subscription id can be masked

cmd/azqr/main.go

@@ -29,6 +29,7 @@ func main() {
 	resourceGroupPtr := flag.String("g", "", "Azure Resource Group")
 	outputPtr := flag.String("o", "azqr_report", "Output file prefix")
 	detail := flag.Bool("d", false, "Enable more details in the report")
+	maskPtr := flag.Bool("m", false, "Mask the subscription id in the report")
 	concurrency := flag.Int("p", defaultConcurrency, fmt.Sprintf("Parallel processes. Default to %d. A < 0 value will use the maxmimum concurrency.", defaultConcurrency))
 	ver := flag.Bool("v", false, "Print version and exit")
 
@@ -151,6 +152,7 @@ func main() {
 	reportData := renderers.ReportData{
 		OutputFileName:     outputFile,
 		EnableDetailedScan: config.EnableDetailedScan,
+		Mask:               *maskPtr,
 		MainData:           all,
 		DefenderData:       defenderResults,
 	}

internal/renderers/excel.go

@@ -26,7 +26,7 @@ func CreateExcelReport(data ReportData) {
 
 		rows := [][]string{}
 		for _, r := range data.MainData {
-			rows = append(mapToRow(heathers, r.ToMap()), rows...)
+			rows = append(mapToRow(heathers, r.ToMap(data.Mask)), rows...)
 		}
 
 		for idx, row := range rows {
@@ -72,7 +72,7 @@ func CreateExcelReport(data ReportData) {
 
 			rows := [][]string{}
 			for _, r := range data.DefenderData {
-				rows = append(mapToRow(heathers, r.ToMap()), rows...)
+				rows = append(mapToRow(heathers, r.ToMap(data.Mask)), rows...)
 			}
 
 			for idx, row := range rows {

internal/renderers/markdown.go

@@ -14,7 +14,7 @@ import (
 )
 
 func CreateMarkdownReport(data ReportData) {
-	resultsTable := renderTable(data.MainData)
+	resultsTable := renderTable(data.MainData, data.Mask)
 
 	var allFunctions []scanners.IAzureServiceResult
 	for _, r := range data.MainData {
@@ -38,7 +38,7 @@ func CreateMarkdownReport(data ReportData) {
 			recommendations += templates.GetTemplates(fmt.Sprintf("%s.md", parsedType))
 
 			if r.GetResourceType() == "Microsoft.Web/serverfarms/sites" && len(allFunctions) > 0 && data.EnableDetailedScan {
-				recommendations = strings.Replace(recommendations, "{{functions}}", renderDetailsTable(allFunctions), 1)
+				recommendations = strings.Replace(recommendations, "{{functions}}", renderDetailsTable(allFunctions, data.Mask), 1)
 			} else {
 				recommendations = strings.Replace(recommendations, "{{functions}}", "", 1)
 			}
@@ -48,7 +48,7 @@ func CreateMarkdownReport(data ReportData) {
 	if len(data.DefenderData) > 0 {
 		recommendations += "\n\n"
 		recommendations += templates.GetTemplates("Microsoft.Security.pricings.md")
-		recommendations = strings.Replace(recommendations, "{{defender}}", renderDefenderTable(data.DefenderData), 1)
+		recommendations = strings.Replace(recommendations, "{{defender}}", renderDefenderTable(data.DefenderData, data.Mask), 1)
 	}
 
 	reportTemplate = strings.Replace(reportTemplate, "{{recommendations}}", recommendations, 1)
@@ -66,7 +66,7 @@ func CreateMarkdownReport(data ReportData) {
 	}
 }
 
-func renderTable(results []scanners.IAzureServiceResult) string {
+func renderTable(results []scanners.IAzureServiceResult, mask bool) string {
 	if len(results) == 0 {
 		return "No results found."
 	}
@@ -75,7 +75,7 @@ func renderTable(results []scanners.IAzureServiceResult) string {
 
 	rows := [][]string{}
 	for _, r := range results {
-		rows = append(mapToRow(heathers, r.ToMap()), rows...)
+		rows = append(mapToRow(heathers, r.ToMap(mask)), rows...)
 	}
 
 	prettyPrintedTable, err := markdown.NewTableFormatterBuilder().
@@ -91,12 +91,12 @@ func renderTable(results []scanners.IAzureServiceResult) string {
 	return prettyPrintedTable
 }
 
-func renderDetailsTable(results []scanners.IAzureServiceResult) string {
+func renderDetailsTable(results []scanners.IAzureServiceResult, mask bool) string {
 	heathers := results[0].GetDetailHeathers()
 
 	rows := [][]string{}
 	for _, r := range results {
-		rows = append(mapToRow(heathers, r.ToDetailMap()), rows...)
+		rows = append(mapToRow(heathers, r.ToDetailMap(mask)), rows...)
 	}
 
 	prettyPrintedTable, err := markdown.NewTableFormatterBuilder().
@@ -111,7 +111,7 @@ func renderDetailsTable(results []scanners.IAzureServiceResult) string {
 	return prettyPrintedTable
 }
 
