Merge pull request #2363 from tpurschke/develop

Develop add Internet in modelling customizing sample script
CactuseSecurity · Mar 21, 2024 · 6be36be · 6be36be
2 parents 00b1827 + 2488192
commit 6be36be
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 0 deletions.
diff --git a/roles/sample-auth-data/templates/tree_roles_for_sample_operators.ldif.j2 b/roles/sample-auth-data/templates/tree_roles_for_sample_operators.ldif.j2
@@ -21,3 +21,15 @@ dn: cn=recertifier,ou=role,{{ openldap_path }}
 changetype: modify
 add: uniquemember
 uniquemember: cn=ownergroup_D{{ sample_postfix }},ou=group,{{ openldap_path }}
+
+
+dn: cn=modeller,ou=role,{{ openldap_path }}
+changetype: modify
+add: uniquemember
+uniquemember: cn=ownergroup_F{{ sample_postfix }},ou=group,{{ openldap_path }}
+
+
+dn: cn=modeller,ou=role,{{ openldap_path }}
+changetype: modify
+add: uniquemember
+uniquemember: cn=ownergroup_D{{ sample_postfix }},ou=group,{{ openldap_path }}
diff --git a/scripts/customizing/modelling/convertNwObjDataExample.py b/scripts/customizing/modelling/convertNwObjDataExample.py
@@ -86,6 +86,19 @@ def extractSocketInfo(asset, services):
     return sockets
 
 
+def generatePublicIPv4NetworksAsInternetArea():
+    internetSubnets = ['0.0.0.0/5', '8.0.0.0/7', '11.0.0.0/8', '12.0.0.0/6', '16.0.0.0/4', '32.0.0.0/3', '64.0.0.0/2', 
+                       '128.0.0.0/3', '160.0.0.0/5', '168.0.0.0/6', '172.0.0.0/12', '172.32.0.0/11', '172.64.0.0/10', 
+                       '172.128.0.0/9', '173.0.0.0/8', '174.0.0.0/7', '176.0.0.0/4', '192.0.0.0/9', '192.128.0.0/11', 
+                       '192.160.0.0/13', '192.169.0.0/16', '192.170.0.0/15', '192.172.0.0/14', '192.176.0.0/12', 
+                       '192.192.0.0/10', '193.0.0.0/8', '194.0.0.0/7', '196.0.0.0/6', '200.0.0.0/5', '208.0.0.0/4', 
+                       '224.0.0.0/3']
+    internetDicts = []
+    for net in internetSubnets:
+        internetDicts.append({'ip': net, 'name': 'inet'})
+    return internetDicts
+
+
 if __name__ == "__main__": 
     parser = argparse.ArgumentParser(
         description='Read configuration from FW management via API calls')
@@ -119,6 +132,7 @@ def extractSocketInfo(asset, services):
 
     normSubnetData = { "subnets": {}, "zones": {}, "areas": {} }
     snId = 0
+
     for subnet in subnetAr:
         # ignore all "reserved" subnets whose name starts with "RES"
         if not subnet['Subnetzname'].startswith('RES'):
@@ -169,6 +183,14 @@ def extractSocketInfo(asset, services):
         transfarea = { "name": areaName, "id_string": areaIdString, "subnets": area['subnets'] }
         transfSubnetData['areas'].append(transfarea)
 
+    # add Internet as NA00_Internet
+    transfSubnetData['areas'].append( {
+        'name': 'Internet',
+        'id_string': 'NA00',
+        'subnets': generatePublicIPv4NetworksAsInternetArea() } )        
+    # open: what about ipv6 addresses?
+    # open: what about the companies own public ip addresses - should they be excluded here?
+
     path = os.path.dirname(__file__)
     fileOut = path + '/' + Path(os.path.basename(__file__)).stem + ".json"
     logger.info("dumping into file " + fileOut)