Skip to content

Commit

Permalink
Add port ranges + Refactor to EC2 Security Groups Rules (#115)
Browse files Browse the repository at this point in the history 
* add_port_ranges: update tests and refactor security groups

* add_port_ranges: refactor, extract get_open_ports_wording

* add_port_ranges: update dependencies

* add_port_ranges: add filters support

* add_port_ranges: fix format

* add_port_ranges: update docs

* add_port_ranges: update docs

* add_port_ranges: add more tests

* add_port_ranges: update changelog

* add_port_ranges: trigger travis
  • Loading branch information
@oscarbc96
oscarbc96 committed Apr 7, 2020
1 parent 6b946e9 commit 3223ed4
Show file tree
Hide file tree
Showing 26 changed files with 723 additions and 376 deletions.
12 changes: 12 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,18 @@
# Changelog
All notable changes to this project will be documented in this file.

## [0.18.0] - 2020-04-07
### Improvements
- `EC2SecurityGroupIngressOpenToWorldRule`, `EC2SecurityGroupMissingEgressRule` and `EC2SecurityGroupOpenToWorldRule` include support for filters.
- `EC2SecurityGroupIngressOpenToWorldRule` and `EC2SecurityGroupOpenToWorldRule` support adding errors for port ranges.
### Breaking changes
- `Config.DEFAULT_ALLOWED_WORLD_OPEN_PORTS` type changes to `List[int]`
- Rename `SecurityGroupIngressOpenToWorldRule` to `EC2SecurityGroupIngressOpenToWorldRule`
- Rename `SecurityGroupMissingEgressRule` to `EC2SecurityGroupMissingEgressRule`
- Rename `SecurityGroupOpenToWorldRule` to `EC2SecurityGroupOpenToWorldRule`
- Improved message for users when failing the `SecurityGroupOpenToWorldRule` and `SecurityGroupIngressOpenToWorldRule` rules.
- Improved documentation for the above rules, including styling fixes which have now been tested.

## [0.17.2] - 2020-04-01
### Improvements
- Improved message for users when failing the `SecurityGroupOpenToWorldRule` and `SecurityGroupIngressOpenToWorldRule` rules.
Expand Down
2 changes: 1 addition & 1 deletion cfripper/__version__.py
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
VERSION = (0, 17, 2)
VERSION = (0, 18, 0)

__version__ = ".".join(map(str, VERSION))
2 changes: 1 addition & 1 deletion cfripper/config/config.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@


class Config:
DEFAULT_ALLOWED_WORLD_OPEN_PORTS = ["80", "443"]
DEFAULT_ALLOWED_WORLD_OPEN_PORTS = [80, 443]
DEFAULT_FORBIDDEN_MANAGED_POLICY_ARNS = [
"arn:aws:iam::aws:policy/AdministratorAccess",
"arn:aws:iam::aws:policy/IAMFullAccess",
Expand Down
18 changes: 9 additions & 9 deletions cfripper/rules/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,11 @@
S3CrossAccountTrustRule,
)
from cfripper.rules.ebs_volume_has_sse import EBSVolumeHasSSERule
from cfripper.rules.ec2_security_group import (
EC2SecurityGroupIngressOpenToWorldRule,
EC2SecurityGroupMissingEgressRule,
EC2SecurityGroupOpenToWorldRule,
)
from cfripper.rules.hardcoded_RDS_password import HardcodedRDSPasswordRule
from cfripper.rules.iam_roles import IAMRolesOverprivilegedRule, IAMRoleWildcardActionOnPolicyRule
from cfripper.rules.kms_key_wildcard_principal import KMSKeyWildcardPrincipalRule
Expand All @@ -15,11 +20,6 @@
from cfripper.rules.privilege_escalation import PrivilegeEscalationRule
from cfripper.rules.s3_bucket_policy import S3BucketPolicyPrincipalRule
from cfripper.rules.s3_public_access import S3BucketPublicReadAclAndListStatementRule, S3BucketPublicReadWriteAclRule
from cfripper.rules.security_group import (
SecurityGroupIngressOpenToWorldRule,
SecurityGroupMissingEgressRule,
SecurityGroupOpenToWorldRule,
)
from cfripper.rules.sns_topic_policy_not_principal import SNSTopicPolicyNotPrincipalRule
from cfripper.rules.sqs_queue_policy import SQSQueuePolicyNotPrincipalRule, SQSQueuePolicyPublicRule
from cfripper.rules.wildcard_policies import (
Expand All @@ -35,10 +35,13 @@
CloudFormationAuthenticationRule,
CrossAccountTrustRule,
EBSVolumeHasSSERule,
EC2SecurityGroupIngressOpenToWorldRule,
EC2SecurityGroupMissingEgressRule,
EC2SecurityGroupOpenToWorldRule,
FullWildcardPrincipalRule,
HardcodedRDSPasswordRule,
IAMRolesOverprivilegedRule,
IAMRoleWildcardActionOnPolicyRule,
IAMRolesOverprivilegedRule,
KMSKeyCrossAccountTrustRule,
KMSKeyWildcardPrincipalRule,
ManagedPolicyOnUserRule,
Expand All @@ -50,9 +53,6 @@
S3BucketPublicReadAclAndListStatementRule,
S3BucketPublicReadWriteAclRule,
S3CrossAccountTrustRule,
SecurityGroupIngressOpenToWorldRule,
SecurityGroupMissingEgressRule,
SecurityGroupOpenToWorldRule,
SNSTopicPolicyNotPrincipalRule,
SNSTopicPolicyWildcardActionRule,
SQSQueuePolicyNotPrincipalRule,
Expand Down

0 comments on commit 3223ed4

Please sign in to comment.