limitusus/detect-sigv2.rb

## detect-sigv2.rb
#!/usr/bin/env ruby

require 'aws-sdk'
require 'zlib'
require 'json'

bucket = ARGV[0]
prefix = ARGV[1]
region = ENV['AWS_REGION']
puts "Bucket: #{bucket}"
puts "Prefix: #{prefix}"

logdir = "#{bucket}-logs"
unless Dir.exist?(logdir)
  Dir.mkdir(logdir)
end

s3 = Aws::S3::Client.new(region: region)

# File download
marker = nil
loop do
  resp = nil
  if marker.nil?
    resp = s3.list_objects(bucket: bucket, prefix: prefix)
  else
    resp = s3.list_objects(bucket: bucket, prefix: prefix, marker: marker)
  end
  marker = resp.next_marker
  objs = resp.contents
  objs.each do |obj|
    obj_key = obj.key
    obj_key_tail = obj_key.split('/').last
    if !File.exist?("#{logdir}/#{obj_key_tail}")
      File.open("#{logdir}/#{obj_key_tail}", 'wb') do |file|
        puts "[Download] #{obj_key}"
        s3.get_object(bucket: bucket, key: obj_key) do |chunk|
          file.write(chunk)
        end
      end
    end
  end
  if marker == '' or marker.nil?
    break
  end
end

# File check
Dir.glob("#{logdir}/*") do |path|
  #puts "Processing #{path}"
  Zlib::GzipReader.open(path) do |file|
    obj = JSON.load(file.read)
    obj['Records'].each do |record|
      next if record['eventSource'] != 's3.amazonaws.com'
      next unless record.key?('additionalEventData')
      next unless record['additionalEventData'].key?('SignatureVersion')
      next if record['additionalEventData']['SignatureVersion'] == 'SigV4'
      p path
      p record
    end
  end
end
	#!/usr/bin/env ruby

	require 'aws-sdk'
	require 'zlib'
	require 'json'

	bucket = ARGV[0]
	prefix = ARGV[1]
	region = ENV['AWS_REGION']
	puts "Bucket: #{bucket}"
	puts "Prefix: #{prefix}"

	logdir = "#{bucket}-logs"
	unless Dir.exist?(logdir)
	Dir.mkdir(logdir)
	end

	s3 = Aws::S3::Client.new(region: region)

	# File download
	marker = nil
	loop do
	resp = nil
	if marker.nil?
	resp = s3.list_objects(bucket: bucket, prefix: prefix)
	else
	resp = s3.list_objects(bucket: bucket, prefix: prefix, marker: marker)
	end
	marker = resp.next_marker
	objs = resp.contents
	objs.each do \|obj\|
	obj_key = obj.key
	obj_key_tail = obj_key.split('/').last
	if !File.exist?("#{logdir}/#{obj_key_tail}")
	File.open("#{logdir}/#{obj_key_tail}", 'wb') do \|file\|
	puts "[Download] #{obj_key}"
	s3.get_object(bucket: bucket, key: obj_key) do \|chunk\|
	file.write(chunk)
	end
	end
	end
	end
	if marker == '' or marker.nil?
	break
	end
	end

	# File check
	Dir.glob("#{logdir}/*") do \|path\|
	#puts "Processing #{path}"
	Zlib::GzipReader.open(path) do \|file\|
	obj = JSON.load(file.read)
	obj['Records'].each do \|record\|
	next if record['eventSource'] != 's3.amazonaws.com'
	next unless record.key?('additionalEventData')
	next unless record['additionalEventData'].key?('SignatureVersion')
	next if record['additionalEventData']['SignatureVersion'] == 'SigV4'
	p path
	p record
	end
	end
	end