Added policy resource

nccgroup · Sep 5, 2019 · ff3a94d · ff3a94d
1 parent d226214
commit ff3a94d
Show file tree

Hide file tree

Showing 6 changed files with 45 additions and 0 deletions.
diff --git a/ScoutSuite/providers/azure/facade/base.py b/ScoutSuite/providers/azure/facade/base.py
@@ -6,6 +6,7 @@
 from ScoutSuite.providers.azure.facade.sqldatabase import SQLDatabaseFacade
 from ScoutSuite.providers.azure.facade.storageaccounts import StorageAccountsFacade
 from ScoutSuite.providers.azure.facade.virtualmachines import VirtualMachineFacade
+from ScoutSuite.providers.azure.facade.policy import PolicyFacade
 
 # Try to import proprietary services
 try:
@@ -35,6 +36,7 @@ def __init__(self, credentials: AzureCredentials):
         self.sqldatabase = SQLDatabaseFacade(credentials.credentials, credentials.subscription_id)
         self.storageaccounts = StorageAccountsFacade(credentials.credentials, credentials.subscription_id)
         self.graphrbac = GraphRBACFacade(credentials.graphrbac_credentials, credentials.tenant_id)
+        self.policies = PolicyFacade(credentials.credentials, credentials.subscription_id)
 
         # Instantiate facades for proprietary services
         try:

diff --git a/ScoutSuite/providers/azure/facade/policy.py b/ScoutSuite/providers/azure/facade/policy.py
@@ -0,0 +1,16 @@
+from azure.mgmt.resource.policy import PolicyClient
+
+from ScoutSuite.core.console import print_exception
+from ScoutSuite.providers.utils import run_concurrently
+
+
+class PolicyFacade:
+    def __init__(self, credentials, subscription_id):
+        self._client = PolicyClient(credentials, subscription_id, '')
+
+    async def get_policies_assignments(self):
+        try:
+            return await run_concurrently(lambda: list(self._client.policy_assignments.list()))
+        except Exception as e:
+            print_exception('Failed to retrieve users: {}'.format(e))
+            return []
diff --git a/ScoutSuite/providers/azure/resources/policy/__init__.py b/ScoutSuite/providers/azure/resources/policy/__init__.py
diff --git a/ScoutSuite/providers/azure/resources/policy/base.py b/ScoutSuite/providers/azure/resources/policy/base.py
@@ -0,0 +1,11 @@
+from ScoutSuite.providers.azure.resources.base import AzureCompositeResources
+
+from .policy_assignments import PolicyAssignments
+
+class Policies(AzureCompositeResources):
+    _children = [
+        (PolicyAssignments, 'policy_assignments'),
+    ]
+
+    async def fetch_all(self):
+        await self._fetch_children(resource_parent=self)
diff --git a/ScoutSuite/providers/azure/resources/policy/policy_assignments.py b/ScoutSuite/providers/azure/resources/policy/policy_assignments.py
@@ -0,0 +1,14 @@
+from ScoutSuite.providers.azure.resources.base import AzureResources
+
+
+class PolicyAssignments(AzureResources):
+    async def fetch_all(self):
+        for raw_policy in await self.facade.policies.get_policies_assignments():
+            id, policy = self._parse_policy(raw_policy)
+            self[id] = policy
+
+    def _parse_policy(self, raw_policy):
+        policy = {}
+        policy['id'] = raw_policy.id
+
+        return policy['id'], policy
diff --git a/ScoutSuite/providers/azure/services.py b/ScoutSuite/providers/azure/services.py
@@ -7,6 +7,7 @@
 from ScoutSuite.providers.azure.resources.sqldatabase.base import Servers
 from ScoutSuite.providers.azure.resources.storageaccounts.base import StorageAccounts
 from ScoutSuite.providers.azure.resources.virtualmachines.base import VirtualMachines
+from ScoutSuite.providers.azure.resources.policy.base import Policies
 from ScoutSuite.providers.base.services import BaseServicesConfig
 
 # Try to import proprietary services
@@ -41,6 +42,7 @@ def __init__(self, credentials: AzureCredentials = None, **kwargs):
         self.storageaccounts = StorageAccounts(facade)
         self.keyvault = KeyVaults(facade)
         self.graphrbac = GraphRBAC(facade)
+        self.policy = Policies(facade)
         self.network = Networks(facade)
         self.virtualmachines = VirtualMachines(facade)