-
Notifications
You must be signed in to change notification settings - Fork 22
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #5 from DataDog/example-terratest-custom-aws-deton…
…ator Add an example using Terratest and the AWS detonator
- Loading branch information
Showing
7 changed files
with
1,248 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
This examples shows how to use Threatest with pre-requisite infrastructure spun up by | ||
[Terratest](https://terratest.gruntwork.io/). | ||
|
||
Note that when the attack technique you want to simulate is supported by Stratus Red Team, | ||
it is simpler to use the Stratus Red Team detonator. | ||
However, the AWS Detonator allows you to detonate arbitrary code using the AWS SDK, for reproducing custom or more advanced attack techniques. | ||
|
||
The AWS detonator injects the detonation UUID inside of the AWS SDK user-agent, allowing to | ||
correlate the alert with the detonation. | ||
|
||
In this test, we attempt to change the S3 bucket of a running CloudTrail trail, simulating | ||
an attacker who attempts to disrupt CloudTrail logging. | ||
|
||
You need Terraform installed to run this test. | ||
|
||
``` | ||
go test -v ./custom_aws_detonator_with_terratest_test.go | ||
``` |
45 changes: 45 additions & 0 deletions
45
examples/custom-aws-detonator-terratest/custom_aws_detonator_with_terratest_test.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
package examples | ||
|
||
import ( | ||
"context" | ||
"github.com/aws/aws-sdk-go-v2/aws" | ||
"github.com/aws/aws-sdk-go-v2/service/cloudtrail" | ||
. "github.com/datadog/threatest/pkg/threatest" | ||
. "github.com/datadog/threatest/pkg/threatest/detonators" | ||
. "github.com/datadog/threatest/pkg/threatest/matchers/datadog" | ||
"github.com/google/uuid" | ||
"github.com/stretchr/testify/assert" | ||
"time" | ||
|
||
"github.com/gruntwork-io/terratest/modules/terraform" | ||
"testing" | ||
) | ||
|
||
func TestCustomAWSDetonatorWithTerratest(t *testing.T) { | ||
// Step 1: Use terratest to spin up our pre-requisite infrastructure | ||
terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{ | ||
TerraformDir: "./terraform", | ||
}) | ||
defer terraform.Destroy(t, terraformOptions) | ||
terraform.InitAndApply(t, terraformOptions) | ||
trailName := terraform.Output(t, terraformOptions, "cloudtrail_trail_name") | ||
|
||
// Step 2: Test scenario | ||
threatest := Threatest() | ||
|
||
threatest.Scenario("stopping cloudtrail trail"). | ||
WhenDetonating(NewAWSDetonator(func(config aws.Config, _ uuid.UUID) error { | ||
// Threatest automatically injects the detonation UUID inside the AWS SDK user-agent | ||
// allowing to correlate the alert with the detonation | ||
cloudtrailClient := cloudtrail.NewFromConfig(config) | ||
cloudtrailClient.UpdateTrail(context.Background(), &cloudtrail.UpdateTrailInput{ | ||
Name: aws.String(trailName), | ||
S3BucketName: aws.String("nope"), | ||
}) | ||
return nil | ||
})). | ||
Expect(DatadogSecuritySignal("AWS CloudTrail configuration modified")). | ||
WithTimeout(15 * time.Minute) | ||
|
||
assert.NoError(t, threatest.Run()) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,122 @@ | ||
module github.com/datadog/threatest/examples/custom-aws-detonator-terratest | ||
|
||
require ( | ||
github.com/aws/aws-sdk-go-v2 v1.16.7 | ||
github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.13.0 | ||
github.com/datadog/threatest v0.0.0-20220727103622-b9af76ea2391 | ||
github.com/google/uuid v1.3.0 | ||
github.com/gruntwork-io/terratest v0.40.18 | ||
github.com/stretchr/testify v1.7.0 | ||
) | ||
|
||
require ( | ||
cloud.google.com/go v0.99.0 // indirect | ||
cloud.google.com/go/storage v1.14.0 // indirect | ||
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.0.0 // indirect | ||
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.0.0 // indirect | ||
github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 // indirect | ||
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute v1.0.0 // indirect | ||
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.0.0 // indirect | ||
github.com/AzureAD/microsoft-authentication-library-for-go v0.4.0 // indirect | ||
github.com/DataDog/datadog-api-client-go v1.14.0 // indirect | ||
github.com/agext/levenshtein v1.2.3 // indirect | ||
github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect | ||
github.com/aws/aws-sdk-go v1.40.56 // indirect | ||
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.1.0 // indirect | ||
github.com/aws/aws-sdk-go-v2/config v1.13.0 // indirect | ||
github.com/aws/aws-sdk-go-v2/credentials v1.8.0 // indirect | ||
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.10.0 // indirect | ||
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.14 // indirect | ||
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.8 // indirect | ||
github.com/aws/aws-sdk-go-v2/internal/ini v1.3.4 // indirect | ||
github.com/aws/aws-sdk-go-v2/service/ec2 v1.26.0 // indirect | ||
github.com/aws/aws-sdk-go-v2/service/iam v1.14.0 // indirect | ||
