Merge branch 'main' into feature/aws-neptune

BishopFox · Feb 27, 2024 · 15e0507 · 15e0507
2 parents 80c00f3 + 1ca5dbf
commit 15e0507
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 23 deletions.
diff --git a/aws/env-vars.go b/aws/env-vars.go
@@ -836,7 +836,7 @@ func (m *EnvsModule) interestingEnvVarsOnly() [][]string {
 	for _, envVar := range m.EnvironmentVariables {
 		if envVar.interesting {
 			interestingBody = append(
-				m.output.Body, []string{
+				interestingBody, []string{
 					aws.ToString(m.Caller.Account),
 					envVar.service,
 					envVar.region,

diff --git a/aws/role-trusts.go b/aws/role-trusts.go
@@ -241,33 +241,34 @@ func (m *RoleTrustsModule) printPrincipalTrusts(outputDirectory string) ([]strin
 	for _, role := range m.AnalyzedRoles {
 		for _, statement := range role.trustsDoc.Statement {
 			for _, principal := range statement.Principal.AWS {
-				if strings.Contains(principal, ":root") {
-					//check to see if the accountID is known
+				//check to see if the accountID is known
+				if strings.Contains(principal, "arn:aws:iam::") || strings.Contains(principal, "root") {
 					accountID := strings.Split(principal, ":")[4]
 					vendorName := m.vendors.GetVendorNameFromAccountID(accountID)
 					if vendorName != "" {
 						principal = fmt.Sprintf("%s (%s)", principal, vendorName)
 					}
+				}
 
-					RoleTrustRow := RoleTrustRow{
-						RoleARN:          aws.ToString(role.roleARN),
-						RoleName:         GetResourceNameFromArn(aws.ToString(role.roleARN)),
-						TrustedPrincipal: principal,
-						ExternalID:       statement.Condition.StringEquals.StsExternalID,
-						IsAdmin:          role.Admin,
-						CanPrivEsc:       role.CanPrivEsc,
-					}
-					body = append(body, []string{
-						aws.ToString(m.Caller.Account),
-						RoleTrustRow.RoleARN,
-						RoleTrustRow.RoleName,
-						RoleTrustRow.TrustedPrincipal,
-						RoleTrustRow.ExternalID,
-						RoleTrustRow.IsAdmin,
-						RoleTrustRow.CanPrivEsc})
+				RoleTrustRow := RoleTrustRow{
+					RoleARN:          aws.ToString(role.roleARN),
+					RoleName:         GetResourceNameFromArn(aws.ToString(role.roleARN)),
+					TrustedPrincipal: principal,
+					ExternalID:       statement.Condition.StringEquals.StsExternalID,
+					IsAdmin:          role.Admin,
+					CanPrivEsc:       role.CanPrivEsc,
 				}
+				body = append(body, []string{
+					aws.ToString(m.Caller.Account),
+					RoleTrustRow.RoleARN,
+					RoleTrustRow.RoleName,
+					RoleTrustRow.TrustedPrincipal,
+					RoleTrustRow.ExternalID,
+					RoleTrustRow.IsAdmin,
+					RoleTrustRow.CanPrivEsc})
 			}
 		}
+
 	}
 
 	m.sortTrustsTablePerTrustedPrincipal()

diff --git a/aws/sdk/apigateway.go b/aws/sdk/apigateway.go
@@ -9,6 +9,7 @@ import (
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/apigateway"
 	apiGatewayTypes "github.com/aws/aws-sdk-go-v2/service/apigateway/types"
+	"github.com/patrickmn/go-cache"
 )
 
 type APIGatewayClientInterface interface {
@@ -66,7 +67,7 @@ func CachedApiGatewayGetRestAPIs(client APIGatewayClientInterface, accountID str
 		}
 		PaginationControl = GetRestApis.Position
 	}
-
+	internal.Cache.Set(cacheKey, restAPIs, cache.DefaultExpiration)
 	return restAPIs, nil
 }
 
@@ -92,6 +93,7 @@ func CachedApiGatewayGetStages(client APIGatewayClientInterface, accountID strin
 		return apigateway.GetStagesOutput{}, err
 	}
 
+	internal.Cache.Set(cacheKey, GetStages, cache.DefaultExpiration)
 	return *GetStages, err
 }
 
@@ -129,7 +131,7 @@ func CachedApiGatewayGetResources(client APIGatewayClientInterface, accountID st
 		}
 		PaginationControl = GetResources.Position
 	}
-
+	internal.Cache.Set(cacheKey, resources, cache.DefaultExpiration)
 	return resources, nil
 }
 
@@ -166,7 +168,7 @@ func CachedApiGatewayGetDomainNames(client APIGatewayClientInterface, accountID
 		}
 		PaginationControl = GetDomainNames.Position
 	}
-
+	internal.Cache.Set(cacheKey, domainNames, cache.DefaultExpiration)
 	return domainNames, nil
 }
 
@@ -204,7 +206,7 @@ func CachedApiGatewayGetBasePathMappings(client APIGatewayClientInterface, accou
 		}
 		PaginationControl = GetBasePathMappings.Position
 	}
-
+	internal.Cache.Set(cacheKey, basePathMappings, cache.DefaultExpiration)
 	return basePathMappings, nil
 }
 
@@ -233,6 +235,7 @@ func CachedApiGatewayGetMethod(client APIGatewayClientInterface, accountID strin
 		return apigateway.GetMethodOutput{}, err
 	}
 
+	internal.Cache.Set(cacheKey, GetMethod, cache.DefaultExpiration)
 	return *GetMethod, nil
 
 }
@@ -271,6 +274,7 @@ func CachedApiGatewayGetUsagePlans(client APIGatewayClientInterface, accountID s
 		PaginationControl = GetUsagePlans.Position
 	}
 
+	internal.Cache.Set(cacheKey, usagePlans, cache.DefaultExpiration)
 	return usagePlans, nil
 }
 
@@ -309,5 +313,6 @@ func CachedApiGatewayGetUsagePlanKeys(client APIGatewayClientInterface, accountI
 		PaginationControl = GetUsagePlanKeys.Position
 	}
 
+	internal.Cache.Set(cacheKey, usagePlanKeys, cache.DefaultExpiration)
 	return usagePlanKeys, nil
 }