Merge branch 'develop' into enhancement/Azure-newRules

nccgroup · Jul 30, 2019 · d553c7a · d553c7a
2 parents 28f6de9 + 4ab03ce
commit d553c7a
Show file tree

Hide file tree

Showing 8 changed files with 69 additions and 58 deletions.
diff --git a/ScoutSuite/output/data/html/partials/azure/services.network.network_interfaces.html b/ScoutSuite/output/data/html/partials/azure/services.network.network_interfaces.html
@@ -11,7 +11,7 @@ <h4 class="list-group-item-heading">Information</h4>
         <div class="list-group-item-text item-margin">IP Configurations: <span id="network.network_interfaces.{{@key}}.ip_configurations"><samp>{{value_or_none ip_configurations}}</samp></span></div>
         <div class="list-group-item-text item-margin">Mac Address: <span id="network.network_interfaces.{{@key}}.mac_address"><samp>{{value_or_none mac_address}}</samp></span></div>
         <div class="list-group-item-text item-margin">Interface Endpoint: <span id="network.network_interfaces.{{@key}}.interface_endpoint"><samp>{{value_or_none interface_endpoint}}</samp></span></div>
-        <div class="list-group-item-text item-margin">Network Security Group: <span id="network.network_interfaces.{{@key}}.network_security_group"><samp>{{value_or_none network_security_group}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Network Security Group: <a href="javascript:showObject('services.network.security_groups.{{network_security_group}}')"><samp>{{getValueAt 'services.network.security_groups' network_security_group 'name'}}</samp></a></div>
         <div class="list-group-item-text item-margin">Enable IP Forwarding: <span id="network.network_interfaces.{{@key}}.enable_ip_forwarding"><samp>{{value_or_none enable_ip_forwarding}}</samp></span></div>
         <div class="list-group-item-text item-margin">Enable Accelerated Networking: <span id="network.network_interfaces.{{@key}}.enable_accelerated_networking"><samp>{{value_or_none enable_accelerated_networking}}</samp></span></div>
         <div class="list-group-item-text item-margin">Tags: <span id="network.network_interfaces.{{@key}}.tags"><samp>{{value_or_none tags}}</samp></span></div>

diff --git a/ScoutSuite/output/data/html/partials/azure/services.network.security_groups.html b/ScoutSuite/output/data/html/partials/azure/services.network.security_groups.html
@@ -34,24 +34,24 @@ <h4 class="list-group-item-heading">Inbound Security Rules</h4>
                     <td width="10%">Destination Filter</td>
                     <td width="10%">Action</td>
                 </tr>
-                {{#each security_rules}}
-                {{#ifEqual direction "Inbound"}}
-                <tr>
-                    <td width="10%" class="text-center">{{priority}}</td>
-                    <td width="40%">{{name}}</td>
-                    <td width="10%" class="text-center">{{protocol}}</td>
-                    <td width="10%" class="text-center">{{source_port_ranges}}</td>
-                    <td width="10%" class="text-center">{{source_address_prefixes}}</td>
-                    <td width="10%" class="text-center">{{destination_port_ranges}}</td>
-                    <td width="10%" class="text-center">{{destination_address_prefixes}}</td>
-                    {{#if allow}}
-                    <td width="10%" class="text-center"><i class="fa fa-check-circle finding-good"></i></td>
-                    {{else}}
-                    <td width="10%" class="text-center"><i class="fa fa-times-circle finding-danger"></i></td>
-                    {{/if}}
-                </tr>
-                {{/ifEqual}}
-                {{/each}}
+                {{#each_dict_sorted security_rules "priority"}}
+                    {{#ifEqual direction "Inbound"}}
+                    <tr>
+                        <td width="10%" class="text-center">{{priority}}</td>
+                        <td width="40%">{{name}}</td>
+                        <td width="10%" class="text-center">{{protocol}}</td>
+                        <td width="10%" class="text-center">{{source_port_ranges}}</td>
+                        <td width="10%" class="text-center">{{source_address_prefixes}}</td>
+                        <td width="10%" class="text-center">{{destination_port_ranges}}</td>
+                        <td width="10%" class="text-center">{{destination_address_prefixes}}</td>
+                        {{#if allow}}
+                        <td width="10%" class="text-center"><i class="fa fa-check-circle finding-good"></i></td>
+                        {{else}}
+                        <td width="10%" class="text-center"><i class="fa fa-times-circle finding-danger"></i></td>
+                        {{/if}}
+                    </tr>
+                    {{/ifEqual}}
+                {{/each_dict_sorted}}
             </table>
         </div>
     </div>
@@ -69,24 +69,24 @@ <h4 class="list-group-item-heading">Outbound Security Rules</h4>
                     <td width="10%">Destination Filter</td>
                     <td width="10%">Action</td>
                 </tr>
-                {{#each security_rules}}
-                {{#ifEqual direction "Outbound"}}
-                <tr>
-                    <td width="10%" class="text-center">{{priority}}</td>
-                    <td width="40%">{{name}}</td>
-                    <td width="10%" class="text-center">{{protocol}}</td>
-                    <td width="10%" class="text-center">{{source_port_ranges}}</td>
-                    <td width="10%" class="text-center">{{source_address_prefixes}}</td>
-                    <td width="10%" class="text-center">{{destination_port_ranges}}</td>
-                    <td width="10%" class="text-center">{{destination_address_prefixes}}</td>
-                    {{#if allow}}
-                    <td width="10%" class="text-center"><i class="fa fa-check-circle finding-good"></i></td>
-                    {{else}}
-                    <td width="10%" class="text-center"><i class="fa fa-times-circle finding-danger"></i></td>
-                    {{/if}}
-                </tr>
-                {{/ifEqual}}
-                {{/each}}
+                {{#each_dict_sorted security_rules "priority"}}
+                    {{#ifEqual direction "Outbound"}}
+                    <tr>
+                        <td width="10%" class="text-center">{{priority}}</td>
+                        <td width="40%">{{name}}</td>
+                        <td width="10%" class="text-center">{{protocol}}</td>
+                        <td width="10%" class="text-center">{{source_port_ranges}}</td>
+                        <td width="10%" class="text-center">{{source_address_prefixes}}</td>
+                        <td width="10%" class="text-center">{{destination_port_ranges}}</td>
+                        <td width="10%" class="text-center">{{destination_address_prefixes}}</td>
+                        {{#if allow}}
+                        <td width="10%" class="text-center"><i class="fa fa-check-circle finding-good"></i></td>
+                        {{else}}
+                        <td width="10%" class="text-center"><i class="fa fa-times-circle finding-danger"></i></td>
+                        {{/if}}
+                    </tr>
+                    {{/ifEqual}}
+                {{/each_dict_sorted}}
             </table>
         </div>
     </div>

