Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[aws][fix] Collect and connect Inspector resources properly #2253

Merged
merged 38 commits into from
Oct 30, 2024
Merged

[aws][fix] Collect and connect Inspector resources properly #2253

Show file tree
Hide file tree
Changes from 12 commits
Commits
Show all changes
38 commits
Select commit Hold shift + click to select a range
ebaae2d
feat: added collection template to the inspector resource
1101-1 Oct 11, 2024
d8a8142
fix: fixed properties to make it diff
1101-1 Oct 14, 2024
880c7ca
feat: added connect_in_graph to the inspector resources
1101-1 Oct 14, 2024
8f4c488
feat: added tags setting
1101-1 Oct 14, 2024
fe45367
Feat: added resource deletion and tagging/untagging
1101-1 Oct 14, 2024
0110bed
feat: added tests
1101-1 Oct 14, 2024
7ee7b76
revert changes
1101-1 Oct 14, 2024
4bebe89
fixed tests
1101-1 Oct 14, 2024
7d419bd
return function
1101-1 Oct 14, 2024
c4d3722
only keep inspector findings
aquamatthias Oct 15, 2024
8e7b871
feat: added fetching findings for the current account only
1101-1 Oct 15, 2024
4d31061
feat: added changes
1101-1 Oct 17, 2024
a45c222
Merge branch 'main' into km/aws_fix_inspector_collection
1101-1 Oct 17, 2024
a2e4cc1
feat: added provider link
1101-1 Oct 17, 2024
16b5e1c
feat: added more explicit connection
1101-1 Oct 17, 2024
08582f5
fix tests
1101-1 Oct 17, 2024
de35633
Merge branch 'main' into km/aws_fix_inspector_collection
1101-1 Oct 17, 2024
2d46f10
chore: added default case
1101-1 Oct 18, 2024
403a4c6
feat: improved findigs
1101-1 Oct 18, 2024
e50938e
feat: added new collection way for ec2, lambda and ecr
1101-1 Oct 18, 2024
6120e6b
feat: reimplement builder
1101-1 Oct 18, 2024
b6b0e65
feat: added tests and adjust collection
1101-1 Oct 18, 2024
b34bf6d
fixed test
1101-1 Oct 18, 2024
67eddd7
feat: deleted unknown severity
1101-1 Oct 21, 2024
09aca5d
feat: moved to the inspector class
1101-1 Oct 21, 2024
b33890f
feat: added speakable names
1101-1 Oct 21, 2024
dff0441
fix: fixed builder to pass dicationary correctly
1101-1 Oct 21, 2024
0c82504
chore: deleted unnecessary
1101-1 Oct 21, 2024
2186427
feat: reimplemented AssessmentKey
1101-1 Oct 29, 2024
4fd7166
Merge branch 'refs/heads/main' into km/aws_fix_inspector_collection
aquamatthias Oct 30, 2024
1958960
improve code
aquamatthias Oct 30, 2024
ff3f265
imports
aquamatthias Oct 30, 2024
998b9d5
add region as filter for ecr repository
aquamatthias Oct 30, 2024
e3289bd
remove unused properties
aquamatthias Oct 30, 2024
07ba4bb
remove unused import
aquamatthias Oct 30, 2024
2625f11
applied pylint hint
1101-1 Oct 30, 2024
f23af8d
feat: updated test
1101-1 Oct 30, 2024
742ec97
Merge branch 'main' into km/aws_fix_inspector_collection
1101-1 Oct 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions plugins/aws/fix_plugin_aws/collector.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@
backup,
bedrock,
scp,
inspector,
)
from fix_plugin_aws.resource.base import (
AwsAccount,
Expand Down Expand Up @@ -117,6 +118,7 @@
+ backup.resources
+ amazonq.resources
+ bedrock.resources
+ inspector.resources
)
all_resources: List[Type[AwsResource]] = global_resources + regional_resources

