Moved and renamed some services to improve directory structure of zero trust services

This commit is contained in:
VakarisZ 2021-01-15 15:08:49 +02:00
parent 85f4c4f250
commit 02a45c7449
75 changed files with 261 additions and 275 deletions

View File

@ -1,6 +1,6 @@
from mongoengine import DynamicField, EmbeddedDocument, IntField, ListField, StringField
from monkey_island.cc.services.zero_trust.scoutsuite.consts import rule_consts
from monkey_island.cc.services.zero_trust.scoutsuite_findings.consts import rule_consts
class ScoutSuiteRule(EmbeddedDocument):

View File

@ -6,7 +6,7 @@ from packaging import version
import common.common_consts.zero_trust_consts as zero_trust_consts
from monkey_island.cc.models.zero_trust.event import Event
from monkey_island.cc.models.zero_trust.finding import Finding
from monkey_island.cc.services.zero_trust.monkey_finding_service import MonkeyFindingService
from monkey_island.cc.services.zero_trust.monkey_findings.monkey_zt_finding_service import MonkeyZTFindingService
from monkey_island.cc.testing.IslandTestCase import IslandTestCase
@ -23,12 +23,12 @@ class TestAggregateFinding(IslandTestCase):
events = [Event.create_event("t", "t", zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK)]
self.assertEqual(len(Finding.objects(test=test, status=status)), 0)
MonkeyFindingService.create_or_add_to_existing(test, status, events)
MonkeyZTFindingService.create_or_add_to_existing(test, status, events)
self.assertEqual(len(Finding.objects(test=test, status=status)), 1)
self.assertEqual(len(Finding.objects(test=test, status=status)[0].events), 1)
MonkeyFindingService.create_or_add_to_existing(test, status, events)
MonkeyZTFindingService.create_or_add_to_existing(test, status, events)
self.assertEqual(len(Finding.objects(test=test, status=status)), 1)
self.assertEqual(len(Finding.objects(test=test, status=status)[0].events), 2)
@ -50,7 +50,7 @@ class TestAggregateFinding(IslandTestCase):
self.assertEqual(len(Finding.objects(test=test, status=status)), 1)
self.assertEqual(len(Finding.objects(test=test, status=status)[0].events), 1)
MonkeyFindingService.create_or_add_to_existing(test, status, events)
MonkeyZTFindingService.create_or_add_to_existing(test, status, events)
self.assertEqual(len(Finding.objects(test=test, status=status)), 1)
self.assertEqual(len(Finding.objects(test=test, status=status)[0].events), 2)
@ -60,4 +60,4 @@ class TestAggregateFinding(IslandTestCase):
self.assertEqual(len(Finding.objects(test=test, status=status)), 2)
with self.assertRaises(AssertionError):
MonkeyFindingService.create_or_add_to_existing(test, status, events)
MonkeyZTFindingService.create_or_add_to_existing(test, status, events)

View File

@ -3,11 +3,11 @@ import json
import flask_restful
from monkey_island.cc.resources.auth.auth import jwt_required
from monkey_island.cc.services.zero_trust.monkey_finding_service import MonkeyFindingService
from monkey_island.cc.services.zero_trust.monkey_findings.monkey_zt_finding_service import MonkeyZTFindingService
class ZeroTrustFindingEvent(flask_restful.Resource):
@jwt_required
def get(self, finding_id: str):
return {'events_json': json.dumps(MonkeyFindingService.get_events_by_finding(finding_id), default=str)}
return {'events_json': json.dumps(MonkeyZTFindingService.get_events_by_finding(finding_id), default=str)}

View File

@ -1,7 +1,7 @@
import flask_restful
from monkey_island.cc.resources.auth.auth import jwt_required
from monkey_island.cc.services.zero_trust.scoutsuite.scoutsuite_auth_service import get_aws_keys
from monkey_island.cc.services.zero_trust.scoutsuite_findings.scoutsuite_auth_service import get_aws_keys
class AWSKeys(flask_restful.Resource):

View File

@ -6,7 +6,7 @@ from flask import request
from common.cloud.scoutsuite_consts import CloudProviders
from common.utils.exceptions import InvalidAWSKeys
from monkey_island.cc.resources.auth.auth import jwt_required
from monkey_island.cc.services.zero_trust.scoutsuite.scoutsuite_auth_service import (is_cloud_authentication_setup,
from monkey_island.cc.services.zero_trust.scoutsuite_findings.scoutsuite_auth_service import (is_cloud_authentication_setup,
set_aws_keys)