diff --git a/ScoutSuite/output/data/html/partials/azure/services.network.virtual_networks.id.subnets.html b/ScoutSuite/output/data/html/partials/azure/services.network.virtual_networks.id.subnets.html
@@ -26,6 +26,11 @@ <h4 class="list-group-item-heading">Information</h4>
     </div>
     <div class="list-group-item">
         <h4 class="list-group-item-heading">Instances</h4>
+        {{#each instances}}
+        <div class="list-group-item-text item-margin"><a href="javascript:showObject('services.virtualmachines.instances.{{this}}')"><samp>{{getValueAt 'services.virtualmachines.instances' this 'name'}}</samp></a></div>
+        {{else}}
+        <div class="list-group-item-text item-margin"><samp>None</samp></div>
+        {{/each}}
     </div>
 </script>
 

diff --git a/ScoutSuite/output/data/inc-scoutsuite/helpers.js b/ScoutSuite/output/data/inc-scoutsuite/helpers.js
@@ -388,13 +388,23 @@ Handlebars.registerHelper('each_dict_as_sorted_list', function (context, options
     return ret
 })
 
-Handlebars.registerHelper('sorted_each', function (array, key, opts) {
-    let newarray = array.sort(function (a, b) {
-        if (a[key] < b[key]) return -1
-        if (a[key] > b[key]) return 1
-        return 0
-    })
-    return opts.fn(newarray)
+// Sorts a dict by an arbitrary key
+Handlebars.registerHelper('each_dict_sorted', function (dict, key, opts) {
+    // convert dict to an array
+    var array = [];
+    for (var k in dict) {
+        if (dict.hasOwnProperty(k)) {
+            array.push(dict[k]);
+        }
+    }
+    // sort array
+    var output = '';
+    var contextSorted = array.concat().sort( function(a,b) { return a[key] - b[key] } );
+    for(var i=0, j=contextSorted.length; i<j; i++) {
+        output += opts.fn(contextSorted[i]);
+    }
+    // return resolt
+    return output;
 })
 
 Handlebars.registerHelper('escape_dots', function () {

diff --git a/ScoutSuite/providers/azure/provider.py b/ScoutSuite/providers/azure/provider.py
@@ -52,14 +52,4 @@ def preprocessing(self, ip_ranges=None, ip_ranges_name_key=None):
         """
         ip_ranges = [] if ip_ranges is None else ip_ranges
 
