PyPI - cartography - Versions diffs - 0.104.0rc2__py3-none-any.whl → 0.123.0__py3-none-any.whl - Mend

cartography 0.104.0rc2py3-none-any.whl → 0.123.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (642) hide show

cartography/_version.py +16 -3
cartography/cli.py +466 -5
cartography/client/aws/__init__.py +19 -0
cartography/client/aws/ecr.py +51 -0
cartography/client/core/tx.py +357 -8
cartography/config.py +153 -0
cartography/data/azure_permission_relationships.yaml +20 -0
cartography/data/gcp_permission_relationships.yaml +21 -0
cartography/data/indexes.cypher +0 -186
cartography/data/jobs/analysis/aws_ec2_keypair_analysis.json +2 -2
cartography/data/jobs/analysis/keycloak_inheritance.json +30 -0
cartography/data/jobs/cleanup/gcp_compute_vpc_cleanup.json +0 -12
cartography/data/jobs/cleanup/github_repos_cleanup.json +2 -0
cartography/driftdetect/cli.py +3 -2
cartography/graph/cleanupbuilder.py +198 -41
cartography/graph/job.py +54 -6
cartography/graph/querybuilder.py +528 -27
cartography/graph/statement.py +5 -1
cartography/intel/airbyte/__init__.py +105 -0
cartography/intel/airbyte/connections.py +120 -0
cartography/intel/airbyte/destinations.py +81 -0
cartography/intel/airbyte/organizations.py +59 -0
cartography/intel/airbyte/sources.py +78 -0
cartography/intel/airbyte/tags.py +64 -0
cartography/intel/airbyte/users.py +106 -0
cartography/intel/airbyte/util.py +122 -0
cartography/intel/airbyte/workspaces.py +63 -0
cartography/intel/aws/__init__.py +24 -9
cartography/intel/aws/acm.py +124 -0
cartography/intel/aws/apigateway.py +253 -22
cartography/intel/aws/apigatewayv2.py +116 -0
cartography/intel/aws/cloudtrail.py +17 -39
cartography/intel/aws/cloudtrail_management_events.py +962 -0
cartography/intel/aws/cloudwatch.py +150 -4
cartography/intel/aws/codebuild.py +132 -0
cartography/intel/aws/cognito.py +201 -0
cartography/intel/aws/config.py +7 -3
cartography/intel/aws/ec2/elastic_ip_addresses.py +3 -1
cartography/intel/aws/ec2/instances.py +25 -1
cartography/intel/aws/ec2/internet_gateways.py +4 -2
cartography/intel/aws/ec2/load_balancer_v2s.py +11 -5
cartography/intel/aws/ec2/network_interfaces.py +5 -1
cartography/intel/aws/ec2/reserved_instances.py +3 -1
cartography/intel/aws/ec2/security_groups.py +140 -122
cartography/intel/aws/ec2/snapshots.py +47 -84
cartography/intel/aws/ec2/subnets.py +37 -63
cartography/intel/aws/ec2/tgw.py +11 -5
cartography/intel/aws/ec2/volumes.py +1 -1
cartography/intel/aws/ec2/vpc.py +140 -124
cartography/intel/aws/ec2/vpc_peerings.py +262 -125
cartography/intel/aws/ecr.py +269 -98
cartography/intel/aws/ecr_image_layers.py +923 -0
cartography/intel/aws/ecs.py +251 -380
cartography/intel/aws/efs.py +179 -11
cartography/intel/aws/elasticache.py +102 -79
cartography/intel/aws/elasticsearch.py +13 -4
cartography/intel/aws/eventbridge.py +164 -0
cartography/intel/aws/glue.py +181 -0
cartography/intel/aws/guardduty.py +443 -0
cartography/intel/aws/iam.py +750 -493
cartography/intel/aws/identitycenter.py +605 -83
cartography/intel/aws/inspector.py +221 -105
cartography/intel/aws/kms.py +173 -201
cartography/intel/aws/lambda_function.py +272 -189
cartography/intel/aws/organizations.py +10 -9
cartography/intel/aws/permission_relationships.py +10 -20
cartography/intel/aws/rds.py +337 -446
cartography/intel/aws/redshift.py +9 -4
cartography/intel/aws/resourcegroupstaggingapi.py +78 -19
cartography/intel/aws/resources.py +18 -0
cartography/intel/aws/route53.py +386 -332
cartography/intel/aws/s3.py +322 -14
cartography/intel/aws/secretsmanager.py +81 -49
cartography/intel/aws/securityhub.py +3 -1
cartography/intel/aws/sns.py +62 -2
cartography/intel/aws/sqs.py +36 -90
cartography/intel/aws/ssm.py +3 -5
cartography/intel/azure/__init__.py +202 -48
cartography/intel/azure/aks.py +175 -0
cartography/intel/azure/app_service.py +105 -0
cartography/intel/azure/compute.py +59 -112
cartography/intel/azure/container_instances.py +95 -0
cartography/intel/azure/cosmosdb.py +222 -361
cartography/intel/azure/data_factory.py +85 -0
cartography/intel/azure/data_factory_dataset.py +128 -0
cartography/intel/azure/data_factory_linked_service.py +119 -0
cartography/intel/azure/data_factory_pipeline.py +142 -0
cartography/intel/azure/data_lake.py +124 -0
cartography/intel/azure/event_grid.py +94 -0
cartography/intel/azure/functions.py +124 -0
cartography/intel/azure/load_balancers.py +263 -0
cartography/intel/azure/logic_apps.py +101 -0
cartography/intel/azure/monitor.py +105 -0
cartography/intel/azure/network.py +467 -0
cartography/intel/azure/permission_relationships.py +466 -0
cartography/intel/azure/rbac.py +309 -0
cartography/intel/azure/resource_groups.py +82 -0
cartography/intel/azure/security_center.py +106 -0
cartography/intel/azure/sql.py +145 -292
cartography/intel/azure/storage.py +185 -262
cartography/intel/azure/subscription.py +21 -43
cartography/intel/azure/tenant.py +39 -30
cartography/intel/azure/util/common.py +13 -0
cartography/intel/azure/util/credentials.py +49 -174
cartography/intel/azure/util/tag.py +41 -0
cartography/intel/create_indexes.py +2 -1
cartography/intel/crowdstrike/spotlight.py +5 -2
cartography/intel/dns.py +5 -2
cartography/intel/entra/__init__.py +100 -1
cartography/intel/entra/app_role_assignments.py +284 -0
cartography/intel/entra/applications.py +182 -0
cartography/intel/entra/federation/__init__.py +0 -0
cartography/intel/entra/federation/aws_identity_center.py +77 -0
cartography/intel/entra/groups.py +198 -0
cartography/intel/entra/ou.py +48 -24
cartography/intel/entra/service_principals.py +217 -0
cartography/intel/entra/users.py +105 -57
cartography/intel/gcp/__init__.py +334 -396
cartography/intel/gcp/bigtable_app_profile.py +101 -0
cartography/intel/gcp/bigtable_backup.py +91 -0
cartography/intel/gcp/bigtable_cluster.py +93 -0
cartography/intel/gcp/bigtable_instance.py +86 -0
cartography/intel/gcp/bigtable_table.py +87 -0
cartography/intel/gcp/cai.py +292 -0
cartography/intel/gcp/clients.py +112 -0
cartography/intel/gcp/compute.py +128 -119
cartography/intel/gcp/crm/__init__.py +0 -0
cartography/intel/gcp/crm/folders.py +114 -0
cartography/intel/gcp/crm/orgs.py +70 -0
cartography/intel/gcp/crm/projects.py +120 -0
cartography/intel/gcp/dns.py +83 -169
cartography/intel/gcp/gke.py +72 -113
cartography/intel/gcp/iam.py +111 -91
cartography/intel/gcp/permission_relationships.py +394 -0
cartography/intel/gcp/policy_bindings.py +225 -0
cartography/intel/gcp/storage.py +75 -159
cartography/intel/github/__init__.py +62 -25
cartography/intel/github/commits.py +423 -0
cartography/intel/github/repos.py +463 -85
cartography/intel/github/teams.py +3 -3
