def test_save_finding_sanity(self): assert len( Finding.objects(test=zero_trust_consts.TEST_SEGMENTATION)) == 0 event_example = Event.create_event( title="Event Title", message="event message", event_type=zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK, ) monkey_details_example = MonkeyFindingDetails() monkey_details_example.events.append(event_example) monkey_details_example.save() MonkeyFinding.save_finding( test=zero_trust_consts.TEST_SEGMENTATION, status=zero_trust_consts.STATUS_FAILED, detail_ref=monkey_details_example, ) assert len( MonkeyFinding.objects( test=zero_trust_consts.TEST_SEGMENTATION)) == 1 assert len( MonkeyFinding.objects(status=zero_trust_consts.STATUS_FAILED)) == 1 assert len( Finding.objects(status=zero_trust_consts.STATUS_FAILED)) == 1
def test_process_rule(self): # Creates new PermissiveFirewallRules finding with a rule ScoutSuiteZTFindingService.process_rule(SCOUTSUITE_FINDINGS[0], RULES[0]) findings = list(Finding.objects()) assert len(findings) == 1 assert type(findings[0]) == ScoutSuiteFinding # Assert that details were created properly details = findings[0].details.fetch() assert len(details.scoutsuite_rules) == 1 assert details.scoutsuite_rules[0] == RULES[0] # Rule processing should add rule to an already existing finding ScoutSuiteZTFindingService.process_rule(SCOUTSUITE_FINDINGS[0], RULES[1]) findings = list(ScoutSuiteFinding.objects()) assert len(findings) == 1 assert type(findings[0]) == ScoutSuiteFinding # Assert that details were created properly details = findings[0].details.fetch() assert len(details.scoutsuite_rules) == 2 assert details.scoutsuite_rules[1] == RULES[1] # New finding created ScoutSuiteZTFindingService.process_rule(SCOUTSUITE_FINDINGS[1], RULES[1]) findings = list(Finding.objects()) assert len(findings) == 2 assert type(findings[0]) == ScoutSuiteFinding # Assert that details were created properly details = findings[1].details.fetch() assert len(details.scoutsuite_rules) == 1 assert details.scoutsuite_rules[0] == RULES[1]
def test_create_findings_for_all_done_pairs(self): self.fail_if_not_testing_env() self.clean_finding_db() all_subnets = [FIRST_SUBNET, SECOND_SUBNET, THIRD_SUBNET] monkey = Monkey(guid=str(uuid.uuid4()), ip_addresses=[FIRST_SUBNET]) # no findings self.assertEquals(len(Finding.objects(test=TEST_SEGMENTATION)), 0) # This is like the monkey is done and sent done telem create_or_add_findings_for_all_pairs(all_subnets, monkey) # There are 2 subnets in which the monkey is NOT self.assertEquals( len(Finding.objects(test=TEST_SEGMENTATION, status=STATUS_PASSED)), 2) # This is a monkey from 2nd subnet communicated with 1st subnet. SegmentationFinding.create_or_add_to_existing_finding( [FIRST_SUBNET, SECOND_SUBNET], STATUS_FAILED, Event.create_event(title="sdf", message="asd", event_type=EVENT_TYPE_MONKEY_NETWORK)) self.assertEquals( len(Finding.objects(test=TEST_SEGMENTATION, status=STATUS_PASSED)), 1) self.assertEquals( len(Finding.objects(test=TEST_SEGMENTATION, status=STATUS_FAILED)), 1) self.assertEquals(len(Finding.objects(test=TEST_SEGMENTATION)), 2)
def test_save_finding_sanity(self): self.fail_if_not_testing_env() self.clean_finding_db() self.assertEquals(len(Finding.objects(test=TEST_SEGMENTATION)), 0) event_example = Event.create_event( title="Event Title", message="event message", event_type=EVENT_TYPE_MONKEY_NETWORK) Finding.save_finding(test=TEST_SEGMENTATION, status=STATUS_FAILED, events=[event_example]) self.assertEquals(len(Finding.objects(test=TEST_SEGMENTATION)), 1) self.assertEquals(len(Finding.objects(status=STATUS_FAILED)), 1)
def test_save_finding_sanity(self): assert len(Finding.objects(test=zero_trust_consts.TEST_SEGMENTATION)) == 0 rule_example = RULES[0] scoutsuite_details_example = ScoutSuiteFindingDetails() scoutsuite_details_example.scoutsuite_rules.append(rule_example) scoutsuite_details_example.save() ScoutSuiteFinding.save_finding(test=zero_trust_consts.TEST_SEGMENTATION, status=zero_trust_consts.STATUS_FAILED, detail_ref=scoutsuite_details_example) assert len(ScoutSuiteFinding.objects(test=zero_trust_consts.TEST_SEGMENTATION)) == 1 assert len(ScoutSuiteFinding.objects(status=zero_trust_consts.STATUS_FAILED)) == 1 assert len(Finding.objects(status=zero_trust_consts.STATUS_FAILED)) == 1
def test_create_or_add_to_existing_addition(self): # Create new finding MonkeyZTFindingService.create_or_add_to_existing(test=TESTS[0], status=STATUS[0], events=[EVENTS[0]]) # Assert that there's only one finding assert len(Finding.objects()) == 1 # Add events to an existing finding MonkeyZTFindingService.create_or_add_to_existing(test=TESTS[0], status=STATUS[0], events=[EVENTS[1]]) # Assert there's still only one finding, only events got appended assert len(Finding.objects()) == 1 assert len(Finding.objects()[0].details.fetch().events) == 2 # Create new finding MonkeyZTFindingService.create_or_add_to_existing(test=TESTS[1], status=STATUS[1], events=[EVENTS[1]]) # Assert there was a new finding created, because test and status is different assert len(MonkeyFinding.objects()) == 2