-        if 'virtualmachines' in self.service_list and 'network' in self.service_list:
-            self._match_instances_and_network_interfaces()
-
         super(AzureProvider, self).preprocessing()
-
-    def _match_instances_and_network_interfaces(self):
-        return
-        for instance in self.services['virtualmachines']['instances']:
-            for network_interface in self.services['network']['network_interfaces']:
-                pass
-
diff --git a/ScoutSuite/providers/azure/resources/network/base.py b/ScoutSuite/providers/azure/resources/network/base.py
@@ -35,9 +35,15 @@ async def _match_subnets_and_security_groups(self):
                             self['security_groups'][sg]['subnets'][subnet]['virtual_network_id'] = network
 
     async def _match_subnets_and_network_interfaces(self):
+        """
+        Goes through each security groups' subnets and adds the network interfaces and instances that are placed in it.
+        """
         for interface in self['network_interfaces']:
             subnet_id = self['network_interfaces'][interface]['ip_configuration']['subnet']['id']
             for network in self['virtual_networks']:
                 for network_subnet in self['virtual_networks'][network].get('subnets', []):
+                    if not 'instances' in self['virtual_networks'][network]['subnets'][network_subnet]:
+                        self['virtual_networks'][network]['subnets'][network_subnet]['instances'] = []
                     if subnet_id == network_subnet:
                         self['network_interfaces'][interface]['ip_configuration']['subnet']['virtual_network_id'] = network
+                        self['virtual_networks'][network]['subnets'][network_subnet]['instances'].append(self['network_interfaces'][interface]['virtual_machine'])
diff --git a/ScoutSuite/providers/azure/resources/network/network_interfaces.py b/ScoutSuite/providers/azure/resources/network/network_interfaces.py
@@ -12,7 +12,7 @@ def _parse_network_interface(self, raw_network_interface):
         network_interface_dict = {}
         network_interface_dict['id'] = get_non_provider_id(raw_network_interface.id)
         network_interface_dict['enable_accelerated_networking'] = raw_network_interface.enable_accelerated_networking
-        network_interface_dict['virtual_machine'] = get_non_provider_id(raw_network_interface.virtual_machine.id)
+        network_interface_dict['virtual_machine'] = get_non_provider_id(raw_network_interface.virtual_machine.id.lower())
         network_interface_dict['name'] = raw_network_interface.name
         network_interface_dict['tags'] = raw_network_interface.tags
         network_interface_dict['interface_endpoint'] = raw_network_interface.interface_endpoint
@@ -25,7 +25,7 @@ def _parse_network_interface(self, raw_network_interface):
         network_interface_dict['resource_guid'] = raw_network_interface.resource_guid
         network_interface_dict['enable_ip_forwarding'] = raw_network_interface.enable_ip_forwarding
         network_interface_dict['type'] = raw_network_interface.type
-        network_interface_dict['network_security_group'] = raw_network_interface.network_security_group
+        network_interface_dict['network_security_group'] = get_non_provider_id(raw_network_interface.network_security_group.id)
 
         # TODO process and display the below
         network_interface_dict['hosted_workloads'] = raw_network_interface.hosted_workloads

diff --git a/ScoutSuite/providers/azure/resources/virtualmachines/instances.py b/ScoutSuite/providers/azure/resources/virtualmachines/instances.py
@@ -10,7 +10,8 @@ async def fetch_all(self):
 
     def _parse_instance(self, raw_instance):
         instance_dict = {}
-        instance_dict['id'] = get_non_provider_id(raw_instance.id)
+        instance_dict['id'] = get_non_provider_id(raw_instance.id.lower())
+        instance_dict['vm_id'] = raw_instance.vm_id
         instance_dict['zones'] = raw_instance.zones
         instance_dict['instance_view'] = raw_instance.instance_view
         instance_dict['availability_set'] = raw_instance.availability_set
@@ -22,7 +23,6 @@ def _parse_instance(self, raw_instance):
         instance_dict['tags'] = raw_instance.tags
         instance_dict['provisioning_state'] = raw_instance.provisioning_state
         instance_dict['plan'] = raw_instance.plan
-        instance_dict['vm_id'] = raw_instance.vm_id
         instance_dict['identity'] = raw_instance.identity
         instance_dict['name'] = raw_instance.name
         instance_dict['additional_capabilities'] = raw_instance.additional_capabilities