RubyGems - aws_recon - Versions diffs - 0.2.17 → 0.2.18 - Mend

aws_recon 0.2.17 → 0.2.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

checksums.yaml +4 -4
data/lib/aws_recon.rb +3 -0
data/lib/aws_recon/collectors/ec2.rb +15 -0
data/lib/aws_recon/collectors/lambda.rb +4 -0
data/lib/aws_recon/collectors/s3.rb +7 -1
data/lib/aws_recon/collectors/sns.rb +2 -0
data/lib/aws_recon/collectors/sqs.rb +1 -1
data/lib/aws_recon/collectors/ssm.rb +1 -1
data/lib/aws_recon/lib/patch.rb +10 -0
data/lib/aws_recon/version.rb +1 -1
data/readme.md +1 -1
metadata +3 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 159d7d490c5b41da69cb442673e9f7786d1c357fa2468f5c921b25c9d4288601
-  data.tar.gz: cf0dd0209b158f601ed1c03238d6c5f3316ff53d140653ada4977dcbad6214b1
+  metadata.gz: eda49a53171d4ca65cdead1238f92429a594e80a644a199eb5bbcccc13514671
+  data.tar.gz: 1fa1d7b45fe39c8ef90f49e31bebbf7a5c5569b524fc9a5aa0bfe08262d760fa
 SHA512:
-  metadata.gz: e512e73eadfb67572ba726c652b174a2c819341afb29417b44d35faca7cf47def127df9f1dd01456e0f47cc5567f919f68940e72633f19051cdef544dbde83f6
-  data.tar.gz: bb31739580f8b14244a96319e8e952cf8ed51ee2bd1408a6942245ac4204ed5dae9dc1caa2a44ab83a36fdee9e21605a3c405b6b7f8c72884cb475577606e7c9
+  metadata.gz: b68650f9efd7f4a522b5aa6240ddaba6d31837634b5d897361838fb17abab065fb756f8d5e9cd94480980fefdfd89317fabbcf1245add3e8fda83a2e5ccf259c
+  data.tar.gz: 85a2604470ec75b83cb82ad2829411fa6927183cba241a6fb72ed409c0ee277443101f999cf883620d056ee90d13edbb3e84787e1e37dde415670a9ff196bdb0

data/lib/aws_recon.rb CHANGED

@@ -3,6 +3,9 @@
 module AwsRecon
 end
+require 'aws_recon/lib/patch.rb'
+String.include PolicyStringParser
 require 'parallel'
 require 'ostruct'
 require 'optparse'

data/lib/aws_recon/collectors/ec2.rb CHANGED

@@ -175,6 +175,21 @@ class EC2 < Mapper
         end
       end
+      #
+      # describe_internet_gateways
+      #
+      @client.describe_internet_gateways.each_with_index do |response, page|
+        log(response.context.operation_name, page)
+        response.internet_gateways.each do |gateway|
+          struct = OpenStruct.new(gateway.to_h)
+          struct.type = 'internet_gateway'
+          struct.arn = gateway.internet_gateway_id # no true ARN
+          resources.push(struct.to_h)
+        end
+      end
       #
       # describe_route_tables
       #

data/lib/aws_recon/collectors/lambda.rb CHANGED

@@ -12,7 +12,11 @@ class Lambda < Mapper
         struct = OpenStruct.new(function)
         struct.type = 'function'
         struct.arn = function.function_arn
+        struct.policy = @client.get_policy({ function_name: function.function_name }).policy.parse_policy
+      rescue Aws::Lambda::Errors::ResourceNotFoundException => e
+        log_error(e.code)
+      ensure
         resources.push(struct.to_h)
       end
     end

