Skip to content

Commit

Permalink
change AWS Config Mapper ID mapping to config_rule_id and include acc…
Browse files Browse the repository at this point in the history
…ount id in Config Rule's HDF title

Signed-off-by: Justin Kufro <[email protected]>
  • Loading branch information
Justin Kufro committed Apr 9, 2021
1 parent 59ec875 commit 6740586
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 4 deletions.
22 changes: 19 additions & 3 deletions lib/heimdall_tools/aws_config_mapper.rb
Original file line number Diff line number Diff line change
Expand Up @@ -38,8 +38,8 @@ def initialize(custom_mapping, endpoint = nil, verbose = false)
def to_hdf
controls = @issues.map do |issue|
@item = {}
@item['id'] = issue[:config_rule_name]
@item['title'] = issue[:config_rule_name]
@item['id'] = issue[:config_rule_id]
@item['title'] = "#{get_account_id(issue[:config_rule_arn])} - #{issue[:config_rule_name]}"
@item['desc'] = issue[:description]
@item['impact'] = 0.5
@item['tags'] = hdf_tags(issue)
Expand All @@ -55,6 +55,7 @@ def to_hdf
@item
end
end

results = HeimdallDataFormat.new(
profile_name: 'AWS Config',
title: 'AWS Config',
Expand All @@ -67,6 +68,20 @@ def to_hdf

private

##
# Gets the account ID from a config rule ARN
#
# https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
# https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html
#
# Params:
# - arn: The ARN of the config rule
#
# Returns: The account ID portion of the ARN
def get_account_id(arn)
/:(\d{12}):config-rule/.match(arn)&.captures&.first || 'no-account-id'
end

##
# Read in a config rule -> 800-53 control mapping CSV.
#
Expand Down Expand Up @@ -263,7 +278,8 @@ def check_text(config_rule)
# If no input parameters, then provide an empty JSON array to the JSON
# parser because passing nil to JSON.parse throws an exception.
params = (JSON.parse(config_rule[:input_parameters] || '[]').map { |key, value| "#{key}: #{value}" }).join('<br/>')
check_text = config_rule[:config_rule_arn] || ''
check_text = "ARN: #{config_rule[:config_rule_arn] || 'N/A'}"
check_text += "<br/>Source Identifier: #{config_rule.dig(:source, :source_identifier) || 'N/A'}"
check_text += "<br/>#{params}" unless params.empty?
check_text
end
Expand Down
2 changes: 1 addition & 1 deletion sample_jsons/aws_mapper/aws_config_hdf.json

Large diffs are not rendered by default.

0 comments on commit 6740586

Please sign in to comment.