Merge pull request #49 from cisagov/goose-1.2.3

goose v1.2.3

CHANGELOG.md

@@ -2,6 +2,15 @@
 
 All notable changes to this project will be documented in this file.
 
+## [1.2.3] - The goose is loose - 2023-07-20
+### Added
+
+### Changed
+- Updated `cryptography` and `aiohttp` based on dependabot.
+- Updated SBOM files.
+
+### Fixed
+
 ## [1.2.2] - The goose is loose - 2023-07-17
 ### Added
 - Better catches for when password for the account needs to be updated, when a conditional access policy blocks user account access, or when the user account is flagged for risky actions.

cyclonedx_output.json

@@ -2,10 +2,10 @@
  "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.4",
- "serialNumber": "urn:uuid:2901c5d5-f1ee-49b1-bc86-243bd25781bb",
+ "serialNumber": "urn:uuid:da04caa5-5c97-4a60-847f-066f7e1d562c",
  "version": 1,
  "metadata": {
- "timestamp": "2023-07-17T15:38:39-04:00",
+ "timestamp": "2023-07-20T15:22:04-04:00",
  "tools": [
  {
  "vendor": "anchore",
@@ -91,12 +91,12 @@
  ]
  },
  {
- "bom-ref": "pkg:pypi/[email protected].4?package-id=cb709e196c491694",
+ "bom-ref": "pkg:pypi/[email protected].5?package-id=9d93d206197cbdde",
  "type": "library",
  "name": "aiohttp",
- "version": "3.8.4",
- "cpe": "cpe:2.3:a:python-aiohttp:python-aiohttp:3.8.4:*:*:*:*:*:*:*",
- "purl": "pkg:pypi/[email protected].4",
+ "version": "3.8.5",
+ "cpe": "cpe:2.3:a:python-aiohttp:python-aiohttp:3.8.5:*:*:*:*:*:*:*",
+ "purl": "pkg:pypi/[email protected].5",
  "properties": [
  {
  "name": "syft:package:foundBy",
@@ -112,47 +112,47 @@
  },
  {
  "name": "syft:cpe23",
- "value": "cpe:2.3:a:python-aiohttp:python_aiohttp:3.8.4:*:*:*:*:*:*:*"
+ "value": "cpe:2.3:a:python-aiohttp:python_aiohttp:3.8.5:*:*:*:*:*:*:*"
  },
  {
  "name": "syft:cpe23",
- "value": "cpe:2.3:a:python_aiohttp:python-aiohttp:3.8.4:*:*:*:*:*:*:*"
+ "value": "cpe:2.3:a:python_aiohttp:python-aiohttp:3.8.5:*:*:*:*:*:*:*"
  },
  {
  "name": "syft:cpe23",
- "value": "cpe:2.3:a:python_aiohttp:python_aiohttp:3.8.4:*:*:*:*:*:*:*"
+ "value": "cpe:2.3:a:python_aiohttp:python_aiohttp:3.8.5:*:*:*:*:*:*:*"
  },
  {
  "name": "syft:cpe23",
- "value": "cpe:2.3:a:aiohttp:python-aiohttp:3.8.4:*:*:*:*:*:*:*"
+ "value": "cpe:2.3:a:aiohttp:python-aiohttp:3.8.5:*:*:*:*:*:*:*"
  },
  {
  "name": "syft:cpe23",
- "value": "cpe:2.3:a:aiohttp:python_aiohttp:3.8.4:*:*:*:*:*:*:*"
+ "value": "cpe:2.3:a:aiohttp:python_aiohttp:3.8.5:*:*:*:*:*:*:*"
  },
  {
  "name": "syft:cpe23",
- "value": "cpe:2.3:a:python-aiohttp:aiohttp:3.8.4:*:*:*:*:*:*:*"
+ "value": "cpe:2.3:a:python-aiohttp:aiohttp:3.8.5:*:*:*:*:*:*:*"
  },
  {
  "name": "syft:cpe23",
- "value": "cpe:2.3:a:python_aiohttp:aiohttp:3.8.4:*:*:*:*:*:*:*"
+ "value": "cpe:2.3:a:python_aiohttp:aiohttp:3.8.5:*:*:*:*:*:*:*"
  },
  {
  "name": "syft:cpe23",
- "value": "cpe:2.3:a:python:python-aiohttp:3.8.4:*:*:*:*:*:*:*"
+ "value": "cpe:2.3:a:python:python-aiohttp:3.8.5:*:*:*:*:*:*:*"
  },
  {
  "name": "syft:cpe23",
- "value": "cpe:2.3:a:python:python_aiohttp:3.8.4:*:*:*:*:*:*:*"
+ "value": "cpe:2.3:a:python:python_aiohttp:3.8.5:*:*:*:*:*:*:*"
  },
  {
  "name": "syft:cpe23",
- "value": "cpe:2.3:a:aiohttp:aiohttp:3.8.4:*:*:*:*:*:*:*"
+ "value": "cpe:2.3:a:aiohttp:aiohttp:3.8.5:*:*:*:*:*:*:*"
  },
  {
  "name": "syft:cpe23",
- "value": "cpe:2.3:a:python:aiohttp:3.8.4:*:*:*:*:*:*:*"
+ "value": "cpe:2.3:a:python:aiohttp:3.8.5:*:*:*:*:*:*:*"
