Skip to content

Commit

Permalink
update JS and Python dependencies
Browse files Browse the repository at this point in the history
  • Loading branch information
@gruebel
gruebel committed Jul 21, 2024
1 parent 7f3065d commit ba4aa1d
Show file tree
Hide file tree
Showing 7 changed files with 51,668 additions and 18,275 deletions.
313 changes: 21 additions & 292 deletions cloudsplaining/output/dist/js/index.js
View file

Large diffs are not rendered by default.

279 changes: 141 additions & 138 deletions cloudsplaining/output/src/components/Summary.vue
View file
Original file line number Diff line number Diff line change
@@ -1,84 +1,85 @@
<template>
<div class="report">
<b-row class="mb-3">
<b-col>
<h3>Executive Summary</h3>
<p>
This report contains the security assessment results from
<a href="https://github.com/salesforce/cloudsplaining" rel="noreferrer">Cloudsplaining</a>, which maps out the IAM risk
landscape in a report.</p>
<p>
The assessment identifies where resource ARN constraints are not used and identifies other risks
in IAM policies:
</p>
<ul>
<li>Privilege Escalation</li>
<li>Resource Exposure</li>
<li>Infrastructure Modification</li>
<li>Data Exfiltration</li>
</ul>
<p>
Remediating these issues, where necessary, will help to limit the blast radius in the case of compromised AWS
credentials.
</p>
</b-col>

</b-row>

<b-row class="mb-3">
<b-col lg="8">
<div style="" class="d-none d-sm-block">
<summary-findings
:inline-policy-risks="inlinePolicyRisks"
:customer-managed-policy-risks="customerManagedPolicyRisks"
:aws-managed-policy-risks="awsManagedPolicyRisks"
:height="200"
></summary-findings>
</div>
</b-col>
<b-col>
<b-table-simple small responsive>
<b-thead head-variant="dark">
<b-tr>
<b-th>Risk</b-th>
<b-th>Instances</b-th>
<b-th>Severity</b-th>
</b-tr>
</b-thead>
<b-tbody>
<b-tr>
<b-th>Privilege Escalation</b-th>
<b-td>{{ policyRisks.PrivilegeEscalation }}</b-td>
<b-td>{{ severity.PrivilegeEscalation }}</b-td>
</b-tr>
<b-tr>
<b-th>Data Exfiltration</b-th>
<b-td>{{ policyRisks.DataExfiltration }}</b-td>
<b-td>{{ severity.DataExfiltration }}</b-td>
</b-tr>
<b-tr>
<b-th>Resource Exposure</b-th>
<b-td>{{ policyRisks.ResourceExposure }}</b-td>
<b-td>{{ severity.ResourceExposure }}</b-td>
</b-tr>
<b-tr>
<b-th>Credentials Exposure</b-th>
<b-td>{{ policyRisks.CredentialsExposure }}</b-td>
<b-td>{{ severity.CredentialsExposure }}</b-td>
</b-tr>
<b-tr>
<b-th>Infrastructure Modification</b-th>
<b-td>{{ policyRisks.InfrastructureModification }}</b-td>
<b-td>{{ severity.InfrastructureModification }}</b-td>
</b-tr>

</b-tbody>
</b-table-simple>
</b-col>

</b-row>

</div>
<div class="report">
<b-row class="mb-3">
<b-col>
<h3>Executive Summary</h3>
<p>
This report contains the security assessment results from
<a href="https://github.com/salesforce/cloudsplaining" rel="noreferrer">Cloudsplaining</a>, which
maps out the IAM risk
landscape in a report.</p>
<p>
The assessment identifies where resource ARN constraints are not used and identifies other risks
in IAM policies:
</p>
<ul>
<li>Privilege Escalation</li>
<li>Resource Exposure</li>
<li>Infrastructure Modification</li>
<li>Data Exfiltration</li>
</ul>
<p>
Remediating these issues, where necessary, will help to limit the blast radius in the case of
compromised AWS
credentials.
</p>
</b-col>

</b-row>

<b-row class="mb-3">
<b-col lg="8">
<div style="" class="d-none d-sm-block">
<SummaryFindings
:inline-policy-risks="inlinePolicyRisks"
:customer-managed-policy-risks="customerManagedPolicyRisks"
:aws-managed-policy-risks="awsManagedPolicyRisks"
/>
</div>
</b-col>
<b-col>
<b-table-simple small responsive>
<b-thead head-variant="dark">
<b-tr>
<b-th>Risk</b-th>
<b-th>Instances</b-th>
<b-th>Severity</b-th>
</b-tr>
</b-thead>
<b-tbody>
<b-tr>
<b-th>Privilege Escalation</b-th>
<b-td>{{ policyRisks.PrivilegeEscalation }}</b-td>
<b-td>{{ severity.PrivilegeEscalation }}</b-td>
</b-tr>
<b-tr>
<b-th>Data Exfiltration</b-th>
<b-td>{{ policyRisks.DataExfiltration }}</b-td>
<b-td>{{ severity.DataExfiltration }}</b-td>
</b-tr>
<b-tr>
<b-th>Resource Exposure</b-th>
<b-td>{{ policyRisks.ResourceExposure }}</b-td>
<b-td>{{ severity.ResourceExposure }}</b-td>
</b-tr>
<b-tr>
<b-th>Credentials Exposure</b-th>
<b-td>{{ policyRisks.CredentialsExposure }}</b-td>
<b-td>{{ severity.CredentialsExposure }}</b-td>
</b-tr>
<b-tr>
<b-th>Infrastructure Modification</b-th>
<b-td>{{ policyRisks.InfrastructureModification }}</b-td>
<b-td>{{ severity.InfrastructureModification }}</b-td>
</b-tr>

