Skip to content

Commit 337536b

Browse files
jinyoungmoonDEVjinyoungmoonDEV
committed
fix: Security Group Rule 잘못된 복사로 인한 주소 참조 이슈 조치
Signed-off-by: jinyoungmoonDEV <[email protected]>
1 parent dfa8d2f commit 337536b

File tree

1 file changed

+36
-43
lines changed

1 file changed

+36
-43
lines changed

src/plugin/manager/ec2/security_group_manager.py

Lines changed: 36 additions & 43 deletions
Original file line numberDiff line numberDiff line change
@@ -80,46 +80,44 @@ def create_cloud_service(self, region, options, secret_data, schema):
8080

8181
# Inbound Rules
8282
inbound_rules = []
83-
for in_rule in raw.get("IpPermissions", []):
84-
in_rule_copy = copy.deepcopy(in_rule)
85-
86-
for _ip_range in in_rule.get("IpRanges", []):
83+
for inbound_rule in raw.get("IpPermissions", []):
84+
for _ip_range in inbound_rule.get("IpRanges", []):
8785
inbound_rules.append(
88-
self._custom_security_group_inbound_rule_info(
89-
raw_rule=in_rule_copy,
86+
self._custom_security_group_rule_info(
87+
raw_rule=inbound_rule,
9088
remote=_ip_range,
9189
remote_type="ip_ranges",
9290
is_egress=False,
9391
vulnerable_ports=vulnerable_ports,
9492
)
9593
)
9694

97-
for _user_group_pair in in_rule.get("UserIdGroupPairs", []):
95+
for _user_group_pair in inbound_rule.get("UserIdGroupPairs", []):
9896
inbound_rules.append(
99-
self._custom_security_group_inbound_rule_info(
100-
raw_rule=in_rule_copy,
97+
self._custom_security_group_rule_info(
98+
raw_rule=inbound_rule,
10199
remote=_user_group_pair,
102100
remote_type="user_id_group_pairs",
103101
is_egress=False,
104102
vulnerable_ports=vulnerable_ports,
105103
)
106104
)
107105

108-
for _ip_v6_range in in_rule.get("Ipv6Ranges", []):
106+
for _ip_v6_range in inbound_rule.get("Ipv6Ranges", []):
109107
inbound_rules.append(
110-
self._custom_security_group_inbound_rule_info(
111-
raw_rule=in_rule_copy,
108+
self._custom_security_group_rule_info(
109+
raw_rule=inbound_rule,
112110
remote=_ip_v6_range,
113111
remote_type="ipv6_ranges",
114112
is_egress=False,
115113
vulnerable_ports=vulnerable_ports,
116114
)
117115
)
118116

119-
for prefix_list_id in in_rule.get("PrefixListIds", []):
117+
for prefix_list_id in inbound_rule.get("PrefixListIds", []):
120118
inbound_rules.append(
121-
self._custom_security_group_inbound_rule_info(
122-
raw_rule=in_rule_copy,
119+
self._custom_security_group_rule_info(
120+
raw_rule=inbound_rule,
123121
remote=prefix_list_id,
124122
remote_type="prefix_list_ids",
125123
is_egress=False,
@@ -129,43 +127,41 @@ def create_cloud_service(self, region, options, secret_data, schema):
129127

130128
# Outbound Rules
131129
outbound_rules = []
132-
for out_rule in raw.get("IpPermissionsEgress", []):
133-
out_rule_copy = copy.deepcopy(out_rule)
134-
135-
for _ip_range in out_rule.get("IpRanges", []):
130+
for outbound_rule in raw.get("IpPermissionsEgress", []):
131+
for _ip_range in outbound_rule.get("IpRanges", []):
136132
outbound_rules.append(
137-
self._custom_security_group_inbound_rule_info(
138-
raw_rule=out_rule_copy,
133+
self._custom_security_group_rule_info(
134+
raw_rule=outbound_rule,
139135
remote=_ip_range,
140136
remote_type="ip_ranges",
141137
is_egress=True,
142138
)
143139
)
144140

