salesforce
diff --git a/‎cloudsplaining/output/dist/js/index.js
+7-7 b/‎cloudsplaining/output/dist/js/index.js
+7-7
diff --git a/‎cloudsplaining/output/src/assets/glossary.md
+34 b/‎cloudsplaining/output/src/assets/glossary.md
+34
diff --git a/‎cloudsplaining/output/src/components/PolicyTable.vue
+14-9 b/‎cloudsplaining/output/src/components/PolicyTable.vue
+14-9
diff --git a/‎cloudsplaining/output/src/components/Principals.vue
-1 b/‎cloudsplaining/output/src/components/Principals.vue
-1
diff --git a/‎cloudsplaining/output/src/components/Summary.vue
+24-4 b/‎cloudsplaining/output/src/components/Summary.vue
+24-4
diff --git a/‎cloudsplaining/output/src/components/charts/SummaryFindings.vue
+16-2 b/‎cloudsplaining/output/src/components/charts/SummaryFindings.vue
+16-2
diff --git a/‎cloudsplaining/output/src/components/finding/RiskAlertIndicators.vue
+5-3 b/‎cloudsplaining/output/src/components/finding/RiskAlertIndicators.vue
+5-3
diff --git a/‎cloudsplaining/output/src/components/finding/StandardRiskDetails.vue
+5-5 b/‎cloudsplaining/output/src/components/finding/StandardRiskDetails.vue
+5-5
diff --git a/‎cloudsplaining/output/src/components/principals/RisksPerPrincipal.vue
+21-13 b/‎cloudsplaining/output/src/components/principals/RisksPerPrincipal.vue
+21-13
diff --git a/‎cloudsplaining/output/src/util/glossary.js
+16-10 b/‎cloudsplaining/output/src/util/glossary.js
+16-10
@@ -27,6 +27,40 @@ Infrastructure Modification describes IAM actions with "modify" capabilities, an
 
 Policies with Data Exfiltration potential allow certain read-only IAM actions without resource constraints, such as `s3:GetObject`, `ssm:GetParameter*`, or `secretsmanager:GetSecretValue`. Unrestricted `s3:GetObject` permissions has a long history of customer data leaks. `ssm:GetParameter*` and `secretsmanager:GetSecretValue` are both used to access secrets. `rds:CopyDBSnapshot` and `rds:CreateDBSnapshot` can be used to exfiltrate RDS database contents.
 
+##### Service Wildcard
+
+"Service Wildcard" is an unofficial way of referring to IAM policy statements that grant access to ALL actions under a service - like `s3:*`. Prioritizing the remediation of policies with this characteristic can help to efficiently reduce the total count of high risk issues in the Cloudsplaining report.
+
+##### Credentials Exposure
+
+Credentials Exposure actions return credentials as part of the API response , such as `ecr:GetAuthorizationToken`, `iam:UpdateAccessKey`, and others. The full list is below.
+
+- [codepipeline:pollforjobs](https://docs.aws.amazon.com/codepipeline/latest/APIReference/API_PollForJobs.html)
+- [cognito-identity:getopenidtoken](https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_GetOpenIdToken.html)
+- [cognito-identity:getopenidtokenfordeveloperidentity](https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_GetOpenIdTokenForDeveloperIdentity.html)
+- [cognito-identity:getcredentialsforidentity](https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_GetCredentialsForIdentity.html)
+- [connect:getfederationtoken](https://docs.aws.amazon.com/connect/latest/APIReference/API_GetFederationToken.html)
+- [connect:getfederationtokens](https://docs.aws.amazon.com/connect/latest/APIReference/API_GetFederationToken.html)
+- [ecr:getauthorizationtoken](https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_GetAuthorizationToken.html)
+- [gamelift:requestuploadcredentials](https://docs.aws.amazon.com/gamelift/latest/apireference/API_RequestUploadCredentials.html)
+- [iam:createaccesskey](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateAccessKey.html)
+- [iam:createloginprofile](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateLoginProfile.html)
+- [iam:createservicespecificcredential](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateServiceSpecificCredential.html)
+- [iam:resetservicespecificcredential](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ResetServiceSpecificCredential.html)
+- [iam:updateaccesskey](https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAccessKey.html)
+- [lightsail:getinstanceaccessdetails](https://docs.aws.amazon.com/lightsail/2016-11-28/api-reference/API_GetInstanceAccessDetails.html)
+- [lightsail:getrelationaldatabasemasteruserpassword](https://docs.aws.amazon.com/lightsail/2016-11-28/api-reference/API_GetRelationalDatabaseMasterUserPassword.html)
+- [rds-db:connect](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.IAMPolicy.html)
+- [redshift:getclustercredentials](https://docs.aws.amazon.com/redshift/latest/APIReference/API_GetClusterCredentials.html)
+- [sso:getrolecredentials](https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_GetRoleCredentials.html)
+- [mediapackage:rotatechannelcredentials](https://docs.aws.amazon.com/mediapackage/latest/apireference/channels-id-credentials.html)
+- [mediapackage:rotateingestendpointcredentials](https://docs.aws.amazon.com/mediapackage/latest/apireference/channels-id-ingest_endpoints-ingest_endpoint_id-credentials.html)
+- [sts:assumerole](https://docs.aws.amazon.com/cli/latest/reference/sts/assume-role.html)
+- [sts:assumerolewithsaml](https://docs.aws.amazon.com/cli/latest/reference/sts/assume-role-with-saml.html)
+- [sts:assumerolewithwebidentity](https://docs.aws.amazon.com/cli/latest/reference/sts/assume-role-with-web-identity.html)
+- [sts:getfederationtoken](https://docs.aws.amazon.com/cli/latest/reference/sts/get-federation-token.html)
+- [sts:getsessiontoken](https://docs.aws.amazon.com/cli/latest/reference/sts/get-session-token.html)
+
 ##### Roles Assumable by Compute Services
 
