Dragonfly low code security tool platform development path

One 、 background

Dragonfly beta was launched on the eve of May Day , Many tools accumulated quickly , The number of users is also increasing , But I also gradually found that this stacked platform does not have much technical content ; I wonder if I can do something challenging , Just in recent years, low code platforms are quite popular , I'm wondering if I can build a low code platform in the security scenario .

1.1 Starting point of demand

In the security industry , We can think of two groups , Big Developer , And script boy ;

Strong development ability , Can write very powerful tools , But the energy of a person or a team is limited after all , The function is relatively single , It's hard to think like this AWVS Similar to comprehensive tools ;
The tools developed by each team are easy to use in some way , It's hard to do everything , And it will not consider too many external interfaces for the integration of upstream and downstream ;

The main focus of the script is to use tools to scan for vulnerabilities , They collect all kinds of tools , But to be a red team or SRC For the digging scene , A tool is unlikely to meet your needs ;

So this day I had a whim , Can we build a platform , Connect various tools , In this way, all kinds of tools will not be scattered , Encapsulate the tools developed by the great God with an interface , Let the data flow of these tools be connected , And it is suitable for everyone as much as possible .

1.2 Dragonfly and Soar

We can see many safety related soar platform ,soar The focus of the platform is on orchestration , Dragonflies are also choreographed , The direction is consistent ;

But dragonfly and soar There are also different places , It's because dragonfly's components support running on the user's machine , And conventional soar Platform application scenarios are mostly cloud platform operations , The supported scenarios are basically operation and maintenance and operation scenarios ;

Why does Dragonfly support heavy scanning ？ It has something to do with the dragonfly's architectural model , The conventional soar The platform is basically saas platform , Dragonfly except saas In addition, you need to add work nodes ;

Dragonfly SaaS The platform is only used for application orchestration and console , The node is the place where the task is actually executed , Therefore, there is no need to consider that the user scale is large and the performance cannot keep up , There are many problems such as the execution node and not in the user's cyberspace .

Two 、 What is the meaning of low code platform ？

2.1 Create your own workflow

Scene one ： Vulnerability detection

Get a batch from the designated web page URL( Each request returns different contents ), testing URL Whether there is SQL Inject holes , And notify the detected vulnerability information to the Group .

For engineers with development experience , This process is relatively simple , It's nothing more than writing a script , Keep requesting addresses to get URL, Then remove the duplicate data , Call again SQLmap To test , Finally, write a nail notification event ;

But it will take a lot of time to realize , But if he knows that dragonfly security platform can be implemented in this way , I guess I can't help roast WC, It can be achieved in this way ！

[ Failed to transfer the external chain picture , The origin station may have anti-theft chain mechanism , It is suggested to save the pictures and upload them directly (img-md4g4S10-1655965620071)(http://oss.songboy.site/blog/20220622205818.png)]

As you can see in the picture above , Just drag a few component buttons , Fill in the necessary parameters above ; The flow of this diagram is first obtain URL Content -> Filter the data -> The scanner scans -> Nail notification ;

It may not take more than five minutes , You can finish the requirements . And you will find in this figure , You don't need much code, but you can build your own security tools ;

Scene two ： Intelligence notification

Get security intelligence information from a web page every day , And include in the information Deserialization Send the information to your server .

Then the process of arrangement can be like this , As shown in the figure below

You need to provide vulnerability information URL, A small amount of filtered data Python Script , Your server's URL Address , From the picture, it is inconvenient for ordinary users to write here Python Script ;

But don't worry too much , We will directly package the popular data filtering scripts into components , In this way, users can drag components directly , Then just fill in the information URL And the server URL It can be realized .

Scene three ： Code batch scanning

Give you a batch Git Code warehouse address , You need to conduct security analysis of the code , And push the results to the specified address

You can build such a flow chart

use first Read file contents The component reads the warehouse address list , Use function Python Script The component pulls the code locally , And then use Murphy code scanning Scan components , Finally using webhook The component notifies the result

This one's inside Python Script , In fact, I will package it into a component later , In this way, you will find that you don't need to write code , Easily build a business scenario .

2.2 Focus on building scenarios

With the help of a low code platform , Another hope is to help developers stand on the shoulders of giants , Quickly realize your own needs , Avoid making wheels again and again ;

3、 ... and 、 Difficulties in platform development

Dragonfly low code platform development will encounter some difficulties different from conventional application development , For example, the communication problem of each process node 、 Data transfer between nodes 、 Data transfer ;

3.1 Communication between components

In dragonfly low code platform , That is, we want to isolate each component node from each other , And hope they can communicate ; Isolation is to make each component node more freely choreographed , The need for communication lies in B The node needs to be in A Only after the node is executed ;

The demand is somewhat contradictory , But it must be done , So when designing, I made a public component , All components can communicate with common components , To inform the current execution status , Then the public component schedules the execution state of the next component .

3.2 Data sharing

The data of each node of dragonfly is independent , But some scenarios need to share data , For example, in the code audit scenario , node A Responsible for pulling the code to the local , node B Be responsible for scanning the code ;

These files need to be stored in the file system , The operation of dragonfly nodes is actually based on docker Containers , So dragonfly's solution is to mount a directory of the host computer into all containers , The data is stored in the specified directory of the container .

3.3 The debugging link is long

In the development stage, we need to unit test each component , After debugging, joint debugging between components is also required , Because the environment between components is isolated , So the process of debugging program is very cumbersome

For example, we have a scene that uses A、B、C、D Four nodes , When the operation results do not meet expectations , You may immediately locate which node is abnormal 、 But the exception is probably not caused by the node itself , It is caused by the upstream node data itself ;

The components of the platform may come from the rest of the team , It may also come from the community , You may not be able to solve it alone , This greatly consumes development time ;

What needs to be noted here is , The unit test of each component must be verified repeatedly , Strict verification is also required when receiving parameters , Otherwise, this problem is extremely easy to occur .

Four 、 Development history

The most important thing of low code platform is to make it easy for users to understand , Be able to get started quickly , Otherwise, the value of low code platform is almost nonexistent .

In order to enable ordinary users to get started quickly , The interactive experience of the front end is particularly important , In order to let users understand the data transmission process , Low code platforms usually use flow charts to show data flow , The flow chart component of dragonfly security platform is antv Of Xflow

xflow With typescript Language development , In addition, I used react, Before, my front-end skills mainly used bootstrap and jQuery Realization , The span of the front-end technology stack is the biggest technical risk point for me

It took a week typescript and react I have finished my basic teaching , Try to use it independently in the second week react Write a todolist, Then I tried to write an order evaluation function , Then gradually put the back-end data management function on a shelf , Let's go back Xflow Basically understand how to do .

5、 ... and 、 Last

Dragonfly's low code platform is still an embryonic form , Functional components are not comprehensive enough , With the passage of time and our rapid development , Components will be more comprehensive , One day it will cover your usage scenarios .

Dragonfly security platform address ：http://qingting.starcross.cn/

Dragonfly GitHub Warehouse address ：https://github.com/StarCrossPortal/QingTing

date ：2022 year 06 month 23 Japan

WeChat ：songboy8888

author ： Tang Qingsong