145-
for _user_group_pairs in out_rule.get("UserIdGroupPairs", []):
141+
for _user_group_pairs in outbound_rule.get("UserIdGroupPairs", []):
146142
outbound_rules.append(
147-
self._custom_security_group_inbound_rule_info(
148-
raw_rule=out_rule_copy,
143+
self._custom_security_group_rule_info(
144+
raw_rule=outbound_rule,
149145
remote=_user_group_pairs,
150146
remote_type="user_id_group_pairs",
151147
is_egress=True,
152148
)
153149
)
154150

155-
for _ip_v6_range in out_rule.get("Ipv6Ranges", []):
151+
for _ip_v6_range in outbound_rule.get("Ipv6Ranges", []):
156152
outbound_rules.append(
157-
self._custom_security_group_inbound_rule_info(
158-
raw_rule=out_rule_copy,
153+
self._custom_security_group_rule_info(
154+
raw_rule=outbound_rule,
159155
remote=_ip_v6_range,
160156
remote_type="ipv6_ranges",
161157
is_egress=True,
162158
)
163159
)
164160

165-
for prefix_list_id in out_rule.get("PrefixListIds", []):
161+
for prefix_list_id in outbound_rule.get("PrefixListIds", []):
166162
outbound_rules.append(
167-
self._custom_security_group_inbound_rule_info(
168-
raw_rule=out_rule_copy,
163+
self._custom_security_group_rule_info(
164+
raw_rule=outbound_rule,
169165
remote=prefix_list_id,
170166
remote_type="prefix_list_ids",
171167
is_egress=True,
@@ -258,7 +254,7 @@ def _get_matched_security_group_rule_id(
258254

259255
return None
260256

261-
def _custom_security_group_inbound_rule_info(
257+
def _custom_security_group_rule_info(
262258
self, raw_rule, remote, remote_type, is_egress, vulnerable_ports=None
263259
):
264260
rule_id = self._get_matched_security_group_rule_id(
@@ -269,39 +265,36 @@ def _custom_security_group_inbound_rule_info(
269265
is_egress=is_egress,
270266
)
271267

272-
raw_rule = self._custom_security_group_rule_info(raw_rule, remote, remote_type)
273-
raw_rule.update({"rule_id": rule_id})
274-
275-
protocol_display = raw_rule.get("protocol_display")
268+
custom_rule = self._custom_security_group_rule(raw_rule, remote, remote_type, rule_id)
276269

277270
if vulnerable_ports:
271+
protocol_display = custom_rule.get("protocol_display")
272+
278273
ports = self._get_vulnerable_ports(
279274
protocol_display, raw_rule, vulnerable_ports
280275
)
281276

282-
raw_rule.update(
277+
custom_rule.update(
283278
{
284279
"vulnerable_ports": ports,
285280
"detected_vulnerable_ports": True if ports else False,
286281
}
287282
)
288283

289-
return raw_rule
284+
return custom_rule
290285

291-
def _custom_security_group_rule_info(self, raw_rule, remote, remote_type):
292-
protocol_display = self._get_protocol_display(raw_rule.get("IpProtocol"))
293-
raw_rule.update(
286+
def _custom_security_group_rule(self, raw_rule, remote, remote_type, rule_id):
287+
return (
294288
{
295-
"protocol_display": protocol_display,
289+
"rule_id": rule_id,
290+
"protocol_display": self._get_protocol_display(raw_rule.get("IpProtocol")),
296291
"port_display": self._get_port_display(raw_rule),
297292
"source_display": self._get_source_display(remote),
298293
"description_display": self._get_description_display(remote),
299294
remote_type: remote,
300295
}
301296
)
302297

303-
return raw_rule
304-
305298
def list_instances(self):
306299
instances = []
307300
filter_info = [

0 commit comments

Comments
 (0)