cartography/intel/github/users.py +5 -0
cartography/intel/github/util.py +12 -0
cartography/intel/googleworkspace/__init__.py +193 -0
cartography/intel/googleworkspace/devices.py +254 -0
cartography/intel/googleworkspace/groups.py +568 -0
cartography/intel/googleworkspace/oauth_apps.py +259 -0
cartography/intel/googleworkspace/tenant.py +85 -0
cartography/intel/googleworkspace/users.py +138 -0
cartography/intel/gsuite/__init__.py +17 -9
cartography/intel/gsuite/groups.py +291 -0
cartography/intel/gsuite/users.py +142 -0
cartography/intel/jamf/computers.py +7 -1
cartography/intel/keycloak/__init__.py +153 -0
cartography/intel/keycloak/authenticationexecutions.py +322 -0
cartography/intel/keycloak/authenticationflows.py +77 -0
cartography/intel/keycloak/clients.py +187 -0
cartography/intel/keycloak/groups.py +126 -0
cartography/intel/keycloak/identityproviders.py +94 -0
cartography/intel/keycloak/organizations.py +163 -0
cartography/intel/keycloak/realms.py +61 -0
cartography/intel/keycloak/roles.py +202 -0
cartography/intel/keycloak/scopes.py +73 -0
cartography/intel/keycloak/users.py +70 -0
cartography/intel/keycloak/util.py +47 -0
cartography/intel/kubernetes/__init__.py +60 -14
cartography/intel/kubernetes/clusters.py +86 -0
cartography/intel/kubernetes/eks.py +402 -0
cartography/intel/kubernetes/namespaces.py +59 -57
cartography/intel/kubernetes/pods.py +168 -75
cartography/intel/kubernetes/rbac.py +597 -0
cartography/intel/kubernetes/secrets.py +95 -45
cartography/intel/kubernetes/services.py +131 -67
cartography/intel/kubernetes/util.py +142 -14
cartography/intel/oci/iam.py +23 -9
cartography/intel/oci/organizations.py +3 -1
cartography/intel/oci/utils.py +28 -5
cartography/intel/okta/applications.py +15 -5
cartography/intel/okta/awssaml.py +14 -10
cartography/intel/okta/factors.py +3 -1
cartography/intel/okta/groups.py +5 -2
cartography/intel/okta/organization.py +3 -1
cartography/intel/okta/origins.py +3 -1
cartography/intel/okta/roles.py +5 -2
cartography/intel/okta/users.py +10 -2
cartography/intel/ontology/__init__.py +44 -0
cartography/intel/ontology/devices.py +54 -0
cartography/intel/ontology/users.py +54 -0
cartography/intel/ontology/utils.py +176 -0
cartography/intel/pagerduty/escalation_policies.py +13 -6
cartography/intel/pagerduty/schedules.py +9 -4
cartography/intel/pagerduty/services.py +7 -3
cartography/intel/pagerduty/teams.py +5 -2
cartography/intel/pagerduty/users.py +3 -1
cartography/intel/pagerduty/vendors.py +3 -1
cartography/intel/scaleway/__init__.py +127 -0
cartography/intel/scaleway/iam/__init__.py +0 -0
cartography/intel/scaleway/iam/apikeys.py +71 -0
cartography/intel/scaleway/iam/applications.py +71 -0
cartography/intel/scaleway/iam/groups.py +71 -0
cartography/intel/scaleway/iam/users.py +71 -0
cartography/intel/scaleway/instances/__init__.py +0 -0
cartography/intel/scaleway/instances/flexibleips.py +86 -0
cartography/intel/scaleway/instances/instances.py +92 -0
cartography/intel/scaleway/projects.py +79 -0
cartography/intel/scaleway/storage/__init__.py +0 -0
cartography/intel/scaleway/storage/snapshots.py +86 -0
cartography/intel/scaleway/storage/volumes.py +84 -0
cartography/intel/scaleway/utils.py +37 -0
cartography/intel/sentinelone/__init__.py +75 -0
cartography/intel/sentinelone/account.py +140 -0
cartography/intel/sentinelone/agent.py +139 -0
cartography/intel/sentinelone/api.py +124 -0
cartography/intel/sentinelone/application.py +248 -0
cartography/intel/sentinelone/cve.py +119 -0
cartography/intel/sentinelone/utils.py +28 -0
cartography/intel/slack/__init__.py +78 -0
cartography/intel/slack/channels.py +80 -0
cartography/intel/slack/groups.py +90 -0
cartography/intel/slack/teams.py +65 -0
cartography/intel/slack/users.py +57 -0
cartography/intel/slack/utils.py +29 -0
cartography/intel/spacelift/__init__.py +161 -0
cartography/intel/spacelift/account.py +73 -0
cartography/intel/spacelift/ec2_ownership.py +280 -0
cartography/intel/spacelift/runs.py +463 -0
cartography/intel/spacelift/spaces.py +112 -0
cartography/intel/spacelift/stacks.py +119 -0
cartography/intel/spacelift/util.py +122 -0
cartography/intel/spacelift/workerpools.py +131 -0
cartography/intel/spacelift/workers.py +128 -0
cartography/intel/trivy/__init__.py +272 -0
cartography/intel/trivy/scanner.py +386 -0
cartography/models/airbyte/__init__.py +0 -0
cartography/models/airbyte/connection.py +138 -0
cartography/models/airbyte/destination.py +75 -0
cartography/models/airbyte/organization.py +19 -0
cartography/models/airbyte/source.py +75 -0
cartography/models/airbyte/stream.py +74 -0
cartography/models/airbyte/tag.py +69 -0
cartography/models/airbyte/user.py +115 -0
cartography/models/airbyte/workspace.py +46 -0
cartography/models/anthropic/apikey.py +4 -0
cartography/models/anthropic/user.py +4 -0
cartography/models/aws/acm/__init__.py +0 -0
cartography/models/aws/acm/certificate.py +75 -0
cartography/models/aws/apigateway/__init__.py +0 -0
cartography/models/aws/apigateway/apigatewaydeployment.py +74 -0
cartography/models/aws/apigateway/apigatewayintegration.py +79 -0
cartography/models/aws/apigateway/apigatewaymethod.py +74 -0
cartography/models/aws/apigatewayv2/__init__.py +0 -0
cartography/models/aws/apigatewayv2/apigatewayv2.py +53 -0
cartography/models/aws/cloudtrail/management_events.py +153 -0
cartography/models/aws/cloudtrail/trail.py +45 -0
cartography/models/aws/cloudwatch/log_metric_filter.py +79 -0
cartography/models/aws/cloudwatch/metric_alarm.py +53 -0
cartography/models/aws/codebuild/__init__.py +0 -0
cartography/models/aws/codebuild/project.py +49 -0
cartography/models/aws/cognito/__init__.py +0 -0
cartography/models/aws/cognito/identity_pool.py +70 -0
cartography/models/aws/cognito/user_pool.py +47 -0
cartography/models/aws/dynamodb/tables.py +2 -0
cartography/models/aws/ec2/instances.py +25 -1
cartography/models/aws/ec2/networkinterfaces.py +4 -0
cartography/models/aws/ec2/security_group_rules.py +109 -0
cartography/models/aws/ec2/security_groups.py +90 -0
cartography/models/aws/ec2/snapshots.py +58 -0
cartography/models/aws/ec2/subnet_instance.py +2 -0
cartography/models/aws/ec2/subnet_networkinterface.py +2 -0
cartography/models/aws/ec2/subnets.py +65 -0
cartography/models/aws/ec2/volumes.py +20 -0
cartography/models/aws/ec2/vpc.py +46 -0
cartography/models/aws/ec2/vpc_cidr.py +102 -0
cartography/models/aws/ec2/vpc_peering.py +157 -0
cartography/models/aws/ecr/__init__.py +0 -0
cartography/models/aws/ecr/image.py +146 -0
cartography/models/aws/ecr/image_layer.py +107 -0
cartography/models/aws/ecr/repository.py +72 -0
cartography/models/aws/ecr/repository_image.py +95 -0
cartography/models/aws/ecs/__init__.py +0 -0
cartography/models/aws/ecs/clusters.py +64 -0
cartography/models/aws/ecs/container_definitions.py +93 -0
cartography/models/aws/ecs/container_instances.py +84 -0
cartography/models/aws/ecs/containers.py +101 -0
cartography/models/aws/ecs/services.py +134 -0
cartography/models/aws/ecs/task_definitions.py +135 -0
cartography/models/aws/ecs/tasks.py +134 -0
cartography/models/aws/efs/access_point.py +77 -0
cartography/models/aws/efs/file_system.py +60 -0
cartography/models/aws/efs/mount_target.py +29 -2
cartography/models/aws/elasticache/__init__.py +0 -0
cartography/models/aws/elasticache/cluster.py +65 -0
cartography/models/aws/elasticache/topic.py +67 -0
cartography/models/aws/eventbridge/__init__.py +0 -0
cartography/models/aws/eventbridge/rule.py +77 -0
cartography/models/aws/eventbridge/target.py +71 -0
cartography/models/aws/glue/__init__.py +0 -0
cartography/models/aws/glue/connection.py +51 -0
cartography/models/aws/glue/job.py +69 -0
cartography/models/aws/guardduty/__init__.py +1 -0
cartography/models/aws/guardduty/detectors.py +50 -0
cartography/models/aws/guardduty/findings.py +121 -0
cartography/models/aws/iam/access_key.py +103 -0
cartography/models/aws/iam/account_role.py +24 -0
cartography/models/aws/iam/federated_principal.py +60 -0
cartography/models/aws/iam/group.py +60 -0
cartography/models/aws/iam/group_membership.py +27 -0
cartography/models/aws/iam/inline_policy.py +78 -0
cartography/models/aws/iam/managed_policy.py +51 -0
cartography/models/aws/iam/policy_statement.py +57 -0
cartography/models/aws/iam/role.py +83 -0
cartography/models/aws/iam/root_principal.py +52 -0
cartography/models/aws/iam/service_principal.py +30 -0
cartography/models/aws/iam/sts_assumerole_allow.py +38 -0
cartography/models/aws/iam/user.py +59 -0
cartography/models/aws/identitycenter/awsidentitycenter.py +1 -0
cartography/models/aws/identitycenter/awspermissionset.py +70 -0
cartography/models/aws/identitycenter/awssogroup.py +70 -0
cartography/models/aws/identitycenter/awsssouser.py +49 -9
cartography/models/aws/inspector/findings.py +37 -0
cartography/models/aws/inspector/packages.py +1 -31
cartography/models/aws/kms/__init__.py +0 -0
cartography/models/aws/kms/aliases.py +86 -0
cartography/models/aws/kms/grants.py +65 -0
cartography/models/aws/kms/keys.py +88 -0
cartography/models/aws/lambda_function/__init__.py +0 -0
cartography/models/aws/lambda_function/alias.py +74 -0
cartography/models/aws/lambda_function/event_source_mapping.py +88 -0
cartography/models/aws/lambda_function/lambda_function.py +91 -0
cartography/models/aws/lambda_function/layer.py +72 -0
cartography/models/aws/rds/__init__.py +0 -0
cartography/models/aws/rds/cluster.py +91 -0
cartography/models/aws/rds/event_subscription.py +146 -0
cartography/models/aws/rds/instance.py +156 -0
cartography/models/aws/rds/snapshot.py +108 -0
cartography/models/aws/rds/subnet_group.py +101 -0
cartography/models/aws/route53/__init__.py +0 -0
cartography/models/aws/route53/dnsrecord.py +235 -0
cartography/models/aws/route53/nameserver.py +63 -0
cartography/models/aws/route53/subzone.py +40 -0
cartography/models/aws/route53/zone.py +47 -0
cartography/models/aws/s3/notification.py +24 -0
cartography/models/aws/secretsmanager/secret.py +106 -0
cartography/models/aws/secretsmanager/secret_version.py +0 -2
cartography/models/aws/sns/topic_subscription.py +74 -0
cartography/models/aws/sqs/__init__.py +0 -0
cartography/models/aws/sqs/queue.py +89 -0
cartography/models/azure/__init__.py +0 -0
cartography/models/azure/aks_cluster.py +54 -0
cartography/models/azure/aks_nodepool.py +54 -0
cartography/models/azure/app_service.py +59 -0
cartography/models/azure/container_instance.py +57 -0
cartography/models/azure/cosmosdb/__init__.py +0 -0
cartography/models/azure/cosmosdb/account.py +77 -0
cartography/models/azure/cosmosdb/accountfailoverpolicy.py +77 -0
cartography/models/azure/cosmosdb/cassandrakeyspace.py +82 -0
cartography/models/azure/cosmosdb/cassandratable.py +81 -0
cartography/models/azure/cosmosdb/corspolicy.py +74 -0
cartography/models/azure/cosmosdb/dblocation.py +120 -0
cartography/models/azure/cosmosdb/mongodbcollection.py +82 -0
cartography/models/azure/cosmosdb/mongodbdatabase.py +78 -0
cartography/models/azure/cosmosdb/privateendpointconnection.py +81 -0
cartography/models/azure/cosmosdb/sqlcontainer.py +88 -0
cartography/models/azure/cosmosdb/sqldatabase.py +78 -0
cartography/models/azure/cosmosdb/tableresource.py +76 -0
cartography/models/azure/cosmosdb/virtualnetworkrule.py +78 -0
cartography/models/azure/data_factory/__init__.py +0 -0
cartography/models/azure/data_factory/data_factory.py +51 -0
cartography/models/azure/data_factory/data_factory_dataset.py +94 -0
cartography/models/azure/data_factory/data_factory_linked_service.py +78 -0
cartography/models/azure/data_factory/data_factory_pipeline.py +93 -0
cartography/models/azure/data_lake_filesystem.py +51 -0
cartography/models/azure/event_grid_topic.py +57 -0
cartography/models/azure/function_app.py +59 -0
cartography/models/azure/load_balancer/__init__.py +0 -0
cartography/models/azure/load_balancer/load_balancer.py +49 -0
cartography/models/azure/load_balancer/load_balancer_backend_pool.py +73 -0
cartography/models/azure/load_balancer/load_balancer_frontend_ip.py +75 -0
cartography/models/azure/load_balancer/load_balancer_inbound_nat_rule.py +78 -0
cartography/models/azure/load_balancer/load_balancer_rule.py +108 -0
cartography/models/azure/logic_apps.py +56 -0
cartography/models/azure/monitor.py +54 -0
cartography/models/azure/network_interface.py +112 -0
cartography/models/azure/network_security_group.py +50 -0
cartography/models/azure/permission_relationships.py +60 -0
cartography/models/azure/principal.py +41 -0
cartography/models/azure/public_ip_address.py +50 -0
cartography/models/azure/rbac.py +268 -0
cartography/models/azure/resource_groups.py +52 -0
cartography/models/azure/security_center.py +50 -0
cartography/models/azure/sql/__init__.py +0 -0
cartography/models/azure/sql/databasethreatdetectionpolicy.py +85 -0
cartography/models/azure/sql/elasticpool.py +77 -0
cartography/models/azure/sql/failovergroup.py +73 -0
cartography/models/azure/sql/recoverabledatabase.py +75 -0
cartography/models/azure/sql/replicationlink.py +81 -0
cartography/models/azure/sql/restorabledroppeddatabase.py +82 -0
cartography/models/azure/sql/restorepoint.py +74 -0
cartography/models/azure/sql/serveradadministrator.py +74 -0
cartography/models/azure/sql/serverdnsalias.py +71 -0
cartography/models/azure/sql/sqldatabase.py +85 -0
cartography/models/azure/sql/sqlserver.py +50 -0
cartography/models/azure/sql/transparentdataencryption.py +76 -0
cartography/models/azure/storage/__init__.py +0 -0
cartography/models/azure/storage/account.py +59 -0
cartography/models/azure/storage/blobcontainer.py +85 -0
cartography/models/azure/storage/blobservice.py +71 -0
cartography/models/azure/storage/fileservice.py +71 -0
cartography/models/azure/storage/fileshare.py +82 -0
cartography/models/azure/storage/queue.py +71 -0
cartography/models/azure/storage/queueservice.py +73 -0
cartography/models/azure/storage/table.py +72 -0
cartography/models/azure/storage/tableservice.py +73 -0
cartography/models/azure/subnet.py +101 -0
cartography/models/azure/subscription.py +47 -0
cartography/models/azure/tags/__init__.py +0 -0
cartography/models/azure/tags/storage_tag.py +40 -0
cartography/models/azure/tags/tag.py +37 -0
cartography/models/azure/tenant.py +17 -0
cartography/models/azure/virtual_network.py +49 -0
cartography/models/azure/vm/__init__.py +0 -0
cartography/models/azure/vm/datadisk.py +80 -0
cartography/models/azure/vm/disk.py +55 -0
cartography/models/azure/vm/snapshot.py +56 -0
cartography/models/azure/vm/virtualmachine.py +59 -0
cartography/models/bigfix/bigfix_computer.py +1 -1
cartography/models/cloudflare/member.py +4 -0
cartography/models/core/common.py +1 -0
cartography/models/core/nodes.py +15 -2
cartography/models/core/relationships.py +44 -0
cartography/models/crowdstrike/hosts.py +1 -1
cartography/models/digitalocean/droplet.py +2 -0
cartography/models/duo/endpoint.py +1 -1
cartography/models/duo/phone.py +2 -2
cartography/models/duo/user.py +4 -0
cartography/models/entra/app_role_assignment.py +115 -0
cartography/models/entra/application.py +49 -0
cartography/models/entra/entra_user_to_aws_sso.py +41 -0
cartography/models/entra/group.py +117 -0
cartography/models/entra/service_principal.py +104 -0
cartography/models/entra/user.py +42 -51
cartography/models/gcp/__init__.py +0 -0
cartography/models/gcp/bigtable/__init__.py +0 -0
cartography/models/gcp/bigtable/app_profile.py +94 -0
cartography/models/gcp/bigtable/backup.py +91 -0
cartography/models/gcp/bigtable/cluster.py +73 -0
cartography/models/gcp/bigtable/instance.py +52 -0
cartography/models/gcp/bigtable/table.py +69 -0
cartography/models/gcp/compute/__init__.py +0 -0
cartography/models/gcp/compute/subnet.py +74 -0
cartography/models/gcp/compute/vpc.py +50 -0
cartography/models/gcp/crm/__init__.py +0 -0
cartography/models/gcp/crm/folders.py +98 -0
cartography/models/gcp/crm/organizations.py +21 -0
cartography/models/gcp/crm/projects.py +100 -0
cartography/models/gcp/dns.py +109 -0
cartography/models/gcp/gke.py +69 -0
cartography/models/gcp/iam.py +3 -0
cartography/models/gcp/permission_relationships.py +61 -0
cartography/models/gcp/policy_bindings.py +93 -0
cartography/models/gcp/storage/__init__.py +0 -0
cartography/models/gcp/storage/bucket.py +119 -0
cartography/models/github/commits.py +63 -0
cartography/models/github/dependencies.py +73 -0
cartography/models/github/manifests.py +49 -0
cartography/models/github/users.py +10 -0
cartography/models/googleworkspace/__init__.py +0 -0
cartography/models/googleworkspace/device.py +132 -0
cartography/models/googleworkspace/group.py +382 -0
cartography/models/googleworkspace/oauth_app.py +124 -0
cartography/models/googleworkspace/tenant.py +30 -0
cartography/models/googleworkspace/user.py +113 -0
cartography/models/gsuite/__init__.py +0 -0
cartography/models/gsuite/group.py +218 -0
cartography/models/gsuite/tenant.py +29 -0
cartography/models/gsuite/user.py +107 -0
cartography/models/kandji/device.py +1 -2
cartography/models/keycloak/__init__.py +0 -0
cartography/models/keycloak/authenticationexecution.py +160 -0
cartography/models/keycloak/authenticationflow.py +54 -0
cartography/models/keycloak/client.py +179 -0
cartography/models/keycloak/group.py +101 -0
cartography/models/keycloak/identityprovider.py +89 -0
cartography/models/keycloak/organization.py +116 -0
cartography/models/keycloak/organizationdomain.py +73 -0
cartography/models/keycloak/realm.py +173 -0
cartography/models/keycloak/role.py +126 -0
cartography/models/keycloak/scope.py +73 -0
cartography/models/keycloak/user.py +55 -0
cartography/models/kubernetes/__init__.py +0 -0
cartography/models/kubernetes/clusterrolebindings.py +138 -0
cartography/models/kubernetes/clusterroles.py +52 -0
cartography/models/kubernetes/clusters.py +26 -0
cartography/models/kubernetes/containers.py +133 -0
cartography/models/kubernetes/groups.py +107 -0
cartography/models/kubernetes/namespaces.py +51 -0
cartography/models/kubernetes/oidc.py +51 -0
cartography/models/kubernetes/pods.py +80 -0
cartography/models/kubernetes/rolebindings.py +159 -0
cartography/models/kubernetes/roles.py +76 -0
cartography/models/kubernetes/secrets.py +79 -0
cartography/models/kubernetes/serviceaccounts.py +77 -0
cartography/models/kubernetes/services.py +108 -0
cartography/models/kubernetes/users.py +105 -0
cartography/models/lastpass/user.py +4 -0
cartography/models/ontology/__init__.py +0 -0
cartography/models/ontology/device.py +137 -0
cartography/models/ontology/mapping/__init__.py +76 -0
cartography/models/ontology/mapping/data/__init__.py +0 -0
cartography/models/ontology/mapping/data/apikeys.py +93 -0
cartography/models/ontology/mapping/data/computeinstance.py +95 -0
cartography/models/ontology/mapping/data/containers.py +88 -0
cartography/models/ontology/mapping/data/databases.py +182 -0
cartography/models/ontology/mapping/data/devices.py +194 -0
cartography/models/ontology/mapping/data/thirdpartyapps.py +140 -0
cartography/models/ontology/mapping/data/useraccounts.py +416 -0
cartography/models/ontology/mapping/data/users.py +63 -0
cartography/models/ontology/mapping/specs.py +85 -0
cartography/models/ontology/user.py +51 -0
cartography/models/openai/adminapikey.py +4 -0
cartography/models/openai/apikey.py +4 -0
cartography/models/openai/user.py +4 -0
cartography/models/scaleway/__init__.py +0 -0
cartography/models/scaleway/iam/__init__.py +0 -0
cartography/models/scaleway/iam/apikey.py +100 -0
cartography/models/scaleway/iam/application.py +52 -0
cartography/models/scaleway/iam/group.py +95 -0
cartography/models/scaleway/iam/user.py +64 -0
cartography/models/scaleway/instance/__init__.py +0 -0
cartography/models/scaleway/instance/flexibleip.py +52 -0
cartography/models/scaleway/instance/instance.py +120 -0
cartography/models/scaleway/organization.py +19 -0
cartography/models/scaleway/project.py +48 -0
cartography/models/scaleway/storage/__init__.py +0 -0
cartography/models/scaleway/storage/snapshot.py +78 -0
cartography/models/scaleway/storage/volume.py +51 -0
cartography/models/sentinelone/__init__.py +1 -0
cartography/models/sentinelone/account.py +40 -0
cartography/models/sentinelone/agent.py +50 -0
cartography/models/sentinelone/application.py +44 -0
cartography/models/sentinelone/application_version.py +96 -0
cartography/models/sentinelone/cve.py +73 -0
cartography/models/slack/__init__.py +0 -0
cartography/models/slack/channels.py +92 -0
cartography/models/slack/group.py +129 -0
cartography/models/slack/team.py +22 -0
cartography/models/slack/user.py +62 -0
cartography/models/snipeit/asset.py +2 -0
cartography/models/snipeit/user.py +4 -0
cartography/models/spacelift/__init__.py +0 -0
cartography/models/spacelift/cloudtrailevent.py +120 -0
cartography/models/spacelift/run.py +162 -0
cartography/models/spacelift/space.py +131 -0
cartography/models/spacelift/spaceliftaccount.py +31 -0
cartography/models/spacelift/spaceliftgitcommit.py +157 -0
cartography/models/spacelift/stack.py +96 -0
cartography/models/spacelift/user.py +63 -0
cartography/models/spacelift/worker.py +97 -0
cartography/models/spacelift/workerpool.py +90 -0
cartography/models/tailscale/device.py +2 -1
cartography/models/tailscale/user.py +6 -1
cartography/models/trivy/__init__.py +0 -0
cartography/models/trivy/findings.py +66 -0
cartography/models/trivy/fix.py +66 -0
cartography/models/trivy/package.py +71 -0
cartography/rules/README.md +1 -0
cartography/rules/__init__.py +0 -0
cartography/rules/cli.py +261 -0
cartography/rules/data/__init__.py +0 -0
cartography/rules/data/rules/__init__.py +46 -0
cartography/rules/data/rules/cloud_security_product_deactivated.py +49 -0
cartography/rules/data/rules/compute_instance_exposed.py +51 -0
cartography/rules/data/rules/database_instance_exposed.py +53 -0
cartography/rules/data/rules/delegation_boundary_modifiable.py +90 -0
cartography/rules/data/rules/identity_administration_privileges.py +100 -0
cartography/rules/data/rules/inactive_user_active_accounts.py +48 -0
cartography/rules/data/rules/malicious_npm_dependencies_shai_hulud.py +2222 -0
cartography/rules/data/rules/mfa_missing.py +46 -0
cartography/rules/data/rules/object_storage_public.py +100 -0
cartography/rules/data/rules/policy_administration_privileges.py +104 -0
cartography/rules/data/rules/unmanaged_accounts.py +43 -0
cartography/rules/data/rules/workload_identity_admin_capabilities.py +193 -0
cartography/rules/formatters.py +108 -0
cartography/rules/runners.py +216 -0
cartography/rules/spec/__init__.py +0 -0
cartography/rules/spec/model.py +267 -0
cartography/rules/spec/result.py +38 -0
cartography/sync.py +25 -5
cartography/util.py +101 -31
{cartography-0.104.0rc2.dist-info → cartography-0.123.0.dist-info}/METADATA +61 -22
cartography-0.123.0.dist-info/RECORD +856 -0
{cartography-0.104.0rc2.dist-info → cartography-0.123.0.dist-info}/entry_points.txt +1 -0
cartography/data/jobs/cleanup/aws_dns_cleanup.json +0 -65
cartography/data/jobs/cleanup/aws_import_account_access_key_cleanup.json +0 -17
cartography/data/jobs/cleanup/aws_import_ec2_security_groupinfo_cleanup.json +0 -24
cartography/data/jobs/cleanup/aws_import_groups_cleanup.json +0 -13
cartography/data/jobs/cleanup/aws_import_identity_center_cleanup.json +0 -16
cartography/data/jobs/cleanup/aws_import_lambda_cleanup.json +0 -50
cartography/data/jobs/cleanup/aws_import_principals_cleanup.json +0 -30
cartography/data/jobs/cleanup/aws_import_rds_clusters_cleanup.json +0 -23
cartography/data/jobs/cleanup/aws_import_rds_instances_cleanup.json +0 -47
cartography/data/jobs/cleanup/aws_import_rds_snapshots_cleanup.json +0 -23
cartography/data/jobs/cleanup/aws_import_roles_cleanup.json +0 -13
cartography/data/jobs/cleanup/aws_import_secrets_cleanup.json +0 -8
cartography/data/jobs/cleanup/aws_import_snapshots_cleanup.json +0 -30
cartography/data/jobs/cleanup/aws_import_users_cleanup.json +0 -8
cartography/data/jobs/cleanup/aws_import_vpc_cleanup.json +0 -23
cartography/data/jobs/cleanup/aws_import_vpc_peering_cleanup.json +0 -45
cartography/data/jobs/cleanup/aws_kms_details.json +0 -10
cartography/data/jobs/cleanup/azure_cosmosdb_cassandra_keyspace_cleanup.json +0 -25
cartography/data/jobs/cleanup/azure_cosmosdb_cors_details.json +0 -15
cartography/data/jobs/cleanup/azure_cosmosdb_mongodb_database_cleanup.json +0 -25
cartography/data/jobs/cleanup/azure_cosmosdb_sql_database_cleanup.json +0 -25
cartography/data/jobs/cleanup/azure_cosmosdb_table_resources_cleanup.json +0 -15
cartography/data/jobs/cleanup/azure_database_account_cleanup.json +0 -85
cartography/data/jobs/cleanup/azure_import_disks_cleanup.json +0 -15
cartography/data/jobs/cleanup/azure_import_snapshots_cleanup.json +0 -15
cartography/data/jobs/cleanup/azure_import_virtual_machines_cleanup.json +0 -25
cartography/data/jobs/cleanup/azure_sql_server_cleanup.json +0 -125
cartography/data/jobs/cleanup/azure_storage_account_cleanup.json +0 -95
cartography/data/jobs/cleanup/azure_subscriptions_cleanup.json +0 -14
cartography/data/jobs/cleanup/azure_tenant_cleanup.json +0 -9
cartography/data/jobs/cleanup/gcp_compute_vpc_subnet_cleanup.json +0 -35
cartography/data/jobs/cleanup/gcp_crm_folder_cleanup.json +0 -23
cartography/data/jobs/cleanup/gcp_crm_organization_cleanup.json +0 -17
cartography/data/jobs/cleanup/gcp_crm_project_cleanup.json +0 -23
cartography/data/jobs/cleanup/gcp_dns_cleanup.json +0 -29
cartography/data/jobs/cleanup/gcp_gke_cluster_cleanup.json +0 -17
cartography/data/jobs/cleanup/gcp_storage_bucket_cleanup.json +0 -29
cartography/data/jobs/cleanup/gsuite_ingest_groups_cleanup.json +0 -23
cartography/data/jobs/cleanup/gsuite_ingest_users_cleanup.json +0 -11
cartography/data/jobs/cleanup/kubernetes_import_cleanup.json +0 -70
cartography/intel/gcp/crm.py +0 -355
cartography/intel/gsuite/api.py +0 -342
cartography-0.104.0rc2.dist-info/RECORD +0 -455
/cartography/data/jobs/{analysis → scoped_analysis}/aws_s3acl_analysis.json +0 -0
/cartography/models/aws/{apigateway.py → apigateway/apigateway.py} +0 -0
/cartography/models/aws/{apigatewaycertificate.py → apigateway/apigatewaycertificate.py} +0 -0
/cartography/models/aws/{apigatewayresource.py → apigateway/apigatewayresource.py} +0 -0
/cartography/models/aws/{apigatewaystage.py → apigateway/apigatewaystage.py} +0 -0
{cartography-0.104.0rc2.dist-info → cartography-0.123.0.dist-info}/WHEEL +0 -0
{cartography-0.104.0rc2.dist-info → cartography-0.123.0.dist-info}/licenses/LICENSE +0 -0
{cartography-0.104.0rc2.dist-info → cartography-0.123.0.dist-info}/top_level.txt +0 -0

cartography/rules/runners.py ADDED Viewed

@@ -0,0 +1,216 @@
+"""
+Framework and Fact execution logic for Cartography rules.
+"""
+from neo4j import Driver
+from neo4j import GraphDatabase
+from cartography.client.core.tx import read_list_of_dicts_tx
+from cartography.rules.data.rules import RULES
+from cartography.rules.formatters import _format_and_output_results
+from cartography.rules.formatters import _generate_neo4j_browser_url
+from cartography.rules.spec.model import Fact
+from cartography.rules.spec.model import Maturity
+from cartography.rules.spec.model import Rule
+from cartography.rules.spec.result import CounterResult
+from cartography.rules.spec.result import FactResult
+from cartography.rules.spec.result import RuleResult
+def _run_fact(
+    fact: Fact,
+    rule: Rule,
+    driver: Driver,
+    database: str,
+    counter: CounterResult,
+    output_format: str,
+    neo4j_uri: str,
+) -> FactResult:
+    """Execute a single fact and return the result."""
+    if output_format == "text":
+        print(
+            f"\n\033[1mFact {counter.current_fact}/{counter.total_facts}: {fact.name}\033[0m"
+        )
+        # Display rule
+        print(f"  \033[36m{'Rule:':<12}\033[0m {rule.id} - {rule.name}")
+        # Display fact details
+        print(f"  \033[36m{'Fact ID:':<12}\033[0m {fact.id}")
+        print(f"  \033[36m{'Description:':<12}\033[0m {fact.description}")
+        print(f"  \033[36m{'Provider:':<12}\033[0m {fact.module.value}")
+        # Generate and display clickable Neo4j Browser URL
+        browser_url = _generate_neo4j_browser_url(neo4j_uri, fact.cypher_visual_query)
+        print(
+            f"  \033[36m{'Neo4j Query:':<12}\033[0m \033]8;;{browser_url}\033\\Click to run visual query\033]8;;\033\\"
+        )
+    with driver.session(database=database) as session:
+        raw_findings = session.execute_read(read_list_of_dicts_tx, fact.cypher_query)
+        findings = rule.parse_results(fact, raw_findings)
+        findings_count = len(findings)
+    if output_format == "text":
+        if findings_count > 0:
+            print(f"  \033[36m{'Results:':<12}\033[0m {findings_count} item(s) found")
+            # Show sample findings
+            print("    Sample results:")
+            for idx, finding in enumerate(findings[:3]):  # Show first 3
+                # Format rule output nicely
+                formatted_items = []
+                for key, value in finding.__class__.model_fields.items():
+                    if value is not None:
+                        # Truncate long values
+                        actual_value = getattr(finding, key)
+                        str_value = str(actual_value)
+                        if len(str_value) > 50:
+                            str_value = str_value[:47] + "..."
+                        formatted_items.append(f"{key}={str_value}")
+                if formatted_items:
+                    print(f"      {idx + 1}. {', '.join(formatted_items)}")
+            if findings_count > 3:
+                print(
+                    f"      ... and {findings_count - 3} more (use --output json to see all)"
+                )
+        else:
+            print(f"  \033[36m{'Results:':<12}\033[0m No items found")
+    # Create and return fact result
+    counter.total_findings += findings_count
+    return FactResult(
+        fact_id=fact.id,
+        fact_name=fact.name,
+        fact_description=fact.description,
+        fact_provider=fact.module.value,
+        findings=findings,
+    )
+def _run_single_rule(
+    rule_name: str,
+    driver: GraphDatabase.driver,
+    database: str,
+    output_format: str,
+    neo4j_uri: str,
+    fact_filter: str | None = None,
+    exclude_experimental: bool = False,
+) -> RuleResult:
+    """Execute a single rule and return results."""
+    rule = RULES[rule_name]
+    counter = CounterResult()
+    filtered_facts: list[Fact] = []
+    for fact in rule.facts:
+        if exclude_experimental and fact.maturity != Maturity.STABLE:
+            continue
+        if fact_filter:
+            if fact.id.lower() != fact_filter.lower():
+                continue
+        counter.total_facts += 1
+        filtered_facts.append(fact)
+    if output_format == "text":
+        print(f"Executing {rule.name} rule")
+        if fact_filter:
+            print(f"Filtered to fact: {fact_filter}")
+        print(f"Total facts: {counter.total_facts}")
+    # Execute requirements and collect results
+    rule_results = []
+    for fact in filtered_facts:
+        counter.current_fact += 1
+        fact_result = _run_fact(
+            fact,
+            rule,
+            driver,
+            database,
+            counter,
+            output_format,
+            neo4j_uri,
+        )
+        rule_results.append(fact_result)
+    # Create and return rule result
+    return RuleResult(
+        rule_id=rule.id,
+        rule_name=rule.name,
+        rule_description=rule.description,
+        facts=rule_results,
+        counter=counter,
+    )
+def run_rules(
+    rule_names: list[str],
+    uri: str,
+    neo4j_user: str,
+    neo4j_password: str,
+    neo4j_database: str,
+    output_format: str = "text",
+    fact_filter: str | None = None,
+    exclude_experimental: bool = False,
+):
+    """
+    Execute the specified rules and present results.
+    :param rule_names: The names of the rules to execute.
+    :param uri: The URI of the Neo4j database. E.g. "bolt://localhost:7687" or "neo4j+s://tenant123.databases.neo4j.io:7687"
+    :param neo4j_user: The username for the Neo4j database.
+    :param neo4j_password: The password for the Neo4j database.
+    :param neo4j_database: The name of the Neo4j database.
+    :param output_format: Either "text" or "json". Defaults to "text".
+    :param fact_filter: Optional fact ID to filter execution (case-insensitive).
+    :param exclude_experimental: Whether to exclude experimental facts from execution.
+    :return: The exit code.
+    """
+    # Validate all rules exist
+    for rule_name in rule_names:
+        if rule_name not in RULES:
+            if output_format == "text":
+                print(f"Unknown rule: {rule_name}")
+                print(f"Available rules: {', '.join(RULES.keys())}")
+            return 1
+    # Connect to Neo4j
+    if output_format == "text":
+        print(f"Connecting to Neo4j at {uri}...")
+    driver = GraphDatabase.driver(uri, auth=(neo4j_user, neo4j_password))
+    try:
+        driver.verify_connectivity()
+        # Execute rules
+        all_results = []
+        total_facts = 0
+        total_findings = 0
+        for i, rule_name in enumerate(rule_names):
+            if output_format == "text" and len(rule_names) > 1:
+                if i > 0:
+                    print("\n" + "=" * 60)
+                print(f"Executing rule {i + 1}/{len(rule_names)}: {rule_name}")
+            rule_result = _run_single_rule(
+                rule_name,
+                driver,
+                neo4j_database,
+                output_format,
+                uri,
+                fact_filter,
+                exclude_experimental,
+            )
+            all_results.append(rule_result)
+            total_facts += rule_result.counter.total_facts
+            total_findings += rule_result.counter.total_findings
+        # Output results
+        _format_and_output_results(
+            all_results, rule_names, output_format, total_facts, total_findings
+        )
+        return 0
+    finally:
+        driver.close()

cartography/rules/spec/__init__.py ADDED Viewed

File without changes

cartography/rules/spec/model.py ADDED Viewed

@@ -0,0 +1,267 @@
+import json
+import logging
+from dataclasses import dataclass
+from dataclasses import field
+from enum import Enum
+from typing import Any
+from typing import no_type_check
+from pydantic import BaseModel
+from pydantic import ConfigDict
+from pydantic import model_validator
+logger = logging.getLogger(__name__)
+class Module(str, Enum):
+    """Services that can be monitored"""
+    AIRBYTE = "Airbyte"
+    """Airbyte data integration"""
+    ANTHROPIC = "Anthropic"
+    """Anthropic AI"""
+    AWS = "AWS"
+    """Amazon Web Services"""
+    AZURE = "Azure"
+    """Microsoft Azure"""
+    BIGFIX = "BigFix"
+    """BigFix patch management"""
+    CLOUDFLARE = "Cloudflare"
+    """Cloudflare services"""
+    CROWDSTRIKE = "CrowdStrike"
+    """CrowdStrike endpoint security"""
+    DIGITALOCEAN = "DigitalOcean"
+    """DigitalOcean cloud services"""
+    DUO = "Duo"
+    """Duo authentication"""
+    ENTRA = "Entra"
+    """Entra identity and access management"""
+    GCP = "GCP"
+    """Google Cloud Platform"""
+    GITHUB = "GitHub"
+    """GitHub source code management"""
+    GOOGLEWORKSPACE = "GoogleWorkspace"
+    """Google Workspace identity and access management"""
+    JAMF = "Jamf"
+    """Jamf endpoint security"""
+    KANDJI = "Kandji"
+    """Kandji endpoint security"""
+    KEYCLOAK = "Keycloak"
+    """Keycloak identity and access management"""
+    KUBERNETES = "Kubernetes"
+    """Kubernetes cluster security"""
+    LASTPASS = "LastPass"
+    """LastPass password manager"""
+    OCI = "OCI"
+    """Oracle Cloud Infrastructure"""
+    OKTA = "Okta"
+    """Okta identity and access management"""
+    OPENAI = "OpenAI"
+    """OpenAI"""
+    PAGERDUTY = "PagerDuty"
+    """PagerDuty incident response"""
+    SCALEWAY = "Scaleway"
+    """Scaleway cloud services"""
+    SEMGREP = "Semgrep"
+    """Semgrep code security"""
+    SENTINELONE = "SentinelOne"
+    """SentinelOne endpoint security"""
+    SNIPEIT = "Snipe-IT"
+    """Snipe-IT asset management"""
+    SPACELIFT = "SpaceLift"
+    """SpaceLift infrastructure as code"""
+    TAILSCALE = "TailScale"
+    """TailScale VPN"""
+    TRIVY = "Trivy"
+    """Trivy vulnerability scanner"""
+    CROSS_CLOUD = "Cross-Cloud"
+    """Multi-cloud or provider-agnostic rules"""
+class Maturity(str, Enum):
+    """Maturity levels for Facts."""
+    EXPERIMENTAL = "EXPERIMENTAL"
+    """Experimental: Initial version, may be unstable or incomplete."""
+    STABLE = "STABLE"
+    """Stable: Well-tested and reliable for production use."""
+MODULE_TO_CARTOGRAPHY_INTEL = {
+    Module.AIRBYTE: "airbyte",
+    Module.ANTHROPIC: "anthropic",
+    Module.AWS: "aws",
+    Module.AZURE: "azure",
+    Module.BIGFIX: "bigfix",
+    Module.CLOUDFLARE: "cloudflare",
+    Module.CROWDSTRIKE: "crowdstrike",
+    Module.DIGITALOCEAN: "digitalocean",
+    Module.DUO: "duo",
+    Module.ENTRA: "entra",
+    Module.GCP: "gcp",
+    Module.GITHUB: "github",
+    Module.GOOGLEWORKSPACE: "googleworkspace",
+    Module.JAMF: "jamf",
+    Module.KANDJI: "kandji",
+    Module.KEYCLOAK: "keycloak",
+    Module.KUBERNETES: "kubernetes",
+    Module.LASTPASS: "lastpass",
+    Module.OCI: "oci",
+    Module.OKTA: "okta",
+    Module.OPENAI: "openai",
+    Module.PAGERDUTY: "pagerduty",
+    Module.SCALEWAY: "scaleway",
+    Module.SEMGREP: "semgrep",
+    Module.SENTINELONE: "sentinelone",
+    Module.SNIPEIT: "snipeit",
+    Module.SPACELIFT: "spacelift",
+    Module.TAILSCALE: "tailscale",
+    Module.TRIVY: "trivy",
+}
+@dataclass(frozen=True)
+class RuleReference:
+    """A reference document for a Rule."""
+    text: str
+    url: str
+@dataclass(frozen=True)
+class Fact:
+    """A Fact gathers information about the environment using a Cypher query."""
+    id: str
+    """A descriptive identifier for the Fact. By convention, should be lowercase and use underscores like `rule-name-module`."""
+    name: str
+    """A descriptive name for the Fact."""
+    description: str
+    """More details about the Fact. Information on details that we're querying for."""
+    module: Module
+    """The Module that the Fact is associated with e.g. AWS, Azure, GCP, etc."""
+    maturity: Maturity
+    """The maturity level of the Fact query."""
+    # TODO can we lint the queries. full-on integ tests here are overkill though.
+    cypher_query: str
+    """The Cypher query to gather information about the environment. Returns data field by field e.g. `RETURN node.prop1, node.prop2`."""
+    cypher_visual_query: str
+    """
+    Same as `cypher_query`, returns it in a visual format for the web interface with `.. RETURN *`.
+    Often includes additional relationships to help give context.
+    """
+class Finding(BaseModel):
+    """Base class for Rule finding models."""
+    # TODO: make this property mandatory one all modules have been updated to new datamodel
+    source: str | None = None
+    """The source of the Fact data, e.g. the specific Cartography module that ingested the data. This field is useful especially for CROSS_CLOUD facts."""
+    extra: dict[str, Any] = {}
+    """A dictionary to hold any extra fields returned by the Fact query that are not explicitly defined in the output model."""
+    # Config to coerce numbers to strings during instantiation
+    model_config = ConfigDict(coerce_numbers_to_str=True)
+    # Coerce o strings
+    @no_type_check
+    @model_validator(mode="before")
+    @classmethod
+    def coerce_to_string(cls, data: Any) -> Any:
+        if not isinstance(data, dict):
+            return data
+        for name, f in cls.model_fields.items():
+            if f.annotation is not str:
+                continue
+            if name not in data:
+                continue
+            v = data[name]
+            if isinstance(v, (list, tuple, set)):
+                data[name] = ", ".join(v)
+            if isinstance(v, dict):
+                data[name] = json.dumps(v)
+        return data
+@dataclass(frozen=True)
+class Rule:
+    """A Rule represents a security issue or misconfiguration detected in the environment."""
+    id: str
+    """A unique identifier for the Rule. Should be globally unique within Cartography."""
+    name: str
+    """A brief name for the Rule."""
+    tags: tuple[str, ...]
+    """Tags associated with the Rule for categorization and filtering."""
+    description: str
+    """A brief description of the Rule. Can include details about the security issue or misconfiguration."""
+    version: str
+    """The version of the Rule definition."""
+    facts: tuple[Fact, ...]
+    """The Facts that contribute to this Rule."""
+    output_model: type[Finding]
+    """The output model class for the Rule."""
+    references: list[RuleReference] = field(default_factory=list)
+    """References or links to external resources related to the Rule."""
+    @property
+    def modules(self) -> set[Module]:
+        """Returns the set of modules associated with this rule."""
+        return {fact.module for fact in self.facts}
+    def get_fact_by_id(self, fact_id: str) -> Fact | None:
+        """Returns a fact by its ID, or None if not found."""
+        for fact in self.facts:
+            if fact.id.lower() == fact_id.lower():
+                return fact
+        return None
+    def parse_results(
+        self, fact: Fact, fact_results: list[dict[str, Any]]
+    ) -> list[Finding]:
+        # DOC
+        result: list[Finding] = []
+        for result_item in fact_results:
+            parsed_output: dict[str, Any] = {"extra": {}, "source": fact.module.value}
+            for key, value in result_item.items():
+                if value is None:
+                    continue
+                if key not in self.output_model.model_fields:
+                    parsed_output["extra"][key] = value
+                else:
+                    parsed_output[key] = value
+            result.append(self.output_model(**parsed_output))
+        return result

cartography/rules/spec/result.py ADDED Viewed

@@ -0,0 +1,38 @@
+# Execution result classes
+from dataclasses import dataclass
+from dataclasses import field
+from cartography.rules.spec.model import Finding
+@dataclass
+class CounterResult:
+    current_fact: int = 0
+    total_facts: int = 0
+    total_findings: int = 0
+@dataclass
+class FactResult:
+    """
+    Results for a single Fact.
+    """
+    fact_id: str
+    fact_name: str
+    fact_description: str
+    fact_provider: str
+    findings: list[Finding] = field(default_factory=list)
+@dataclass
+class RuleResult:
+    """
+    Results for a single Rule.
+    """
+    rule_id: str
+    rule_name: str
+    rule_description: str
+    counter: CounterResult
+    facts: list[FactResult] = field(default_factory=list)

cartography/sync.py CHANGED Viewed

@@ -13,6 +13,7 @@ import neo4j.exceptions
 from neo4j import GraphDatabase
 from statsd import StatsClient
+import cartography.intel.airbyte
 import cartography.intel.analysis
 import cartography.intel.anthropic
 import cartography.intel.aws
@@ -27,16 +28,26 @@ import cartography.intel.duo
 import cartography.intel.entra
 import cartography.intel.gcp
 import cartography.intel.github
+import cartography.intel.googleworkspace
 import cartography.intel.gsuite
+import cartography.intel.jamf
 import cartography.intel.kandji
+import cartography.intel.keycloak
 import cartography.intel.kubernetes
 import cartography.intel.lastpass
 import cartography.intel.oci
 import cartography.intel.okta
+import cartography.intel.ontology
 import cartography.intel.openai
+import cartography.intel.pagerduty
+import cartography.intel.scaleway
 import cartography.intel.semgrep
+import cartography.intel.sentinelone
+import cartography.intel.slack
 import cartography.intel.snipeit
+import cartography.intel.spacelift
 import cartography.intel.tailscale
+import cartography.intel.trivy
 from cartography.config import Config
 from cartography.stats import set_stats_client
 from cartography.util import STATUS_FAILURE
@@ -45,9 +56,10 @@ from cartography.util import STATUS_SUCCESS
 logger = logging.getLogger(__name__)
-TOP_LEVEL_MODULES = OrderedDict(
+TOP_LEVEL_MODULES: OrderedDict[str, Callable[..., None]] = OrderedDict(
     {  # preserve order so that the default sync always runs `analysis` at the very end
         "create-indexes": cartography.intel.create_indexes.run,
+        "airbyte": cartography.intel.airbyte.start_airbyte_ingestion,
         "anthropic": cartography.intel.anthropic.start_anthropic_ingestion,
         "aws": cartography.intel.aws.start_aws_ingestion,
         "azure": cartography.intel.azure.start_azure_ingestion,
@@ -55,6 +67,7 @@ TOP_LEVEL_MODULES = OrderedDict(
         "cloudflare": cartography.intel.cloudflare.start_cloudflare_ingestion,
         "crowdstrike": cartography.intel.crowdstrike.start_crowdstrike_ingestion,
         "gcp": cartography.intel.gcp.start_gcp_ingestion,
+        "googleworkspace": cartography.intel.googleworkspace.start_googleworkspace_ingestion,
         "gsuite": cartography.intel.gsuite.start_gsuite_ingestion,
         "cve": cartography.intel.cve.start_cve_ingestion,
         "oci": cartography.intel.oci.start_oci_ingestion,
@@ -63,13 +76,23 @@ TOP_LEVEL_MODULES = OrderedDict(
         "github": cartography.intel.github.start_github_ingestion,
         "digitalocean": cartography.intel.digitalocean.start_digitalocean_ingestion,
         "kandji": cartography.intel.kandji.start_kandji_ingestion,
+        "keycloak": cartography.intel.keycloak.start_keycloak_ingestion,
         "kubernetes": cartography.intel.kubernetes.start_k8s_ingestion,
         "lastpass": cartography.intel.lastpass.start_lastpass_ingestion,
         "bigfix": cartography.intel.bigfix.start_bigfix_ingestion,
         "duo": cartography.intel.duo.start_duo_ingestion,
+        "scaleway": cartography.intel.scaleway.start_scaleway_ingestion,
         "semgrep": cartography.intel.semgrep.start_semgrep_ingestion,
         "snipeit": cartography.intel.snipeit.start_snipeit_ingestion,
         "tailscale": cartography.intel.tailscale.start_tailscale_ingestion,
+        "jamf": cartography.intel.jamf.start_jamf_ingestion,
+        "pagerduty": cartography.intel.pagerduty.start_pagerduty_ingestion,
+        "trivy": cartography.intel.trivy.start_trivy_ingestion,
+        "sentinelone": cartography.intel.sentinelone.start_sentinelone_ingestion,
+        "slack": cartography.intel.slack.start_slack_ingestion,
+        "spacelift": cartography.intel.spacelift.start_spacelift_ingestion,
+        "ontology": cartography.intel.ontology.run,
+        # Analysis should be the last stage
         "analysis": cartography.intel.analysis.run,
     }
 )
@@ -197,14 +220,11 @@ class Sync:
                         intel_module_info.name,
                     )
                 available_modules[intel_module_info.name] = v
+        available_modules["ontology"] = cartography.intel.ontology.run
         available_modules["analysis"] = cartography.intel.analysis.run
         return available_modules
-# Used to avoid repeatedly calling Sync.list_intel_modules()
-TOP_LEVEL_MODULES = Sync.list_intel_modules()
 def run_with_config(sync: Sync, config: Union[Config, argparse.Namespace]) -> int:
     """
     Execute the cartography.sync.Sync.run method with parameters built from the given configuration object.

cartography 0.104.0rc2__py3-none-any.whl → 0.123.0__py3-none-any.whl

cartography 0.104.0rc2py3-none-any.whl → 0.123.0py3-none-any.whl