cloudsploit
cloudsploit copied to clipboard
aquasecurity
Azure no result
The config.js include the current credential for azure, and i use the command belong to generate the report
./index.js --json=azure.json --junit=azure.xml --cloud=azure --config=./config.js
But it throw the issue, and nothing return to json and xml file.
url: https://management.azure.com//subscriptions/78131263-201b-4c2e-8ba9-57731b087025/resourceGroups/rg-flowlity-global/providers/Microsoft.Storage/storageAccounts/stdatasynctrigger/listKeys?api-version=2019-06-01 obj: {"url":"https://management.azure.com//subscriptions/78131263-201b-4c2e-8ba9-57731b087025/resourceGroups/rg-flowlity-global/providers/Microsoft.Storage/storageAccounts/stdatasynctrigger/listKeys?api-version=2019-06-01","post":true,"rateLimit":3000} localData: undefined
INFO: Metadata collection complete. Analyzing...
INFO: Analysis complete. Scan report to follow...
Plugin Virtual Network Peering returned no results. There may be a problem with this plugin.
Plugin VM Desired SKU Size returned no results. There may be a problem with this plugin.
Plugin VM Approved Extensions returned no results. There may be a problem with this plugin.
/home/bubble/cloudsploit/helpers/azure/functions.js:203
if (!policyAssignmentStatus.length) {
^
TypeError: Cannot read properties of undefined (reading 'length')
at Object.checkPolicyAssignment (/home/bubble/cloudsploit/helpers/azure/functions.js:203:33)
at /home/bubble/cloudsploit/plugins/azure/securitycenter/monitorBlobEncryption.js:24:21
at /home/bubble/cloudsploit/node_modules/async/dist/async.js:3113:16
at eachOfArrayLike (/home/bubble/cloudsploit/node_modules/async/dist/async.js:1072:9)
at eachOf (/home/bubble/cloudsploit/node_modules/async/dist/async.js:1120:5)
at Object.eachLimit (/home/bubble/cloudsploit/node_modules/async/dist/async.js:3175:5)
at Object.run (/home/bubble/cloudsploit/plugins/azure/securitycenter/monitorBlobEncryption.js:19:15)
at /home/bubble/cloudsploit/engine.js:223:28
at /home/bubble/cloudsploit/node_modules/async/dist/async.js:3685:9
at replenish (/home/bubble/cloudsploit/node_modules/async/dist/async.js:1014:17)
Is Azure api updated?
If I understand it correctly, this is the commit that broke this -> https://github.com/aquasecurity/cloudsploit/commit/8415d5c05288a836313838523233a3347e56bbe6#diff-e820abec8c98dc12e01a66376533a10a5099daba4f6accc37668721b03fd2aa4R200
and it would be enough to just add default value
policyAssignmentStatus = defualtPolicyAssignments[param] || '';
Is that correct?
If I understand it correctly, this is the commit that broke this -> 8415d5c#diff-e820abec8c98dc12e01a66376533a10a5099daba4f6accc37668721b03fd2aa4R200
and it would be enough to just add default value
policyAssignmentStatus = defualtPolicyAssignments[param] || '';Is that correct?
This works for me, and makes sense based on helpers/azure/functions.js:196-201
I have this error:
INFO: Using CloudSploit config file: ./creds.json
/home/username/tools/cloudsploit/index.js:134
if (config.credentials.aws.credential_file && (!settings.cloud || (settings.cloud == 'aws'))) {
^
TypeError: Cannot read properties of undefined (reading 'aws')
at Object.<anonymous> (/home/username/tools/cloudsploit/index.js:134:24)
at Module._compile (node:internal/modules/cjs/loader:1218:14)
at Module._extensions..js (node:internal/modules/cjs/loader:1272:10)
at Module.load (node:internal/modules/cjs/loader:1081:32)
at Module._load (node:internal/modules/cjs/loader:922:12)
at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:81:12)
at node:internal/main/run_main_module:23:47
Node.js v18.13.0
I'm trying to audit only azure but keeps asking aws parameters, my creds.json file it's something like this:
{
"ApplicationID": "my-app-id-on-azure",
"KeyValue": ".string~of.keyvalue...",
"DirectoryID": "my-dir-id-on-azure",
"SubscriptionID": "my-subs-id-on-azure"
}
also, i tried on config.js:
...
azure: {
// OPTION 1: If using a credential JSON file, enter the path below
credential_file: '/home/username/tools/cloudsploit/creds.json',
// OPTION 2: If using hard-coded credentials, enter them below
//application_id: my-app-id-on-azure,
//key_value: .string~of.keyvalue...,
//directory_id: my-dir-id-on-azure,
//subscription_id: my-subs-id-on-azure
}
//azure_remediate: {
// OPTION 1: If using a credential JSON file, enter the path below
// credential_file: './azure.json',
// OPTION 2: If using hard-coded credentials, enter them below
// application_id: process.env.AZURE_APPLICATION_ID || '',
// key_value: process.env.AZURE_KEY_VALUE || '',
// directory_id: process.env.AZURE_DIRECTORY_ID || '',
// subscription_id: process.env.AZURE_SUBSCRIPTION_ID || ''
//},
...
If i only trigger the command (./index.js) the output looks fine, but ask for aws data:
hi @telekomancer , i see you have added the credentials in config.js file but your attributes for the object are commented out. Can you try out like this in config.js file azure: { // OPTION 1: If using a credential JSON file, enter the path below credential_file: '/home/username/tools/cloudsploit/creds.json', // OPTION 2: If using hard-coded credentials, enter them below application_id: my-app-id-on-azure, key_value: .string~of.keyvalue..., directory_id: my-dir-id-on-azure, subscription_id: my-subs-id-on-azure },
Oh! Actually, that was the options that i changed, i had to make some changes at code (https://github.com/aquasecurity/cloudsploit/issues/1728#issuecomment-1773289090) and some changes at config.js level and everything works.
Thanks for the help!