Connection inclusion/exclusion by SS results

ouspg · Jun 7, 2024 · c189bf0 · c189bf0
1 parent 70f4e9a
commit c189bf0
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 6 deletions.
diff --git a/tcsfw/model.py b/tcsfw/model.py
@@ -34,10 +34,12 @@ def is_admin(self) -> bool:
 
     def is_relevant(self, ignore_ends=False) -> bool:
         """Is this connection relevant, i.e. not placeholder or external?"""
-        if self.status in {Status.EXPECTED, Status.UNEXPECTED}:
-            return True
         if self.status == Status.PLACEHOLDER:
             return False  # placeholder is never relevant
+        if self.status in {Status.EXPECTED, Status.UNEXPECTED}:
+            return True
+        if self.get_expected_verdict() == Verdict.FAIL:
+            return True  # the dirt must be seen
         if ignore_ends:
             return False
         return self.source.is_relevant() or self.target.is_relevant()

diff --git a/tests/samples/shell-ss/Device.txt b/tests/samples/shell-ss/Device.txt
@@ -13,4 +13,5 @@ tcp                 ESTAB                  0                    0
 tcp                 ESTAB                  0                    0                                     169.254.255.255:51337                                 169.254.10.2:56164
 tcp                 SYN-RECV               0                    0                                        65.21.253.97:41337                               104.223.42.139:10446
 tcp                 ESTAB                  0                    192                                      65.21.253.97:22                                  81.175.152.166:49224
+tcp                 ESTAB                  0                    192                                   169.254.255.255:22                                 169.222.152.166:49224
 tcp                 LISTEN                 0                    128                                              [::]:22                                            [::]:*
diff --git a/tests/test_shell_ss.py b/tests/test_shell_ss.py
@@ -4,7 +4,7 @@
 
 from tcsfw.basics import ExternalActivity, Status
 from tcsfw.batch_import import BatchImporter
-from tcsfw.main import SSH
+from tcsfw.main import DHCP, SSH, UDP, TCP
 from tcsfw.verdict import Verdict
 from tests.test_model import Setup
 
@@ -18,12 +18,12 @@ def __init__(self):
         self.ssh.external_activity(ExternalActivity.PASSIVE)
 
 
-def test_shell_ss_pass():
+def test_shell_ss_mix():
     su = Setup_1()
     BatchImporter(su.get_inspector()).import_batch(pathlib.Path("tests/samples/shell-ss"))
     hs = su.get_hosts()
-    co = su.get_connections()
-    assert len(hs) == 6
+    # co = su.get_connections()
+    assert len(hs) == 7
     h = hs[0]
     assert h.status_verdict() == (Status.EXPECTED, Verdict.PASS)
     assert len(h.children) == 6
@@ -45,3 +45,35 @@ def test_shell_ss_pass():
     s = h.children[5]
     assert s.long_name() == "Device UDP:123"
     assert s.status_verdict() == (Status.UNEXPECTED, Verdict.FAIL)
+
+
+class Setup_2(Setup):
+    """Setup for tests here"""
+    def __init__(self):
+        super().__init__()
+        default = self.system.network().mask("0.0.0.0/0")
+        vpn = self.system.network("VPN").mask("169.254.0.0/16")
+        self.device = self.system.device().in_networks(default, vpn).ip("65.21.253.97").ip("169.254.255.255")
+        self.ssh = self.device / SSH
+        self.ssh.external_activity(ExternalActivity.OPEN)
+        self.dhcp = self.device / DHCP.client().in_network(default)
+        # self.dhcp = self.device / UDP(port=68).in_network(default)
+        self.udp1 = self.device / UDP(port=123)
+        self.udp2 = self.device / UDP(port=1194)
+        self.udp3 = self.device / TCP(port=41337)
+        self.tcp1 = self.device / TCP(port=51337).in_network(vpn) # .at_address("169.254.255.255")
+
+
+def test_shell_ss_two_networks():
+    su = Setup_2()
+    BatchImporter(su.get_inspector()).import_batch(pathlib.Path("tests/samples/shell-ss"))
+    hs = su.get_hosts()
+    co = list(su.get_connections())
+    assert len(hs) == 6
+    assert len(hs[0].children) == 6
+    assert all([h.status_verdict() == (Status.EXPECTED, Verdict.PASS) for h in hs[0].children])
+
+    assert len(co) == 3
+    assert co[0].status_verdict() == (Status.UNEXPECTED, Verdict.FAIL)
+    assert co[1].status_verdict() == (Status.UNEXPECTED, Verdict.FAIL)
+    assert co[2].status_verdict() == (Status.UNEXPECTED, Verdict.FAIL)