Merge pull request #51 from kmcquade/fix/GH-47-clarify-tab-description

Report description improvements to address #47. Version 0.1.4 bump
salesforce · May 26, 2020 · ec90710 · ec90710
2 parents 1fa7392 + ae100b9
commit ec90710
Show file tree

Hide file tree

Showing 9 changed files with 549 additions and 594 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,6 +3,9 @@
 ## Unreleased
 * Docker
 
+## 0.1.4 (2020-05-26)
+* Inline policies are now clearly mapped to their roles.
+
 ## 0.1.3 (2020-05-16)
 * Excel/CSV export capability
 * Table row selection capability

diff --git a/cloudsplaining/bin/version.py b/cloudsplaining/bin/version.py
@@ -1,2 +1,2 @@
 # pylint: disable=missing-module-docstring
-__version__ = "0.1.3"
+__version__ = "0.1.4"
diff --git a/cloudsplaining/output/templates/summary/aws-managed.html b/cloudsplaining/output/templates/summary/aws-managed.html
@@ -1,10 +1,8 @@
 <span class="badge badge-default"></span>
 <br>
 <p style="text-align: justify">
-  The following table shows a list of <a href="definition-aws-managed-policy">AWS-managed IAM Policies</a> that are currently used in the account.
-  <br>
-  <br>
-  If the policy contains IAM Actions - or combinations of actions - that fall under certain risk categories - <a href="#definition-infrastructure-modification">Infrastructure Modification</a>, <a href="#definition-privilege-escalation">Privilege Escalation</a>,  <a href="#definition-resource-exposure">Resource Exposure</a>, or <a href="#definition-data-exfiltration">Data Exfiltration</a> - then the number of occurrences per-policy and per-risk is included in the table.
+  The following table shows a list of <a href="definition-aws-managed-policy">AWS-managed IAM Policies</a> that (1) have findings and (2) are currently used in the account.
+  If the policy contains IAM Actions - or combinations of actions - that fall under certain risk categories - <a href="#definition-infrastructure-modification">Infrastructure Modification</a>, <a href="#definition-privilege-escalation">Privilege Escalation</a>,  <a href="#definition-resource-exposure">Resource Exposure</a>, or <a href="#definition-data-exfiltration">Data Exfiltration</a> - then the number of occurrences per-policy and per-risk is included in the table. <b>If there are no findings for a particular policy, or if the policy is not attached to any IAM Principals, then the policy is not included in the findings.</b>
   <br>
   <br>
   Each of the aforementioned attributes can be used to prioritize which risks to address first. For more information, see the <a href="#remediation-prioritization">Prioritization Guidance</a> and <a href="#triage-triaging-considerations">Triaging Considerations</a>. Consider using all of the Guidance criteria when reviewing this report as well.

diff --git a/cloudsplaining/output/templates/summary/customer-managed.html b/cloudsplaining/output/templates/summary/customer-managed.html
@@ -1,6 +1,6 @@
 <br>
 <p style="text-align: justify">
-  The following table shows a list of Customer created IAM Policies that are currently used in the account - both <a href="#definition-managed-policy">Managed Policies</a> and <a href="#definition-inline-policy">Inline Policies</a>. If the policy is an inline policy, the table indicates the <a href="#definition-principal">IAM Principal</a> that the inline policy is associated with.
+  The following table shows a list of Customer created IAM Policies that are currently used in the account - both <a href="#definition-managed-policy">Managed Policies</a> and <a href="#definition-inline-policy">Inline Policies</a>. If the policy is an inline policy, the table indicates the <a href="#definition-principal">IAM Principal</a> that the inline policy is associated with. It only includes policies that (1) have findings and (2) are currently used in the account.   If the policy contains IAM Actions - or combinations of actions - that fall under certain risk categories - <a href="#definition-infrastructure-modification">Infrastructure Modification</a>, <a href="#definition-privilege-escalation">Privilege Escalation</a>,  <a href="#definition-resource-exposure">Resource Exposure</a>, or <a href="#definition-data-exfiltration">Data Exfiltration</a> - then the number of occurrences per-policy and per-risk is included in the table. <b>If there are no findings for a particular policy, or if the policy is not attached to any IAM Principals, then the policy is not included in the findings.</b>
   <br>
   <br>
   If the policy contains IAM Actions - or combinations of actions - that fall under certain risk categories - <a href="#definition-infrastructure-modification">Infrastructure Modification</a>, <a href="#definition-privilege-escalation">Privilege Escalation</a>,  <a href="#definition-resource-exposure">Resource Exposure</a>, or <a href="#definition-data-exfiltration">Data Exfiltration</a> - then the number of occurrences per-policy and per-risk is included in the table.

diff --git a/examples/files/iam-principals-example.json b/examples/files/iam-principals-example.json
@@ -70,11 +70,7 @@
         "PolicyType": "Inline",
         "ManagedBy": "Customer",
         "PolicyName": "EC2-IAM-example",
-        "GroupMembership": null,
-        "Actions": 5,
-        "PrivilegeEscalation": 0,
-        "DataExfiltrationActions": 0,
-        "PermissionsManagementActions": 3
+        "GroupMembership": null
     },
     {
         "Principal": "MyRole",