Skip to content

Commit

Permalink
Merge pull request #152 from kuettai/main
Browse files Browse the repository at this point in the history
Bug Fixes, Visual Improvement, Performance Improvement, and WATools integration
  • Loading branch information
kuettai authored Oct 24, 2024
2 parents 9c1bcb9 + ba84bb3 commit 3d55ed3
Show file tree
Hide file tree
Showing 33 changed files with 710 additions and 149 deletions.
20 changes: 18 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -59,9 +59,14 @@ When running Service Screener, you will need to specify the regions and services

We recommend running it in all regions where you have deployed workloads in. Adjust the code samples below to suit your needs then copy and paste it into Cloudshell to run Service Screener.

**Example 1: Run in the Singapore region, check all services**
**Example 1: (Recommended) Run in the Singapore region, check all services with beta features enabled**
```
screener --regions ap-southeast-1
screener --regions ap-southeast-1 --beta 1
```

**Example 1a: Run in the Singapore region, check all services on stable releases**
```
screener --regions ap-southeast-1
```

**Example 2: Run in the Singapore region, check only Amazon S3**
Expand Down Expand Up @@ -89,6 +94,7 @@ screener --regions ap-southeast-1 --tags env=prod%department=hr,coe
screener --regions ALL
```


### Other parameters
```bash
##mode
Expand All @@ -97,6 +103,16 @@ screener --regions ALL
# api-full: give full results in JSON format
# api-raw: raw findings
# report: generate default web html

##others
# AWS Partner used, migration evaluation id
--others '{"mpe": {"id": "aaaa-1111-cccc"}}'

# To override default Well Architected Tools integration parameter
--others '{"WA": {"region": "ap-southeast-1", "reportName":"SS_Report", "newMileStone":0}}'