View File

@ -2,10 +2,10 @@ import json
from monkey_island.cc.database import mongo
from monkey_island.cc.models.zero_trust.scoutsuite_data_json import ScoutSuiteDataJson
from monkey_island.cc.services.zero_trust.scoutsuite.consts.findings_list import SCOUTSUITE_FINDINGS
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_parser import RuleParser
from monkey_island.cc.services.zero_trust.scoutsuite.scoutsuite_finding_service import ScoutSuiteFindingService
from monkey_island.cc.services.zero_trust.scoutsuite.scoutsuite_rule_service import ScoutSuiteRuleService
from ...zero_trust.scoutsuite_findings.consts.findings_list import SCOUTSUITE_FINDINGS
from ...zero_trust.scoutsuite_findings.data_parsing.rule_parser import RuleParser
from ...zero_trust.scoutsuite_findings.scoutsuite_zt_finding_service import ScoutSuiteZTFindingService
from ...zero_trust.scoutsuite_findings.scoutsuite_rule_service import ScoutSuiteRuleService
def process_scoutsuite_telemetry(telemetry_json):
@ -22,7 +22,7 @@ def create_scoutsuite_findings(scoutsuite_data):
for rule in finding.rules:
rule_data = RuleParser.get_rule_data(scoutsuite_data, rule)
rule = ScoutSuiteRuleService.get_rule_from_rule_data(rule_data)
ScoutSuiteFindingService.process_rule(finding, rule)
ScoutSuiteZTFindingService.process_rule(finding, rule)
def update_data(telemetry_json):

View File

@ -4,7 +4,7 @@ import common.common_consts.zero_trust_consts as zero_trust_consts
from monkey_island.cc.models import Monkey
from monkey_island.cc.models.zero_trust.event import Event
from monkey_island.cc.services.telemetry.zero_trust_checks.known_anti_viruses import ANTI_VIRUS_KNOWN_PROCESS_NAMES
from monkey_island.cc.services.zero_trust.monkey_finding_service import MonkeyFindingService
from monkey_island.cc.services.zero_trust.monkey_findings.monkey_zt_finding_service import MonkeyZTFindingService
def check_antivirus_existence(process_list_json, monkey_guid):
@ -30,7 +30,7 @@ def check_antivirus_existence(process_list_json, monkey_guid):
test_status = zero_trust_consts.STATUS_PASSED
else:
test_status = zero_trust_consts.STATUS_FAILED
MonkeyFindingService.create_or_add_to_existing(test=zero_trust_consts.TEST_ENDPOINT_SECURITY_EXISTS,
MonkeyZTFindingService.create_or_add_to_existing(test=zero_trust_consts.TEST_ENDPOINT_SECURITY_EXISTS,
status=test_status, events=events)

View File

@ -1,6 +1,6 @@
import common.common_consts.zero_trust_consts as zero_trust_consts
from monkey_island.cc.models.zero_trust.event import Event
from monkey_island.cc.services.zero_trust.monkey_finding_service import MonkeyFindingService
from monkey_island.cc.services.zero_trust.monkey_findings.monkey_zt_finding_service import MonkeyZTFindingService
COMM_AS_NEW_USER_FAILED_FORMAT = "Monkey on {} couldn't communicate as new user. Details: {}"
COMM_AS_NEW_USER_SUCCEEDED_FORMAT = \
@ -8,8 +8,9 @@ COMM_AS_NEW_USER_SUCCEEDED_FORMAT = \
def check_new_user_communication(current_monkey, success, message):
MonkeyFindingService.create_or_add_to_existing(test=zero_trust_consts.TEST_COMMUNICATE_AS_NEW_USER,
status=zero_trust_consts.STATUS_FAILED if success else zero_trust_consts.STATUS_PASSED,
status = zero_trust_consts.STATUS_FAILED if success else zero_trust_consts.STATUS_PASSED
MonkeyZTFindingService.create_or_add_to_existing(test=zero_trust_consts.TEST_COMMUNICATE_AS_NEW_USER,
status=status,
events=[
get_attempt_event(current_monkey),
get_result_event(current_monkey, message, success)

View File

@ -4,7 +4,7 @@ import common.common_consts.zero_trust_consts as zero_trust_consts
from common.common_consts.network_consts import ES_SERVICE
from monkey_island.cc.models import Monkey
from monkey_island.cc.models.zero_trust.event import Event
from monkey_island.cc.services.zero_trust.monkey_finding_service import MonkeyFindingService
from monkey_island.cc.services.zero_trust.monkey_findings.monkey_zt_finding_service import MonkeyZTFindingService
HTTP_SERVERS_SERVICES_NAMES = ['tcp-80']
@ -55,10 +55,10 @@ def check_open_data_endpoints(telemetry_json):
event_type=zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK
))
MonkeyFindingService.create_or_add_to_existing(test=zero_trust_consts.TEST_DATA_ENDPOINT_HTTP,
MonkeyZTFindingService.create_or_add_to_existing(test=zero_trust_consts.TEST_DATA_ENDPOINT_HTTP,
status=found_http_server_status, events=events)
MonkeyFindingService.create_or_add_to_existing(test=zero_trust_consts.TEST_DATA_ENDPOINT_ELASTIC,
MonkeyZTFindingService.create_or_add_to_existing(test=zero_trust_consts.TEST_DATA_ENDPOINT_ELASTIC,
status=found_elastic_search_server, events=events)
MonkeyFindingService.add_malicious_activity_to_timeline(events)
MonkeyZTFindingService.add_malicious_activity_to_timeline(events)

