diff --git a/examples/nullify.yaml b/examples/nullify.yaml index 51ae6ef..0edae6b 100644 --- a/examples/nullify.yaml +++ b/examples/nullify.yaml @@ -112,6 +112,21 @@ integrations: name: John Smith attack_surface: enable: true - enable_dns_enumeration: false - domain_names: [172.36.255.7,example.com] - ignore_domain_names: [] + enable_dns_enumeration: true + ip_addresses: [10.11.12.13, 10.0.0.1-254] + domain_names: [example.com, prod.hosting.com] + include_only: + - domain_names: [live.prod.hosting.com] + http: + paths: [/main, /api/**/create] + ignore: + - http: + methods: [DELETE] + - domain_names: [jira.example.com, "*.testing.example.com"] + - ip_addresses: [100.110.120.130] + transport_protocols: [tcp] + ports: [22, 8080, 9990-9999] + - domain_names: ["dev.*", "staging.*"] + http: + paths: [/auth] + methods: [POST] diff --git a/pkg/merger/merger_test.go b/pkg/merger/merger_test.go index f7cc0e8..cecadaf 100644 --- a/pkg/merger/merger_test.go +++ b/pkg/merger/merger_test.go @@ -338,10 +338,40 @@ func TestMergeConfigFiles(t *testing.T) { name: "only global config for attack surface monitoring", globalConfig: &models.Configuration{ AttackSurface: &models.AttackSurface{ - Enable: true, + Enable: true, EnableDNSEnumeration: true, - DomainNames: []string{"example.com"}, - IgnoreDomainNames: []string{"example2.com"}, + IPAddresses: []string{"10.11.12.13", "10.0.0.1-254"}, + DomainNames: []string{"example.com", "prod.hosting.com"}, + IncludeOnly: []models.AttackSurfaceIncludeOnly{ + { + DomainNames: []string{"live.prod.hosting.com"}, + HTTP: &models.HTTPAttackSurfaceIncludeOnly{ + Paths: []string{"/main", "/api/**/create"}, + }, + }, + }, + Ignore: []models.AttackSurfaceIgnore{ + { + HTTP: &models.HTTPAttackSurfaceIgnore{ + Methods: []string{"DELETE"}, + }, + }, + { + DomainNames: []string{"jira.example.com", "*.testing.example.com"}, + }, + { + IPAddresses: []string{"100.110.120.130"}, + TransportProtocols: []string{"tcp"}, + Ports: []string{"22", "8080", "9990-9999"}, + }, + { + DomainNames: []string{"dev.*", "staging.*"}, + HTTP: &models.HTTPAttackSurfaceIgnore{ + Paths: []string{"/auth"}, + Methods: []string{"POST"}, + }, + }, + }, }, }, repoConfig: nil, @@ -351,10 +381,40 @@ func TestMergeConfigFiles(t *testing.T) { SeverityThreshold: parser.DefaultSeverityThreshold, PriorityThreshold: parser.DefaultPriorityThreshold, AttackSurface: &models.AttackSurface{ - Enable: true, + Enable: true, EnableDNSEnumeration: true, - DomainNames: []string{"example.com"}, - IgnoreDomainNames: []string{"example2.com"}, + IPAddresses: []string{"10.11.12.13", "10.0.0.1-254"}, + DomainNames: []string{"example.com", "prod.hosting.com"}, + IncludeOnly: []models.AttackSurfaceIncludeOnly{ + { + DomainNames: []string{"live.prod.hosting.com"}, + HTTP: &models.HTTPAttackSurfaceIncludeOnly{ + Paths: []string{"/main", "/api/**/create"}, + }, + }, + }, + Ignore: []models.AttackSurfaceIgnore{ + { + HTTP: &models.HTTPAttackSurfaceIgnore{ + Methods: []string{"DELETE"}, + }, + }, + { + DomainNames: []string{"jira.example.com", "*.testing.example.com"}, + }, + { + IPAddresses: []string{"100.110.120.130"}, + TransportProtocols: []string{"tcp"}, + Ports: []string{"22", "8080", "9990-9999"}, + }, + { + DomainNames: []string{"dev.*", "staging.