From 4d6d58ef91d1d3f9f5c9fcd3fcdebabd7b3f77e5 Mon Sep 17 00:00:00 2001 From: Pepe Fagoaga Date: Thu, 28 Sep 2023 17:13:17 +0200 Subject: [PATCH] fix(autoscaling_find_secrets_ec2_launch_configuration): Fix UnicodeDecodeError (#2870) --- ...g_find_secrets_ec2_launch_configuration.py | 10 ++- ...d_secrets_ec2_launch_configuration_test.py | 60 +++++++++++++++++- .../fixtures/fixture | 0 .../fixtures/fixture.gz | Bin 0 -> 93 bytes .../ec2_instance_secrets_user_data_test.py | 52 ++++++++++++++- .../fixtures/fixture | 0 .../fixtures/fixture.gz | Bin 0 -> 93 bytes 7 files changed, 119 insertions(+), 3 deletions(-) rename {prowler => tests}/providers/aws/services/autoscaling/autoscaling_find_secrets_ec2_launch_configuration/fixtures/fixture (100%) create mode 100644 tests/providers/aws/services/autoscaling/autoscaling_find_secrets_ec2_launch_configuration/fixtures/fixture.gz rename {prowler => tests}/providers/aws/services/ec2/ec2_instance_secrets_user_data/fixtures/fixture (100%) create mode 100644 tests/providers/aws/services/ec2/ec2_instance_secrets_user_data/fixtures/fixture.gz diff --git a/prowler/providers/aws/services/autoscaling/autoscaling_find_secrets_ec2_launch_configuration/autoscaling_find_secrets_ec2_launch_configuration.py b/prowler/providers/aws/services/autoscaling/autoscaling_find_secrets_ec2_launch_configuration/autoscaling_find_secrets_ec2_launch_configuration.py index e86568e5..ed6c94e0 100644 --- a/prowler/providers/aws/services/autoscaling/autoscaling_find_secrets_ec2_launch_configuration/autoscaling_find_secrets_ec2_launch_configuration.py +++ b/prowler/providers/aws/services/autoscaling/autoscaling_find_secrets_ec2_launch_configuration/autoscaling_find_secrets_ec2_launch_configuration.py @@ -1,5 +1,6 @@ import os import tempfile +import zlib from base64 import b64decode from detect_secrets import SecretsCollection @@ -22,7 +23,14 @@ class autoscaling_find_secrets_ec2_launch_configuration(Check): if configuration.user_data: temp_user_data_file = tempfile.NamedTemporaryFile(delete=False) - user_data = b64decode(configuration.user_data).decode("utf-8") + user_data = b64decode(configuration.user_data) + + if user_data[0:2] == b"\x1f\x8b": # GZIP magic number + user_data = zlib.decompress(user_data, zlib.MAX_WBITS | 32).decode( + "utf-8" + ) + else: + user_data = user_data.decode("utf-8") temp_user_data_file.write( bytes(user_data, encoding="raw_unicode_escape") diff --git a/tests/providers/aws/services/autoscaling/autoscaling_find_secrets_ec2_launch_configuration/autoscaling_find_secrets_ec2_launch_configuration_test.py b/tests/providers/aws/services/autoscaling/autoscaling_find_secrets_ec2_launch_configuration/autoscaling_find_secrets_ec2_launch_configuration_test.py index a8620eba..bb24d250 100644 --- a/tests/providers/aws/services/autoscaling/autoscaling_find_secrets_ec2_launch_configuration/autoscaling_find_secrets_ec2_launch_configuration_test.py +++ b/tests/providers/aws/services/autoscaling/autoscaling_find_secrets_ec2_launch_configuration/autoscaling_find_secrets_ec2_launch_configuration_test.py @@ -1,3 +1,5 @@ +from os import path +from pathlib import Path from unittest import mock from boto3 import client, session @@ -9,6 +11,9 @@ from prowler.providers.common.models import Audit_Metadata AWS_REGION = "us-east-1" AWS_ACCOUNT_NUMBER = "123456789012" +ACTUAL_DIRECTORY = Path(path.dirname(path.realpath(__file__))) +FIXTURES_DIR_NAME = "fixtures" + class Test_autoscaling_find_secrets_ec2_launch_configuration: def set_mocked_audit_info(self): @@ -168,7 +173,7 @@ class Test_autoscaling_find_secrets_ec2_launch_configuration: def test_one_autoscaling_file_with_secrets(self): # Include launch_configurations to check f = open( - "prowler/providers/aws/services/autoscaling/autoscaling_find_secrets_ec2_launch_configuration/fixtures/fixture", + f"{ACTUAL_DIRECTORY}/{FIXTURES_DIR_NAME}/fixture", "r", ) secrets = f.read() @@ -261,3 +266,56 @@ class Test_autoscaling_find_secrets_ec2_launch_configuration: assert result[0].resource_id == launch_configuration_name assert result[0].resource_arn == launch_configuration_arn assert result[0].region == AWS_REGION + + @mock_autoscaling + def test_one_autoscaling_file_with_secrets_gzip(self): + # Include launch_configurations to check + f = open( + f"{ACTUAL_DIRECTORY}/{FIXTURES_DIR_NAME}/fixture.gz", + "rb", + ) + + secrets = f.read() + launch_configuration_name = "tester" + autoscaling_client = client("autoscaling", region_name=AWS_REGION) + autoscaling_client.create_launch_configuration( + LaunchConfigurationName="tester", + ImageId="ami-12c6146b", + InstanceType="t1.micro", + KeyName="the_keys", + SecurityGroups=["default", "default2"], + UserData=secrets, + ) + launch_configuration_arn = autoscaling_client.describe_launch_configurations( + LaunchConfigurationNames=[launch_configuration_name] + )["LaunchConfigurations"][0]["LaunchConfigurationARN"] + + from prowler.providers.aws.services.autoscaling.autoscaling_service import ( + AutoScaling, + ) + + current_audit_info = self.set_mocked_audit_info() + + with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( + "prowler.providers.aws.services.autoscaling.autoscaling_find_secrets_ec2_launch_configuration.autoscaling_find_secrets_ec2_launch_configuration.autoscaling_client", + new=AutoScaling(current_audit_info), + ): + from prowler.providers.aws.services.autoscaling.autoscaling_find_secrets_ec2_launch_configuration.autoscaling_find_secrets_ec2_launch_configuration import ( + autoscaling_find_secrets_ec2_launch_configuration, + ) + + check = autoscaling_find_secrets_ec2_launch_configuration() + result = check.execute() + + assert len(result) == 1 + assert result[0].status == "FAIL" + assert ( + result[0].status_extended + == f"Potential secret found in autoscaling {launch_configuration_name} User Data." + ) + assert result[0].resource_id == launch_configuration_name + assert result[0].resource_arn == launch_configuration_arn + assert result[0].region == AWS_REGION diff --git a/prowler/providers/aws/services/autoscaling/autoscaling_find_secrets_ec2_launch_configuration/fixtures/fixture b/tests/providers/aws/services/autoscaling/autoscaling_find_secrets_ec2_launch_configuration/fixtures/fixture similarity index 100% rename from prowler/providers/aws/services/autoscaling/autoscaling_find_secrets_ec2_launch_configuration/fixtures/fixture rename to tests/providers/aws/services/autoscaling/autoscaling_find_secrets_ec2_launch_configuration/fixtures/fixture diff --git a/tests/providers/aws/services/autoscaling/autoscaling_find_secrets_ec2_launch_configuration/fixtures/fixture.gz b/tests/providers/aws/services/autoscaling/autoscaling_find_secrets_ec2_launch_configuration/fixtures/fixture.gz new file mode 100644 index 0000000000000000000000000000000000000000..6120fcfbc43b6f852eee6457e370abb2dc7ba9a4 GIT binary patch literal 93 zcmb2|=HL)?KbXwGoR(QpQd*SCP+Zu>U%&ZJ0|5I%A`bun literal 0 HcmV?d00001 diff --git a/tests/providers/aws/services/ec2/ec2_instance_secrets_user_data/ec2_instance_secrets_user_data_test.py