View File

@ -1,6 +1,6 @@
import common.common_consts.zero_trust_consts as zero_trust_consts
from monkey_island.cc.models.zero_trust.event import Event
from monkey_island.cc.services.zero_trust.monkey_finding_service import MonkeyFindingService
from monkey_island.cc.services.zero_trust.monkey_findings.monkey_zt_finding_service import MonkeyZTFindingService
def check_machine_exploited(current_monkey, exploit_successful, exploiter, target_ip, timestamp):
@ -29,7 +29,7 @@ def check_machine_exploited(current_monkey, exploit_successful, exploiter, targe
)
status = zero_trust_consts.STATUS_FAILED
MonkeyFindingService.create_or_add_to_existing(test=zero_trust_consts.TEST_MACHINE_EXPLOITED, status=status,
MonkeyZTFindingService.create_or_add_to_existing(test=zero_trust_consts.TEST_MACHINE_EXPLOITED, status=status,
events=events)
MonkeyFindingService.add_malicious_activity_to_timeline(events)
MonkeyZTFindingService.add_malicious_activity_to_timeline(events)

View File

@ -6,7 +6,7 @@ from common.network.segmentation_utils import get_ip_if_in_subnet, get_ip_in_src
from monkey_island.cc.models import Monkey
from monkey_island.cc.models.zero_trust.event import Event
from monkey_island.cc.services.configuration.utils import get_config_network_segments_as_subnet_groups
from monkey_island.cc.services.zero_trust.monkey_finding_service import MonkeyFindingService
from monkey_island.cc.services.zero_trust.monkey_findings.monkey_zt_finding_service import MonkeyZTFindingService
SEGMENTATION_DONE_EVENT_TEXT = "Monkey on {hostname} is done attempting cross-segment communications " \
"from `{src_seg}` segments to `{dst_seg}` segments."
@ -26,7 +26,7 @@ def check_segmentation_violation(current_monkey, target_ip):
target_subnet = subnet_pair[1]
if is_segmentation_violation(current_monkey, target_ip, source_subnet, target_subnet):
event = get_segmentation_violation_event(current_monkey, source_subnet, target_ip, target_subnet)
MonkeyFindingService.create_or_add_to_existing(
MonkeyZTFindingService.create_or_add_to_existing(
test=zero_trust_consts.TEST_SEGMENTATION,
status=zero_trust_consts.STATUS_FAILED,
events=[event]
@ -90,7 +90,7 @@ def create_or_add_findings_for_all_pairs(all_subnets, current_monkey):
all_subnets_pairs_for_this_monkey = itertools.product(this_monkey_subnets, other_subnets)
for subnet_pair in all_subnets_pairs_for_this_monkey:
MonkeyFindingService.create_or_add_to_existing(
MonkeyZTFindingService.create_or_add_to_existing(
status=zero_trust_consts.STATUS_PASSED,
events=[get_segmentation_done_event(current_monkey, subnet_pair)],
test=zero_trust_consts.TEST_SEGMENTATION

View File

@ -5,7 +5,7 @@ from monkey_island.cc.models import Monkey
from monkey_island.cc.models.zero_trust.event import Event
from monkey_island.cc.models.zero_trust.finding import Finding
from monkey_island.cc.services.telemetry.zero_trust_checks.segmentation import create_or_add_findings_for_all_pairs
from monkey_island.cc.services.zero_trust.monkey_finding_service import MonkeyFindingService
from monkey_island.cc.services.zero_trust.monkey_findings.monkey_zt_finding_service import MonkeyZTFindingService
from monkey_island.cc.testing.IslandTestCase import IslandTestCase
FIRST_SUBNET = "1.1.1.1"
@ -37,7 +37,7 @@ class TestSegmentationChecks(IslandTestCase):
2)
# This is a monkey from 2nd subnet communicated with 1st subnet.
MonkeyFindingService.create_or_add_to_existing(
MonkeyZTFindingService.create_or_add_to_existing(
status=zero_trust_consts.STATUS_FAILED,
test=zero_trust_consts.TEST_SEGMENTATION,
events=[Event.create_event(title="sdf",

View File

@ -2,7 +2,7 @@ import common.common_consts.zero_trust_consts as zero_trust_consts
from monkey_island.cc.models import Monkey
from monkey_island.cc.models.zero_trust.event import Event
from monkey_island.cc.services.telemetry.processing.utils import get_tunnel_host_ip_from_proxy_field
from monkey_island.cc.services.zero_trust.monkey_finding_service import MonkeyFindingService
from monkey_island.cc.services.zero_trust.monkey_findings.monkey_zt_finding_service import MonkeyZTFindingService
def check_tunneling_violation(tunnel_telemetry_json):
@ -18,7 +18,7 @@ def check_tunneling_violation(tunnel_telemetry_json):
timestamp=tunnel_telemetry_json['timestamp']
)]
MonkeyFindingService.create_or_add_to_existing(test=zero_trust_consts.TEST_TUNNELING,
MonkeyZTFindingService.create_or_add_to_existing(test=zero_trust_consts.TEST_TUNNELING,
status=zero_trust_consts.STATUS_FAILED, events=tunneling_events)
MonkeyFindingService.add_malicious_activity_to_timeline(tunneling_events)
MonkeyZTFindingService.add_malicious_activity_to_timeline(tunneling_events)