</b-tbody>
</b-table-simple>
</b-col>

</b-row>

</div>
</template>
<script>
// var md = require('markdown-it')({
Expand All @@ -96,66 +97,68 @@ import {policyViolations} from "../util/other"
import {ISSUE_SEVERITY} from "../util/glossary"
export default {
name: "Summary",
props: {
iam_data: Object,
policyFilter: String
},
components: {
SummaryFindings
},
computed: {
// summary() {
// return summary;
// },
severity() { return ISSUE_SEVERITY },
inlinePolicyRisks() {
return policyViolations(Object.assign(this.iam_data["inline_policies"]))
},
customerManagedPolicyRisks() {
return policyViolations(Object.assign(this.iam_data["customer_managed_policies"]))
name: "Summary",
props: {
iam_data: Object,
policyFilter: String
},
awsManagedPolicyRisks() {
return policyViolations(Object.assign(this.iam_data["aws_managed_policies"]))
components: {
SummaryFindings
},
policyRisks() {
if (this.policyFilter === "inlinePolicies") {
return this.inlinePolicyRisks
}
if (["custManaged"].indexOf(this.policyFilter) !== -1) {
return this.customerManagedPolicyRisks;
}
if (["awsManaged"].indexOf(this.policyFilter) !== -1) {
return this.awsManagedPolicyRisks;
}
return {
"PrivilegeEscalation":
this.inlinePolicyRisks.PrivilegeEscalation
+ this.awsManagedPolicyRisks.PrivilegeEscalation
+ this.customerManagedPolicyRisks.PrivilegeEscalation,
"DataExfiltration": this.inlinePolicyRisks.DataExfiltration
+ this.awsManagedPolicyRisks.DataExfiltration
+ this.customerManagedPolicyRisks.DataExfiltration,
"ResourceExposure":
this.inlinePolicyRisks.ResourceExposure
+ this.awsManagedPolicyRisks.ResourceExposure
+ this.customerManagedPolicyRisks.ResourceExposure,
"CredentialsExposure":
this.inlinePolicyRisks.CredentialsExposure
+ this.awsManagedPolicyRisks.CredentialsExposure
+ this.customerManagedPolicyRisks.CredentialsExposure,
"InfrastructureModification":
this.inlinePolicyRisks.InfrastructureModification
+ this.awsManagedPolicyRisks.InfrastructureModification
+ this.customerManagedPolicyRisks.InfrastructureModification
}
},
}
computed: {
// summary() {
// return summary;
// },
severity() {
return ISSUE_SEVERITY
},
inlinePolicyRisks() {
return policyViolations(Object.assign(this.iam_data["inline_policies"]))
},
customerManagedPolicyRisks() {
return policyViolations(Object.assign(this.iam_data["customer_managed_policies"]))
},
awsManagedPolicyRisks() {
return policyViolations(Object.assign(this.iam_data["aws_managed_policies"]))
},
policyRisks() {
if (this.policyFilter === "inlinePolicies") {
return this.inlinePolicyRisks
}
if (["custManaged"].indexOf(this.policyFilter) !== -1) {
return this.customerManagedPolicyRisks;
}
if (["awsManaged"].indexOf(this.policyFilter) !== -1) {
return this.awsManagedPolicyRisks;
}
return {
"PrivilegeEscalation":
this.inlinePolicyRisks.PrivilegeEscalation
+ this.awsManagedPolicyRisks.PrivilegeEscalation
+ this.customerManagedPolicyRisks.PrivilegeEscalation,
"DataExfiltration":
this.inlinePolicyRisks.DataExfiltration
+ this.awsManagedPolicyRisks.DataExfiltration
+ this.customerManagedPolicyRisks.DataExfiltration,
"ResourceExposure":
this.inlinePolicyRisks.ResourceExposure
+ this.awsManagedPolicyRisks.ResourceExposure
+ this.customerManagedPolicyRisks.ResourceExposure,
"CredentialsExposure":
this.inlinePolicyRisks.CredentialsExposure
+ this.awsManagedPolicyRisks.CredentialsExposure
+ this.customerManagedPolicyRisks.CredentialsExposure,
"InfrastructureModification":
this.inlinePolicyRisks.InfrastructureModification
+ this.awsManagedPolicyRisks.InfrastructureModification
+ this.customerManagedPolicyRisks.InfrastructureModification
}
}
}
}
</script>

Expand Down
Loading

0 comments on commit ba4aa1d

Please sign in to comment.