diff --git a/cloud-security-audit b/cloud-security-audit new file mode 100755 index 0000000..82e7569 Binary files /dev/null and b/cloud-security-audit differ diff --git a/cmd/root.go b/cmd/root.go index 3031b46..3d3a405 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -5,9 +5,8 @@ import ( "github.com/Appliscale/cloud-security-audit/configuration" "github.com/Appliscale/cloud-security-audit/csasession" - "github.com/Appliscale/cloud-security-audit/resource" - "github.com/Appliscale/cloud-security-audit/environment" + "github.com/Appliscale/cloud-security-audit/resource" "github.com/Appliscale/cloud-security-audit/scanner" "github.com/spf13/cobra" ) @@ -21,12 +20,21 @@ var rootCmd = &cobra.Command{ Short: "Scan for vulnerabilities in your AWS Account.", Long: `Scan for vulnerabilities in your AWS Account.`, Run: func(cmd *cobra.Command, args []string) { - if environment.CheckAWSConfigFiles(&config) { + _, ok := os.LookupEnv("AWS_LAMBDA_FUNCTION_NAME") // If csa is running on lambda then env will be available. In other case csa needs config files. + if !ok { + if environment.CheckAWSConfigFiles(&config) { + err := scanner.Run(&config) + if err != nil { + config.Logger.Error(err.Error()) + } + } + } else { err := scanner.Run(&config) if err != nil { config.Logger.Error(err.Error()) } } + }, } diff --git a/csasession/clientfactory/mocks/ec2client_mock.go b/csasession/clientfactory/mocks/ec2client_mock.go index d34f239..6541966 100644 --- a/csasession/clientfactory/mocks/ec2client_mock.go +++ b/csasession/clientfactory/mocks/ec2client_mock.go @@ -35,7 +35,6 @@ func (m *MockEC2Client) EXPECT() *MockEC2ClientMockRecorder { // DescribeInstances mocks base method func (m *MockEC2Client) DescribeInstances(input *ec2.DescribeInstancesInput) (*ec2.DescribeInstancesOutput, error) { - m.ctrl.T.Helper() ret := m.ctrl.Call(m, "DescribeInstances", input) ret0, _ := ret[0].(*ec2.DescribeInstancesOutput) ret1, _ := ret[1].(error) @@ -44,13 +43,11 @@ func (m *MockEC2Client) DescribeInstances(input *ec2.DescribeInstancesInput) (*e // DescribeInstances indicates an expected call of DescribeInstances func (mr *MockEC2ClientMockRecorder) DescribeInstances(input interface{}) *gomock.Call { - mr.mock.ctrl.T.Helper() return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DescribeInstances", reflect.TypeOf((*MockEC2Client)(nil).DescribeInstances), input) } // DescribeVolumes mocks base method func (m *MockEC2Client) DescribeVolumes(input *ec2.DescribeVolumesInput) (*ec2.DescribeVolumesOutput, error) { - m.ctrl.T.Helper() ret := m.ctrl.Call(m, "DescribeVolumes", input) ret0, _ := ret[0].(*ec2.DescribeVolumesOutput) ret1, _ := ret[1].(error) @@ -59,13 +56,11 @@ func (m *MockEC2Client) DescribeVolumes(input *ec2.DescribeVolumesInput) (*ec2.D // DescribeVolumes indicates an expected call of DescribeVolumes func (mr *MockEC2ClientMockRecorder) DescribeVolumes(input interface{}) *gomock.Call { - mr.mock.ctrl.T.Helper() return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DescribeVolumes", reflect.TypeOf((*MockEC2Client)(nil).DescribeVolumes), input) } // DescribeSecurityGroups mocks base method func (m *MockEC2Client) DescribeSecurityGroups(input *ec2.DescribeSecurityGroupsInput) (*ec2.DescribeSecurityGroupsOutput, error) { - m.ctrl.T.Helper() ret := m.ctrl.Call(m, "DescribeSecurityGroups", input) ret0, _ := ret[0].