Merge pull request #127 from Netflix/develop

Merge 0.3.5 to Master

dart/lib/component/itemdetails/itemdetails_component.dart

@@ -63,11 +63,13 @@ class ItemDetailsComponent implements ScopeAware { // extends ShadowRootAware
 
     int _rev_index = 0;
     void loadMore() {
+      if (item != null) {
         List revisions = item.revisions;
-        print("Inside loadMore. $_rev_index of ${revisions.length}");
+        //print("Inside loadMore. $_rev_index of ${revisions.length}");
         if (_rev_index < revisions.length) {
             displayed_revisions.add(revisions.elementAt(_rev_index++));
         }
+      }
     }
 
     get user => us.name;

dart/lib/component/revision/revision_component.dart

@@ -9,7 +9,6 @@ class RevisionComponent {
     UsernameService us;
     ObjectStore store;
     Revision revision;
-    bool show_diff = false;
 
     RevisionComponent(this.store, this.us);
 
@@ -43,22 +42,46 @@ class RevisionComponent {
         }
     }
 
-    void set_diff(bool new_diff) {
-        print("Setting diff to $new_diff");
-        if (new_diff) {
-            store.customQueryOne(Revision,
-                    new CustomRequestParams(
-                            method: "GET",
-                            url:"$API_HOST/revisions/$revision_id?compare=$compare_revision_id",
-                            withCredentials: true
-                            ))
-                   .then( (revision) {
-                this.revision = revision;
-                this.show_diff = true;
-            });
-        } else {
-            show_diff = false;
-        }
+    var minchars="5";
+
+    get minimized_policy {
+      if (revision != null) {
+        return revision.minimized(int.parse(minchars));
+      } else {
+        return null;
+      }
+    }
+
+    bool has_minimized_section() {
+      if (revision != null) {
+        return revision.has_minimized(int.parse(minchars));
+      } else {
+        return false;
+      }
+    }
+
+    bool has_expanded_section() {
+      if (revision != null) {
+        return revision.has_expanded();
+      } else {
+        return false;
+      }
+    }
+
+    var display_tab = 'current';
+    void select_tab(var new_tab) {
+      display_tab = new_tab;
+      if (new_tab == 'diff') {
+        store.customQueryOne(Revision,
+                new CustomRequestParams(
+                        method: "GET",
+                        url:"$API_HOST/revisions/$revision_id?compare=$compare_revision_id",
+                        withCredentials: true
+                        ))
+               .then( (revision) {
+            this.revision = revision;
+        });
+      }
     }
 
     get rev => revision;

dart/lib/component/revision/revision_component.html

@@ -9,20 +9,54 @@
   <div class="panel-body">
     <div class="col-md-3">
       <tabset vertical="true" type="'pills'">
-        <tab heading="Current" select="set_diff(false)"></tab>
-        <tab heading="Diff" select="set_diff(true)"></tab>
+        <tab heading="Current" select="select_tab('current')"></tab>
+        <tab disabled="!has_expanded_section()" heading="Expanded" select="select_tab('expanded')"></tab>
+        <tab disabled="!has_minimized_section()" heading="Minimized" select="select_tab('minimized')"></tab>
+        <tab heading="Diff" select="select_tab('diff')"></tab>
       </tabset>
     </div>
 
     <!-- Content -->
-    <div class="col-md-9" ng-switch="show_diff">
-      <div ng-switch-when="true" class="tab-pane" id="diff">
+    <div class="col-md-9" ng-switch="display_tab">
+      <div ng-switch-when="diff" class="tab-pane" id="diff">
         <span ng-if="hasDiffHtml()" ng-bind-html="rev.diff_html"></span>
         <span ng-if="!hasDiffHtml()">Diff Not Available.</span>
       </div>
-      <div ng-switch-when="false" class="tab-pane active" id="current">
+      <div ng-switch-when="current" class="tab-pane active" id="current">
         <pre><code class="json">{{rev.config}}</code></pre>
       </div>
+      <div ng-switch-when="expanded" class="tab-pane active" id="expanded">
+        <pre><code class="json">{{rev.expanded}}</code></pre>
+      </div>
+      <div ng-switch-when="minimized" class="tab-pane active" id="minimized">
+        <div class="form-group">
+          <label for="minchars" class="col-sm-4 control-label">
+            <b>Minimum # of Characters:</b>
+          </label>
+          <div class="col-sm-4">
+            <select ng-model="minchars" class="form-control" id="minchars">
+              <option>0</option>
+              <option>1</option>
+              <option>2</option>
+              <option>3</option>
+              <option>4</option>
+              <option>5</option>
+              <option>6</option>
+              <option>7</option>
+              <option>8</option>
+              <option>9</option>
+              <option>10</option>
+              <option>11</option>
+              <option>12</option>
+              <option>13</option>
+              <option>14</option>
+              <option>15</option>
+            </select>
+          </div>
+          <br/><br/>
+          <pre><code class="json">{{minimized_policy}}</code></pre>
+        </div>
+      </div>
     </div>
   </div>
 

