[client] feat(SCV): fix formating (#4266)

Author: gabriel-peze

pyoaev/contracts/contract_config.py

@@ -119,6 +119,7 @@ class ContractConfig:
     color_dark: str
     color_light: str
 
+
 @dataclass
 class Domain:
     domain_id: str
@@ -127,6 +128,7 @@ class Domain:
     domain_created_at: str
     domain_updated_at: str
 
+
 @dataclass
 class Contract:
     contract_id: str

pyoaev/security_domain/builder.py

@@ -10,22 +10,40 @@ def _find_in_keywords(self, keywords, search):
     def get_associated_security_domains(self, name, description):
         domains = []
 
-        if self._find_in_keywords(SecurityDomainsKeyWords.ENDPOINT, name) or self._find_in_keywords(SecurityDomainsKeyWords.ENDPOINT, description):
+        if self._find_in_keywords(
+            SecurityDomainsKeyWords.ENDPOINT, name
+        ) or self._find_in_keywords(SecurityDomainsKeyWords.ENDPOINT, description):
             domains.append(SecurityDomains.ENDPOINT.value)
-        if self._find_in_keywords(SecurityDomainsKeyWords.NETWORK, name) or self._find_in_keywords(SecurityDomainsKeyWords.NETWORK, description):
+        if self._find_in_keywords(
+            SecurityDomainsKeyWords.NETWORK, name
+        ) or self._find_in_keywords(SecurityDomainsKeyWords.NETWORK, description):
             domains.append(SecurityDomains.NETWORK.value)
-        if self._find_in_keywords(SecurityDomainsKeyWords.WEB_APP, name) or self._find_in_keywords(SecurityDomainsKeyWords.WEB_APP, description):
+        if self._find_in_keywords(
+            SecurityDomainsKeyWords.WEB_APP, name
+        ) or self._find_in_keywords(SecurityDomainsKeyWords.WEB_APP, description):
             domains.append(SecurityDomains.WEB_APP.value)
-        if self._find_in_keywords(SecurityDomainsKeyWords.EMAIL_INFILTRATION, name) or self._find_in_keywords(SecurityDomainsKeyWords.EMAIL_INFILTRATION, description):
+        if self._find_in_keywords(
+            SecurityDomainsKeyWords.EMAIL_INFILTRATION, name
+        ) or self._find_in_keywords(
+            SecurityDomainsKeyWords.EMAIL_INFILTRATION, description
+        ):
             domains.append(SecurityDomains.EMAIL_INFILTRATION.value)
-        if self._find_in_keywords(SecurityDomainsKeyWords.DATA_EXFILTRATION, name) or self._find_in_keywords(SecurityDomainsKeyWords.DATA_EXFILTRATION, description):
+        if self._find_in_keywords(
+            SecurityDomainsKeyWords.DATA_EXFILTRATION, name
+        ) or self._find_in_keywords(
+            SecurityDomainsKeyWords.DATA_EXFILTRATION, description
+        ):
             domains.append(SecurityDomains.DATA_EXFILTRATION.value)
-        if self._find_in_keywords(SecurityDomainsKeyWords.URL_FILTERING, name) or self._find_in_keywords(SecurityDomainsKeyWords.URL_FILTERING, description):
+        if self._find_in_keywords(
+            SecurityDomainsKeyWords.URL_FILTERING, name
+        ) or self._find_in_keywords(SecurityDomainsKeyWords.URL_FILTERING, description):
             domains.append(SecurityDomains.URL_FILTERING.value)
-        if self._find_in_keywords(SecurityDomainsKeyWords.CLOUD, name) or self._find_in_keywords(SecurityDomainsKeyWords.CLOUD, description):
+        if self._find_in_keywords(
+            SecurityDomainsKeyWords.CLOUD, name
+        ) or self._find_in_keywords(SecurityDomainsKeyWords.CLOUD, description):
             domains.append(SecurityDomains.CLOUD.value)
 
         if 0 == len(domains):
             domains.append(SecurityDomains.ENDPOINT.value)
 
