aws_recon 0.5.24 → 0.5.27
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/aws_recon/collectors/ecr.rb +22 -2
- data/lib/aws_recon/collectors/emr.rb +16 -0
- data/lib/aws_recon/collectors/glue.rb +97 -0
- data/lib/aws_recon/services.yaml +2 -0
- data/lib/aws_recon/version.rb +1 -1
- data/readme.md +1 -0
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: cce979a262416efd0a1dbaf81e121ad470f27de6843675a853079cb281199dcb
|
|
4
|
+
data.tar.gz: 5eded20d231a31694bafbcde065a11738941f5511e5a3253fd04d8b64a9ad284
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: eb267321a1b086650427684322e8449c8db2bbd0d9fcfc7b900fd2104f52f6973a4baa1a5229b4037ee5f36b1613b873d98e8b7a90d59876d9a9f1dd7cf73da9
|
|
7
|
+
data.tar.gz: a7d19878e37496237020c1fccb9a693eaa8802802ae291fe5cbff27b4d43b538543ac1c7f0a2f26c792c9e41bb454ce5f9e2a11b9d53061f1584ba10979162e3
|
|
@@ -23,6 +23,25 @@ class ECR < Mapper
|
|
|
23
23
|
struct.policy = @client
|
|
24
24
|
.get_repository_policy({ repository_name: repo.repository_name }).policy_text.parse_policy
|
|
25
25
|
|
|
26
|
+
struct.images = []
|
|
27
|
+
#
|
|
28
|
+
# describe images
|
|
29
|
+
#
|
|
30
|
+
@client.list_images( {repository_name: repo.repository_name}).image_ids.each_with_index do | image, page |
|
|
31
|
+
log(response.context.operation_name, 'list_images', page)
|
|
32
|
+
image_hash = image.to_h
|
|
33
|
+
#
|
|
34
|
+
# describe image scan results
|
|
35
|
+
#
|
|
36
|
+
result = @client.describe_image_scan_findings({ repository_name: repo.repository_name, image_id: { image_digest: image.image_digest, image_tag: image.image_tag } })
|
|
37
|
+
image_hash["image_scan_status"] = result.image_scan_status.to_h
|
|
38
|
+
image_hash["image_scan_findings"] = result.image_scan_findings.to_h
|
|
39
|
+
|
|
40
|
+
rescue Aws::ECR::Errors::ScanNotFoundException => e
|
|
41
|
+
# No scan result for this image. No action needed
|
|
42
|
+
ensure
|
|
43
|
+
struct.images << image_hash
|
|
44
|
+
end
|
|
26
45
|
rescue Aws::ECR::Errors::ServiceError => e
|
|
27
46
|
log_error(e.code)
|
|
28
47
|
|
|
@@ -40,7 +59,8 @@ class ECR < Mapper
|
|
|
40
59
|
# not an error
|
|
41
60
|
def suppressed_errors
|
|
42
61
|
%w[
|
|
43
|
-
RepositoryPolicyNotFoundException
|
|
44
|
-
|
|
62
|
+
RepositoryPolicyNotFoundException,
|
|
63
|
+
ScanNotFoundException
|
|
64
|
+
]
|
|
45
65
|
end
|
|
46
66
|
end
|
|
@@ -46,6 +46,22 @@ class EMR < Mapper
|
|
|
46
46
|
end
|
|
47
47
|
end
|
|
48
48
|
|
|
49
|
+
#
|
|
50
|
+
# list_security_configurations
|
|
51
|
+
#
|
|
52
|
+
@client.list_security_configurations.each_with_index do |response, page|
|
|
53
|
+
log(response.context.operation_name, page)
|
|
54
|
+
|
|
55
|
+
response.security_configurations.each do |security_configuration|
|
|
56
|
+
log(response.context.operation_name, security_configuration.name)
|
|
57
|
+
|
|
58
|
+
struct = OpenStruct.new(@client.describe_security_configuration({ name: security_configuration.name }).security_configuration.parse_policy)
|
|
59
|
+
struct.type = 'security_configuration'
|
|
60
|
+
struct.arn = "arn:aws:emr:#{@region}:#{@account}:security-configuration/#{security_configuration.name}" # no true ARN
|
|
61
|
+
resources.push(struct.to_h)