dart/lib/model/Revision.dart

@@ -4,6 +4,7 @@ import 'dart:convert';
 import 'RevisionComment.dart';
 import 'Item.dart';
 import 'package:security_monkey/util/utils.dart' show localDateFromAPIDate;
+import 'package:aws_policy_expander_minimizer/aws_policy_expander_minimizer.dart';
 
 class Revision {
     int id;
@@ -14,9 +15,88 @@ class Revision {
     String diff_html;
     Item item;
     List<RevisionComment> comments;
+    Expander expander = new Expander();
+    Minimizer minimizer = new Minimizer();
+    var encoder = new JsonEncoder.withIndent("  ");
+    var _expanded = null;
+    var _minimized = null;
+    var _minchars = 5;
+
+    bool has_minimized(int minChars) {
+      if (_minimized == "exception") {
+        return false;
+      }
+
+      if (_minimized != null && _minchars == minChars) {
+        return true;
+      }
+
+      try {
+        _minimized = minimizer.minimizePolicies(_config, minChars);
+        return true;
+      } catch (_) {
+        _minimized = "exception";
+        return false;
+      }
+    }
+
+    dynamic minimized(int minChars) {
+      if (_minimized == "exception") {
+        return "exception";
+      }
+
+      if (_expanded != null && _minchars == minChars) {
+        return encoder.convert(_minimized);
+      }
+
+      try {
+        _minimized = minimizer.minimizePolicies(_config, minChars);
+        _minchars = minChars;
+        return encoder.convert(_minimized);
+      } catch (_) {
+        _minimized = "exception";
+        return config;
+      }
+    }
+
+    bool has_expanded() {
+      if (_expanded == "exception") {
+        return false;
+      }
+
+      if (_expanded != null) {
+        return true;
+      }
+
+      try {
+        _expanded = expander.expandPolicies(_config);
+        return true;
+      } catch (_) {
+        _expanded = "exception";
+        return false;
+      }
+    }
+
+    get expanded {
+      if (_expanded == "exception") {
+        return "exception";
+      }
+
+      if (_expanded != null) {
+        return encoder.convert(_expanded);
+      }
+
+      try {
+        _expanded = expander.expandPolicies(_config);
+        return encoder.convert(_expanded);
+      } catch (_) {
+        _expanded = "exception";
+        return config;
+      }
+    }
+
     var _config;
     get config {
-        var encoder = new JsonEncoder.withIndent("     ");
         return encoder.convert(_config);
     }
     set config(c) {

dart/pubspec.lock

@@ -12,11 +12,15 @@ packages:
   angular_ui:
     description: angular_ui
     source: hosted
-    version: "0.6.3"
+    version: "0.6.8"
   args:
     description: args
     source: hosted
     version: "0.12.2+3"
+  aws_policy_expander_minimizer:
+    description: aws_policy_expander_minimizer
+    source: hosted
+    version: "0.0.3"
   barback:
     description: barback
     source: hosted

dart/pubspec.yaml

@@ -1,16 +1,17 @@
 name: security_monkey
 description: An AWS Policy Monitoring and Alerting Tool
-version: 0.3.4
+version: 0.3.5
 dependencies:
   angular: ">=1.1.0 <2.0.0"
-  angular_ui: '0.6.3'
+  angular_ui: '0.6.8'
   hammock: '0.4.0'
   ng_infinite_scroll: '0.2.0'
   web_components: any
   browser: ">=0.10.0+2 <0.11.0"
   http_server: any
   code_transformers: ">=0.2.5"
   dart_to_js_script_rewriter: any
+  aws_policy_expander_minimizer: ">=0.0.3 <0.1.0"
 dev_dependencies:
   unittest: '0.11.0+2'
 transformers:

docs/api/index.rst

@@ -28,7 +28,7 @@ included, and users are free to add their own rules.
 
