Skip to content

Ransomware encryption table data #1308

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Jul 13, 2021
Merged

Ransomware encryption table data #1308

merged 8 commits into from
Jul 13, 2021

Conversation

VakarisZ
Copy link
Contributor

@VakarisZ VakarisZ commented Jul 9, 2021

What does this PR do?

Fixes part of #1240

Add any further explanations here.

PR Checklist

  • Have you added an explanation of what your changes do and why you'd like to include them?
  • Is the TravisCI build passing?
  • Was the CHANGELOG.md updated to reflect the changes?
  • Was the documentation framework updated to reflect the changes?

Testing Checklist

  • Added relevant unit tests?
  • Have you successfully tested your changes locally? Elaborate:

    Tested by running manually

  • If applicable, add screenshots or log transcripts of the feature working

@ghost
Copy link

ghost commented Jul 9, 2021
edited by ghost
Loading

DeepCode's analysis on #3a2f5f found:

  • ℹ️ 1 minor issue. 👇

Top issues

Description Example fixes
No catch method for promise. This may result in an unhandled promise rejection. Occurrences: 🔧 Example fixes

👉 View analysis in DeepCode’s Dashboard | Configure the bot

👉 The DeepCode service and API will be deprecated in August, 2021. Here is the information how to migrate. Thank you for using DeepCode 🙏 ❤️ !

If you are using our plugins, you might be interested in their successors: Snyk's JetBrains plugin and Snyk's VS Code plugin.

@codecov
Copy link

codecov bot commented Jul 9, 2021
edited
Loading

Codecov Report

Merging #1308 (3a2f5f5) into develop (3b80221) will increase coverage by 0.17%.
The diff coverage is 96.42%.

Impacted file tree graph

@@             Coverage Diff             @@
##           develop    #1308      +/-   ##
===========================================
+ Coverage    30.93%   31.10%   +0.17%     
===========================================
  Files          455      458       +3     
  Lines        13558    13594      +36     
===========================================
+ Hits          4194     4229      +35     
- Misses        9364     9365       +1
Impacted Files Coverage Δ
...ey/monkey_island/cc/resources/ransomware_report.py 0.00% <0.00%> (ø)
...island/cc/services/ransomware/ransomware_report.py 100.00% <100.00%> (ø)
...nkey/tests/data_for_tests/mongo_documents/edges.py 100.00% <100.00%> (ø)
...ey/tests/data_for_tests/mongo_documents/monkeys.py 100.00% <100.00%> (ø)
...sts/mongo_documents/telemetries/file_encryption.py 100.00% <100.00%> (ø)
.../infection_monkey/ransomware/ransomware_payload.py 96.66% <0.00%> (+0.32%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3b80221...3a2f5f5. Read the comment docs.

mssalvatore
mssalvatore requested changes Jul 12, 2021
View reviewed changes
monkey/tests/unit_tests/monkey_island/cc/services/ransomware/test_ransomware_report.py Outdated
]


@pytest.mark.skip(reason="Can't find a way to use the same mock database client in Monkey model")
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This test is unconditionally skipped. It should either be run or removed.

monkey/monkey_island/cc/services/ransomware/ransomware_report.py Outdated
Comment on lines 10 to 30
"$group": {
"_id": {"monkey_guid": "$monkey_guid", "files_encrypted": "$data.files.success"}
}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should have the number of successfully encrypted files, not just true or false. From the acceptance criteria:
image

VakarisZ and others added 7 commits July 13, 2021 09:14
@VakarisZ
Add a service responsible for fetching and formatting data for ransom…
f6eda77 
…ware report, file encryption table
@VakarisZ
Add unit tests and for ransomware report, which get skipped because o…
9492b14 
…f a bug in mongomock
@VakarisZ
Refactor ransomware_report.py to use current report infrastructure fo…
4254f8c 
…r fetching exploited nodes

Re-using current report infrastructure means that it's more trivial to implement/maintain and is already tested. The downside is performance
@VakarisZ
Refactor ransomware report unit tests to mock "get_exploited()" metho…
2bcf3b0 
…d used. Also, minor refactorings in ransomware_report service and resource
@mssalvatore @VakarisZ
Island: Fix failing test by upgrading mongomock
10a375e
@VakarisZ
Island: change ransomware report table to return the amount of files …
f8cbd4c 
…encrypted and the number of total encryption attempts
@VakarisZ
Island: fix rebase issues created when rebasing ransomware table gene…
a0e0e0a 
…ration feature
@VakarisZ VakarisZ force-pushed the ransomware_encryption_table_data branch from f67a500 to a0e0e0a Compare July 13, 2021 06:33
shreyamalviya
shreyamalviya reviewed Jul 13, 2021
View reviewed changes
monkey/monkey_island/cc/services/ransomware/ransomware_report.py
Comment on lines +71 to +72
def _get_monkey_origin_exploits(monkey_hostname, exploited_nodes):
origin_exploits = [
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why call this _get_monkey_origin_exploits? It's returning the origin of the monkey on a machine whether it was an exploit or manual execution.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"Monkey origin" is too ambiguous, it could mean "where monkey got downloaded from", for example. "Exploit" indicates that it means which exploit got monkey into the system. "Manual run" is also an exploit in terms of a simulation. If you have a clearer name suggest and let's fix, I couldn't come up with one without being verbose

@mssalvatore mssalvatore merged commit afe7498 into develop Jul 13, 2021
@mssalvatore mssalvatore deleted the ransomware_encryption_table_data branch July 13, 2021 10:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shreyamalviya shreyamalviya shreyamalviya left review comments

@mssalvatore mssalvatore mssalvatore approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@VakarisZ @mssalvatore @shreyamalviya