cartography 0.109.0rc1__py3-none-any.whl → 0.110.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of cartography might be problematic. Click here for more details.

Files changed (78) hide show
  1. cartography/_version.py +2 -2
  2. cartography/cli.py +14 -0
  3. cartography/config.py +4 -0
  4. cartography/data/indexes.cypher +0 -15
  5. cartography/data/jobs/analysis/aws_ec2_keypair_analysis.json +2 -2
  6. cartography/intel/aws/cloudtrail_management_events.py +21 -0
  7. cartography/intel/aws/cognito.py +201 -0
  8. cartography/intel/aws/ecs.py +7 -1
  9. cartography/intel/aws/eventbridge.py +91 -0
  10. cartography/intel/aws/glue.py +181 -0
  11. cartography/intel/aws/identitycenter.py +71 -23
  12. cartography/intel/aws/kms.py +173 -201
  13. cartography/intel/aws/lambda_function.py +206 -190
  14. cartography/intel/aws/rds.py +335 -445
  15. cartography/intel/aws/resources.py +6 -0
  16. cartography/intel/aws/route53.py +336 -332
  17. cartography/intel/aws/s3.py +104 -0
  18. cartography/intel/github/__init__.py +21 -25
  19. cartography/intel/github/repos.py +4 -36
  20. cartography/intel/kubernetes/__init__.py +4 -0
  21. cartography/intel/kubernetes/rbac.py +464 -0
  22. cartography/intel/kubernetes/util.py +17 -0
  23. cartography/intel/trivy/__init__.py +73 -13
  24. cartography/intel/trivy/scanner.py +115 -92
  25. cartography/models/aws/cognito/__init__.py +0 -0
  26. cartography/models/aws/cognito/identity_pool.py +70 -0
  27. cartography/models/aws/cognito/user_pool.py +47 -0
  28. cartography/models/aws/ec2/security_groups.py +1 -1
  29. cartography/models/aws/ecs/services.py +17 -0
  30. cartography/models/aws/ecs/tasks.py +1 -0
  31. cartography/models/aws/eventbridge/__init__.py +0 -0
  32. cartography/models/aws/eventbridge/rule.py +77 -0
  33. cartography/models/aws/glue/__init__.py +0 -0
  34. cartography/models/aws/glue/connection.py +51 -0
  35. cartography/models/aws/glue/job.py +69 -0
  36. cartography/models/aws/identitycenter/awspermissionset.py +44 -0
  37. cartography/models/aws/kms/__init__.py +0 -0
  38. cartography/models/aws/kms/aliases.py +86 -0
  39. cartography/models/aws/kms/grants.py +65 -0
  40. cartography/models/aws/kms/keys.py +88 -0
  41. cartography/models/aws/lambda_function/__init__.py +0 -0
  42. cartography/models/aws/lambda_function/alias.py +74 -0
  43. cartography/models/aws/lambda_function/event_source_mapping.py +88 -0
  44. cartography/models/aws/lambda_function/lambda_function.py +89 -0
  45. cartography/models/aws/lambda_function/layer.py +72 -0
  46. cartography/models/aws/rds/__init__.py +0 -0
  47. cartography/models/aws/rds/cluster.py +89 -0
  48. cartography/models/aws/rds/event_subscription.py +146 -0
  49. cartography/models/aws/rds/instance.py +154 -0
  50. cartography/models/aws/rds/snapshot.py +108 -0
  51. cartography/models/aws/rds/subnet_group.py +101 -0
  52. cartography/models/aws/route53/__init__.py +0 -0
  53. cartography/models/aws/route53/dnsrecord.py +235 -0
  54. cartography/models/aws/route53/nameserver.py +63 -0
  55. cartography/models/aws/route53/subzone.py +40 -0
  56. cartography/models/aws/route53/zone.py +47 -0
  57. cartography/models/github/dependencies.py +1 -2
