p34709852
/
monkey
forked from p15670423/monkey
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

Separated zero trust and security report resources

This commit is contained in:
VakarisZ 2021-01-15 15:10:07 +02:00
parent 02a45c7449
commit 3a9aa3191f
6 changed files with 60 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
monkey/monkey_island/cc/app.py
View File

@ -7,6 +7,7 @@ from werkzeug.exceptions import NotFound
import monkey_island.cc.environment.environment_singleton as env_singleton
from common.common_consts.api_url_consts import T1216_PBA_FILE_DOWNLOAD_PATH
from monkey_island.cc.resources.zero_trust.zero_trust_report import ZeroTrustReport
from monkey_island.cc.server_utils.consts import MONKEY_ISLAND_ABS_PATH
from monkey_island.cc.server_utils.custom_json_encoder import CustomJSONEncoder
from monkey_island.cc.database import database, mongo
@ -33,7 +34,7 @@ from monkey_island.cc.resources.node_states import NodeStates
from monkey_island.cc.resources.pba_file_download import PBAFileDownload
from monkey_island.cc.resources.pba_file_upload import FileUpload
from monkey_island.cc.resources.remote_run import RemoteRun
from monkey_island.cc.resources.reporting.report import Report
from monkey_island.cc.resources.security_report import SecurityReport
from monkey_island.cc.resources.root import Root
from monkey_island.cc.resources.T1216_pba_file_download import T1216PBAFileDownload
from monkey_island.cc.resources.telemetry import Telemetry
@ -123,13 +124,11 @@ def init_api_resources(api):
api.add_resource(Node, '/api/netmap/node', '/api/netmap/node/')
api.add_resource(NodeStates, '/api/netmap/nodeStates')
# report_type: zero_trust or security
api.add_resource(
Report,
'/api/report/<string:report_type>',
'/api/report/<string:report_type>/<string:report_data>')
api.add_resource(ZeroTrustFindingEvent, '/api/zero-trust/finding-event/<string:finding_id>')
api.add_resource(SecurityReport, '/api/report/security')
api.add_resource(ZeroTrustReport, '/api/report/zero-trust/<string:report_data>')
api.add_resource(AttackReport, '/api/report/attack')
api.add_resource(ZeroTrustFindingEvent, '/api/zero-trust/finding-event/<string:finding_id>')
api.add_resource(TelemetryFeed, '/api/telemetry-feed', '/api/telemetry-feed/')
api.add_resource(Log, '/api/log', '/api/log/')
api.add_resource(IslandLog, '/api/log/island/download', '/api/log/island/download/')
@ -140,7 +139,6 @@ def init_api_resources(api):
'/api/fileUpload/<string:file_type>?restore=<string:filename>')
api.add_resource(RemoteRun, '/api/remote-monkey', '/api/remote-monkey/')
api.add_resource(AttackConfiguration, '/api/attack')
api.add_resource(AttackReport, '/api/attack/report')
api.add_resource(VersionUpdate, '/api/version-update', '/api/version-update/')
api.add_resource(RemotePortCheck, '/api/monkey_control/check_remote_port/<string:port>')
api.add_resource(StartedOnIsland, '/api/monkey_control/started_on_island')

0
monkey/monkey_island/cc/resources/reporting/__init__.py
View File

48
monkey/monkey_island/cc/resources/reporting/report.py
View File

@ -1,48 +0,0 @@
import http.client
import flask_restful
from flask import Response, jsonify
from monkey_island.cc.models.zero_trust.scoutsuite_data_json import ScoutSuiteDataJson
from monkey_island.cc.resources.auth.auth import jwt_required
from monkey_island.cc.services.reporting.report import ReportService
from monkey_island.cc.services.zero_trust.finding_service import FindingService
from monkey_island.cc.services.zero_trust.zero_trust_service import ZeroTrustService
ZERO_TRUST_REPORT_TYPE = "zero_trust"
SECURITY_REPORT_TYPE = "security"
REPORT_TYPES = [SECURITY_REPORT_TYPE, ZERO_TRUST_REPORT_TYPE]
REPORT_DATA_PILLARS = "pillars"
REPORT_DATA_FINDINGS = "findings"
REPORT_DATA_PRINCIPLES_STATUS = "principles"
REPORT_DATA_SCOUTSUITE = "scoutsuite"
__author__ = ["itay.mizeretz", "shay.nehmad"]
class Report(flask_restful.Resource):
@jwt_required
def get(self, report_type=SECURITY_REPORT_TYPE, report_data=None):
if report_type == SECURITY_REPORT_TYPE:
return ReportService.get_report()
elif report_type == ZERO_TRUST_REPORT_TYPE:
if report_data == REPORT_DATA_PILLARS:
return jsonify({
"statusesToPillars": ZeroTrustService.get_statuses_to_pillars(),
"pillarsToStatuses": ZeroTrustService.get_pillars_to_statuses(),
"grades": ZeroTrustService.get_pillars_grades()
})
elif report_data == REPORT_DATA_PRINCIPLES_STATUS:
return jsonify(ZeroTrustService.get_principles_status())
elif report_data == REPORT_DATA_FINDINGS:
return jsonify(FindingService.get_all_findings())
elif report_data == REPORT_DATA_SCOUTSUITE:
try:
data = ScoutSuiteDataJson.objects.get().scoutsuite_data
except Exception:
data = "{}"
return Response(data, mimetype='application/json')
flask_restful.abort(http.client.NOT_FOUND)

