Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

2787 merge vulnerability and brute force exploiter config #2796

Merged
merged 10 commits into from
Jan 6, 2023
Merged

2787 merge vulnerability and brute force exploiter config #2796

merged 10 commits into from
Jan 6, 2023

Conversation

ilija-lazoroski
Copy link
Contributor

What does this PR do?

Fixes #2787.

PR Checklist

  • Have you added an explanation of what your changes do and why you'd like to include them?
  • Is the TravisCI build passing?
  • Was the CHANGELOG.md updated to reflect the changes?
  • Was the documentation framework updated to reflect the changes?
  • Have you checked that you haven't introduced any duplicate code?

Testing Checklist

  • Added relevant unit tests?
  • Have you successfully tested your changes locally? Elaborate:

    Tested by running the island and agent

  • If applicable, add screenshots or log transcripts of the feature working

@ilija-lazoroski ilija-lazoroski force-pushed the 2787-merge-vulnerability-and-brute-force-exploiter-config branch from 5a1a008 to c8cf86d Compare January 6, 2023 12:21
@codecov
Copy link

codecov bot commented Jan 6, 2023
edited
Loading

Codecov Report

Base: 64.21% // Head: 64.19% // Decreases project coverage by -0.02% ⚠️

Coverage data is based on head (c8cf86d) compared to base (74bd851).
Patch has no changes to coverable lines.

❗ Current head c8cf86d differs from pull request most recent head 20257f5. Consider uploading reports for the commit 20257f5 to get more accurate results

Additional details and impacted files 
@@             Coverage Diff             @@
##           develop    #2796      +/-   ##
===========================================
- Coverage    64.21%   64.19%   -0.03%     
===========================================
  Files          407      407              
  Lines        11581    11573       -8     
===========================================
- Hits          7437     7429       -8     
  Misses        4144     4144
Impacted Files Coverage Δ
monkey/monkey/infection_monkey/master/exploiter.py 95.94% <0.00%> (-0.21%) ⬇️
...nkey/monkey_island/cc/services/reporting/report.py 49.27% <0.00%> (-0.19%) ⬇️
...monkey/tests/common/example_agent_configuration.py 100.00% <0.00%> (ø)
...on/agent_configuration/agent_sub_configurations.py 100.00% <0.00%> (ø)
...agent_configuration/default_agent_configuration.py 100.00% <0.00%> (ø)

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

mssalvatore
mssalvatore requested changes Jan 6, 2023
View reviewed changes
Copy link
Collaborator

@mssalvatore mssalvatore left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Waiting on BB test fixes

mssalvatore and others added 10 commits January 6, 2023 08:22
@mssalvatore
Agent: Merge "brute_force" and "vulnerability" into "exploiters"
57d5d87 
The separation between brute force and vulnerability exploiters was
based on the use case of "vulnerability scanning", which is no longer
Infection Monkey's main goal. Ultimately, users should be able to
configure the order that exploiters run in. While the UI doesn't allow
this at the moment, the configuration can be manipulated manually to
achieve this. However, vulnerability exploiters always run before brute
force exploiters. In other words, this separation reduces the
configurability of the system.

By merging these into a single list of exploiters, we allow the user to
have total control over the order in which exploiters are run.

Issue #2787
PR #2789
@mssalvatore
Agent: Modify master.exploiter to use new configuration
b36b8a4
@mssalvatore
UT: Add missing type hints to test_exploiter fixtures
fb96951
@mssalvatore
UT: Fix order in get_host_exploit_combos_from_call_args_list()
e916d0c
@ilija-lazoroski @mssalvatore
UI: Modify UISchema with merged exploiters
736ed82
@ilija-lazoroski @mssalvatore
UI: Modify ui configuration with merged exploiters
1eed70e
@ilija-lazoroski @mssalvatore
UI: Modify SafeOptionValidator with merged exploiters
7366f81
@ilija-lazoroski @mssalvatore
Island: Modify report generation to work with merged exploiters
2d0aaf9 
Issue: #2787
PR: #2795
@ilija-lazoroski @mssalvatore
Island: Modify path_in_schema to append plugin exploiter
c53d3fe
@ilija-lazoroski @mssalvatore
BB: Modify test configuration with merged exploiters
3db41de 
Issue: #2787
PR: #2797
@mssalvatore mssalvatore force-pushed the 2787-merge-vulnerability-and-brute-force-exploiter-config branch from 20257f5 to 3db41de Compare January 6, 2023 13:22
@mssalvatore mssalvatore merged commit d0d4b8b into develop Jan 6, 2023
@mssalvatore mssalvatore deleted the 2787-merge-vulnerability-and-brute-force-exploiter-config branch January 6, 2023 13:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mssalvatore mssalvatore mssalvatore approved these changes

@cakekoa cakekoa Awaiting requested review from cakekoa

@VakarisZ VakarisZ Awaiting requested review from VakarisZ

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Merge brute force and vulnerability exploiters in the configuration
2 participants
@ilija-lazoroski @mssalvatore