Merge branch 'master' of https://github.com/amunchet/labyrinth

amunchet · Oct 27, 2023 · 1e82a8c · 1e82a8c
2 parents 7ebb164 + d468e49
commit 1e82a8c
Show file tree

Hide file tree

Showing 37 changed files with 1,121 additions and 358 deletions.
diff --git a/backend/Dockerfile b/backend/Dockerfile
@@ -19,8 +19,10 @@ RUN   apt-get update && apt-get -y install python3 \
 	tzdata
 
 
-RUN wget -qO- https://repos.influxdata.com/influxdb.key | apt-key add -
-RUN echo "deb https://repos.influxdata.com/debian focal stable" | tee /etc/apt/sources.list.d/influxdb.list
+# influxdata-archive_compat.key GPG Fingerprint: 9D539D90D3328DC7D6C8D3B9D8FF8E1F7DF8B07E
+RUN wget -q https://repos.influxdata.com/influxdata-archive_compat.key
+RUN echo '393e8779c89ac8d958f81f942f9ad7fb82a25e133faddaf92e15b16e6ac9ce4c influxdata-archive_compat.key' | sha256sum -c && cat influxdata-archive_compat.key | gpg --dearmor | tee /etc/apt/trusted.gpg.d/influxdata-archive_compat.gpg > /dev/null
+RUN echo 'deb [signed-by=/etc/apt/trusted.gpg.d/influxdata-archive_compat.gpg] https://repos.influxdata.com/debian stable main' | tee /etc/apt/sources.list.d/influxdata.list
 
 RUN apt update && apt -y install telegraf
 
@@ -32,5 +34,5 @@ RUN dos2unix -n /entrypoint.sh /entrypoint-fixed.sh
 RUN chmod a+x /entrypoint-fixed.sh
 
 
-CMD exec /bin/bash -c '/entrypoint-fixed.sh && sleep inf'
+CMD exec /bin/bash -c '/entrypoint-fixed.sh'
 
diff --git a/backend/ansible_helper.py b/backend/ansible_helper.py
@@ -21,7 +21,7 @@
 import ansi2html
 import ansible_runner
 
-
+from werkzeug.utils import secure_filename
 from typing import List
 
 
@@ -32,6 +32,9 @@ def check_file(filename, file_type, raw=""):
     retval = False
     temp_file = "/tmp/{}".format(str(uuid.uuid1()))
 
+    filename = secure_filename(filename)
+    file_type = secure_filename(file_type)
+
     look_file = "/src/uploads/{}/{}".format(file_type, filename)
 
     if filename not in os.listdir("/src/uploads/{}".format(file_type)):
@@ -46,8 +49,7 @@ def check_file(filename, file_type, raw=""):
             f.write(raw)
 
         x = subprocess.run(
-            ["ansible-playbook {} --check".format(temp_file)],
-            shell=True,
+            ["ansible-playbook", temp_file, "--check"],
             capture_output=True,
         )
         if x.returncode >= 4:
@@ -57,15 +59,14 @@ def check_file(filename, file_type, raw=""):
 
         if retval:
             if not os.path.exists("/src/uploads/ansible"):  # pragma: no cover
-                os.mkdir("/src/uploads/ansible")
+                os.makedirs("/src/uploads/ansible")
             shutil.move(temp_file, "/src/uploads/ansible/{}.yml".format(filename))
 
         return [retval, x.stdout, x.stderr]
 
     elif file_type == "ansible":
         x = subprocess.run(
-            ["ansible-playbook {} --check".format(look_file)],
-            shell=True,
+            ["ansible-playbook", look_file, "--check"],
             capture_output=True,
         )
         if x.returncode >= 4:
@@ -80,7 +81,7 @@ def check_file(filename, file_type, raw=""):
 
         shutil.copy(look_file, "/etc/telegraf/telegraf.conf")
 
-        x = subprocess.run(["telegraf --test"], shell=True, capture_output=True)
+        x = subprocess.run(["telegraf", "--test"], capture_output=True)
         if x.returncode != 0:
             retval = False
         else:
@@ -144,11 +145,11 @@ def run_ansible(
     if not os.path.exists("/run"):  # pragma: no cover
         os.mkdir("/run")
 
-    os.mkdir(RUN_DIR)
+    os.makedirs(RUN_DIR)
 
     folders = ["inventory", "project", "vars", "env"]
     for folder in folders:
-        os.mkdir("{}/{}".format(RUN_DIR, folder))
+        os.makedirs("{}/{}".format(RUN_DIR, folder))
 
     # Copy over playbook
     src_playbook = "{}/{}.yml".format(SRC_DIR, playbook)

diff --git a/backend/common/auth.py b/backend/common/auth.py
@@ -18,11 +18,11 @@
 AUTH0_DOMAIN = os.getenv("AUTH0DOMAIN")
 API_IDENTIFIER = os.getenv("APIURL")
 
