Merge pull request #377 from 0xdabbad00/add_icons_for_vpc_endpoints

Add icons for vpc endpoints
duo-labs · May 2, 2019 · df9415a · df9415a
2 parents ffa4cd6 + 9fb9be8
commit df9415a
Show file tree

Hide file tree

Showing 22 changed files with 1,540 additions and 15 deletions.
diff --git a/account-data/demo/us-east-1/ec2-describe-security-groups.json b/account-data/demo/us-east-1/ec2-describe-security-groups.json
@@ -1,5 +1,41 @@
 {
     "SecurityGroups": [
+        {
+            "IpPermissionsEgress": [
+                {
+                    "IpProtocol": "-1", 
+                    "PrefixListIds": [], 
+                    "IpRanges": [
+                        {
+                            "CidrIp": "0.0.0.0/0"
+                        }
+                    ], 
+                    "UserIdGroupPairs": [], 
+                    "Ipv6Ranges": []
+                }
+            ], 
+            "Description": "Endpoint access", 
+            "IpPermissions": [
+                {
+                    "PrefixListIds": [], 
+                    "FromPort": 443, 
+                    "IpRanges": [], 
+                    "ToPort": 443, 
+                    "IpProtocol": "tcp", 
+                    "UserIdGroupPairs": [
+                        {
+                            "UserId": "123456789012", 
+                            "GroupId": "sg-00000004"
+                        }
+                    ], 
+                    "Ipv6Ranges": []
+                }
+            ], 
+            "GroupName": "Endpint", 
+            "VpcId": "vpc-12345678", 
+            "OwnerId": "123456789012", 
+            "GroupId": "sg-00000006"
+        },
         {
             "IpPermissionsEgress": [
                 {

diff --git a/account-data/demo/us-east-1/ec2-describe-vpc-endpoints.json b/account-data/demo/us-east-1/ec2-describe-vpc-endpoints.json
@@ -0,0 +1,54 @@
+{
+    "VpcEndpoints": [
+        {
+            "CreationTimestamp": "2019-04-11T18:59:11+00:00",
+            "DnsEntries": [],
+            "Groups": [],
+            "NetworkInterfaceIds": [],
+            "PolicyDocument": "{\"Version\":\"2008-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":\"*\",\"Action\":\"*\",\"Resource\":\"*\"}]}",
+            "PrivateDnsEnabled": false,
+            "RouteTableIds": [
+                "rtb-00000000"
+            ],
+            "ServiceName": "com.amazonaws.us-east-1.s3",
+            "State": "available",
+            "SubnetIds": [],
+            "VpcEndpointId": "vpce-00000000000000001",
+            "VpcEndpointType": "Gateway",
+            "VpcId": "vpc-12345678"
+        },
+        {
+            "CreationTimestamp": "2019-04-30T15:19:35+00:00",
+            "DnsEntries": [
+                {
+                    "DnsName": "vpce-05ed16ac73726e737-5xkr9dae-us-east-1f.sqs.us-east-1.vpce.amazonaws.com",
+                    "HostedZoneId": "Z7HUB22UULQXV"
+                },
+                {
+                    "DnsName": "sqs.us-east-1.amazonaws.com",
+                    "HostedZoneId": "ZCYZV1JQU4VH2"
+                }
+            ],
+            "Groups": [
+                {
+                    "GroupId": "sg-00000006",
+                    "GroupName": "default"
+                }
+            ],
+            "NetworkInterfaceIds": [
+                "eni-00000000000000001"
+            ],
+            "PolicyDocument": "{\n    \"Statement\": [\n        {\n            \"Action\": \"*\",\n            \"Effect\": \"Allow\",\n            \"Resource\": \"*\",\n            \"Principal\": \"*\"\n        }\n    ]\n}",
+            "PrivateDnsEnabled": true,
+            "RouteTableIds": [],
+            "ServiceName": "com.amazonaws.us-east-1.sqs",
+            "State": "available",
+            "SubnetIds": [
+                "subnet-00000003"
+            ],
+            "VpcEndpointId": "vpce-00000000000000002",
+            "VpcEndpointType": "Interface",
+            "VpcId": "vpc-12345678"
+        }
+    ]
+}
diff --git a/cloudmapper.py b/cloudmapper.py
@@ -31,7 +31,7 @@
 import importlib
 import commands
 
