Rust AWS Inspector2集成库aws-sdk-inspector2的使用,实现云端安全漏洞扫描与管理

Rust AWS Inspector2集成库aws-sdk-inspector2的使用,实现云端安全漏洞扫描与管理

Amazon Inspector是一项漏洞发现服务,可自动连续扫描您的Amazon EC2、Amazon ECR和Amazon Web Services Lambda环境中的安全漏洞。

开始使用

SDK为每个AWS服务提供一个crate。您必须在Rust项目中添加Tokio作为依赖项以执行异步代码。要将aws-sdk-inspector2添加到您的项目中,请在Cargo.toml文件中添加以下内容:

[dependencies]
aws-config = { version = "1.1.7", features = ["behavior-version-latest"] }
aws-sdk-inspector2 = "1.88.0"
tokio = { version = "1", features = ["full"] }

然后在代码中,可以创建以下客户端:

use aws_sdk_inspector2 as inspector2;

#[::tokio::main]
async fn main() -> Result<(), inspector2::Error> {
    let config = aws_config::load_from_env().await;
    let client = aws_sdk_inspector2::Client::new(&config);

    // ... 使用客户端进行调用

    Ok(())
}

完整示例

以下是一个完整的示例,展示如何使用aws-sdk-inspector2进行漏洞扫描和管理:

use aws_sdk_inspector2 as inspector2;
use inspector2::types::{Filter, FilterCriteria};

#[tokio::main]
async fn main() -> Result<(), inspector2::Error> {
    // 加载AWS配置
    let config = aws_config::load_from_env().await;
    let client = inspector2::Client::new(&config);

    // 创建过滤器来查找高严重性漏洞
    let filter = Filter::builder()
        .action("HIGH")
        .name("severity")
        .build();
    
    let criteria = FilterCriteria::builder()
        .filters(filter)
        .build();

    // 列出所有符合标准的发现结果
    let findings = client.list_findings()
        .filter_criteria(criteria)
        .send()
        .await?;

    println!("找到的高严重性漏洞:");
    if let Some(finding_arns) = findings.finding_arns {
        for arn in finding_arns {
            println!("{}", arn);
            
            // 获取漏洞详情
            let finding = client.batch_get_findings()
                .finding_arns(arn)
                .send()
                .await?;
            
            if let Some(found_findings) = finding.findings {
                for finding in found_findings {
                    println!("标题: {}", finding.title.unwrap_or_default());
                    println!("描述: {}", finding.description.unwrap_or_default());
                    println!("严重性: {}", finding.severity.unwrap_or_default());
                    println!("资源类型: {}", finding.resource_type.unwrap_or_default());
                    println!("--------------------");
                }
            }
        }
    } else {
        println!("未找到高严重性漏洞");
    }

    Ok(())
}

更多完整示例

以下是一个扩展的完整示例,展示更多AWS Inspector2的功能:

use aws_sdk_inspector2 as inspector2;
use inspector2::types::{Filter, FilterCriteria, ResourceScanType};

#[tokio::main]
async fn main() -> Result<(), inspector2::Error> {
    // 加载AWS配置
    let config = aws_config::load_from_env().await;
    let client = inspector2::Client::new(&config);

    // 示例1: 列出所有账户的扫描状态
    let status = client.list_account_statuses()
        .send()
        .await?;
    
    println!("账户扫描状态:");
    if let Some(accounts) = status.accounts {
        for account in accounts {
            println!("账户ID: {}, 状态: {}", 
                account.account_id.unwrap_or_default(),
                account.state.unwrap_or_default()
            );
        }
    }

    // 示例2: 启用EC2和ECR扫描
    let enable_scan = client.enable()
        .resource_types(ResourceScanType::Ec2)
        .resource_types(ResourceScanType::Ecr)
        .send()
        .await?;
    
    println!("扫描启用状态: {:?}", enable_scan.accounts);

    // 示例3: 创建复合过滤器
    let filter1 = Filter::builder()
        .action("HIGH")
        .name("severity")
        .build();
    
    let filter2 = Filter::builder()
        .action("EC2")
        .name("resourceType")
        .build();
    
    let criteria = FilterCriteria::builder()
        .filters(filter1)
        .filters(filter2)
        .build();

    // 列出所有高严重性的EC2漏洞
    let ec2_findings = client.list_findings()
        .filter_criteria(criteria)
        .send()
        .await?;

    println!("找到的EC2高严重性漏洞:");
    if let Some(finding_arns) = ec2_findings.finding_arns {
        for arn in finding_arns {
            println!("ARN: {}", arn);
        }
    }

    Ok(())
}

许可证

该项目采用Apache-2.0许可证。


1 回复

Rust AWS Inspector2集成库aws-sdk-inspector2的使用指南

AWS Inspector2是AWS提供的自动化安全漏洞评估服务,可以帮助识别EC2实例、容器镜像和Lambda函数中的安全漏洞。Rust的aws-sdk-inspector2库提供了与这项服务的编程接口。

安装与配置

首先在Cargo.toml中添加依赖:

[dependencies]
aws-sdk-inspector2 = "0.24"
tokio = { version = "1", features = ["full"] }

基本使用方法

1. 创建客户端

use aws_sdk_inspector2::Client;

async fn create_client() -> Client {
    let config = aws_config::load_from_env().await;
    Client::new(&config)
}

