chore: Move shared to lib/ for AWS (#1321)

* chore: Move shared to lib/

* chore: Move shared to lib/ for AWS

Co-authored-by: Sergio Garcia <38561120+sergargar@users.noreply.github.com>

lib/arn/arn.py

@@ -1,45 +0,0 @@
-from arnparse import arnparse
-
-from lib.arn.error import (
-    RoleArnParsingEmptyResource,
-    RoleArnParsingFailedMissingFields,
-    RoleArnParsingIAMRegionNotEmpty,
-    RoleArnParsingInvalidAccountID,
-    RoleArnParsingInvalidResourceType,
-    RoleArnParsingPartitionEmpty,
-    RoleArnParsingServiceNotIAM,
-)
-
-
-def arn_parsing(arn):
-    # check for number of fields, must be six
-    if len(arn.split(":")) != 6:
-        raise RoleArnParsingFailedMissingFields
-    else:
-        arn_parsed = arnparse(arn)
-        # First check if region is empty (in IAM arns region is always empty)
-        if arn_parsed.region != None:
-            raise RoleArnParsingIAMRegionNotEmpty
-        else:
-            # check if needed fields are filled:
-            # - partition
-            # - service
-            # - account_id
-            # - resource_type
-            # - resource
-            if arn_parsed.partition == None:
-                raise RoleArnParsingPartitionEmpty
-            elif arn_parsed.service != "iam":
-                raise RoleArnParsingServiceNotIAM
-            elif (
-                arn_parsed.account_id == None
-                or len(arn_parsed.account_id) != 12
-                or not arn_parsed.account_id.isnumeric()
-            ):
-                raise RoleArnParsingInvalidAccountID
-            elif arn_parsed.resource_type != "role":
-                raise RoleArnParsingInvalidResourceType
-            elif arn_parsed.resource == "":
-                raise RoleArnParsingEmptyResource
-            else:
-                return arn_parsed

lib/arn/arn_test.py

@@ -1,33 +0,0 @@
-import sure  # noqa
-
-from lib.arn.arn import arn_parsing
-
-ACCOUNT_ID = "123456789012"
-RESOURCE_TYPE = "role"
-IAM_ROLE = "test-role"
-
-
-class Test_ARN_Parsing:
-    def test_arn_parsing(self):
-        test_cases = [
-            {
-                "input_arn": f"arn:aws:iam::{ACCOUNT_ID}:{RESOURCE_TYPE}/{IAM_ROLE}",
-                "expected": {
-                    "partition": "aws",
-                    "service": "iam",
-                    "region": None,
-                    "account_id": ACCOUNT_ID,
-                    "resource_type": RESOURCE_TYPE,
-                    "resource": IAM_ROLE,
-                },
-            }
-        ]
-        for test in test_cases:
-            input_arn = test["input_arn"]
-            parsed_arn = arn_parsing(input_arn)
-            parsed_arn.partition.should.equal(test["expected"]["partition"])
-            parsed_arn.service.should.equal(test["expected"]["service"])
-            parsed_arn.region.should.equal(test["expected"]["region"])
-            parsed_arn.account_id.should.equal(test["expected"]["account_id"])
-            parsed_arn.resource_type.should.equal(test["expected"]["resource_type"])
-            parsed_arn.resource.should.equal(test["expected"]["resource"])

lib/arn/error.py

@@ -1,43 +0,0 @@
-class RoleArnParsingFailedMissingFields(Exception):
-    # The arn contains a numberof fields different than six separated by :"
-    def __init__(self):
-        self.message = "The assumed role arn contains a number of fields different than six separated by :, please input a valid arn"
-        super().__init__(self.message)
-
-
-class RoleArnParsingIAMRegionNotEmpty(Exception):
-    # The arn contains a non-empty value for region, since it is an IAM arn is not valid
-    def __init__(self):
-        self.message = "The assumed role arn contains a non-empty value for region, since it is an IAM arn is not valid, please input a valid arn"
-        super().__init__(self.message)
-
-
-class RoleArnParsingPartitionEmpty(Exception):
-    # The arn contains an empty value for partition
-    def __init__(self):
-        self.message = "The assumed role arn does not contain a value for partition, please input a valid arn"
-        super().__init__(self.message)
-
-
-class RoleArnParsingServiceNotIAM(Exception):
-    def __init__(self):
-        self.message = "The assumed role arn contains a value for service distinct than iam, please input a valid arn"
-        super().__init__(self.message)
-
-
-class RoleArnParsingInvalidAccountID(Exception):
-    def __init__(self):
-        self.message = "The assumed role arn contains a value for account id empty or invalid, a valid account id must be composed of 12 numbers, please input a valid arn"
-        super().__init__(self.message)
-
-
-class RoleArnParsingInvalidResourceType(Exception):
-    def __init__(self):
-        self.message = "The assumed role arn contains a value for resource type different than role, please input a valid arn"
-        super().__init__(self.message)
-
-
-class RoleArnParsingEmptyResource(Exception):
-    def __init__(self):
-        self.message = "The assumed role arn does not contain a value for resource, please input a valid arn"
-        super().__init__(self.message)

lib/check/check.py

@@ -150,7 +150,8 @@ def recover_checks_from_provider(provider: str, service: str = None) -> list:
     for module_name in modules:
         # Format: "providers.{provider}.services.{service}.{check_name}.{check_name}"
         check_name = module_name.name
-        if check_name.count(".") == 5:
+        # We need to exclude common shared libraries in services
+        if check_name.count(".") == 5 and "lib" not in check_name:
             checks.append(check_name)
     return checks
 

lib/outputs/outputs.py

@@ -22,7 +22,7 @@ from lib.outputs.models import (
     Severity,
 )
 from lib.utils.utils import file_exists, hash_sha512, open_file
-from providers.aws.aws_provider import send_to_security_hub
+from providers.aws.lib.security_hub import send_to_security_hub
 
 
 def report(check_findings, output_options, audit_info):