SSH topology api backend #623

FrimIdan · 2023-09-04T09:49:46Z

Description

The PR introduce the api + backend implementation of the new family (infoFinder) with the new sshTopology scanner.
It's a continue of the scanner work done in #557 and relates to #549.

The PR also includes a temp addition to the scan configuration scan types (for easy testing) - let me know if I should keep it there since there is no UX design for the "findings"

I've tested it on 2 test machines, client (asset id 3c7593d1-f570-4c6c-bea3-27157c13130f) and server (asset id eff08082-c096-46b4-ae11-6a1dbaf24918)

{
  "items": [
    {
      "asset": {
        "id": "eff08082-c096-46b4-ae11-6a1dbaf24918"
      },
      "findingInfo": {
        "data": "3072 SHA256:hl8YpVK8lTppCDSE7nTknvZHX/63kjwA77hqspESH/w [email protected] (RSA)",
        "objectType": "InfoFinder",
        "path": "/home/ec2-user/.ssh/authorized_keys",
        "scannerName": "sshTopology",
        "type": "SSHAuthorizedKeyFingerprint"
      },
      "foundBy": {
        "id": "f3467be3-545e-4f89-b5d8-3e5cb6971fab"
      },
      "foundOn": "2023-09-03T14:50:45.125057241Z",
      "id": "e4652a8f-d17b-4075-ae0f-fccf829288d3",
      "invalidatedOn": "2023-09-04T09:34:10.387747037Z"
    },
    {
      "asset": {
        "id": "eff08082-c096-46b4-ae11-6a1dbaf24918"
      },
      "findingInfo": {
        "data": "2048 SHA256:YQuPOM8ld6FOA9HbKCgkCJWHuGt4aTRD7hstjJpRhxc idan-key-pair (RSA)",
        "objectType": "InfoFinder",
        "path": "/home/ec2-user/.ssh/authorized_keys",
        "scannerName": "sshTopology",
        "type": "SSHAuthorizedKeyFingerprint"
      },
      "foundBy": {
        "id": "f3467be3-545e-4f89-b5d8-3e5cb6971fab"
      },
      "foundOn": "2023-09-03T14:50:45.125057241Z",
      "id": "0450ab30-6060-4a06-a17b-1890c820e04d",
      "invalidatedOn": "2023-09-04T09:34:10.387747037Z"
    },
    {
      "asset": {
        "id": "eff08082-c096-46b4-ae11-6a1dbaf24918"
      },
      "findingInfo": {
        "data": "2048 SHA256:YQuPOM8ld6FOA9HbKCgkCJWHuGt4aTRD7hstjJpRhxc idan-key-pair (RSA)",
        "objectType": "InfoFinder",
        "path": "/root/.ssh/authorized_keys",
        "scannerName": "sshTopology",
        "type": "SSHAuthorizedKeyFingerprint"
      },
      "foundBy": {
        "id": "f3467be3-545e-4f89-b5d8-3e5cb6971fab"
      },
      "foundOn": "2023-09-03T14:50:45.125057241Z",
      "id": "58de6d83-25f4-4506-a2a4-9ee598db5481",
      "invalidatedOn": "2023-09-04T09:34:10.387747037Z"
    },
    {
      "asset": {
        "id": "eff08082-c096-46b4-ae11-6a1dbaf24918"
      },
      "findingInfo": {
        "data": "2048 SHA256:YQuPOM8ld6FOA9HbKCgkCJWHuGt4aTRD7hstjJpRhxc idan-key-pair (RSA)",
        "objectType": "InfoFinder",
        "path": "/root/.ssh/authorized_keys",
        "scannerName": "sshTopology",
        "type": "SSHAuthorizedKeyFingerprint"
      },
      "foundBy": {
        "id": "56d636da-d3f3-4e91-be28-7bbe68569f80"
      },
      "foundOn": "2023-09-04T09:34:10.387747037Z",
      "id": "304993b5-2210-4b47-a06c-2de808fd614f"
    },
    {
      "asset": {
        "id": "eff08082-c096-46b4-ae11-6a1dbaf24918"
      },
      "findingInfo": {
        "data": "3072 SHA256:hl8YpVK8lTppCDSE7nTknvZHX/63kjwA77hqspESH/w [email protected] (RSA)",
        "objectType": "InfoFinder",
        "path": "/home/ec2-user/.ssh/authorized_keys",
        "scannerName": "sshTopology",
        "type": "SSHAuthorizedKeyFingerprint"
      },
      "foundBy": {
        "id": "56d636da-d3f3-4e91-be28-7bbe68569f80"
      },
      "foundOn": "2023-09-04T09:34:10.387747037Z",
      "id": "653e0add-ad24-41d5-ad64-bcf83a2ebc31"
    },
    {
      "asset": {
        "id": "eff08082-c096-46b4-ae11-6a1dbaf24918"
      },
      "findingInfo": {
        "data": "2048 SHA256:YQuPOM8ld6FOA9HbKCgkCJWHuGt4aTRD7hstjJpRhxc idan-key-pair (RSA)",
        "objectType": "InfoFinder",
        "path": "/home/ec2-user/.ssh/authorized_keys",
        "scannerName": "sshTopology",
        "type": "SSHAuthorizedKeyFingerprint"
      },
      "foundBy": {
        "id": "56d636da-d3f3-4e91-be28-7bbe68569f80"
      },
      "foundOn": "2023-09-04T09:34:10.387747037Z",
      "id": "9e29969b-9740-4871-b6cb-855759cc5af1"
    },
    {
      "asset": {
        "id": "eff08082-c096-46b4-ae11-6a1dbaf24918"
      },
      "findingInfo": {
        "data": "256 SHA256:cDmm4+e/BNwQpsk/Qhh39i2qiT6HcIs6qTLtIiMWzPg [email protected] (ECDSA)",
        "objectType": "InfoFinder",
        "path": "/etc/ssh/ssh_host_ecdsa_key",
        "scannerName": "sshTopology",
        "type": "SSHDaemonKeyFingerprint"
      },
      "foundBy": {
        "id": "56d636da-d3f3-4e91-be28-7bbe68569f80"
      },
      "foundOn": "2023-09-04T09:34:10.387747037Z",