View File

@ -9,7 +9,7 @@ from monkey_island.cc.models.zero_trust.monkey_finding_details import MonkeyFind
EVENT_FETCH_CNT = 50
class MonkeyDetailsService:
class MonkeyZTDetailsService:
@staticmethod
def fetch_details_for_display(finding_id: ObjectId) -> dict:
@ -21,7 +21,7 @@ class MonkeyDetailsService:
details = list(MonkeyFindingDetails.objects.aggregate(*pipeline))
if details:
details = details[0]
details['latest_events'] = MonkeyDetailsService._get_events_without_overlap(details['event_count'],
details['latest_events'] = MonkeyZTDetailsService._get_events_without_overlap(details['event_count'],
details['latest_events'])
return details

View File

@ -8,7 +8,7 @@ from monkey_island.cc.models.zero_trust.finding import Finding
from monkey_island.cc.models.zero_trust.monkey_finding_details import MonkeyFindingDetails
class MonkeyFindingService:
class MonkeyZTFindingService:
@staticmethod
def create_or_add_to_existing(test, status, events):
@ -23,10 +23,10 @@ class MonkeyFindingService:
assert (len(existing_findings) < 2), "More than one finding exists for {}:{}".format(test, status)
if len(existing_findings) == 0:
MonkeyFindingService.create_new_finding(test, status, events)
MonkeyZTFindingService.create_new_finding(test, status, events)
else:
# Now we know for sure this is the only one
MonkeyFindingService.add_events(existing_findings[0], events)
MonkeyZTFindingService.add_events(existing_findings[0], events)
@staticmethod
def create_new_finding(test: str, status: str, events: List[Event]):
@ -50,5 +50,5 @@ class MonkeyFindingService:
@staticmethod
def add_malicious_activity_to_timeline(events):
MonkeyFindingService.create_or_add_to_existing(test=zero_trust_consts.TEST_MALICIOUS_ACTIVITY_TIMELINE,
MonkeyZTFindingService.create_or_add_to_existing(test=zero_trust_consts.TEST_MALICIOUS_ACTIVITY_TIMELINE,
status=zero_trust_consts.STATUS_VERIFY, events=events)

View File

@ -1,8 +0,0 @@
from monkey_island.cc.services.zero_trust.scoutsuite.consts.findings import (DataLossPrevention, Logging,
PermissiveFirewallRules,
RestrictivePolicies,
SecureAuthentication, ServiceSecurity,
UnencryptedData)
SCOUTSUITE_FINDINGS = [PermissiveFirewallRules, UnencryptedData, DataLossPrevention, SecureAuthentication,
RestrictivePolicies, Logging, ServiceSecurity]

View File

@ -1,10 +0,0 @@
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.cloudformation_rules import CloudformationRules
from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import SERVICE_TYPES
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.abstract_rule_path_creator import \
AbstractRulePathCreator
class CloudformationRulePathCreator(AbstractRulePathCreator):
service_type = SERVICE_TYPES.CLOUDFORMATION
supported_rules = CloudformationRules

View File

@ -1,10 +0,0 @@
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.cloudtrail_rules import CloudTrailRules
from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import SERVICE_TYPES
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.abstract_rule_path_creator import \
AbstractRulePathCreator
class CloudTrailRulePathCreator(AbstractRulePathCreator):
service_type = SERVICE_TYPES.CLOUDTRAIL
supported_rules = CloudTrailRules

View File

@ -1,10 +0,0 @@
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.cloudwatch_rules import CloudWatchRules
from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import SERVICE_TYPES
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.abstract_rule_path_creator import \
AbstractRulePathCreator
class CloudWatchRulePathCreator(AbstractRulePathCreator):
service_type = SERVICE_TYPES.CLOUDWATCH
supported_rules = CloudWatchRules

View File

@ -1,10 +0,0 @@
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.config_rules import ConfigRules
from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import SERVICE_TYPES
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.abstract_rule_path_creator import \
AbstractRulePathCreator
class ConfigRulePathCreator(AbstractRulePathCreator):
service_type = SERVICE_TYPES.CONFIG
supported_rules = ConfigRules

View File

@ -1,10 +0,0 @@
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.ec2_rules import EC2Rules
from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import SERVICE_TYPES
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.abstract_rule_path_creator import \
AbstractRulePathCreator
class EC2RulePathCreator(AbstractRulePathCreator):
service_type = SERVICE_TYPES.EC2
supported_rules = EC2Rules

View File

@ -1,10 +0,0 @@
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.elb_rules import ELBRules
from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import SERVICE_TYPES
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.abstract_rule_path_creator import \
AbstractRulePathCreator
class ELBRulePathCreator(AbstractRulePathCreator):
service_type = SERVICE_TYPES.ELB
supported_rules = ELBRules

View File

@ -1,10 +0,0 @@
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.elbv2_rules import ELBv2Rules
from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import SERVICE_TYPES
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.abstract_rule_path_creator import \
AbstractRulePathCreator
class ELBv2RulePathCreator(AbstractRulePathCreator):
service_type = SERVICE_TYPES.ELB_V2
supported_rules = ELBv2Rules

View File

@ -1,10 +0,0 @@
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.iam_rules import IAMRules
from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import SERVICE_TYPES
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.abstract_rule_path_creator import \
AbstractRulePathCreator
class IAMRulePathCreator(AbstractRulePathCreator):
service_type = SERVICE_TYPES.IAM
supported_rules = IAMRules

