mirror of
https://github.com/prowler-cloud/prowler.git
synced 2026-07-14 08:01:59 +00:00
da000b54ca
* fix(aws_profile_loader): New functions * fix(shellcheck): Temporary remove Shellcheck * fix(aws_cli_detector): new function * fix(jq_detector): New function * fix(os_detector): New function * fix(output_bucket): Output bucket input check in main * fix(python_detector): deleted unused python detector * fix(credentials): credentials check out of whoami * [break]refactor(main) * [BREAK] Get list of checks parsing all input options * [break]refactor(main): execute checks functions * [break]refactor(main): move functions to libs * fix(validations): custom check validation and typos * refactor(validate_options): Include comments * fix(custom_checks): Minor fixes * refactor(closing_files): include libraries * refactor(loader): Include ignored checks * refactor(main): Fix shellcheck * refactor(loader): beautify * refactor(monochrome): without variables * refactor(modes): MODES array not needed * refactor(whoami): get error from AWSCLI * refactor(secrets-detector) * refactor(secrets-detector) * fix(html_scoring): html scoring was fixed. * fix(load_checks_from_file) * fix(color-code): Print if not mono * fix(not extra): Fixed if EXCLUDE_CHECK_ID is empty * fix(IFS): Restore default IFS once modes are parsed * fix(bucket): validate before whoami * fix(bucket): validate before whoami Co-authored-by: n4ch04 <nachor1992@gmail.com> Co-authored-by: sergargar <sergio@verica.io> Co-authored-by: Nacho Rivera <59198746+n4ch04@users.noreply.github.com>
54 lines
2.5 KiB
Bash
54 lines
2.5 KiB
Bash
#!/usr/bin/env bash
|
|
|
|
# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
|
# use this file except in compliance with the License. You may obtain a copy
|
|
# of the License at http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software distributed
|
|
# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
|
|
# CONDITIONS OF ANY KIND, either express or implied. See the License for the
|
|
# specific language governing permissions and limitations under the License.
|
|
|
|
# detector and configuration of detect-secrets
|
|
secretsDetector(){
|
|
if ! command -v "detect-secrets" &>/dev/null
|
|
then
|
|
echo -e "\n$RED ERROR!$NORMAL python library detect-secrets not found. Make sure it is installed correctly and in your \$PATH\n"
|
|
EXITCODE=241
|
|
exit $EXITCODE
|
|
else
|
|
SECRETS_TEMP_FOLDER="$PROWLER_DIR/secrets-$ACCOUNT_NUM"
|
|
if [[ ! -d "${SECRETS_TEMP_FOLDER}" ]]; then
|
|
mkdir "${SECRETS_TEMP_FOLDER}"
|
|
fi
|
|
|
|
# Sets the entropy limit for high entropy base64 strings from environment variable BASE64_LIMIT.
|
|
# Value must be between 0.0 and 8.0, defaults is 4.5.
|
|
# Sets the entropy limit for high entropy hex strings from environment variable HEX_LIMIT.
|
|
# Value must be between 0.0 and 8.0, defaults is 3.0.
|
|
case $1 in
|
|
file )
|
|
# this is to scan a file
|
|
detect-secrets scan --hex-limit "${HEX_LIMIT:-3.0}" --base64-limit "${BASE64_LIMIT:-4.5}" "${2}" \
|
|
| jq -r '.results[]|.[] | [.line_number, .type]|@csv' \
|
|
| wc -l
|
|
# jq -r '.results[] | .[] | "\(.line_number)\t\(.type)"'
|
|
# this command must return values in two colums:
|
|
# line in file and type of secrets found
|
|
;;
|
|
string )
|
|
# this is to scan a given string
|
|
detect-secrets scan --hex-limit "${HEX_LIMIT:-3.0}" --base64-limit "${BASE64_LIMIT:-4.5}" --string "${2}" \
|
|
| grep True | wc -l
|
|
;;
|
|
folder )
|
|
# this is to scan a given folder with all lambda files
|
|
detect-secrets scan --hex-limit "${HEX_LIMIT:-3.0}" --base64-limit "${BASE64_LIMIT:-4.5}" --all-files "${2}" \
|
|
| jq -r '.results[]|.[] | [.line_number, .type]|@csv' | wc -l
|
|
;;
|
|
esac
|
|
fi
|
|
}
|