      "id": "fb4012d0-3fb8-47ce-a203-eb3ed6b9d4e1"
    },
    {
      "asset": {
        "id": "eff08082-c096-46b4-ae11-6a1dbaf24918"
      },
      "findingInfo": {
        "data": "256 SHA256:gv6snCwAl5+6fY2g5VkmETWb9Mv0zLRkMz8aQyQWAVc [email protected] (ED25519)",
        "objectType": "InfoFinder",
        "path": "/etc/ssh/ssh_host_ed25519_key",
        "scannerName": "sshTopology",
        "type": "SSHDaemonKeyFingerprint"
      },
      "foundBy": {
        "id": "56d636da-d3f3-4e91-be28-7bbe68569f80"
      },
      "foundOn": "2023-09-04T09:34:10.387747037Z",
      "id": "12e8f59b-b8f0-46c0-afbe-3a35e8cf0436"
    },
    {
      "asset": {
        "id": "3c7593d1-f570-4c6c-bea3-27157c13130f"
      },
      "findingInfo": {
        "data": "2048 SHA256:YQuPOM8ld6FOA9HbKCgkCJWHuGt4aTRD7hstjJpRhxc idan-key-pair (RSA)",
        "objectType": "InfoFinder",
        "path": "/root/.ssh/authorized_keys",
        "scannerName": "sshTopology",
        "type": "SSHAuthorizedKeyFingerprint"
      },
      "foundBy": {
        "id": "a6e7dcc5-2e52-4be6-b7ad-50eeae7324cb"
      },
      "foundOn": "2023-09-04T09:34:11.192377444Z",
      "id": "7244b32e-da76-4a75-bf42-3e56a06b3c9a"
    },
    {
      "asset": {
        "id": "3c7593d1-f570-4c6c-bea3-27157c13130f"
      },
      "findingInfo": {
        "data": "2048 SHA256:YQuPOM8ld6FOA9HbKCgkCJWHuGt4aTRD7hstjJpRhxc idan-key-pair (RSA)",
        "objectType": "InfoFinder",
        "path": "/home/ec2-user/.ssh/authorized_keys",
        "scannerName": "sshTopology",
        "type": "SSHAuthorizedKeyFingerprint"
      },
      "foundBy": {
        "id": "a6e7dcc5-2e52-4be6-b7ad-50eeae7324cb"
      },
      "foundOn": "2023-09-04T09:34:11.192377444Z",
      "id": "5c9c7f8c-70fb-4407-80d4-d374614c79ba"
    },
    {
      "asset": {
        "id": "3c7593d1-f570-4c6c-bea3-27157c13130f"
      },
      "findingInfo": {
        "data": "3072 SHA256:hl8YpVK8lTppCDSE7nTknvZHX/63kjwA77hqspESH/w [email protected] (RSA)",
        "objectType": "InfoFinder",
        "path": "/home/ec2-user/.ssh/id_rsa",
        "scannerName": "sshTopology",
        "type": "SSHPrivateKeyFingerprint"
      },
      "foundBy": {
        "id": "a6e7dcc5-2e52-4be6-b7ad-50eeae7324cb"
      },
      "foundOn": "2023-09-04T09:34:11.192377444Z",
      "id": "bade4e95-1bde-4fb9-9590-5bbb3021e4e9"
    },
    {
      "asset": {
        "id": "3c7593d1-f570-4c6c-bea3-27157c13130f"
      },
      "findingInfo": {
        "data": "256 SHA256:gv6snCwAl5+6fY2g5VkmETWb9Mv0zLRkMz8aQyQWAVc ec2-3-64-214-52.eu-central-1.compute.amazonaws.com (ED25519)",
        "objectType": "InfoFinder",
        "path": "/home/ec2-user/.ssh/known_hosts",
        "scannerName": "sshTopology",
        "type": "SSHKnownHostFingerprint"
      },
      "foundBy": {
        "id": "a6e7dcc5-2e52-4be6-b7ad-50eeae7324cb"
      },
      "foundOn": "2023-09-04T09:34:11.192377444Z",
      "id": "71fe29cf-691f-48d4-a898-7d0f853e7690"
    },
    {
      "asset": {
        "id": "3c7593d1-f570-4c6c-bea3-27157c13130f"
      },
      "findingInfo": {
        "data": "256 SHA256:cDmm4+e/BNwQpsk/Qhh39i2qiT6HcIs6qTLtIiMWzPg ec2-3-64-214-52.eu-central-1.compute.amazonaws.com (ECDSA)",
        "objectType": "InfoFinder",
        "path": "/home/ec2-user/.ssh/known_hosts",
        "scannerName": "sshTopology",
        "type": "SSHKnownHostFingerprint"
      },
      "foundBy": {
        "id": "a6e7dcc5-2e52-4be6-b7ad-50eeae7324cb"
      },
      "foundOn": "2023-09-04T09:34:11.192377444Z",
      "id": "2795ab39-8bac-408a-8344-3392d35398b9"
    },
    {
      "asset": {
        "id": "3c7593d1-f570-4c6c-bea3-27157c13130f"
      },
      "findingInfo": {
        "data": "256 SHA256:fD5lHsrP3KuQI+x+UQEcbIjvUcW0yyNt+vll1X0rw+E [email protected] (ECDSA)",
        "objectType": "InfoFinder",
        "path": "/etc/ssh/ssh_host_ecdsa_key",
        "scannerName": "sshTopology",
        "type": "SSHDaemonKeyFingerprint"
      },
      "foundBy": {
        "id": "a6e7dcc5-2e52-4be6-b7ad-50eeae7324cb"
      },
      "foundOn": "2023-09-04T09:34:11.192377444Z",
      "id": "b3347fbe-d995-4694-be25-b84c3ff3a4e8"
    },
    {
      "asset": {
        "id": "3c7593d1-f570-4c6c-bea3-27157c13130f"
      },
      "findingInfo": {
        "data": "256 SHA256:LqznK3bfmgvLe+I9UWvDsgfp+h42KLKxUQhItQ2vahs [email protected] (ED25519)",
        "objectType": "InfoFinder",
        "path": "/etc/ssh/ssh_host_ed25519_key",
        "scannerName": "sshTopology",
        "type": "SSHDaemonKeyFingerprint"
      },
      "foundBy": {
        "id": "a6e7dcc5-2e52-4be6-b7ad-50eeae7324cb"
      },
      "foundOn": "2023-09-04T09:34:11.192377444Z",
      "id": "04827ed2-ac16-423c-9fa0-171e2489c50f"
    }
  ]
}

