Merge pull request #160 from darkbitio/build

Build
joshlarsen · Apr 13, 2022 · 8c02f7f · 8c02f7f
2 parents 33bef06 + 37f3143
commit 8c02f7f
Show file tree

Hide file tree

Showing 4 changed files with 87 additions and 1 deletion.
diff --git a/lib/aws_recon/collectors/ecrpublic.rb b/lib/aws_recon/collectors/ecrpublic.rb
@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+#
+# Collect ECRPublic resources
+#
+class ECRPublic < Mapper
+  #
+  # Returns an array of resources.
+  #
+  def collect
+    resources = []
+
+    #
+    # describe_repositories
+    #
+
+    puts(@client.describe_repositories)
+    @client.describe_repositories.each_with_index do |response, page|
+      log(response.context.operation_name, page)
+
+      response.repositories.each do |repo|
+        struct = OpenStruct.new(repo.to_h)
+        struct.type = "repository"
+        struct.arn = repo.repository_arn
+        struct.policy = @client
+          .get_repository_policy({ repository_name: repo.repository_name }).policy_text.parse_policy
+
+        struct.images = []
+        #
+        # describe images
+        #
+        @client.describe_images({ repository_name: repo.repository_name }).image_details.each_with_index do |image, page|
+          log(response.context.operation_name, "describe_images", page)
+          image_hash = image.to_h
+          struct.images << image_hash
+        end
+      rescue Aws::ECR::Errors::ServiceError => e
+        log_error(e.code)
+
+        raise e unless suppressed_errors.include?(e.code) && !@options.quit_on_exception
+      ensure
+        resources.push(struct.to_h)
+      end
+    end
+
+    resources
+  end
+
+  private
+
+  # not an error
+  def suppressed_errors
+    %w[
+      RepositoryPolicyNotFoundException,
+      ScanNotFoundException
+    ]
+  end
+end
diff --git a/lib/aws_recon/services.yaml b/lib/aws_recon/services.yaml
@@ -55,6 +55,33 @@
   alias: rds
 - name: ECR
   alias: ecr
+- name: ECRPublic
+  alias: ecrpublic
+  excluded_regions:
+    - af-south-1
+    - ap-east-1
+    - ap-northeast-1
+    - ap-northeast-2
+    - ap-northeast-3
+    - ap-south-1
+    - ap-southeast-1
+    - ap-southeast-2
+    - ca-central-1
+    - eu-central-1
+    - eu-north-1
+    - eu-south-1
+    - eu-west-1
+    - eu-west-2
+    - eu-west-3
+    - me-south-1
+    - sa-east-1
+    - us-east-2
+    - us-west-1
+    - us-west-2
+    - af-south-1
+    - ap-east-1
+    - eu-south-1
+    - me-south-1
 - name: DynamoDB
   alias: dynamodb
 - name: KMS

diff --git a/lib/aws_recon/version.rb b/lib/aws_recon/version.rb
@@ -1,3 +1,3 @@
 module AwsRecon
-  VERSION = "0.5.30"
+  VERSION = "0.5.31"
 end
diff --git a/readme.md b/readme.md
@@ -358,6 +358,7 @@ AWS Recon aims to collect all resources and metadata that are relevant in determ
 - [x] DynamoDB
 - [x] EC2
 - [x] ECR
+- [x] ECRPublic
 - [x] ECS
 - [x] EFS
 - [x] EKS