ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 06:45:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(services_testing): Add tests for EC2, IAM and S3 services (#1352)

Browse Source 
Co-authored-by: Pepe Fagoaga <pepe@verica.io>
Co-authored-by: sergargar <sergio@verica.io>
This commit is contained in:
Sergio Garcia
2022-08-31 13:40:28 +02:00
committed by GitHub
parent e087f2e1b6
commit eb914d03ce
47 changed files with 902 additions and 180 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Pipfile
View File

@@ -20,4 +20,4 @@ pytest = "7.1.2"
[dev-packages]
[requires]
python_version = "3"
python_version = "3.9"

236
Pipfile.lock generated
View File

@@ -1,11 +1,11 @@
{
"_meta": {
"hash": {
"sha256": "c5d684bfa255c02f7676641165c651ebb46c7f4cab5c3d2916da4a7d4bd0f0ce"
"sha256": "e77c8b5d556b7e3c336616485fe5c853f203896df85be049b89a4618bef8fab7"
},
"pipfile-spec": 6,
"requires": {
"python_version": "3"
"python_version": "3.9"
},
"sources": [
{
@@ -26,11 +26,11 @@
},
"attrs": {
"hashes": [
"sha256:2d27e3784d7a565d36ab851fe94887c5eccd6a463168875832a1be79c82828b4",
"sha256:626ba8234211db98e869df76230a137c4c40a12d72445c45d5f5b716f076e2fd"
"sha256:29adc2665447e5191d0e7c568fde78b21f9672d344281d0c6e1ab085429b22b6",
"sha256:86efa402f67bf2df34f51a335487cf46b1ec130d02b8d39fd248abfd30da551c"
],
"markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'",
"version": "==21.4.0"
"markers": "python_version >= '3.5'",
"version": "==22.1.0"
},
"bandit": {
"hashes": [
@@ -42,19 +42,19 @@
},
"boto3": {
"hashes": [
"sha256:5c775dcb12ca5d6be3f5aa3c49d77783faa64eb30fd3f4af93ff116bb42f9ffb",
"sha256:5d9bcc355cf6edd7f3849fedac4252e12a0aa2b436cdbc0d4371b16a0f852a30"
"sha256:b72496c7eaa45afbdfa48a7c648c3211342582d91c8c1b7330d09c18242132d1",
"sha256:ec1aa3f4c2b68da1a9c01e175086f5f6b1b8b67780fa569ab8875be5bb3fd5ae"
],
"index": "pypi",
"version": "==1.24.34"
"version": "==1.24.61"
},
"botocore": {
"hashes": [
"sha256:0d824a5315f5f5c3bea53c14107a69695ef43190edf647f1281bac8f172ca77c",
"sha256:9c695d47f1f1212f3e306e51f7bacdf67e58055194ddcf7d8296660b124cf135"
"sha256:535c8e97ed28a38fd09dd8f4735195e761bbee54e4c6021f3a709a97b1287dd6",
"sha256:99012965e2409665c7d86706862c5a141e01e1c4d2c81cb9409a44200ee59631"
],
"index": "pypi",
"version": "==1.27.34"
"version": "==1.27.61"
},
"certifi": {
"hashes": [
@@ -135,11 +135,11 @@
},
"charset-normalizer": {
"hashes": [
"sha256:5189b6f22b01957427f35b6a08d9a0bc45b46d3788ef5a92e978433c7a35f8a5",
"sha256:575e708016ff3a5e3681541cb9d79312c416835686d054a23accb873b254f413"
"sha256:5a3d016c7c547f69d6f81fb0db9449ce888b418b5b9952cc5e6e66843e9dd845",
"sha256:83e9a75d1911279afd89352c68b45348559d1fc0506b054b346651b5e7fee29f"
],
"markers": "python_version >= '3.6'",
"version": "==2.1.0"
"version": "==2.1.1"
},
"click": {
"hashes": [
@@ -159,50 +159,59 @@
},
"coverage": {
"hashes": [
"sha256:0895ea6e6f7f9939166cc835df8fa4599e2d9b759b02d1521b574e13b859ac32",
"sha256:0f211df2cba951ffcae210ee00e54921ab42e2b64e0bf2c0befc977377fb09b7",
"sha256:147605e1702d996279bb3cc3b164f408698850011210d133a2cb96a73a2f7996",
"sha256:24b04d305ea172ccb21bee5bacd559383cba2c6fcdef85b7701cf2de4188aa55",
"sha256:25b7ec944f114f70803d6529394b64f8749e93cbfac0fe6c5ea1b7e6c14e8a46",
"sha256:2b20286c2b726f94e766e86a3fddb7b7e37af5d0c635bdfa7e4399bc523563de",
"sha256:2dff52b3e7f76ada36f82124703f4953186d9029d00d6287f17c68a75e2e6039",
"sha256:2f8553878a24b00d5ab04b7a92a2af50409247ca5c4b7a2bf4eabe94ed20d3ee",
"sha256:3def6791adf580d66f025223078dc84c64696a26f174131059ce8e91452584e1",
"sha256:422fa44070b42fef9fb8dabd5af03861708cdd6deb69463adc2130b7bf81332f",
"sha256:4f89d8e03c8a3757aae65570d14033e8edf192ee9298303db15955cadcff0c63",
"sha256:5336e0352c0b12c7e72727d50ff02557005f79a0b8dcad9219c7c4940a930083",