def get_pillars_grades(): pillars_grades = [] all_findings = Finding.objects().exclude('events') for pillar in zero_trust_consts.PILLARS: pillars_grades.append( ZeroTrustService.__get_pillar_grade(pillar, all_findings)) return pillars_grades
def __get_pillar_grade(pillar): all_findings = Finding.objects() pillar_grade = { "pillar": pillar, zero_trust_consts.STATUS_FAILED: 0, zero_trust_consts.STATUS_VERIFY: 0, zero_trust_consts.STATUS_PASSED: 0, zero_trust_consts.STATUS_UNEXECUTED: 0 } tests_of_this_pillar = zero_trust_consts.PILLARS_TO_TESTS[pillar] test_unexecuted = {} for test in tests_of_this_pillar: test_unexecuted[test] = True for finding in all_findings: test_unexecuted[finding.test] = False test_info = zero_trust_consts.TESTS_MAP[finding.test] if pillar in test_info[zero_trust_consts.PILLARS_KEY]: pillar_grade[finding.status] += 1 pillar_grade[zero_trust_consts.STATUS_UNEXECUTED] = sum( 1 for condition in list(test_unexecuted.values()) if condition) return pillar_grade
def __get_status_of_single_pillar(pillar): all_findings = Finding.objects().exclude('events') grade = ZeroTrustService.__get_pillar_grade(pillar, all_findings) for status in zero_trust_consts.ORDERED_TEST_STATUSES: if grade[status] > 0: return status return zero_trust_consts.STATUS_UNEXECUTED
def test_create_or_add_to_existing(self): self.fail_if_not_testing_env() self.clean_finding_db() test = zero_trust_consts.TEST_MALICIOUS_ACTIVITY_TIMELINE status = zero_trust_consts.STATUS_VERIFY events = [Event.create_event("t", "t", zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK)] self.assertEqual(len(Finding.objects(test=test, status=status)), 0) AggregateFinding.create_or_add_to_existing(test, status, events) self.assertEqual(len(Finding.objects(test=test, status=status)), 1) self.assertEqual(len(Finding.objects(test=test, status=status)[0].events), 1) AggregateFinding.create_or_add_to_existing(test, status, events) self.assertEqual(len(Finding.objects(test=test, status=status)), 1) self.assertEqual(len(Finding.objects(test=test, status=status)[0].events), 2)
def __get_tests_status(principle_tests): results = [] for test in principle_tests: test_findings = Finding.objects(test=test) results.append({ "test": TESTS_MAP[test][TEST_EXPLANATION_KEY], "status": ZeroTrustService.__get_lcd_worst_status_for_test(test_findings) }) return results
def test_create_or_add_to_existing_creation(self): # Create new finding MonkeyZTFindingService.create_or_add_to_existing(test=TESTS[0], status=STATUS[0], events=[EVENTS[0]]) # Assert that it was properly created findings = list(Finding.objects()) assert len(findings) == 1 assert findings[0].test == TESTS[0] assert findings[0].status == STATUS[0] finding_details = findings[0].details.fetch() assert len(finding_details.events) == 1 assert finding_details.events[0].message == EVENTS[0].message
def __get_principle_status(principle_tests): worst_status = zero_trust_consts.STATUS_UNEXECUTED all_statuses = set() for test in principle_tests: all_statuses |= set(Finding.objects(test=test).distinct("status")) for status in all_statuses: if zero_trust_consts.ORDERED_TEST_STATUSES.index(status) \ < zero_trust_consts.ORDERED_TEST_STATUSES.index(worst_status): worst_status = status return worst_status
def test_create_or_add_to_existing_2_tests_already_exist(self): self.fail_if_not_testing_env() self.clean_finding_db() test = TEST_MALICIOUS_ACTIVITY_TIMELINE status = STATUS_VERIFY event = Event.create_event("t", "t", EVENT_TYPE_MONKEY_NETWORK) events = [event] self.assertEquals(len(Finding.objects(test=test, status=status)), 0) Finding.save_finding(test, status, events) self.assertEquals(len(Finding.objects(test=test, status=status)), 1) self.assertEquals( len(Finding.objects(test=test, status=status)[0].events), 1) AggregateFinding.create_or_add_to_existing(test, status, events) self.assertEquals(len(Finding.objects(test=test, status=status)), 1) self.assertEquals( len(Finding.objects(test=test, status=status)[0].events), 2) Finding.save_finding(test, status, events) self.assertEquals(len(Finding.objects(test=test, status=status)), 2) with self.assertRaises(AssertionError): AggregateFinding.create_or_add_to_existing(test, status, events)
def create_or_add_to_existing(test, status, events): """ Create a new finding or add the events to an existing one if it's the same (same meaning same status and same test). :raises: Assertion error if this is used when there's more then one finding which fits the query - this is not when this function should be used. """ existing_findings = Finding.objects(test=test, status=status).exclude('events') assert (len(existing_findings) < 2), "More than one finding exists for {}:{}".format( test, status) if len(existing_findings) == 0: Finding.save_finding(test, status, events) else: # Now we know for sure this is the only one orig_finding = existing_findings[0] orig_finding.add_events(events)
def _clean_finding_db(): Finding.objects().delete()
def get_all_findings(): all_findings = Finding.objects() enriched_findings = [ ZeroTrustService.__get_enriched_finding(f) for f in all_findings ] return enriched_findings