 IAM Roles can be assumed by AWS Compute Services (such as EC2, ECS, EKS, or Lambda) can present greater risk than user-defined roles, especially if the AWS Compute service is on an instance that is directly or indirectly exposed to the internet. Flagging these roles is particularly useful to penetration testers (or attackers) under certain scenarios. For example, if an attacker obtains privileges to execute [ssm:SendCommand](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_SendCommand.html) and there are privileged EC2 instances with the SSM agent installed, they can effectively have the privileges of those EC2 instances. Remote Code Execution via AWS Systems Manager Agent was already a known escalation/exploitation path, but Cloudsplaining can make the process of identifying theses cases easier.
 
@@ -26,7 +26,6 @@
                 </b-col>
 
             </b-row>
-
             <b-table
                     :items="policyNameMapping"
                     :fields="fields"
@@ -35,16 +34,20 @@
                     :current-page="currentPage"
                     :per-page="perPage"
                     responsive="sm"
+                    :sticky-header=true
+                    :no-border-collapse=true
                     small
             >
-              <template v-slot:cell(attached_to_principals)="data">
-                {{ data.item.attached_to_principals.length }}
-                <!--{{ data.item.attached_to_principals.join(", ") }}-->
-              </template>
+                <template v-slot:cell(policy_name)="data">
+                    {{ data.item.policy_name }}
+                </template>
+                <template v-slot:cell(attached_to_principals)="data">
+                    {{ data.item.attached_to_principals.length }}
+                </template>
 
-              <template v-slot:cell(compute_role)="data">
-                {{ data.item.compute_role.join(", ") }}
-              </template>
+                <template v-slot:cell(compute_role)="data">
+                    {{ data.item.compute_role.join(", ") }}
+                </template>
             </b-table>
         </b-container>
         <br>
@@ -70,9 +73,11 @@
                     {key: 'attached_to_principals', sortable: true},
                     {key: 'services', sortable: true},
                     {key: 'infrastructure_modification', sortable: true},
+                    {key: 'service_wildcard', sortable: true},
                     {key: 'privilege_escalation', sortable: true},
                     {key: 'resource_exposure', sortable: true},
                     {key: 'data_exfiltration', sortable: true},
+                    {key: 'credentials_exposure', sortable: true},
                     {key: 'compute_role', sortable: true},
                 ],
                 totalRows: 1,
@@ -90,4 +95,4 @@
 
 <style scoped>
 
-</style>
+</style>
@@ -5,7 +5,6 @@
         This page displays IAM Users, Groups, and Roles in the account, their associated policies, the risks associated with each principal, and various metadata that can be expanded per principal.
         <br>
         <br>
-        <!--ROLES-->
         <div v-bind:key="principalType" v-for="principalType in principalTypes">
         <h3>{{ capitalizeFirstLetter(principalType) }}</h3>
             <div v-bind:key="principalId" v-for="principalId in principalTypeIds(principalType)">
 