  },
  {
  "name": "syft:location:0:path",
@@ -231,12 +231,12 @@
  ]
  },
  {
- "bom-ref": "pkg:pypi/[email protected].1?package-id=9b4891146eaf3965",
+ "bom-ref": "pkg:pypi/[email protected].2?package-id=ec857cc0e0d2bac4",
  "type": "library",
  "name": "cryptography",
- "version": "41.0.1",
- "cpe": "cpe:2.3:a:python-cryptography_project:python-cryptography:41.0.1:*:*:*:*:*:*:*",
- "purl": "pkg:pypi/[email protected].1",
+ "version": "41.0.2",
+ "cpe": "cpe:2.3:a:python-cryptography_project:python-cryptography:41.0.2:*:*:*:*:*:*:*",
+ "purl": "pkg:pypi/[email protected].2",
  "properties": [
  {
  "name": "syft:package:foundBy",
@@ -252,59 +252,59 @@
  },
  {
  "name": "syft:cpe23",
- "value": "cpe:2.3:a:python-cryptography_project:python_cryptography:41.0.1:*:*:*:*:*:*:*"
+ "value": "cpe:2.3:a:python-cryptography_project:python_cryptography:41.0.2:*:*:*:*:*:*:*"
  },
  {
  "name": "syft:cpe23",
- "value": "cpe:2.3:a:python-cryptography_project:cryptography:41.0.1:*:*:*:*:*:*:*"
+ "value": "cpe:2.3:a:python-cryptography_project:cryptography:41.0.2:*:*:*:*:*:*:*"
  },
  {
  "name": "syft:cpe23",
- "value": "cpe:2.3:a:python-cryptography:python-cryptography:41.0.1:*:*:*:*:*:*:*"
+ "value": "cpe:2.3:a:python-cryptography:python-cryptography:41.0.2:*:*:*:*:*:*:*"
  },
  {
  "name": "syft:cpe23",
- "value": "cpe:2.3:a:python-cryptography:python_cryptography:41.0.1:*:*:*:*:*:*:*"
+ "value": "cpe:2.3:a:python-cryptography:python_cryptography:41.0.2:*:*:*:*:*:*:*"
  },
  {
  "name": "syft:cpe23",
- "value": "cpe:2.3:a:python_cryptography:python-cryptography:41.0.1:*:*:*:*:*:*:*"
+ "value": "cpe:2.3:a:python_cryptography:python-cryptography:41.0.2:*:*:*:*:*:*:*"
  },
  {
  "name": "syft:cpe23",
- "value": "cpe:2.3:a:python_cryptography:python_cryptography:41.0.1:*:*:*:*:*:*:*"
+ "value": "cpe:2.3:a:python_cryptography:python_cryptography:41.0.2:*:*:*:*:*:*:*"
  },
  {
  "name": "syft:cpe23",
- "value": "cpe:2.3:a:cryptography:python-cryptography:41.0.1:*:*:*:*:*:*:*"
+ "value": "cpe:2.3:a:cryptography:python-cryptography:41.0.2:*:*:*:*:*:*:*"
  },
  {
  "name": "syft:cpe23",
- "value": "cpe:2.3:a:cryptography:python_cryptography:41.0.1:*:*:*:*:*:*:*"
+ "value": "cpe:2.3:a:cryptography:python_cryptography:41.0.2:*:*:*:*:*:*:*"
  },
  {
  "name": "syft:cpe23",
- "value": "cpe:2.3:a:python-cryptography:cryptography:41.0.1:*:*:*:*:*:*:*"
+ "value": "cpe:2.3:a:python-cryptography:cryptography:41.0.2:*:*:*:*:*:*:*"
  },
  {
  "name": "syft:cpe23",
- "value": "cpe:2.3:a:python_cryptography:cryptography:41.0.1:*:*:*:*:*:*:*"
+ "value": "cpe:2.3:a:python_cryptography:cryptography:41.0.2:*:*:*:*:*:*:*"
  },
  {
  "name": "syft:cpe23",
- "value": "cpe:2.3:a:python:python-cryptography:41.0.1:*:*:*:*:*:*:*"
+ "value": "cpe:2.3:a:python:python-cryptography:41.0.2:*:*:*:*:*:*:*"
  },
  {
  "name": "syft:cpe23",
- "value": "cpe:2.3:a:python:python_cryptography:41.0.1:*:*:*:*:*:*:*"
+ "value": "cpe:2.3:a:python:python_cryptography:41.0.2:*:*:*:*:*:*:*"
  },
  {
  "name": "syft:cpe23",
- "value": "cpe:2.3:a:cryptography:cryptography:41.0.1:*:*:*:*:*:*:*"
+ "value": "cpe:2.3:a:cryptography:cryptography:41.0.2:*:*:*:*:*:*:*"
  },
  {
  "name": "syft:cpe23",
- "value": "cpe:2.3:a:python:cryptography:41.0.1:*:*:*:*:*:*:*"
+ "value": "cpe:2.3:a:python:cryptography:41.0.2:*:*:*:*:*:*:*"
  },
  {
  "name": "syft:location:0:path",

