aws_recon 0.5.18 → 0.5.22

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/aws_recon.gemspec +1 -1
  3. data/lib/aws_recon/collectors/ec2.rb +25 -8
  4. data/lib/aws_recon/collectors/organizations.rb +12 -5
  5. data/lib/aws_recon/collectors/s3.rb +3 -1
  6. data/lib/aws_recon/services.yaml +0 -1
  7. data/lib/aws_recon/version.rb +1 -1
  8. data/readme.md +1 -0
  9. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c15eafbd64e2a41405c27df26f663d967fb600fe92928414a45f7278ce4a2f55
4
- data.tar.gz: 71455e2d1dfc37993303ec58704ddffd87a05cd3713562c8b3bd42177bdfb7ba
3
+ metadata.gz: a0225940b06ce4f050b76411a63eef4d83fab157ff64524214ecc37aaa9b4763
4
+ data.tar.gz: 5bbcdb94d22cfe23caa9f5d43ddc1c7dd5a2e58a7784f19ff6f0defb753f324a
5
5
  SHA512:
6
- metadata.gz: fe48606bd7de9da79ddadf19c6414492282395e5776eec11f5be3dbe6fc01167436af2447c92db88dd3cf2956f05f020e8ef558a3392544b0eb5c1ae626c3ba2
7
- data.tar.gz: d82ad1c04091c3137f33a82d9485ecfd6e78a35ba7068e3e8cc59ffe9307dc910fa21fbb567b6da11b2f6cde4374d111cf911cc73923359585aa29bddfb863b6
6
+ metadata.gz: cc712417ee38a98f13aea07c7809aa4412598b4165f775a9c1986aa1981474194b90d35ddfc86992cb9faa705b3dc9d5b0ca0122d1070f995c4d072e4e4c3b27
7
+ data.tar.gz: de820cc2a6551defd85fca374d3aa875c494d0c9c1dd9084f09e371618623fb53edeaf4864aad04d126a6a4fc3831115d9419a175a40a961f2567c139b66d8b1
data/aws_recon.gemspec CHANGED
@@ -23,7 +23,7 @@ Gem::Specification.new do |spec|
23
23
  spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
24
24
  spec.require_paths = ['lib']
25
25
 
26
- spec.add_dependency 'aws-sdk', '~> 3.0'
26
+ spec.add_dependency 'aws-sdk', '~> 3.1'
27
27
  spec.add_dependency 'parallel', '~> 1.20.1'
28
28
 
29
29
  spec.add_development_dependency 'bundler', '~> 2.2.17'
data/lib/aws_recon/collectors/ec2.rb CHANGED
@@ -98,7 +98,10 @@ class EC2 < Mapper
98
98
  struct.type = 'vpc'
99
99
  struct.arn = "arn:aws:ec2:#{@region}:#{@account}:vpc/#{vpc.vpc_id}" # no true ARN
100
100
  struct.flow_logs = @client
101
- .describe_flow_logs({ filter: [{ name: 'resource-id', values: [vpc.vpc_id] }] })
101
+ .describe_flow_logs({ filter: [{
102
+ name: 'resource-id',
103
+ values: [vpc.vpc_id]
104
+ }] })
102
105
  .flow_logs.first.to_h
103
106
 
104
107
  resources.push(struct.to_h)
@@ -337,19 +340,33 @@ class EC2 < Mapper
337
340
  #
338
341
  # describe_managed_prefix_lists
339
342
  #
340
- @client.describe_managed_prefix_lists.each_with_index do |response, page|
341
- log(response.context.operation_name, page)
343
+ begin
344
+ @client.describe_managed_prefix_lists.each_with_index do |response, page|
345
+ log(response.context.operation_name, page)
342
346
 
343
- response.prefix_lists.each do |list|
344
- struct = OpenStruct.new(list.to_h)
345
- struct.type = 'prefix_list'
346
- struct.arn = list.prefix_list_arn
347
+ response.prefix_lists.each do |list|
348
+ struct = OpenStruct.new(list.to_h)
349
+ struct.type = 'prefix_list'
350
+ struct.arn = list.prefix_list_arn
347
351
 
348
- resources.push(struct.to_h)
352
+ resources.push(struct.to_h)
353
+ end
349
354
  end
355
+ rescue Aws::EC2::Errors::ServiceError => e
356
+ log_error(e.code)
357
+
358
+ raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
350
359
  end
351
360
  end
352
361
 
