aws_recon 0.5.25 → 0.5.28
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/aws_recon/collectors/ecr.rb +22 -2
- data/lib/aws_recon/collectors/glue.rb +116 -0
- data/lib/aws_recon/services.yaml +2 -0
- data/lib/aws_recon/version.rb +1 -1
- data/readme.md +1 -0
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c8229a3057964333c58233cb39472a5fb27adadc6098660464018cd16645b5c9
|
4
|
+
data.tar.gz: 222eff40d76d1eeb68a6638a59ef369d53b8ef2994a43b0b765803096933b645
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7f2248fcc733f9f42ae109f5cb96ab0c6e82562182b9e3dbc4404dca72599e224a38c8be7a9fa967d846957427dd6e9edd5387441afcecc2c4de8f55ad001244
|
7
|
+
data.tar.gz: 62f854284d474f8376ac15cae45bae67bd111ed064bdd4fae1c0e6d5ee4a942d905aebee4ac3f12c297c9a5635fe56c58f774f69fa70896974ac211be23a6efb
|
@@ -23,6 +23,25 @@ class ECR < Mapper
|
|
23
23
|
struct.policy = @client
|
24
24
|
.get_repository_policy({ repository_name: repo.repository_name }).policy_text.parse_policy
|
25
25
|
|
26
|
+
struct.images = []
|
27
|
+
#
|
28
|
+
# describe images
|
29
|
+
#
|
30
|
+
@client.list_images( {repository_name: repo.repository_name}).image_ids.each_with_index do | image, page |
|
31
|
+
log(response.context.operation_name, 'list_images', page)
|
32
|
+
image_hash = image.to_h
|
33
|
+
#
|
34
|
+
# describe image scan results
|
35
|
+
#
|
36
|
+
result = @client.describe_image_scan_findings({ repository_name: repo.repository_name, image_id: { image_digest: image.image_digest, image_tag: image.image_tag } })
|
37
|
+
image_hash["image_scan_status"] = result.image_scan_status.to_h
|
38
|
+
image_hash["image_scan_findings"] = result.image_scan_findings.to_h
|
39
|
+
|
40
|
+
rescue Aws::ECR::Errors::ScanNotFoundException => e
|
41
|
+
# No scan result for this image. No action needed
|
42
|
+
ensure
|
43
|
+
struct.images << image_hash
|
44
|
+
end
|
26
45
|
rescue Aws::ECR::Errors::ServiceError => e
|
27
46
|
log_error(e.code)
|
28
47
|
|
@@ -40,7 +59,8 @@ class ECR < Mapper
|
|
40
59
|
# not an error
|
41
60
|
def suppressed_errors
|
42
61
|
%w[
|
43
|
-
RepositoryPolicyNotFoundException
|
44
|
-
|
62
|
+
RepositoryPolicyNotFoundException,
|
63
|
+
ScanNotFoundException
|
64
|
+
]
|
45
65
|
end
|
46
66
|
end
|
@@ -0,0 +1,116 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
#
|
4
|
+
# Collect Glue resources
|
5
|
+
#
|
6
|
+
class Glue < Mapper
|
7
|
+
#
|
8
|
+
# Returns an array of resources.
|
9
|
+
#
|
10
|
+
def collect
|
11
|
+
resources = []
|
12
|
+
#
|
13
|
+
# get_data_catalog_encryption_settings
|
14
|
+
#
|
15
|
+
@client.get_data_catalog_encryption_settings.each_with_index do |response, page|
|
16
|
+
log(response.context.operation_name, page)
|
17
|
+
|
18
|
+
struct = OpenStruct.new(response.to_h)
|
19
|
+
struct.type = 'catalog_encryption_settings'
|
20
|
+
struct.arn = "arn:aws:glue:#{@region}:#{@account}:data-catalog-encryption-settings" # no true ARN
|
21
|
+
resources.push(struct.to_h)
|
22
|
+
end
|
23
|
+
|
24
|
+
#
|
25
|
+
# get_security_configurations
|
26
|
+
#
|
27
|
+
@client.get_security_configurations.each_with_index do |response, page|
|
28
|
+
log(response.context.operation_name, page)
|
29
|
+
|
30
|
+
response.security_configurations.each do |security_configuration|
|
31
|
+
struct = OpenStruct.new(security_configuration.to_h)
|
32
|
+
struct.type = 'security_configuration'
|
33
|
+
struct.arn = "arn:aws:glue:#{@region}:#{@account}:security-configuration/#{security_configuration.name}" # no true ARN