goosey/auth.py

@@ -27,7 +27,7 @@
 from seleniumwire import webdriver
 
 __author__ = "Claire Casalnova, Jordan Eberst, Wellington Lee, Victoria Wallace"
-__version__ = "1.2.2"
+__version__ = "1.2.3"
 
 green = "\x1b[1;32m"
 

goosey/azure_ad_datadumper.py

@@ -15,7 +15,7 @@
 from goosey.utils import *
 
 __author__ = "Claire Casalnova, Jordan Eberst, Wellington Lee, Victoria Wallace"
-__version__ = "1.2.2"
+__version__ = "1.2.3"
 
 class AzureAdDataDumper(DataDumper):
 

goosey/azure_dumper.py

@@ -29,7 +29,7 @@
 from typing import NewType, Optional
 
 __author__ = "Claire Casalnova, Jordan Eberst, Wellington Lee, Victoria Wallace"
-__version__ = "1.2.2"
+__version__ = "1.2.3"
 
 utc = pytz.UTC
 

goosey/csv.py

@@ -14,7 +14,7 @@
 from goosey.utils import *
 
 __author__ = "Claire Casalnova, Jordan Eberst, Wellington Lee, Victoria Wallace"
-__version__ = "1.2.2"
+__version__ = "1.2.3"
 
 if sys.platform == 'win32':
  asyncio.set_event_loop_policy(asyncio.WindowsSelectorEventLoopPolicy())

goosey/d4iot.py

@@ -22,7 +22,7 @@
 from goosey.utils import *
 
 __author__ = "Claire Casalnova, Jordan Eberst, Wellington Lee, Victoria Wallace"
-__version__ = "1.2.2"
+__version__ = "1.2.3"
 
 if sys.platform == 'win32':
  asyncio.set_event_loop_policy(asyncio.WindowsSelectorEventLoopPolicy())

goosey/d4iot_dumper.py

@@ -12,7 +12,7 @@
 from goosey.utils import *
 
 __author__ = "Claire Casalnova, Jordan Eberst, Wellington Lee, Victoria Wallace"
-__version__ = "1.2.2"
+__version__ = "1.2.3"
 