@@ -61,6 +61,11 @@
               <b-td>{{ policyRisks.ResourceExposure }}</b-td>
               <b-td>med</b-td>
             </b-tr>
+            <b-tr>
+              <b-th>Credentials Exposure</b-th>
+              <b-td>{{ policyRisks.CredentialsExposure }}</b-td>
+              <b-td>med</b-td>
+            </b-tr>
             <b-tr>
               <b-th>Infrastructure Modification</b-th>
               <b-td>{{ policyRisks.InfrastructureModification }}</b-td>
@@ -125,10 +130,25 @@ export default {
       }
 
       return {
-        "PrivilegeEscalation": this.inlinePolicyRisks.PrivilegeEscalation + this.awsManagedPolicyRisks.PrivilegeEscalation + this.customerManagedPolicyRisks.PrivilegeEscalation,
-        "DataExfiltration": this.inlinePolicyRisks.DataExfiltration + this.awsManagedPolicyRisks.DataExfiltration + this.customerManagedPolicyRisks.DataExfiltration,
-        "ResourceExposure": this.inlinePolicyRisks.ResourceExposure + this.awsManagedPolicyRisks.ResourceExposure + this.customerManagedPolicyRisks.ResourceExposure,
-        "InfrastructureModification": this.inlinePolicyRisks.InfrastructureModification + this.awsManagedPolicyRisks.InfrastructureModification + this.customerManagedPolicyRisks.InfrastructureModification
+        "PrivilegeEscalation":
+            this.inlinePolicyRisks.PrivilegeEscalation
+            + this.awsManagedPolicyRisks.PrivilegeEscalation
+            + this.customerManagedPolicyRisks.PrivilegeEscalation,
+        "DataExfiltration": this.inlinePolicyRisks.DataExfiltration
+            + this.awsManagedPolicyRisks.DataExfiltration
+            + this.customerManagedPolicyRisks.DataExfiltration,
+        "ResourceExposure":
+            this.inlinePolicyRisks.ResourceExposure
+            + this.awsManagedPolicyRisks.ResourceExposure
+            + this.customerManagedPolicyRisks.ResourceExposure,
+        "CredentialsExposure":
+            this.inlinePolicyRisks.CredentialsExposure
+            + this.awsManagedPolicyRisks.CredentialsExposure
+            + this.customerManagedPolicyRisks.CredentialsExposure,
+        "InfrastructureModification":
+            this.inlinePolicyRisks.InfrastructureModification
+            + this.awsManagedPolicyRisks.InfrastructureModification
+            + this.customerManagedPolicyRisks.InfrastructureModification
       }
     },
 
 
@@ -5,7 +5,17 @@ import { Bar } from 'vue-chartjs'
 export default {
   name: "SummaryFindings",
   extends: Bar,
-  props: ["inlinePolicyRisks", "awsManagedPolicyRisks", "customerManagedPolicyRisks"],
+  props: {
+      inlinePolicyRisks: {
+          type: Object
+      },
+      awsManagedPolicyRisks: {
+          type: Object
+      },
+      customerManagedPolicyRisks: {
+          type: Object
+      },
+  },
   computed: {
     myStyles() {
       return {
@@ -21,7 +31,8 @@ export default {
           "Privilege Escalation",
           "Data Exfiltration",
           "Resource Exposure",
-          "Infrastructure Modification"
+          "Credentials Exposure",
+          "Infrastructure Modification",
         ],
         datasets: [{
           label: "Inline Policies",
@@ -31,6 +42,7 @@ export default {
             "#59575c",
             "#59575c",
             "#59575c",
+            "#59575c",
           ]
         },
           {
@@ -42,6 +54,7 @@ export default {
               "#215ca0",
               "#215ca0",
               "#215ca0",
+              "#215ca0",
             ]
           },{
             label: "Customer-managed Policies",
@@ -52,6 +65,7 @@ export default {
               "#00857d",
               "#00857d",
               "#00857d",
+              "#00857d",
             ]
           }
           ]
 