  58. cartography/models/kubernetes/clusterrolebindings.py +98 -0
  59. cartography/models/kubernetes/clusterroles.py +52 -0
  60. cartography/models/kubernetes/rolebindings.py +119 -0
  61. cartography/models/kubernetes/roles.py +76 -0
  62. cartography/models/kubernetes/serviceaccounts.py +77 -0
  63. cartography/models/snipeit/asset.py +1 -0
  64. cartography/util.py +8 -1
  65. {cartography-0.109.0rc1.dist-info → cartography-0.110.0.dist-info}/METADATA +3 -3
  66. {cartography-0.109.0rc1.dist-info → cartography-0.110.0.dist-info}/RECORD +71 -41
  67. cartography/data/jobs/cleanup/aws_dns_cleanup.json +0 -65
  68. cartography/data/jobs/cleanup/aws_import_identity_center_cleanup.json +0 -16
  69. cartography/data/jobs/cleanup/aws_import_lambda_cleanup.json +0 -50
  70. cartography/data/jobs/cleanup/aws_import_rds_clusters_cleanup.json +0 -23
  71. cartography/data/jobs/cleanup/aws_import_rds_instances_cleanup.json +0 -47
  72. cartography/data/jobs/cleanup/aws_import_rds_snapshots_cleanup.json +0 -23
  73. cartography/data/jobs/cleanup/aws_kms_details.json +0 -10
  74. /cartography/data/jobs/{analysis → scoped_analysis}/aws_s3acl_analysis.json +0 -0
  75. {cartography-0.109.0rc1.dist-info → cartography-0.110.0.dist-info}/WHEEL +0 -0
  76. {cartography-0.109.0rc1.dist-info → cartography-0.110.0.dist-info}/entry_points.txt +0 -0
  77. {cartography-0.109.0rc1.dist-info → cartography-0.110.0.dist-info}/licenses/LICENSE +0 -0
  78. {cartography-0.109.0rc1.dist-info → cartography-0.110.0.dist-info}/top_level.txt +0 -0
cartography/data/jobs/cleanup/aws_import_lambda_cleanup.json DELETED
@@ -1,50 +0,0 @@
1
- {
2
- "statements": [
3
- {
4
- "query": "MATCH (n:AWSLambdaFunctionAlias)<-[:KNOWN_AS]-(:AWSLambda)<-[:RESOURCE]-(:AWSAccount{id: $AWS_ID}) WHERE n.lastupdated <> $UPDATE_TAG WITH n LIMIT $LIMIT_SIZE DETACH DELETE (n)",
5
- "iterative": true,
6
- "iterationsize": 100
7
- },
8
- {
9
- "query": "MATCH (:AWSLambdaFunctionAlias)<-[r:KNOWN_AS]-(:AWSLambda)<-[:RESOURCE]-(:AWSAccount{id: $AWS_ID}) WHERE r.lastupdated <> $UPDATE_TAG WITH r LIMIT $LIMIT_SIZE DELETE (r)",
10
- "iterative": true,
11
- "iterationsize": 100
12
- },
13
- {
14
- "query": "MATCH (n:AWSLambdaEventSourceMapping)<-[:RESOURCE]-(:AWSLambda)<-[:RESOURCE]-(:AWSAccount{id: $AWS_ID}) WHERE n.lastupdated <> $UPDATE_TAG WITH n LIMIT $LIMIT_SIZE DETACH DELETE (n)",
15
- "iterative": true,
16
- "iterationsize": 100
17
- },
18
- {
19
- "query": "MATCH (:AWSLambdaEventSourceMapping)<-[r:RESOURCE]-(:AWSLambda)<-[:RESOURCE]-(:AWSAccount{id: $AWS_ID}) WHERE r.lastupdated <> $UPDATE_TAG WITH r LIMIT $LIMIT_SIZE DELETE (r)",
20
- "iterative": true,
21
- "iterationsize": 100
22
- },
23
- {
24
- "query": "MATCH (n:AWSLambdaLayer)<-[:HAS]-(:AWSLambda)<-[:RESOURCE]-(:AWSAccount{id: $AWS_ID}) WHERE n.lastupdated <> $UPDATE_TAG WITH n LIMIT $LIMIT_SIZE DETACH DELETE (n)",
25
- "iterative": true,
26
- "iterationsize": 100
27
- },
28
- {
29
- "query": "MATCH (:AWSLambdaLayer)<-[r:HAS]-(:AWSLambda)<-[:RESOURCE]-(:AWSAccount{id: $AWS_ID}) WHERE r.lastupdated <> $UPDATE_TAG WITH r LIMIT $LIMIT_SIZE DELETE (r)",
30
- "iterative": true,
31
- "iterationsize": 100
32
- },
33
- {
34
