diff --git a/src/plugin/main.py b/src/plugin/main.py index 086f9ba..5f71949 100644 --- a/src/plugin/main.py +++ b/src/plugin/main.py @@ -314,17 +314,5 @@ def _create_init_metadata(): "inventory.Region", "inventory.ErrorResource", ], - "options_schema": { - "required": ["vulnerable_ports"], - "type": "object", - "properties": { - "vulnerable_ports": { - "title": "Vulnerable Ports Option", - "type": "string", - "default": DEFAULT_VULNERABLE_PORTS, - "description": "Ex) 22,8080,3306 (Default = 22,3306)", - } - }, - }, } } diff --git a/src/plugin/manager/ec2/security_group_manager.py b/src/plugin/manager/ec2/security_group_manager.py index 03bce94..aa087bb 100644 --- a/src/plugin/manager/ec2/security_group_manager.py +++ b/src/plugin/manager/ec2/security_group_manager.py @@ -37,7 +37,7 @@ def create_cloud_service(self, region, options, secret_data, schema): cloudtrail_resource_type = "AWS::EC2::SecurityGroup" # If Port Filter Option Exist - vulnerable_ports = options.get("vulnerable_ports", DEFAULT_VULNERABLE_PORTS) + vulnerable_ports = options.get("vulnerable_ports") # Get default VPC default_vpcs = self._get_default_vpc() @@ -173,14 +173,15 @@ def custom_security_group_inbound_rule_info(self, raw_rule, remote, remote_type, protocol_display = raw_rule.get("protocol_display") - ports = self._get_vulnerable_ports(protocol_display, raw_rule, vulnerable_ports) + if vulnerable_ports: + ports = self._get_vulnerable_ports(protocol_display, raw_rule, vulnerable_ports) - raw_rule.update( - { - "vulnerable_ports": ports, - "detected_vulnerable_ports": True if ports else False - } - ) + raw_rule.update( + { + "vulnerable_ports": ports, + "detected_vulnerable_ports": True if ports else False + } + ) return raw_rule