Skip to content

Commit

Permalink
Fix Bugs and Add more dashboards (#118)
Browse files Browse the repository at this point in the history 
* lint

* git-fix

* git-fix

* git-fix
  • Loading branch information
@gabrielsoltz
gabrielsoltz committed May 30, 2024
1 parent a78cb6b commit ba1d868
Show file tree
Hide file tree
Showing 9 changed files with 437 additions and 82 deletions.
2 changes: 1 addition & 1 deletion lib/context/resources/AwsEc2Instance.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,7 @@ def _describe_instance_security_groups(self):
def _describe_instance_autoscaling_group(self):
autoscaling_group = {}
if self.instance:
tags = self.instance.get("Tags")
tags = self.instance.get("Tags", [])
for tag in tags:
if tag.get("Key") == "aws:autoscaling:groupName":
asg_name = tag.get("Value")
Expand Down
18 changes: 13 additions & 5 deletions lib/context/resources/AwsElbLoadBalancer.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,11 +34,19 @@ def parse_finding(self, finding, drilled):
self.account = finding["AwsAccountId"]
self.partition = finding["Resources"][0]["Id"].split(":")[1]
self.resource_type = finding["Resources"][0]["Type"]
self.resource_id = (
finding["Resources"][0]["Id"].split("/")[-1]
if not drilled
else drilled.split("/")[-11]
)
if not drilled:
if (
"app" in finding["Resources"][0]["Id"]
or "net" in finding["Resources"][0]["Id"]
):
self.resource_id = finding["Resources"][0]["Id"].split("/")[-2]
else:
self.resource_id = finding["Resources"][0]["Id"].split("/")[-1]
else:
if "app" in drilled or "net" in drilled:
self.resource_id = drilled.split("/")[-2]
else:
self.resource_id = drilled.split("/")[-1]
self.resource_arn = finding["Resources"][0]["Id"] if not drilled else drilled

# Describe function
Expand Down
116 changes: 73 additions & 43 deletions lib/outputs.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,21 +109,27 @@ def generate_output_csv(self):
for finding in values["findings"]:
for f, v in finding.items():
tag_column_values = [
values.get("tags", {}).get(column, "")
if values.get("tags")
else ""
(
values.get("tags", {}).get(column, "")
if values.get("tags")
else ""
)
for column in self.__tag_columns
]
config_column_values = [
values.get("config", {}).get(column, "")
if values.get("config")
else ""
(
values.get("config", {}).get(column, "")
if values.get("config")
else ""
)
for column in self.__config_columns
]
account_column_values = [
values.get("account", {}).get(column, "")
if values.get("account")
else ""
(
values.get("account", {}).get(column, "")
if values.get("account")
else ""
)
for column in self.__account_columns
]
impact_column_values = [
Expand Down Expand Up @@ -206,21 +212,27 @@ def generate_output_xlsx(self):
else:
worksheet.write(current_line, 1, severity, low_format)
tag_column_values = [
values.get("tags", {}).get(column, "")
if values.get("tags")
else ""
(
values.get("tags", {}).get(column, "")
if values.get("tags")
else ""
)
for column in self.__tag_columns
]
config_column_values = [
values.get("config", {}).get(column, "")
if values.get("config")
else ""
(
values.get("config", {}).get(column, "")
if values.get("config")
else ""
)
for column in self.__config_columns
]
account_column_values = [
values.get("account", {}).get(column, "")
if values.get("account")
else ""
(
values.get("account", {}).get(column, "")
if values.get("account")
else ""
)
for column in self.__account_columns
]
impact_column_values = [
Expand Down Expand Up @@ -444,37 +456,55 @@ def create_table(cursor, table_definition):
resource_findings_medium = findings["findings"]["MEDIUM"]
resource_findings_low = findings["findings"]["LOW"]
resource_findings_informational = findings["findings"]["INFORMATIONAL"]
account_alias = data.get("account", {})["Alias"]
account_organization = data.get("account", {}).get("Organizations", {})
if account_organization:
account_organization_id = account_organization.get("Id")
account_organization_arn = account_organization.get("Arn")
account_master_account_id = account_organization.get("MasterAccountId")
account_master_account_email = account_organization.get(
"MasterAccountEmail"
if data.get("account", {}):
account_alias = data.get("account", {})["Alias"]
account_organization = data.get("account", {}).get("Organizations", {})
if account_organization:
account_organization_id = account_organization.get("Id")
account_organization_arn = account_organization.get("Arn")
account_master_account_id = account_organization.get(
"MasterAccountId"
)
account_master_account_email = account_organization.get(
"MasterAccountEmail"
)
else:
account_organization_id = ""
account_organization_arn = ""
account_master_account_id = ""
account_master_account_email = ""
account_alternate_contact_type = (
data.get("account", {})
.get("AlternateContact", {})
.get("AlternateContactType")
)
account_alternate_contact_name = (
data.get("account", {}).get("AlternateContact", {}).get("Name")
)
account_alternate_contact_email = (
data.get("account", {})
.get("AlternateContact", {})
.get("EmailAddress")
)
account_alternate_contact_phone = (
data.get("account", {})
.get("AlternateContact", {})
.get("PhoneNumber")
)
account_alternate_contact_title = (
data.get("account", {}).get("AlternateContact", {}).get("Title")
)
else:
account_alias = ""
account_organization_id = ""
account_organization_arn = ""
account_master_account_id = ""
account_master_account_email = ""
account_alternate_contact_type = (
data.get("account", {})
.get("AlternateContact", {})
.get("AlternateContactType")
)
account_alternate_contact_name = (
data.get("account", {}).get("AlternateContact", {}).get("Name")
)
account_alternate_contact_email = (
data.get("account", {}).get("AlternateContact", {}).get("EmailAddress")
)
account_alternate_contact_phone = (
data.get("account", {}).get("AlternateContact", {}).get("PhoneNumber")
)
account_alternate_contact_title = (
data.get("account", {}).get("AlternateContact", {}).get("Title")
)
account_alternate_contact_type = ""
account_alternate_contact_name = ""
account_alternate_contact_email = ""
account_alternate_contact_phone = ""
account_alternate_contact_title = ""
cursor.execute(
INSERT_RESOURCES,
(
Expand Down
38 changes: 27 additions & 11 deletions lib/securityhub.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -189,17 +189,33 @@ def update_findings_meta(self, mh_findings):

