

View File

@ -14,8 +14,8 @@ from monkey_island.cc.services.telemetry.processing.system_info_collectors.hostn
process_hostname_telemetry process_hostname_telemetry
from monkey_island.cc.services.telemetry.processing.system_info_collectors.scoutsuite import \ from monkey_island.cc.services.telemetry.processing.system_info_collectors.scoutsuite import \
process_scout_suite_telemetry process_scout_suite_telemetry
from monkey_island.cc.services.telemetry.zero_trust_tests.antivirus_existence import \ from monkey_island.cc.services.telemetry.zero_trust_checks.antivirus_existence import \
test_antivirus_existence check_antivirus_existence
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@ -23,7 +23,7 @@ SYSTEM_INFO_COLLECTOR_TO_TELEMETRY_PROCESSORS = {
AWS_COLLECTOR: [process_aws_telemetry], AWS_COLLECTOR: [process_aws_telemetry],
ENVIRONMENT_COLLECTOR: [process_environment_telemetry], ENVIRONMENT_COLLECTOR: [process_environment_telemetry],
HOSTNAME_COLLECTOR: [process_hostname_telemetry], HOSTNAME_COLLECTOR: [process_hostname_telemetry],
PROCESS_LIST_COLLECTOR: [test_antivirus_existence], PROCESS_LIST_COLLECTOR: [check_antivirus_existence],
SCOUTSUITE_COLLECTOR: [process_scout_suite_telemetry] SCOUTSUITE_COLLECTOR: [process_scout_suite_telemetry]
} }

View File

@ -1,12 +1,12 @@
from monkey_island.cc.services.node import NodeService from monkey_island.cc.services.node import NodeService
from monkey_island.cc.services.telemetry.processing.utils import \ from monkey_island.cc.services.telemetry.processing.utils import \
get_tunnel_host_ip_from_proxy_field get_tunnel_host_ip_from_proxy_field
from monkey_island.cc.services.telemetry.zero_trust_tests.tunneling import \ from monkey_island.cc.services.telemetry.zero_trust_checks.tunneling import \
test_tunneling_violation check_tunneling_violation
def process_tunnel_telemetry(telemetry_json): def process_tunnel_telemetry(telemetry_json):
test_tunneling_violation(telemetry_json) check_tunneling_violation(telemetry_json)
monkey_id = NodeService.get_monkey_by_guid(telemetry_json['monkey_guid'])["_id"] monkey_id = NodeService.get_monkey_by_guid(telemetry_json['monkey_guid'])["_id"]
if telemetry_json['data']['proxy'] is not None: if telemetry_json['data']['proxy'] is not None:
tunnel_host_ip = get_tunnel_host_ip_from_proxy_field(telemetry_json) tunnel_host_ip = get_tunnel_host_ip_from_proxy_field(telemetry_json)

View File

@ -2,14 +2,13 @@ import json
import common.common_consts.zero_trust_consts as zero_trust_consts import common.common_consts.zero_trust_consts as zero_trust_consts
from monkey_island.cc.models import Monkey from monkey_island.cc.models import Monkey
from monkey_island.cc.models.zero_trust.aggregate_finding import \
AggregateFinding
from monkey_island.cc.models.zero_trust.event import Event from monkey_island.cc.models.zero_trust.event import Event
from monkey_island.cc.services.telemetry.zero_trust_tests.known_anti_viruses import \ from monkey_island.cc.services.telemetry.zero_trust_checks.known_anti_viruses import \
ANTI_VIRUS_KNOWN_PROCESS_NAMES ANTI_VIRUS_KNOWN_PROCESS_NAMES
from monkey_island.cc.services.zero_trust.monkey_finding_service import MonkeyFindingService
def test_antivirus_existence(process_list_json, monkey_guid): def check_antivirus_existence(process_list_json, monkey_guid):
current_monkey = Monkey.get_single_monkey_by_guid(monkey_guid) current_monkey = Monkey.get_single_monkey_by_guid(monkey_guid)
process_list_event = Event.create_event( process_list_event = Event.create_event(
@ -32,7 +31,7 @@ def test_antivirus_existence(process_list_json, monkey_guid):
test_status = zero_trust_consts.STATUS_PASSED test_status = zero_trust_consts.STATUS_PASSED
else: else:
test_status = zero_trust_consts.STATUS_FAILED test_status = zero_trust_consts.STATUS_FAILED
AggregateFinding.create_or_add_to_existing( MonkeyFindingService.create_or_add_to_existing(
test=zero_trust_consts.TEST_ENDPOINT_SECURITY_EXISTS, status=test_status, events=events test=zero_trust_consts.TEST_ENDPOINT_SECURITY_EXISTS, status=test_status, events=events
) )

