Merge pull request #509 from 0xdabbad00/fixes

0xdabbad00 · web-flow · commit 00a98a41894c · 2019-08-07T14:50:29.000-06:00
Bug fixes
diff --git a/account-data/demo/us-east-1/iam-get-account-authorization-details.json b/account-data/demo/us-east-1/iam-get-account-authorization-details.json
@@ -1,6 +1,119 @@
 {
     "GroupDetailList": [],
     "Policies": [
+        {
+            "Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM",
+            "AttachmentCount": 1,
+            "CreateDate": "2016-11-10T17:20:15+00:00",
+            "DefaultVersionId": "v8",
+            "IsAttachable": true,
+            "Path": "/job-function/",
+            "PermissionsBoundaryUsageCount": 0,
+            "PolicyId": "ANPAID22R6XPJATWOFDK6",
+            "PolicyName": "AmazonEC2RoleforSSM",
+            "PolicyVersionList": [
+                {
+                    "Document": {
+                        "Version": "2012-10-17",
+                        "Statement": [
+                            {
+                                "Effect": "Allow",
+                                "Action": [
+                                    "ssm:DescribeAssociation",
+                                    "ssm:GetDeployablePatchSnapshotForInstance",
+                                    "ssm:GetDocument",
+                                    "ssm:DescribeDocument",
+                                    "ssm:GetManifest",
+                                    "ssm:GetParameters",
+                                    "ssm:ListAssociations",
+                                    "ssm:ListInstanceAssociations",
+                                    "ssm:PutInventory",
+                                    "ssm:PutComplianceItems",
+                                    "ssm:PutConfigurePackageResult",
+                                    "ssm:UpdateAssociationStatus",
+                                    "ssm:UpdateInstanceAssociationStatus",
+                                    "ssm:UpdateInstanceInformation"
+                                ],
+                                "Resource": "*"
+                            },
+                            {
+                                "Effect": "Allow",
+                                "Action": [
+                                    "ssmmessages:CreateControlChannel",
+                                    "ssmmessages:CreateDataChannel",
+                                    "ssmmessages:OpenControlChannel",
+                                    "ssmmessages:OpenDataChannel"
+                                ],
+                                "Resource": "*"
+                            },
+                            {
+                                "Effect": "Allow",
+                                "Action": [
+                                    "ec2messages:AcknowledgeMessage",
+                                    "ec2messages:DeleteMessage",
+                                    "ec2messages:FailMessage",
+                                    "ec2messages:GetEndpoint",
+                                    "ec2messages:GetMessages",
+                                    "ec2messages:SendReply"
+                                ],
+                                "Resource": "*"
+                            },
+                            {
+                                "Effect": "Allow",
+                                "Action": [
+                                    "cloudwatch:PutMetricData"
+                                ],
+                                "Resource": "*"
+                            },
+                            {
+                                "Effect": "Allow",
+                                "Action": [
+                                    "ec2:DescribeInstanceStatus"
+                                ],
+                                "Resource": "*"
+                            },
+                            {
+                                "Effect": "Allow",
+                                "Action": [
+                                    "ds:CreateComputer",
+                                    "ds:DescribeDirectories"
+                                ],
+                                "Resource": "*"
+                            },
+                            {
+                                "Effect": "Allow",
+                                "Action": [
+                                    "logs:CreateLogGroup",
+                                    "logs:CreateLogStream",
+                                    "logs:DescribeLogGroups",
+                                    "logs:DescribeLogStreams",
+                                    "logs:PutLogEvents"
+                                ],
+                                "Resource": "*"
+                            },
+                            {
+                                "Effect": "Allow",
+                                "Action": [
+                                    "s3:GetBucketLocation",
+                                    "s3:PutObject",
+                                    "s3:GetObject",
+                                    "s3:GetEncryptionConfiguration",
+                                    "s3:AbortMultipartUpload",
+                                    "s3:ListMultipartUploadParts",
+                                    "s3:ListBucket",
+                                    "s3:ListBucketMultipartUploads"
+                                ],
+                                "Resource": "*"
+                            }
+                        ]
+                    },
+                    "VersionId": "v8",
+                    "IsDefaultVersion": true,
+                    "CreateDate": "2019-01-24T19:20:51Z"
+                }
+            ], 
+            "UpdateDate": "2019-05-07T18:55:12Z"
+        },
         {
             "PolicyName": "BAD_MFA_POLICY", 
             "PermissionsBoundaryUsageCount": 0, 
diff --git a/cloudmapper.py b/cloudmapper.py
@@ -30,7 +30,7 @@
 import pkgutil
 import importlib
 
-__version__ = "2.6.3"
+__version__ = "2.6.4"
 
 
 def show_help(commands):
diff --git a/collect_commands.yaml b/collect_commands.yaml
@@ -382,5 +382,5 @@
   Request: describe-organization
 - Service: organizations
   Request: list-accounts
-- Service: kafka
-  Request: list-clusters
+# - Service: kafka
+#   Request: list-clusters
diff --git a/shared/audit.py b/shared/audit.py
@@ -62,9 +62,10 @@ def load_audit_config():
             audit_override = yaml.safe_load(f)
 