-        return domains
+        return domains

pyoaev/security_domain/types.py

@@ -2,21 +2,248 @@
 
 
 class SecurityDomainsKeyWords(Enum):
-    ENDPOINT = ["lsass", "registry", "dll injection", "kernel", "winlogon", "scheduled task", "wmi", "powershell", "process injection", "credential dumping", "rootkit", "startup folder", "bits jobs", "removable media", "hardware additions", "browser extension", "firmware", "bootkit", "master boot record", "clipboard", "screen capture", "audio capture", "video capture", "disk wipe", "ransomware", "debugger evasion", "sandbox evasion", "reflective code", "access token", "system binary proxy", "Bitsadmin Download (PowerShell)"]
-    NETWORK = ["lateral movement", "packet sniff", "port scan", "man-in-the-middle", "arp spoof", "smb", "rdp", "dns tunnel", "network share", "c2", "beacon", "firewall", "domain controller", "kerberos", "golden ticket", "silver ticket", "domain trust", "active directory", "ldap", "network boundary", "bgp hijack", "bgp hijack", "dns hijack", "dhcp poison", "forced authentication", "remote service", "network device", "vlan hopping", "protocol tunnel", "traffic signaling", "weaken encryption", "exploitation remote"]
-    WEB_APP = ["sql injection", "cross-site script", "web shell", "csrf", "file upload vulnerability", "apache", "nginx", "iis", "php", "javascript", "rest api", "cookie", "server-side request forgery", "ssrf", "xml external entity", "xxe", "deserialization", "path traversal", "local file inclusion", "remote file inclusion", "template injection", "ssti", "api abuse", "drive-by compromise", "browser exploit", "forge web credential", "web service", "defacement", "server software component", "reverse proxy", "webdav", "session hijack"]
-    EMAIL_INFILTRATION = ["spearphishing attachment", "spearphishing link", "phishing", "malicious attachment", "email account", "outlook", "exchange", "smtp", "mail server", "social engineering", "inbox rule", "dkim", "business email compromise", "bec", "email forwarding rule", "email delegation", "oauth consent", "reply-to manipulation", "email thread hijack", "internal spearphishing", "email collection", "zimbra", "mapi", "email template", "spoof sender", "dmarc", "spf", "email gateway", "link shortener"]
-    DATA_EXFILTRATION = ["exfiltrat", "data staging", "data compressed", "steganography", "covert channel", "database dump", "automated collection", "intellectual property", "cloud storage exfil", "ftp exfil", "physical medium", "air gap", "scheduled transfer", "alternate protocol", "icmp tunnel", "dns exfiltration", "automated exfiltration", "web service exfil", "pastebin", "code repository", "cloud account transfer", "email exfil", "data destruction", "data encrypted", "image steganography"]
-    URL_FILTERING = ["domain fronting", "url shorten", "typosquatting", "typosquatting", "homograph", "punycode", "url reputation", "content filter", "web gateway", "safe browsing", "url categorization", "blacklist bypass", "whitelist", "redirect", "proxy bypass", "dns over https", "dns over tls", "unicode domain", "url encode", "double encode", "open redirect", "captive portal", "proxy pac", "socks proxy", "vpn bypass", "domain generation", "fast flux", "url confusion", "subdomain takeover", "Bitsadmin Download (PowerShell)"]
-    CLOUD = ["aws", "azure", "gcp", "lambda", "s3 bucket", "blob storage", "kubernetes", "docker", "serverless", "cloud instance", "iam role", "iam role", "saas", "tenant", "subscription", "api gateway", "microservice", "cloud trail", "cloudtrail", "cloud formation", "terraform", "cloud init", "metadata service", "instance metadata", "cloud api", "resource policy", "cloud dashboard", "unused region", "snapshot", "cloud backup", "object storage", "cloud function", "service principal", "managed identity", "cloud key", "sas token", "assume role"]
+    ENDPOINT = [
+        "lsass",
+        "registry",
+        "dll injection",
+        "kernel",
+        "winlogon",
+        "scheduled task",
+        "wmi",
+        "powershell",
+        "process injection",
+        "credential dumping",
+        "rootkit",
+        "startup folder",
+        "bits jobs",
+        "removable media",
+        "hardware additions",
+        "browser extension",
+        "firmware",
+        "bootkit",
+        "master boot record",
+        "clipboard",
+        "screen capture",
+        "audio capture",
+        "video capture",
+        "disk wipe",
+        "ransomware",
+        "debugger evasion",
+        "sandbox evasion",
+        "reflective code",
+        "access token",
+        "system binary proxy",
+        "Bitsadmin Download (PowerShell)",
+    ]
+    NETWORK = [
+        "lateral movement",
+        "packet sniff",
+        "port scan",
+        "man-in-the-middle",
+        "arp spoof",
+        "smb",
+        "rdp",
+        "dns tunnel",
+        "network share",
+        "c2",
+        "beacon",
+        "firewall",
+        "domain controller",
+        "kerberos",
+        "golden ticket",
+        "silver ticket",
+        "domain trust",
+        "active directory",
+        "ldap",
+        "network boundary",
+        "bgp hijack",
+        "bgp hijack",
+        "dns hijack",
+        "dhcp poison",
+        "forced authentication",
+        "remote service",
+        "network device",
+        "vlan hopping",
+        "protocol tunnel",
+        "traffic signaling",
+        "weaken encryption",
+        "exploitation remote",
+    ]
+    WEB_APP = [
+        "sql injection",
+        "cross-site script",
+        "web shell",
+        "csrf",
+        "file upload vulnerability",
+        "apache",
+        "nginx",
+        "iis",
+        "php",
+        "javascript",
+        "rest api",
+        "cookie",
+        "server-side request forgery",
+        "ssrf",
+        "xml external entity",
+        "xxe",
+        "deserialization",
+        "path traversal",
+        "local file inclusion",
+        "remote file inclusion",
+        "template injection",
+        "ssti",
+        "api abuse",
+        "drive-by compromise",
+        "browser exploit",
+        "forge web credential",
+        "web service",
+        "defacement",
+        "server software component",
+        "reverse proxy",
+        "webdav",
+        "session hijack",
+    ]
+    EMAIL_INFILTRATION = [
+        "spearphishing attachment",
+        "spearphishing link",
+        "phishing",
+        "malicious attachment",
+        "email account",
+        "outlook",
+        "exchange",
+        "smtp",
+        "mail server",
+        "social engineering",
+        "inbox rule",
+        "dkim",
+        "business email compromise",
+        "bec",
+        "email forwarding rule",
+        "email delegation",
+        "oauth consent",
+        "reply-to manipulation",
+        "email thread hijack",
+        "internal spearphishing",
+        "email collection",
+        "zimbra",
+        "mapi",
+        "email template",
+        "spoof sender",
+        "dmarc",
+        "spf",
+        "email gateway",
+        "link shortener",
+    ]
+    DATA_EXFILTRATION = [
+        "exfiltrat",
+        "data staging",
+        "data compressed",
+        "steganography",
+        "covert channel",
+        "database dump",
+        "automated collection",
+        "intellectual property",
+        "cloud storage exfil",
+        "ftp exfil",
+        "physical medium",
+        "air gap",
+        "scheduled transfer",
+        "alternate protocol",
+        "icmp tunnel",
+        "dns exfiltration",
+        "automated exfiltration",
+        "web service exfil",
+        "pastebin",
+        "code repository",
+        "cloud account transfer",
+        "email exfil",
+        "data destruction",
+        "data encrypted",
+        "image steganography",
+    ]
+    URL_FILTERING = [
+        "domain fronting",
+        "url shorten",
+        "typosquatting",
+        "typosquatting",
+        "homograph",
+        "punycode",
+        "url reputation",
+        "content filter",
+        "web gateway",
+        "safe browsing",
+        "url categorization",
+        "blacklist bypass",
+        "whitelist",
+        "redirect",
+        "proxy bypass",
+        "dns over https",
+        "dns over tls",
+        "unicode domain",
+        "url encode",
+        "double encode",
+        "open redirect",
+        "captive portal",
+        "proxy pac",
+        "socks proxy",
+        "vpn bypass",
+        "domain generation",
+        "fast flux",
+        "url confusion",
+        "subdomain takeover",
+        "Bitsadmin Download (PowerShell)",
+    ]
+    CLOUD = [
+        "aws",
+        "azure",
+        "gcp",
+        "lambda",
+        "s3 bucket",
+        "blob storage",
+        "kubernetes",
+        "docker",
+        "serverless",
+        "cloud instance",
+        "iam role",
+        "iam role",
+        "saas",
+        "tenant",
+        "subscription",
+        "api gateway",
+        "microservice",
+        "cloud trail",
+        "cloudtrail",
+        "cloud formation",
+        "terraform",
+        "cloud init",
+        "metadata service",
+        "instance metadata",
+        "cloud api",
+        "resource policy",
+        "cloud dashboard",
+        "unused region",
+        "snapshot",
+        "cloud backup",
+        "object storage",
+        "cloud function",
+        "service principal",
+        "managed identity",
+        "cloud key",
+        "sas token",
+        "assume role",
+    ]
+
 
