p59342861
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Change warning order and phrasing in report

This commit is contained in:
Shreya 2021-03-02 13:02:56 +05:30
parent 89907d133e
commit 6babcd099a
1 changed files with 22 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js
View File

@ -315,24 +315,24 @@ class ReportPageComponent extends AuthComponent {
<li>Machines are accessible using passwords supplied by the user during the Monkeys <li>Machines are accessible using passwords supplied by the user during the Monkeys
configuration.</li>} configuration.</li>}
{this.state.report.overview.issues[this.Issue.AZURE] && {this.state.report.overview.issues[this.Issue.AZURE] &&
<li>Azure machines expose plaintext passwords. ( <li>Azure machines expose plaintext passwords (
<Button <Button
variant={'link'} variant={'link'}
href='https://www.guardicore.com/2018/03/recovering-plaintext-passwords-azure/' href='https://www.guardicore.com/2018/03/recovering-plaintext-passwords-azure/'
target={'_blank'} target={'_blank'}
className={'security-report-link'}> className={'security-report-link'}>
More info more info
</Button>) </Button>).
</li>} </li>}
{this.state.report.overview.issues[this.Issue.STRUTS2] && {this.state.report.overview.issues[this.Issue.STRUTS2] &&
<li>Struts2 servers are vulnerable to remote code execution. ( <li>Struts2 servers are vulnerable to remote code execution (
<Button <Button
variant={'link'} variant={'link'}
href='https://cwiki.apache.org/confluence/display/WW/S2-045' href='https://cwiki.apache.org/confluence/display/WW/S2-045'
target={'_blank'} target={'_blank'}
className={'security-report-link'}> className={'security-report-link'}>
CVE-2017-5638 CVE-2017-5638
</Button>) </Button>).
</li>} </li>}
{this.state.report.overview.issues[this.Issue.WEBLOGIC] && {this.state.report.overview.issues[this.Issue.WEBLOGIC] &&
<li>Oracle WebLogic servers are susceptible to a remote code execution vulnerability.</li>} <li>Oracle WebLogic servers are susceptible to a remote code execution vulnerability.</li>}
@ -417,10 +417,20 @@ class ReportPageComponent extends AuthComponent {
generateZerologonOverview() { generateZerologonOverview() {
let zerologonOverview = []; let zerologonOverview = [];
if (this.state.report.overview.issues[this.Issue.ZEROLOGON]) {
zerologonOverview.push(<>
Some Windows domain controllers are vulnerable to 'Zerologon' (
<Button variant={'link'}
href='https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472'
target={'_blank'}
className={'security-report-link'}>
CVE-2020-1472
</Button>).
</>)
}
if (this.state.report.overview.issues[this.Issue.ZEROLOGON_PASSWORD_RESTORE_FAILED]) { if (this.state.report.overview.issues[this.Issue.ZEROLOGON_PASSWORD_RESTORE_FAILED]) {
zerologonOverview.push( zerologonOverview.push(
<span className={'zero-logon-overview-pass-restore-failed'}> <span className={'zero-logon-overview-pass-restore-failed'}><br/>
<WarningIcon/> <WarningIcon/>
Automatic password restoration on a domain controller failed! Automatic password restoration on a domain controller failed!
<Button variant={'link'} <Button variant={'link'}
@ -431,17 +441,7 @@ class ReportPageComponent extends AuthComponent {
</Button> </Button>
</span>) </span>)
} }
if (this.state.report.overview.issues[this.Issue.ZEROLOGON]) { else {
zerologonOverview.push(<>
Some domain controllers are vulnerable to Zerologon exploiter(
<Button variant={'link'}
href='https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472'
target={'_blank'}
className={'security-report-link'}>
CVE-2020-1472
</Button>)!
</>)
} else {
return null; return null;
} }
return (<li>{zerologonOverview}</li>) return (<li>{zerologonOverview}</li>)
@ -989,8 +989,8 @@ class ReportPageComponent extends AuthComponent {
href='https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/xp-cmdshell-server-configuration-option?view=sql-server-2017' href='https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/xp-cmdshell-server-configuration-option?view=sql-server-2017'
target={'_blank'} target={'_blank'}
className={'security-report-link'}> className={'security-report-link'}>
Microsoft's documentation. Microsoft's documentation
</Button> </Button>.
</CollapsibleWellComponent> </CollapsibleWellComponent>
</> </>
); );
@ -1013,8 +1013,8 @@ class ReportPageComponent extends AuthComponent {
href='https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472' href='https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472'
target={'_blank'} target={'_blank'}
className={'security-report-link'}> className={'security-report-link'}>
Microsoft's documentation. Microsoft's documentation
</Button> </Button>.
{!issue.password_restored && {!issue.password_restored &&
<div className={'info-pane-warning'} key={'warning'}> <div className={'info-pane-warning'} key={'warning'}>
<br/><WarningIcon/> <br/><WarningIcon/>