From 661614f115c39a3d4f90261f9f3f53c0831f3e93 Mon Sep 17 00:00:00 2001
From: Kinnaird McQuade <kmcquade@salesforce.com>
Date: Sun, 3 May 2020 16:52:28 -0400
Subject: [PATCH] HTML report now always shows Trust Policies for Roles, even
 if they do not allow assumption from a Compute Service

---
 CHANGELOG.md                                  |  3 +++
 cloudsplaining/bin/cloudsplaining             |  2 +-
 .../templates/analysis/customer-managed.html  |  2 +-
 examples/files/iam-report-example.html        | 24 +++++++++++++++++++
 index.html                                    | 24 +++++++++++++++++++
 5 files changed, 53 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f5318bad..02c421b5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,8 @@
 # CHANGELOG
 
+## 0.0.9 (2020-05-03)
+* HTML report now always shows Trust Policies for Roles, even if they do not allow assumption from a Compute Service. This can help assessors with triaging and pentesters for targeting.
+
 ## 0.0.8 (2020-05-03)
 * Migrated to GitHub actions with automated Homebrew releases
 
diff --git a/cloudsplaining/bin/cloudsplaining b/cloudsplaining/bin/cloudsplaining
index 01ea0b42..e7613b23 100755
--- a/cloudsplaining/bin/cloudsplaining
+++ b/cloudsplaining/bin/cloudsplaining
@@ -7,7 +7,7 @@
 """
     Cloudsplaining is an AWS IAM Assessment tool that identifies violations of least privilege and generates a risk-prioritized HTML report with a triage worksheet.
 """
-__version__ = "0.0.8"
+__version__ = "0.0.9"
 import click
 from cloudsplaining import command
 
diff --git a/cloudsplaining/output/templates/analysis/customer-managed.html b/cloudsplaining/output/templates/analysis/customer-managed.html
index 0c177bdf..472ac6b4 100644
--- a/cloudsplaining/output/templates/analysis/customer-managed.html
+++ b/cloudsplaining/output/templates/analysis/customer-managed.html
@@ -32,7 +32,7 @@
         </div>
       </div>
      <!--Trust Policy Document-->
-      {% if finding["AssumableByComputeService"]|length > 0 %}
+      {% if finding["Type"] == "Role" %}
         <div class="card">
            <div class="card-header">
               <a class="card-link" data-toggle="collapse" data-parent="#card-customer-{{ t['results'].index(finding) }}" href="#card-element-customer-trust-policy{{ t['results'].index(finding) }}">Trust Policy Document</a>
diff --git a/examples/files/iam-report-example.html b/examples/files/iam-report-example.html
index 73086433..9e6825bf 100644
--- a/examples/files/iam-report-example.html
+++ b/examples/files/iam-report-example.html
@@ -540,6 +540,30 @@ <h6 class="card-header" id="EC2-IAM-example">Role: EC2-IAM-example</h6>
       </div>
      <!--Trust Policy Document-->
       
+        <div class="card">
+           <div class="card-header">
+              <a class="card-link" data-toggle="collapse" data-parent="#card-customer-16" href="#card-element-customer-trust-policy16">Trust Policy Document</a>
+           </div>
+           <div id="card-element-customer-trust-policy16" class="panel-collapse collapse">
+            <div class="card-body">
+              <pre><code>
+{
+    "Statement": [
+        {
+            "Action": "sts:AssumeRole",
+            "Effect": "Allow",
+            "Principal": {
+                "Service": "ssm.amazonaws.com"
+            }
+        }
+    ],
+    "Version": "2012-10-17"
+}
+              </code></pre>
+            </div>
+           </div>
+        </div>
+      
      <!--/end Trust Policy Document-->
       
       <!--High Priority Risks-->
diff --git a/index.html b/index.html
index 807903bd..d9b08f1c 100644
--- a/index.html
+++ b/index.html
@@ -540,6 +540,30 @@ <h6 class="card-header" id="EC2-IAM-example">Role: EC2-IAM-example</h6>
       </div>
      <!--Trust Policy Document-->
       
+        <div class="card">
+           <div class="card-header">
+              <a class="card-link" data-toggle="collapse" data-parent="#card-customer-16" href="#card-element-customer-trust-policy16">Trust Policy Document</a>
+           </div>
+           <div id="card-element-customer-trust-policy16" class="panel-collapse collapse">
+            <div class="card-body">
+              <pre><code>
+{
+    "Statement": [
+        {
+            "Action": "sts:AssumeRole",
+            "Effect": "Allow",
+            "Principal": {
+                "Service": "ssm.amazonaws.com"
+            }
+        }
+    ],
+    "Version": "2012-10-17"
+}
+              </code></pre>
+            </div>
+           </div>
+        </div>
+      
      <!--/end Trust Policy Document-->
       
       <!--High Priority Risks-->