Made fixes to filters and logic to mark fceb children as fceb

cisagov · Sep 27, 2024 · adf58d9 · adf58d9
1 parent ce06011
commit adf58d9
Show file tree

Hide file tree

Showing 7 changed files with 38 additions and 16 deletions.
diff --git a/backend/src/api/domains.ts b/backend/src/api/domains.ts
@@ -155,7 +155,7 @@ class DomainSearch {
     }
 
     qs.andWhere(
-      'domain.isFceb = true OR (domain.isFceb = false AND domain.FromCidr = true)'
+      'domain."isFceb" = true OR (domain."isFceb" = false AND domain."fromCidr" = true)'
     );
 
     await this.filterResultQueryset(qs, event);

diff --git a/backend/src/api/stats.ts b/backend/src/api/stats.ts
@@ -95,7 +95,7 @@ export const get = wrapHandler(async (event) => {
     }
 
     qs.andWhere(
-      'domain.isFceb = true OR (domain.isFceb = false AND domain.FromCidr = true)'
+      'domain."isFceb" = true OR (domain."isFceb" = false AND domain."fromCidr" = true)'
     );
 
     // Handles the case where no orgs and no regions are set, and we pull stats for a region that will never exist

diff --git a/backend/src/api/vulnerabilities.ts b/backend/src/api/vulnerabilities.ts
@@ -175,9 +175,9 @@ class VulnerabilitySearch {
 
 
     qs.andWhere(
-      'domain.isFceb = true OR (domain.isFceb = false AND domain.FromCidr = true)'
+      'domain."isFceb" = true OR (domain."isFceb" = false AND domain."fromCidr" = true)'
     );
-    
+
     if (groupBy) {
       qs = qs
         .groupBy('title, cve, "isKev", description, severity')

diff --git a/backend/src/tasks/flagfloatingIps.ts b/backend/src/tasks/flagfloatingIps.ts
@@ -5,8 +5,9 @@ import { Organization, connectToDatabase } from '../models';
 
 
 export const handler = async (commandOptions: CommandOptions) => {
-    await connectToDatabase()
-    const organizations = await Organization.find({ relations: ['domains'] });
+    const db_connection = await connectToDatabase()
+    const organization_repo = db_connection.getRepository(Organization);
+    const organizations = await organization_repo.find({ relations: ['domains'] });
 
     for (const organization of organizations) {
         for (const domain of organization.domains) {

diff --git a/backend/src/tasks/helpers/checkIpInCidr.ts b/backend/src/tasks/helpers/checkIpInCidr.ts
@@ -1,22 +1,40 @@
 import { getRepository } from 'typeorm';
-import { Cidr, DL_Organization,connectToDatalake } from '../../models';
+import { Cidr, DL_Organization,connectToDatalake2 } from '../../models';
 
 export default async (ip: string, acronym: string): Promise<{ isInCidr: boolean; isExecutive: boolean }> => {
-    await connectToDatalake()
+    // await connectToDatalake2()
     // const cidrRepository = getRepository(Cidr);
     // const organizationRepository = getRepository(DL_Organization);
 
     // Find the organization by acronym
-    const organization = await DL_Organization.findOne({
+    const mdl_connection = await connectToDatalake2()
+    const mdl_organization_repo = mdl_connection.getRepository(DL_Organization);
+    const organization = await mdl_organization_repo.findOne({
         where: { acronym },
-        relations: ['cidrs','sectors'],
+        relations: ['cidrs','sectors','parent'],
     });
 
     if (!organization) {
-        throw new Error(`Organization with acronym ${acronym} not found.`);
+        return {isInCidr:false, isExecutive: false}
     }
 
-    const isExecutive = organization.sectors.some(sector => sector.acronym === 'EXECUTIVE');
+    const isOrganizationExecutive = async (org: DL_Organization): Promise<boolean> => {
+        if (org.sectors.some(sector => sector.acronym === 'EXECUTIVE')) {
+            return true;
+        }
+        if (org.parent) {
+            const parentOrg = await mdl_organization_repo.findOne({
+                where: { id: org.parent.id },
+                relations: ['sectors'],
+            });
+            console.log('parent')
+            console.log(parentOrg)
+            return parentOrg ? await isOrganizationExecutive(parentOrg) : false;
+        }
+        return false;
+    };
+
+    const isExecutive = await isOrganizationExecutive(organization);
 
     // Get CIDRs related to the organization
     const cidrs = organization.cidrs.map(cidr => cidr.network);
@@ -26,12 +44,13 @@ export default async (ip: string, acronym: string): Promise<{ isInCidr: boolean;
     }
 
     // Check if the IP is in any of the CIDRs
-    const result = await Cidr
+    const mdl_cidr_repo = mdl_connection.getRepository(Cidr);
+    const result = await mdl_cidr_repo
         .createQueryBuilder('cidr')
-        .where('cidr.cidr >>= :ip', { ip })
+        .where('cidr.network >>= :ip', { ip })
         .andWhere('cidr.id IN (:...cidrIds)', { cidrIds: organization.cidrs.map(cidr => cidr.id) })
         .getCount();
 
-        
+
     return { isInCidr: result > 0, isExecutive };
 }
diff --git a/backend/src/tasks/search-sync-domains.ts b/backend/src/tasks/search-sync-domains.ts
@@ -41,7 +41,7 @@ export const handler = async (commandOptions: CommandOptions) => {
   }
 
   qs.andWhere(
-    'domain.isFceb = true OR (domain.isFceb = false AND domain.FromCidr = true)'
+    'domain."isFceb" = true OR (domain."isFceb" = false AND domain."fromCidr" = true)'
   );
 
   const domainIds = (await qs.getMany()).map((e) => e.id);

diff --git a/backend/src/worker.ts b/backend/src/worker.ts
@@ -23,6 +23,7 @@ import { handler as sslyze } from './tasks/sslyze';
 import { handler as trustymail } from './tasks/trustymail';
 import { handler as vulnSync } from './tasks/vuln-sync';
 import { handler as vulnScanningSync } from './tasks/vs_sync';
+import { handler as flagFloatingIps } from './tasks/flagFloatingIps';
 import { handler as xpanseSync } from './tasks/xpanse-sync';
 import { SCAN_SCHEMA } from './api/scans';
 
@@ -47,6 +48,7 @@ async function main() {
     dnstwist,
     dotgov,
     findomain,
+    flagFloatingIps,
     intrigueIdent,
     lookingGlass,
     portscanner,