Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

2857 security report get exploit on node fix #2876

Merged
merged 12 commits into from
Jan 24, 2023
Merged

2857 security report get exploit on node fix #2876

merged 12 commits into from
Jan 24, 2023

Conversation

ilija-lazoroski
Copy link
Contributor

@ilija-lazoroski ilija-lazoroski commented Jan 23, 2023
edited
Loading

What does this PR do?

Fixes part of #2857

Fix reporting UTs is the only thing left

PR Checklist

  • Have you added an explanation of what your changes do and why you'd like to include them?
  • Is the TravisCI build passing?
  • Was the CHANGELOG.md updated to reflect the changes?
  • Was the documentation framework updated to reflect the changes?
  • Have you checked that you haven't introduced any duplicate code?

Testing Checklist

  • Added relevant unit tests?
  • Have you successfully tested your changes locally? Elaborate:

    Tested by {Running the Monkey locally with relevant config/running Island/...}

  • If applicable, add screenshots or log transcripts of the feature working

@ilija-lazoroski ilija-lazoroski marked this pull request as ready for review January 24, 2023 10:51
VakarisZ
VakarisZ reviewed Jan 24, 2023
View reviewed changes
monkey/monkey_island/cc/services/reporting/exploitations/monkey_exploitation.py
)
successful_exploits = [e for e in successful_exploits if e.target in machine_ips and e.success]

plugin_exploiter_manifests = plugin_manifests.get(AgentPluginType.EXPLOITER, {})
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be best to somehow add the hard-coded manifests to the repository. Otherwise the whole codebase needs to know what is hard-coded and what is not or that "hard-coded" plugins is even a thing

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That would require more work. We can discuss it over webex and decide. All in all, hard-coded exploiters will go away at some point so I don't know if it is worth it.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree. They'll go away so it's not worth the effort.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we add a decorator to the plugin repository that would return hard-coded plugins if a plugin is missing it would allow us to simplify some code. This, we wouldn't need to add them in the AgentConfigurationSchemaCompiler, etc. Deleting a single decorator is easier than going through the whole island code base to remove HARD_CODED_PLUGIN references.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Deleting a single decorator is easier than going through the whole island code base to remove HARD_CODED_PLUGIN references.

I agree, but it would introduce the case where I can ask the repository for all manifests and get a manifest for a plugin that doesn't exist. Theoretically this shouldn't be a problem, but it might be if I use the set of all manifests to query for specific plugins. Then I'll have to handle the case where the plugin doesn't exist. Maybe we'll need to handle that in the long run anyway, I'm not sure.

@ilija-lazoroski ilija-lazoroski force-pushed the 2857-security-report-get-exploit-on-node-fix branch from 859ee85 to d6f9123 Compare January 24, 2023 12:14
mssalvatore
mssalvatore requested changes Jan 24, 2023
View reviewed changes
Copy link
Collaborator

@mssalvatore mssalvatore left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One small request.

@mssalvatore mssalvatore mentioned this pull request Jan 24, 2023
Merged
8 tasks
@shreyamalviya shreyamalviya force-pushed the 2857-security-report-get-exploit-on-node-fix branch from 4039b76 to 76f41ec Compare January 24, 2023 13:54
ilija-lazoroski and others added 12 commits January 24, 2023 09:05
@ilija-lazoroski @mssalvatore
Island: Pull plugin titles from plugin manifests in
db576cf 
get_exploits_used_on_node
@ilija-lazoroski @mssalvatore
Island: Accept IAgentPluginRepository in report.py
ee214e2
@ilija-lazoroski @mssalvatore
Island: Initialize ReportService with IAgentPluginRepository
f6ccb56
@ilija-lazoroski @mssalvatore
Island: Accept IAgentPluginRepository in get_propagation_stats
1be1b1c
@ilija-lazoroski @mssalvatore
Island: Accept IAgentPluginRepository in MonkeyExploitation resource
f19fa88
@ilija-lazoroski @mssalvatore
Island: Accept IAgentPluginRepository in RansomwareReport resource
88feef4
@ilija-lazoroski @mssalvatore
UT: Fix reporting tests
1c3775a
@ilija-lazoroski @mssalvatore
Island: Fix get_exploites_used_on_node code
1067920
@ilija-lazoroski @mssalvatore
Island: Rename exploiter_names to exploiter_titles in
655901d 
monkey_exploitation
@ilija-lazoroski @mssalvatore
Island: Add plugin manifests name if title is None in
cbe52e7 
monkey_exploitation
@shreyamalviya @mssalvatore
Island: Add warning log statement in get_exploits_used_on_node()
a426464
@shreyamalviya @mssalvatore
Island: Remove unnecessary check in get_exploits_used_on_node()
6ffc75f
@mssalvatore mssalvatore force-pushed the 2857-security-report-get-exploit-on-node-fix branch from 76f41ec to 6ffc75f Compare January 24, 2023 14:05
@mssalvatore mssalvatore merged commit d64f8b7 into develop Jan 24, 2023
@mssalvatore mssalvatore deleted the 2857-security-report-get-exploit-on-node-fix branch January 24, 2023 14:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mssalvatore mssalvatore mssalvatore approved these changes

@VakarisZ VakarisZ VakarisZ approved these changes

@shreyamalviya shreyamalviya shreyamalviya approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ilija-lazoroski @mssalvatore @VakarisZ @shreyamalviya