|
34
|
+
resources.push(struct.to_h)
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
#
|
39
|
+
# get_databases
|
40
|
+
#
|
41
|
+
@client.get_databases.each_with_index do |response, page|
|
42
|
+
log(response.context.operation_name, page)
|
43
|
+
|
44
|
+
response.database_list.each do |database|
|
45
|
+
struct = OpenStruct.new(database.to_h)
|
46
|
+
struct.type = 'database'
|
47
|
+
struct.arn = "arn:aws:glue:#{@region}:#{@account}:database/#{database.name}"
|
48
|
+
|
49
|
+
#
|
50
|
+
# get_tables
|
51
|
+
#
|
52
|
+
tables = @client.get_tables({ database_name: database.name })
|
53
|
+
struct.tables = tables.to_h
|
54
|
+
|
55
|
+
resources.push(struct.to_h)
|
56
|
+
end
|
57
|
+
end
|
58
|
+
|
59
|
+
#
|
60
|
+
# get_jobs
|
61
|
+
#
|
62
|
+
@client.get_jobs.each_with_index do |response, page|
|
63
|
+
log(response.context.operation_name, page)
|
64
|
+
|
65
|
+
response.jobs.each do |job|
|
66
|
+
struct = OpenStruct.new(job.to_h)
|
67
|
+
struct.type = 'job'
|
68
|
+
struct.arn = "arn:aws:glue:#{@region}:#{@account}:job/#{job.name}"
|
69
|
+
resources.push(struct.to_h)
|
70
|
+
end
|
71
|
+
end
|
72
|
+
|
73
|
+
#
|
74
|
+
# get_dev_endpoints
|
75
|
+
#
|
76
|
+
@client.get_dev_endpoints.each_with_index do |response, page|
|
77
|
+
log(response.context.operation_name, page)
|
78
|
+
|
79
|
+
response.dev_endpoints.each do |dev_endpoint|
|
80
|
+
struct = OpenStruct.new(dev_endpoint.to_h)
|
81
|
+
struct.type = 'dev_endpoint'
|
82
|
+
struct.arn = "arn:aws:glue:#{@region}:#{@account}:devEndpoint/#{dev_endpoint.endpoint_name}"
|
83
|
+
resources.push(struct.to_h)
|
84
|
+
end
|
85
|
+
end
|
86
|
+
|
87
|
+
#
|
88
|
+
# get_crawlers
|
89
|
+
#
|
90
|
+
@client.get_crawlers.each_with_index do |response, page|
|
91
|
+
log(response.context.operation_name, page)
|
92
|
+
|
93
|
+
response.crawlers.each do |crawler|
|
94
|
+
struct = OpenStruct.new(crawler.to_h)
|
95
|
+
struct.type = 'crawler'
|
96
|
+
struct.arn = "arn:aws:glue:#{@region}:#{@account}:crawler/#{crawler.name}"
|
97
|
+
resources.push(struct.to_h)
|
98
|
+
end
|
99
|
+
end
|
100
|
+
|
101
|
+
#
|
102
|
+
# get_connections
|
103
|
+
#
|
104
|
+
@client.get_connections.each_with_index do |response, page|
|
105
|
+
log(response.context.operation_name, page)
|
106
|
+
|
107
|
+
response.connection_list.each do |connection|
|
108
|
+
struct = OpenStruct.new(connection.to_h)
|
109
|
+
struct.type = 'connection'
|
110
|
+
struct.arn = "arn:aws:glue:#{@region}:#{@account}:connection/#{connection.name}"
|
111
|
+
resources.push(struct.to_h)
|
112
|
+
end
|
113
|
+
end
|
114
|
+
resources
|
115
|
+
end
|
116
|
+
end
|
data/lib/aws_recon/services.yaml
CHANGED
data/lib/aws_recon/version.rb
CHANGED
data/readme.md
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws_recon
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.5.
|
4
|
+
version: 0.5.28
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Josh Larsen
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2022-03-
|
12
|
+
date: 2022-03-31 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: aws-sdk
|
@@ -212,6 +212,7 @@ files:
|
|
212
212
|
- lib/aws_recon/collectors/elasticsearch.rb
|
213
213
|
- lib/aws_recon/collectors/emr.rb
|
214
214
|
- lib/aws_recon/collectors/firehose.rb
|
215
|
+
- lib/aws_recon/collectors/glue.rb
|
215
216
|
- lib/aws_recon/collectors/guardduty.rb
|
216
217
|
- lib/aws_recon/collectors/iam.rb
|
217
218
|
- lib/aws_recon/collectors/kafka.rb
|