Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generate report with remediation_suggestion #2885

Merged
merged 30 commits into from
Jan 31, 2023
Merged

Generate report with remediation_suggestion #2885

merged 30 commits into from
Jan 31, 2023

Conversation

shreyamalviya
Copy link
Contributor

@shreyamalviya shreyamalviya commented Jan 25, 2023
edited by VakarisZ
Loading

What does this PR do?

Fixes a part of #2857

PR Checklist

  • Have you added an explanation of what your changes do and why you'd like to include them?
  • Is the TravisCI build passing?
  • Was the CHANGELOG.md updated to reflect the changes?
  • Was the documentation framework updated to reflect the changes?
  • Have you checked that you haven't introduced any duplicate code?

Testing Checklist

  • Added relevant unit tests?
  • Have you successfully tested your changes locally? Elaborate:

    Tested by running some manual tests and verifying

  • If applicable, add screenshots or log transcripts of the feature working

image
image

@shreyamalviya shreyamalviya force-pushed the 2857-dynamically-generate-report branch from fc98531 to 870c209 Compare January 25, 2023 16:28
@shreyamalviya
Copy link
Contributor Author

shreyamalviya commented Jan 25, 2023
edited
Loading

Updated screenshot:
image

@VakarisZ VakarisZ force-pushed the 2857-modify-report-to-send-remediation-suggestions branch 3 times, most recently from 18c7096 to addc1f5 Compare January 26, 2023 10:50
@VakarisZ VakarisZ self-assigned this Jan 26, 2023
Base automatically changed from 2857-modify-report-to-send-remediation-suggestions to develop January 26, 2023 14:40
@VakarisZ VakarisZ force-pushed the 2857-dynamically-generate-report branch from 929d5d1 to ebdb1e3 Compare January 26, 2023 15:44
@VakarisZ VakarisZ marked this pull request as ready for review January 27, 2023 15:53
shreyamalviya and others added 21 commits January 27, 2023 15:53
@shreyamalviya @VakarisZ
UI: Add react-markdown
725a380
@shreyamalviya @VakarisZ
UI: Show remediation_suggestions for issues in security report
6ae6aa2
@shreyamalviya @VakarisZ
UI: Add TODO comment about react-markdown
7d64588
@shreyamalviya @VakarisZ
UI: Use hard-coded report component generators if issue isn't in reme…
d82fa37 
…diation suggestions
@shreyamalviya @VakarisZ
UI: Remove unused imports in SecurityReport.js
42a97c3
@shreyamalviya @VakarisZ
UI: Remove issue overview functions from SecurityReport.js
cc400de
@shreyamalviya @VakarisZ
UI: Remove unused report functions
f7806cd
@shreyamalviya @VakarisZ
UI: Remove exploiter report issue files
2116cbd
@shreyamalviya @VakarisZ
UI: Add machines IPs to bullet header in security report
ccb9b6d
@shreyamalviya @VakarisZ
UI: Add collapsible component to plugin remediations in security report
1ab3fe7
@VakarisZ
UI: Add remark-breaks package to support line-breaks in markdown
aae368d
@VakarisZ
UI: Improve remediation code
e5694d2 
Structure of the issue changed, so we can simplify the security report and improve markdown display
@VakarisZ
UI: Style markdown links in security report
b260b9f
@VakarisZ
UI: Display plugin description in the report
03c5c76
@VakarisZ
UI: Fix a bug in remediation generation
0867b93 
These improvements account for the possibility of missing descriptions or remediations
@VakarisZ
UI: Remove unused paragraph in security report overview
e969f65
@VakarisZ
Common: Fix a typo in SSH manifest
cc3db43
@VakarisZ
UI: Reintroduce segmentation issues into report
045b73a 
Segmentation issues get a separate section because the overview is going away. Overview is going away, because exploiter plugins won't have an overview information
@VakarisZ
Island: Remove "issue_set" from report
06d0172 
Issue set is not needed, all issues are already being sent as "issues" in recommendations
@VakarisZ
UI: Remove unused issue code
6af6998 
Issues like "shared_password_domain" and "strong_users_on_crit" are not being generated on the back end. It doesn't make sense to keep the overview code on the front end
@VakarisZ
Island: Remove island cross-segmentation issue
58a2de7 
The overview is gone and this issue is redundant: any cross segemntation communications should be reported the same way, regardless if it was island or agents
@VakarisZ
Island: Fix zerologon password restoration view
4954577 
Zerologon password restoration was moved to the remediation section where it belongs
@VakarisZ
Island: Remove some unused code
cb3aa60 
Report refactoring left some unused code. It's mainly related to the removal of overview section in reports
@VakarisZ
UT: Fix add_remediation_to_issue tests
d53d402
@VakarisZ VakarisZ force-pushed the 2857-dynamically-generate-report branch from 4c8e92f to d53d402 Compare January 27, 2023 15:54
@shreyamalviya
Copy link
Contributor Author

Tested that non-plugin issues are shown as expected:
image

@codecov
Copy link

codecov bot commented Jan 31, 2023
edited
Loading

Codecov Report

Base: 65.71% // Head: 65.72% // Increases project coverage by +0.01% 🎉

Coverage data is based on head (b21d995) compared to base (cba0d4d).
Patch has no changes to coverable lines.

Additional details and impacted files 
@@             Coverage Diff             @@
##           develop    #2885      +/-   ##
===========================================
+ Coverage    65.71%   65.72%   +0.01%     
===========================================
  Files          415      414       -1     
  Lines        11910    11870      -40     
===========================================
- Hits          7827     7802      -25     
+ Misses        4083     4068      -15
Impacted Files Coverage Δ
...ng/exploit_processing/exploiter_descriptor_enum.py
...nkey/monkey_island/cc/services/reporting/report.py 51.45% <0.00%> (+0.45%) ⬆️
monkey/monkey/common/network/network_utils.py 64.70% <0.00%> (+1.54%) ⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

@shreyamalviya shreyamalviya force-pushed the 2857-dynamically-generate-report branch from 0c668be to 074e2c0 Compare January 31, 2023 09:36
VakarisZ
VakarisZ reviewed Jan 31, 2023
View reviewed changes
monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js Outdated
Comment on lines 289 to 290
contact <a href='mailto://labs@guardicore.com' className='no-print'>labs@guardicore.com</a>
<div className='force-print' style={{ display: 'none' }}>labs@guardicore.com</div>.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This probably should be changed to support@infectionmonkey.com, but let's not cram more changes into this PR. Typos in the report have nothing to do with plugins.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right, I'll open another PR with these changes.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#2899

@shreyamalviya shreyamalviya force-pushed the 2857-dynamically-generate-report branch from 074e2c0 to b21d995 Compare January 31, 2023 09:51
@shreyamalviya shreyamalviya merged commit 6f776ee into develop Jan 31, 2023
@shreyamalviya shreyamalviya deleted the 2857-dynamically-generate-report branch January 31, 2023 10:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ilija-lazoroski ilija-lazoroski ilija-lazoroski approved these changes

@VakarisZ VakarisZ VakarisZ approved these changes

Assignees

@VakarisZ VakarisZ

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@shreyamalviya @ilija-lazoroski @VakarisZ