From a4d273984b50d57ce9bb1032048e95fb1056da8d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Filip=20Biele=C5=84?= Date: Mon, 29 Dec 2025 11:14:41 +0100 Subject: [PATCH 1/3] add-asg-scans --- .../applicationsecuritygroupsquery.py | 31 ++++++++++++++++++ .../azure/applicationSecurityGroups.yaml | 6 ++++ ...SecurityGroups - Copy.yaml:Zone.Identifier | Bin 0 -> 25 bytes 3 files changed, 37 insertions(+) create mode 100644 cloudimized/azurecore/applicationsecuritygroupsquery.py create mode 100644 cloudimized/singlerunconfigs/azure/applicationSecurityGroups.yaml create mode 100644 cloudimized/singlerunconfigs/azure/networkSecurityGroups - Copy.yaml:Zone.Identifier diff --git a/cloudimized/azurecore/applicationsecuritygroupsquery.py b/cloudimized/azurecore/applicationsecuritygroupsquery.py new file mode 100644 index 0000000..f180077 --- /dev/null +++ b/cloudimized/azurecore/applicationsecuritygroupsquery.py @@ -0,0 +1,31 @@ +""" +Azure query for Network Security Group +""" +from azure.identity import DefaultAzureCredential +from azure.mgmt.network import NetworkManagementClient +from cloudimized.azurecore.azurequery import AzureQuery +from typing import Dict, List + + +@AzureQuery.register_class("applicationSecurityGroups") + +class ApplicationSecurityGroupsQuery(AzureQuery): + """ + Query class for Azure Application Security Groups + Collects ASG configurations and stores them in the 'applicationSecurityGroups' folder. + """ + def _AzureQuery__send_query(self, + credential: DefaultAzureCredential, + subscription_id: str, + resource_groups) -> List[Dict]: + """ + Sends Azure query that lists Network Security Groups in subscription in project. + See:https://learn.microsoft.com/en-us/rest/api/virtualnetwork/application-security-groups/list-all?view=rest-virtualnetwork-2025-03-01&tabs=Python + :param credential: Azure credential object + :param subscription_id: Azure subscription ID to query + :param resource_groups: irrelevant for this implementation, needed due to inheritance + :return: List of resources that were queried + """ + client = NetworkManagementClient(credential=credential, subscription_id=subscription_id) + result = client.application_security_groups.list_all() + return result diff --git a/cloudimized/singlerunconfigs/azure/applicationSecurityGroups.yaml b/cloudimized/singlerunconfigs/azure/applicationSecurityGroups.yaml new file mode 100644 index 0000000..177e913 --- /dev/null +++ b/cloudimized/singlerunconfigs/azure/applicationSecurityGroups.yaml @@ -0,0 +1,6 @@ +resource: applicationSecurityGroups +field_exclude_filter: + - etag + - provisioning_state +#item_exclude_filter: +# - diff --git a/cloudimized/singlerunconfigs/azure/networkSecurityGroups - Copy.yaml:Zone.Identifier b/cloudimized/singlerunconfigs/azure/networkSecurityGroups - Copy.yaml:Zone.Identifier new file mode 100644 index 0000000000000000000000000000000000000000..d6c1ec682968c796b9f5e9e080cc6f674b57c766 GIT binary patch literal 25 dcma!!%Fjy;DN4*MPD?F{<>dl#JyUFr831@K2x Date: Mon, 29 Dec 2025 11:15:12 +0100 Subject: [PATCH 2/3] add-asg-scans --- ...tworkSecurityGroups - Copy.yaml:Zone.Identifier | Bin 25 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 cloudimized/singlerunconfigs/azure/networkSecurityGroups - Copy.yaml:Zone.Identifier diff --git a/cloudimized/singlerunconfigs/azure/networkSecurityGroups - Copy.yaml:Zone.Identifier b/cloudimized/singlerunconfigs/azure/networkSecurityGroups - Copy.yaml:Zone.Identifier deleted file mode 100644 index d6c1ec682968c796b9f5e9e080cc6f674b57c766..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 25 dcma!!%Fjy;DN4*MPD?F{<>dl#JyUFr831@K2x Date: Mon, 29 Dec 2025 11:23:57 +0100 Subject: [PATCH 3/3] add-asg-scans --- cloudimized/azurecore/applicationsecuritygroupsquery.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cloudimized/azurecore/applicationsecuritygroupsquery.py b/cloudimized/azurecore/applicationsecuritygroupsquery.py index f180077..7a6f650 100644 --- a/cloudimized/azurecore/applicationsecuritygroupsquery.py +++ b/cloudimized/azurecore/applicationsecuritygroupsquery.py @@ -1,5 +1,5 @@ """ -Azure query for Network Security Group +Azure query for Application Security Groups """ from azure.identity import DefaultAzureCredential from azure.mgmt.network import NetworkManagementClient