RubyGems - aws_recon - Versions diffs - 0.2.17 → 0.2.18 - Mend

aws_recon 0.2.17 → 0.2.18

Files changed (12) hide show

checksums.yaml +4 -4
data/lib/aws_recon.rb +3 -0
data/lib/aws_recon/collectors/ec2.rb +15 -0
data/lib/aws_recon/collectors/lambda.rb +4 -0
data/lib/aws_recon/collectors/s3.rb +7 -1
data/lib/aws_recon/collectors/sns.rb +2 -0
data/lib/aws_recon/collectors/sqs.rb +1 -1
data/lib/aws_recon/collectors/ssm.rb +1 -1
data/lib/aws_recon/lib/patch.rb +10 -0
data/lib/aws_recon/version.rb +1 -1
data/readme.md +1 -1
metadata +3 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 159d7d490c5b41da69cb442673e9f7786d1c357fa2468f5c921b25c9d4288601
-  data.tar.gz: cf0dd0209b158f601ed1c03238d6c5f3316ff53d140653ada4977dcbad6214b1
+  metadata.gz: eda49a53171d4ca65cdead1238f92429a594e80a644a199eb5bbcccc13514671
+  data.tar.gz: 1fa1d7b45fe39c8ef90f49e31bebbf7a5c5569b524fc9a5aa0bfe08262d760fa
 SHA512:
-  metadata.gz: e512e73eadfb67572ba726c652b174a2c819341afb29417b44d35faca7cf47def127df9f1dd01456e0f47cc5567f919f68940e72633f19051cdef544dbde83f6
-  data.tar.gz: bb31739580f8b14244a96319e8e952cf8ed51ee2bd1408a6942245ac4204ed5dae9dc1caa2a44ab83a36fdee9e21605a3c405b6b7f8c72884cb475577606e7c9
+  metadata.gz: b68650f9efd7f4a522b5aa6240ddaba6d31837634b5d897361838fb17abab065fb756f8d5e9cd94480980fefdfd89317fabbcf1245add3e8fda83a2e5ccf259c
+  data.tar.gz: 85a2604470ec75b83cb82ad2829411fa6927183cba241a6fb72ed409c0ee277443101f999cf883620d056ee90d13edbb3e84787e1e37dde415670a9ff196bdb0

data/lib/aws_recon.rb CHANGED

@@ -3,6 +3,9 @@
 module AwsRecon
 end
+require 'aws_recon/lib/patch.rb'
+String.include PolicyStringParser
 require 'parallel'
 require 'ostruct'
 require 'optparse'

data/lib/aws_recon/collectors/ec2.rb CHANGED

@@ -175,6 +175,21 @@ class EC2 < Mapper
         end
       end
+      #
+      # describe_internet_gateways
+      #
+      @client.describe_internet_gateways.each_with_index do |response, page|
+        log(response.context.operation_name, page)
+        response.internet_gateways.each do |gateway|
+          struct = OpenStruct.new(gateway.to_h)
+          struct.type = 'internet_gateway'
+          struct.arn = gateway.internet_gateway_id # no true ARN
+          resources.push(struct.to_h)
+        end
+      end
       #
       # describe_route_tables
       #

data/lib/aws_recon/collectors/lambda.rb CHANGED

@@ -12,7 +12,11 @@ class Lambda < Mapper
         struct = OpenStruct.new(function)
         struct.type = 'function'
         struct.arn = function.function_arn
+        struct.policy = @client.get_policy({ function_name: function.function_name }).policy.parse_policy
+      rescue Aws::Lambda::Errors::ResourceNotFoundException => e
+        log_error(e.code)
+      ensure
         resources.push(struct.to_h)
       end
     end