View File

@ -1,10 +0,0 @@
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.rds_rules import RDSRules
from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import SERVICE_TYPES
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.abstract_rule_path_creator import \
AbstractRulePathCreator
class RDSRulePathCreator(AbstractRulePathCreator):
service_type = SERVICE_TYPES.RDS
supported_rules = RDSRules

View File

@ -1,10 +0,0 @@
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.redshift_rules import RedshiftRules
from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import SERVICE_TYPES
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.abstract_rule_path_creator import \
AbstractRulePathCreator
class RedshiftRulePathCreator(AbstractRulePathCreator):
service_type = SERVICE_TYPES.REDSHIFT
supported_rules = RedshiftRules

View File

@ -1,10 +0,0 @@
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.s3_rules import S3Rules
from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import SERVICE_TYPES
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.abstract_rule_path_creator import \
AbstractRulePathCreator
class S3RulePathCreator(AbstractRulePathCreator):
service_type = SERVICE_TYPES.S3
supported_rules = S3Rules

View File

@ -1,10 +0,0 @@
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.ses_rules import SESRules
from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import SERVICE_TYPES
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.abstract_rule_path_creator import \
AbstractRulePathCreator
class SESRulePathCreator(AbstractRulePathCreator):
service_type = SERVICE_TYPES.SES
supported_rules = SESRules

View File

@ -1,10 +0,0 @@
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.sns_rules import SNSRules
from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import SERVICE_TYPES
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.abstract_rule_path_creator import \
AbstractRulePathCreator
class SNSRulePathCreator(AbstractRulePathCreator):
service_type = SERVICE_TYPES.SNS
supported_rules = SNSRules

View File

@ -1,10 +0,0 @@
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.sqs_rules import SQSRules
from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import SERVICE_TYPES
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.abstract_rule_path_creator import \
AbstractRulePathCreator
class SQSRulePathCreator(AbstractRulePathCreator):
service_type = SERVICE_TYPES.SQS
supported_rules = SQSRules

View File

@ -1,10 +0,0 @@
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.vpc_rules import VPCRules
from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import SERVICE_TYPES
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.abstract_rule_path_creator import \
AbstractRulePathCreator
class VPCRulePathCreator(AbstractRulePathCreator):
service_type = SERVICE_TYPES.VPC
supported_rules = VPCRules

View File

@ -1,35 +0,0 @@
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.rule_path_creators.\
cloudformation_rule_path_creator import CloudformationRulePathCreator
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.rule_path_creators.\
cloudtrail_rule_path_creator import CloudTrailRulePathCreator
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.rule_path_creators.\
cloudwatch_rule_path_creator import CloudWatchRulePathCreator
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.rule_path_creators.\
config_rule_path_creator import ConfigRulePathCreator
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.rule_path_creators.\
ec2_rule_path_creator import EC2RulePathCreator
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.rule_path_creators.\
elb_rule_path_creator import ELBRulePathCreator
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.rule_path_creators.\
elbv2_rule_path_creator import ELBv2RulePathCreator
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.rule_path_creators.\
iam_rule_path_creator import IAMRulePathCreator
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.rule_path_creators.\
rds_rule_path_creator import RDSRulePathCreator
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.rule_path_creators.\
redshift_rule_path_creator import RedshiftRulePathCreator
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.rule_path_creators.\
s3_rule_path_creator import S3RulePathCreator
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.rule_path_creators.\
ses_rule_path_creator import SESRulePathCreator
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.rule_path_creators.\
sns_rule_path_creator import SNSRulePathCreator
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.rule_path_creators. \
sqs_rule_path_creator import SQSRulePathCreator
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.rule_path_creators. \
vpc_rule_path_creator import VPCRulePathCreator
RULE_PATH_CREATORS_LIST = [EC2RulePathCreator, ELBv2RulePathCreator, RDSRulePathCreator, RedshiftRulePathCreator,
S3RulePathCreator, IAMRulePathCreator, CloudTrailRulePathCreator, ELBRulePathCreator,
VPCRulePathCreator, CloudWatchRulePathCreator, SQSRulePathCreator, SNSRulePathCreator,
SESRulePathCreator, ConfigRulePathCreator, CloudformationRulePathCreator]

View File

@ -1,21 +1,21 @@
from abc import ABC, abstractmethod
from common.common_consts import zero_trust_consts
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.cloudformation_rules import CloudformationRules
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.cloudtrail_rules import CloudTrailRules
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.cloudwatch_rules import CloudWatchRules
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.config_rules import ConfigRules
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.ec2_rules import EC2Rules
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.elb_rules import ELBRules
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.elbv2_rules import ELBv2Rules
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.iam_rules import IAMRules
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.rds_rules import RDSRules
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.redshift_rules import RedshiftRules
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.s3_rules import S3Rules
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.ses_rules import SESRules
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.sns_rules import SNSRules
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.sqs_rules import SQSRules
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.vpc_rules import VPCRules
from .rule_names.cloudformation_rules import CloudformationRules
from .rule_names.cloudtrail_rules import CloudTrailRules
from .rule_names.cloudwatch_rules import CloudWatchRules
from .rule_names.config_rules import ConfigRules
from .rule_names.ec2_rules import EC2Rules
from .rule_names.elb_rules import ELBRules
from .rule_names.elbv2_rules import ELBv2Rules
from .rule_names.iam_rules import IAMRules
from .rule_names.rds_rules import RDSRules
from .rule_names.redshift_rules import RedshiftRules
from .rule_names.s3_rules import S3Rules
from .rule_names.ses_rules import SESRules
from .rule_names.sns_rules import SNSRules
from .rule_names.sqs_rules import SQSRules
from .rule_names.vpc_rules import VPCRules
class ScoutSuiteFinding(ABC):

