Merge pull request #2356 from guardicore/2299-local-network-scan-ui-tooltip

Info box in UI for Scan Agent's networks
2022-09-28 15:41:09 -04:00 · 2022-09-28 15:41:09 -04:00 · 83f0ebfda4
parent 1b4f72e5e3 e8449817ad
commit 83f0ebfda4
5 changed files with 72 additions and 51 deletions
--- a/monkey/common/agent_configuration/default_agent_configuration.py
+++ b/monkey/common/agent_configuration/default_agent_configuration.py
@ -78,7 +78,7 @@ FINGERPRINTERS = (
 )

 SCAN_TARGET_CONFIGURATION = ScanTargetConfiguration(
-    blocked_ips=tuple(), inaccessible_subnets=tuple(), scan_my_networks=True, subnets=tuple()
+    blocked_ips=tuple(), inaccessible_subnets=tuple(), scan_my_networks=False, subnets=tuple()
 )
 NETWORK_SCAN_CONFIGURATION = NetworkScanConfiguration(
    tcp=TCP_SCAN_CONFIGURATION,
--- a/monkey/monkey_island/cc/ui/src/components/configuration-components/UiSchema.js
+++ b/monkey/monkey_island/cc/ui/src/components/configuration-components/UiSchema.js
@ -1,6 +1,7 @@
 import AdvancedMultiSelect from '../ui-components/AdvancedMultiSelect';
 import InfoBox from './InfoBox';
 import TextBox from './TextBox.js';
+import WarningBox from './WarningBox';
 import PbaInput from './PbaInput';
 import { API_PBA_LINUX, API_PBA_WINDOWS } from '../pages/ConfigurePage';
 import SensitiveTextInput from '../ui-components/SensitiveTextInput';
@ -60,9 +61,6 @@ export default function UiSchema(props) {
      },
      network_scan: {
        targets: {
-          info_box: {
-            'ui:field': InfoBox
-          },
          blocked_ips: {
            items: {
              classNames: 'config-template-no-header'
@ -73,6 +71,9 @@ export default function UiSchema(props) {
              classNames: 'config-template-no-header'
            }
          },
+          info_box_scan_my_networks: {
+            'ui:field': WarningBox
+          },
          subnets: {
            items: {
              classNames: 'config-template-no-header'
--- a/monkey/monkey_island/cc/ui/src/components/configuration-components/WarningBox.js
+++ b/monkey/monkey_island/cc/ui/src/components/configuration-components/WarningBox.js
@ -0,0 +1,17 @@
+import * as React from 'react';
+import { FontAwesomeIcon } from '@fortawesome/react-fontawesome';
+import { faExclamationTriangle } from '@fortawesome/free-solid-svg-icons/faExclamationTriangle';
+
+class WarningBox extends React.Component {
+
+  render() {
+    return (
+      <div className='alert alert-warning'>
+        <FontAwesomeIcon icon={faExclamationTriangle} style={{ 'marginRight': '5px' }} />
+        {this.props.schema.info}
+      </div>
+    );
+  }
+}
+
+export default WarningBox;
--- a/monkey/monkey_island/cc/ui/src/services/configuration/propagation/scanTarget.js
+++ b/monkey/monkey_island/cc/ui/src/services/configuration/propagation/scanTarget.js
@ -1,12 +1,10 @@
 const SCAN_TARGET_CONFIGURATION_SCHEMA = {
  'title': 'Network',
  'type': 'object',
+  'description': 'If "Scan Agent\'s networks" is checked, the Monkey scans for machines on each ' +
+    'of the network interfaces of the machine it is running on.\nAdditionally, the Monkey scans ' +
+    'machines according to "Scan target list" and skips machines in "Blocked IPs".',
  'properties': {
-    'info_box': {
-      'info': 'The Monkey scans for machines on each of the network interfaces of the ' +
-        'machine it is running on if "Scan Agent\'s networks" is checked. ' +
-        'Additionally, the Monkey scans machines according to "Scan target list". '
-    },
    'blocked_ips': {
      'title': 'Blocked IPs',
      'type': 'array',
@ -18,6 +16,33 @@ const SCAN_TARGET_CONFIGURATION_SCHEMA = {
      'default': [],
      'description': 'List of IPs that the monkey will not scan.'
    },
+    'info_box_scan_my_networks': {
+      'info': 'If the agent runs on a machine that has a publicly-facing network interface, ' +
+        'this setting could cause scanning and exploitation of systems outside your organization.'
+    },
+    'scan_my_networks': {
+      'title': 'Scan Agent\'s networks',
+      'type': 'boolean',
+      'default': false
+    },
+    'subnets': {
+      'title': 'Scan target list',
+      'type': 'array',
+      'uniqueItems': true,
+      'items': {
+        'type': 'string',
+        'format': 'ip-range'
+      },
+      'default': [],
+      'description': 'List of targets the Monkey will try to scan. Targets can be ' +
+        'IPs, subnets or hosts. ' +
+        'Examples:\n' +
+        '\tTarget a specific IP: "192.168.0.1"\n' +
+        '\tTarget a subnet using a network range: ' +
+        '"192.168.0.5-192.168.0.20"\n' +
+        '\tTarget a subnet using an IP mask: "192.168.0.5/24"\n' +
+        '\tTarget a specific host: "printer.example"'
+    },
    'inaccessible_subnets': {
      'title': 'Network segmentation testing',
      'type': 'array',
@ -40,36 +65,7 @@ const SCAN_TARGET_CONFIGURATION_SCHEMA = {
        '"192.168.0.5-192.168.0.20"\n' +
        '\tDefine a segment using an subnet IP mask: "192.168.0.5/24"\n' +
        '\tDefine a single-host segment: "printer.example"'
-    },
-    'scan_my_networks': {
-      'title': 'Scan Agent\'s networks',
-      'type': 'boolean',
-      'default': false,
-      'description': 'If enabled, the Agent will go over all network interfaces and ' +
-        'will scan their networks,' +
-        ' in addition to the IPs that are configured manually in the "Scan target list". ' +
-        'Note: If the Agent runs on a machine within a public network,' +
-        ' this setting will cause scanning and exploitation attempts on that network.'
-    },
-    'subnets': {
-      'title': 'Scan target list',
-      'type': 'array',
-      'uniqueItems': true,
-      'items': {
-        'type': 'string',
-        'format': 'ip-range'
-      },
-      'default': [],
-      'description': 'List of targets the Monkey will try to scan. Targets can be ' +
-        'IPs, subnets or hosts. ' +
-        'Examples:\n' +
-        '\tTarget a specific IP: "192.168.0.1"\n' +
-        '\tTarget a subnet using a network range: ' +
-        '"192.168.0.5-192.168.0.20"\n' +
-        '\tTarget a subnet using an IP mask: "192.168.0.5/24"\n' +
-        '\tTarget a specific host: "printer.example"'
    }
-
  }
 }
 export default SCAN_TARGET_CONFIGURATION_SCHEMA;
--- a/monkey/monkey_island/cc/ui/src/styles/pages/ConfigurationPage.scss
+++ b/monkey/monkey_island/cc/ui/src/styles/pages/ConfigurationPage.scss
@ -1,25 +1,26 @@
-.config-nav > li > a{
+.config-nav>li>a {
  height: 50px !important;
 }