             # Over-write the values from audit_config
-            for finding_id in audit_override:
-                for k in audit_override[finding_id]:
-                    audit_config[finding_id][k] = audit_override[finding_id][k]
+            if audit_override:
+                for finding_id in audit_override:
+                    for k in audit_override[finding_id]:
+                        audit_config[finding_id][k] = audit_override[finding_id][k]
     return audit_config
 
 
diff --git a/stats_config.yaml b/stats_config.yaml
@@ -50,9 +50,9 @@
 - name: Lambda functions
   query: .Functions|length
   source: lambda-list-functions
-- name: Kafka clusters
-  query: .ClusterInfoList|length
-  source: kafka-list-clusters
+# - name: Kafka clusters
+#   query: .ClusterInfoList|length
+#   source: kafka-list-clusters
 # Verbose resources
 - name: Route53 hosted zones
   query: .HostedZones|length
diff --git a/templates/iam_report.html b/templates/iam_report.html
@@ -12,17 +12,17 @@
     
     <title>CloudMapper IAM Report</title>
     
-    <link href="/css/bootstrap.css" rel="stylesheet">
-    <link href="/css/lato.css" rel="stylesheet">
+    <link href="../css/bootstrap.css" rel="stylesheet">
+    <link href="../css/lato.css" rel="stylesheet">
 
-    <link href="/css/report.css" rel="stylesheet">
+    <link href="../css/report.css" rel="stylesheet">
 
-    <link href="/css/font-awesome.css" rel="stylesheet">
+    <link href="../css/font-awesome.css" rel="stylesheet">
 
-    <script src="/js/chart.js"></script>
-    <script src="/js/iam_report.js"></script>
+    <script src="../js/chart.js"></script>
+    <script src="../js/iam_report.js"></script>
 
-    <link rel="icon" href="/favicon.ico" sizes="16x16 32x32 64x64" type="image/vnd.microsoft.icon">
+    <link rel="icon" href="../favicon.ico" sizes="16x16 32x32 64x64" type="image/vnd.microsoft.icon">
 </head>
 
 <body>
diff --git a/templates/report.html b/templates/report.html
@@ -12,15 +12,15 @@
     
     <title>CloudMapper AWS Security Report</title>
     
-    <link href="/css/bootstrap.css" rel="stylesheet">
-    <link href="/css/lato.css" rel="stylesheet">
+    <link href="../css/bootstrap.css" rel="stylesheet">
+    <link href="../css/lato.css" rel="stylesheet">
 
-    <link href="/css/report.css" rel="stylesheet">
+    <link href="../css/report.css" rel="stylesheet">
 
-    <script src="/js/chart.js"></script>
-    <script src="/js/report.js"></script>
+    <script src="../js/chart.js"></script>
+    <script src="../js/report.js"></script>
 
-    <link rel="icon" href="/favicon.ico" sizes="16x16 32x32 64x64" type="image/vnd.microsoft.icon">
+    <link rel="icon" href="../favicon.ico" sizes="16x16 32x32 64x64" type="image/vnd.microsoft.icon">
 </head>
 
 <body>
diff --git a/web/css/lato.css b/web/css/lato.css
@@ -3,35 +3,35 @@
   font-family: 'Lato';
   font-style: normal;
   font-weight: 300;
-  src: local('Lato Light'), local('Lato-Light'), url(/fonts/lato-light.woff) format('woff');
+  src: local('Lato Light'), local('Lato-Light'), url(../fonts/lato-light.woff) format('woff');
 }
 @font-face {
   font-family: 'Lato';
   font-style: normal;
   font-weight: 400;
-  src: local('Lato Regular'), local('Lato-Regular'), url(/fonts/lato-regular.woff) format('woff');
+  src: local('Lato Regular'), local('Lato-Regular'), url(../fonts/lato-regular.woff) format('woff');
 }
 @font-face {
   font-family: 'Lato';
   font-style: normal;
   font-weight: 700;
-  src: local('Lato Bold'), local('Lato-Bold'), url(/fonts/lato-bold.woff) format('woff');
+  src: local('Lato Bold'), local('Lato-Bold'), url(../fonts/lato-bold.woff) format('woff');
 }
 @font-face {
   font-family: 'Lato';
   font-style: italic;
   font-weight: 300;
-  src: local('Lato Light Italic'), local('Lato-LightItalic'), url(/fonts/lato-lightitalic.woff) format('woff');
+  src: local('Lato Light Italic'), local('Lato-LightItalic'), url(../fonts/lato-lightitalic.woff) format('woff');
 }
 @font-face {
   font-family: 'Lato';
   font-style: italic;
   font-weight: 400;
-  src: local('Lato Italic'), local('Lato-Italic'), url(/fonts/lato-italic.woff) format('woff');
+  src: local('Lato Italic'), local('Lato-Italic'), url(../fonts/lato-italic.woff) format('woff');
 }
 @font-face {
   font-family: 'Lato';
   font-style: italic;
   font-weight: 700;
-  src: local('Lato Bold Italic'), local('Lato-BoldItalic'), url(/fonts/lato-bolditalic.woff) format('woff');
+  src: local('Lato Bold Italic'), local('Lato-BoldItalic'), url(../fonts/lato-bolditalic.woff) format('woff');
 }
diff --git a/web/js/cloudmap.js b/web/js/cloudmap.js
@@ -37,7 +37,7 @@ $(window).on('load', function(){
     
     $.when(
         $.getJSON("./data.json"),
-        $.getJSON("/style.json")
+        $.getJSON("./style.json")
     ).done(function(datafile, stylefile) {
         loadCytoscape({
             wheelSensitivity: 0.1,