View File

@ -0,0 +1,8 @@
from .findings import (DataLossPrevention, Logging,
PermissiveFirewallRules,
RestrictivePolicies,
SecureAuthentication, ServiceSecurity,
UnencryptedData)
SCOUTSUITE_FINDINGS = [PermissiveFirewallRules, UnencryptedData, DataLossPrevention, SecureAuthentication,
RestrictivePolicies, Logging, ServiceSecurity]

View File

@ -1,6 +1,6 @@
from common.utils.code_utils import get_dict_value_by_path
from common.utils.exceptions import RulePathCreatorNotFound
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.rule_path_creators_list import \
from monkey_island.cc.services.zero_trust.scoutsuite_findings.data_parsing.rule_path_building.rule_path_creators_list import \
RULE_PATH_CREATORS_LIST

View File

@ -1,7 +1,7 @@
from abc import ABC, abstractmethod
from typing import List
from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import FINDINGS, SERVICE_TYPES, SERVICES
from ...consts.service_consts import FINDINGS, SERVICE_TYPES, SERVICES
class AbstractRulePathCreator(ABC):

View File

@ -0,0 +1,9 @@
from ..abstract_rule_path_creator import AbstractRulePathCreator
from ....consts.rule_names.cloudformation_rules import CloudformationRules
from ....consts.service_consts import SERVICE_TYPES
class CloudformationRulePathCreator(AbstractRulePathCreator):
service_type = SERVICE_TYPES.CLOUDFORMATION
supported_rules = CloudformationRules

View File

@ -0,0 +1,9 @@
from ..abstract_rule_path_creator import AbstractRulePathCreator
from ....consts.rule_names.cloudtrail_rules import CloudTrailRules
from ....consts.service_consts import SERVICE_TYPES
class CloudTrailRulePathCreator(AbstractRulePathCreator):
service_type = SERVICE_TYPES.CLOUDTRAIL
supported_rules = CloudTrailRules

View File

@ -0,0 +1,9 @@
from ..abstract_rule_path_creator import AbstractRulePathCreator
from ....consts.rule_names.cloudwatch_rules import CloudWatchRules
from ....consts.service_consts import SERVICE_TYPES
class CloudWatchRulePathCreator(AbstractRulePathCreator):
service_type = SERVICE_TYPES.CLOUDWATCH
supported_rules = CloudWatchRules

View File

@ -0,0 +1,9 @@
from ..abstract_rule_path_creator import AbstractRulePathCreator
from ....consts.rule_names.config_rules import ConfigRules
from ....consts.service_consts import SERVICE_TYPES
class ConfigRulePathCreator(AbstractRulePathCreator):
service_type = SERVICE_TYPES.CONFIG
supported_rules = ConfigRules

View File

@ -0,0 +1,9 @@
from ..abstract_rule_path_creator import AbstractRulePathCreator
from ....consts.rule_names.ec2_rules import EC2Rules
from ....consts.service_consts import SERVICE_TYPES
class EC2RulePathCreator(AbstractRulePathCreator):
service_type = SERVICE_TYPES.EC2
supported_rules = EC2Rules

View File

@ -0,0 +1,9 @@
from ..abstract_rule_path_creator import AbstractRulePathCreator
from ....consts.rule_names.elb_rules import ELBRules
from ....consts.service_consts import SERVICE_TYPES
class ELBRulePathCreator(AbstractRulePathCreator):
service_type = SERVICE_TYPES.ELB
supported_rules = ELBRules

View File

@ -0,0 +1,9 @@
from ..abstract_rule_path_creator import AbstractRulePathCreator
from ....consts.rule_names.elbv2_rules import ELBv2Rules
from ....consts.service_consts import SERVICE_TYPES
class ELBv2RulePathCreator(AbstractRulePathCreator):
service_type = SERVICE_TYPES.ELB_V2
supported_rules = ELBv2Rules

View File

@ -0,0 +1,9 @@
from ..abstract_rule_path_creator import AbstractRulePathCreator
from ....consts.rule_names.iam_rules import IAMRules
from ....consts.service_consts import SERVICE_TYPES
class IAMRulePathCreator(AbstractRulePathCreator):
service_type = SERVICE_TYPES.IAM
supported_rules = IAMRules

View File

@ -0,0 +1,9 @@
from ..abstract_rule_path_creator import AbstractRulePathCreator
from ....consts.rule_names.rds_rules import RDSRules
from ....consts.service_consts import SERVICE_TYPES
class RDSRulePathCreator(AbstractRulePathCreator):
service_type = SERVICE_TYPES.RDS
supported_rules = RDSRules

