From 3dfca9c9ddbb7ebc40431b06bf8ead55df7fc149 Mon Sep 17 00:00:00 2001 From: Toni de la Fuente Date: Thu, 8 Apr 2021 00:14:24 +0200 Subject: [PATCH] Improved html output with scoring information --- include/html_report | 34 +++++++++++++++++++++++++++++----- include/os_detector | 18 ++++++++++++++++++ include/scoring | 31 +++++++++++++++++++------------ 3 files changed, 66 insertions(+), 17 deletions(-) diff --git a/include/html_report b/include/html_report index 2dc2ae4b..42db8626 100644 --- a/include/html_report +++ b/include/html_report @@ -55,18 +55,18 @@ addHtmlHeader() { display: none; } - Prowler - AWS Security Assesments + Prowler - AWS Security Assessments
- Report Information + Report Information:
  • @@ -90,10 +90,10 @@ addHtmlHeader() {
-
+
- Assesment Summary + Assessment Summary:
  • @@ -114,6 +114,30 @@ addHtmlHeader() {
+
+
+
+ Scoring Information: +
+
    +
  • + Prowler Score: PROWLER_SCORE% +
    • +
  • + Total Resources: TOTAL_RESOURCES +
    • +
  • + Passed: PASS_COUNTER +
    • +
  • + Failed: FAIL_COUNTER +
    • +
  • + Total Checks Executed: CHECKS_COUNTER +
    • +
+
+
diff --git a/include/os_detector b/include/os_detector index a6667cbe..80329338 100644 --- a/include/os_detector +++ b/include/os_detector @@ -139,6 +139,14 @@ bsd_test_tcp_connectivity() { nc -z -G $TIMEOUT $HOST $PORT >/dev/null 2>&1 && echo "200" || echo "000" } +gnu_replace_sed(){ + sed -i $1 $2 +} + +bsd_replace_sed(){ + sed -i '' $1 $2 +} + # Functions to manage dates depending on OS if [ "$OSTYPE" == "linux-gnu" ] || [ "$OSTYPE" == "linux-musl" ]; then TEMP_REPORT_FILE=$(mktemp -t -p /tmp prowler.cred_report-XXXXXX) @@ -171,6 +179,10 @@ if [ "$OSTYPE" == "linux-gnu" ] || [ "$OSTYPE" == "linux-musl" ]; then convert_date_to_timestamp() { gnu_convert_date_to_timestamp "$1" } + replace_sed() { + gnu_replace_sed $1 $2 + } + elif [[ "$OSTYPE" == "darwin"* ]] || [[ "$OSTYPE" == "freebsd"* ]]; then # BSD/OSX commands compatibility TEMP_REPORT_FILE=$(mktemp -t prowler.cred_report-XXXXXX) @@ -244,6 +256,9 @@ elif [[ "$OSTYPE" == "darwin"* ]] || [[ "$OSTYPE" == "freebsd"* ]]; then test_tcp_connectivity() { bsd_test_tcp_connectivity "$1" "$2" "$3" } + replace_sed() { + bsd_replace_sed $1 $2 + } elif [[ "$OSTYPE" == "cygwin" ]]; then # POSIX compatibility layer and Linux environment emulation for Windows TEMP_REPORT_FILE=$(mktemp -t -p /tmp prowler.cred_report-XXXXXX) @@ -274,6 +289,9 @@ elif [[ "$OSTYPE" == "cygwin" ]]; then convert_date_to_timestamp() { gnu_convert_date_to_timestamp "$1" } + replace_sed() { + gnu_replace_sed $1 $2 + } else echo "Unknown Operating System! Valid \$OSTYPE: linux-gnu, linux-musl, darwin* or cygwin" echo "Found: $OSTYPE" diff --git a/include/scoring b/include/scoring index a46b4d77..b6fc7f08 100644 --- a/include/scoring +++ b/include/scoring @@ -13,19 +13,19 @@ # Scoring POC scoring(){ + if [[ ! $PASS_COUNTER ]]; then + PASS_COUNTER=0 + fi + if [[ ! $FAIL_COUNTER ]]; then + FAIL_COUNTER=0 + fi + + # TOTAL_RESOURCES=$(awk "BEGIN {print $FAIL_COUNTER+$PASS_COUNTER; exit}") + TOTAL_RESOURCES=$(($FAIL_COUNTER + $PASS_COUNTER)) + # Score is % of passed compared to failures. The higher score, the better + PROWLER_SCORE=$(( $PASS_COUNTER * 100 / $TOTAL_RESOURCES )) + if [[ $SCORING == "1" ]]; then - if [[ ! $PASS_COUNTER ]]; then - PASS_COUNTER=0 - fi - if [[ ! $FAIL_COUNTER ]]; then - FAIL_COUNTER=0 - fi - - # TOTAL_RESOURCES=$(awk "BEGIN {print $FAIL_COUNTER+$PASS_COUNTER; exit}") - TOTAL_RESOURCES=$(($FAIL_COUNTER + $PASS_COUNTER)) - # Score is % of passed compared to failures. The higher score, the better - PROWLER_SCORE=$(( $PASS_COUNTER * 100 / $TOTAL_RESOURCES )) - echo -e "$BLUE------------------------------------------------------------------ $NORMAL" echo -e "$CYAN _" echo -e " _ __ _ __ _____ _| | ___ _ __" @@ -49,5 +49,12 @@ scoring(){ echo -e "$BLUE------------------------------------------------------------------ $NORMAL" echo -e " * the highest the better (0 to 100)$NORMAL" echo -e " Prowler scoring uses any check, including CIS not scored checks$NORMAL" + fi + if [[ "${MODES[@]}" =~ "html" ]]; then + replace_sed 's/PROWLER_SCORE/'$PROWLER_SCORE'/g' ${OUTPUT_FILE_NAME}.$EXTENSION_HTML + replace_sed 's/PASS_COUNTER/'$PASS_COUNTER'/g' ${OUTPUT_FILE_NAME}.$EXTENSION_HTML + replace_sed 's/TOTAL_RESOURCES/'$TOTAL_RESOURCES'/g' ${OUTPUT_FILE_NAME}.$EXTENSION_HTML + replace_sed 's/FAIL_COUNTER/'$FAIL_COUNTER'/g' ${OUTPUT_FILE_NAME}.$EXTENSION_HTML + replace_sed 's/CHECKS_COUNTER/'$CHECKS_COUNTER'/g' ${OUTPUT_FILE_NAME}.$EXTENSION_HTML fi }