From d534c64a3fcec310b1f806cfcaefeaa4b91f45b5 Mon Sep 17 00:00:00 2001 From: Shreya Malviya Date: Thu, 14 Jul 2022 14:25:01 +0530 Subject: [PATCH] Island: Use agent configuration in remaining ZT segmentation check function to get inaccessible subnets --- .../cc/services/telemetry/processing/scan.py | 2 +- .../services/telemetry/zero_trust_checks/segmentation.py | 9 ++++----- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/monkey/monkey_island/cc/services/telemetry/processing/scan.py b/monkey/monkey_island/cc/services/telemetry/processing/scan.py index 7c31c7761..52a9325e4 100644 --- a/monkey/monkey_island/cc/services/telemetry/processing/scan.py +++ b/monkey/monkey_island/cc/services/telemetry/processing/scan.py @@ -24,7 +24,7 @@ def process_scan_telemetry(telemetry_json, agent_configuration: AgentConfigurati current_monkey = Monkey.get_single_monkey_by_guid(telemetry_json["monkey_guid"]) target_ip = telemetry_json["data"]["machine"]["ip_addr"] - check_segmentation_violation(current_monkey, target_ip) + check_segmentation_violation(current_monkey, target_ip, agent_configuration) def update_edges_and_nodes_based_on_scan_telemetry(telemetry_json): diff --git a/monkey/monkey_island/cc/services/telemetry/zero_trust_checks/segmentation.py b/monkey/monkey_island/cc/services/telemetry/zero_trust_checks/segmentation.py index 47a24d468..5411e7600 100644 --- a/monkey/monkey_island/cc/services/telemetry/zero_trust_checks/segmentation.py +++ b/monkey/monkey_island/cc/services/telemetry/zero_trust_checks/segmentation.py @@ -6,9 +6,6 @@ from common.network.network_range import NetworkRange from common.network.segmentation_utils import get_ip_if_in_subnet, get_ip_in_src_and_not_in_dst from monkey_island.cc.models import Monkey from monkey_island.cc.models.zero_trust.event import Event -from monkey_island.cc.services.configuration.utils import ( - get_config_network_segments_as_subnet_groups, -) from monkey_island.cc.services.zero_trust.monkey_findings.monkey_zt_finding_service import ( MonkeyZTFindingService, ) @@ -25,9 +22,11 @@ SEGMENTATION_VIOLATION_EVENT_TEXT = ( ) -def check_segmentation_violation(current_monkey, target_ip): +def check_segmentation_violation( + current_monkey, target_ip, agent_configuration: AgentConfiguration +): # TODO - lower code duplication between this and report.py. - subnet_groups = get_config_network_segments_as_subnet_groups() + subnet_groups = _get_config_network_segments_as_subnet_groups(agent_configuration) for subnet_group in subnet_groups: subnet_pairs = itertools.product(subnet_group, subnet_group) for subnet_pair in subnet_pairs: