cartography 0.104.0rc3__py3-none-any.whl → 0.105.0__py3-none-any.whl

cartography/models/aws/secretsmanager/secret_version.py

@@ -91,8 +91,6 @@ class SecretsManagerSecretVersionToKMSKeyRel(CartographyRelSchema):
     properties: SecretsManagerSecretVersionRelProperties = (
         SecretsManagerSecretVersionRelProperties()
     )
-    # Only create this relationship if KmsKeyId exists
-    conditional_match_property: str = "KmsKeyId"
 
 
 @dataclass(frozen=True)

cartography/models/aws/sqs/queue.py

@@ -0,0 +1,89 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class SQSQueueNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("QueueArn")
+    arn: PropertyRef = PropertyRef("QueueArn", extra_index=True)
+    name: PropertyRef = PropertyRef("name")
+    url: PropertyRef = PropertyRef("url")
+    created_timestamp: PropertyRef = PropertyRef("CreatedTimestamp")
+    delay_seconds: PropertyRef = PropertyRef("DelaySeconds")
+    last_modified_timestamp: PropertyRef = PropertyRef("LastModifiedTimestamp")
+    maximum_message_size: PropertyRef = PropertyRef("MaximumMessageSize")
+    message_retention_period: PropertyRef = PropertyRef("MessageRetentionPeriod")
+    policy: PropertyRef = PropertyRef("Policy")
+    receive_message_wait_time_seconds: PropertyRef = PropertyRef(
+        "ReceiveMessageWaitTimeSeconds"
+    )
+    redrive_policy_dead_letter_target_arn: PropertyRef = PropertyRef(
+        "redrive_policy_dead_letter_target_arn"
+    )
+    redrive_policy_max_receive_count: PropertyRef = PropertyRef(
+        "redrive_policy_max_receive_count"
+    )
+    visibility_timeout: PropertyRef = PropertyRef("VisibilityTimeout")
+    kms_master_key_id: PropertyRef = PropertyRef("KmsMasterKeyId")
+    kms_data_key_reuse_period_seconds: PropertyRef = PropertyRef(
+        "KmsDataKeyReusePeriodSeconds"
+    )
+    fifo_queue: PropertyRef = PropertyRef("FifoQueue")
+    content_based_deduplication: PropertyRef = PropertyRef("ContentBasedDeduplication")
+    deduplication_scope: PropertyRef = PropertyRef("DeduplicationScope")
+    fifo_throughput_limit: PropertyRef = PropertyRef("FifoThroughputLimit")
+    region: PropertyRef = PropertyRef("Region", set_in_kwargs=True)
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class SQSQueueToAWSAccountRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class SQSQueueToAWSAccountRel(CartographyRelSchema):
+    target_node_label: str = "AWSAccount"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("AWS_ID", set_in_kwargs=True)}
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: SQSQueueToAWSAccountRelProperties = SQSQueueToAWSAccountRelProperties()
+
+
+@dataclass(frozen=True)
+class SQSQueueToDeadLetterQueueRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class SQSQueueToDeadLetterQueueRel(CartographyRelSchema):
+    target_node_label: str = "SQSQueue"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("redrive_policy_dead_letter_target_arn")}
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "HAS_DEADLETTER_QUEUE"
+    properties: SQSQueueToDeadLetterQueueRelProperties = (
+        SQSQueueToDeadLetterQueueRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class SQSQueueSchema(CartographyNodeSchema):
+    label: str = "SQSQueue"
+    properties: SQSQueueNodeProperties = SQSQueueNodeProperties()
+    sub_resource_relationship: SQSQueueToAWSAccountRel = SQSQueueToAWSAccountRel()
+    other_relationships: OtherRelationships = OtherRelationships(
+        [SQSQueueToDeadLetterQueueRel()]
+    )

cartography/models/core/nodes.py

@@ -91,7 +91,7 @@ class CartographyNodeSchema(abc.ABC):
         """
         Optional.
         Allows subclasses to specify additional cartography relationships on the node.
-        :return: None if not overriden. Else return the node's OtherRelationships.
+        :return: None if not overridden. Else return the node's OtherRelationships.
         """
         return None
 
@@ -100,6 +100,19 @@ class CartographyNodeSchema(abc.ABC):
         """
         Optional.
         Allows specifying extra labels on the node.
-        :return: None if not overriden. Else return the ExtraNodeLabels specified on the node.
+        :return: None if not overridden. Else return the ExtraNodeLabels specified on the node.
         """
         return None
+
+    @property
+    def scoped_cleanup(self) -> bool:
+        """
+        Optional.
+        Allows specifying whether cleanups of this node must be scoped to the sub resource relationship.
+        If True (default), when we clean up nodes of this type, we will only delete stale nodes in the current sub
+        resource. This is how our AWS sync behaves.
+        If False, when we clean up node of this type, we will delete all stale nodes. This is designed for resource
+        types that don't have a "tenant"-like entity.
+        :return: True if not overridden. Else return the boolean value specified on the node.
+        """
+        return True

cartography/models/entra/group.py

@@ -0,0 +1,91 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class EntraGroupNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("id")
+    display_name: PropertyRef = PropertyRef("display_name")
+    description: PropertyRef = PropertyRef("description")
+    mail: PropertyRef = PropertyRef("mail")
+    mail_nickname: PropertyRef = PropertyRef("mail_nickname")
+    mail_enabled: PropertyRef = PropertyRef("mail_enabled")
+    security_enabled: PropertyRef = PropertyRef("security_enabled")
+    group_types: PropertyRef = PropertyRef("group_types")
+    visibility: PropertyRef = PropertyRef("visibility")
+    is_assignable_to_role: PropertyRef = PropertyRef("is_assignable_to_role")
+    created_date_time: PropertyRef = PropertyRef("created_date_time")
+    deleted_date_time: PropertyRef = PropertyRef("deleted_date_time")
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class EntraGroupToTenantRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class EntraGroupToTenantRel(CartographyRelSchema):
+    target_node_label: str = "EntraTenant"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("TENANT_ID", set_in_kwargs=True)}
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: EntraGroupToTenantRelProperties = EntraGroupToTenantRelProperties()
+
+
+@dataclass(frozen=True)
+class EntraGroupToUserRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+# (:EntraUser)-[:MEMBER_OF]->(:EntraGroup)
+class EntraGroupToUserRel(CartographyRelSchema):
+    target_node_label: str = "EntraUser"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("member_ids", one_to_many=True)}
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "MEMBER_OF"
+    properties: EntraGroupToUserRelProperties = EntraGroupToUserRelProperties()
+
+
+@dataclass(frozen=True)
+class EntraGroupToGroupRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+# (:EntraGroup)-[:MEMBER_OF]->(:EntraGroup)
+class EntraGroupToGroupRel(CartographyRelSchema):
+    target_node_label: str = "EntraGroup"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("member_group_ids", one_to_many=True)}
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "MEMBER_OF"
+    properties: EntraGroupToGroupRelProperties = EntraGroupToGroupRelProperties()
+
+
+@dataclass(frozen=True)
+class EntraGroupSchema(CartographyNodeSchema):
+    label: str = "EntraGroup"
+    properties: EntraGroupNodeProperties = EntraGroupNodeProperties()
+    sub_resource_relationship: EntraGroupToTenantRel = EntraGroupToTenantRel()
+    other_relationships: OtherRelationships = OtherRelationships(
+        [
+            EntraGroupToGroupRel(),
+            EntraGroupToUserRel(),
+        ]
+    )

cartography/models/trivy/findings.py

@@ -0,0 +1,66 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.nodes import ExtraNodeLabels
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class TrivyImageFindingNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("id")
+    name: PropertyRef = PropertyRef("VulnerabilityID")
+    cve_id: PropertyRef = PropertyRef("cve_id")
+    description: PropertyRef = PropertyRef("Description")
+    last_modified_date: PropertyRef = PropertyRef("LastModifiedDate")
+    primary_url: PropertyRef = PropertyRef("PrimaryURL")
+    published_date: PropertyRef = PropertyRef("PublishedDate")
+    severity: PropertyRef = PropertyRef("Severity")
+    severity_source: PropertyRef = PropertyRef("SeveritySource")
+    title: PropertyRef = PropertyRef("Title")
+    cvss_nvd_v2_score: PropertyRef = PropertyRef("nvd_v2_score")
+    cvss_nvd_v2_vector: PropertyRef = PropertyRef("nvd_v2_vector")
+    cvss_nvd_v3_score: PropertyRef = PropertyRef("nvd_v3_score")
+    cvss_nvd_v3_vector: PropertyRef = PropertyRef("nvd_v3_vector")
+    cvss_redhat_v3_score: PropertyRef = PropertyRef("redhat_v3_score")
+    cvss_redhat_v3_vector: PropertyRef = PropertyRef("redhat_v3_vector")
+    cvss_ubuntu_v3_score: PropertyRef = PropertyRef("ubuntu_v3_score")
+    cvss_ubuntu_v3_vector: PropertyRef = PropertyRef("ubuntu_v3_vector")
+    class_name: PropertyRef = PropertyRef("Class")
+    type: PropertyRef = PropertyRef("Type")
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class TrivyFindingToImageRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class TrivyFindingToImage(CartographyRelSchema):
+    target_node_label: str = "ECRImage"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("ImageDigest")},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "AFFECTS"
+    properties: TrivyFindingToImageRelProperties = TrivyFindingToImageRelProperties()
+
+
+@dataclass(frozen=True)
+class TrivyImageFindingSchema(CartographyNodeSchema):
+    label: str = "TrivyImageFinding"
+    scoped_cleanup: bool = False
+    extra_node_labels: ExtraNodeLabels = ExtraNodeLabels(["Risk", "CVE"])
+    properties: TrivyImageFindingNodeProperties = TrivyImageFindingNodeProperties()
+    other_relationships: OtherRelationships = OtherRelationships(
+        [
+            TrivyFindingToImage(),
+        ],
+    )

cartography/models/trivy/fix.py

@@ -0,0 +1,66 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.nodes import ExtraNodeLabels
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class TrivyFixNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("id")
+    version: PropertyRef = PropertyRef("FixedVersion")
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class TrivyFixToPackageRelProperties(CartographyRelProperties):
+    version: PropertyRef = PropertyRef("FixedVersion")
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class TrivyFixToPackage(CartographyRelSchema):
+    target_node_label: str = "Package"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("PackageId")},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "SHOULD_UPDATE_TO"
+    properties: TrivyFixToPackageRelProperties = TrivyFixToPackageRelProperties()
+
+
+@dataclass(frozen=True)
+class TrivyFixToFindingRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class TrivyFixToFinding(CartographyRelSchema):
+    target_node_label: str = "TrivyImageFinding"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("FindingId")},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "APPLIES_TO"
+    properties: TrivyFixToFindingRelProperties = TrivyFixToFindingRelProperties()
+
+
+@dataclass(frozen=True)
+class TrivyFixSchema(CartographyNodeSchema):
+    label: str = "TrivyFix"
+    scoped_cleanup: bool = False
+    extra_node_labels: ExtraNodeLabels = ExtraNodeLabels(["Fix"])
+    properties: TrivyFixNodeProperties = TrivyFixNodeProperties()
+    other_relationships: OtherRelationships = OtherRelationships(
+        [
+            TrivyFixToPackage(),
+            TrivyFixToFinding(),
+        ],
+    )

cartography/models/trivy/package.py

@@ -0,0 +1,71 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.nodes import ExtraNodeLabels
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class TrivyPackageNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("id")
+    installed_version: PropertyRef = PropertyRef("InstalledVersion")
+    name: PropertyRef = PropertyRef("PkgName")
+    version: PropertyRef = PropertyRef("InstalledVersion")
+    class_name: PropertyRef = PropertyRef("Class")
+    type: PropertyRef = PropertyRef("Type")
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class TrivyPackageToImageRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class TrivyPackageToImage(CartographyRelSchema):
+    target_node_label: str = "ECRImage"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("ImageDigest")},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "DEPLOYED"
+    properties: TrivyPackageToImageRelProperties = TrivyPackageToImageRelProperties()
+
+
+@dataclass(frozen=True)
+class TrivyPackageToFindingRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class TrivyPackageToFinding(CartographyRelSchema):
+    target_node_label: str = "TrivyImageFinding"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("FindingId")},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "AFFECTS"
+    properties: TrivyPackageToFindingRelProperties = (
+        TrivyPackageToFindingRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class TrivyPackageSchema(CartographyNodeSchema):
+    label: str = "Package"
+    scoped_cleanup: bool = False
+    extra_node_labels: ExtraNodeLabels = ExtraNodeLabels(["TrivyPackage"])
+    properties: TrivyPackageNodeProperties = TrivyPackageNodeProperties()
+    other_relationships: OtherRelationships = OtherRelationships(
+        [
+            TrivyPackageToImage(),
+            TrivyPackageToFinding(),
+        ],
+    )

cartography/sync.py

@@ -37,6 +37,7 @@ import cartography.intel.openai
 import cartography.intel.semgrep
 import cartography.intel.snipeit
 import cartography.intel.tailscale
+import cartography.intel.trivy
 from cartography.config import Config
 from cartography.stats import set_stats_client
 from cartography.util import STATUS_FAILURE
@@ -70,6 +71,7 @@ TOP_LEVEL_MODULES = OrderedDict(
         "semgrep": cartography.intel.semgrep.start_semgrep_ingestion,
         "snipeit": cartography.intel.snipeit.start_snipeit_ingestion,
         "tailscale": cartography.intel.tailscale.start_tailscale_ingestion,
+        "trivy": cartography.intel.trivy.start_trivy_ingestion,
         "analysis": cartography.intel.analysis.run,
     }
 )

{cartography-0.104.0rc3.dist-info → cartography-0.105.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cartography
-Version: 0.104.0rc3
+Version: 0.105.0
 Summary: Explore assets and their relationships across your technical infrastructure.
 Maintainer: Cartography Contributors
 License: apache2
@@ -80,7 +80,7 @@ You can learn more about the story behind Cartography in our [presentation at BS
 
 
 ## Supported platforms
-- [Amazon Web Services](https://cartography-cncf.github.io/cartography/modules/aws/index.html) - API Gateway, CloudWatch, Config, EC2, ECS, ECR, Elasticsearch, Elastic Kubernetes Service (EKS), DynamoDB, IAM, Inspector, KMS, Lambda, RDS, Redshift, Route53, S3, Secrets Manager(Secret Versions), Security Hub, SQS, SSM, STS, Tags
+- [Amazon Web Services](https://cartography-cncf.github.io/cartography/modules/aws/index.html) - ACM, API Gateway, CloudWatch, Config, EC2, ECS, ECR, Elasticsearch, Elastic Kubernetes Service (EKS), DynamoDB, IAM, Inspector, KMS, Lambda, RDS, Redshift, Route53, S3, Secrets Manager(Secret Versions), Security Hub, SQS, SSM, STS, Tags
 - [Google Cloud Platform](https://cartography-cncf.github.io/cartography/modules/gcp/index.html) - Cloud Resource Manager, Compute, DNS, Storage, Google Kubernetes Engine
 - [Google GSuite](https://cartography-cncf.github.io/cartography/modules/gsuite/index.html) - users, groups
 - [Oracle Cloud Infrastructure](https://cartography-cncf.github.io/cartography/modules/oci/index.html) - IAM
@@ -102,6 +102,7 @@ You can learn more about the story behind Cartography in our [presentation at BS
 - [Cloudflare](https://cartography-cncf.github.io/cartography/modules/cloudflare/index.html) - Account, Role, Member, Zone, DNSRecord
 - [OpenAI](https://cartography-cncf.github.io/cartography/modules/openai/index.html) - Organization, AdminApiKey, User, Project, ServiceAccount, ApiKey
 - [Anthropic](https://cartography-cncf.github.io/cartography/modules/anthropic/index.html) - Organization, ApiKey, User, Workspace
+- [Trivy Scanner](https://cartography-cncf.github.io/cartography/modules/trivy/index.html) - AWS ECR Images
 
 
 ## Philosophy