Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Attack config unsafe warning #1006

Merged
merged 2 commits into from
Mar 2, 2021
Merged

Attack config unsafe warning #1006

merged 2 commits into from
Mar 2, 2021

Conversation

mssalvatore
Copy link
Collaborator

@mssalvatore mssalvatore commented Mar 1, 2021
edited
Loading

What does this PR do?

Adds a warning when a user submits an ATT&CK config that could be unsafe.

The ATT&CK configuration screen could allow users to unknowingly submit a potentially unsafe configuration.

Example

  1. Go to Exploits and enable an unsafe exploiter.
  2. Submit config -- you are warned that this config may be unsafe.
  3. Go to the ATT&CK configuration screen and click submit -- You are not warned that the config may be unsafe
  4. Export the configuration
  5. Open the exported configuration and verify that the unsafe exploiter is present in the configuration.

Solution
When ATT&CK configurations are submitted, the workflow is:

  1. ATT&CK configuration is submitted to the back-end.
  2. The back-end converts the ATT&CK configuration into a regular configuration
  3. The front-end pulls the new, regular configuration from the back-end.

The ATT&CK configuration does not contain enough information for the front-end to simply determine whether or not it is safe. Therefore, the front-end relies on the back-end to translate the ATT&CK config into a regular config before it can evaluate safety. The front-end can then only warn the user, not prevent submission as in #1000.

PR Checklist

  • Have you added an explanation of what your changes do and why you'd like to include them?
  • Is the TravisCI build passing?
  • Was the documentation framework updated to reflect the changes?

Testing Checklist

  • Added relevant unit tests?
  • Have you successfully tested your changes locally? Elaborate:

    Tested locally. See screenshot

  • If applicable, add screenshots or log transcripts of the feature working

attack-warning

@mssalvatore mssalvatore requested a review from VakarisZ March 1, 2021 17:16
@codecov
Copy link

codecov bot commented Mar 1, 2021
edited
Loading

Codecov Report

Merging #1006 (a152da0) into develop (cfaf4a1) will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff            @@
##           develop    #1006   +/-   ##
========================================
  Coverage    26.11%   26.11%           
========================================
  Files          402      402           
  Lines        12821    12821           
========================================
  Hits          3348     3348           
  Misses        9473     9473

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update cfaf4a1...a152da0. Read the comment docs.

@mssalvatore mssalvatore mentioned this pull request Mar 1, 2021
Closed
VakarisZ
VakarisZ approved these changes Mar 2, 2021
View reviewed changes
Copy link
Contributor

@VakarisZ VakarisZ left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Good job!

@mssalvatore mssalvatore merged commit 60395a8 into develop Mar 2, 2021
@mssalvatore mssalvatore deleted the attack-config-unsafe-warning branch April 15, 2021 11:31
@mssalvatore mssalvatore mentioned this pull request Aug 13, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@VakarisZ VakarisZ VakarisZ approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mssalvatore @VakarisZ