PyPI - roadrecon - Versions diffs - 1.3.0__py3-none-any.whl → 1.5.0__py3-none-any.whl - Mend

roadrecon 1.3.0py3-none-any.whl → 1.5.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

roadtools/roadrecon/gather.py CHANGED Viewed

@@ -615,6 +615,7 @@ async def run(args):
     tasks = []
     dumper.session = dbsession
+    # pylint: disable=not-callable
     totalgroups = dbsession.query(func.count(Group.objectId)).scalar()
     totaldevices = dbsession.query(func.count(Device.objectId)).scalar()
     if totalgroups > MAX_GROUPS:

roadtools/roadrecon/main.py CHANGED Viewed

@@ -65,6 +65,11 @@ def main():
     gui_parser.add_argument('--profile',
                             action='store_true',
                             help='Enable flask profiler')
+    gui_parser.add_argument('--port',
+                            type=int,
+                            action='store',
+                            help='HTTP Server port (default=5000)',
+                            default=5000)
     # Construct plugins module options
     plugin_parser = subparsers.add_parser('plugin', help='Run a ROADrecon plugin')

roadtools/roadrecon/plugins/policies.py CHANGED Viewed

@@ -403,6 +403,16 @@ class AccessPoliciesPlugin():
                 ot += self._parse_appcrit(icrit)
         return ot
+    def _parse_authflows(self, cond):
+        if not 'AuthFlows' in cond:
+            return ''
+        ucond = cond['AuthFlows']
+        ot = '<strong>Flows included</strong>: '
+        for icrit in ucond['Include']:
+            for _, clist in icrit.items():
+                ot += escape(', '.join(clist))
+        return ot
     def _parse_associated_polcies(self,location_object,is_trusted_location,condition_policy_list):
         found_pols = []
@@ -454,15 +464,19 @@ class AccessPoliciesPlugin():
         ot = '<strong>Including</strong>: '
         for icrit in ucond['Include']:
-            ot += ', '.join([escape(crit) for crit in icrit['ClientTypes']])
+            ot += ', '.join(list({escape(self._translate_clienttype(crit)) for crit in icrit['ClientTypes']}))
-        if 'Exclude' in ucond:
-            ot += '\n<br /><strong>Excluding</strong>: '
-            for icrit in ucond['Exclude']:
-                ot += ', '.join([escape(crit) for crit in icrit['ClientTypes']])
         return ot
+    def _translate_clienttype(self, client):
+        if client in ['EasSupported', 'EasUnsupported']:
+            return 'Exchange ActiveSync'
+        if client in ['OtherLegacy', 'LegacySmtp', 'LegacyPop', 'LegacyImap', 'LegacyMapi', 'LegacyOffice']:
+            return 'Legacy Clients'
+        if client == 'Native':
+            return 'Mobile and Desktop clients'
+        return client
     def _parse_sessioncontrols(self, cond):
         if not 'SessionControls' in cond:
             return ''
@@ -511,6 +525,7 @@ class AccessPoliciesPlugin():
                 continue
             out['who'] = self._parse_who(conditions)
             out['applications'] = self._parse_application(conditions)
+            out['authflows'] = self._parse_authflows(conditions)
             out['platforms'] = self._parse_platform(conditions)
             out['locations'] = self._parse_locations(conditions)
             out['clients'] = self._parse_clients(conditions)
@@ -572,7 +587,7 @@ class AccessPoliciesPlugin():
                 loc['name'] = escape(detail.get("NetworkName"))
                 loc['trusted'] = ("trusted" in detail.get("Categories","") if detail.get("Categories") else False)
                 loc['appliestounknowncountry'] = escape(str(detail.get("ApplyToUnknownCountry"))) if detail.get("ApplyToUnknownCountry") is not None else False
-                loc['ipranges'] = "\n<br />".join(detail.get('CidrIpRanges'))
+                loc['ipranges'] = "\n<br />".join(detail.get('CidrIpRanges')) if detail.get("CidrIpRanges") else ""
                 loc['categories'] = escape(", ".join(detail.get("Categories"))) if detail.get("Categories") is not None else ""
                 loc['associated_policies'] = "\n<br />".join(self._parse_associated_polcies(detail.get('NetworkId'),loc['trusted'],condition_policy_list))
                 loc['country_codes'] =  escape(", ".join(detail.get("CountryIsoCodes"))) if detail.get("CountryIsoCodes") else None
@@ -597,6 +612,8 @@ class AccessPoliciesPlugin():
                 table += '<tr><td>At locations</td><td>{0}</td></tr>'.format(out['locations'])
             if out['signinrisks'] != '':
                 table += '<tr><td>Sign-in risks</td><td>{0}</td></tr>'.format(out['signinrisks'])
+            if out['authflows'] != '':
+                table += '<tr><td>Authentication flows</td><td>{0}</td></tr>'.format(out['authflows'])
             if out['controls'] != '':
                 table += '<tr><td>Controls</td><td>{0}</td></tr>'.format(out['controls'])
             if out['sessioncontrols'] != '':

roadtools/roadrecon/plugins/road2timeline.py CHANGED Viewed

@@ -198,8 +198,8 @@ def main(args: Optional[argparse.Namespace] = None) -> Path:
     # Do some reflection to grab the tables
     # and their respective column types
-    db_metadata = sqlalchemy.MetaData(bind=engine, schema="main")
-    db_metadata.reflect()
+    db_metadata = sqlalchemy.MetaData(schema="main")
+    db_metadata.reflect(bind=engine)
     if not HAS_RTT_MODULES:
         print('Error importing required modules for road2timeline. Make sure pyyaml, numpy and pandas are installed.')