-.config-nav .nav-link.tab-primary{
+.config-nav .nav-link.tab-primary {
  color: $monkey-alt;
  font-weight: bold;
 }

-.config-nav .nav-item > a{
+.config-nav .nav-item>a {
  color: $black;
  padding: 15px 10px 15px 10px;
 }

-.config-nav .nav-item > a.active{
+.config-nav .nav-item>a.active {
  font-weight: bold;
  color: $black;
 }

-.config-nav .nav-item > a:hover:not(.active),  .config-nav .nav-item > a:focus:not(.active){
-    text-decoration: none;
-    background-color: $light-gray;
+.config-nav .nav-item>a:hover:not(.active),
+.config-nav .nav-item>a:focus:not(.active) {
+  text-decoration: none;
+  background-color: $light-gray;
 }

 .config-form legend {
@ -35,15 +36,15 @@
  display: none;
 }

-.config-template-no-header > p {
+.config-template-no-header>p {
  display: none;
 }

-.config-template-no-header > label {
+.config-template-no-header>label {
  display: none;
 }

-.config-form .form-group.field > label {
+.config-form .form-group.field>label {
  margin-top: 10px;
  margin-bottom: 5px;
  font-size: 1.2em;
@ -54,7 +55,13 @@
 }

 .warning-icon {
-    text-transform: uppercase;
-    color: #FFC107;
-    margin-left: .75em;
+  text-transform: uppercase;
+  color: #FFC107;
+  margin-left: .75em;
+}
+
+.alert-info .warning-icon {
+  text-transform: uppercase;
+  color: #FFC107;
+  margin-right: .5em;
 }