-if AUTH0_DOMAIN == "" or AUTH0_DOMAIN == None:
+if AUTH0_DOMAIN == "" or AUTH0_DOMAIN is None:
     raise Exception("No Auth0 Domain specified.  Please make sure your .env is correct")
 
 
-if API_IDENTIFIER == "" or API_IDENTIFIER == None:
+if API_IDENTIFIER == "" or API_IDENTIFIER is None:
     raise Exception(
         "No Auth0 API URL specified.  Please make sure your .env is correct"
     )

diff --git a/backend/common/test.py b/backend/common/test.py
@@ -20,3 +20,15 @@ def unwrap(f):
     if count == 0:
         raise Exception("Unwrapped Exception Found.")
     return b
+
+
+def delete_keys_recursive(data, search="_id"):
+    if isinstance(data, dict):
+        for key in list(data.keys()):
+            if key == search:
+                del data[key]
+            else:
+                delete_keys_recursive(data[key])
+    elif isinstance(data, list):
+        for item in data:
+            delete_keys_recursive(item)
diff --git a/backend/finder.py b/backend/finder.py
@@ -26,25 +26,41 @@ def scan(subnet: str, callback_fn, verbose=False) -> List:  # pragma: no cover
     if len(subnet.split(".")) == 3:
         search += ".0/24"
 
-
     # Ping version
-    ping_output = subprocess.check_output(["nmap", "-PE", "-sn", "-T5", "-oX", "-", search])
+    ping_output = subprocess.check_output(
+        ["nmap", "-PE", "-sn", "-T5", "-oX", "-", search]
+    )
     parsed = xmltodict.parse(ping_output)
 
     ## Exactly one alive host will break the process
-    if type(parsed['nmaprun']['host']) == type({}):
-        parsed["nmaprun"]["host"] = [parsed['nmaprun']['host']]
-    arr = [x['address']['@addr'] for x in parsed['nmaprun']['host']]
-    search = " ".join(arr)
+    if type(parsed["nmaprun"]["host"]) == type({}):
+        parsed["nmaprun"]["host"] = [parsed["nmaprun"]["host"]]
+
+    arr = []
+    for x in parsed["nmaprun"]["host"]:
+        if "address" in x and "@addr" in x["address"]:
+            arr.append(x["address"]["@addr"])
+        elif type(x["address"]) is list:
+            found = [
+                item["@addr"]
+                for item in x["address"]
+                if (
+                    "@addr" in item
+                    and "." in item["@addr"]
+                    and ":" not in item["@addr"]
+                )
+            ]
+            if found:
+                arr.append(found[0])
 
+    print(arr)
+    search = " ".join(arr)
 
     scanner = ps()
     results = []
-    
+
     arguments = "-sV -O -A --script vulners"
-    arguments = (
-        "-sT -PU0 -Pn"  # Removed vulners, since security scanning will be done externally
-    )
+    arguments = "-sT -PU0 -Pn"  # Removed vulners, since security scanning will be done externally
     callback_fn(search + "\n\n" + f"Hosts Count:{len(arr)}")
 
     for line in scanner.scan(hosts=search, arguments=arguments):
@@ -141,7 +157,6 @@ def update_redis(msg, subnet):
         rclient.set("output-{}".format(subnet), output + str(msg))
 
     with PidFile("labyrinth-finder") as p:
-
         # List each subnet
         subnets = json.loads(unwrap(list_subnets)()[0])
 

diff --git a/backend/metrics.py b/backend/metrics.py
@@ -6,7 +6,7 @@
 import datetime
 import logging
 
-logging.basicConfig(level=logging.DEBUG)
+logging.basicConfig(level=logging.WARNING)
 
 logger = logging.getLogger(__name__)
 
@@ -128,7 +128,8 @@ def find_children(key, fields):
     if service["comparison"] == "equals":
         logger.debug("In equals comparison")
         try:
-            return found == service["value"]
+            output = str(found).strip() == str(service["value"]).strip()
+            return output
         except TypeError:  # pragma: no cover
             try:
                 return float(found) == float(service["value"])

diff --git a/backend/requirements.txt b/backend/requirements.txt
@@ -1,4 +1,4 @@
-flask
+flask==2.*
 flask-cors
 flask-socketio
 gunicorn

diff --git a/backend/run_tests.sh b/backend/run_tests.sh
@@ -10,7 +10,7 @@ echo "Running Pytest..."
 docker
 if [ $? -eq 127 ]; then
     echo "No docker found.  Assuming we're inside of backend docker."
-    cd /src && PYTHONPATH=/src pytest --cov=/src --cov-report term-missing -vvvv --cov-fail-under=95 --cov-report=html $1 . 
+    cd /src && PYTHONPATH=/src pytest --cov=/src --cov-report term-missing -vvvv --cov-fail-under=95 --cov-report=html $ARGS . 
 
 else
     docker ps