def parse_finding(finding):
"""Returns resource ARN and finding parsed for it"""
findings = {
finding["Title"]: {
"SeverityLabel": finding.get("Severity").get("Label", "Unknown"),
"Workflow": finding.get("Workflow", {"Status": "Unknown"}),
"RecordState": finding.get("RecordState", "Unknown"),
"Compliance": finding.get("Compliance", {"Status": "Unknown"}),
"Id": finding.get("Id", "Unknown"),
"ProductArn": finding.get("ProductArn", "Unknown"),
},
}
return finding["Resources"][0]["Id"], findings
# ASFF Finding:
if "Title" in finding:
resource_arn = finding["Resources"][0]["Id"]
findings = {
finding["Title"]: {
"SeverityLabel": finding.get("Severity").get("Label", "Unknown"),
"Workflow": finding.get("Workflow", {"Status": "Unknown"}),
"RecordState": finding.get("RecordState", "Unknown"),
"Compliance": finding.get("Compliance", {"Status": "Unknown"}),
"Id": finding.get("Id", "Unknown"),
"ProductArn": finding.get("ProductArn", "Unknown"),
},
}
# OSCF Finding:
if "metadata" in finding:
resource_arn = finding.get("resources", {})[0].get("uid")
findings = {
finding.get("finding_info").get("title"): {
"SeverityLabel": finding.get("severity", "Unknown"),
"Workflow": {"Status": finding.get("status", "Unknown")},
"RecordState": "Unknown",
"Compliance": {"Status": finding.get("status_code", "Unknown")},
"Id": finding.get("finding_info").get("uid", "Unknown"),
"ProductArn": finding.get("finding_info").get("product_uid", "Unknown"),
},
}
return resource_arn, findings


def parse_region(resource_arn, finding):
Expand Down
159 changes: 159 additions & 0 deletions powerpipe/access.pp
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,159 @@
dashboard "access" {
text {
value = "## MetaHub: [Resources](${var.host}/metahub.dashboard.resources) | [Findings](${var.host}/metahub.dashboard.findings) | [Accounts](${var.host}/metahub.dashboard.accounts) | Access | [Exposure](${var.host}/metahub.dashboard.exposure)"
}

container {
card {
query = query.count_access
width = 3
args = {
access = "unrestricted"
}
href = "/metahub.dashboard.access?input.access=unrestricted"
}
card {
query = query.count_access
width = 3
args = {
access = "untrusted-principal"
}
href = "/metahub.dashboard.access?input.access=untrusted-principal"
}
card {
query = query.count_access
width = 3
args = {
access = "unrestricted-principal"
}
href = "/metahub.dashboard.access?input.access=unrestricted-principal"
}
card {
query = query.count_access
width = 3
args = {
access = "cross-account-principal"
}
href = "/metahub.dashboard.access?input.access=cross-account-principal"
}
card {
query = query.count_access
width = 3
args = {
access = "unrestricted-actions"
}
href = "/metahub.dashboard.access?input.access=unrestricted-actions"
}
card {
query = query.count_access
width = 3
args = {
access = "dangerous-actions"
}
href = "/metahub.dashboard.access?input.access=dangerous-actions"
}
card {
query = query.count_access
width = 2
args = {
access = "unrestricted-service"
}
href = "/metahub.dashboard.access?input.access=unrestricted-service"
}
card {
query = query.count_access
width = 2
args = {
access = "restricted"
}
href = "/metahub.dashboard.access?input.access=restricted"
}
card {
query = query.count_access
width = 2
type = "ok"
args = {
access = "unknown"
}
href = "/metahub.dashboard.access?input.access=unknown"
}
}

container {
input "exposure" {
base = metahub.input.exposure
}

input "access" {
base = metahub.input.access
}

input "encryption" {
base = metahub.input.encryption
}

input "status" {
base = metahub.input.status
}

input "severity" {
base = metahub.input.severity
}

input "environment" {
base = metahub.input.environment
}
}

container {
input "owner" {
base = metahub.input.owner
}

input "application" {
base = metahub.input.application
}

input "account" {
base = metahub.input.account
}

input "type" {
base = metahub.input.type
}

input "region" {
base = metahub.input.region
}

input "tags" {
base = metahub.input.tags
}
}

container {
table {
query = query.resources
args = {
exposure = self.input.exposure.value
access = self.input.access.value
encryption = self.input.encryption.value
status = self.input.status.value
severity = self.input.severity.value
environment = self.input.environment.value
owner = self.input.owner.value
application = self.input.application.value
account = self.input.account.value
type = self.input.type.value
region = self.input.region.value
tags = self.input.tags.value
}
column "name" {
href = "${dashboard.findings.url_path}?input.resource_arn={{.'resource_arn' | @uri}}"
}
column "resource_arn" {
href = "${dashboard.findings.url_path}?input.resource_arn={{.'resource_arn' | @uri}}"
}
}
}
}

0 comments on commit ba1d868

Please sign in to comment.