oxbrbtx/PrimAITE
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

901 - changed name of enum in enums.py and added class attriubutes in access_control_list.py

Browse Source
This commit is contained in:
SunilSamra
2023-06-09 15:45:13 +01:00
parent afc133cbc5
commit 29ba64462a
4 changed files with 22 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/primaite/acl/access_control_list.py
View File

@@ -8,10 +8,12 @@ from primaite.acl.acl_rule import ACLRule
class AccessControlList:
"""Access Control List class."""
def __init__(self):
def __init__(self, implicit_permission):
"""Init."""
# A list of ACL Rules
self.acl: List[ACLRule] = []
self.acl_implicit_rule = implicit_permission
self.max_acl_rules: int
def check_address_match(self, _rule, _source_ip_address, _dest_ip_address):
"""
@@ -103,6 +105,7 @@ class AccessControlList:
_protocol: the protocol
_port: the port
"""
# Add check so you cant remove implicit rule
rule = ACLRule(_permission, _source_ip, _dest_ip, _protocol, str(_port))
hash_value = hash(rule)
# There will not always be something 'popable' since the agent will be trying random things

2
src/primaite/common/enums.py
View File

@@ -128,7 +128,7 @@ class LinkStatus(Enum):
OVERLOAD = 4
class ImplicitFirewallRule(Enum):
class RulePermissionType(Enum):
"""Implicit firewall rule."""
DENY = 0

16
src/primaite/environment/observations.py
View File

@@ -9,7 +9,7 @@ from gym import spaces
from primaite.common.enums import (
FileSystemState,
HardwareState,
ImplicitFirewallRule,
RulePermissionType,
SoftwareState,
)
from primaite.nodes.active_node import ActiveNode
@@ -336,25 +336,16 @@ class AccessControlList(AbstractObservationComponent):
_DATA_TYPE: type = np.int64
def __init__(
self,
env: "Primaite",
acl_implicit_rule=ImplicitFirewallRule.DENY,
max_acl_rules: int = 5,
):
def __init__(self, env: "Primaite"):
super().__init__(env)
self.acl_implicit_rule: ImplicitFirewallRule = acl_implicit_rule
self.max_acl_rules = max_acl_rules
# 1. Define the shape of your observation space component
acl_shape = [
len(ImplicitFirewallRule),
len(RulePermissionType),
len(env.nodes),
len(env.nodes),
len(env.services_list),
len(env.ports_list),
len(env.acl),
]
shape = acl_shape * self.env.max_acl_rules
@@ -394,6 +385,7 @@ class ObservationsHandler:
"NODE_LINK_TABLE": NodeLinkTable,
"NODE_STATUSES": NodeStatuses,
"LINK_TRAFFIC_LEVELS": LinkTrafficLevels,
"ACCESS_CONTROL_LIST": AccessControlList,
}
def __init__(self):

24
src/primaite/environment/primaite_env.py
View File

@@ -21,11 +21,11 @@ from primaite.common.enums import (
ActionType,
FileSystemState,
HardwareState,
ImplicitFirewallRule,
NodePOLInitiator,
NodePOLType,
NodeType,
Priority,
RulePermissionType,
SoftwareState,
)
from primaite.common.service import Service
@@ -160,7 +160,7 @@ class Primaite(Env):
# Set by main_config
# Adds a DENY ALL or ALLOW ALL to the end of the Access Control List
self.acl_implicit_rule = ImplicitFirewallRule.DENY
self.acl_implicit_rule = RulePermissionType.DENY
# Sets a limit to how many ACL
self.max_acl_rules = 0
@@ -1173,7 +1173,7 @@ class Primaite(Env):
def create_acl_action_dict(self):
"""Creates a dictionary mapping each possible discrete action to more readable multidiscrete action."""
# reserve 0 action to be a nothing action
actions = {0: [0, 0, 0, 0, 0, 0]}
actions = {0: [0, 0, 0, 0, 0, 0, 0]}
action_key = 1
# 3 possible action decisions, 0=NOTHING, 1=CREATE, 2=DELETE
@@ -1185,14 +1185,16 @@ class Primaite(Env):
for dest_ip in range(self.num_nodes + 1):
for protocol in range(self.num_services + 1):
for port in range(self.num_ports + 1):
action = [
action_decision,
action_permission,
source_ip,
dest_ip,
protocol,
port,
]
for position in range(self.max_acl_rules - 1):
action = [
action_decision,
action_permission,
source_ip,
dest_ip,
protocol,
port,
position,
]
# Check to see if its an action we want to include as possible i.e. not a nothing action
if is_valid_acl_action_extra(action):
actions[action_key] = action