roadrecon 1.6.1__py3-none-any.whl → 1.6.2__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {roadrecon-1.6.1.dist-info → roadrecon-1.6.2.dist-info}/METADATA +6 -2
- {roadrecon-1.6.1.dist-info → roadrecon-1.6.2.dist-info}/RECORD +10 -10
- {roadrecon-1.6.1.dist-info → roadrecon-1.6.2.dist-info}/WHEEL +1 -1
- roadtools/roadrecon/dist_gui/index.html +2 -2
- roadtools/roadrecon/dist_gui/main.85359eb82b074d01.js +1 -0
- roadtools/roadrecon/gather.py +10 -1
- roadtools/roadrecon/plugins/policies.py +10 -7
- roadtools/roadrecon/server.py +30 -2
- roadtools/roadrecon/dist_gui/main.007348bcb2c0fb0b.js +0 -1
- {roadrecon-1.6.1.dist-info → roadrecon-1.6.2.dist-info}/entry_points.txt +0 -0
- {roadrecon-1.6.1.dist-info → roadrecon-1.6.2.dist-info}/top_level.txt +0 -0
roadtools/roadrecon/gather.py
CHANGED
|
@@ -723,8 +723,17 @@ def main(args=None):
|
|
|
723
723
|
dburl = 'sqlite:///' + args.database
|
|
724
724
|
else:
|
|
725
725
|
dburl = args.database
|
|
726
|
+
try:
|
|
727
|
+
_, tokendata = Authentication.parse_accesstoken(token['accessToken'])
|
|
728
|
+
except KeyError:
|
|
729
|
+
print('No access token found in tokenfile')
|
|
730
|
+
return
|
|
731
|
+
if tokendata['aud'] not in ('https://graph.windows.net', 'https://graph.windows.net/', '00000002-0000-0000-c000-000000000000'):
|
|
732
|
+
print(f"Wrong token audience, got {tokendata['aud']} but expected https://graph.windows.net")
|
|
733
|
+
print("Make sure to request a token with -r https://graph.windows.net")
|
|
734
|
+
return
|
|
726
735
|
|
|
727
|
-
headers['Authorization'] =
|
|
736
|
+
headers['Authorization'] = f"Bearer {token['accessToken']}"
|
|
728
737
|
|
|
729
738
|
seconds = time.perf_counter()
|
|
730
739
|
loop = asyncio.get_event_loop()
|
|
@@ -231,20 +231,20 @@ class AccessPoliciesPlugin():
|
|
|
231
231
|
ot += ', '.join([escape(action) for action in clist])
|
|
232
232
|
else:
|
|
233
233
|
if 'All' in clist:
|
|
234
|
-
ot += 'All
|
|
234
|
+
ot += 'All resources'
|
|
235
235
|
break
|
|
236
236
|
if 'None' in clist:
|
|
237
237
|
ot += 'None'
|
|
238
238
|
break
|
|
239
239
|
if 'Office365' in clist:
|
|
240
|
-
ot += 'All Office 365 applications'
|
|
240
|
+
ot += 'All Office 365 applications '
|
|
241
241
|
if 'MicrosoftAdminPortals' in clist:
|
|
242
|
-
ot += 'All Microsoft Admin Portals'
|
|
242
|
+
ot += 'All Microsoft Admin Portals '
|
|
243
243
|
objects = self._get_application(clist)
|
|
244
244
|
if objects is not None:
|
|
245
245
|
if len(objects) > 0:
|
|
246
246
|
if ctype == 'Applications':
|
|
247
|
-
ot += '
|
|
247
|
+
ot += 'Resources: '
|
|
248
248
|
ot += ', '.join([escape(uobj.displayName) for uobj in objects])
|
|
249
249
|
return ot
|
|
250
250
|
|
|
@@ -521,9 +521,9 @@ class AccessPoliciesPlugin():
|
|
|
521
521
|
print(policy.objectId)
|
|
522
522
|
detail = json.loads(policy.policyDetail[0])
|
|
523
523
|
if detail['State'] == 'Reporting':
|
|
524
|
-
out['name'] += ' (<
|
|
524
|
+
out['name'] += ' (<i>Report only</i>)'
|
|
525
525
|
elif detail['State'] != 'Enabled':
|
|
526
|
-
out['name'] += ' (<
|
|
526
|
+
out['name'] += ' (<i>Disabled</i>)'
|
|
527
527
|
if should_print:
|
|
528
528
|
pp.pprint(detail)
|
|
529
529
|
try:
