Merge pull request #80 from iSECPartners/dev

Fix issue #79
nccgroup · Feb 24, 2016 · ffdc30f · ffdc30f
2 parents 3ffe8ca + 6e40a06
commit ffdc30f
Show file tree

Hide file tree

Showing 5 changed files with 15 additions and 10 deletions.
diff --git a/html/summaries/services.iam.credential_report.root_account.html b/html/summaries/services.iam.credential_report.root_account.html
@@ -1,17 +1,17 @@
 
   <!-- Root account usage -->
   <script id="services.iam.credential_report.root_account.details.template" type="text/x-handlebars-template">
-    <div id="services.iam.credential_report.root_account.details">
-        <div class="list-group" id="services.iam.credential_report.root_account.view">
+    <div id="services.iam.credential_report.<root_account>.details">
+        <div class="list-group" id="services.iam.credential_report.<root_account>.view">
           <div class="list-group-item active">
             <h4 class="list-group-item-heading">AWS root account</h4>
           </div>
           <div class="list-group-item">
             <div class="list-group-item-text item-margin">Creation date: {{items.user_creation_time}}</div>
-            <div class="list-group-item-text item-margin">Password last used: <span id="iam_CredentialReport-root-active-password-">{{items.password_last_used}}</span></div>
-            <div class="list-group-item-text item-margin">MFA enabled: <span id="iam_CredentialReport-root-no-mfa-">{{items.mfa_active}}</span></div>
-            <div class="list-group-item-text item-margin">Access key 1 active: <span id="iam_CredentialReport-root-active-key-access_key_1_active">{{items.access_key_1_active}}</span></div>
-            <div class="list-group-item-text item-margin">Access key 2 active: <span id="iam_CredentialReport-root-active-key-access_key_2_active">{{items.access_key_2_active}}</span></div>
+            <div class="list-group-item-text item-margin">Password last used: <span id="iam.credential_report.<root_account>.password_last_used">{{items.password_last_used}}</span></div>
+            <div class="list-group-item-text item-margin">MFA enabled: <span id="iam.credential_report.<root_account>.mfa_active">{{items.mfa_active}}</span></div>
+            <div class="list-group-item-text item-margin">Access key 1 active: <span id="iam.credential_report.<root_account>.access_key_1_active">{{items.access_key_1_active}}</span></div>
+            <div class="list-group-item-text item-margin">Access key 2 active: <span id="iam.credential_report.<root_account>.access_key_2_active">{{items.access_key_2_active}}</span></div>
             <div class="list-group-item-text item-margin">Signing cert 1 active: {{items.cert_1_active}}</div>
             <div class="list-group-item-text item-margin">Signing cert 2 active: {{items.cert_2_active}}</div>
           </div>

diff --git a/inc-scout2/scout2.js b/inc-scout2/scout2.js
@@ -129,7 +129,6 @@ function hideLinks(resource_path) {
 // Show list, details' container, links, and view for a given path
 //
 function showRowWithItems(path) {
-    path = path.replace('>', '').replace('<', '');
     showRow(path);
     showItems(path);
 }
@@ -581,8 +580,12 @@ function get_resource_path(path) {
             resource_path = get_value_at(path.replace('items', 'entities'));
         }
         resource_path_array = resource_path.split('.');
-        resource_path_array.pop();
+        last_value = resource_path_array.pop();
         resource_path = 'services.' + resource_path_array.join('.');
+        // Fix for issue #79
+        if (last_value == '<root_account>') {
+            resource_path += '.' + last_value;
+        }
     } else if (path.endsWith('.view')) {
         // Resource path is not changed (this may break when using `back' button in browser)
         var resource_path = current_resource_path;

diff --git a/requirements.txt b/requirements.txt
@@ -1,4 +1,4 @@
-boto3>=1.2.3
+boto3==1.2.3
 requests>=2.4.0
 python-dateutil>=2.2
 netaddr>=0.7.11

diff --git a/rules/root-account-no-mfa.json b/rules/root-account-no-mfa.json
@@ -6,5 +6,6 @@
         [ "iam.credential_report.<root_account>.mfa_active", "notTrue", "" ]
     ],
     "level": "danger",
+    "id_suffix": "mfa_active",
     "listing": { "keys": [ "this" ] }
 }
diff --git a/rules/root-account-used-recently.json b/rules/root-account-used-recently.json
@@ -5,5 +5,6 @@
     "conditions": [ "and",
         [ "iam.credential_report.<root_account>.password_last_used", "dateNotOlderThan", "90" ]
     ],
-    "level": "danger"
+    "level": "danger",
+    "id_suffix": "password_last_used"
 }