2. 列出所有发现项

use aws_sdk_inspector2::model::FilterCriteria;

async fn list_findings(client: &Client) -> Result<(), aws_sdk_inspector2::Error> {
    let response = client
        .list_findings()
        .filter_criteria(
            FilterCriteria::builder()
                .severity("HIGH")  // 只查看高严重性发现
                .build()
        )
        .send()
        .await?;

    for finding in response.finding_arns.unwrap_or_default() {
        println!("Finding ARN: {}", finding);
    }

    Ok(())
}

3. 获取发现项详情

async fn get_finding_detail(client: &Client, finding_arn: &str) {
    let response = client
        .batch_get_findings()
        .set_finding_arns(Some(vec![finding_arn.to_string()]))
        .send()
        .await
        .unwrap();

    if let Some(findings) = response.findings {
        for finding in findings {
            println!("Title: {}", finding.title.unwrap_or_default());
            println!("Severity: {}", finding.severity.unwrap_or_default());
            println!("Description: {}", finding.description.unwrap_or_default());
        }
    }
}

高级功能示例

1. 启用资源扫描

async fn enable_scanning(client: &Client, resource_types: Vec<&str>) {
    let response = client
        .enable()
        .set_resource_types(Some(
            resource_types.into_iter().map(|s| s.to_string()).collect()
        ))
        .send()
        .await
        .unwrap();

    println!("Enable response: {:?}", response);
}

2. 创建自定义评估目标

use aws_sdk_inspector2::model::{AssessmentTarget, ResourceGroupTag};

async fn create_assessment_target(client: &Client, target_name: &str) {
    let response = client
        .create_assessment_target()
        .assessment_target_name(target_name)
        .resource_group_arn("arn:aws:resource-groups:us-west-2:123456789012:group/MyResourceGroup")
        .send()
        .await
        .unwrap();

    println!("Created assessment target ARN: {}", response.assessment_target_arn.unwrap());
}

完整示例代码

use aws_sdk_inspector2::{Client, Error};
use aws_sdk_inspector2::model::{FilterCriteria, Severity};

#[tokio::main]
async fn main() -> Result<(), Error> {
    // 创建客户端
    let client = create_client().await;
    
    // 启用对EC2和ECR的扫描
    enable_scanning(&client, vec!["EC2", "ECR"]).await;
    
    // 创建评估目标
    create_assessment_target(&client, "MyProductionTarget").await;
    
    // 列出所有高严重性发现
    let findings = list_findings_by_severity(&client, Severity::High).await?;
    
    // 获取并打印每个发现的详细信息
    for finding_arn in findings {
        get_finding_detail(&client, &finding_arn).await;
    }
    
    Ok(())
}

async fn create_client() -> Client {
    // 从环境变量加载AWS配置
    let config = aws_config::load_from_env().await;
    Client::new(&config)
}

async fn enable_scanning(client: &Client, resource_types: Vec<&str>) {
    // 启用对指定资源类型的扫描
    let response = client
        .enable()
        .set_resource_types(Some(
            resource_types.into_iter().map(|s| s.to_string()).collect()
        ))
        .send()
        .await
        .unwrap();

    println!("已启用扫描服务: {:?}", response);
}

async fn create_assessment_target(client: &Client, target_name: &str) {
    // 创建自定义评估目标
    let response = client
        .create_assessment_target()
        .assessment_target_name(target_name)
        .resource_group_arn("arn:aws:resource-groups:us-west-2:123456789012:group/MyResourceGroup")
        .send()
        .await
        .unwrap();

    println!("已创建评估目标 ARN: {}", response.assessment_target_arn.unwrap());
}

async fn list_findings_by_severity(
    client: &Client, 
    severity: Severity
) -> Result<Vec<String>, Error> {
    // 根据严重级别列出发现项
    let response = client
        .list_findings()
        .filter_criteria(
            FilterCriteria::builder()
                .severity(severity.as_str())
                .build()
        )
        .send()
        .await?;

    Ok(response.finding_arns.unwrap_or_default())
}

async fn get_finding_detail(client: &Client, finding_arn: &str) {
    // 获取发现项的详细信息
    let response = client
        .batch_get_findings()
        .set_finding_arns(Some(vec![finding_arn.to_string()]))
        .send()
        .await
        .unwrap();

    if let Some(findings) = response.findings {
        for finding in findings {
            println!("\n发现项详情:");
            println!("标题: {}", finding.title.unwrap_or_default());
            println!("严重性: {}", finding.severity.unwrap_or_default());
            println!("描述: {}", finding.description.unwrap_or_default());
            println!("资源类型: {}", finding.resource_type.unwrap_or_default());
            println!("首次发现时间: {}", finding.first_observed_at.unwrap_or_default());
        }
    }
}

最佳实践

  1. 批量处理:使用batch_get_findings而不是单独获取每个发现项
  2. 分页处理:处理大量结果时使用分页
  3. 错误处理:妥善处理API限制和错误
  4. 缓存结果:考虑缓存结果以减少API调用
  5. 定期扫描:设置定期扫描而不是一次性扫描

注意事项

  • 确保您的AWS IAM角色有足够的权限访问Inspector2服务
  • 注意AWS服务的区域限制
  • 大量扫描可能会产生额外费用
  • 生产环境中应考虑添加适当的日志记录和监控

通过这个库,您可以构建强大的云端安全监控系统,自动化漏洞检测和管理流程。

回到顶部