From a1dbfafd477015cb6b9ffa5f8e46cc91fd002f77 Mon Sep 17 00:00:00 2001 From: jinyoungmoonDEV Date: Tue, 3 Dec 2024 14:36:30 +0900 Subject: [PATCH] fix: fix vulnerable_ports method --- .../manager/ec2/security_group_manager.py | 36 +++++++++++++++---- 1 file changed, 29 insertions(+), 7 deletions(-) diff --git a/src/plugin/manager/ec2/security_group_manager.py b/src/plugin/manager/ec2/security_group_manager.py index 063fac1..bfdb93e 100644 --- a/src/plugin/manager/ec2/security_group_manager.py +++ b/src/plugin/manager/ec2/security_group_manager.py @@ -303,18 +303,40 @@ def get_instance_name_from_tags(instance): @staticmethod def _get_vulnerable_ports(protocol_display: str, raw_rule: dict, vulnerable_ports: str): - try: - ports = [int(port.strip()) for port in vulnerable_ports.split(',')] + # try: + # ports = [int(port.strip()) for port in vulnerable_ports.split(',')] + # + # if protocol_display == "ALL": + # return ports + # + # to_port = raw_rule.get("ToPort") + # from_port = raw_rule.get("FromPort") + # + # if to_port is None or from_port is None: + # return None + # + # filtered_ports = [str(port) for port in ports if from_port <= port <= to_port] + # + # return filtered_ports if filtered_ports else None + # except ValueError: + # raise ERROR_VULNERABLE_PORTS(vulnerable_ports) - if protocol_display == "ALL": - return ports + try: + ports = [] to_port = raw_rule.get("ToPort") from_port = raw_rule.get("FromPort") - if to_port is None or from_port is None: - return [] + if protocol_display != "ALL" and (to_port is None or from_port is None): + return None + + for port in vulnerable_ports.split(","): + target_port = int(port) - return [port for port in ports if from_port <= port <= to_port] + if protocol_display == "ALL": + ports.append(port) + elif from_port <= target_port <= to_port: + ports.append(port) + return ports if ports else None except ValueError: raise ERROR_VULNERABLE_PORTS(vulnerable_ports)