From 9f4680dfbaf2b5513627f97d79e247fb37599527 Mon Sep 17 00:00:00 2001 From: ad0nis Date: Tue, 7 May 2024 18:07:49 -0400 Subject: [PATCH 1/2] Added support for AWS accounts requiring a session token. --- .../TeamFiltration/Handlers/AWSHandler.cs | 22 ++++++++++++++----- .../Handlers/GlobalArgumentsHandler.cs | 2 +- .../Models/TeamFiltration/Config.cs | 3 ++- .../TeamFiltration/Modules/Database.cs | 2 +- TeamFiltrationConfig_Example.json | 1 + 5 files changed, 22 insertions(+), 8 deletions(-) diff --git a/TeamFiltration/TeamFiltration/Handlers/AWSHandler.cs b/TeamFiltration/TeamFiltration/Handlers/AWSHandler.cs index 5fba369..de2c157 100644 --- a/TeamFiltration/TeamFiltration/Handlers/AWSHandler.cs +++ b/TeamFiltration/TeamFiltration/Handlers/AWSHandler.cs @@ -17,11 +17,13 @@ public class AWSHandler private static GlobalArgumentsHandler _globalProperties { get; set; } private static DatabaseHandler _databaseHandler { get; set; } private static BasicAWSCredentials _basicAWSCredentials { get; set; } + private static SessionAWSCredentials _sessionAWSCredentials { get; set; } + private static AWSCredentials _AWSCredentials { get; set; } public async Task DeleteFireProxEndpoint(string fireProxId, string region) { - var amazonAPIGatewayClient = new AmazonAPIGatewayClient(_basicAWSCredentials, Amazon.RegionEndpoint.GetBySystemName(region)); + var amazonAPIGatewayClient = new AmazonAPIGatewayClient(_AWSCredentials, Amazon.RegionEndpoint.GetBySystemName(region)); Amazon.APIGateway.Model.DeleteRestApiResponse deleteRestApiResponse = await amazonAPIGatewayClient.DeleteRestApiAsync(new Amazon.APIGateway.Model.DeleteRestApiRequest() { RestApiId = fireProxId }); @@ -44,7 +46,7 @@ public async Task ListFireProxEndpoint() foreach (var item in _globalProperties.AWSRegions) { - var amazonAPIGatewayClient = new AmazonAPIGatewayClient(_basicAWSCredentials, Amazon.RegionEndpoint.GetBySystemName(item)); + var amazonAPIGatewayClient = new AmazonAPIGatewayClient(_AWSCredentials, Amazon.RegionEndpoint.GetBySystemName(item)); Amazon.APIGateway.Model.GetRestApisResponse getRestApisResponse = await amazonAPIGatewayClient.GetRestApisAsync(new Amazon.APIGateway.Model.GetRestApisRequest() { }); } @@ -52,7 +54,7 @@ public async Task ListFireProxEndpoint() */ public async Task<(Amazon.APIGateway.Model.CreateDeploymentRequest, Models.AWS.FireProxEndpoint)> CreateFireProxEndPoint(string url, string title, string region) { - var amazonAPIGatewayClient = new AmazonAPIGatewayClient(_basicAWSCredentials, Amazon.RegionEndpoint.GetBySystemName(region)); + var amazonAPIGatewayClient = new AmazonAPIGatewayClient(_AWSCredentials, Amazon.RegionEndpoint.GetBySystemName(region)); if (url.EndsWith('/')) url = url.Substring(0, url.Length - 1); @@ -198,17 +200,27 @@ public async Task ListFireProxEndpoint() return (createDeploymentRequest, fireproxEndpoint); } - public AWSHandler(string AWSAccessKey, string AWSSecretKey, DatabaseHandler databaseHandler) + public AWSHandler(string AWSAccessKey, string AWSSecretKey, string AWSSessionToken, DatabaseHandler databaseHandler) { _databaseHandler = databaseHandler; - if (!string.IsNullOrEmpty(AWSAccessKey) && !string.IsNullOrEmpty(AWSSecretKey)) + if (!string.IsNullOrEmpty(AWSAccessKey) && !string.IsNullOrEmpty(AWSSecretKey) && string.IsNullOrEmpty(AWSSessionToken)) { _basicAWSCredentials = new BasicAWSCredentials( AWSAccessKey, AWSSecretKey ); + _AWSCredentials = _basicAWSCredentials; + } + else if (!string.IsNullOrEmpty(AWSAccessKey) && !string.IsNullOrEmpty(AWSSecretKey) && !string.IsNullOrEmpty(AWSSessionToken)) + { + _sessionAWSCredentials = new SessionAWSCredentials( + AWSAccessKey, + AWSSecretKey, + AWSSessionToken + ); + _AWSCredentials = _sessionAWSCredentials; } } diff --git a/TeamFiltration/TeamFiltration/Handlers/GlobalArgumentsHandler.cs b/TeamFiltration/TeamFiltration/Handlers/GlobalArgumentsHandler.cs index eac6138..4515a23 100644 --- a/TeamFiltration/TeamFiltration/Handlers/GlobalArgumentsHandler.cs +++ b/TeamFiltration/TeamFiltration/Handlers/GlobalArgumentsHandler.cs @@ -117,7 +117,7 @@ public GlobalArgumentsHandler(string[] args, DatabaseHandler databaseHandler, bo //Do AWS FireProx generation checks if (!string.IsNullOrEmpty(TeamFiltrationConfig?.AWSSecretKey) && !string.IsNullOrEmpty(TeamFiltrationConfig?.AWSAccessKey)) { - _awsHandler = new AWSHandler(this.TeamFiltrationConfig.AWSAccessKey, this.TeamFiltrationConfig.AWSSecretKey, databaseHandler); + _awsHandler = new AWSHandler(this.TeamFiltrationConfig.AWSAccessKey, this.TeamFiltrationConfig.AWSSecretKey, this.TeamFiltrationConfig.AWSSessionToken, databaseHandler); } diff --git a/TeamFiltration/TeamFiltration/Models/TeamFiltration/Config.cs b/TeamFiltration/TeamFiltration/Models/TeamFiltration/Config.cs index 6808335..3b80942 100644 --- a/TeamFiltration/TeamFiltration/Models/TeamFiltration/Config.cs +++ b/TeamFiltration/TeamFiltration/Models/TeamFiltration/Config.cs @@ -18,8 +18,9 @@ public class Config { public string proxyEndpoint { get; set; } public string AWSAccessKey { get; set; } public string AWSSecretKey { get; set; } + public string AWSSessionToken { get; set; } + - public string UserAgent { get; set; } public List AwsRegions { get; set; } diff --git a/TeamFiltration/TeamFiltration/Modules/Database.cs b/TeamFiltration/TeamFiltration/Modules/Database.cs index 9f8b08a..47cb72a 100644 --- a/TeamFiltration/TeamFiltration/Modules/Database.cs +++ b/TeamFiltration/TeamFiltration/Modules/Database.cs @@ -201,7 +201,7 @@ public static void DatabaseStart(string[] args) } if (string.IsNullOrEmpty(_globalProperties.TeamFiltrationConfig?.AWSAccessKey) || string.IsNullOrEmpty(_globalProperties.TeamFiltrationConfig?.AWSSecretKey)) { - Console.WriteLine("[!] Missing AWSAccessKey and/or AWSSecretKey, must be provided in the configuration file using '--config'"); + Console.WriteLine("[!] Missing AWSAccessKey, AWSSecretKey, and/or AWSSessionToken, must be provided in the configuration file using '--config'"); Environment.Exit(0); } diff --git a/TeamFiltrationConfig_Example.json b/TeamFiltrationConfig_Example.json index 0b83391..8e8aa53 100644 --- a/TeamFiltrationConfig_Example.json +++ b/TeamFiltrationConfig_Example.json @@ -8,6 +8,7 @@ "proxyEndpoint": "http://127.0.0.1:8080", "AWSAccessKey": "", "AWSSecretKey": "", + "AWSSessionToken: "", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Teams/1.3.00.30866 Chrome/80.0.3987.165 Electron/8.5.1 Safari/537.36", "AwsRegions":["us-east-1", "us-west-1", "us-west-2", "ca-central-1", "eu-central-1", "eu-west-1", "eu-west-2", "eu-west-3", "eu-north-1"] } \ No newline at end of file From 68ffba65ab9ff42cbf3a350e178c2de2c8bfeef4 Mon Sep 17 00:00:00 2001 From: ad0nis Date: Tue, 7 May 2024 18:11:29 -0400 Subject: [PATCH 2/2] Added missing double-quote. --- TeamFiltrationConfig_Example.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TeamFiltrationConfig_Example.json b/TeamFiltrationConfig_Example.json index 8e8aa53..60db347 100644 --- a/TeamFiltrationConfig_Example.json +++ b/TeamFiltrationConfig_Example.json @@ -8,7 +8,7 @@ "proxyEndpoint": "http://127.0.0.1:8080", "AWSAccessKey": "", "AWSSecretKey": "", - "AWSSessionToken: "", + "AWSSessionToken": "", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Teams/1.3.00.30866 Chrome/80.0.3987.165 Electron/8.5.1 Safari/537.36", "AwsRegions":["us-east-1", "us-west-1", "us-west-2", "ca-central-1", "eu-central-1", "eu-west-1", "eu-west-2", "eu-west-3", "eu-north-1"] } \ No newline at end of file