def test_save_finding_sanity(self):
assert len(
Finding.objects(test=zero_trust_consts.TEST_SEGMENTATION)) == 0
event_example = Event.create_event(
title="Event Title",
message="event message",
event_type=zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK,
)
monkey_details_example = MonkeyFindingDetails()
monkey_details_example.events.append(event_example)
monkey_details_example.save()
MonkeyFinding.save_finding(
test=zero_trust_consts.TEST_SEGMENTATION,
status=zero_trust_consts.STATUS_FAILED,
detail_ref=monkey_details_example,
)
assert len(
MonkeyFinding.objects(
test=zero_trust_consts.TEST_SEGMENTATION)) == 1
assert len(
MonkeyFinding.objects(status=zero_trust_consts.STATUS_FAILED)) == 1
assert len(
Finding.objects(status=zero_trust_consts.STATUS_FAILED)) == 1
def test_process_rule(self):
# Creates new PermissiveFirewallRules finding with a rule
ScoutSuiteZTFindingService.process_rule(SCOUTSUITE_FINDINGS[0],
RULES[0])
findings = list(Finding.objects())
assert len(findings) == 1
assert type(findings[0]) == ScoutSuiteFinding
# Assert that details were created properly
details = findings[0].details.fetch()
assert len(details.scoutsuite_rules) == 1
assert details.scoutsuite_rules[0] == RULES[0]
# Rule processing should add rule to an already existing finding
ScoutSuiteZTFindingService.process_rule(SCOUTSUITE_FINDINGS[0],
RULES[1])
findings = list(ScoutSuiteFinding.objects())
assert len(findings) == 1
assert type(findings[0]) == ScoutSuiteFinding
# Assert that details were created properly
details = findings[0].details.fetch()
assert len(details.scoutsuite_rules) == 2
assert details.scoutsuite_rules[1] == RULES[1]
# New finding created
ScoutSuiteZTFindingService.process_rule(SCOUTSUITE_FINDINGS[1],
RULES[1])
findings = list(Finding.objects())
assert len(findings) == 2
assert type(findings[0]) == ScoutSuiteFinding
# Assert that details were created properly
details = findings[1].details.fetch()
assert len(details.scoutsuite_rules) == 1
assert details.scoutsuite_rules[0] == RULES[1]
def test_create_findings_for_all_done_pairs(self):
self.fail_if_not_testing_env()
self.clean_finding_db()
all_subnets = [FIRST_SUBNET, SECOND_SUBNET, THIRD_SUBNET]
monkey = Monkey(guid=str(uuid.uuid4()), ip_addresses=[FIRST_SUBNET])
# no findings
self.assertEquals(len(Finding.objects(test=TEST_SEGMENTATION)), 0)
# This is like the monkey is done and sent done telem
create_or_add_findings_for_all_pairs(all_subnets, monkey)
# There are 2 subnets in which the monkey is NOT
self.assertEquals(
len(Finding.objects(test=TEST_SEGMENTATION, status=STATUS_PASSED)),
2)
# This is a monkey from 2nd subnet communicated with 1st subnet.
SegmentationFinding.create_or_add_to_existing_finding(
[FIRST_SUBNET, SECOND_SUBNET], STATUS_FAILED,
Event.create_event(title="sdf",
message="asd",
event_type=EVENT_TYPE_MONKEY_NETWORK))
self.assertEquals(
len(Finding.objects(test=TEST_SEGMENTATION, status=STATUS_PASSED)),
1)
self.assertEquals(
len(Finding.objects(test=TEST_SEGMENTATION, status=STATUS_FAILED)),
1)
self.assertEquals(len(Finding.objects(test=TEST_SEGMENTATION)), 2)
def test_create_or_add_to_existing_2_tests_already_exist(self):
self.fail_if_not_testing_env()
self.clean_finding_db()
test = zero_trust_consts.TEST_MALICIOUS_ACTIVITY_TIMELINE
status = zero_trust_consts.STATUS_VERIFY
event = Event.create_event("t", "t",
zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK)
events = [event]
self.assertEqual(len(Finding.objects(test=test, status=status)), 0)
Finding.save_finding(test, status, events)
self.assertEqual(len(Finding.objects(test=test, status=status)), 1)
self.assertEqual(
len(Finding.objects(test=test, status=status)[0].events), 1)
AggregateFinding.create_or_add_to_existing(test, status, events)
self.assertEqual(len(Finding.objects(test=test, status=status)), 1)
self.assertEqual(
len(Finding.objects(test=test, status=status)[0].events), 2)
Finding.save_finding(test, status, events)
self.assertEqual(len(Finding.objects(test=test, status=status)), 2)
with self.assertRaises(AssertionError):
AggregateFinding.create_or_add_to_existing(test, status, events)
def test_save_finding_validation(self):
self.fail_if_not_testing_env()
self.clean_finding_db()
with self.assertRaises(ValidationError):
_ = Finding.save_finding(test="bla bla", status=STATUS_FAILED, events=[])