data/lib/aws_recon/collectors/s3.rb CHANGED

@@ -29,16 +29,20 @@ class S3 < Mapper
         # to create a bucket, you must set the location_constraint
         # bucket parameter to the same region. (https://docs.aws.amazon.com/general/latest/gr/s3.html)
         client = if location.empty?
+                   struct.location = 'us-east-1'
                    @client
                  else
+                   struct.location = location
                    Aws::S3::Client.new({ region: location })
                  end
         operations = [
           { func: 'get_bucket_acl', key: 'acl', field: nil },
           { func: 'get_bucket_encryption', key: 'encryption', field: 'server_side_encryption_configuration' },
+          { func: 'get_bucket_replication', key: 'replication', field: 'replication_configuration' },
           { func: 'get_bucket_policy', key: 'policy', field: 'policy' },
           { func: 'get_bucket_policy_status', key: 'public', field: 'policy_status' },
+          { func: 'get_public_access_block', key: 'public_access_block', field: 'public_access_block_configuration' },
           { func: 'get_bucket_tagging', key: 'tagging', field: nil },
           { func: 'get_bucket_logging', key: 'logging', field: 'logging_enabled' },
           { func: 'get_bucket_versioning', key: 'versioning', field: nil },
@@ -51,7 +55,7 @@ class S3 < Mapper
           resp = client.send(op.func, { bucket: bucket.name })
           struct[op.key] = if op.key == 'policy'
-                             resp.policy.string
+                             JSON.parse(CGI.unescape(resp.policy.string))
                            else
                              op.field ? resp.send(op.field).to_h : resp.to_h
                            end
@@ -77,6 +81,8 @@ class S3 < Mapper
       NoSuchBucketPolicy
       NoSuchTagSet
       NoSuchWebsiteConfiguration
+      ReplicationConfigurationNotFoundError
+      NoSuchPublicAccessBlockConfiguration
     ]
   end
 end

data/lib/aws_recon/collectors/sns.rb CHANGED

@@ -18,6 +18,8 @@ class SNS < Mapper
         struct = OpenStruct.new(@client.get_topic_attributes({ topic_arn: topic.topic_arn }).attributes.to_h)
         struct.type = 'topic'
         struct.arn = topic.topic_arn
+        struct.policy = JSON.parse(CGI.unescape(struct.Policy))
+        struct.effective_delivery_policy = JSON.parse(CGI.unescape(struct.EffectiveDeliveryPolicy))
         struct.subscriptions = []
         # list_subscriptions_by_topic

data/lib/aws_recon/collectors/sqs.rb CHANGED

@@ -18,7 +18,7 @@ class SQS < Mapper
         struct = OpenStruct.new(@client.get_queue_attributes({ queue_url: queue, attribute_names: ['All'] }).attributes.to_h)
         struct.type = 'queue'
         struct.arn = struct.QueueArn
-        struct.Policy = JSON.parse(CGI.unescape(struct.Policy))
+        struct.policy = JSON.parse(CGI.unescape(struct.Policy))
         resources.push(struct.to_h)
       end

data/lib/aws_recon/collectors/ssm.rb CHANGED

@@ -30,7 +30,7 @@ class SSM < Mapper
         struct = OpenStruct.new(parameter.to_h)
         struct.string_type = parameter.type
         struct.type = 'parameter'
-        struct.arn = "arn:aws:#{@service}:#{@region}::parameter/#{parameter.name}"
+        struct.arn = "arn:aws:#{@service}:#{@region}::parameter:#{parameter.name}"
         resources.push(struct.to_h)
       end

data/lib/aws_recon/lib/patch.rb ADDED

@@ -0,0 +1,10 @@
+#
+# Parse and unescape AWS policy document string
+#
+module PolicyStringParser
+  def parse_policy
+    JSON.parse(CGI.unescape(self))
+  rescue StandardError
+    nil
+  end
+end

data/lib/aws_recon/version.rb CHANGED

@@ -1,3 +1,3 @@
 module AwsRecon
-  VERSION = "0.2.17"
+  VERSION = "0.2.18"
 end

data/readme.md CHANGED

@@ -1,5 +1,5 @@
 [![GitHub Workflow Status (branch)](https://img.shields.io/github/workflow/status/darkbitio/aws-recon/smoke-test/main)](https://github.com/darkbitio/aws-recon/actions?query=branch%3Amain)
-[![Gem Version](https://badge.fury.io/rb/aws_recon.svg)](https://badge.fury.io/rb/aws_recon)
+[![Gem Version](https://badge.fury.io/rb/aws_recon.svg)](https://rubygems.org/gems/aws_recon)
 # AWS Recon

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: aws_recon
 version: !ruby/object:Gem::Version
-  version: 0.2.17
+  version: 0.2.18
 platform: ruby
 authors:
 - Josh Larsen
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-11-24 00:00:00.000000000 Z
+date: 2020-11-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk
@@ -235,6 +235,7 @@ files:
 - lib/aws_recon/collectors/xray.rb
 - lib/aws_recon/lib/formatter.rb
 - lib/aws_recon/lib/mapper.rb
+- lib/aws_recon/lib/patch.rb
 - lib/aws_recon/options.rb
 - lib/aws_recon/services.yaml
 - lib/aws_recon/version.rb