@@ -1,6 +1,6 @@
 <template>
     <div>
-        <!--Alert for Risk Type: Privilege Escalation Exposure-->
+        <!--Alert boxes for different risks-->
         <div v-for="riskType in highRisksToDisplayAlertsFor" :key="riskType">
             <template v-if="findings(policyId, riskType).length > 0">
                 <div v-bind:class="'alert alert-' + getRiskAlertIndicatorColor(riskType) + ' popovers'" data-html="true" data-placement="top"
@@ -31,9 +31,11 @@
     const managedPoliciesUtil = require('../../util/managed-policies');
 
     var highRisksToDisplayAlertsFor = [
-        "PrivilegeEscalation",
+        "CredentialsExposure",
         "DataExfiltration",
-        "ResourceExposure"
+        "ResourceExposure",
+        "ServiceWildcard",
+        "PrivilegeEscalation",
     ]
 
     export default {
 
@@ -1,17 +1,17 @@
 <template>
     <div>
         <div v-for="risk in riskDetailsToDisplay" :key="risk.risk_type">
-            <template v-show="findings(policyId, risk.risk_type).length > 0">
+            <template v-if="findings(policyId, risk.risk_type).length > 0">
                 <div class="card-header">
                 <a class="card-link" data-toggle="collapse"
-                   v-bind:data-parent="'#' + inlineOrManaged.toLowerCase() + '-policy' + '-' + policyId + '-' + 'card-details'"
-                   v-bind:href="'#' + inlineOrManaged.toLowerCase() + '-policy' + '-' + policyId + '-' + convertStringToKebabCase(risk.risk_type)"
+                   v-bind:data-parent="`#${inlineOrManaged.toLowerCase()}-policy-${policyId}-card-details`"
+                   v-bind:href="`#${inlineOrManaged.toLowerCase()}-policy-${policyId}-${convertStringToKebabCase(risk.risk_type)}`"
                 >{{ convertStringToSpaceCase(risk.risk_type) }}</a>
                 </div>
             </template>
-            <template v-show="findings(policyId, risk.risk_type).length > 0">
+            <template v-if="findings(policyId, risk.risk_type).length > 0">
                 <div class="panel-collapse collapse"
-                     v-bind:id="inlineOrManaged.toLowerCase() + '-policy' + '-' + policyId + '-' + convertStringToKebabCase(risk.risk_type)">
+                     v-bind:id="`${inlineOrManaged.toLowerCase()}-policy-${policyId}-${convertStringToKebabCase(risk.risk_type)}`">
                     <div class="card-body">
 <pre><code>
 {{ JSON.parse(JSON.stringify(findings(policyId, risk.risk_type), undefined, '\t')) }}
 
@@ -35,6 +35,7 @@
 <script>
     const principalsUtil = require('../../util/principals');
     const otherUtil = require('../../util/other');
+    const glossary = require('../../util/glossary');
 
     export default {
         name: "RisksPerPrincipal",
@@ -51,7 +52,13 @@
         },
         computed: {
             riskNames() {
-                return ["DataExfiltration", "ResourceExposure", "PrivilegeEscalation", "InfrastructureModification"]
+                let riskDetails = glossary.getRiskDetailsToDisplay();
+                let riskNameArray = riskDetails.map(function (risk) { return risk.risk_type; });
+                // console.log(`Risk names: ${riskNameArray}`);
+                riskNameArray.push("PrivilegeEscalation");
+                riskNameArray.sort();
+                return riskNameArray;
+                // return ["DataExfiltration", "ResourceExposure", "PrivilegeEscalation", "InfrastructureModification"]
             },
         },
         methods: {
@@ -62,18 +69,19 @@
                 return principalsUtil.getRiskAssociatedWithPrincipal(this.iam_data, principalName, principalType, riskType)
             },
             getRiskLevel: function (riskType) {
-                if (riskType === "DataExfiltration") {
-                    return "warning"
-                }
-                if (riskType === "PrivilegeEscalation") {
-                    return "danger"
-                }
-                if (riskType === "ResourceExposure") {
-                    return "warning"
-                }
-                if (riskType === "InfrastructureModification") {
-                    return "info"
-                }
+                return glossary.getRiskAlertIndicatorColor(riskType)
+                // if (riskType === "DataExfiltration") {
+                //     return "warning"
+                // }
+                // if (riskType === "PrivilegeEscalation") {
+                //     return "danger"
+                // }
+                // if (riskType === "ResourceExposure") {
+                //     return "warning"
+                // }
+                // if (riskType === "InfrastructureModification") {
+                //     return "info"
+                // }
             },
             addSpacesInPascalCaseString: function (s) {
                 return otherUtil.addSpacesInPascalCaseString(s)
 