with self.assertRaises(ValidationError):
_ = Finding.save_finding(test=TEST_SEGMENTATION, status="bla bla", events=[])
def test_save_finding_sanity(self):
self.fail_if_not_testing_env()
self.clean_finding_db()
self.assertEquals(len(Finding.objects(test=TEST_SEGMENTATION)), 0)
event_example = Event.create_event(
title="Event Title", message="event message", event_type=EVENT_TYPE_MONKEY_NETWORK)
Finding.save_finding(test=TEST_SEGMENTATION, status=STATUS_FAILED, events=[event_example])
self.assertEquals(len(Finding.objects(test=TEST_SEGMENTATION)), 1)
self.assertEquals(len(Finding.objects(status=STATUS_FAILED)), 1)
def test_save_finding_sanity(self):
assert len(Finding.objects(test=zero_trust_consts.TEST_SEGMENTATION)) == 0
rule_example = RULES[0]
scoutsuite_details_example = ScoutSuiteFindingDetails()
scoutsuite_details_example.scoutsuite_rules.append(rule_example)
scoutsuite_details_example.save()
ScoutSuiteFinding.save_finding(test=zero_trust_consts.TEST_SEGMENTATION,
status=zero_trust_consts.STATUS_FAILED,
detail_ref=scoutsuite_details_example)
assert len(ScoutSuiteFinding.objects(test=zero_trust_consts.TEST_SEGMENTATION)) == 1
assert len(ScoutSuiteFinding.objects(status=zero_trust_consts.STATUS_FAILED)) == 1
assert len(Finding.objects(status=zero_trust_consts.STATUS_FAILED)) == 1
def __get_pillar_grade(pillar):
all_findings = Finding.objects()
pillar_grade = {
"pillar": pillar,
zero_trust_consts.STATUS_FAILED: 0,
zero_trust_consts.STATUS_VERIFY: 0,
zero_trust_consts.STATUS_PASSED: 0,
zero_trust_consts.STATUS_UNEXECUTED: 0
}
tests_of_this_pillar = zero_trust_consts.PILLARS_TO_TESTS[pillar]
test_unexecuted = {}
for test in tests_of_this_pillar:
test_unexecuted[test] = True
for finding in all_findings:
test_unexecuted[finding.test] = False
test_info = zero_trust_consts.TESTS_MAP[finding.test]
if pillar in test_info[zero_trust_consts.PILLARS_KEY]:
pillar_grade[finding.status] += 1
pillar_grade[zero_trust_consts.STATUS_UNEXECUTED] = sum(
1 for condition in list(test_unexecuted.values()) if condition)
return pillar_grade
def get_pillars_grades():
pillars_grades = []
all_findings = Finding.objects().exclude('events')
for pillar in zero_trust_consts.PILLARS:
pillars_grades.append(
ZeroTrustService.__get_pillar_grade(pillar, all_findings))
return pillars_grades
def test_create_or_add_to_existing_addition(self):
# Create new finding
MonkeyZTFindingService.create_or_add_to_existing(test=TESTS[0], status=STATUS[0], events=[EVENTS[0]])
# Assert that there's only one finding
assert len(Finding.objects()) == 1
# Add events to an existing finding
MonkeyZTFindingService.create_or_add_to_existing(test=TESTS[0], status=STATUS[0], events=[EVENTS[1]])
# Assert there's still only one finding, only events got appended
assert len(Finding.objects()) == 1
assert len(Finding.objects()[0].details.fetch().events) == 2
# Create new finding
MonkeyZTFindingService.create_or_add_to_existing(test=TESTS[1], status=STATUS[1], events=[EVENTS[1]])
# Assert there was a new finding created, because test and status is different
assert len(MonkeyFinding.objects()) == 2
def __get_status_of_single_pillar(pillar):
all_findings = Finding.objects().exclude('events')
grade = ZeroTrustService.__get_pillar_grade(pillar, all_findings)
for status in zero_trust_consts.ORDERED_TEST_STATUSES:
if grade[status] > 0:
return status
return zero_trust_consts.STATUS_UNEXECUTED
def test_create_or_add_to_existing(self):
self.fail_if_not_testing_env()
self.clean_finding_db()
test = TEST_MALICIOUS_ACTIVITY_TIMELINE
status = STATUS_VERIFY
events = [Event.create_event("t", "t", EVENT_TYPE_MONKEY_NETWORK)]
self.assertEquals(len(Finding.objects(test=test, status=status)), 0)
AggregateFinding.create_or_add_to_existing(test, status, events)
self.assertEquals(len(Finding.objects(test=test, status=status)), 1)
self.assertEquals(
len(Finding.objects(test=test, status=status)[0].events), 1)
AggregateFinding.create_or_add_to_existing(test, status, events)
self.assertEquals(len(Finding.objects(test=test, status=status)), 1)
self.assertEquals(
len(Finding.objects(test=test, status=status)[0].events), 2)
def create_or_add_to_existing(test, status, events):
"""
Create a new finding or add the events to an existing one if it's the same (same meaning same status and same
test).