(*ec2.DescribeSecurityGroupsOutput) ret1, _ := ret[1].(error) @@ -74,13 +69,11 @@ func (m *MockEC2Client) DescribeSecurityGroups(input *ec2.DescribeSecurityGroups // DescribeSecurityGroups indicates an expected call of DescribeSecurityGroups func (mr *MockEC2ClientMockRecorder) DescribeSecurityGroups(input interface{}) *gomock.Call { - mr.mock.ctrl.T.Helper() return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DescribeSecurityGroups", reflect.TypeOf((*MockEC2Client)(nil).DescribeSecurityGroups), input) } // DescribeImages mocks base method func (m *MockEC2Client) DescribeImages(input *ec2.DescribeImagesInput) (*ec2.DescribeImagesOutput, error) { - m.ctrl.T.Helper() ret := m.ctrl.Call(m, "DescribeImages", input) ret0, _ := ret[0].(*ec2.DescribeImagesOutput) ret1, _ := ret[1].(error) @@ -89,13 +82,11 @@ func (m *MockEC2Client) DescribeImages(input *ec2.DescribeImagesInput) (*ec2.Des // DescribeImages indicates an expected call of DescribeImages func (mr *MockEC2ClientMockRecorder) DescribeImages(input interface{}) *gomock.Call { - mr.mock.ctrl.T.Helper() return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DescribeImages", reflect.TypeOf((*MockEC2Client)(nil).DescribeImages), input) } // DescribeSnapshots mocks base method func (m *MockEC2Client) DescribeSnapshots(input *ec2.DescribeSnapshotsInput) (*ec2.DescribeSnapshotsOutput, error) { - m.ctrl.T.Helper() ret := m.ctrl.Call(m, "DescribeSnapshots", input) ret0, _ := ret[0].(*ec2.DescribeSnapshotsOutput) ret1, _ := ret[1].(error) @@ -104,6 +95,5 @@ func (m *MockEC2Client) DescribeSnapshots(input *ec2.DescribeSnapshotsInput) (*e // DescribeSnapshots indicates an expected call of DescribeSnapshots func (mr *MockEC2ClientMockRecorder) DescribeSnapshots(input interface{}) *gomock.Call { - mr.mock.ctrl.T.Helper() return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DescribeSnapshots", reflect.TypeOf((*MockEC2Client)(nil).DescribeSnapshots), input) } diff --git a/csasession/clientfactory/mocks/iamclient_mock.go b/csasession/clientfactory/mocks/iamclient_mock.go index a56eda5..58d26d7 100644 --- a/csasession/clientfactory/mocks/iamclient_mock.go +++ b/csasession/clientfactory/mocks/iamclient_mock.go @@ -35,7 +35,6 @@ func (m *MockIAMClient) EXPECT() *MockIAMClientMockRecorder { // ListUsers mocks base method func (m *MockIAMClient) ListUsers(input *iam.GetAccountAuthorizationDetailsInput) (*iam.GetAccountAuthorizationDetailsOutput, error) { - m.ctrl.T.Helper() ret := m.ctrl.Call(m, "ListUsers", input) ret0, _ := ret[0].(*iam.GetAccountAuthorizationDetailsOutput) ret1, _ := ret[1].(error) @@ -44,13 +43,11 @@ func (m *MockIAMClient) ListUsers(input *iam.GetAccountAuthorizationDetailsInput // ListUsers indicates an expected call of ListUsers func (mr *MockIAMClientMockRecorder) ListUsers(input interface{}) *gomock.Call { - mr.mock.ctrl.T.Helper() return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListUsers", reflect.TypeOf((*MockIAMClient)(nil).ListUsers), input) } // ListAccessKeys mocks base method func (m *MockIAMClient) ListAccessKeys(input *iam.ListAccessKeysInput) (*iam.ListAccessKeysOutput, error) { - m.ctrl.T.Helper() ret := m.ctrl.Call(m, "ListAccessKeys", input) ret0, _ := ret[0].(*iam.ListAccessKeysOutput) ret1, _ := ret[1].