Merge remote-tracking branch 'upstream/main' into enhance-ci-workflow

isotope-rs · Nov 21, 2023 · f14cfaf · f14cfaf
2 parents 71a5537 + 22201b7
commit f14cfaf
Show file tree

Hide file tree

Showing 13 changed files with 186 additions and 198 deletions.
diff --git a/src/analyze/mod.rs b/src/analyze/mod.rs
@@ -3,11 +3,11 @@ use crate::analyzer::types::AnalysisResults;
 use crate::config::Conf;
 use crate::{analyzer, bedrock, utils};
 use crate::{config, outputs};
-use aws_config::meta::region::{RegionProviderChain};
+use aws_config::meta::region::RegionProviderChain;
 use colored::Colorize;
+use indicatif::{MultiProgress, ProgressBar, ProgressStyle};
 use std::collections::hash_map::Entry;
 use std::collections::HashMap;
-use indicatif::{MultiProgress, ProgressBar, ProgressStyle};
 use std::error::Error;
 use std::sync::mpsc;
 use std::sync::mpsc::{Receiver, Sender};
@@ -115,7 +115,6 @@ pub async fn run_analysis(
                     }
                 }));
             }
-
         }
     }
 

diff --git a/src/analyzer/ebs_analyzer.rs b/src/analyzer/ebs_analyzer.rs
@@ -1,15 +1,13 @@
-
-use aws_types::sdk_config::SdkConfig;
 use crate::analyzer::analyzer_trait;
 use crate::analyzer::analyzer_trait::Analyzer;
 use crate::analyzer::types::AnalysisResults;
+use crate::utils;
 use async_trait::async_trait;
 use aws_sdk_ec2;
-use crate::utils;
-
+use aws_types::sdk_config::SdkConfig;
 
 pub struct EbsAnalyzer {
-    pub config: SdkConfig
+    pub config: SdkConfig,
 }
 
 #[async_trait]

diff --git a/src/analyzer/ec2_snapshot_analyzer.rs b/src/analyzer/ec2_snapshot_analyzer.rs
@@ -1,53 +1,61 @@
-
-use aws_types::sdk_config::SdkConfig;
 use crate::analyzer::analyzer_trait;
 use crate::analyzer::analyzer_trait::Analyzer;
 use crate::analyzer::types::AnalysisResults;
 use async_trait::async_trait;
 use aws_sdk_ec2;
 use aws_sdk_ec2::types::{Filter, PermissionGroup, SnapshotAttributeName};
+use aws_types::sdk_config::SdkConfig;
 
 pub struct EC2SnapshotAnalyzer {
-	pub config: SdkConfig
+    pub config: SdkConfig,
 }
 
