Class: Inventory::SecurityGroup::Open

Inherits:

Base

• Object
• Base
• Inventory::SecurityGroup::Open

Includes:

Shared

Defined in:

lib/inventory/security_group/open.rb

Instance Method Summary

• #combine_ports(port_objects) ⇒ Object

  Examples.

• #data ⇒ Object
• #header ⇒ Object
• #opened_security_groups ⇒ Object
• #ports_open_to_world(sg) ⇒ Object

  Returns an Array of ports with a cidr of 0.0.0.0/0.

Methods included from Shared

#unused_security_groups, #used_security_groups

Methods inherited from Base

eager_load!, inherited, #initialize, #report, #show, #sort, subclasses, #test_mode

Methods included from AwsServices

#acm, #cfn, #cw, #eb, #ec2, #ecs, #elbv1, #elbv2, #iam, #pricing, #rds, #route53

Methods included from Inventory::Shared

#instances, #security_groups

Constructor Details

This class inherits a constructor from Inventory::Base

Instance Method Details

#combine_ports(port_objects) ⇒ Object

Examples

Input:

ports: [80, 443]

Output:

ports: [80, 443

Input:

ports: [8001, 8000..8002]

Output:

ports: [8000..8002]

# File 'lib/inventory/security_group/open.rb', line 67

def combine_ports(port_objects)
  ports = port_objects.inject([]) do |array, port|
    ports = port.is_a?(Range) ? port.to_a : [port]
    array += ports
    array
  end.uniq
  ports.arrange
end

#data ⇒ Object

# File 'lib/inventory/security_group/open.rb', line 11

def data
  opened_security_groups_in_use = opened_security_groups.select do |sg|
    group_ids_in_use = used_security_groups.map(&:group_id)
    group_ids_in_use.include?(sg.group_id)
  end

  # Only display used security groups that have opened ports for review.
  # will delete the unused security groups anyway.
  opened_security_groups_in_use.map do |sg|
    ports = ports_open_to_world(sg)
    [
      sg.group_name,
      ports
    ]
  end
end

#header ⇒ Object

# File 'lib/inventory/security_group/open.rb', line 7

def header
  ["Security Group", "Open to World"]
end

#opened_security_groups ⇒ Object

# File 'lib/inventory/security_group/open.rb', line 28

def opened_security_groups
  security_groups.select do |sg|
    ports = ports_open_to_world(sg)
    !ports.empty?
  end
end

#ports_open_to_world(sg) ⇒ Object

Returns an Array of ports with a cidr of 0.0.0.0/0

# File 'lib/inventory/security_group/open.rb', line 36

def ports_open_to_world(sg)
  ip_permissions = sg.ip_permissions.select do |permission|
      permission.ip_ranges.detect do |ip_range|
        ip_range.include?('0.0.0.0/0')
      end
    end

  ports = ip_permissions.map do |p|
    if p.from_port == p.to_port
      p.from_port
    else
      (p.from_port..p.to_port)
    end
  end

  ports = combine_ports(ports)
  # convert to string for printing
  ports.map(&:to_s).join(', ')
end