aws_recon 0.5.18 → 0.5.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/aws_recon.gemspec +1 -1
  3. data/lib/aws_recon/collectors/ec2.rb +25 -8
  4. data/lib/aws_recon/collectors/organizations.rb +12 -5
  5. data/lib/aws_recon/collectors/s3.rb +3 -1
  6. data/lib/aws_recon/services.yaml +0 -1
  7. data/lib/aws_recon/version.rb +1 -1
  8. data/readme.md +1 -0
  9. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c15eafbd64e2a41405c27df26f663d967fb600fe92928414a45f7278ce4a2f55
4
- data.tar.gz: 71455e2d1dfc37993303ec58704ddffd87a05cd3713562c8b3bd42177bdfb7ba
3
+ metadata.gz: a0225940b06ce4f050b76411a63eef4d83fab157ff64524214ecc37aaa9b4763
4
+ data.tar.gz: 5bbcdb94d22cfe23caa9f5d43ddc1c7dd5a2e58a7784f19ff6f0defb753f324a
5
5
  SHA512:
6
- metadata.gz: fe48606bd7de9da79ddadf19c6414492282395e5776eec11f5be3dbe6fc01167436af2447c92db88dd3cf2956f05f020e8ef558a3392544b0eb5c1ae626c3ba2
7
- data.tar.gz: d82ad1c04091c3137f33a82d9485ecfd6e78a35ba7068e3e8cc59ffe9307dc910fa21fbb567b6da11b2f6cde4374d111cf911cc73923359585aa29bddfb863b6
6
+ metadata.gz: cc712417ee38a98f13aea07c7809aa4412598b4165f775a9c1986aa1981474194b90d35ddfc86992cb9faa705b3dc9d5b0ca0122d1070f995c4d072e4e4c3b27
7
+ data.tar.gz: de820cc2a6551defd85fca374d3aa875c494d0c9c1dd9084f09e371618623fb53edeaf4864aad04d126a6a4fc3831115d9419a175a40a961f2567c139b66d8b1
data/aws_recon.gemspec CHANGED
@@ -23,7 +23,7 @@ Gem::Specification.new do |spec|
23
23
  spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
24
24
  spec.require_paths = ['lib']
25
25
 
26
- spec.add_dependency 'aws-sdk', '~> 3.0'
26
+ spec.add_dependency 'aws-sdk', '~> 3.1'
27
27
  spec.add_dependency 'parallel', '~> 1.20.1'
28
28
 
29
29
  spec.add_development_dependency 'bundler', '~> 2.2.17'
data/lib/aws_recon/collectors/ec2.rb CHANGED
@@ -98,7 +98,10 @@ class EC2 < Mapper
98
98
  struct.type = 'vpc'
99
99
  struct.arn = "arn:aws:ec2:#{@region}:#{@account}:vpc/#{vpc.vpc_id}" # no true ARN
100
100
  struct.flow_logs = @client
101
- .describe_flow_logs({ filter: [{ name: 'resource-id', values: [vpc.vpc_id] }] })
101
+ .describe_flow_logs({ filter: [{
102
+ name: 'resource-id',
103
+ values: [vpc.vpc_id]
104
+ }] })
102
105
  .flow_logs.first.to_h
103
106
 
104
107
  resources.push(struct.to_h)
@@ -337,19 +340,33 @@ class EC2 < Mapper
337
340
  #
338
341
  # describe_managed_prefix_lists
339
342
  #
340
- @client.describe_managed_prefix_lists.each_with_index do |response, page|
341
- log(response.context.operation_name, page)
343
+ begin
344
+ @client.describe_managed_prefix_lists.each_with_index do |response, page|
345
+ log(response.context.operation_name, page)
342
346
 
343
- response.prefix_lists.each do |list|
344
- struct = OpenStruct.new(list.to_h)
345
- struct.type = 'prefix_list'
346
- struct.arn = list.prefix_list_arn
347
+ response.prefix_lists.each do |list|
348
+ struct = OpenStruct.new(list.to_h)
349
+ struct.type = 'prefix_list'
350
+ struct.arn = list.prefix_list_arn
347
351
 
348
- resources.push(struct.to_h)
352
+ resources.push(struct.to_h)
353
+ end
349
354
  end
355
+ rescue Aws::EC2::Errors::ServiceError => e
356
+ log_error(e.code)
357
+
358
+ raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
350
359
  end
351
360
  end
352
361
 