|
|
62
|
+
end
|
|
63
|
+
end
|
|
64
|
+
|
|
49
65
|
resources
|
|
50
66
|
end
|
|
51
67
|
|
|
@@ -0,0 +1,97 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
#
|
|
4
|
+
# Collect Glue resources
|
|
5
|
+
#
|
|
6
|
+
class Glue < Mapper
|
|
7
|
+
#
|
|
8
|
+
# Returns an array of resources.
|
|
9
|
+
#
|
|
10
|
+
def collect
|
|
11
|
+
resources = []
|
|
12
|
+
#
|
|
13
|
+
# get_data_catalog_encryption_settings
|
|
14
|
+
#
|
|
15
|
+
@client.get_data_catalog_encryption_settings.each_with_index do | response, page|
|
|
16
|
+
log(response.context.operation_name, page)
|
|
17
|
+
|
|
18
|
+
struct = OpenStruct.new(response.to_h)
|
|
19
|
+
struct.type = 'catalog_encryption_settings'
|
|
20
|
+
struct.arn = "arn:aws:glue:#{@region}:#{@account}:data-catalog-encryption-settings" # no true ARN
|
|
21
|
+
resources.push(struct.to_h)
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
#
|
|
25
|
+
# get_security_configurations
|
|
26
|
+
#
|
|
27
|
+
@client.get_security_configurations.each_with_index do | response, page |
|
|
28
|
+
log(response.context.operation_name, page)
|
|
29
|
+
|
|
30
|
+
response.security_configurations.each do | security_configuration |
|
|
31
|
+
struct = OpenStruct.new(security_configuration.to_h)
|
|
32
|
+
struct.type = 'security_configuration'
|
|
33
|
+
struct.arn = "arn:aws:glue:#{@region}:#{@account}:security-configuration/#{security_configuration.name}" # no true ARN
|
|
34
|
+
resources.push(struct.to_h)
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
#
|
|
39
|
+
# get_jobs
|
|
40
|
+
#
|
|
41
|
+
@client.get_jobs.each_with_index do | response, page |
|
|
42
|
+
log(response.context.operation_name, page)
|
|
43
|
+
|
|
44
|
+
response.jobs.each do | job |
|
|
45
|
+
struct = OpenStruct.new(job.to_h)
|
|
46
|
+
struct.type = 'job'
|
|
47
|
+
struct.arn = "arn:aws:glue:#{@region}:#{@account}:job/#{job.name}"
|
|
48
|
+
resources.push(struct.to_h)
|
|
49
|
+
end
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
#
|
|
53
|
+
# get_dev_endpoints
|
|
54
|
+
#
|
|
55
|
+
@client.get_dev_endpoints.each_with_index do | response, page |
|
|
56
|
+
log(response.context.operation_name, page)
|
|
57
|
+
|
|
58
|
+
response.dev_endpoints.each do | dev_endpoint |
|
|
59
|
+
struct = OpenStruct.new(dev_endpoint.to_h)
|
|
60
|
+
struct.type = 'dev_endpoint'
|
|
61
|
+
struct.arn = "arn:aws:glue:#{@region}:#{@account}:devEndpoint/#{dev_endpoint.endpoint_name}"
|
|
62
|
+
resources.push(struct.to_h)
|
|
63
|
+
end
|
|
64
|
+
end
|
|
65
|
+
|
|
66
|
+
#
|
|
67
|
+
# get_crawlers
|
|
68
|
+
#
|
|
69
|
+
@client.get_crawlers.each_with_index do | response, page |
|
|
70
|
+
log(response.context.operation_name, page)
|
|
71
|
+
|
|
72
|
+
response.crawlers.each do | crawler |
|
|
73
|
+
struct = OpenStruct.new(crawler.to_h)
|
|
74
|
+
struct.type = 'crawler'
|
|
75
|
+
struct.arn = "arn:aws:glue:#{@region}:#{@account}:crawler/#{crawler.name}"
|
|
76
|
+
resources.push(struct.to_h)
|
|
77
|
+
end
|
|
78
|
+
end
|
|
79
|
+
|
|
80
|
+
#
|
|
81
|
+
# get_connections
|
|
82
|
+
#
|
|
83
|
+
@client.get_connections.each_with_index do | response, page |
|
|
84
|
+
log(response.context.operation_name, page)
|
|
85
|
+
|
|
86
|
+
response.connection_list.each do | connection |
|
|
87
|
+
struct = OpenStruct.new(connection.to_h)
|
|
88
|
+
struct.type = 'connection'
|
|
89
|
+
struct.arn = "arn:aws:glue:#{@region}:#{@account}:connection/#{connection.name}"
|
|
90
|
+
resources.push(struct.to_h)
|
|
91
|
+
end
|
|
92
|
+
end
|
|
93
|
+
resources
|
|
94
|
+
end
|
|
95
|
+
|
|
96
|
+
end
|
|
97
|
+
|
data/lib/aws_recon/services.yaml
CHANGED
data/lib/aws_recon/version.rb
CHANGED
data/readme.md
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: aws_recon
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.5.
|
|
4
|
+
version: 0.5.27
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Josh Larsen
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2022-
|
|
12
|
+
date: 2022-03-24 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: aws-sdk
|
|
@@ -212,6 +212,7 @@ files:
|
|
|
212
212
|
- lib/aws_recon/collectors/elasticsearch.rb
|
|
213
213
|
- lib/aws_recon/collectors/emr.rb
|
|
214
214
|
- lib/aws_recon/collectors/firehose.rb
|
|
215
|
+
- lib/aws_recon/collectors/glue.rb
|
|
215
216
|
- lib/aws_recon/collectors/guardduty.rb
|
|
216
217
|
- lib/aws_recon/collectors/iam.rb
|
|
217
218
|
- lib/aws_recon/collectors/kafka.rb
|