roadtools/roadrecon/server.py CHANGED Viewed

@@ -7,7 +7,7 @@ from marshmallow import fields
 from roadtools.roadlib.metadef.database import User, JSON, Group, DirectoryRole, ServicePrincipal, AppRoleAssignment, TenantDetail, Application, Device, OAuth2PermissionGrant, AuthorizationPolicy, DirectorySetting, AdministrativeUnit, RoleDefinition
 import os
 import argparse
-from sqlalchemy import func
+from sqlalchemy import func, and_, or_, select
 import mimetypes
 app = Flask(__name__)
@@ -157,6 +157,10 @@ class TenantDetailSchema(RTModelSchema):
     class Meta(RTModelSchema.Meta):
         model = TenantDetail
+class DirectorySettingSchema(RTModelSchema):
+    class Meta(RTModelSchema.Meta):
+        model = DirectorySetting
 class AuthorizationPolicySchema(RTModelSchema):
     class Meta(RTModelSchema.Meta):
         model = AuthorizationPolicy
@@ -167,6 +171,7 @@ device_schema = DeviceSchema()
 group_schema = GroupSchema()
 application_schema = ApplicationSchema()
 td_schema = TenantDetailSchema()
+ds_schema = DirectorySettingSchema()
 serviceprincipal_schema = ServicePrincipalSchema()
 administrativeunit_schema = AdministrativeUnitSchema()
 authorizationpolicy_schema = AuthorizationPolicySchema(many=True)
@@ -288,10 +293,18 @@ def get_mfa():
     # for approle in per_user:
     #     enabledusers.append(approle.principalId)
-    # Filter out mailbox users by default
-    all_mfa = db.session.query(User).filter(User.cloudMSExchRecipientDisplayType != 0, User.cloudMSExchRecipientDisplayType != 7, User.cloudMSExchRecipientDisplayType != 18).all()
+    # Filter out mailbox-only users by default
+    all_mfa = db.session.execute(select(User).where(
+        or_(User.cloudMSExchRecipientDisplayType is None,
+            and_(
+                User.cloudMSExchRecipientDisplayType != 0,
+                User.cloudMSExchRecipientDisplayType != 7,
+                User.cloudMSExchRecipientDisplayType != 18
+            )
+        )
+    ))
     out = []
-    for user in all_mfa:
+    for user, in all_mfa: # pylint: disable=E1133
         mfa_methods = len(user.strongAuthenticationDetail['methods'])
         methods = [method['methodType'] for method in user.strongAuthenticationDetail['methods']]
         has_app = 'PhoneAppOTP' in methods or 'PhoneAppNotification' in methods
@@ -521,6 +534,11 @@ def get_tenantdetails():
     drs = db.session.query(TenantDetail).first()
     return td_schema.jsonify(drs)
+@app.route("/api/directorysettings", methods=["GET"])
+def get_directorysettings():
+    drs = db.session.query(DirectorySetting).first()
+    return ds_schema.jsonify(drs)
 @app.route("/api/authorizationpolicies", methods=["GET"])
 def get_authpolicies():
     drs = db.session.query(AuthorizationPolicy).all()
@@ -528,6 +546,7 @@ def get_authpolicies():
 @app.route("/api/stats", methods=["GET"])
 def get_stats():
+    # pylint: disable=not-callable
     stats = {
         'countUsers': db.session.query(func.count(User.objectId)).scalar(),
         'countGroups': db.session.query(func.count(Group.objectId)).scalar(),
@@ -563,6 +582,11 @@ def main(args=None):
         parser.add_argument('--profile',
                             action='store_true',
                             help='Enable flask profiler')
+        parser.add_argument('--port',
+                            type=int,
+                            action='store',
+                            help='HTTP Server port (default=5000)',
+                            default=5000)
         args = parser.parse_args()
     if not ':/' in args.database:
         if args.database[0] != '/':
@@ -575,7 +599,7 @@ def main(args=None):
     if args.profile:
         from werkzeug.middleware.profiler import ProfilerMiddleware
         app.wsgi_app = ProfilerMiddleware(app.wsgi_app, restrictions=[5])
-    app.run(debug=args.debug)
+    app.run(debug=args.debug, port=args.port)
 if __name__ == '__main__':
     main()

{roadrecon-1.3.0.dist-info → roadrecon-1.5.0.dist-info}/entry_points.txt RENAMED Viewed

File without changes

{roadrecon-1.3.0.dist-info → roadrecon-1.5.0.dist-info}/top_level.txt RENAMED Viewed

File without changes

roadrecon 1.3.0__py3-none-any.whl → 1.5.0__py3-none-any.whl

roadrecon 1.3.0py3-none-any.whl → 1.5.0py3-none-any.whl