-
Notifications
You must be signed in to change notification settings - Fork 1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #304 from nccgroup/refactoring/gcp/cloudstorage
Refactoring/gcp/cloudstorage
- Loading branch information
Showing
12 changed files
with
91 additions
and
103 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
import asyncio | ||
from google.cloud import storage | ||
from ScoutSuite.providers.utils import run_concurrently, get_and_set_concurrently | ||
|
||
class CloudStorageFacade: | ||
async def get_buckets(self, project_id: str): | ||
client = storage.Client(project=project_id) | ||
buckets = await run_concurrently(lambda: list(client.list_buckets())) | ||
await get_and_set_concurrently([self._get_and_set_bucket_logging, | ||
self._get_and_set_bucket_iam_policy], buckets) | ||
return buckets | ||
|
||
async def _get_and_set_bucket_logging(self, bucket): | ||
bucket_logging = await run_concurrently(lambda: bucket.get_logging()) | ||
setattr(bucket, 'logging', bucket_logging) | ||
|
||
async def _get_and_set_bucket_iam_policy(self, bucket): | ||
bucket_iam_policy = await run_concurrently(lambda: bucket.get_iam_policy()) | ||
setattr(bucket, 'iam_policy', bucket_iam_policy) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Empty file.
41 changes: 41 additions & 0 deletions
41
ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
from ScoutSuite.core.console import print_exception | ||
from ScoutSuite.providers.base.configs.resources import Resources | ||
from ScoutSuite.providers.gcp.facade.gcp import GCPFacade | ||
from ScoutSuite.providers.utils import get_non_provider_id | ||
|
||
class Buckets(Resources): | ||
def __init__(self, gcp_facade: GCPFacade, project_id: str): | ||
self.gcp_facade = gcp_facade | ||
self.project_id = project_id | ||
|
||
async def fetch_all(self): | ||
raw_buckets = await self.gcp_facade.cloudstorage.get_buckets(self.project_id) | ||
for raw_bucket in raw_buckets: | ||
bucket_id, bucket = self._parse_bucket(raw_bucket) | ||
self[bucket_id] = bucket | ||
|
||
def _parse_bucket(self, raw_bucket): | ||
bucket_dict = {} | ||
bucket_dict['id'] = get_non_provider_id(raw_bucket.id) | ||
bucket_dict['name'] = raw_bucket.name | ||
bucket_dict['project_id'] = self.project_id | ||
bucket_dict['project_number'] = raw_bucket.project_number | ||
bucket_dict['creation_date'] = raw_bucket.time_created | ||
bucket_dict['location'] = raw_bucket.location | ||
bucket_dict['storage_class'] = raw_bucket.storage_class.lower() | ||
bucket_dict['versioning_status_enabled'] = raw_bucket.versioning_enabled | ||
bucket_dict['logging_enabled'] = raw_bucket.logging is not None | ||
bucket_dict['acl_configuration'] = self._get_cloudstorage_bucket_acl(raw_bucket) | ||
return bucket_dict['id'], bucket_dict | ||
|
||
def _get_cloudstorage_bucket_acl(self, raw_bucket): | ||
bucket_acls = raw_bucket.iam_policy | ||
acl_config = {} | ||
for role in bucket_acls._bindings: | ||
for member in bucket_acls[role]: | ||
if member.split(':')[0] not in ['projectEditor', 'projectViewer', 'projectOwner']: | ||
if member not in acl_config: | ||
acl_config[member] = [role] | ||
else: | ||
acl_config[member].append(role) | ||
return acl_config |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
from ScoutSuite.providers.gcp.facade.gcp import GCPFacade | ||
from ScoutSuite.providers.gcp.resources.projects import Projects | ||
from ScoutSuite.providers.gcp.resources.cloudstorage.buckets import Buckets | ||
|
||
class CloudStorage(Projects): | ||
_children = [ | ||
(Buckets, 'buckets') | ||
] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
4 changes: 2 additions & 2 deletions
4
ScoutSuite/providers/gcp/rules/findings/cloudstorage-bucket-no-versioning.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,9 +1,9 @@ | ||
{ | ||
"dashboard_name": "Buckets", | ||
"description": "Bucket without versioning", | ||
"path": "cloudstorage.buckets.id", | ||
"path": "cloudstorage.projects.id.buckets.id", | ||
"conditions": [ "and", | ||
[ "cloudstorage.buckets.id.versioning_status_enabled", "false", "" ] | ||
[ "cloudstorage.projects.id.buckets.id.versioning_status_enabled", "false", "" ] | ||
], | ||
"id_suffix": "versioning" | ||
} |
This file was deleted.
Oops, something went wrong.