forked from p15670423/monkey
Island: Remove endpoints/resources/services related to Scoutsuite
This commit is contained in:
parent
88f156ea40
commit
7243406b06
|
@ -46,8 +46,6 @@ from monkey_island.cc.resources.telemetry import Telemetry
|
|||
from monkey_island.cc.resources.telemetry_feed import TelemetryFeed
|
||||
from monkey_island.cc.resources.version_update import VersionUpdate
|
||||
from monkey_island.cc.resources.zero_trust.finding_event import ZeroTrustFindingEvent
|
||||
from monkey_island.cc.resources.zero_trust.scoutsuite_auth.aws_keys import AWSKeys
|
||||
from monkey_island.cc.resources.zero_trust.scoutsuite_auth.scoutsuite_auth import ScoutSuiteAuth
|
||||
from monkey_island.cc.resources.zero_trust.zero_trust_report import ZeroTrustReport
|
||||
from monkey_island.cc.server_utils.consts import MONKEY_ISLAND_ABS_PATH
|
||||
from monkey_island.cc.server_utils.custom_json_encoder import CustomJSONEncoder
|
||||
|
@ -168,8 +166,6 @@ def init_api_resources(api):
|
|||
api.add_resource(VersionUpdate, "/api/version-update")
|
||||
api.add_resource(StopAgentCheck, "/api/monkey_control/needs-to-stop/<int:monkey_guid>")
|
||||
api.add_resource(StopAllAgents, "/api/monkey_control/stop-all-agents")
|
||||
api.add_resource(ScoutSuiteAuth, "/api/scoutsuite_auth/<string:provider>")
|
||||
api.add_resource(AWSKeys, "/api/aws_keys")
|
||||
|
||||
# Resources used by black box tests
|
||||
api.add_resource(MonkeyBlackboxEndpoint, "/api/test/monkey")
|
||||
|
|
|
@ -1,10 +0,0 @@
|
|||
import flask_restful
|
||||
|
||||
from monkey_island.cc.resources.auth.auth import jwt_required
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.scoutsuite_auth_service import get_aws_keys
|
||||
|
||||
|
||||
class AWSKeys(flask_restful.Resource):
|
||||
@jwt_required
|
||||
def get(self):
|
||||
return get_aws_keys()
|
|
@ -1,37 +0,0 @@
|
|||
import json
|
||||
|
||||
import flask_restful
|
||||
from flask import request
|
||||
|
||||
from common.cloud.scoutsuite_consts import CloudProviders
|
||||
from common.utils.exceptions import InvalidAWSKeys
|
||||
from monkey_island.cc.resources.auth.auth import jwt_required
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.scoutsuite_auth_service import (
|
||||
is_cloud_authentication_setup,
|
||||
set_aws_keys,
|
||||
)
|
||||
|
||||
|
||||
class ScoutSuiteAuth(flask_restful.Resource):
|
||||
@jwt_required
|
||||
def get(self, provider: CloudProviders):
|
||||
if provider == CloudProviders.AWS.value:
|
||||
is_setup, message = is_cloud_authentication_setup(provider)
|
||||
return {"is_setup": is_setup, "message": message}
|
||||
else:
|
||||
return {"is_setup": False, "message": ""}
|
||||
|
||||
@jwt_required
|
||||
def post(self, provider: CloudProviders):
|
||||
key_info = json.loads(request.data)
|
||||
error_msg = ""
|
||||
if provider == CloudProviders.AWS.value:
|
||||
try:
|
||||
set_aws_keys(
|
||||
access_key_id=key_info["accessKeyId"],
|
||||
secret_access_key=key_info["secretAccessKey"],
|
||||
session_token=key_info["sessionToken"],
|
||||
)
|
||||
except InvalidAWSKeys as e:
|
||||
error_msg = str(e)
|
||||
return {"error_msg": error_msg}
|
|
@ -1,58 +0,0 @@
|
|||
from typing import Tuple
|
||||
|
||||
from ScoutSuite.providers.base.authentication_strategy import AuthenticationException
|
||||
|
||||
from common.cloud.scoutsuite_consts import CloudProviders
|
||||
from common.config_value_paths import AWS_KEYS_PATH
|
||||
from common.utils.exceptions import InvalidAWSKeys
|
||||
from monkey_island.cc.server_utils.encryption import get_datastore_encryptor
|
||||
from monkey_island.cc.services.config import ConfigService
|
||||
|
||||
|
||||
def is_cloud_authentication_setup(provider: CloudProviders) -> Tuple[bool, str]:
|
||||
if provider == CloudProviders.AWS.value:
|
||||
if is_aws_keys_setup():
|
||||
return True, "AWS keys already setup."
|
||||
|
||||
import ScoutSuite.providers.aws.authentication_strategy as auth_strategy
|
||||
|
||||
try:
|
||||
profile = auth_strategy.AWSAuthenticationStrategy().authenticate()
|
||||
return True, f' Profile "{profile.session.profile_name}" is already setup. '
|
||||
except AuthenticationException:
|
||||
return False, ""
|
||||
|
||||
|
||||
def is_aws_keys_setup():
|
||||
return ConfigService.get_config_value(
|
||||
AWS_KEYS_PATH + ["aws_access_key_id"]
|
||||
) and ConfigService.get_config_value(AWS_KEYS_PATH + ["aws_secret_access_key"])
|
||||
|
||||
|
||||
def set_aws_keys(access_key_id: str, secret_access_key: str, session_token: str):
|
||||
if not access_key_id or not secret_access_key:
|
||||
raise InvalidAWSKeys(
|
||||
"Missing some of the following fields: access key ID, secret access key."
|
||||
)
|
||||
_set_aws_key("aws_access_key_id", access_key_id)
|
||||
_set_aws_key("aws_secret_access_key", secret_access_key)
|
||||
_set_aws_key("aws_session_token", session_token)
|
||||
|
||||
|
||||
def _set_aws_key(key_type: str, key_value: str):
|
||||
path_to_keys = AWS_KEYS_PATH
|
||||
encrypted_key = get_datastore_encryptor().encrypt(key_value)
|
||||
ConfigService.set_config_value(path_to_keys + [key_type], encrypted_key)
|
||||
|
||||
|
||||
def get_aws_keys():
|
||||
return {
|
||||
"access_key_id": _get_aws_key("aws_access_key_id"),
|
||||
"secret_access_key": _get_aws_key("aws_secret_access_key"),
|
||||
"session_token": _get_aws_key("aws_session_token"),
|
||||
}
|
||||
|
||||
|
||||
def _get_aws_key(key_type: str):
|
||||
path_to_keys = AWS_KEYS_PATH
|
||||
return ConfigService.get_config_value(config_key_as_arr=path_to_keys + [key_type])
|
Loading…
Reference in New Issue