Closed olegbck closed 1 month ago
The proposed solution lacks transparency about which distribution is being used, which affects Ansible scripts greatly. How about using a dictionary of vm_name -> distribution:
cve: "CVE-000000-01"
ports: 443
infrastructure:
server: ubuntu-2204
client: windows-10-2203
exploit:
vm: "linux2"
command: "curl -k 'https://linux/index.html?cat=(select*from(select(sleep(15)))a)'"
Introduced the concept of blueprints: https://github.com/NSX-Threat-Analysis-Unit/CVEX/commit/5a43dcfed3dcbd515541aba5a5d78abdfb61612f
Currently infrastructure.yml is looking like this:
We need to detach the vms part so that infrastructure.yml is looking similar to this:
I'd suggest moving the vms part of infrastructure.yml to a separate yml file where we'd keep all infrastructure presets.