(error) @@ -59,6 +56,5 @@ func (m *MockIAMClient) ListAccessKeys(input *iam.ListAccessKeysInput) (*iam.Lis // ListAccessKeys indicates an expected call of ListAccessKeys func (mr *MockIAMClientMockRecorder) ListAccessKeys(input interface{}) *gomock.Call { - mr.mock.ctrl.T.Helper() return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListAccessKeys", reflect.TypeOf((*MockIAMClient)(nil).ListAccessKeys), input) } diff --git a/csasession/clientfactory/mocks/kmsclient_mock.go b/csasession/clientfactory/mocks/kmsclient_mock.go index 4263a74..b8adae8 100644 --- a/csasession/clientfactory/mocks/kmsclient_mock.go +++ b/csasession/clientfactory/mocks/kmsclient_mock.go @@ -35,7 +35,6 @@ func (m *MockKmsClient) EXPECT() *MockKmsClientMockRecorder { // ListKeys mocks base method func (m *MockKmsClient) ListKeys(input *kms.ListKeysInput) (*kms.ListKeysOutput, error) { - m.ctrl.T.Helper() ret := m.ctrl.Call(m, "ListKeys", input) ret0, _ := ret[0].(*kms.ListKeysOutput) ret1, _ := ret[1].(error) @@ -44,13 +43,11 @@ func (m *MockKmsClient) ListKeys(input *kms.ListKeysInput) (*kms.ListKeysOutput, // ListKeys indicates an expected call of ListKeys func (mr *MockKmsClientMockRecorder) ListKeys(input interface{}) *gomock.Call { - mr.mock.ctrl.T.Helper() return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListKeys", reflect.TypeOf((*MockKmsClient)(nil).ListKeys), input) } // ListAliases mocks base method func (m *MockKmsClient) ListAliases(input *kms.ListAliasesInput) (*kms.ListAliasesOutput, error) { - m.ctrl.T.Helper() ret := m.ctrl.Call(m, "ListAliases", input) ret0, _ := ret[0].(*kms.ListAliasesOutput) ret1, _ := ret[1].(error) @@ -59,6 +56,5 @@ func (m *MockKmsClient) ListAliases(input *kms.ListAliasesInput) (*kms.ListAlias // ListAliases indicates an expected call of ListAliases func (mr *MockKmsClientMockRecorder) ListAliases(input interface{}) *gomock.Call { - mr.mock.ctrl.T.Helper() return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListAliases", reflect.TypeOf((*MockKmsClient)(nil).ListAliases), input) } diff --git a/csasession/clientfactory/mocks/s3client_mock.go b/csasession/clientfactory/mocks/s3client_mock.go index 05c92d6..01d0cae 100644 --- a/csasession/clientfactory/mocks/s3client_mock.go +++ b/csasession/clientfactory/mocks/s3client_mock.go @@ -35,7 +35,6 @@ func (m *MockS3Client) EXPECT() *MockS3ClientMockRecorder { // GetBucketPolicy mocks base method func (m *MockS3Client) GetBucketPolicy(input *s3.GetBucketPolicyInput) (*s3.GetBucketPolicyOutput, error) { - m.ctrl.T.Helper() ret := m.ctrl.Call(m, "GetBucketPolicy", input) ret0, _ := ret[0].(*s3.GetBucketPolicyOutput) ret1, _ := ret[1].(error) @@ -44,13 +43,11 @@ func (m *MockS3Client) GetBucketPolicy(input *s3.GetBucketPolicyInput) (*s3.GetB // GetBucketPolicy indicates an expected call of GetBucketPolicy func (mr *MockS3ClientMockRecorder) GetBucketPolicy(input interface{}) *gomock.Call { - mr.mock.ctrl.T.Helper() return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetBucketPolicy", reflect.TypeOf((*MockS3Client)(nil).GetBucketPolicy), input) } // GetBucketEncryption mocks base method func (m *MockS3Client) GetBucketEncryption(input *s3.GetBucketEncryptionInput) (*s3.GetBucketEncryptionOutput, error) { - m.ctrl.T.Helper() ret := m.ctrl.Call(m, "GetBucketEncryption", input) ret0, _ := ret[0].