@@ -2,46 +2,52 @@ const privilegeEscalationDefinition = '<p>These policies allow a combination of
 const dataExfiltrationDefinition = '<div style="text-align:left"><p>Policies with Data Exfiltration potential allow certain read-only IAM actions without resource constraints, such as <code>s3:GetObject</code>, <code>ssm:GetParameter*</code>, or <code>secretsmanager:GetSecretValue</code>. <br> <ul> <li>Unrestricted <code>s3:GetObject</code> permissions has a long history of customer data leaks.</li> <li><code>ssm:GetParameter*</code> and <code>secretsmanager:GetSecretValue</code> are both used to access secrets.</li> <li><code>rds:CopyDBSnapshot</code> and <code>rds:CreateDBSnapshot</code> can be used to exfiltrate RDS database contents.</li> </ul></p></div>'
 const resourceExposureDefinition = '<p>Resource Exposure actions allow modification of Permissions to <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_identity-vs-resource.html">resource-based policies</a> or otherwise can expose AWS resources to the public via similar actions that can lead to resource exposure - for example, the ability to modify <a href="https://docs.aws.amazon.com/ram/latest/userguide/what-is.html">AWS Resource Access Manager</a>.</p>'
 const assumableByComputeServiceDefinition = '<p>IAM Roles can be assumed by AWS Compute Services (such as EC2, ECS, EKS, or Lambda) can present greater risk than user-defined roles, especially if the AWS Compute service is on an instance that is directly or indirectly exposed to the internet. Flagging these roles is particularly useful to penetration testers (or attackers) under certain scenarios.<br>For example, if an attacker obtains privileges to execute <code>ssm:SendCommand</code> and there are privileged EC2 instances with the SSM agent installed, they can effectively have the privileges of those EC2 instances.</p>'
+const credentialsExposureDefinition = '<p>Credentials Exposure actions return credentials as part of the API response , such as ecr:GetAuthorizationToken, iam:UpdateAccessKey, and others. The full list is maintained here: https://gist.github.com/kmcquade/33860a617e651104d243c324ddf7992a</p>'
+const serviceWildcardDefinition = '<p>"Service Wildcard" is the unofficial way of referring to IAM policy statements that grant access to ALL actions under a service - like s3:*. Prioritizing the remediation of policies with this characteristic can help to efficiently reduce the total count of issues in the Cloudsplaining report.</p>'
 
 let riskDefinitions = {
     PrivilegeEscalation: privilegeEscalationDefinition,
     DataExfiltration: dataExfiltrationDefinition,
     ResourceExposure: resourceExposureDefinition,
     AssumableByComputeService: assumableByComputeServiceDefinition,
+    CredentialsExposure: credentialsExposureDefinition,
+    ServiceWildcard: serviceWildcardDefinition,
 }
 
 let riskAlertIndicatorColors = {
     PrivilegeEscalation: 'danger',
     DataExfiltration: 'warning',
     ResourceExposure: 'danger',
     AssumableByComputeService: 'info',
+    CredentialsExposure: 'secondary',
+    ServiceWildcard: 'primary',
 }
 
 let riskDetailsToDisplay = [
     // {
     //     risk_type: "PrivilegeEscalation",
     //     explanation: "Explanation!"
     // },
+    {
+        risk_type: "CredentialsExposure",
+        explanation: "Explanation!"
+    },
     {
         risk_type: "DataExfiltration",
         explanation: "Explanation!"
     },
-        {
+    {
         risk_type: "ResourceExposure",
         explanation: "Explanation!"
     },
-        {
+    {
+        risk_type: "ServiceWildcard",
+        explanation: "Explanation!"
+    },
+    {
         risk_type: "InfrastructureModification",
         explanation: "Explanation!"
     },
-    // {
-    //     risk_type: "CredentialsExposure",
-    //     explanation: "Explanation!"
-    // },
-    // {
-    //     risk_type: "ServiceStar",
-    //     explanation: "Explanation!"
-    // }
 ]
 
 function getRiskDefinition(riskType) {