➹ New Feature implementation request
Is your feature request related to a problem?
As a secureCodeBox user, with cascading scans enabled, I would like to know on what CascadingRule a scan has been triggered.
Current situation
Cascading scans are triggered by checking if a CascadingRule matches one of the findings:
|
for (const finding of findings) { |
|
// Check if one (ore more) of the CascadingRule matchers apply to the finding |
|
const matches = cascadingRule.spec.matches.anyOf.some(matchesRule => |
|
isMatch(finding, matchesRule) || isMatchWith(finding, matchesRule, wildcardMatcher) |
|
); |
|
|
|
if (matches) { |
|
cascadingScans.push(getCascadingScan(parentScan, finding, cascadingRule)) |
|
} |
|
} |
An example CascadingRule:
|
kind: CascadingRule |
|
metadata: |
|
name: "nmap-hostscan" |
|
labels: |
|
securecodebox.io/invasive: non-invasive |
|
securecodebox.io/intensive: light |
|
spec: |
|
matches: |
|
anyOf: |
|
- category: "Subdomain" |
|
osi_layer: "NETWORK" |
The generated scan only contains ownerReferences, but no information on why it was triggered.
Describe the solution you'd like
We could copy the match onto the cascading scan's metadata:
apiVersion: "execution.securecodebox.io/v1"
kind: Scan
metadata:
name: "amass-example.com-nmap-hostscan"
labels: [...]
annotations: [...]
ownerReferences: [...]
matchedRule:
category: "Subdomain"
osi_layer: "NETWORK"
spec:
scanType: "nmap"
parameters:
# Treat all hosts as online -- skip host discovery
- "-Pn"
# Target Port of the finding
- "example.com"
cascades: trueDescribe alternatives you've considered
We could also move the metadata.matchedRule to spec.matchedRule. Probably easier to implement with the types.
Additional context
Should be pretty simple to implement. If you like the format I can create a PR myself. Main or V3 as a base?
➹ New Feature implementation request
Is your feature request related to a problem?
As a secureCodeBox user, with cascading scans enabled, I would like to know on what CascadingRule a scan has been triggered.
Current situation
Cascading scans are triggered by checking if a CascadingRule matches one of the findings:
secureCodeBox/hooks/declarative-subsequent-scans/hook.ts
Lines 94 to 103 in 89570b3
An example CascadingRule:
secureCodeBox/scanners/nmap/cascading-rules/hostscan.yaml
Lines 6 to 16 in 89570b3
The generated scan only contains
ownerReferences, but no information on why it was triggered.Describe the solution you'd like
We could copy the match onto the cascading scan's metadata:
Describe alternatives you've considered
We could also move the
metadata.matchedRuletospec.matchedRule. Probably easier to implement with the types.Additional context
Should be pretty simple to implement. If you like the format I can create a PR myself. Main or V3 as a base?