:raises: Assertion error if this is used when there's more then one finding which fits the query - this is not
when this function should be used.
"""
existing_findings = Finding.objects(test=test,
status=status).exclude('events')
assert (len(existing_findings) <
2), "More than one finding exists for {}:{}".format(
test, status)
if len(existing_findings) == 0:
Finding.save_finding(test, status, events)
else:
# Now we know for sure this is the only one
orig_finding = existing_findings[0]
orig_finding.add_events(events)
def __get_tests_status(principle_tests):
results = []
for test in principle_tests:
test_findings = Finding.objects(test=test)
results.append({
"test":
TESTS_MAP[test][TEST_EXPLANATION_KEY],
"status":
ZeroTrustService.__get_lcd_worst_status_for_test(test_findings)
})
return results
def test_create_or_add_to_existing_creation(self):
# Create new finding
MonkeyZTFindingService.create_or_add_to_existing(test=TESTS[0], status=STATUS[0], events=[EVENTS[0]])
# Assert that it was properly created
findings = list(Finding.objects())
assert len(findings) == 1
assert findings[0].test == TESTS[0]
assert findings[0].status == STATUS[0]
finding_details = findings[0].details.fetch()
assert len(finding_details.events) == 1
assert finding_details.events[0].message == EVENTS[0].message
def __get_principle_status(principle_tests):
worst_status = zero_trust_consts.STATUS_UNEXECUTED
all_statuses = set()
for test in principle_tests:
all_statuses |= set(Finding.objects(test=test).distinct("status"))
for status in all_statuses:
if zero_trust_consts.ORDERED_TEST_STATUSES.index(status) \
< zero_trust_consts.ORDERED_TEST_STATUSES.index(worst_status):
worst_status = status
return worst_status
def _clean_finding_db():
Finding.objects().delete()
def get_all_findings():
all_findings = Finding.objects()
enriched_findings = [
ZeroTrustService.__get_enriched_finding(f) for f in all_findings
]
return enriched_findings
def save_example_findings():
# arrange
Finding.save_finding(zero_trust_consts.TEST_ENDPOINT_SECURITY_EXISTS,
zero_trust_consts.STATUS_PASSED,
[]) # devices passed = 1
Finding.save_finding(zero_trust_consts.TEST_ENDPOINT_SECURITY_EXISTS,
zero_trust_consts.STATUS_PASSED,
[]) # devices passed = 2
Finding.save_finding(zero_trust_consts.TEST_ENDPOINT_SECURITY_EXISTS,
zero_trust_consts.STATUS_FAILED,
[]) # devices failed = 1
# devices unexecuted = 1
# people verify = 1
# networks verify = 1
Finding.save_finding(zero_trust_consts.TEST_SCHEDULED_EXECUTION,
zero_trust_consts.STATUS_VERIFY, [])
# people verify = 2
# networks verify = 2
Finding.save_finding(zero_trust_consts.TEST_SCHEDULED_EXECUTION,
zero_trust_consts.STATUS_VERIFY, [])
# data failed 1
Finding.save_finding(zero_trust_consts.TEST_DATA_ENDPOINT_HTTP,
zero_trust_consts.STATUS_FAILED, [])
# data failed 2
Finding.save_finding(zero_trust_consts.TEST_DATA_ENDPOINT_HTTP,
zero_trust_consts.STATUS_FAILED, [])
# data failed 3
Finding.save_finding(zero_trust_consts.TEST_DATA_ENDPOINT_HTTP,
zero_trust_consts.STATUS_FAILED, [])
# data failed 4
Finding.save_finding(zero_trust_consts.TEST_DATA_ENDPOINT_HTTP,
zero_trust_consts.STATUS_FAILED, [])
# data failed 5
Finding.save_finding(zero_trust_consts.TEST_DATA_ENDPOINT_HTTP,
zero_trust_consts.STATUS_FAILED, [])
# data verify 1
Finding.save_finding(zero_trust_consts.TEST_DATA_ENDPOINT_HTTP,
zero_trust_consts.STATUS_VERIFY, [])
# data verify 2
Finding.save_finding(zero_trust_consts.TEST_DATA_ENDPOINT_HTTP,
zero_trust_consts.STATUS_VERIFY, [])
# data passed 1
Finding.save_finding(zero_trust_consts.TEST_DATA_ENDPOINT_HTTP,
zero_trust_consts.STATUS_PASSED, [])