 #[async_trait]
 impl analyzer_trait::Analyzer for EC2SnapshotAnalyzer {
-	async fn run(&self) -> Option<Vec<AnalysisResults>> {
-		let mut results = Vec::new();
-		let ec2 = aws_sdk_ec2::Client::new(&self.config);
-
-		// Filter to include only your snapshots if needed
-		let filter = Filter::builder().set_name(Some("owner-id".to_string())).build();
-
-		if let Ok(snapshots) = ec2.describe_snapshots().set_filters(Some(vec![filter])).send().await {
-			for snapshot in snapshots.snapshots.unwrap_or_default() {
-				let snapshot_id = snapshot.snapshot_id.clone().unwrap();
-
-				// Check if the snapshot is public
-				let attributes = ec2.describe_snapshot_attribute()
-					.attribute(SnapshotAttributeName::CreateVolumePermission)
-					.snapshot_id(&snapshot_id)
-					.send().await;
-
-				if let Ok(attrs) = attributes {
-					for perm in attrs.create_volume_permissions.unwrap_or_default() {
-						if perm.group == Some(PermissionGroup::All) {
-							results.push(AnalysisResults {
+    async fn run(&self) -> Option<Vec<AnalysisResults>> {
+        let mut results = Vec::new();
+        let ec2 = aws_sdk_ec2::Client::new(&self.config);
+
+        // Filter to include only your snapshots if needed
+        let filter = Filter::builder()
+            .set_name(Some("owner-id".to_string()))
+            .build();
+
+        if let Ok(snapshots) = ec2
+            .describe_snapshots()
+            .set_filters(Some(vec![filter]))
+            .send()
+            .await
+        {
+            for snapshot in snapshots.snapshots.unwrap_or_default() {
+                let snapshot_id = snapshot.snapshot_id.clone().unwrap();
+
+                // Check if the snapshot is public
+                let attributes = ec2
+                    .describe_snapshot_attribute()
+                    .attribute(SnapshotAttributeName::CreateVolumePermission)
+                    .snapshot_id(&snapshot_id)
+                    .send()
+                    .await;
+
+                if let Ok(attrs) = attributes {
+                    for perm in attrs.create_volume_permissions.unwrap_or_default() {
+                        if perm.group == Some(PermissionGroup::All) {
+                            results.push(AnalysisResults {
 								message: format!("Public EC2 Snapshot: {}", snapshot_id),
 								advice: "Consider making this snapshot private if it contains sensitive data.".to_string(),
 								analyzer_name: self.get_name(),
 							});
-						}
-					}
-				}
-			}
-		}
-
-		Some(results)
-	}
-
-	fn get_name(&self) -> String {
-		"ec2_snapshot".to_string()
-	}
-}
+                        }
+                    }
+                }
+            }
+        }
+
+        Some(results)
+    }
+
+    fn get_name(&self) -> String {
+        "ec2_snapshot".to_string()
+    }
+}
diff --git a/src/analyzer/eip_analzyer.rs b/src/analyzer/eip_analzyer.rs
@@ -1,41 +1,40 @@
-
-use aws_types::sdk_config::SdkConfig;
 use crate::analyzer::analyzer_trait;
 use crate::analyzer::analyzer_trait::Analyzer;
 use crate::analyzer::types::AnalysisResults;
 use async_trait::async_trait;
 use aws_sdk_ec2;
-
+use aws_types::sdk_config::SdkConfig;
 
 pub struct EipAnalyzer {
-	pub config: SdkConfig
+    pub config: SdkConfig,
 }
 #[async_trait]
 impl analyzer_trait::Analyzer for EipAnalyzer {
-	async fn run(&self) -> Option<Vec<AnalysisResults>> {
-		let mut results = Vec::new();
-		let ec2 = aws_sdk_ec2::Client::new(&self.config);
+    async fn run(&self) -> Option<Vec<AnalysisResults>> {
+        let mut results = Vec::new();
+        let ec2 = aws_sdk_ec2::Client::new(&self.config);
 
-		if let Ok(addresses) = ec2.describe_addresses().send().await {
-			for address in addresses.addresses.unwrap_or_default() {
-				// Check if the Elastic IP is not associated
-				if address.association_id.is_none() {
-					results.push(AnalysisResults {
-						message: format!(
-							"Unused Elastic IP: {}",
-							address.public_ip.clone().unwrap()
-						),
-						advice: "Consider releasing unused Elastic IPs to avoid charges.".to_string(),
-						analyzer_name: self.get_name(),
-					});
-				}
-			}
-		}
+        if let Ok(addresses) = ec2.describe_addresses().send().await {
+            for address in addresses.addresses.unwrap_or_default() {
+                // Check if the Elastic IP is not associated
+                if address.association_id.is_none() {
+                    results.push(AnalysisResults {
+                        message: format!(
+                            "Unused Elastic IP: {}",
+                            address.public_ip.clone().unwrap()
+                        ),
+                        advice: "Consider releasing unused Elastic IPs to avoid charges."
+                            .to_string(),
+                        analyzer_name: self.get_name(),
+                    });
+                }
+            }
+        }
 
-		Some(results)
-	}
+        Some(results)
+    }
 
-	fn get_name(&self) -> String {
-		"eip".to_string()
-	}
-}
+    fn get_name(&self) -> String {
+        "eip".to_string()
+    }
+}
diff --git a/src/analyzer/mod.rs b/src/analyzer/mod.rs
@@ -3,37 +3,37 @@ use aws_types::sdk_config::SdkConfig;
 
 pub mod analyzer_trait;
 mod ebs_analyzer;
+mod ec2_snapshot_analyzer;
+mod eip_analzyer;
 mod rds_analyzer;
 mod s3_analyzer;
+mod sg_analyzer;
 mod sts_analyzer;
 pub(crate) mod types;
-mod sg_analyzer;
-mod eip_analzyer;
-mod ec2_snapshot_analyzer;
 
