From a91e65e49a061c62e6f26961bf59e38ea071133b Mon Sep 17 00:00:00 2001
From: Shreya <shreya.malviya@gmail.com>
Date: Mon, 22 Jun 2020 14:25:36 +0530
Subject: [PATCH] Use mongo search for report data

---
 .../attack/technique_reports/T1158.py         | 31 +++++++++----------
 1 file changed, 15 insertions(+), 16 deletions(-)

diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1158.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1158.py
index f3615c2ff..a90ee6e1f 100644
--- a/monkey/monkey_island/cc/services/attack/technique_reports/T1158.py
+++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1158.py
@@ -1,5 +1,5 @@
 from monkey_island.cc.services.attack.technique_reports import AttackTechnique
-from monkey_island.cc.services.reporting.report import ReportService
+from monkey_island.cc.database import mongo
 from common.utils.attack_utils import ScanStatus
 from common.data.post_breach_consts import POST_BREACH_HIDDEN_FILES
 
@@ -13,26 +13,25 @@ class T1158(AttackTechnique):
     scanned_msg = "Monkey tried creating hidden files and folders on the system but failed."
     used_msg = "Monkey created hidden files and folders on the system."
 
+    query = [{'$match': {'telem_category': 'post_breach',
+                         'data.name': POST_BREACH_HIDDEN_FILES}},
+             {'$project': {'_id': 0,
+                           'machine': {'hostname': '$data.hostname',
+                                       'ips': ['$data.ip']},
+                           'result': '$data.result'}}]
+
     @staticmethod
     def get_report_data():
         data = {'title': T1158.technique_title(), 'info': []}
 
-        scanned_nodes = ReportService.get_scanned()
-        status = []
+        hidden_file_info = list(mongo.db.telemetry.aggregate(T1158.query))
 
-        for node in scanned_nodes:
-            if node['pba_results'] != 'None':
-                for pba in node['pba_results']:
-                    if pba['name'] == POST_BREACH_HIDDEN_FILES:
-                        status.append(pba['result'][1])
-                        data['info'].append({
-                                'machine': {
-                                    'hostname': pba['hostname'],
-                                    'ips': node['ip_addresses']
-                                },
-                                'result': pba['result'][0]
-                            })
+        status = []
+        for pba_node in hidden_file_info:
+            status.append(pba_node['result'][1])
         status = (ScanStatus.USED.value if any(status) else ScanStatus.SCANNED.value)\
-            if status else ScanStatus.UNSCANNEDvalue
+            if status else ScanStatus.UNSCANNED.value
+
         data.update(T1158.get_base_data_by_status(status))
+        data.update({'info': hidden_file_info})
         return data