Merge pull request duo-labs#513 from 0xdabbad00/fix_mute

Fix mute
m4maker · Aug 7, 2019 · a9f0dc7 · a9f0dc7
2 parents 00a98a4 + b7c7e15
commit a9f0dc7
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 6 deletions.
diff --git a/commands/collect.py b/commands/collect.py
@@ -146,6 +146,18 @@ def call_function(outputfile, handler, method_to_call, parameters, check, summar
             and call_summary["action"] == "get_policy"
         ):
             print("  - No policy exists")
+        elif (
+            "AccessDeniedException" in str(e)
+            and call_summary["service"] == "kms"
+            and call_summary["action"] == "list_key_policies"
+        ):
+            print("  - Denied, which should mean this KMS has restricted access")
+        elif (
+            "AccessDeniedException" in str(e)
+            and call_summary["service"] == "kms"
+            and call_summary["action"] == "get_key_rotation_status"
+        ):
+            print("  - Denied, which should mean this KMS has restricted access")
         else:
             print("ClientError: {}".format(e), flush=True)
             call_summary["exception"] = e

diff --git a/commands/report.py b/commands/report.py
@@ -52,8 +52,8 @@
     {"name": "Medium", "color": "rgba(252, 209, 83, 1)"},  # Orange
     {"name": "Low", "color": "rgba(255, 255, 102, 1)"},  # Yellow
     {"name": "Info", "color": "rgba(154, 214, 156, 1)"},  # Green
-    {"name": "Verbose", "color": "rgba(133, 163, 198, 1)"},
-]  # Blue
+    {"name": "Verbose", "color": "rgba(133, 163, 198, 1)"},  # Blue
+] 
 
 ACTIVE_COLOR = "rgb(139, 214, 140)"
 BAD_COLOR = "rgb(204, 120, 120)"
@@ -300,9 +300,17 @@ def report(accounts, config, args):
 
     print("* Auditing accounts")
     findings = audit(accounts)
-
     audit_config = load_audit_config()
 
+    # Filter findings
+    tmp_findings = []
+    for finding in findings:
+        conf = audit_config[finding.issue_id]
+        if finding_is_filtered(finding, conf):
+            continue
+        tmp_findings.append(finding)
+    findings = tmp_findings
+
     t["findings_severity_by_account_chart"] = []
 
     # Figure out the counts of findings for each account
@@ -317,8 +325,6 @@ def report(accounts, config, args):
         # Filtering the list of findings down to the ones specific to the current account.
         for finding in [f for f in findings if f.account_name == account["name"]]:
             conf = audit_config[finding.issue_id]
-            if finding_is_filtered(finding, conf):
-                continue
 
             count = findings_severity_by_account[finding.account_name][
                 conf["severity"]
@@ -352,11 +358,11 @@ def report(accounts, config, args):
         t["severities"][severity["name"]] = {}
     for finding in findings:
         conf = audit_config[finding.issue_id]
+
         t["severities"][conf["severity"]][finding.issue_id] = {
             "title": conf["title"],
             "id": finding.issue_id,
         }
-        # t['severities'][severity['name']] = severity_issue_list
 
     # Create chart for finding counts
     finding_type_set = {}