 class SecurityDomains(Enum):
-    ENDPOINT = { "domain_name": "Endpoint", "domain_color": "#389CFF" }
-    NETWORK = { "domain_name": "Network", "domain_color": "#009933" }
-    WEB_APP = { "domain_name": "Web App", "domain_color": "#FF9933" }
-    EMAIL_INFILTRATION = { "domain_name": "E-mail Infiltration", "domain_color": "#FF6666" }
-    DATA_EXFILTRATION = { "domain_name": "Data Exfiltration", "domain_color": "#9933CC" }
-    URL_FILTERING = { "domain_name": "Url Filtering", "domain_color": "#66CCFF" }
-    CLOUD = { "domain_name": "Cloud", "domain_color": "#9999CC" }
-    TABLE_TOP = { "domain_name": "Table Top", "domain_color": "#FFCC33" }
-    TOCLASSIFY = { "domain_name": "To classify", "domain_color": "#FFFFFF" }
+    ENDPOINT = {"domain_name": "Endpoint", "domain_color": "#389CFF"}
+    NETWORK = {"domain_name": "Network", "domain_color": "#009933"}
+    WEB_APP = {"domain_name": "Web App", "domain_color": "#FF9933"}
+    EMAIL_INFILTRATION = {
+        "domain_name": "E-mail Infiltration",
+        "domain_color": "#FF6666",
+    }
+    DATA_EXFILTRATION = {"domain_name": "Data Exfiltration", "domain_color": "#9933CC"}
+    URL_FILTERING = {"domain_name": "Url Filtering", "domain_color": "#66CCFF"}
+    CLOUD = {"domain_name": "Cloud", "domain_color": "#9999CC"}
+    TABLE_TOP = {"domain_name": "Table Top", "domain_color": "#FFCC33"}
+    TOCLASSIFY = {"domain_name": "To classify", "domain_color": "#FFFFFF"}