Merge pull request #1453 from nccgroup/develop

Release v5.12.0

Author: fernando-gallego

.gitignore

@@ -51,7 +51,7 @@ inc-scoutsuite-run*
 report-*
 *.db
 
-# PyCharm
+# IntelliJ files
 .idea/
 *.iml
 
@@ -73,4 +73,4 @@ report-*
 #Profiling output
 *.prof
 
-!docker/bin
+!docker/bin

ScoutSuite/__init__.py

@@ -1,5 +1,5 @@
 __author__ = 'NCC Group'
-__version__ = '5.11.0'
+__version__ = '5.12.0'
 
 ERRORS_LIST = []
 

ScoutSuite/__main__.py

@@ -1,5 +1,4 @@
 import asyncio
-import copy
 import os
 import webbrowser
 

ScoutSuite/core/cli_parser.py

@@ -392,14 +392,16 @@ def parse_args(self, args=None):
                                   'and Secret Access Key.')
         # Azure
         elif v.get('provider') == 'azure':
-            if v.get('tenant_id') and not (v.get('service_principal') or v.get('user_account_browser')):
-                self.parser.error('--tenant can only be set when using --user-account-browser or --service-principal authentication')
+            if v.get('tenant_id') and not (v.get('service_principal') or v.get('user_account_browser') or v.get('user_account')):
+                self.parser.error('--tenant can only be set when using --user-account-browser or --user-account or '
+                                  '--service-principal authentication')
             if v.get('service_principal') and not v.get('tenant_id'):
                 self.parser.error('You must provide --tenant when using --service-principal authentication')
             if v.get('user_account_browser') and not v.get('tenant_id'):
                 self.parser.error('You must provide --tenant when using --user-account-browser authentication')
+            if v.get('user_account') and not v.get('tenant_id'):
+                self.parser.error('You must provide --tenant when using --user-account authentication')
             if v.get('subscription_ids') and v.get('all_subscriptions'):
                 self.parser.error('--subscription-ids and --all-subscriptions are mutually exclusive options')
 
         return args
-

ScoutSuite/core/conditions.py

@@ -3,6 +3,7 @@
 import json
 import netaddr
 import re
+import ipaddress
 
 from policyuniverse.expander_minimizer import get_actions_from_statement, _expand_wildcard_action
 
@@ -221,6 +222,12 @@ def pass_condition(b, test, a):
                 break
     elif test == 'notInSubnets':
         result = (not pass_condition(b, 'inSubnets', a))
+    elif test == 'isSubnetRange':
+        result = not ipaddress.ip_network(b, strict=False).exploded.endswith("/32")
+    elif test == 'isPrivateSubnet':
+        result = ipaddress.ip_network(b, strict=False).is_private
+    elif test == 'isPublicSubnet':
+        result = not ipaddress.ip_network(b, strict=False).is_private
 
     # Port/port ranges tests
     elif test == 'portsInPortList':

ScoutSuite/core/console.py

@@ -40,6 +40,7 @@ class HostnameFilter(logging.Filter):
             def filter(self, record):
                 record.hostname = HostnameFilter.hostname
                 return True
+
         # create file handler which logs messages
         fh = logging.FileHandler(output_file_path, 'w+')
         # Add filter to add hostname information
@@ -60,6 +61,10 @@ def print_generic(msg):
     logger.info(msg)
 
 
+def print_info(msg):
+    print_generic(msg)
+
+
 def print_debug(msg):
     logger.debug(msg)
 
@@ -68,6 +73,10 @@ def print_error(msg):
     logger.error(msg)
 
 
+def print_warning(msg):
+    logger.warning(msg)
+
+
 def print_exception(exception, additional_details=None):
     try:
         exc = True
@@ -101,10 +110,6 @@ def print_exception(exception, additional_details=None):
                         'additional_details': additional_details})
 
 
-def print_info(msg):
-    print_generic(msg)
-
-
 ########################################
 # Prompt functions
 ########################################