*"}, + HTTP: &models.HTTPAttackSurfaceIgnore{ + Paths: []string{"/auth"}, + Methods: []string{"POST"}, + }, + }, + }, }, }, }, diff --git a/pkg/models/attack_surface.go b/pkg/models/attack_surface.go index d55b2b5..19d228d 100644 --- a/pkg/models/attack_surface.go +++ b/pkg/models/attack_surface.go @@ -2,8 +2,33 @@ package models type AttackSurface struct { // global only - Enable bool `yaml:"enable"` - EnableDNSEnumeration bool `yaml:"enable_dns_enumeration"` - DomainNames []string `yaml:"domain_names,omitempty"` - IgnoreDomainNames []string `yaml:"ignore_domain_names,omitempty"` + Enable bool `yaml:"enable"` + EnableDNSEnumeration bool `yaml:"enable_dns_enumeration"` + IPAddresses []string `yaml:"ip_addresses,omitempty"` + DomainNames []string `yaml:"domain_names,omitempty"` + IncludeOnly []AttackSurfaceIncludeOnly `yaml:"include_only,omitempty"` + Ignore []AttackSurfaceIgnore `yaml:"ignore,omitempty"` +} + +type AttackSurfaceIncludeOnly struct { + DomainNames []string `yaml:"domain_names,omitempty"` + HTTP *HTTPAttackSurfaceIncludeOnly `yaml:"http,omitempty"` +} + +type HTTPAttackSurfaceIncludeOnly struct { + Paths []string `yaml:"paths,omitempty"` +} + +type AttackSurfaceIgnore struct { + // empty fields are equivalent to * + IPAddresses []string `yaml:"ip_addresses,omitempty"` + DomainNames []string `yaml:"domain_names,omitempty"` + TransportProtocols []string `yaml:"transport_protocols,omitempty"` + Ports []string `yaml:"ports,omitempty"` + HTTP *HTTPAttackSurfaceIgnore `yaml:"http,omitempty"` +} + +type HTTPAttackSurfaceIgnore struct { + Methods []string `yaml:"methods,omitempty"` + Paths []string `yaml:"paths,omitempty"` } diff --git a/tests/integration_test.go b/tests/integration_test.go index 437037b..004243c 100644 --- a/tests/integration_test.go +++ b/tests/integration_test.go @@ -156,8 +156,38 @@ func TestIntegration(t *testing.T) { AttackSurface: &models.AttackSurface{ Enable: true, EnableDNSEnumeration: true, - DomainNames: []string{"172.36.255.7", "example.com"}, - IgnoreDomainNames: []string{"jira.example.com"}, + IPAddresses: []string{"10.11.12.13", "10.0.0.1-254"}, + DomainNames: []string{"example.com", "prod.hosting.com"}, + IncludeOnly: []models.AttackSurfaceIncludeOnly{ + { + DomainNames: []string{"live.prod.hosting.com"}, + HTTP: &models.HTTPAttackSurfaceIncludeOnly{ + Paths: []string{"/main", "/api/**/create"}, + }, + }, + }, + Ignore: []models.AttackSurfaceIgnore{ + { + HTTP: &models.HTTPAttackSurfaceIgnore{ + Methods: []string{"DELETE"}, + }, + }, + { + DomainNames: []string{"jira.example.com", "*.testing.example.com"}, + }, + { + IPAddresses: []string{"100.110.120.130"}, + TransportProtocols: []string{"tcp"}, + Ports: []string{"22", "8080", "9990-9999"}, + }, + { + DomainNames: []string{"dev.*", "staging.*"}, + HTTP: &models.HTTPAttackSurfaceIgnore{ + Paths: []string{"/auth"}, + Methods: []string{"POST"}, + }, + }, + }, }, } diff --git a/tests/nullify.yaml b/tests/nullify.yaml index 8f5c1e4..979f7d3 100644 --- a/tests/nullify.yaml +++ b/tests/nullify.yaml @@ -97,5 +97,20 @@ integrations: attack_surface: enable: true enable_dns_enumeration: true - domain_names: [172.36.255.7,example.com] - ignore_domain_names: [jira.example.com] + ip_addresses: [10.11.12.13, 10.0.0.1-254] + domain_names: [example.com, prod.hosting.com] + include_only: + - domain_names: [live.prod.hosting.com] + http: + paths: [/main, /api/**/create] + ignore: + - http: + methods: [DELETE] + - domain_names: [jira.example.com, "*.testing.example.com"] + - ip_addresses: [100.110.120.130] + transport_protocols: [tcp] + ports: [22, 8080, 9990-9999] + - domain_names: ["dev.*", "staging.*"] + http: + paths: [/auth] + methods: [POST]