data/lib/aws_recon/collectors/s3.rb CHANGED

@@ -29,16 +29,20 @@ class S3 < Mapper
         # to create a bucket, you must set the location_constraint
         # bucket parameter to the same region. (https://docs.aws.amazon.com/general/latest/gr/s3.html)
         client = if location.empty?
+                   struct.location = 'us-east-1'
                    @client
                  else
+                   struct.location = location
                    Aws::S3::Client.new({ region: location })
                  end
         operations = [
           { func: 'get_bucket_acl', key: 'acl', field: nil },
           { func: 'get_bucket_encryption', key: 'encryption', field: 'server_side_encryption_configuration' },
+          { func: 'get_bucket_replication', key: 'replication', field: 'replication_configuration' },
           { func: 'get_bucket_policy', key: 'policy', field: 'policy' },
           { func: 'get_bucket_policy_status', key: 'public', field: 'policy_status' },
+          { func: 'get_public_access_block', key: 'public_access_block', field: 'public_access_block_configuration' },
           { func: 'get_bucket_tagging', key: 'tagging', field: nil },
           { func: 'get_bucket_logging', key: 'logging', field: 'logging_enabled' },
           { func: 'get_bucket_versioning', key: 'versioning', field: nil },
@@ -51,7 +55,7 @@ class S3 < Mapper
           resp = client.send(op.func, { bucket: bucket.name })
           struct[op.key] = if op.key == 'policy'
-                             resp.policy.string
+                             JSON.parse(CGI.unescape(resp.policy.string))
                            else
                              op.field ? resp.send(op.field).to_h : resp.to_h
                            end
@@ -77,6 +81,8 @@ class S3 < Mapper
       NoSuchBucketPolicy
       NoSuchTagSet
       NoSuchWebsiteConfiguration
+      ReplicationConfigurationNotFoundError
+      NoSuchPublicAccessBlockConfiguration
     ]
   end
 end

data/lib/aws_recon/collectors/sns.rb CHANGED

@@ -18,6 +18,8 @@ class SNS < Mapper
         struct = OpenStruct.new(@client.get_topic_attributes({ topic_arn: topic.topic_arn }).attributes.to_h)
         struct.type = 'topic'
         struct.arn = topic.topic_arn
+        struct.policy = JSON.parse(CGI.unescape(struct.Policy))
+        struct.effective_delivery_policy = JSON.parse(CGI.unescape(struct.EffectiveDeliveryPolicy))
         struct.subscriptions = []
         # list_subscriptions_by_topic

data/lib/aws_recon/collectors/sqs.rb CHANGED

@@ -18,7 +18,7 @@ class SQS < Mapper
         struct = OpenStruct.new(@client.get_queue_attributes({ queue_url: queue, attribute_names: ['All'] }).attributes.to_h)
         struct.type = 'queue'
         struct.arn = struct.QueueArn
-        struct.Policy = JSON.parse(CGI.unescape(struct.Policy))
+        struct.policy = JSON.parse(CGI.unescape(struct.Policy))
         resources.push(struct.to_h)
       end

data/lib/aws_recon/collectors/ssm.rb CHANGED

@@ -30,7 +30,7 @@ class SSM < Mapper
         struct = OpenStruct.new(parameter.to_h)
         struct.string_type = parameter.type
         struct.type = 'parameter'
-        struct.arn = "arn:aws:#{@service}:#{@region}::parameter/#{parameter.name}"
+        struct.arn = "arn:aws:#{@service}:#{@region}::parameter:#{parameter.name}"
         resources.push(struct.to_h)
       end

data/lib/aws_recon/lib/patch.rb ADDED

@@ -0,0 +1,10 @@
+#
+# Parse and unescape AWS policy document string
+#
+module PolicyStringParser
+  def parse_policy
+    JSON.parse(CGI.unescape(self))
+  rescue StandardError
+    nil
+  end
+end

data/lib/aws_recon/version.rb CHANGED

@@ -1,3 +1,3 @@
 module AwsRecon
-  VERSION = "0.2.17"
+  VERSION = "0.2.18"
 end

data/readme.md CHANGED

@@ -1,5 +1,5 @@
 [![GitHub Workflow Status (branch)](https://img.shields.io/github/workflow/status/darkbitio/aws-recon/smoke-test/main)](https://github.com/darkbitio/aws-recon/actions?query=branch%3Amain)
-[![Gem Version](https://badge.fury.io/rb/aws_recon.svg)](https://badge.fury.io/rb/aws_recon)
+[![Gem Version](https://badge.fury.io/rb/aws_recon.svg)](https://rubygems.org/gems/aws_recon)
 # AWS Recon

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: aws_recon
 version: !ruby/object:Gem::Version
-  version: 0.2.17
+  version: 0.2.18
 platform: ruby
 authors:
 - Josh Larsen
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-11-24 00:00:00.000000000 Z
+date: 2020-11-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk
@@ -235,6 +235,7 @@ files:
 - lib/aws_recon/collectors/xray.rb
 - lib/aws_recon/lib/formatter.rb
 - lib/aws_recon/lib/mapper.rb
+- lib/aws_recon/lib/patch.rb
 - lib/aws_recon/options.rb
 - lib/aws_recon/services.yaml
 - lib/aws_recon/version.rb