Make feature simpler

Change config value phrasing
2018-08-21 11:34:26 +03:00 · 2018-08-21 11:34:26 +03:00 · bafa0e42a0
parent d831769d1f
commit bafa0e42a0
4 changed files with 18 additions and 27 deletions
--- a/infection_monkey/config.py
+++ b/infection_monkey/config.py
@ -185,7 +185,7 @@ class Configuration(object):
    local_network_scan = True
    subnet_scan_list = ['', ]
-    inaccessible_subnet_groups = []
+    inaccessible_subnets = []
    blocked_ips = ['', ]
--- a/infection_monkey/network/network_scanner.py
+++ b/infection_monkey/network/network_scanner.py
@ -41,18 +41,18 @@ class NetworkScanner(object):
    def _get_inaccessible_subnets_ips(self):
        """
-        For each of the machine's IPs, checks if it's in one of the subnet groups specified in the
+        For each of the machine's IPs, checks if it's in one of the subnets specified in the
-        'inaccessible_subnet_groups' config value. If so, all other subnets in the same group shouldn't be accessible.
+        'inaccessible_subnets' config value. If so, all other subnets in the config value shouldn't be accessible.
        All these subnets are returned.
        :return: A list of subnets that shouldn't be accessible from the machine the monkey is running on.
        """
        subnets_to_scan = []
-        for subnet_group in WormConfiguration.inaccessible_subnet_groups:
+        if len(WormConfiguration.inaccessible_subnets) > 1:
-            for subnet_str in subnet_group:
+            for subnet_str in WormConfiguration.inaccessible_subnets:
                if NetworkScanner._is_any_ip_in_subnet([unicode(x) for x in self._ip_addresses], subnet_str):
                    # If machine has IPs from 2 different subnets in the same group, there's no point checking the other
                    # subnet.
-                    for other_subnet_str in subnet_group:
+                    for other_subnet_str in WormConfiguration.inaccessible_subnets:
                        if other_subnet_str == subnet_str:
                            continue
                        if not NetworkScanner._is_any_ip_in_subnet([unicode(x) for x in self._ip_addresses],
--- a/monkey_island/cc/services/config.py
+++ b/monkey_island/cc/services/config.py
@ -222,33 +222,24 @@ SCHEMA = {
                    "title": "Network Analysis",
                    "type": "object",
                    "properties": {
-                        "inaccessible_subnet_groups": {
+                        "inaccessible_subnets": {
-                            "title": "Inaccessible IP/subnet groups",
+                            "title": "Network segmentation testing",
                            "type": "array",
                            "uniqueItems": True,
                            "items": {
                                "type": "array",
                                "title": "Subnet group",
                            "items": {
                                "type": "string"
                            },
                                "minItems": 2,
                                "uniqueItems": True,
                                "description": "List of IPs/subnets."
                                               " Examples: \"192.168.0.1\", \"192.168.0.5-192.168.0.20\","
                                               " \"192.168.0.5/24\""
                            },
                            "default": [
                            ],
                            "description":
-                                "You can use this feature to test for network segmentation, by proving lists of"
+                                "Test for network segmentation by providing a list of"
-                                " IP/subnet groups that should not be accessible to each other. Each input group"
+                                " subnets that should NOT be accessible to each other."
-                                " consists of subnets that should not be accessible to each other. If the Monkey"
+                                " For example, given the following configuration:"
-                                " is inside of one of the subnets it will attempt to connect to machines in the"
+                                " '10.0.0.0/24, 11.0.0.2/32, 12.2.3.0/24'"
-                                " other subnet."
+                                " a Monkey running on 10.0.0.5 will try to access machines in the following"
-                                " Example, by providing input 192.168.1.0/24, 192.168.2.0/24, 192.168.3.1-192.168.3.10,"
+                                " subnets: 11.0.0.2/32, 12.2.3.0/24."
-                                " a Monkey with the IP address 192.168.2.5 will try to access machines inside"
+                                " An alert on successful connections will be shown in the report"
-                                " 192.168.1.0/24 or 192.168.3.1-192.168.3.10."
+                                " Additional subnet formats include: 13.0.0.1, 13.0.0.1-13.0.0.5"
                        }
                    }
                }
--- a/monkey_island/cc/services/report.py
+++ b/monkey_island/cc/services/report.py
@ -442,7 +442,7 @@ class ReportService:
        cross_segment_issues = []
        subnet_groups = ConfigService.get_config_value(
-            ['basic_network', 'network_analysis', 'inaccessible_subnet_groups'])
+            ['basic_network', 'network_analysis', 'inaccessible_subnets'])
        for subnet_group in subnet_groups:
            cross_segment_issues += ReportService.get_cross_segment_issues_per_subnet_group(scans, subnet_group)