cisagov · schmelz21 · Oct 3, 2024 · Oct 3, 2024 · Oct 3, 2024 · Oct 3, 2024
@@ -131,7 +131,9 @@ export const SCAN_SCHEMA: ScanSchema = {
  flagFloatingIps: {
  type: 'fargate',
  isPassive: true,
- global: true,
+ global: false,
+ cpu: '2048',
+ memory: '16384',
  description:
  'Loops through all domains and determines if their associated IP can be found in a report Cidr block.'
  },

@@ -1,27 +1,39 @@
 import { CommandOptions } from './ecs-client';
 import checkIpInCidr from './helpers/checkIpInCidr';
+import checkOrgIsFceb from './helpers/checkOrgIsFceb';
 import { Organization, connectToDatabase } from '../models';
 
 export const handler = async (commandOptions: CommandOptions) => {
+ const { organizationId, organizationName } = commandOptions;
  const db_connection = await connectToDatabase();
  const organization_repo = db_connection.getRepository(Organization);
+
  const organizations = await organization_repo.find({
+ where: {id: organizationId},
  relations: ['domains']
  });
+
+
  for (const organization of organizations) {
- for (const domain of organization.domains) {
- if (domain.ip) {
- const cidrSectorDict = await checkIpInCidr(
- domain.ip,
- organization.acronym
- );
- if (cidrSectorDict['isInCidr']) {
- domain.fromCidr = true;
- }
- if (cidrSectorDict['isExecutive']) {
- domain.isFceb = true;
+ console.log('Running on ', organizationName)
+ const isExecutive = await checkOrgIsFceb(organization.acronym);
+
+ if (isExecutive) {
+ // If executive, mark all domains as isFceb = true
+ for (const domain of organization.domains) {
+ domain.isFceb = true;
+ await domain.save(); // Save each domain
+ }
+ }
+ else{
+ for (const domain of organization.domains) {
+ if (domain.ip) {
+ // Set fromCidr field based on the check
+ domain.fromCidr = await checkIpInCidr(domain.ip, organization.acronym);;
+
+ // Optionally save domain if its fromCidr value has changed
+ await domain.save(); // Save the domain
  }
- domain.save();
  }
  }
  }

@@ -1,53 +1,25 @@
 import { getRepository } from 'typeorm';
 import { Cidr, DL_Organization, connectToDatalake2 } from '../../models';

 export default async (
  ip: string,
  acronym: string
-): Promise<{ isInCidr: boolean; isExecutive: boolean }> => {
- // await connectToDatalake2()
- // const cidrRepository = getRepository(Cidr);
- // const organizationRepository = getRepository(DL_Organization);
-
- // Find the organization by acronym
+): Promise<boolean> => {
+ // Connect to the database
  const mdl_connection = await connectToDatalake2();
  const mdl_organization_repo = mdl_connection.getRepository(DL_Organization);
+
+ // Find the organization by acronym
  const organization = await mdl_organization_repo.findOne({
  where: { acronym },
- relations: ['cidrs', 'sectors', 'parent']
+ relations: ['cidrs']
  });
 
- if (!organization) {
- return { isInCidr: false, isExecutive: false };
- }
-
- const isOrganizationExecutive = async (
- org: DL_Organization
- ): Promise<boolean> => {
- if (org.sectors.some((sector) => sector.acronym === 'EXECUTIVE')) {
- return true;
- }
- if (org.parent) {
- const parentOrg = await mdl_organization_repo.findOne({
- where: { id: org.parent.id },
- relations: ['sectors']
- });
-
- return parentOrg ? await isOrganizationExecutive(parentOrg) : false;
- }
- return false;
- };
-
- const isExecutive = await isOrganizationExecutive(organization);
-
- // Get CIDRs related to the organization
- const cidrs = organization.cidrs.map((cidr) => cidr.network);
-
- if (cidrs.length === 0) {
- return { isInCidr: false, isExecutive }; // No CIDRs associated with the organization
+ if (!organization || organization.cidrs.length === 0) {
+ return false; // Return false if the organization is not found or has no CIDRs
  }
 
- // Check if the IP is in any of the CIDRs
+ // Check if the IP is in any of the organization's CIDRs
  const mdl_cidr_repo = mdl_connection.getRepository(Cidr);
  const result = await mdl_cidr_repo
  .createQueryBuilder('cidr')
@@ -57,5 +29,5 @@
  })
  .getCount();
 
- return { isInCidr: result > 0, isExecutive };
+ return result > 0; // Return true if the IP is in any CIDR, otherwise false
 };
@@ -0,0 +1,37 @@
+import { getRepository } from 'typeorm';
+import { DL_Organization, connectToDatalake2 } from '../../models';
+
+export default async (acronym: string): Promise<boolean> => {
+ // Connect to the database
+ const mdl_connection = await connectToDatalake2();
+ const mdl_organization_repo = mdl_connection.getRepository(DL_Organization);
+
+ // Find the organization by acronym
+ const organization = await mdl_organization_repo.findOne({
+ where: { acronym },
+ relations: ['sectors', 'parent']
+ });
+
+ if (!organization) {
+ return false; // Return false if the organization is not found
+ }
+
+ const isOrganizationExecutive = async (org: DL_Organization): Promise<boolean> => {
+ // Check if the current organization has the EXECUTIVE sector
+ if (org.sectors.some((sector) => sector.acronym === 'EXECUTIVE')) {
+ return true;
+ }
+ // If there is a parent organization, check it recursively
+ if (org.parent) {
+ const parentOrg = await mdl_organization_repo.findOne({
+ where: { id: org.parent.id },
+ relations: ['sectors']
+ });
+ return parentOrg ? await isOrganizationExecutive(parentOrg) : false;
+ }
+ return false;
+ };
+
+ // Check if the organization or its parents are executive
+ return await isOrganizationExecutive(organization);
+};
@@ -284,8 +284,8 @@
  domainId: vuln?.domain?.id,
  product: vuln.cpe
  ? vuln.cpe
- : vuln?.service?.products
- ? vuln?.service.products[0].cpe || 'N/A'
+ : (vuln.service && vuln.service.products && vuln.service.products.length > 0)
+ ? (vuln.service.products[0].cpe || 'N/A')
  : 'N/A',
  createdAt: vuln?.createdAt
  ? `${differenceInCalendarDays(