View File

@ -1,6 +1,5 @@
import common.common_consts.zero_trust_consts as zero_trust_consts import common.common_consts.zero_trust_consts as zero_trust_consts
from monkey_island.cc.models.zero_trust.aggregate_finding import \ from monkey_island.cc.services.zero_trust.monkey_finding_service import MonkeyFindingService
AggregateFinding
from monkey_island.cc.models.zero_trust.event import Event from monkey_island.cc.models.zero_trust.event import Event
COMM_AS_NEW_USER_FAILED_FORMAT = "Monkey on {} couldn't communicate as new user. Details: {}" COMM_AS_NEW_USER_FAILED_FORMAT = "Monkey on {} couldn't communicate as new user. Details: {}"
@ -8,8 +7,8 @@ COMM_AS_NEW_USER_SUCCEEDED_FORMAT = \
"New user created by Monkey on {} successfully tried to communicate with the internet. Details: {}" "New user created by Monkey on {} successfully tried to communicate with the internet. Details: {}"
def test_new_user_communication(current_monkey, success, message): def check_new_user_communication(current_monkey, success, message):
AggregateFinding.create_or_add_to_existing( MonkeyFindingService.create_or_add_to_existing(
test=zero_trust_consts.TEST_COMMUNICATE_AS_NEW_USER, test=zero_trust_consts.TEST_COMMUNICATE_AS_NEW_USER,
# If the monkey succeeded to create a user, then the test failed. # If the monkey succeeded to create a user, then the test failed.
status=zero_trust_consts.STATUS_FAILED if success else zero_trust_consts.STATUS_PASSED, status=zero_trust_consts.STATUS_FAILED if success else zero_trust_consts.STATUS_PASSED,

View File

@ -3,14 +3,13 @@ import json
import common.common_consts.zero_trust_consts as zero_trust_consts import common.common_consts.zero_trust_consts as zero_trust_consts
from common.common_consts.network_consts import ES_SERVICE from common.common_consts.network_consts import ES_SERVICE
from monkey_island.cc.models import Monkey from monkey_island.cc.models import Monkey
from monkey_island.cc.models.zero_trust.aggregate_finding import (
AggregateFinding, add_malicious_activity_to_timeline)
from monkey_island.cc.models.zero_trust.event import Event from monkey_island.cc.models.zero_trust.event import Event
from monkey_island.cc.services.zero_trust.monkey_finding_service import MonkeyFindingService
HTTP_SERVERS_SERVICES_NAMES = ['tcp-80'] HTTP_SERVERS_SERVICES_NAMES = ['tcp-80']
def test_open_data_endpoints(telemetry_json): def check_open_data_endpoints(telemetry_json):
services = telemetry_json["data"]["machine"]["services"] services = telemetry_json["data"]["machine"]["services"]
current_monkey = Monkey.get_single_monkey_by_guid(telemetry_json['monkey_guid']) current_monkey = Monkey.get_single_monkey_by_guid(telemetry_json['monkey_guid'])
found_http_server_status = zero_trust_consts.STATUS_PASSED found_http_server_status = zero_trust_consts.STATUS_PASSED
@ -56,16 +55,16 @@ def test_open_data_endpoints(telemetry_json):
event_type=zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK event_type=zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK
)) ))
AggregateFinding.create_or_add_to_existing( MonkeyFindingService.create_or_add_to_existing(
test=zero_trust_consts.TEST_DATA_ENDPOINT_HTTP, test=zero_trust_consts.TEST_DATA_ENDPOINT_HTTP,
status=found_http_server_status, status=found_http_server_status,
events=events events=events
) )
AggregateFinding.create_or_add_to_existing( MonkeyFindingService.create_or_add_to_existing(
test=zero_trust_consts.TEST_DATA_ENDPOINT_ELASTIC, test=zero_trust_consts.TEST_DATA_ENDPOINT_ELASTIC,
status=found_elastic_search_server, status=found_elastic_search_server,
events=events events=events
) )
add_malicious_activity_to_timeline(events) MonkeyFindingService.add_malicious_activity_to_timeline(events)

View File

@ -1,10 +1,9 @@
import common.common_consts.zero_trust_consts as zero_trust_consts import common.common_consts.zero_trust_consts as zero_trust_consts
from monkey_island.cc.models.zero_trust.aggregate_finding import (
AggregateFinding, add_malicious_activity_to_timeline)
from monkey_island.cc.models.zero_trust.event import Event from monkey_island.cc.models.zero_trust.event import Event
from monkey_island.cc.services.zero_trust.monkey_finding_service import MonkeyFindingService
def test_machine_exploited(current_monkey, exploit_successful, exploiter, target_ip, timestamp): def check_machine_exploited(current_monkey, exploit_successful, exploiter, target_ip, timestamp):
events = [ events = [
Event.create_event( Event.create_event(
title="Exploit attempt", title="Exploit attempt",
@ -30,10 +29,10 @@ def test_machine_exploited(current_monkey, exploit_successful, exploiter, target
) )
status = zero_trust_consts.STATUS_FAILED status = zero_trust_consts.STATUS_FAILED
AggregateFinding.create_or_add_to_existing( MonkeyFindingService.create_or_add_to_existing(
test=zero_trust_consts.TEST_MACHINE_EXPLOITED, test=zero_trust_consts.TEST_MACHINE_EXPLOITED,
status=status, status=status,
events=events events=events
) )
add_malicious_activity_to_timeline(events) MonkeyFindingService.add_malicious_activity_to_timeline(events)