- "query": "MATCH (:AWSAccount{id: $AWS_ID})-[:RESOURCE]->(:AWSLambda)-[r:STS_ASSUMEROLE_ALLOW]->(:AWSPrincipal) WHERE r.lastupdated <> $UPDATE_TAG WITH r LIMIT $LIMIT_SIZE DELETE r",
35
- "iterative": true,
36
- "iterationsize": 100
37
- },
38
- {
39
- "query": "MATCH (:AWSAccount{id: $AWS_ID})-[:RESOURCE]->(n:AWSLambda) WHERE n.lastupdated <> $UPDATE_TAG WITH n LIMIT $LIMIT_SIZE DETACH DELETE (n)",
40
- "iterative": true,
41
- "iterationsize": 100
42
- },
43
- {
44
- "query": "MATCH (:AWSAccount{id: $AWS_ID})-[r:RESOURCE]->(:AWSLambda) WHERE r.lastupdated <> $UPDATE_TAG WITH r LIMIT $LIMIT_SIZE DELETE (r)",
45
- "iterative": true,
46
- "iterationsize": 100
47
- }
48
- ],
49
- "name": "cleanup AWSLambda"
50
- }
cartography/data/jobs/cleanup/aws_import_rds_clusters_cleanup.json DELETED
@@ -1,23 +0,0 @@
1
- {
2
- "statements": [
3
- {
4
- "query": "MATCH (n:RDSCluster)<-[:RESOURCE]-(:AWSAccount{id: $AWS_ID}) WHERE n.lastupdated <> $UPDATE_TAG WITH n LIMIT $LIMIT_SIZE DETACH DELETE (n)",
5
- "iterative": true,
6
- "iterationsize": 100,
7
- "__comment__": "Delete RDS clusters that no longer exist and DETACH them from all nodes they were previously connected to."
8
- },
9
- {
10
- "query": "MATCH (:RDSCluster)<-[r:RESOURCE]-(:AWSAccount{id: $AWS_ID}) WHERE r.lastupdated <> $UPDATE_TAG WITH r LIMIT $LIMIT_SIZE DELETE (r)",
11
- "iterative": true,
12
- "iterationsize": 100,
13
- "__comment__": "If an RDS cluster still exists but is no longer associated with its old AWS Account, delete the relationship between them."
14
- },
15
- {
16
- "query": "MATCH (:RDSCluster)<-[r:IS_CLUSTER_MEMBER_OF]-(:RDSInstance)<-[:RESOURCE]-(:AWSAccount{id: $AWS_ID}) WHERE r.lastupdated <> $UPDATE_TAG WITH r LIMIT $LIMIT_SIZE DELETE (r)",
17
- "iterative": true,
18
- "iterationsize": 100,
19
- "__comment__": "If an RDS instance still exists and is no longer a member of an RDS cluster, delete the relationship between them."
20
- }
21
- ],
22
- "name": "cleanup RDSCluster"
23
- }
cartography/data/jobs/cleanup/aws_import_rds_instances_cleanup.json DELETED
@@ -1,47 +0,0 @@
1
- {
2
- "statements": [
3
- {
4
- "query": "MATCH (sng:DBSubnetGroup)<-[:MEMBER_OF_DB_SUBNET_GROUP]-(:RDSInstance)<-[:RESOURCE]-(:AWSAccount{id: $AWS_ID}) WHERE sng.lastupdated <> $UPDATE_TAG WITH sng LIMIT $LIMIT_SIZE DETACH DELETE (sng)",
5
- "iterative": true,
6
- "iterationsize": 100,
7
- "__comment__": "Delete DBSubnetGroups that no longer exist and DETACH them from their RDS instances."
8
- },
9
- {
10
- "query": "MATCH (:DBSubnetGroup)<-[r:MEMBER_OF_DB_SUBNET_GROUP]-(:RDSInstance)<-[:RESOURCE]-(:AWSAccount{id: $AWS_ID}) WHERE r.lastupdated <> $UPDATE_TAG WITH r LIMIT $LIMIT_SIZE DELETE (r)",
11
- "iterative": true,
12
- "iterationsize": 100,
13
- "__comment__": "Delete the link between orphaned DB Subnet Groups and their RDS Instances."
14
- },
15
- {
16
- "query": "MATCH (:EC2Subnet)<-[r:RESOURCE]-(:DBSubnetGroup)<-[:MEMBER_OF_DB_SUBNET_GROUP]-(:RDSInstance)<-[:RESOURCE]-(:AWSAccount{id: $AWS_ID}) WHERE r.lastupdated <> $UPDATE_TAG WITH r LIMIT $LIMIT_SIZE DELETE (r)",
17
- "iterative": true,
18
- "iterationsize": 100,
19
- "__comment__": "Delete the link between orphaned DB Subnet Groups and their EC2 Subnets."
