x4v13r64
commented
4 years ago Closed yangsec888 closed 3 years ago
x4v13r64
commented
4 years ago 
yangsec888
commented
4 years ago Xavier, thank you for accepting the issue. One more question, how can I contribute the code? I'm trying to following the direction below but get bounce out creating the branch: https://github.com/nccgroup/ScoutSuite/blob/master/CONTRIBUTING.md scoutsuite@nccgroup.com
On Fri, Oct 16, 2020 at 3:11 AM Xavier Garceau-Aranda < notifications@github.com> wrote:
Any particular checks you'd like to see implemented?
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/nccgroup/ScoutSuite/issues/898#issuecomment-709868003, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAY7UWYTXPUIBOKOIFAHIPTSK7WY5ANCNFSM4SSSGDJQ .
x4v13r64
commented
4 years ago I'm trying to following the direction below but get bounce out creating the branch
I've added you to the project. Once you've accepted the invitation (GitHub will email you) you should be able to create a branch.
x4v13r64
commented
4 years ago @yangsec888 https://github.com/nccgroup/ScoutSuite/pull/904 is now merged. Are there specific rules you're looking to implement?
yangsec888
commented
3 years ago @j4v Hi Xavier sorry for the delay I was pulled out for some other migration project at my work. Here are the 2 rules I created
File cloudfront-distribution-insecure-origin.json:
{
"description": "CloudFront Insecure Content Distribution - Insecure Custom Origin Policy ",
"rationale": "Distributing insecure content between AWS CloudFront distributions and their custom origins, without using AWS encryption solutions. (Depends on the content data classification, this could be false-positive finding.)",
"references": [
"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-customoriginconfig.html"
],
"dashboard_name": "Distributions",
"path": "cloudfront.distributions.id",
"conditions": [
"and",
[
"cloudfront.distributions.id.origins",
"containString",
"http-only"
]
]
}File cloudfront-distribution-insufficient-viewer-security.json:
{
"description": "CloudFront Insecure Content Distribution - Insufficient Viewer Security Policy ",
"rationale": "Distributing insecure content to the Internet viewers (browsers), without using AWS encryption solutions; or using an encyption standard prior to TLSv1.1. So that the content data may be easily sniffed when in transit. (Depends on the content data classification, this could be false-positive finding.)",
"references": [
"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-viewercertificate.html"
],
"dashboard_name": "Distributions",
"path": "cloudfront.distributions.id",
"conditions": [
"or",
[
"this",
"withoutKey",
"view_certificate" ],
[
"cloudfront.distributions.id.view_certificate.MinimumProtocolVersion.",
"containNoneOf",
[
"TLSv1.1",
"TLSv1.1_2016",
"TLSv1.2_2018",
"TLSv1.2_2019"
]
]
]
}Looks good to me, if you open another PR I'll test it out and merge.
Just saw the opened PR, will review ASAP.
You don't need to worry about formatting as we run https://github.com/nccgroup/ScoutSuite/tree/master/tools#format_findingspy once in a while.
x4v13r64
commented
3 years ago Closing as this is now in develop. @yangsec888 as I mentioned in the PR, if you can double check the finding rationales that would be great.
The CloudFront service is very popular. It would be helpful if ScoutSuite can capture those assets. That might provide the complete pictures of the website. It would also help fast check on any insecure distribution of sensitive contents later on.