(*s3.GetBucketEncryptionOutput) ret1, _ := ret[1].(error) @@ -59,13 +56,11 @@ func (m *MockS3Client) GetBucketEncryption(input *s3.GetBucketEncryptionInput) ( // GetBucketEncryption indicates an expected call of GetBucketEncryption func (mr *MockS3ClientMockRecorder) GetBucketEncryption(input interface{}) *gomock.Call { - mr.mock.ctrl.T.Helper() return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetBucketEncryption", reflect.TypeOf((*MockS3Client)(nil).GetBucketEncryption), input) } // GetBucketLogging mocks base method func (m *MockS3Client) GetBucketLogging(input *s3.GetBucketLoggingInput) (*s3.GetBucketLoggingOutput, error) { - m.ctrl.T.Helper() ret := m.ctrl.Call(m, "GetBucketLogging", input) ret0, _ := ret[0].(*s3.GetBucketLoggingOutput) ret1, _ := ret[1].(error) @@ -74,13 +69,11 @@ func (m *MockS3Client) GetBucketLogging(input *s3.GetBucketLoggingInput) (*s3.Ge // GetBucketLogging indicates an expected call of GetBucketLogging func (mr *MockS3ClientMockRecorder) GetBucketLogging(input interface{}) *gomock.Call { - mr.mock.ctrl.T.Helper() return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetBucketLogging", reflect.TypeOf((*MockS3Client)(nil).GetBucketLogging), input) } // GetBucketAcl mocks base method func (m *MockS3Client) GetBucketAcl(input *s3.GetBucketAclInput) (*s3.GetBucketAclOutput, error) { - m.ctrl.T.Helper() ret := m.ctrl.Call(m, "GetBucketAcl", input) ret0, _ := ret[0].(*s3.GetBucketAclOutput) ret1, _ := ret[1].(error) @@ -89,13 +82,11 @@ func (m *MockS3Client) GetBucketAcl(input *s3.GetBucketAclInput) (*s3.GetBucketA // GetBucketAcl indicates an expected call of GetBucketAcl func (mr *MockS3ClientMockRecorder) GetBucketAcl(input interface{}) *gomock.Call { - mr.mock.ctrl.T.Helper() return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetBucketAcl", reflect.TypeOf((*MockS3Client)(nil).GetBucketAcl), input) } // ListBuckets mocks base method func (m *MockS3Client) ListBuckets(input *s3.ListBucketsInput) (*s3.ListBucketsOutput, error) { - m.ctrl.T.Helper() ret := m.ctrl.Call(m, "ListBuckets", input) ret0, _ := ret[0].(*s3.ListBucketsOutput) ret1, _ := ret[1].(error) @@ -104,13 +95,11 @@ func (m *MockS3Client) ListBuckets(input *s3.ListBucketsInput) (*s3.ListBucketsO // ListBuckets indicates an expected call of ListBuckets func (mr *MockS3ClientMockRecorder) ListBuckets(input interface{}) *gomock.Call { - mr.mock.ctrl.T.Helper() return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListBuckets", reflect.TypeOf((*MockS3Client)(nil).ListBuckets), input) } // GetBucketLocation mocks base method func (m *MockS3Client) GetBucketLocation(input *s3.GetBucketLocationInput) (*s3.GetBucketLocationOutput, error) { - m.ctrl.T.Helper() ret := m.ctrl.Call(m, "GetBucketLocation", input) ret0, _ := ret[0].(*s3.GetBucketLocationOutput) ret1, _ := ret[1].(error) @@ -119,6 +108,5 @@ func (m *MockS3Client) GetBucketLocation(input *s3.GetBucketLocationInput) (*s3. // GetBucketLocation indicates an expected call of GetBucketLocation func (mr *MockS3ClientMockRecorder) GetBucketLocation(input interface{}) *gomock.Call { - mr.mock.ctrl.T.Helper() return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetBucketLocation", reflect.TypeOf((*MockS3Client)(nil).GetBucketLocation), input) }