Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Feature/AWS Standard ARN Keys #733

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 27 commits into from
Jul 1, 2020
Merged

Feature/AWS Standard ARN Keys #733

merged 27 commits into from
Jul 1, 2020

Conversation

@JJmako
Copy link
Contributor

@JJmako JJmako commented May 5, 2020
edited by lowSoA
Loading

Description

Add ARN processing and show in HTML report for:

  • IAM
    • groups
    • users
  • Awslambda
    • function
  • Cloudformation
    • stack
  • EC2
    • snapshot
    • volume
    • image
    • instance
    • network_interface
    • security_group
  • elasticache
    • cluster
  • ELB
    • loadbalancer
  • RDS
    • instance
  • Redshift
    • cluster
    • parameter_group
  • Route53
    • domain
  • S3
    • bucket
  • SES
    • identity
  • VPC
    • vpc

Following the nomenclature from:
https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html

Fixes #511

Type of change

Select the relevant option(s):

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works (optional)
  • New and existing unit tests pass locally with my changes

@JJmako JJmako requested a review from x4v13r64 May 5, 2020 15:30
@x4v13r64 x4v13r64 linked an issue May 6, 2020 that may be closed by this pull request
Proposal for having ARN as a standard key across all service assets being scanned for AWS #511
Closed
@x4v13r64 x4v13r64 added component-provider-aws Affects AWS provider WIP labels May 8, 2020
@x4v13r64 x4v13r64 changed the title WIP/Feature/511 arn standard key Feature/AWS Standard ARN Keys May 8, 2020
@x4v13r64
Copy link
Collaborator

x4v13r64 commented May 8, 2020

@JJmako updated description to make it easier to track progress. Also don't forget to add the fields to the HTML partials.

x4v13r64
x4v13r64 reviewed May 26, 2020
View reviewed changes
ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.snapshots.html
<ul>
<li class="list-group-item-text">Id: {{id}}</li>
<li class="list-group-item-text">ID: {{id}}</li>
<li class="list-group-item-text">ARN: {{arn}}</li>
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@JJmako here's an example of adding the ARN to the "partial" that gets displayed in the report. All you need to do once the ARN is implemented in the parsing is add a line like this one to the partial so it shows up in the report.

There are a few partials (like the one for elasticache clusters - https://github.com/nccgroup/ScoutSuite/blob/master/ScoutSuite/output/data/html/partials/aws/services.elasticache.regions.id.vpcs.id.clusters.html) which uses an old generic template, for those you won't need to do anything.

@x4v13r64 x4v13r64 added this to the 5.9.0 milestone Jun 5, 2020
Viatcheslav Zhilin added 7 commits June 8, 2020 12:15
Merge branch 'feature/511-ARN-standard-key' of https://github.com/ncc…
d753a1d 
…group/ScoutSuite into develop
Merge branch 'develop' of https://github.com/nccgroup/ScoutSuite into…
039ed0f 
… develop
Add ARN to partial:
2a8ebeb 
- AWS Lambda function
- CloudFormation stack
- EC2 security group
- Route53 domain
Add ARN to partial (and fixed typos):
7694b84 
- ELB loadbalancer
- ELBv2 loadbalancer
- RDS instance
- S3 bucket
Add ARN to partial:
6a69b0c 
- EC2 instance
- VPC vpc
Add ARN to partial:
b915d48 
- Redshift parameter group and cluster
- SES identity
Fixed typo in ELBv2 partial filename and updated metadata.json accord…
03b62ce 
…ingly
@x4v13r64 x4v13r64 marked this pull request as draft June 9, 2020 14:00
@x4v13r64 x4v13r64 modified the milestones: 5.9.0, 5.10 Jun 9, 2020
@x4v13r64 x4v13r64 mentioned this pull request Jun 12, 2020
Merged
10 tasks
@lowSoA lowSoA self-assigned this Jun 12, 2020
@lowSoA lowSoA added enhancement New feature or request and removed WIP labels Jun 12, 2020
@lowSoA lowSoA marked this pull request as ready for review June 12, 2020 10:44
@x4v13r64
Copy link
Collaborator

@lowSoA please merge develop into this branch to resolve conflicts.

@codecov-commenter
Copy link

codecov-commenter commented Jun 12, 2020
edited
Loading

Codecov Report

Merging #733 into develop will decrease coverage by 0.92%.
The diff coverage is n/a.

Impacted file tree graph

@@             Coverage Diff             @@
##           develop     #733      +/-   ##
===========================================
- Coverage    66.53%   65.61%   -0.93%     
===========================================
  Files           22       22              
  Lines         1539     1582      +43     
===========================================
+ Hits          1024     1038      +14     
- Misses         515      544      +29
Impacted Files Coverage Δ
ScoutSuite/__main__.py 14.92% <0.00%> (-4.13%) ⬇️
ScoutSuite/core/utils.py 86.36% <0.00%> (+0.31%) ⬆️
ScoutSuite/providers/base/configs/browser.py 62.16% <0.00%> (+8.06%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 74b77a2...29ba27e. Read the comment docs.

alessandrogonzalez
alessandrogonzalez reviewed Jul 1, 2020
View reviewed changes
alessandrogonzalez
alessandrogonzalez reviewed Jul 1, 2020
View reviewed changes
Copy link
Contributor

@alessandrogonzalez alessandrogonzalez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a small comment to be addressed. However, this should be ready to merge.

@x4v13r64 x4v13r64 changed the base branch from develop to release/5.10 July 1, 2020 16:13
@x4v13r64
Merge branch 'release/5.10' into feature/511-ARN-standard-key
c9c9882 
# Conflicts:
#	ScoutSuite/providers/aws/resources/ec2/ami.py
@x4v13r64 x4v13r64 merged commit cef988d into release/5.10 Jul 1, 2020
@x4v13r64 x4v13r64 deleted the feature/511-ARN-standard-key branch July 1, 2020 16:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@x4v13r64 x4v13r64 x4v13r64 left review comments

+1 more reviewer

@alessandrogonzalez alessandrogonzalez alessandrogonzalez left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@lowSoA lowSoA

Labels

component-provider-aws Affects AWS provider enhancement New feature or request

Projects

None yet

Milestone

5.10

Development

Successfully merging this pull request may close these issues.

Proposal for having ARN as a standard key across all service assets being scanned for AWS

6 participants

@JJmako @x4v13r64 @codecov-commenter @alessandrogonzalez @lowSoA