 pub fn generate_analyzers(config: &SdkConfig) -> Vec<Box<dyn Analyzer>> {
     let analyzers: Vec<Box<dyn Analyzer>> = vec![
         Box::new(s3_analyzer::S3Analyzer {
-            config: config.clone()
+            config: config.clone(),
         }),
         Box::new(sts_analyzer::STSAnalyzer {
-            config: config.clone()
+            config: config.clone(),
         }),
         Box::new(rds_analyzer::RDSAnalyzer {
-            config: config.clone()
+            config: config.clone(),
         }),
         Box::new(ebs_analyzer::EbsAnalyzer {
-            config: config.clone()
+            config: config.clone(),
         }),
         Box::new(sg_analyzer::SecurityGroupsAnalyzer {
-            config: config.clone()
+            config: config.clone(),
         }),
         Box::new(eip_analzyer::EipAnalyzer {
-            config: config.clone()
+            config: config.clone(),
         }),
         Box::new(ec2_snapshot_analyzer::EC2SnapshotAnalyzer {
-            config: config.clone()
-        })
+            config: config.clone(),
+        }),
     ];
     analyzers
 }
diff --git a/src/analyzer/rds_analyzer.rs b/src/analyzer/rds_analyzer.rs
@@ -1,16 +1,13 @@
-
 use crate::analyzer::analyzer_trait;
-use aws_types::sdk_config::SdkConfig;
 use crate::analyzer::analyzer_trait::Analyzer;
 use crate::analyzer::types::AnalysisResults;
+use crate::utils;
 use async_trait::async_trait;
 use aws_sdk_rds;
-use crate::utils;
-
-
+use aws_types::sdk_config::SdkConfig;
 
 pub struct RDSAnalyzer {
-    pub config: SdkConfig
+    pub config: SdkConfig,
 }
 #[async_trait]
 impl analyzer_trait::Analyzer for RDSAnalyzer {

diff --git a/src/analyzer/s3_analyzer.rs b/src/analyzer/s3_analyzer.rs
@@ -1,15 +1,12 @@
-
-use aws_types::sdk_config::SdkConfig;
 use crate::analyzer::analyzer_trait;
+use crate::analyzer::analyzer_trait::Analyzer;
 use crate::analyzer::types::AnalysisResults;
-use async_trait::async_trait;
 use crate::utils;
-use crate::analyzer::analyzer_trait::Analyzer;
+use async_trait::async_trait;
+use aws_types::sdk_config::SdkConfig;
 use serde::{Deserialize, Serialize};
 use serde_json::Value;
 
-
-
 #[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)]
 #[serde(rename_all = "camelCase")]
 pub struct Policy {
@@ -58,7 +55,7 @@ pub struct Bool {
 }
 
 pub struct S3Analyzer {
-    pub config: SdkConfig
+    pub config: SdkConfig,
 }
 #[async_trait]
 impl analyzer_trait::Analyzer for S3Analyzer {
@@ -75,14 +72,19 @@ impl analyzer_trait::Analyzer for S3Analyzer {
             for b in bucket {
                 let bucket_name = b.name.unwrap();
                 // Check if the S3 bucket ACL is publicly accessible.
-                if let Ok(acl_response)  = s3.get_bucket_acl().bucket(&bucket_name).send().await {
+                if let Ok(acl_response) = s3.get_bucket_acl().bucket(&bucket_name).send().await {
                     for grant in acl_response.grants {
                         if let Some(grantee) = grant.first() {
                             if grantee.clone().grantee.unwrap().uri
-                                == Some("http://acs.amazonaws.com/groups/global/AllUsers".to_string())
+                                == Some(
+                                    "http://acs.amazonaws.com/groups/global/AllUsers".to_string(),
+                                )
                             {
                                 results.push(AnalysisResults {
-                                    message: format!("Publicly accessible S3 bucket {}", &bucket_name),
+                                    message: format!(
+                                        "Publicly accessible S3 bucket {}",
+                                        &bucket_name
+                                    ),
                                     analyzer_name: self.get_name(),
                                     advice: "".to_string(),
                                 });
@@ -115,8 +117,7 @@ impl analyzer_trait::Analyzer for S3Analyzer {
                             Err(_e) => (),
                         }
                     }
-                    Err(_err) => (
-                        ),
+                    Err(_err) => (),
                 }
             }
         }
@@ -128,4 +129,3 @@ impl analyzer_trait::Analyzer for S3Analyzer {
         "s3".to_string()
     }
 }
-