DESCRIPTION:
A service that you can query and get the attack surface of a VM -
meaning which other machines can access and attack it.
DETAILS:
Cloud environment
The input for the service is a JSON document(/data/input.json) describing the cloud environment.
A cloud environment is described using 2 types of objects: VMs and firewall rules.
The structure of the cloud environment JSON is:
{
“vms”: [ virtual machines ],
“fw_rules”: [ firewall rules ]
}
Virtual Machine
A virtual machine has the following structure:
{
"vm_id": "vm-xxxxxxx",
"name": "jira server",
"tags": ["tag1", ..]
}
vm_id - an identifier that uniquely identifies a virtual machines
name - a user-friendly display name
tags - a list of zero or more tag strings
Firewall Rule
By default, a virtual machine has no access from external sources.
If an administrator wants to make a virtual machine accessible to other machines, it defines a
firewall rule to allow traffic
Firewall rules have the following structure:
{
"fw_id": "fw-xxxxx",
"source_tag": "tag1",
"dest_tag": "tag2"
}
fw_id - an identifier that uniquely identifies a firewall rule
source_tag - a string that represents the source tag of a traffic
dest_tag - a string that represents the destination tag of a traffic
In the example above, all traffic from virtual machines that have “tag1” is allowed to virtual
machines that have “tag2”.
GOAL:
This service has two REST endpoints:
● /attack - which will get a vm_id as a query parameter and return a JSON list of the virtual
machine ids that can potentially attack it
● /stats - which will return service statistics in a JSON format: number of virtual machines
in the cloud environment, number of requests to all endpoints & average request
processing time (in milliseconds).
Statistics are from process startup.
Example of using the attack endpoint:
$ curl 'http://localhost/api/v1/attack?vm_id=vm-a211de'
["vm-c7bac01a07"]
Example of using the stats endpoint:
$ curl 'http://localhost/api/v1/stats'
{"vm_count":2,"request_count":1120232,"average_request_time":0.0030322
68166772597}
TODO NEXT:
● add unit testing & integration testing
more info:
the relevant json file should be placed inside /data folder with file name: input.json
to run: cd into script and:
sh ./start.sh
this will launch the server on port 8080
examples for postman:
http://localhost:8080/api/v1/stats
http://localhost:8080/api/v1/attack?vm_id=vm-ab51cba10