353
362
  resources
354
363
  end
364
+
365
+ private
366
+
367
+ def suppressed_errors
368
+ %w[
369
+ InvalidAction
370
+ ]
371
+ end
355
372
  end
data/lib/aws_recon/collectors/organizations.rb CHANGED
@@ -13,13 +13,19 @@ class Organizations < Mapper
13
13
  #
14
14
  # describe_organization
15
15
  #
16
- @client.describe_organization.each do |response|
17
- log(response.context.operation_name)
16
+ begin
17
+ @client.describe_organization.each do |response|
18
+ log(response.context.operation_name)
18
19
 
19
- struct = OpenStruct.new(response.organization.to_h)
20
- struct.type = 'organization'
20
+ struct = OpenStruct.new(response.organization.to_h)
21
+ struct.type = 'organization'
21
22
 
22
- resources.push(struct.to_h)
23
+ resources.push(struct.to_h)
24
+ end
25
+ rescue Aws::Organizations::Errors::ServiceError => e
26
+ log_error(e.code)
27
+
28
+ raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
23
29
  end
24
30
 
25
31
  #
@@ -66,6 +72,7 @@ class Organizations < Mapper
66
72
  def suppressed_errors
67
73
  %w[
68
74
  AccessDeniedException
75
+ AWSOrganizationsNotInUseException
69
76
  ]
70
77
  end
71
78
  end
data/lib/aws_recon/collectors/s3.rb CHANGED
@@ -53,7 +53,8 @@ class S3 < Mapper
53
53
  { func: 'get_bucket_tagging', key: 'tagging', field: nil },
54
54
  { func: 'get_bucket_logging', key: 'logging', field: 'logging_enabled' },
55
55
  { func: 'get_bucket_versioning', key: 'versioning', field: nil },
56
- { func: 'get_bucket_website', key: 'website', field: nil }
56
+ { func: 'get_bucket_website', key: 'website', field: nil },
57
+ { func: 'get_bucket_ownership_controls', key: 'ownership_controls', field: 'ownership_controls' }
57
58
  ]
58
59
 
59
60
  operations.each do |operation|
@@ -96,6 +97,7 @@ class S3 < Mapper
96
97
  ReplicationConfigurationNotFoundError
97
98
  NoSuchPublicAccessBlockConfiguration
98
99
  ObjectLockConfigurationNotFoundError
100
+ OwnershipControlsNotFoundError
99
101
  ]
100
102
  end
101
103
  end
data/lib/aws_recon/services.yaml CHANGED
@@ -87,7 +87,6 @@
87
87
  alias: ses
88
88
  excluded_regions:
89
89
  - ap-east-1
90
- - ap-northeast-3
91
90
  - name: CloudWatch
92
91
  alias: cloudwatch
93
92
  - name: CloudWatchLogs
data/lib/aws_recon/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module AwsRecon
2
- VERSION = "0.5.18"
2
+ VERSION = "0.5.22"
3
3
  end
data/readme.md CHANGED
@@ -37,6 +37,7 @@ AWS Recon handles collection from large accounts by taking advantage of automati
37
37
  - [Pinterest](https://www.pinterest.com/)
38
38
  - [HackerOne](https://www.hackerone.com/)
39
39
  - [MuleSoft](https://www.mulesoft.com/)
40
+ - [Slack](https://slack.com/)
40
41
  - [Drata](https://drata.com/)
41
42
 
42
43
  > ** usage does not imply endorsement
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws_recon
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.18
4
+ version: 0.5.22
5
5
  platform: ruby
6
6
  authors:
7
7
  - Josh Larsen
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2021-09-11 00:00:00.000000000 Z
12
+ date: 2021-12-02 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: aws-sdk
@@ -17,14 +17,14 @@ dependencies:
17
17
  requirements:
18
18
  - - "~>"
19
19
  - !ruby/object:Gem::Version
20
- version: '3.0'
20
+ version: '3.1'
21
21
  type: :runtime
22
22
  prerelease: false
23
23
  version_requirements: !ruby/object:Gem::Requirement
24
24
  requirements:
25
25
  - - "~>"
26
26
  - !ruby/object:Gem::Version
27
- version: '3.0'
27
+ version: '3.1'
28
28
  - !ruby/object:Gem::Dependency
29
29
  name: parallel
30
30
  requirement: !ruby/object:Gem::Requirement