353
362
  resources
354
363
  end
364
+
365
+ private
366
+
367
+ def suppressed_errors
368
+ %w[
369
+ InvalidAction
370
+ ]
371
+ end
355
372
  end
data/lib/aws_recon/collectors/organizations.rb CHANGED
@@ -13,13 +13,19 @@ class Organizations < Mapper
13
13
  #
14
14
  # describe_organization
15
15
  #
16
- @client.describe_organization.each do |response|
17
- log(response.context.operation_name)
16
+ begin
17
+ @client.describe_organization.each do |response|
18
+ log(response.context.operation_name)
18
19
 
19
- struct = OpenStruct.new(response.organization.to_h)
20
- struct.type = 'organization'
20
+ struct = OpenStruct.new(response.organization.to_h)
21
+ struct.type = 'organization'
21
22
 
22
- resources.push(struct.to_h)
23
+ resources.push(struct.to_h)
24
+ end
25
+ rescue Aws::Organizations::Errors::ServiceError => e
26
+ log_error(e.code)
27
+
28
+ raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
23
29
  end
24
30
 
25
31
  #
@@ -66,6 +72,7 @@ class Organizations < Mapper
66
72
  def suppressed_errors
67
73
  %w[
68
74
  AccessDeniedException
75
+ AWSOrganizationsNotInUseException
69
76
  ]
70
77
  end
71
78
  end
data/lib/aws_recon/collectors/s3.rb CHANGED
@@ -53,7 +53,8 @@ class S3 < Mapper
53
53
  { func: 'get_bucket_tagging', key: 'tagging', field: nil },
54
54
  { func: 'get_bucket_logging', key: 'logging', field: 'logging_enabled' },
55
55
  { func: 'get_bucket_versioning', key: 'versioning', field: nil },
56
- { func: 'get_bucket_website', key: 'website', field: nil }
56
+ { func: 'get_bucket_website', key: 'website', field: nil },
57
+ { func: 'get_bucket_ownership_controls', key: 'ownership_controls', field: 'ownership_controls' }
57
58
  ]
58
59
 
59
60
  operations.each do |operation|
@@ -96,6 +97,7 @@ class S3 < Mapper
96
97
  ReplicationConfigurationNotFoundError
97
98
  NoSuchPublicAccessBlockConfiguration
98
99
  ObjectLockConfigurationNotFoundError
100
+ OwnershipControlsNotFoundError
99
101
  ]
100
102
  end
101
103
  end
data/lib/aws_recon/services.yaml CHANGED
@@ -87,7 +87,6 @@
87
87
  alias: ses
88
88
  excluded_regions:
89
89
  - ap-east-1
90
- - ap-northeast-3
91
90
  - name: CloudWatch
92
91
  alias: cloudwatch
93
92
  - name: CloudWatchLogs
data/lib/aws_recon/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module AwsRecon
2
- VERSION = "0.5.18"
2
+ VERSION = "0.5.22"
3
3
  end
data/readme.md CHANGED
@@ -37,6 +37,7 @@ AWS Recon handles collection from large accounts by taking advantage of automati
37
37
  - [Pinterest](https://www.pinterest.com/)
38
38
  - [HackerOne](https://www.hackerone.com/)
39
39
  - [MuleSoft](https://www.mulesoft.com/)
40
+ - [Slack](https://slack.com/)
40
41
  - [Drata](https://drata.com/)
41
42
 
42
43
  > ** usage does not imply endorsement
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws_recon
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.18
4
+ version: 0.5.22
5
5
  platform: ruby
6
6
  authors:
7
7
  - Josh Larsen
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2021-09-11 00:00:00.000000000 Z
12
+ date: 2021-12-02 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: aws-sdk
@@ -17,14 +17,14 @@ dependencies:
17
17
  requirements:
18
18
  - - "~>"
19
19
  - !ruby/object:Gem::Version
20
- version: '3.0'
20
+ version: '3.1'
21
21
  type: :runtime
22
22
  prerelease: false
23
23
  version_requirements: !ruby/object:Gem::Requirement
24
24
  requirements:
25
25
  - - "~>"
26
26
  - !ruby/object:Gem::Version
27
- version: '3.0'
27
+ version: '3.1'
28
28
  - !ruby/object:Gem::Dependency
29
29
  name: parallel
30
30
  requirement: !ruby/object:Gem::Requirement