View File

@ -19,7 +19,7 @@ SEGMENTATION_VIOLATION_EVENT_TEXT = \
"managed to communicate cross segment to {target_ip} (in segment {target_seg})." "managed to communicate cross segment to {target_ip} (in segment {target_seg})."
def test_segmentation_violation(current_monkey, target_ip): def check_segmentation_violation(current_monkey, target_ip):
# TODO - lower code duplication between this and report.py. # TODO - lower code duplication between this and report.py.
subnet_groups = get_config_network_segments_as_subnet_groups() subnet_groups = get_config_network_segments_as_subnet_groups()
for subnet_group in subnet_groups: for subnet_group in subnet_groups:
@ -73,7 +73,7 @@ def get_segmentation_violation_event(current_monkey, source_subnet, target_ip, t
) )
def test_passed_findings_for_unreached_segments(current_monkey): def check_passed_findings_for_unreached_segments(current_monkey):
flat_all_subnets = [item for sublist in get_config_network_segments_as_subnet_groups() for item in sublist] flat_all_subnets = [item for sublist in get_config_network_segments_as_subnet_groups() for item in sublist]
create_or_add_findings_for_all_pairs(flat_all_subnets, current_monkey) create_or_add_findings_for_all_pairs(flat_all_subnets, current_monkey)

View File

@ -6,7 +6,7 @@ from monkey_island.cc.models.zero_trust.event import Event
from monkey_island.cc.models.zero_trust.finding import Finding from monkey_island.cc.models.zero_trust.finding import Finding
from monkey_island.cc.models.zero_trust.segmentation_finding import \ from monkey_island.cc.models.zero_trust.segmentation_finding import \
SegmentationFinding SegmentationFinding
from monkey_island.cc.services.telemetry.zero_trust_tests.segmentation import \ from monkey_island.cc.services.telemetry.zero_trust_checks.segmentation import \
create_or_add_findings_for_all_pairs create_or_add_findings_for_all_pairs
from monkey_island.cc.testing.IslandTestCase import IslandTestCase from monkey_island.cc.testing.IslandTestCase import IslandTestCase
@ -15,7 +15,7 @@ SECOND_SUBNET = "2.2.2.0/24"
THIRD_SUBNET = "3.3.3.3-3.3.3.200" THIRD_SUBNET = "3.3.3.3-3.3.3.200"
class TestSegmentationTests(IslandTestCase): class TestSegmentationChecks(IslandTestCase):
def test_create_findings_for_all_done_pairs(self): def test_create_findings_for_all_done_pairs(self):
self.fail_if_not_testing_env() self.fail_if_not_testing_env()
self.clean_finding_db() self.clean_finding_db()

View File

@ -1,13 +1,12 @@
import common.common_consts.zero_trust_consts as zero_trust_consts import common.common_consts.zero_trust_consts as zero_trust_consts
from monkey_island.cc.models import Monkey from monkey_island.cc.models import Monkey
from monkey_island.cc.models.zero_trust.aggregate_finding import (
AggregateFinding, add_malicious_activity_to_timeline)
from monkey_island.cc.models.zero_trust.event import Event from monkey_island.cc.models.zero_trust.event import Event
from monkey_island.cc.services.telemetry.processing.utils import \ from monkey_island.cc.services.telemetry.processing.utils import \
get_tunnel_host_ip_from_proxy_field get_tunnel_host_ip_from_proxy_field
from monkey_island.cc.services.zero_trust.monkey_finding_service import MonkeyFindingService
def test_tunneling_violation(tunnel_telemetry_json): def check_tunneling_violation(tunnel_telemetry_json):
if tunnel_telemetry_json['data']['proxy'] is not None: if tunnel_telemetry_json['data']['proxy'] is not None:
# Monkey is tunneling, create findings # Monkey is tunneling, create findings
tunnel_host_ip = get_tunnel_host_ip_from_proxy_field(tunnel_telemetry_json) tunnel_host_ip = get_tunnel_host_ip_from_proxy_field(tunnel_telemetry_json)
@ -20,10 +19,10 @@ def test_tunneling_violation(tunnel_telemetry_json):
timestamp=tunnel_telemetry_json['timestamp'] timestamp=tunnel_telemetry_json['timestamp']
)] )]
AggregateFinding.create_or_add_to_existing( MonkeyFindingService.create_or_add_to_existing(
test=zero_trust_consts.TEST_TUNNELING, test=zero_trust_consts.TEST_TUNNELING,
status=zero_trust_consts.STATUS_FAILED, status=zero_trust_consts.STATUS_FAILED,
events=tunneling_events events=tunneling_events
) )
add_malicious_activity_to_timeline(tunneling_events) MonkeyFindingService.add_malicious_activity_to_timeline(tunneling_events)