20
- },
21
- {
22
- "query": "MATCH (n:RDSInstance)<-[:RESOURCE]-(:AWSAccount{id: $AWS_ID}) WHERE n.lastupdated <> $UPDATE_TAG WITH n LIMIT $LIMIT_SIZE DETACH DELETE (n)",
23
- "iterative": true,
24
- "iterationsize": 100,
25
- "__comment__": "Delete RDS instances that no longer exist and DETACH them from all nodes they were previously connected to."
26
- },
27
- {
28
- "query": "MATCH (:RDSInstance)<-[r:RESOURCE]-(:AWSAccount{id: $AWS_ID}) WHERE r.lastupdated <> $UPDATE_TAG WITH r LIMIT $LIMIT_SIZE DELETE (r)",
29
- "iterative": true,
30
- "iterationsize": 100,
31
- "__comment__": "If an RDS instance still exists but is no longer associated with its old AWS Account, delete the relationship between them."
32
- },
33
- {
34
- "query": "MATCH (:EC2SecurityGroup)<-[r:MEMBER_OF_EC2_SECURITY_GROUP]-(:RDSInstance)<-[:RESOURCE]-(:AWSAccount{id: $AWS_ID}) WHERE r.lastupdated <> $UPDATE_TAG WITH r LIMIT $LIMIT_SIZE DELETE (r)",
35
- "iterative": true,
36
- "iterationsize": 100,
37
- "__comment__": "If an RDS instance still exists and is no longer a part of its old EC2SecurityGroup, delete the relationship between them."
38
- },
39
- {
40
- "query": "MATCH (:RDSInstance)<-[r:IS_READ_REPLICA_OF]-(:RDSInstance)<-[:RESOURCE]-(:AWSAccount{id: $AWS_ID}) WHERE r.lastupdated <> $UPDATE_TAG WITH r LIMIT $LIMIT_SIZE DELETE (r)",
41
- "iterative": true,
42
- "iterationsize": 100,
43
- "__comment__": "If an RDS instance still exists and is no longer a read replica of another RDS instance, delete the relationship between them."
44
- }
45
- ],
46
- "name": "cleanup RDSInstance"
47
- }
cartography/data/jobs/cleanup/aws_import_rds_snapshots_cleanup.json DELETED
@@ -1,23 +0,0 @@
1
- {
2
- "statements": [
3
- {
4
- "query": "MATCH (n:RDSSnapshot)<-[:RESOURCE]-(:AWSAccount{id: $AWS_ID}) WHERE n.lastupdated <> $UPDATE_TAG WITH n LIMIT $LIMIT_SIZE DETACH DELETE (n)",
5
- "iterative": true,
6
- "iterationsize": 100,
7
- "__comment__": "Delete RDS snapshots that no longer exist and DETACH them from all nodes they were previously connected to."
8
- },
9
- {
10
- "query": "MATCH (:RDSSnapshot)<-[r:RESOURCE]-(:AWSAccount{id: $AWS_ID}) WHERE r.lastupdated <> $UPDATE_TAG WITH r LIMIT $LIMIT_SIZE DELETE (r)",
11
- "iterative": true,
12
- "iterationsize": 100,
13
- "__comment__": "If an RDS snapshot still exists but is no longer associated with its old AWS Account, delete the relationship between them."
14
- },
15
- {
16
- "query": "MATCH (:RDSInstance)<-[r:IS_SNAPSHOT_SOURCE]-(:RDSSnapshot)<-[:RESOURCE]-(:AWSAccount{id: $AWS_ID}) WHERE r.lastupdated <> $UPDATE_TAG WITH r LIMIT $LIMIT_SIZE DELETE (r)",
17
- "iterative": true,
18
- "iterationsize": 100,
19
- "__comment__": "If an RDS snapshot still exists and is no longer a member of an RDS instance, delete the relationship between them."
20
- }
21
- ],
22
- "name": "cleanup RDSSnapshot"
23
- }
cartography/data/jobs/cleanup/aws_kms_details.json DELETED
@@ -1,10 +0,0 @@
1
- {
2
- "statements": [
3
- {
4
- "query": "MATCH (:AWSAccount{id: $AWS_ID})-[:RESOURCE]->(s:KMSKey) WHERE s.anonymous_access IS NOT NULL\n WITH s LIMIT $LIMIT_SIZE\nREMOVE s.anonymous_access, s.anonymous_actions",
5
- "iterative": true,
6
- "iterationsize": 100
7
- }
8
- ],
9
- "name": "AWS KMS Key Exposure Details"
10
- }