Add support for AWS keys requiring session tokens

TeamFiltration/TeamFiltration/Handlers/AWSHandler.cs

@@ -17,11 +17,13 @@ public class AWSHandler
         private static GlobalArgumentsHandler _globalProperties { get; set; }
         private static DatabaseHandler _databaseHandler { get; set; }
         private static BasicAWSCredentials _basicAWSCredentials { get; set; }
+        private static SessionAWSCredentials _sessionAWSCredentials { get; set; }
+        private static AWSCredentials _AWSCredentials { get; set; }
 
 
         public async Task<bool> DeleteFireProxEndpoint(string fireProxId, string region)
         {
-            var amazonAPIGatewayClient = new AmazonAPIGatewayClient(_basicAWSCredentials, Amazon.RegionEndpoint.GetBySystemName(region));
+            var amazonAPIGatewayClient = new AmazonAPIGatewayClient(_AWSCredentials, Amazon.RegionEndpoint.GetBySystemName(region));
 
             Amazon.APIGateway.Model.DeleteRestApiResponse deleteRestApiResponse = await amazonAPIGatewayClient.DeleteRestApiAsync(new Amazon.APIGateway.Model.DeleteRestApiRequest() { RestApiId = fireProxId });
 
@@ -44,15 +46,15 @@ public async Task ListFireProxEndpoint()
 
             foreach (var item in _globalProperties.AWSRegions)
             {
-                var amazonAPIGatewayClient = new AmazonAPIGatewayClient(_basicAWSCredentials, Amazon.RegionEndpoint.GetBySystemName(item));
+                var amazonAPIGatewayClient = new AmazonAPIGatewayClient(_AWSCredentials, Amazon.RegionEndpoint.GetBySystemName(item));
 
                 Amazon.APIGateway.Model.GetRestApisResponse getRestApisResponse = await amazonAPIGatewayClient.GetRestApisAsync(new Amazon.APIGateway.Model.GetRestApisRequest() { });
             }
         }
         */
         public async Task<(Amazon.APIGateway.Model.CreateDeploymentRequest, Models.AWS.FireProxEndpoint)> CreateFireProxEndPoint(string url, string title, string region)
         {
-            var amazonAPIGatewayClient = new AmazonAPIGatewayClient(_basicAWSCredentials, Amazon.RegionEndpoint.GetBySystemName(region));
+            var amazonAPIGatewayClient = new AmazonAPIGatewayClient(_AWSCredentials, Amazon.RegionEndpoint.GetBySystemName(region));
 
             if (url.EndsWith('/'))
                 url = url.Substring(0, url.Length - 1);
@@ -198,17 +200,27 @@ public async Task ListFireProxEndpoint()
             return (createDeploymentRequest, fireproxEndpoint);
         }
 
-        public AWSHandler(string AWSAccessKey, string AWSSecretKey, DatabaseHandler databaseHandler)
+        public AWSHandler(string AWSAccessKey, string AWSSecretKey, string AWSSessionToken, DatabaseHandler databaseHandler)
         {
             _databaseHandler = databaseHandler;
 
-            if (!string.IsNullOrEmpty(AWSAccessKey) && !string.IsNullOrEmpty(AWSSecretKey))
+            if (!string.IsNullOrEmpty(AWSAccessKey) && !string.IsNullOrEmpty(AWSSecretKey) && string.IsNullOrEmpty(AWSSessionToken))
             {
 
                 _basicAWSCredentials = new BasicAWSCredentials(
                     AWSAccessKey,
                     AWSSecretKey
                     );
+                _AWSCredentials = _basicAWSCredentials;
+            }
+            else if (!string.IsNullOrEmpty(AWSAccessKey) && !string.IsNullOrEmpty(AWSSecretKey) && !string.IsNullOrEmpty(AWSSessionToken))
+            {
+                _sessionAWSCredentials = new SessionAWSCredentials(
+                    AWSAccessKey,
+                    AWSSecretKey,
+                    AWSSessionToken
+                    );
+                _AWSCredentials = _sessionAWSCredentials;
             }
 
         }

TeamFiltration/TeamFiltration/Handlers/GlobalArgumentsHandler.cs

@@ -117,7 +117,7 @@ public GlobalArgumentsHandler(string[] args, DatabaseHandler databaseHandler, bo
             //Do AWS FireProx generation checks
             if (!string.IsNullOrEmpty(TeamFiltrationConfig?.AWSSecretKey) && !string.IsNullOrEmpty(TeamFiltrationConfig?.AWSAccessKey))
             {
-                _awsHandler = new AWSHandler(this.TeamFiltrationConfig.AWSAccessKey, this.TeamFiltrationConfig.AWSSecretKey, databaseHandler);
+                _awsHandler = new AWSHandler(this.TeamFiltrationConfig.AWSAccessKey, this.TeamFiltrationConfig.AWSSecretKey, this.TeamFiltrationConfig.AWSSessionToken, databaseHandler);
 
             }
 

TeamFiltration/TeamFiltration/Models/TeamFiltration/Config.cs

@@ -18,8 +18,9 @@ public class Config {
         public string proxyEndpoint { get; set; }
         public string AWSAccessKey { get; set; }
         public string AWSSecretKey { get; set; }
+        public string AWSSessionToken { get; set; }
+
 
-
         public string UserAgent { get; set; } 
         public List<string> AwsRegions { get; set; } 
 

TeamFiltration/TeamFiltration/Modules/Database.cs

@@ -201,7 +201,7 @@ public static void DatabaseStart(string[] args)
                         }
                         if (string.IsNullOrEmpty(_globalProperties.TeamFiltrationConfig?.AWSAccessKey) || string.IsNullOrEmpty(_globalProperties.TeamFiltrationConfig?.AWSSecretKey))
                         {
-                            Console.WriteLine("[!] Missing AWSAccessKey and/or AWSSecretKey, must be provided in the configuration file using '--config'");
+                            Console.WriteLine("[!] Missing AWSAccessKey, AWSSecretKey, and/or AWSSessionToken, must be provided in the configuration file using '--config'");
                             Environment.Exit(0);
                         }
 

TeamFiltrationConfig_Example.json

@@ -8,6 +8,7 @@
     "proxyEndpoint": "http://127.0.0.1:8080",
     "AWSAccessKey": "",
     "AWSSecretKey": "",
+    "AWSSessionToken": "",
 	"UserAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Teams/1.3.00.30866 Chrome/80.0.3987.165 Electron/8.5.1 Safari/537.36",
     "AwsRegions":["us-east-1", "us-west-1", "us-west-2", "ca-central-1", "eu-central-1", "eu-west-1", "eu-west-2", "eu-west-3", "eu-north-1"]
   }