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.6.0 // indirect | ||
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.7.0 // indirect | ||
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.10.0 // indirect | ||
github.com/aws/aws-sdk-go-v2/service/lambda v1.17.0 // indirect | ||
github.com/aws/aws-sdk-go-v2/service/organizations v1.12.0 // indirect | ||
github.com/aws/aws-sdk-go-v2/service/rds v1.16.0 // indirect | ||
github.com/aws/aws-sdk-go-v2/service/rolesanywhere v1.0.0 // indirect | ||
github.com/aws/aws-sdk-go-v2/service/s3 v1.23.0 // indirect | ||
github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.13.0 // indirect | ||
github.com/aws/aws-sdk-go-v2/service/ssm v1.20.0 // indirect | ||
github.com/aws/aws-sdk-go-v2/service/sso v1.9.0 // indirect | ||
github.com/aws/aws-sdk-go-v2/service/sts v1.14.0 // indirect | ||
github.com/aws/smithy-go v1.12.0 // indirect | ||
github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect | ||
github.com/datadog/stratus-red-team/v2 v2.2.3 // indirect | ||
github.com/davecgh/go-spew v1.1.1 // indirect | ||
github.com/go-logr/logr v1.2.0 // indirect | ||
github.com/gogo/protobuf v1.3.2 // indirect | ||
github.com/golang-jwt/jwt v3.2.2+incompatible // indirect | ||
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect | ||
github.com/golang/protobuf v1.5.2 // indirect | ||
github.com/golang/snappy v0.0.4 // indirect | ||
github.com/google/go-cmp v0.5.8 // indirect | ||
github.com/google/gofuzz v1.1.0 // indirect | ||
github.com/googleapis/gax-go/v2 v2.1.1 // indirect | ||
github.com/googleapis/gnostic v0.5.5 // indirect | ||
github.com/hashicorp/errwrap v1.0.0 // indirect | ||
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect | ||
github.com/hashicorp/go-getter v1.6.1 // indirect | ||
github.com/hashicorp/go-multierror v1.1.1 // indirect | ||
github.com/hashicorp/go-safetemp v1.0.0 // indirect | ||
github.com/hashicorp/go-uuid v1.0.0 // indirect | ||
github.com/hashicorp/go-version v1.4.0 // indirect | ||
github.com/hashicorp/hc-install v0.3.2 // indirect | ||
github.com/hashicorp/hcl/v2 v2.9.1 // indirect | ||
github.com/hashicorp/terraform-exec v0.15.0 // indirect | ||
github.com/hashicorp/terraform-json v0.13.0 // indirect | ||
github.com/imdario/mergo v0.3.12 // indirect | ||
github.com/jinzhu/copier v0.0.0-20190924061706-b57f9002281a // indirect | ||
github.com/jmespath/go-jmespath v0.4.0 // indirect | ||
github.com/json-iterator/go v1.1.12 // indirect | ||
github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351 // indirect | ||
github.com/klauspost/compress v1.13.0 // indirect | ||
github.com/kylelemons/godebug v1.1.0 // indirect | ||
github.com/mattn/go-zglob v0.0.2-0.20190814121620-e3c945676326 // indirect | ||
github.com/mitchellh/go-homedir v1.1.0 // indirect | ||
github.com/mitchellh/go-testing-interface v1.0.0 // indirect | ||
github.com/mitchellh/go-wordwrap v1.0.1 // indirect | ||
github.com/moby/spdystream v0.2.0 // indirect | ||
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect | ||
github.com/modern-go/reflect2 v1.0.2 // indirect | ||
github.com/pkg/browser v0.0.0-20210115035449-ce105d075bb4 // indirect | ||
github.com/pmezard/go-difflib v1.0.0 // indirect | ||
github.com/spf13/pflag v1.0.5 // indirect | ||
github.com/tmccombs/hcl2json v0.3.3 // indirect | ||
github.com/ulikunitz/xz v0.5.8 // indirect | ||
github.com/zclconf/go-cty v1.9.1 // indirect | ||
go.opencensus.io v0.23.0 // indirect | ||
golang.org/x/crypto v0.0.0-20220511200225-c6db032c6c88 // indirect | ||
golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4 // indirect | ||
golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 // indirect | ||
golang.org/x/sys v0.0.0-20220517195934-5e4e11fc645e // indirect | ||
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect | ||
golang.org/x/text v0.3.7 // indirect | ||
golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac // indirect | ||
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect | ||
google.golang.org/api v0.63.0 // indirect | ||
google.golang.org/appengine v1.6.7 // indirect | ||
google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa // indirect | ||
google.golang.org/grpc v1.43.0 // indirect | ||
google.golang.org/protobuf v1.27.1 // indirect | ||
gopkg.in/alessio/shellescape.v1 v1.0.0-20170105083845-52074bc9df61 // indirect | ||
gopkg.in/inf.v0 v0.9.1 // indirect | ||
gopkg.in/yaml.v2 v2.4.0 // indirect | ||
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect | ||
k8s.io/api v0.23.3 // indirect | ||
k8s.io/apimachinery v0.23.3 // indirect | ||
k8s.io/client-go v0.23.3 // indirect | ||
k8s.io/klog/v2 v2.30.0 // indirect | ||
k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65 // indirect | ||
k8s.io/utils v0.0.0-20211116205334-6203023598ed // indirect | ||
sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6 // indirect | ||
sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect | ||
sigs.k8s.io/yaml v1.2.0 // indirect | ||
) | ||
|
||
replace github.com/datadog/threatest v0.0.0-20220727103622-b9af76ea2391 => ../../ | ||
|
||
go 1.18 |
Oops, something went wrong.