 class DefenderIoTDumper(DataDumper):
  def __init__(self, output_dir, reports_dir, session, csrftoken, sessionid, config, auth_un_pw, debug):

goosey/datadumper.py

@@ -4,7 +4,7 @@
 from goosey.utils import *
 
 __author__ = "Claire Casalnova, Jordan Eberst, Wellington Lee, Victoria Wallace"
-__version__ = "1.2.2"
+__version__ = "1.2.3"
 
 class DataDumper(object):
  def __init__(self, output_dir: str, reports_dir: str, auth: dict, app_auth: dict, session, debug):

goosey/graze.py

@@ -24,7 +24,7 @@
 from urllib.parse import unquote
 
 __author__ = "Claire Casalnova, Jordan Eberst, Wellington Lee, Victoria Wallace"
-__version__ = "1.2.2"
+__version__ = "1.2.3"
 
 warnings.simplefilter('ignore')
 

goosey/guimain.py

@@ -18,7 +18,7 @@
 from goosey.main import main as gooseymain
 
 __author__ = "Claire Casalnova, Jordan Eberst, Wellington Lee, Victoria Wallace"
-__version__ = "1.2.2"
+__version__ = "1.2.3"
 
 try:
  from gooey import Gooey, GooeyParser

goosey/honk.py

@@ -26,7 +26,7 @@
 from goosey.utils import *
 
 __author__ = "Claire Casalnova, Jordan Eberst, Wellington Lee, Victoria Wallace"
-__version__ = "1.2.2"
+__version__ = "1.2.3"
 
 if sys.platform == 'win32':
  asyncio.set_event_loop_policy(asyncio.WindowsSelectorEventLoopPolicy())

goosey/m365_datadumper.py

@@ -23,7 +23,7 @@
 from io import StringIO
 
 __author__ = "Claire Casalnova, Jordan Eberst, Wellington Lee, Victoria Wallace"
-__version__ = "1.2.2"
+__version__ = "1.2.3"
 
 class M365DataDumper(DataDumper):
 

goosey/main.py

@@ -35,7 +35,7 @@
 '''
 
 __author__ = "Claire Casalnova, Jordan Eberst, Wellington Lee, Victoria Wallace"
-__version__ = "1.2.2"
+__version__ = "1.2.3"
 
 def main():
  # Primary argument parser

goosey/mde_datadumper.py

@@ -11,7 +11,7 @@
 from goosey.utils import *
 
 __author__ = "Claire Casalnova, Jordan Eberst, Wellington Lee, Victoria Wallace"
-__version__ = "1.2.2"
+__version__ = "1.2.3"
 
 end_29_days_ago = datetime.today().replace(hour=0, minute=0, second=0, microsecond=0) - timedelta(days=29)
 today_date = datetime.today().replace(hour=0, minute=0, second=0, microsecond=0)

goosey/messagetrace.py

@@ -40,7 +40,7 @@
 '''
 
 __author__ = "Claire Casalnova, Jordan Eberst, Wellington Lee, Victoria Wallace"
-__version__ = "1.2.2"
+__version__ = "1.2.3"
 
 logger = None
 encryption_pw = None

goosey/utils.py

@@ -18,7 +18,7 @@
 from logging import handlers
 
 __author__ = "Claire Casalnova, Jordan Eberst, Wellington Lee, Victoria Wallace"
-__version__ = "1.2.2"
+__version__ = "1.2.3"
 
 if sys.platform == 'win32':
  import msvcrt

scripts/generate_conf.py

@@ -12,7 +12,7 @@
 from goosey.mde_datadumper import MDEDataDumper
 
 __author__ = "Claire Casalnova, Jordan Eberst, Wellington Lee, Victoria Wallace"
-__version__ = "1.2.2"
+__version__ = "1.2.3"
 
 def main():
  auth_s = '[auth]\nusername=\npassword=\nappid=\nclientsecret=\n\n'

setup.py

@@ -6,7 +6,7 @@
 
 from setuptools import setup
 setup(name='goosey',
- version='1.2.2',
+ version='1.2.3',
  description='AzureAD, Azure and M365 Data Collector',
  author='Claire Casalnova, Jordan Eberst, Wellington Lee, Victoria Wallace',
  classifiers=[