Expand Down
2 changes: 1 addition & 1 deletion plugins/aws/fix_plugin_aws/resource/backup.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -175,7 +175,7 @@ class AwsBackupProtectedResource(AwsResource):
}
api_spec: ClassVar[AwsApiSpec] = AwsApiSpec("backup", "list-protected-resources", "Results")
mapping: ClassVar[Dict[str, Bender]] = {
"id": S("ResourceArn") >> F(lambda arn: arn.rsplit("/")[1]),
"id": S("ResourceArn") >> F(AwsResource.id_from_arn),
"name": S("ResourceName"),
"resource_arn": S("ResourceArn"),
"resource_type": S("ResourceType"),
Expand Down
446 changes: 446 additions & 0 deletions plugins/aws/fix_plugin_aws/resource/inspector.py
View file
Open in desktop

Large diffs are not rendered by default.

4 changes: 2 additions & 2 deletions plugins/aws/test/collector_test.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,8 +34,8 @@ def count_kind(clazz: Type[AwsResource]) -> int:
# make sure all threads have been joined
assert len(threading.enumerate()) == 1
# ensure the correct number of nodes and edges
assert count_kind(AwsResource) == 261
assert len(account_collector.graph.edges) == 575
assert count_kind(AwsResource) == 262
assert len(account_collector.graph.edges) == 577
assert len(account_collector.graph.deferred_edges) == 2
for node in account_collector.graph.nodes:
if isinstance(node, AwsRegion):
Expand Down
237 changes: 237 additions & 0 deletions plugins/aws/test/resources/files/inspector2/list-findings__EQUALS_test.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,237 @@
{
"findings": [
{
"awsAccountId": "foo",
"codeVulnerabilityDetails": {
"cwes": [
"foo",
"foo",
"foo"
],
"detectorId": "foo",
"detectorName": "foo",
"detectorTags": [
"foo",
"foo",
"foo"
],
"filePath": {
"endLine": 123,
"fileName": "foo",
"filePath": "foo",
"startLine": 123
},
"referenceUrls": [
"foo",
"foo",
"foo"
],
"ruleId": "foo",
"sourceLambdaLayerArn": "foo"
},
"description": "foo",
"epss": {
"score": 1.234
},
"exploitAvailable": "NO",
"exploitabilityDetails": {
"lastKnownExploitAt": "2024-10-14T18:00:11Z"
},
"findingArn": "foo",
"firstObservedAt": "2024-10-14T18:00:11Z",
"fixAvailable": "NO",
"inspectorScore": 1.234,
"inspectorScoreDetails": {
"adjustedCvss": {
"adjustments": [
{
"metric": "foo",
"reason": "foo"
},
{
"metric": "foo",
"reason": "foo"
},
{
"metric": "foo",
"reason": "foo"
}
],
"cvssSource": "foo",
"score": 1.234,
"scoreSource": "foo",
"scoringVector": "foo",
"version": "foo"
}
},
"lastObservedAt": "2024-10-14T18:00:11Z",
"networkReachabilityDetails": {
"networkPath": {
"steps": [
{
"componentId": "foo",
"componentType": "foo"
},
{
"componentId": "foo",
"componentType": "foo"
},
{
"componentId": "foo",
"componentType": "foo"
}
]
},
"openPortRange": {
"begin": 123,
"end": 123
},
"protocol": "UDP"
},
"packageVulnerabilityDetails": {
"cvss": [
{
"baseScore": 1.234,
"scoringVector": "foo",
"source": "foo",
"version": "foo"
},
{
"baseScore": 1.234,
"scoringVector": "foo",
"source": "foo",
"version": "foo"
},
{
"baseScore": 1.234,
"scoringVector": "foo",
"source": "foo",
"version": "foo"
}
],
"referenceUrls": [
"foo",
"foo",
"foo"
],
"relatedVulnerabilities": [
"foo",
"foo",
"foo"
],
"source": "foo",
"sourceUrl": "https://example.com",
"vendorCreatedAt": "2024-10-14T18:00:11Z",
"vendorSeverity": "foo",
"vendorUpdatedAt": "2024-10-14T18:00:11Z",
"vulnerabilityId": "foo",
"vulnerablePackages": [
{
"arch": "foo",
"epoch": 123,
"filePath": "foo",
"fixedInVersion": "foo",
"name": "foo",
"packageManager": "CARGO",
"release": "foo",
"remediation": "foo",
"sourceLambdaLayerArn": "foo",
"sourceLayerHash": "foo",
"version": "foo"
}
]
},
"remediation": {
"recommendation": {
"Url": "https://example.com",
"text": "foo"
}
},
"resources": [
{
"details": {
"awsEc2Instance": {
"iamInstanceProfileArn": "foo",
"imageId": "foo",
"ipV4Addresses": [
"foo",
"foo",
"foo"
],
"ipV6Addresses": [
"foo",
"foo",
"foo"
],
"keyName": "foo",
"launchedAt": "2024-10-14T18:00:11Z",
"platform": "foo",
"subnetId": "foo",
"type": "foo",
"vpcId": "foo"
},
"awsEcrContainerImage": {
"architecture": "foo",
"author": "foo",
"imageHash": "foo",
"imageTags": [
"foo",
"foo",
"foo"
],
"platform": "foo",
"pushedAt": "2024-10-14T18:00:11Z",
"registry": "foo",
"repositoryName": "foo"
},
"awsLambdaFunction": {
"architectures": [
"ARM64",
"ARM64",
"ARM64"
],
"codeSha256": "foo",
"executionRoleArn": "foo",
"functionName": "foo",
"lastModifiedAt": "2024-10-14T18:00:11Z",
"layers": [
"foo",
"foo",
"foo"
],
"packageType": "ZIP",
"runtime": "NODEJS_12_X",
"version": "foo",
"vpcConfig": {
"securityGroupIds": [
"foo",
"foo",
"foo"
],
"subnetIds": [
"foo",
"foo",
"foo"
],
"vpcId": "foo"
}
}
},
"id": "foo",
"partition": "foo",
"region": "foo",
"tags": {
"0": "foo"
},
"type": "AWS_ECR_CONTAINER_IMAGE"
}
],
"severity": "LOW",
"status": "SUPPRESSED",
"title": "foo",
"type": "PACKAGE_VULNERABILITY",
"updatedAt": "2024-10-14T18:00:11Z"
}
],
"nextToken": "foo"
}
6 changes: 6 additions & 0 deletions plugins/aws/test/resources/inspector_test.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
from fix_plugin_aws.resource.inspector import AwsInspectorFinding
from test.resources import round_trip_for