-func renderDefenderTable(results []scanners.DefenderResult) string {
+func renderDefenderTable(results []scanners.DefenderResult, mask bool) string {
 	if len(results) == 0 {
 		return "No results found."
 	}
@@ -120,7 +120,7 @@ func renderDefenderTable(results []scanners.DefenderResult) string {
 
 	rows := [][]string{}
 	for _, r := range results {
-		rows = append(mapToRow(heathers, r.ToMap()), rows...)
+		rows = append(mapToRow(heathers, r.ToMap(mask)), rows...)
 	}
 
 	prettyPrintedTable, err := markdown.NewTableFormatterBuilder().

internal/renderers/report_data.go

@@ -7,6 +7,7 @@ import (
 type ReportData struct {
 	OutputFileName     string
 	EnableDetailedScan bool
+	Mask               bool
 	MainData           []scanners.IAzureServiceResult
 	DefenderData       []scanners.DefenderResult
-}
+}

internal/scanners/defender.go

@@ -9,7 +9,7 @@ import (
 // DefenderResult - Defender result
 type DefenderResult struct {
 	SubscriptionID, Name, Tier string
-	Deprecated                       bool
+	Deprecated                 bool
 }
 
 // DefenderScanner - Defender scanner
@@ -29,9 +29,9 @@ func (d *DefenderResult) GetProperties() []string {
 }
 
 // ToMap - Returns the properties of the DefenderResult as a map
-func (r DefenderResult) ToMap() map[string]string {
+func (r DefenderResult) ToMap(mask bool) map[string]string {
 	return map[string]string{
-		"SubscriptionID": r.SubscriptionID,
+		"SubscriptionID": maskSubscriptionID(r.SubscriptionID, mask),
 		"Name":           r.Name,
 		"Tier":           r.Tier,
 		"Deprecated":     strconv.FormatBool(r.Deprecated),

internal/scanners/scanner.go

@@ -2,6 +2,7 @@ package scanners
 
 import (
 	"context"
+	"fmt"
 	"strconv"
 	"strings"
 
@@ -14,8 +15,8 @@ type (
 		GetResourceType() string
 		GetHeathers() []string
 		GetDetailHeathers() []string
-		ToMap() map[string]string
-		ToDetailMap() map[string]string
+		ToMap(mask bool) map[string]string
+		ToDetailMap(mask bool) map[string]string
 		Value() AzureServiceResult
 	}
 
@@ -50,9 +51,9 @@ type (
 )
 
 // ToMap - Returns a map representation of the Azure Service Result
-func (r AzureServiceResult) ToMap() map[string]string {
+func (r AzureServiceResult) ToMap(mask bool) map[string]string {
 	return map[string]string{
-		"SubscriptionID": r.SubscriptionID,
+		"SubscriptionID": maskSubscriptionID(r.SubscriptionID, mask),
 		"ResourceGroup":  r.ResourceGroup,
 		"Location":       parseLocation(r.Location),
 		"Type":           r.Type,
@@ -67,7 +68,7 @@ func (r AzureServiceResult) ToMap() map[string]string {
 }
 
 // ToDetail - Returns a map representation of the Azure Service Result
-func (r AzureServiceResult) ToDetailMap() map[string]string {
+func (r AzureServiceResult) ToDetailMap(mask bool) map[string]string {
 	return map[string]string{}
 }
 
@@ -115,9 +116,9 @@ type AzureFunctionAppResult struct {
 }
 
 // ToDetail - Returns a map representation of the Azure Function App Result
-func (r AzureFunctionAppResult) ToDetailMap() map[string]string {
+func (r AzureFunctionAppResult) ToDetailMap(mask bool) map[string]string {
 	return map[string]string{
-		"SubscriptionID":                r.SubscriptionID,
+		"SubscriptionID":                maskSubscriptionID(r.SubscriptionID, mask),
 		"ResourceGroup":                 r.ResourceGroup,
 		"Location":                      parseLocation(r.Location),
 		"Type":                          r.Type,
@@ -151,3 +152,12 @@ func (r AzureFunctionAppResult) GetDetailProperties() []string {
 func parseLocation(location string) string {
 	return strings.ToLower(strings.ReplaceAll(location, " ", ""))
 }
+
+func maskSubscriptionID(subscriptionID string, mask bool) string {
+	if !mask {
+		return subscriptionID
+	}
+
+	// Show only last 7 chars of the subscription ID
+	return fmt.Sprintf("xxxxxxxx-xxxx-xxxx-xxxx-xxxxx%s", subscriptionID[29:])
+}