Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Redteamer can now acknowledge clearance level during onboarding #1549

Merged
merged 62 commits into from
Aug 15, 2023
Merged

Redteamer can now acknowledge clearance level during onboarding #1549

merged 62 commits into from
Aug 15, 2023

Conversation

Rieven
Copy link
Contributor

@Rieven Rieven commented Aug 2, 2023
edited
Loading

Changes

Issue link

Closes #908

Proof

This step has been splitted now (introduction about clearance levels)
image

NEW added screen that talks about the clearance level permissions and acknowledging
Here a redteamer does not have enough clearance to continue onboarding
image

Screen to accept onboarding or just skip
image

After accepting, now one can continue onboarding
image

Setting clearance level comes afterwards, only focusses on setting the clearance level:
image

Code Checklist

  • All the commits in this PR are properly PGP-signed and verified;
  • This PR only contains functionality relevant to the issue; tickets have been created for newly discovered issues.
  • I have written unit tests for the changes or fixes I made.
  • For any non-trivial functionality, I have added integration and/or end-to-end tests.
  • I have performed a self-review of my code and refactored it to the best of my abilities.

Communication

  • I have informed others of any required .env changes files if required and changed the .env-dist accordingly.
  • I have made corresponding changes to the documentation, if necessary.

Checklist for code reviewers:

Copy-paste the checklist from the docs/source/templates folder into your comment.

Checklist for QA:

Copy-paste the checklist from the docs/source/templates folder into your comment.

Rieven and others added 26 commits June 29, 2023 17:58
@Rieven
Redteamer form added
20192e4
@Rieven
Changes for redteam creation
ebdf87a
@Rieven
Fix forms and onboarding
9dd700a
@Rieven
Merge branch 'main' of github.com:minvws/nl-kat-coordination into fea…
b343001 
…ture/clearance-levels-at-redteam-creation
@Rieven
Fixed views for onboarding
63613ba
@Rieven
Add messaging for clearance level
1a72ec1
@Rieven
Merge branch 'main' into feature/clearance-levels-at-redteam-creation
a3bcc8e
@Rieven
Remove redundant file
c1dbd04
@Darwinkel
Merge branch 'main' into feature/clearance-levels-at-redteam-creation
d43976e
@Rieven
Changes for L1 scan
a007ff0
@Rieven
Merge branch 'feature/clearance-levels-at-redteam-creation' of github…
5c24d34 
….com:minvws/nl-kat-coordination into feature/clearance-levels-at-redteam-creation
@Rieven
Forgot to change
287fe1b
@Rieven
Textual changes about clearance level
e688c50
@Rieven
Merge branch 'main' into feature/clearance-levels-at-redteam-creation
e8355b2
@Rieven
Merge branch 'main' into feature/clearance-levels-at-redteam-creation
1b09bbc
@Rieven
Add acknowledge html
f867801
@Rieven
Adding new flow to the onboarding
88d05e2
@Rieven
Merge branch 'main' of github.com:minvws/nl-kat-coordination into fix…
3fdf690 
…/redteamer-accept-clearance-level-onboarding
@Rieven
Merge branch 'main' of github.com:minvws/nl-kat-coordination into fea…
840ddab 
…ture/clearance-levels-at-redteam-creation
@Rieven
Merge branch 'feature/clearance-levels-at-redteam-creation' of github…
c75a9ca 
….com:minvws/nl-kat-coordination into feature/clearance-levels-at-redteam-creation
@Rieven
Fix test
18b27a5
@Rieven
Merge branch 'main' into feature/clearance-levels-at-redteam-creation
dc603b2
@Rieven
Merge branch 'main' into feature/clearance-levels-at-redteam-creation
7ff4ca3
@Rieven
Finishign flow
2deb776
@Rieven
Merge branch 'feature/clearance-levels-at-redteam-creation' of github…
ec3f6cd 
….com:minvws/nl-kat-coordination into fix/redteamer-accept-clearance-level-onboarding
@Rieven
Merge branch 'main' into feature/clearance-levels-at-redteam-creation
6b22a0a
@Rieven Rieven requested a review from a team as a code owner August 2, 2023 14:35
@Darwinkel
Copy link
Contributor

Checklist for QA:

  • I have checked out this branch, and successfully ran a fresh make reset.
  • I confirmed that there are no unintended functional regressions in this branch:
    • I have managed to pass the onboarding flow
    • Objects and Findings are created properly
    • Tasks are created and completed properly
  • I confirmed that the PR's advertised feature or hotfix works as intended.