def test_inspector_findings() -> None:
round_trip_for(AwsInspectorFinding)
14 changes: 12 additions & 2 deletions plugins/aws/tools/aws_model_gen.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -239,6 +239,8 @@ def process_shape_items(shape_items: List[Tuple[Any, Any]], prop_prefix: str, cl
elif isinstance(shape, StringShape):
return []
elif isinstance(shape, ListShape):
if isinstance(shape.member, StringShape):
return []
process_shape_items(shape.member.members.items(), prop_prefix, clazz_name)
else:
if getattr(shape, "members", None) is None:
Expand Down Expand Up @@ -280,7 +282,7 @@ def create_test_response(service: str, function: str, is_pascal: bool = False) -

def sample(shape: Shape) -> JsonElement:
if isinstance(shape, StringShape) and shape.enum:
return shape.enum[1]
return shape.enum[-1]
elif isinstance(shape, StringShape) and "8601" in shape.documentation:
return utc_str()
elif isinstance(shape, StringShape) and "URL" in shape.documentation:
Expand Down Expand Up @@ -983,12 +985,20 @@ def default_imports() -> str:
# prefix="Bedrock",
# )
],
"inspector2": [
# AwsFixModel(
# api_action="list-findings",
# result_property="findings",
# result_shape="ListFindingsResponse",
# prefix="InspectorV2",
# ),
],
}


if __name__ == "__main__":
"""print some test data"""
print(json.dumps(create_test_response("bedrock-agent", "get-knowledge-base"), indent=2))
# print(json.dumps(create_test_response("inspector2", "list-coverage"), indent=2))

"""print the class models"""
# print(default_imports())
Expand Down
Loading