|
|
@@ -535,6 +535,7 @@ class AccessPoliciesPlugin():
|
|
|
535
535
|
print('Invalid policy - no conditions')
|
|
536
536
|
continue
|
|
537
537
|
out['who'] = self._parse_who(conditions)
|
|
538
|
+
out['status'] = escape(detail['State'])
|
|
538
539
|
out['applications'] = self._parse_application(conditions)
|
|
539
540
|
out['authflows'] = self._parse_authflows(conditions)
|
|
540
541
|
out['platforms'] = self._parse_platform(conditions)
|
|
@@ -612,7 +613,9 @@ class AccessPoliciesPlugin():
|
|
|
612
613
|
for out in ol:
|
|
613
614
|
table = '<thead><tr><td colspan="2">{0}</td></tr></thead><tbody>'.format(out['name'])
|
|
614
615
|
table += '<tr><td>Applies to</td><td>{0}</td></tr>'.format(out['who'])
|
|
615
|
-
|
|
616
|
+
if out['status'] != 'Enabled':
|
|
617
|
+
table += '<tr><td>Policy state</td><td>{0}</td></tr>'.format(out['status'])
|
|
618
|
+
table += '<tr><td>Resources</td><td>{0}</td></tr>'.format(out['applications'])
|
|
616
619
|
if out['platforms'] != '':
|
|
617
620
|
table += '<tr><td>On platforms</td><td>{0}</td></tr>'.format(out['platforms'])
|
|
618
621
|
if out['devices'] != '':
|
roadtools/roadrecon/server.py
CHANGED
|
@@ -507,9 +507,24 @@ def get_allroles():
|
|
|
507
507
|
'scopeNames': snames,
|
|
508
508
|
'scopeIds': sids
|
|
509
509
|
}
|
|
510
|
-
|
|
510
|
+
principalType, principal = resolve_objectid(assignment.principalId)
|
|
511
511
|
aobj['principal'] = principal
|
|
512
|
+
|
|
512
513
|
roleobj['assignments'].append(aobj)
|
|
514
|
+
if principalType == 'Group':
|
|
515
|
+
group = db.session.get(Group, assignment.principalId)
|
|
516
|
+
for member in group.memberUsers:
|
|
517
|
+
mp = users_schema.dump([member])[0]
|
|
518
|
+
mp['displayName'] = f"{principal['displayName']} member: {mp['displayName']}"
|
|
519
|
+
roleobj['assignments'].append({
|
|
520
|
+
'type': 'assignment',
|
|
521
|
+
'scope': assignment.resourceScopes,
|
|
522
|
+
'scopeTypes': stypes,
|
|
523
|
+
'scopeNames': snames,
|
|
524
|
+
'scopeIds': sids,
|
|
525
|
+
'principal': mp
|
|
526
|
+
})
|
|
527
|
+
|
|
513
528
|
for assignment in role.eligibleAssignments:
|
|
514
529
|
stypes, snames, sids = translate_rolescopes(assignment.resourceScopes)
|
|
515
530
|
aobj = {
|
|
@@ -519,9 +534,22 @@ def get_allroles():
|
|
|
519
534
|
'scopeNames': snames,
|
|
520
535
|
'scopeIds': sids
|
|
521
536
|
}
|
|
522
|
-
|
|
537
|
+
principalType, principal = resolve_objectid(assignment.principalId)
|
|
523
538
|
aobj['principal'] = principal
|
|
524
539
|
roleobj['assignments'].append(aobj)
|
|
540
|
+
if principalType == 'Group':
|
|
541
|
+
group = db.session.get(Group, assignment.principalId)
|
|
542
|
+
for member in group.memberUsers:
|
|
543
|
+
mp = users_schema.dump([member])[0]
|
|
544
|
+
mp['displayName'] = f"{principal['displayName']} member: {mp['displayName']}"
|
|
545
|
+
roleobj['assignments'].append({
|
|
546
|
+
'type': 'eligible',
|
|
547
|
+
'scope': assignment.resourceScopes,
|
|
548
|
+
'scopeTypes': stypes,
|
|
549
|
+
'scopeNames': snames,
|
|
550
|
+
'scopeIds': sids,
|
|
551
|
+
'principal': mp
|
|
552
|
+
})
|
|
525
553
|
allroles.append(roleobj)
|
|
526
554
|
return jsonify(allroles)
|
|
527
555
|
|