View File

@ -0,0 +1,9 @@
from ..abstract_rule_path_creator import AbstractRulePathCreator
from ....consts.rule_names.redshift_rules import RedshiftRules
from ....consts.service_consts import SERVICE_TYPES
class RedshiftRulePathCreator(AbstractRulePathCreator):
service_type = SERVICE_TYPES.REDSHIFT
supported_rules = RedshiftRules

View File

@ -0,0 +1,9 @@
from ..abstract_rule_path_creator import AbstractRulePathCreator
from ....consts.rule_names.s3_rules import S3Rules
from ....consts.service_consts import SERVICE_TYPES
class S3RulePathCreator(AbstractRulePathCreator):
service_type = SERVICE_TYPES.S3
supported_rules = S3Rules

View File

@ -0,0 +1,9 @@
from ..abstract_rule_path_creator import AbstractRulePathCreator
from ....consts.rule_names.ses_rules import SESRules
from ....consts.service_consts import SERVICE_TYPES
class SESRulePathCreator(AbstractRulePathCreator):
service_type = SERVICE_TYPES.SES
supported_rules = SESRules

View File

@ -0,0 +1,9 @@
from ..abstract_rule_path_creator import AbstractRulePathCreator
from ....consts.rule_names.sns_rules import SNSRules
from ....consts.service_consts import SERVICE_TYPES
class SNSRulePathCreator(AbstractRulePathCreator):
service_type = SERVICE_TYPES.SNS
supported_rules = SNSRules

View File

@ -0,0 +1,9 @@
from ..abstract_rule_path_creator import AbstractRulePathCreator
from ....consts.rule_names.sqs_rules import SQSRules
from ....consts.service_consts import SERVICE_TYPES
class SQSRulePathCreator(AbstractRulePathCreator):
service_type = SERVICE_TYPES.SQS
supported_rules = SQSRules

View File

@ -0,0 +1,9 @@
from ..abstract_rule_path_creator import AbstractRulePathCreator
from ....consts.rule_names.vpc_rules import VPCRules
from ....consts.service_consts import SERVICE_TYPES
class VPCRulePathCreator(AbstractRulePathCreator):
service_type = SERVICE_TYPES.VPC
supported_rules = VPCRules

View File

@ -0,0 +1,35 @@
from monkey_island.cc.services.zero_trust.scoutsuite_findings.data_parsing.rule_path_building.rule_path_creators.\
cloudformation_rule_path_creator import CloudformationRulePathCreator
from monkey_island.cc.services.zero_trust.scoutsuite_findings.data_parsing.rule_path_building.rule_path_creators.\
cloudtrail_rule_path_creator import CloudTrailRulePathCreator
from monkey_island.cc.services.zero_trust.scoutsuite_findings.data_parsing.rule_path_building.rule_path_creators.\
cloudwatch_rule_path_creator import CloudWatchRulePathCreator
from monkey_island.cc.services.zero_trust.scoutsuite_findings.data_parsing.rule_path_building.rule_path_creators.\
config_rule_path_creator import ConfigRulePathCreator
from monkey_island.cc.services.zero_trust.scoutsuite_findings.data_parsing.rule_path_building.rule_path_creators.\
ec2_rule_path_creator import EC2RulePathCreator
from monkey_island.cc.services.zero_trust.scoutsuite_findings.data_parsing.rule_path_building.rule_path_creators.\
elb_rule_path_creator import ELBRulePathCreator
from monkey_island.cc.services.zero_trust.scoutsuite_findings.data_parsing.rule_path_building.rule_path_creators.\
elbv2_rule_path_creator import ELBv2RulePathCreator
from monkey_island.cc.services.zero_trust.scoutsuite_findings.data_parsing.rule_path_building.rule_path_creators.\
iam_rule_path_creator import IAMRulePathCreator
from monkey_island.cc.services.zero_trust.scoutsuite_findings.data_parsing.rule_path_building.rule_path_creators.\
rds_rule_path_creator import RDSRulePathCreator
from monkey_island.cc.services.zero_trust.scoutsuite_findings.data_parsing.rule_path_building.rule_path_creators.\
redshift_rule_path_creator import RedshiftRulePathCreator
from monkey_island.cc.services.zero_trust.scoutsuite_findings.data_parsing.rule_path_building.rule_path_creators.\
s3_rule_path_creator import S3RulePathCreator
from monkey_island.cc.services.zero_trust.scoutsuite_findings.data_parsing.rule_path_building.rule_path_creators.\
ses_rule_path_creator import SESRulePathCreator
from monkey_island.cc.services.zero_trust.scoutsuite_findings.data_parsing.rule_path_building.rule_path_creators.\
sns_rule_path_creator import SNSRulePathCreator
from monkey_island.cc.services.zero_trust.scoutsuite_findings.data_parsing.rule_path_building.rule_path_creators. \
sqs_rule_path_creator import SQSRulePathCreator
from monkey_island.cc.services.zero_trust.scoutsuite_findings.data_parsing.rule_path_building.rule_path_creators. \
vpc_rule_path_creator import VPCRulePathCreator
RULE_PATH_CREATORS_LIST = [EC2RulePathCreator, ELBv2RulePathCreator, RDSRulePathCreator, RedshiftRulePathCreator,
S3RulePathCreator, IAMRulePathCreator, CloudTrailRulePathCreator, ELBRulePathCreator,
VPCRulePathCreator, CloudWatchRulePathCreator, SQSRulePathCreator, SNSRulePathCreator,
SESRulePathCreator, ConfigRulePathCreator, CloudformationRulePathCreator]