b/tests/providers/aws/services/ec2/ec2_instance_secrets_user_data/ec2_instance_secrets_user_data_test.py index fc7155f2..cd9c8833 100644 --- a/tests/providers/aws/services/ec2/ec2_instance_secrets_user_data/ec2_instance_secrets_user_data_test.py +++ b/tests/providers/aws/services/ec2/ec2_instance_secrets_user_data/ec2_instance_secrets_user_data_test.py @@ -1,3 +1,5 @@ +from os import path +from pathlib import Path from unittest import mock from boto3 import resource, session @@ -10,6 +12,9 @@ AWS_REGION = "us-east-1" EXAMPLE_AMI_ID = "ami-12c6146b" AWS_ACCOUNT_NUMBER = "123456789012" +ACTUAL_DIRECTORY = Path(path.dirname(path.realpath(__file__))) +FIXTURES_DIR_NAME = "fixtures" + class Test_ec2_instance_secrets_user_data: def set_mocked_audit_info(self): @@ -154,7 +159,7 @@ class Test_ec2_instance_secrets_user_data: def test_one_ec2_file_with_secrets(self): # Include launch_configurations to check f = open( - "prowler/providers/aws/services/ec2/ec2_instance_secrets_user_data/fixtures/fixture", + f"{ACTUAL_DIRECTORY}/{FIXTURES_DIR_NAME}/fixture", "r", ) secrets = f.read() @@ -233,3 +238,48 @@ class Test_ec2_instance_secrets_user_data: ) assert result[0].resource_tags is None assert result[0].region == AWS_REGION + + @mock_ec2 + def test_one_ec2_file_with_secrets_gzip(self): + # Include launch_configurations to check + f = open( + f"{ACTUAL_DIRECTORY}/{FIXTURES_DIR_NAME}/fixture.gz", + "rb", + ) + secrets = f.read() + ec2 = resource("ec2", region_name=AWS_REGION) + instance = ec2.create_instances( + ImageId=EXAMPLE_AMI_ID, MinCount=1, MaxCount=1, UserData=secrets + )[0] + + from prowler.providers.aws.services.ec2.ec2_service import EC2 + + current_audit_info = self.set_mocked_audit_info() + + with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( + "prowler.providers.aws.services.ec2.ec2_instance_secrets_user_data.ec2_instance_secrets_user_data.ec2_client", + new=EC2(current_audit_info), + ): + from prowler.providers.aws.services.ec2.ec2_instance_secrets_user_data.ec2_instance_secrets_user_data import ( + ec2_instance_secrets_user_data, + ) + + check = ec2_instance_secrets_user_data() + result = check.execute() + + assert len(result) == 1 + assert result[0].status == "FAIL" + assert ( + result[0].status_extended + == f"Potential secret found in EC2 instance {instance.id} User Data -> Secret Keyword on line 1, Hex High Entropy String on line 3, Secret Keyword on line 3, Secret Keyword on line 4." + ) + assert result[0].resource_id == instance.id + assert ( + result[0].resource_arn + == f"arn:{current_audit_info.audited_partition}:ec2:{AWS_REGION}:{current_audit_info.audited_account}:instance/{instance.id}" + ) + assert result[0].resource_tags is None + assert result[0].region == AWS_REGION diff --git a/prowler/providers/aws/services/ec2/ec2_instance_secrets_user_data/fixtures/fixture b/tests/providers/aws/services/ec2/ec2_instance_secrets_user_data/fixtures/fixture similarity index 100% rename from prowler/providers/aws/services/ec2/ec2_instance_secrets_user_data/fixtures/fixture rename to tests/providers/aws/services/ec2/ec2_instance_secrets_user_data/fixtures/fixture diff --git a/tests/providers/aws/services/ec2/ec2_instance_secrets_user_data/fixtures/fixture.gz b/tests/providers/aws/services/ec2/ec2_instance_secrets_user_data/fixtures/fixture.gz new file mode 100644 index 0000000000000000000000000000000000000000..6120fcfbc43b6f852eee6457e370abb2dc7ba9a4 GIT binary patch literal 93 zcmb2|=HL)?KbXwGoR(QpQd*SCP+Zu>U%&ZJ0|5I%A`bun literal 0 HcmV?d00001