Nice work!

What works:

  • The flow where a redteamer goes through the onboarding without sufficient clearance
  • The flow where a redteamer goes through the onboarding with sufficient clearance
  • No errors with regards to enabling/disabling boefjes or creating (duplicate) objects

What doesn't work:

  • If one redteamer goes through the onboarding with proper clearance, and a second redteamer goes through the onboarding without proper clearance, while trying to add the same object, the following flow occurs:

image
image

image

Bug or feature?:

  • From a UX perspective, it would be nice to include a small message/instruction ("Contact the administrator for receiving higher clearance") on the last page of the onboarding as well:

image

@Rieven
Copy link
Contributor Author

Rieven commented Aug 14, 2023
edited
Loading

  • Contact the administrator for receiving higher clearance

Added more context:
image

Also for the last screen:
image

Rieven and others added 13 commits August 14, 2023 13:47
@Rieven
Fix bug for continueing with L0
fd5eaf9
@Rieven
Merge branch 'main' into fix/redteamer-accept-clearance-level-onboarding
ef7f6ce
@Rieven
Add more test
ed8d256
@Rieven
Merge branch 'main' into fix/redteamer-accept-clearance-level-onboarding
8f824d5
@Rieven
Added translations
2276dfa
@Rieven
Merge branch 'main' into fix/redteamer-accept-clearance-level-onboarding
9103b17
@Rieven
Fix some translations
b89f7d7
@Darwinkel
Merge branch 'main' of github.com:minvws/nl-kat-coordination
9935288
@Darwinkel
Do not add line information in .po files
750fcf0
@Rieven
Merge branch 'fix/improved-make-lang' of github.com:minvws/nl-kat-coo…
e4a375e 
…rdination into fix/redteamer-accept-clearance-level-onboarding
@Rieven
Merge branch 'fix/improved-make-lang' of github.com:minvws/nl-kat-coo…
c6d2ddb 
…rdination into fix/redteamer-accept-clearance-level-onboarding
@Rieven
fix translations
9d49cda
@Rieven
fix translations
f84f9fb
@Darwinkel
Copy link
Contributor

Re-tested. Fix confirmed! :)

@dekkers dekkers merged commit 8d15e73 into main Aug 15, 2023
12 checks passed
@dekkers dekkers deleted the fix/redteamer-accept-clearance-level-onboarding branch August 15, 2023 09:58
jpbruinsslot added a commit that referenced this pull request Aug 22, 2023
@jpbruinsslot
Merge branch 'main' into feature/mula/rate-limit-2
6a2c6d3 
* main:
  Use 127.0.0.1 for RabbitMQ in install script (#1644)
  Remove environment variables from container docs (#1645)
  Feature/report generation timeout (#1640)
  Add reverse DNS boefje (#1579)
  Add first version of new normalisers runner design (#1538)
  Fix `poetry-dependencies` target in Makefile (#1627)
  Upgrade OpenTelemetry (#1626)
  Remove finding types from rocky/OOI_database_seed.json (#1619)
  Feature: Add task detail pages and show objects yielded by normalizer (#1506)
  Update django-admin-auto-tests (#1617)
  Update GitHub Actions (#1618)
  Updated cryptography (#1615)
  Improve filter by muted findings on findings page (#1595)
  Redteamer can now acknowledge clearance level during onboarding (#1549)
  Do not add line information in `.po` files (#1616)
  Add TLS Cipher checks (#1381)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dekkers dekkers dekkers approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Some users may not be able to finish the onboarding due to an insufficient clearance level on their account
4 participants
@Rieven @underdarknl @Darwinkel @dekkers