11
monkey/monkey_island/cc/resources/security_report.py Normal file
View File

@ -0,0 +1,11 @@
import flask_restful
from monkey_island.cc.resources.auth.auth import jwt_required
from monkey_island.cc.services.reporting.report import ReportService
class SecurityReport(flask_restful.Resource):
@jwt_required
def get(self):
return ReportService.get_report()

38
monkey/monkey_island/cc/resources/zero_trust/zero_trust_report.py Normal file
View File

@ -0,0 +1,38 @@
import http.client
import flask_restful
from flask import Response, jsonify
from monkey_island.cc.models.zero_trust.scoutsuite_data_json import ScoutSuiteDataJson
from monkey_island.cc.resources.auth.auth import jwt_required
from monkey_island.cc.services.zero_trust.zero_trust_finding_service import ZeroTrustFindingService
from monkey_island.cc.services.zero_trust.zero_trust_service import ZeroTrustService
REPORT_DATA_PILLARS = "pillars"
REPORT_DATA_FINDINGS = "findings"
REPORT_DATA_PRINCIPLES_STATUS = "principles"
REPORT_DATA_SCOUTSUITE = "scoutsuite"
class ZeroTrustReport(flask_restful.Resource):
@jwt_required
def get(self, report_data=None):
if report_data == REPORT_DATA_PILLARS:
return jsonify({
"statusesToPillars": ZeroTrustService.get_statuses_to_pillars(),
"pillarsToStatuses": ZeroTrustService.get_pillars_to_statuses(),
"grades": ZeroTrustService.get_pillars_grades()
})
elif report_data == REPORT_DATA_PRINCIPLES_STATUS:
return jsonify(ZeroTrustService.get_principles_status())
elif report_data == REPORT_DATA_FINDINGS:
return jsonify(ZeroTrustFindingService.get_all_findings())
elif report_data == REPORT_DATA_SCOUTSUITE:
try:
data = ScoutSuiteDataJson.objects.get().scoutsuite_data
except Exception:
data = "{}"
return Response(data, mimetype='application/json')
flask_restful.abort(http.client.NOT_FOUND)

10
monkey/monkey_island/cc/ui/src/components/pages/ReportPage.js
View File

@ -46,7 +46,7 @@ class ReportPageComponent extends AuthComponent {
securityReport: res
});
});
this.authFetch('/api/attack/report')
this.authFetch('/api/report/attack')
.then(res => res.json())
.then(res => {
this.setState({
@ -61,22 +61,22 @@ class ReportPageComponent extends AuthComponent {
getZeroTrustReportFromServer = async () => {
let ztReport = {findings: {}, principles: {}, pillars: {}, scoutsuite_data: {}};
await this.authFetch('/api/report/zero_trust/findings')
await this.authFetch('/api/report/zero-trust/findings')
.then(res => res.json())
.then(res => {
ztReport.findings = res;
});
await this.authFetch('/api/report/zero_trust/principles')
await this.authFetch('/api/report/zero-trust/principles')
.then(res => res.json())
.then(res => {
ztReport.principles = res;
});
await this.authFetch('/api/report/zero_trust/pillars')
await this.authFetch('/api/report/zero-trust/pillars')
.then(res => res.json())
.then(res => {
ztReport.pillars = res;
});
await this.authFetch('/api/report/zero_trust/scoutsuite')
await this.authFetch('/api/report/zero-trust/scoutsuite')
.then(res => res.json())
.then(res => {
ztReport.scoutsuite_data = res;