 		>>> import security_monkey
 		>>> security_monkey.__version__
-		u'0.3.4'
+		u'0.3.5'
 
 
 Class and method level definitions and documentation

docs/changelog.rst

@@ -2,6 +2,44 @@
 Changelog
 *********
 
+v0.3.5 (2015-03-28)
+===================
+- Adding policy minimizer & expander to the revision component
+- Adding tracking of instance profiles attached to a role
+- Adding marker/pagination code to redshift.describe_clusters()
+- Adding pagination to IAM User get_all_user_policies, get_all_access_keys, get_all_mfa_devices, get_all_signing_certs
+- Typo & minor corrections on postgres commands
+- CLI command to save your current configurations to a JSON file for backup
+- added a VPC watcher
+- Adding DHCP Options and Internet Gateways to the VPC Watcher
+- Adding a subnet watcher. Fixing the VPC watcher with deep_dict
+- Adding the vpc route_table watcher
+- Removing subnet remaining IP field until ephemeral section is merged in
+- Adding IAM Managed Policies
+- Typo & minor corrections on postgres commands in documentation
+- Adds ELBSecurityPolicy-2015-03. Moves export grade ciphers to their own section and alerts on FREAK vuln.
+- Provides context on refpol 2015-03 vs 2015-02.
+- Adding a Managed Policies Auditor
+- Added Manged Policy tracking to the IAM users, groups, and roles
+
+Summary of new watchers:
+- vpc
+-- DHCP Options
+-- Internet Gateways
+- subnet
+- routetable
+- managed policies
+
+Summary of new Auditors or audit checks:
+- managed policies
+- New reference policy 2015-03 for ELB listeners.
+- New alerts for FREAK vulnerable ciphers.
+
+Contributors:
+- markofu
+- monkeysecurity
+
+
 v0.3.4 (2015-2-19)
 ==================
 - Merged in a new AuditorSettings tab created by Qmando at Yelp enabling you to disable audit checks with per-account granularity.

docs/contributing.rst

@@ -53,7 +53,7 @@ Clone
     cd security_monkey
 
 SECURITY_MONKEY_SETTINGS
-  Set the environment variable in your current session that tells Flask where the conifguration file is located.::
+  Set the environment variable in your current session that tells Flask where the configuration file is located.::
 
     export SECURITY_MONKEY_SETTINGS=`pwd`/env-config/config-local.py
 
@@ -73,9 +73,10 @@ Postgres
 
   Create the database and users and set the timezone.::
 
-    psql -d postgres
+    psql -d postgres -h localhost
     CREATE DATABASE "securitymonkeydb";
     CREATE ROLE "securitymonkeyuser" LOGIN PASSWORD 'securitymonkeypass';
+    CREATE SCHEMA securitymonkeydb
     GRANT Usage, Create ON SCHEMA "securitymonkeydb" TO "securitymonkeyuser";
     set timezone to 'GMT';
     select now();
@@ -253,3 +254,4 @@ Additional resources
 - `Issue tracker <https://github.com/netflix/security_monkey/issues>`_
 
 - `GitHub documentation <https://help.github.com/>`_
+

manage.py

@@ -22,6 +22,7 @@
 from security_monkey.scheduler import run_change_reporter as sm_run_change_reporter
 from security_monkey.scheduler import find_changes as sm_find_changes
 from security_monkey.scheduler import audit_changes as sm_audit_changes
+from security_monkey.backup import backup_config_to_json as sm_backup_config_to_json
 
 manager = Manager(app)
 migrate = Migrate(app, db)
@@ -55,6 +56,14 @@ def audit_changes(accounts, monitors, send_report):
     sm_audit_changes(accounts, monitors, send_report)
 
 
+@manager.option('-a', '--accounts', dest='accounts', type=unicode, default=u'all')
+@manager.option('-m', '--monitors', dest='monitors', type=unicode, default=u'all')
+@manager.option('-o', '--outputfolder', dest='outputfolder', type=unicode, default=u'backups')
+def backup_config_to_json(accounts, monitors, outputfolder):
+    """Saves the most current item revisions to a json file."""
+    sm_backup_config_to_json(accounts, monitors, outputfolder)
+
+
 @manager.command
 def start_scheduler():
     """ starts the python scheduler to run the watchers and auditors"""