Adding an example and README entry for the network-ranges / IP_addresses datastore / inputting an IP_address into a network module.

2026-02-21 11:18:06 +00:00 · 2017-10-20 10:41:09 +01:00
parent 265fd87ae1
commit c0c180a9aa
2 changed files with 53 additions and 0 deletions
--- a/README.md
+++ b/README.md
@@ -433,6 +433,9 @@ It is also possible to iterate through a datastore, and feed each value into sep
 Some generators generate structured content in JSON format, for example the organisation type. It is possible to access a particular element of structured data from a datastore with the access_json using the ruby hash lookup format. See the example scenario:
 ```scenarios/examples/datastore_examples/json_selection_example.xml```

+Some scenarios require VMs IP addresses to be used as parameters for other modules in the scenario. If this is the case, you should use the 'IP_addresses' datastore to store the IPs for all VMs in the scenario and use the access functionality to pass them into network modules.For example:
+```scenarios/examples/datastore_examples/network_ip_datastore_example.xml```  
+
 ## Modules
 SecGen is designed to be easily extendable with modules that define vulnerabilities and other kinds of software, configuration, and content changes. 

--- a/scenarios/examples/datastore_examples/network_ip_datastore_example.xml
+++ b/scenarios/examples/datastore_examples/network_ip_datastore_example.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0"?>
+
+<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
+          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+          xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
+
+  <system>
+    <system_name>example_server</system_name>
+    <base platform="linux" type="server"/>
+
+    <!-- When storing IP_addresses and passing them into <network> modules, it is essential to name the datastore 'IP_addresses' as below.
+         This is because the network-ranges command line argument overwrites values within this datastore before use.
+         For an example of this, try running this scenario and passing in two network-ranges arguments separated by a comma. -->
+    <input into_datastore="IP_addresses">
+      <value>172.10.0.1</value>
+      <value>172.12.0.1</value>
+      <value>172.10.0.2</value>
+    </input>
+
+    <network type="private_network">
+      <!-- If an IP_address is passed as an input to a network module it takes priority. -->
+      <input into="IP_address">
+        <datastore access="next">IP_addresses</datastore>
+      </input>
+    </network>
+  </system>
+
+  <system>
+    <system_name>example_server</system_name>
+    <base platform="linux" type="server"/>
+
+    <network type="private_network">
+      <input into="IP_address">
+        <datastore access="next">IP_addresses</datastore>
+      </input>
+    </network>
+  </system>
+
+  <system>
+    <system_name>example_server</system_name>
+    <base platform="linux" type="server"/>
+
+    <network type="private_network">
+      <input into="IP_address">
+        <datastore access="next">IP_addresses</datastore>
+      </input>
+    </network>
+  </system>
+
+</scenario>