ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add get_regions function in order to call after assume_role @HG00

Browse Source 
Add get_regions function in order to call after assume_role @HG00
This commit is contained in:
Toni de la Fuente
2021-04-05 15:35:54 +02:00
committed by GitHub
parent c0f3265754 f6049a0597
commit abcd299559
1 changed files with 14 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
prowler
View File

@@ -254,23 +254,6 @@ unset AWS_DEFAULT_OUTPUT
. $PROWLER_DIR/include/securityhub_integration
. $PROWLER_DIR/include/junit_integration
if [[ $ACCOUNT_TO_ASSUME ]]; then
assume_role
fi
# Get list of regions based on include/whoami
REGIONS=$($AWSCLI ec2 describe-regions --query 'Regions[].RegionName' --output text $PROFILE_OPT --region $REGION_FOR_STS --region-names $FILTERREGION 2>&1)
if [[ $(echo "$REGIONS" | grep 'AccessDenied\|UnauthorizedOperation') ]]; then
if [[ $PRINTCHECKSONLY || $PRINTGROUPSONLY ]]; then
echo Listing...
else
# Failed to get own identity ... exit
echo "Access Denied trying to describe regions"
EXITCODE=1
exit $EXITCODE
fi
fi
# Pre-process whitelist file if supplied
if [[ -n "$WHITELIST_FILE" ]]; then
# ignore lines starting with # (comments)
@@ -308,6 +291,17 @@ done
# 6th character is the section number, 7th character onwards is the individual ID (e.g. check110 = check 1 10)
TOTAL_CHECKS=($(echo "${TOTAL_CHECKS[*]}" | tr ' ' '\n' | awk '!seen[$0]++' | sort -k 1.6,1.6n -k 1.7n))
# Function to get all regions
get_regions() {
# Get list of regions based on include/whoami
REGIONS=$($AWSCLI ec2 describe-regions --query 'Regions[].RegionName' --output text $PROFILE_OPT --region $REGION_FOR_STS --region-names $FILTERREGION 2>&1)
if [[ $(echo "$REGIONS" | grep 'AccessDenied\|UnauthorizedOperation') ]]; then
echo "Access Denied trying to describe regions"
EXITCODE=1
exit $EXITCODE
fi
}
# Function to show the title of the check, and optionally which group(s) it belongs to
# using this way instead of arrays to keep bash3 (osx) and bash4(linux) compatibility
show_check_title() {
@@ -586,6 +580,9 @@ if [[ $ACCOUNT_TO_ASSUME ]]; then
assume_role
fi
# List regions
get_regions
# Execute group of checks if called with -g
if [[ $GROUP_ID_READ ]];then
if [[ " ${GROUP_ID[@]} " =~ " ${GROUP_ID_READ} " ]]; then