Type of Change

[ ] Bug Fix
[X] New Feature
[ ] Breaking Change
[ ] Refactor
[ ] Documentation
[ ] Other (please describe)

Checklist

I have read the contributing guidelines
Existing issues have been referenced (where applicable)
I have verified this change is not present in other open pull requests
Functionality is documented
All code style checks pass
New code contribution is covered by automated tests
All new and existing tests pass

…topology scanner

api/openapi.yaml

pkg/cli/presenter/vmclarity.go

pkg/apiserver/database/demo.go

pkg/cli/utils/apimodel.go

pkg/orchestrator/assetscanprocessor/infofinder.go

pkg/shared/findingkey/infofinder.go

FrimIdan requested a review from a team as a code owner September 4, 2023 09:49

FrimIdan changed the title ~~Ssh topology api backend~~ SSH topology api backend Sep 4, 2023

FrimIdan added 10 commits September 4, 2023 15:33

update api to include new info finder family findings and scan config

e6ca953

update api to include new info finder family findings and scan config

c8c7766

update backend logic

975db0d

temp update ui to enabled info finder scan type

18b27a5

fix compilation

6845471

add missing handling in assetscanprocessor

4119668

add missing wait group to wait for the channel processing in the ssh …

8075b0f

…topology scanner

fixing InfoFinderKey

1c5d321

fix unit test

96efcd3

remove unused arg in withInfoFinderConfig

74d0056

FrimIdan force-pushed the ssh-topology-api-backend branch from 9a0f66f to 74d0056 Compare September 4, 2023 12:33

FrimIdan added 2 commits September 4, 2023 16:58

avoid converting nil results

6557ec8

fix typos in error prints

4d74f5c

fishkerez reviewed Sep 4, 2023

View reviewed changes

api/openapi.yaml Show resolved Hide resolved

pkg/cli/presenter/vmclarity.go Outdated Show resolved Hide resolved

pkg/cli/presenter/vmclarity.go Outdated Show resolved Hide resolved

FrimIdan requested review from akpsgit and fishkerez September 5, 2023 08:24