Send attack.user with detected attack event

slack-watcher · slack-watcher · commit 1aed2adc5659 · 2025-01-23T10:18:47.000+01:00
diff --git a/agent_api/src/main/java/dev/aikido/agent_api/background/cloud/api/events/DetectedAttack.java b/agent_api/src/main/java/dev/aikido/agent_api/background/cloud/api/events/DetectedAttack.java
@@ -3,6 +3,7 @@
 import dev.aikido.agent_api.background.cloud.CloudConnectionManager;
 import dev.aikido.agent_api.background.cloud.GetManagerInfo;
 import dev.aikido.agent_api.context.ContextObject;
+import dev.aikido.agent_api.context.User;
 import dev.aikido.agent_api.vulnerabilities.Attack;
 
 import java.util.Map;
@@ -40,7 +41,8 @@ public record AttackData (
             // Auxiliary attack data :
             String module,
             boolean blocked,
-            String stack
+            String stack,
+            User user
     ) {};
 
     public static DetectedAttackEvent createAPIEvent(Attack attack, ContextObject context, CloudConnectionManager connectionManager) {
@@ -56,7 +58,7 @@ public static DetectedAttackEvent createAPIEvent(Attack attack, ContextObject co
         );
         AttackData attackData = new AttackData(
             attack.kind, attack.operation, attack.source, attack.pathToPayload, attack.payload, attack.metadata,
-            "MODULE?", connectionManager.shouldBlock(), attack.stack
+            "module", connectionManager.shouldBlock(), attack.stack, attack.user
         );
         return new DetectedAttackEvent(
         "detected_attack", // type
diff --git a/agent_api/src/main/java/dev/aikido/agent_api/vulnerabilities/Scanner.java b/agent_api/src/main/java/dev/aikido/agent_api/vulnerabilities/Scanner.java
@@ -44,7 +44,10 @@ public static void scanForGivenVulnerability(Vulnerabilities.Vulnerability vulne
                     exception = Optional.of(detectorResult.getException());
                     // Report attack :
                     reportAttack(
-                        new Attack(operation, vulnerability, source, path, detectorResult.getMetadata(), userInput, getCurrentStackTrace()), ctx
+                        new Attack(
+                                operation, vulnerability, source,
+                                path, detectorResult.getMetadata(), userInput,
+                                getCurrentStackTrace(), ctx.getUser()), ctx
                     );
                     break;
                 }
diff --git a/agent_api/src/main/java/dev/aikido/agent_api/vulnerabilities/ssrf/SSRFDetector.java b/agent_api/src/main/java/dev/aikido/agent_api/vulnerabilities/ssrf/SSRFDetector.java
@@ -54,7 +54,8 @@ public Attack run(String hostname, int port, List<String> ipAddresses, String op
                         "port", String.valueOf(port)
                     ),
                     attackFindings.payload(),
-                    getCurrentStackTrace()
+                    getCurrentStackTrace(),
+                    context.getUser()
             );
         }
         

Original file line number	Diff line number	Diff line change
`@@ -54,7 +54,8 @@ public Attack run(String hostname, int port, List<String> ipAddresses, String op`
`54`	`54`	`"port", String.valueOf(port)`
`55`	`55`	`),`
`56`	`56`	`attackFindings.payload(),`
`57`		`- getCurrentStackTrace()`
	`57`	`+ getCurrentStackTrace(),`
	`58`	`+ context.getUser()`
`58`	`59`	`);`
`59`	`60`	`}`
`60`	`61`