-__version__ = "2.5.3"
+__version__ = "2.5.4"
 
 
 def show_help(commands):

diff --git a/commands/prepare.py b/commands/prepare.py
@@ -364,13 +364,16 @@ def build_data_structure(account_data, config, outputfilter):
                     cytoscape_json.append(vpc.cytoscape_data())
 
                     vpc_children_to_remove = set()
-                    for az in vpc.children:
-                        if az.has_leaves:
+                    for vpc_child in vpc.children:
+                        if vpc_child.has_leaves:
                             if outputfilter["azs"]:
-                                cytoscape_json.append(az.cytoscape_data())
+                                cytoscape_json.append(vpc_child.cytoscape_data())
+                            elif vpc_child.node_type != 'az':
+                                # Add VPC children that are not AZs, such as Gateway endpoints
+                                cytoscape_json.append(vpc_child.cytoscape_data())
 
                             az_children_to_remove = set()
-                            for subnet in az.children:
+                            for subnet in vpc_child.children:
                                 if subnet.has_leaves:
                                     cytoscape_json.append(subnet.cytoscape_data())
 
@@ -379,7 +382,7 @@ def build_data_structure(account_data, config, outputfilter):
                                 else:
                                     az_children_to_remove.add(subnet)
                             for subnet in az_children_to_remove:
-                                az.removeChild(subnet)
+                                vpc_child.removeChild(subnet)
 
                         else:
                             vpc_children_to_remove.add(az)

diff --git a/shared/nodes.py b/shared/nodes.py
@@ -557,10 +557,9 @@ def __init__(self, parent, json_blob):
             # Access is controlled through their policy, or the S3 bucket policies, or somewhere else.
             self._unrestricted_ingress = True
 
-        if self._name == 's3':
-            self._type = 's3'
-        elif self._name == 'dynamodb':
-            self._type = 'dynamodb'
+        services_with_icons = ['s3', 'dynamodb', 'kinesis', 'sqs', 'sns', 'codebuild', 'codecommit', 'codepipeline', 'ecs', 'ecr', 'ssm', 'secretsmanager', 'kms', 'apigateway']
+        if self._name in services_with_icons:
+            self._type = self._name
 
         super(VpcEndpoint, self).__init__(self._parent, json_blob)
 

diff --git a/tests/unit/test_prepare.py b/tests/unit/test_prepare.py
@@ -73,7 +73,7 @@ def test_build_data_structure(self):
 
         # Now check it
         # Check number of connections
-        assert_equal(17, len(pyjq.all('.[].data|select(.type == "edge")|keys', cytoscape_json)))
+        assert_equal(25, len(pyjq.all('.[].data|select(.type == "edge")|keys', cytoscape_json)))
 
         # Check number of nodes
         assert_equal(2, len(pyjq.all('.[].data|select(.type == "ip")|keys', cytoscape_json)))
@@ -84,3 +84,5 @@ def test_build_data_structure(self):
         assert_equal(4, len(pyjq.all('.[].data|select(.type == "subnet")|keys', cytoscape_json)))
         assert_equal(1, len(pyjq.all('.[].data|select(.type == "region")|keys', cytoscape_json)))
         assert_equal(1, len(pyjq.all('.[].data|select(.type == "vpc")|keys', cytoscape_json)))
+        assert_equal(1, len(pyjq.all('.[].data|select(.type == "sqs")|keys', cytoscape_json)))
+        assert_equal(1, len(pyjq.all('.[].data|select(.type == "s3")|keys', cytoscape_json)))
diff --git a/web/icons/aws/apigateway.svg b/web/icons/aws/apigateway.svg
diff --git a/web/icons/aws/codebuild.svg b/web/icons/aws/codebuild.svg