View File

@ -1,5 +1,5 @@
from monkey_island.cc.models.zero_trust.scoutsuite_rule import ScoutSuiteRule
from monkey_island.cc.services.zero_trust.scoutsuite.consts import rule_consts
from monkey_island.cc.services.zero_trust.scoutsuite_findings.consts import rule_consts
class ScoutSuiteRuleService:

View File

@ -4,11 +4,11 @@ from common.common_consts import zero_trust_consts
from monkey_island.cc.models.zero_trust.finding import Finding
from monkey_island.cc.models.zero_trust.scoutsuite_finding_details import ScoutSuiteFindingDetails
from monkey_island.cc.models.zero_trust.scoutsuite_rule import ScoutSuiteRule
from monkey_island.cc.services.zero_trust.scoutsuite.consts.findings import ScoutSuiteFinding
from monkey_island.cc.services.zero_trust.scoutsuite.scoutsuite_rule_service import ScoutSuiteRuleService
from monkey_island.cc.services.zero_trust.scoutsuite_findings.consts.findings import ScoutSuiteFinding
from monkey_island.cc.services.zero_trust.scoutsuite_findings.scoutsuite_rule_service import ScoutSuiteRuleService
class ScoutSuiteFindingService:
class ScoutSuiteZTFindingService:
@staticmethod
def process_rule(finding: ScoutSuiteFinding, rule: ScoutSuiteRule):
@ -16,16 +16,16 @@ class ScoutSuiteFindingService:
assert (len(existing_findings) < 2), "More than one finding exists for {}".format(finding.test)
if len(existing_findings) == 0:
ScoutSuiteFindingService.create_new_finding_from_rule(finding, rule)
ScoutSuiteZTFindingService.create_new_finding_from_rule(finding, rule)
else:
ScoutSuiteFindingService.add_rule(existing_findings[0], rule)
ScoutSuiteZTFindingService.add_rule(existing_findings[0], rule)
@staticmethod
def create_new_finding_from_rule(finding: ScoutSuiteFinding, rule: ScoutSuiteRule):
details = ScoutSuiteFindingDetails()
details.scoutsuite_rules = [rule]
details.save()
status = ScoutSuiteFindingService.get_finding_status_from_rules(details.scoutsuite_rules)
status = ScoutSuiteZTFindingService.get_finding_status_from_rules(details.scoutsuite_rules)
Finding.save_finding(finding.test, status, details)
@staticmethod
@ -41,15 +41,15 @@ class ScoutSuiteFindingService:
@staticmethod
def add_rule(finding: Finding, rule: ScoutSuiteRule):
ScoutSuiteFindingService.change_finding_status_by_rule(finding, rule)
ScoutSuiteZTFindingService.change_finding_status_by_rule(finding, rule)
finding.save()
finding.details.fetch().add_rule(rule)
@staticmethod
def change_finding_status_by_rule(finding: Finding, rule: ScoutSuiteRule):
rule_status = ScoutSuiteFindingService.get_finding_status_from_rules([rule])
rule_status = ScoutSuiteZTFindingService.get_finding_status_from_rules([rule])
finding_status = finding.status
new_finding_status = ScoutSuiteFindingService.get_finding_status_from_rule_status(finding_status, rule_status)
new_finding_status = ScoutSuiteZTFindingService.get_finding_status_from_rule_status(finding_status, rule_status)
if finding_status != new_finding_status:
finding.status = new_finding_status

View File

@ -3,28 +3,28 @@ from typing import List
from common.common_consts import zero_trust_consts
from common.utils.exceptions import UnknownFindingError
from monkey_island.cc.models.zero_trust.finding import Finding
from monkey_island.cc.services.zero_trust.monkey_details_service import MonkeyDetailsService
from monkey_island.cc.services.zero_trust.monkey_findings.monkey_zt_details_service import MonkeyZTDetailsService
class FindingService:
class ZeroTrustFindingService:
@staticmethod
def get_all_findings() -> List[Finding]:
findings = list(Finding.objects)
for i in range(len(findings)):
if findings[i].finding_type == zero_trust_consts.MONKEY_FINDING:
details = MonkeyDetailsService.fetch_details_for_display(findings[i].details.id)
details = MonkeyZTDetailsService.fetch_details_for_display(findings[i].details.id)
elif findings[i].finding_type == zero_trust_consts.SCOUTSUITE_FINDING:
details = findings[i].details.fetch().to_mongo()
else:
raise UnknownFindingError(f"Unknown finding type {findings[i].finding_type}")
findings[i] = findings[i].to_mongo()
findings[i] = FindingService._get_enriched_finding(findings[i])
findings[i] = ZeroTrustFindingService._get_enriched_finding(findings[i])
findings[i]['details'] = details
return findings
@staticmethod
def _get_enriched_finding(finding):
def _get_enriched_finding(finding: Finding) -> dict:
test_info = zero_trust_consts.TESTS_MAP[finding['test']]
enriched_finding = {
'finding_id': str(finding['_id']),