From a71538716844fc2ac9b51e78199caac7d99e47c4 Mon Sep 17 00:00:00 2001 From: Alex Jones Date: Sat, 28 Oct 2023 20:02:11 +0100 Subject: [PATCH] feat: second analyzer active Signed-off-by: Alex Jones --- src/analyzer/mod.rs | 10 +++++--- src/analyzer/s3_analyzer.rs | 5 ---- src/analyzer/sts_analyzer.rs | 47 ++++++++++++++++++++++++++++++++++++ src/main.rs | 2 ++ src/outputs/mod.rs | 2 +- 5 files changed, 56 insertions(+), 10 deletions(-) create mode 100644 src/analyzer/sts_analyzer.rs diff --git a/src/analyzer/mod.rs b/src/analyzer/mod.rs index db71a96..a0dff29 100644 --- a/src/analyzer/mod.rs +++ b/src/analyzer/mod.rs @@ -4,10 +4,12 @@ use std::sync::Arc; pub mod analyzer_trait; mod s3_analyzer; pub(crate) mod types; +mod sts_analyzer; pub fn generate_analyzers<'a>(config: aws_config::SdkConfig) -> Vec> { - let analyzers: Vec> = vec![Box::new(s3_analyzer::S3Analyzer { - config: Arc::new(config), - })]; - analyzers + vec![Box::new(s3_analyzer::S3Analyzer { + config: Arc::new(config.clone()), + }),Box::new(sts_analyzer::STSAnalyzer{ + config: Arc::new(config.clone()), + })] } diff --git a/src/analyzer/s3_analyzer.rs b/src/analyzer/s3_analyzer.rs index 2ad22e1..1c465e6 100644 --- a/src/analyzer/s3_analyzer.rs +++ b/src/analyzer/s3_analyzer.rs @@ -1,7 +1,5 @@ -use std::collections::{BTreeMap, HashMap}; use crate::analyzer::analyzer_trait; use crate::analyzer::types::AnalysisResults; -use unescape::unescape; use async_trait::async_trait; use aws_sdk_s3; use colored::Colorize; @@ -114,9 +112,6 @@ impl analyzer_trait::Analyzer for S3Analyzer { }, Err(e) => () } - - - } Err(err) => () } diff --git a/src/analyzer/sts_analyzer.rs b/src/analyzer/sts_analyzer.rs new file mode 100644 index 0000000..6ee5408 --- /dev/null +++ b/src/analyzer/sts_analyzer.rs @@ -0,0 +1,47 @@ +use crate::analyzer::analyzer_trait; +use crate::analyzer::types::AnalysisResults; +use crate::utils; +use async_trait::async_trait; +use aws_sdk_iam; +use colored::Colorize; +use std::sync::Arc; +pub struct STSAnalyzer { + pub config: Arc, +} +#[async_trait] +impl analyzer_trait::Analyzer for STSAnalyzer { + async fn run(&self) -> Option> { + println!( + "{} {} {}", + "Running".green(), + "STS".blue(), + "analyzer".green() + ); + + let mut results = vec![AnalysisResults { + message: "".to_string(), + }]; + let iam = aws_sdk_iam::Client::new(&self.config.clone()); + let list_users_response = iam.list_users().send().await; + let users = list_users_response.unwrap().users.unwrap_or_default(); + for user in users { + let username = user.user_name.as_deref().unwrap_or_default(); + + // Use IAM to get user's MFA status + let mfa_devices_response = iam.list_mfa_devices().user_name(username).send().await; + let mfa_devices = mfa_devices_response.unwrap().mfa_devices.unwrap_or_default(); + + if mfa_devices.is_empty() { + results.push(AnalysisResults{ + message: format!("MFA is not enabled for user {}", username) + }); + } + } + + Some(results) + } + + fn get_name(&self) -> &str { + "sts" + } +} diff --git a/src/main.rs b/src/main.rs index 2f7455d..6d2870a 100644 --- a/src/main.rs +++ b/src/main.rs @@ -4,6 +4,8 @@ mod analyzer; mod config; mod outputs; +mod utils; + // const const CARGO_PKG_NAME: &str = "isotope"; const CARGO_PKG_DESCRIPTION: &str = "Isotope allows for the debugging of AWS services with AI"; diff --git a/src/outputs/mod.rs b/src/outputs/mod.rs index 29f7815..a73d91b 100644 --- a/src/outputs/mod.rs +++ b/src/outputs/mod.rs @@ -30,7 +30,7 @@ impl Processor { } fn print_text(&self) { for elem in self.analysis_results.iter().filter(|&x| !x.message.is_empty()) { - println!("{:?}", elem.message); + println!("{}", elem.message); } }