Merge pull request #161 from nccgroup/feature/#26-new-finding-azure-s…

…ql-no-replication-configured feature/#26-new-finding-azure-sql-no-replication-configured
nccgroup · Feb 10, 2019 · bf0deb1 · bf0deb1
2 parents 730fa78 + cbd3b1e
commit bf0deb1
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 0 deletions.
diff --git a/ScoutSuite/output/data/html/partials/azure/services.sqldatabase.servers.html b/ScoutSuite/output/data/html/partials/azure/services.sqldatabase.servers.html
@@ -19,6 +19,7 @@ <h4 class="list-group-item-heading">SQL Databases</h4>
                 <div class="list-group-item-text item-margin">Auditing: <span id="sqldatabase.servers.{{@../key}}.databases.{{@key}}.auditing_enabled">{{ convert_bool_to_enabled auditing_enabled }}</span></div>
                 <div class="list-group-item-text item-margin">Threat detection: <span id="sqldatabase.servers.{{@../key}}.databases.{{@key}}.threat_detection_enabled">{{ convert_bool_to_enabled threat_detection_enabled }}</span></div>
                 <div class="list-group-item-text item-margin">Transparent data encryption: <span id="sqldatabase.servers.{{@../key}}.databases.{{@key}}.transparent_data_encryption_enabled">{{ convert_bool_to_enabled transparent_data_encryption_enabled }}</span></div>
+                <div class="list-group-item-text item-margin">Geo-replication configured: <span id="sqldatabase.servers.{{@../key}}.databases.{{@key}}.replication_configured">{{ replication_configured }}</span></div>
             </div>
         {{/each}}
         </div>

diff --git a/ScoutSuite/providers/azure/services/sqldatabase.py b/ScoutSuite/providers/azure/services/sqldatabase.py
@@ -40,6 +40,7 @@ def _parse_databases(self, server):
             db_dict['auditing_enabled'] = self._is_auditing_enabled(db)
             db_dict['threat_detection_enabled'] = self._is_threat_detection_enabled(db)
             db_dict['transparent_data_encryption_enabled'] = self._is_transparent_data_encryption_enabled(db)
+            db_dict['replication_configured'] = self._is_replication_configured(db)
             databases[db.name] = db_dict
 
         return databases
@@ -53,6 +54,9 @@ def _is_threat_detection_enabled(self, db):
     def _is_transparent_data_encryption_enabled(self, db):
         return db.transparent_data_encryption_settings.status == "Enabled"
 
+    def _is_replication_configured(self, db):
+        return len(db.replication_links) > 0
+
     def _get_targets(self, response_attribute, api_client, method, list_params, ignore_list_error):
         if response_attribute == "Servers":
             return self._get_servers(api_client, method, list_params)
@@ -83,6 +87,8 @@ def _get_databases(self, api_client, resource_group_name, server_name):
                     self._get_threat_detection_settings(api_client, resource_group_name, server_name, db.name))
             setattr(db, "transparent_data_encryption_settings",
                     self._get_transparent_data_encryption_settings(api_client, resource_group_name, server_name, db.name))
+            setattr(db, "replication_links",
+                    list(self._get_replication_links(api_client, resource_group_name, server_name, db.name)))
             databases.append(db)
 
         return databases
@@ -101,3 +107,6 @@ def _get_azure_ad_admin_settings(self, api_client, resource_group_name, server_n
             return api_client.server_azure_ad_administrators.get(resource_group_name, server_name)
         except CloudError:  # no ad admin configured returns a 404 error
             return None
+
+    def _get_replication_links(self, api_client, resource_group_name, server_name, database_name):
+        return api_client.replication_links.list_by_database(resource_group_name, server_name, database_name)