# you can combine both
--others '{"WA": {"region": "ap-southeast-1", "reportName":"SS_Report", "newMileStone":0}, "mpe": {"id": "aaaa-1111-cccc"}}'
```
<details>
<summary>Get Report Walkthrough</summary>
Expand Down
2 changes: 1 addition & 1 deletion Screener.py
Original file line number Diff line number Diff line change
Expand Up @@ -170,7 +170,7 @@ def getServicePagebuilderDynamically(service):


@staticmethod
def generateScreenerOutput(runmode, contexts, hasGlobal, regions, uploadToS3, bucket):
def generateScreenerOutput(runmode, contexts, hasGlobal, regions, uploadToS3):
htmlFolder = Config.get('HTML_ACCOUNT_FOLDER_FULLPATH')
if not os.path.exists(htmlFolder):
os.makedirs(htmlFolder)
Expand Down
9 changes: 9 additions & 0 deletions frameworks/Framework.py
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,12 @@ def getMetaData(self):
# To be overwrite if needed
def _hookGenerateMetaData(self):
pass

def _hookPostItemActivity(self, title, section, checks, comp):
return title, section, checks, comp

def _hookPostItemsLoop(self):
pass

# ['Main', 'ARC-003', 0, '[iam,rootMfaActive] Root ID, Admin<br>[iam.passwordPolicy] sss', 'Link 1<br>Link2']
def generateMappingInformation(self):
Expand Down Expand Up @@ -70,6 +76,8 @@ def generateMappingInformation(self):
pre.append(tmp)

checks, links, comp = self.formatCheckAndLinks(pre)

title, section, checks, comp = self._hookPostItemActivity(title, section, checks, comp)

outp.append([title, section, comp, checks, links])
pos = comp
Expand All @@ -78,6 +86,7 @@ def generateMappingInformation(self):

summ[title][pos] += 1

self._hookPostItemsLoop()
self.stats = summ
return outp

Expand Down
89 changes: 81 additions & 8 deletions frameworks/WAFS/WAFS.py
Original file line number Diff line number Diff line change
@@ -1,17 +1,90 @@
import json
import json, re

import constants as _C
from utils.Config import Config
from utils.Tools import _warn, _info
from frameworks.Framework import Framework
from frameworks.helper.WATools import WATools

class WAFS(Framework):
WATools = None
ResultCache = {}
isBeta = False
def __init__(self, data):
super().__init__(data)
self.isBeta = Config.get('beta', False)

if self.isBeta == False:
return

waTools = WATools('security')
cliParams = Config.get('_SS_PARAMS')

tmpParams = {}
if 'others' in cliParams and not cliParams['others'] == None:
params = cliParams['others']
cfg = json.loads(params)

if 'WA' in cfg:
tmpParams = cfg['WA']

if waTools.preCheck(tmpParams):
self.WATools = waTools
self.WATools.init(tmpParams)
self.WATools.createReportIfNotExists()
self.WATools.listAnswers()
# print(self.WATools.answerSets)


def _hookPostItemActivity(self, title, section, checks, comp):
if self.WATools == None or self.WATools.HASPERMISSION == False:
return title, section, checks, comp

titleNum = self.extractNumber(title)
sectNum = self.extractNumber(section)

paired = "{}::{}".format(titleNum, sectNum)

newChecks = "<h4>{}</h4>{}".format(self.getDescription(titleNum, paired), checks)

titleKey = self.WATools.answerSets.get(titleNum, [None])[0]
if not titleKey in self.ResultCache:
self.ResultCache[titleKey] = {
"0": [],
"1": [],
"-1": []
}

if not titleKey == None:
if comp == 1:
self.ResultCache[titleKey]["1"].append(self.WATools.answerSets.get(paired, [None])[0])
elif comp == -1:
self.ResultCache[titleKey]["-1"].append(self.WATools.answerSets.get(paired, [None, None])[1])
else:
self.ResultCache[titleKey]["0"].append(self.WATools.answerSets.get(paired, [None])[0])

return title, section, newChecks, comp

def _hookPostItemsLoop(self):
if self.WATools == None or self.WATools.HASPERMISSION == False:
return

for title, opts in self.ResultCache.items():
if len(opts["1"]) == 0 and len(opts["-1"]) == 0:
continue

ansStr = opts["1"]
unselectedNotes = "***Generated by SS\n\nHere are the items failed SS checks (if any):\n- {}".format("\n- ".join(opts["-1"]))

self.WATools.updateAnswers(title, ansStr, unselectedNotes)

pass

def extractNumber(self, s):
match = re.search(r'\d+', s)
return match.group() if match else None

if __name__ == "__main__":
data = json.loads(open(_C.FRAMEWORK_DIR + '/api.json').read())
# print(data)
o = WARS(data)
o.readFile()
# o.obj()
o.generateMappingInformation()
def getDescription(self, titleNum, paired):
titleStr = self.WATools.answerSets.get(titleNum, [None])[1]
sectStr = self.WATools.answerSets.get(paired, [None])[1]
return f"{titleStr} - {sectStr}"
6 changes: 3 additions & 3 deletions frameworks/WAFS/map.json
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,10 @@
"mapping": {
"SEC01": {
"BP01": ["iam.hasOrganization"],
"BP02": ["iam.rootMfaActive", "iam.hasAlternateContact", "iam.rootHasAccessKey", "iam.rootConsoleLogin30days", "iam.passwordPolicy", "iam.enableGuardDuty"],
"BP02": ["iam.rootMfaActive", "iam.hasAlternateContact", "iam.rootHasAccessKey", "iam.rootConsoleLogin30days", "iam.passwordPolicy", "iam.enableGuardDuty", "iam.rootConsoleLogin30days"],
"BP03": ["iam.mfaActive", "iam.passwordPolicyWeak", "iam.passwordLastChange90", "iam.hasAccessKeyNoRotate30days"],
"BP04": ["iam.enableGuardDuty"],
"BP05": [],
"BP05": ["lambda.$length", "rds.$length", "ecs.$length", "eks.$length", "dynamodb.$length", "elasticache.$length"],
"BP06": [],
"BP07": [],
"BP08": []
Expand Down Expand Up @@ -52,7 +52,7 @@
"SEC06":{
"BP01": [],
"BP02": [],
"BP03": ["lambda.$length", "rds.$length", "ecs.$length", "eks.$length", "dynamodb.$length", "elasticache.$length"],
"BP03": [],
"BP04": [],
"BP05": [],
"BP06": []
Expand Down
Loading

0 comments on commit 3d55ed3

Please sign in to comment.