"sha256:54d8d0e073a7f238f0666d3c7c0d37469b2aa43311e4024c925ee14f5d5a1cbe",
"sha256:5ef42e1db047ca42827a85e34abe973971c635f83aed49611b7f3ab49d0130f0",
"sha256:5f65e5d3ff2d895dab76b1faca4586b970a99b5d4b24e9aafffc0ce94a6022d6",
"sha256:6c3ccfe89c36f3e5b9837b9ee507472310164f352c9fe332120b764c9d60adbe",
"sha256:6d0b48aff8e9720bdec315d67723f0babd936a7211dc5df453ddf76f89c59933",
"sha256:6fe75dcfcb889b6800f072f2af5a331342d63d0c1b3d2bf0f7b4f6c353e8c9c0",
"sha256:79419370d6a637cb18553ecb25228893966bd7935a9120fa454e7076f13b627c",
"sha256:7bb00521ab4f99fdce2d5c05a91bddc0280f0afaee0e0a00425e28e209d4af07",
"sha256:80db4a47a199c4563d4a25919ff29c97c87569130375beca3483b41ad5f698e8",
"sha256:866ebf42b4c5dbafd64455b0a1cd5aa7b4837a894809413b930026c91e18090b",
"sha256:8af6c26ba8df6338e57bedbf916d76bdae6308e57fc8f14397f03b5da8622b4e",
"sha256:a13772c19619118903d65a91f1d5fea84be494d12fd406d06c849b00d31bf120",
"sha256:a697977157adc052284a7160569b36a8bbec09db3c3220642e6323b47cec090f",
"sha256:a9032f9b7d38bdf882ac9f66ebde3afb8145f0d4c24b2e600bc4c6304aafb87e",
"sha256:b5e28db9199dd3833cc8a07fa6cf429a01227b5d429facb56eccd765050c26cd",
"sha256:c77943ef768276b61c96a3eb854eba55633c7a3fddf0a79f82805f232326d33f",
"sha256:d230d333b0be8042ac34808ad722eabba30036232e7a6fb3e317c49f61c93386",
"sha256:d4548be38a1c810d79e097a38107b6bf2ff42151900e47d49635be69943763d8",
"sha256:d4e7ced84a11c10160c0697a6cc0b214a5d7ab21dfec1cd46e89fbf77cc66fae",
"sha256:d56f105592188ce7a797b2bd94b4a8cb2e36d5d9b0d8a1d2060ff2a71e6b9bbc",
"sha256:d714af0bdba67739598849c9f18efdcc5a0412f4993914a0ec5ce0f1e864d783",
"sha256:d774d9e97007b018a651eadc1b3970ed20237395527e22cbeb743d8e73e0563d",
"sha256:e0524adb49c716ca763dbc1d27bedce36b14f33e6b8af6dba56886476b42957c",
"sha256:e2618cb2cf5a7cc8d698306e42ebcacd02fb7ef8cfc18485c59394152c70be97",
"sha256:e36750fbbc422c1c46c9d13b937ab437138b998fe74a635ec88989afb57a3978",
"sha256:edfdabe7aa4f97ed2b9dd5dde52d2bb29cb466993bb9d612ddd10d0085a683cf",
"sha256:f22325010d8824594820d6ce84fa830838f581a7fd86a9235f0d2ed6deb61e29",
"sha256:f23876b018dfa5d3e98e96f5644b109090f16a4acb22064e0f06933663005d39",
"sha256:f7bd0ffbcd03dc39490a1f40b2669cc414fae0c4e16b77bb26806a4d0b7d1452"
"sha256:01778769097dbd705a24e221f42be885c544bb91251747a8a3efdec6eb4788f2",
"sha256:08002f9251f51afdcc5e3adf5d5d66bb490ae893d9e21359b085f0e03390a820",
"sha256:1238b08f3576201ebf41f7c20bf59baa0d05da941b123c6656e42cdb668e9827",
"sha256:14a32ec68d721c3d714d9b105c7acf8e0f8a4f4734c811eda75ff3718570b5e3",
"sha256:15e38d853ee224e92ccc9a851457fb1e1f12d7a5df5ae44544ce7863691c7a0d",
"sha256:354df19fefd03b9a13132fa6643527ef7905712109d9c1c1903f2133d3a4e145",
"sha256:35ef1f8d8a7a275aa7410d2f2c60fa6443f4a64fae9be671ec0696a68525b875",
"sha256:4179502f210ebed3ccfe2f78bf8e2d59e50b297b598b100d6c6e3341053066a2",
"sha256:42c499c14efd858b98c4e03595bf914089b98400d30789511577aa44607a1b74",
"sha256:4b7101938584d67e6f45f0015b60e24a95bf8dea19836b1709a80342e01b472f",
"sha256:564cd0f5b5470094df06fab676c6d77547abfdcb09b6c29c8a97c41ad03b103c",
"sha256:5f444627b3664b80d078c05fe6a850dd711beeb90d26731f11d492dcbadb6973",
"sha256:6113e4df2fa73b80f77663445be6d567913fb3b82a86ceb64e44ae0e4b695de1",
"sha256:61b993f3998ee384935ee423c3d40894e93277f12482f6e777642a0141f55782",
"sha256:66e6df3ac4659a435677d8cd40e8eb1ac7219345d27c41145991ee9bf4b806a0",
"sha256:67f9346aeebea54e845d29b487eb38ec95f2ecf3558a3cffb26ee3f0dcc3e760",
"sha256:6913dddee2deff8ab2512639c5168c3e80b3ebb0f818fed22048ee46f735351a",
"sha256:6a864733b22d3081749450466ac80698fe39c91cb6849b2ef8752fd7482011f3",
"sha256:7026f5afe0d1a933685d8f2169d7c2d2e624f6255fb584ca99ccca8c0e966fd7",
"sha256:783bc7c4ee524039ca13b6d9b4186a67f8e63d91342c713e88c1865a38d0892a",
"sha256:7a98d6bf6d4ca5c07a600c7b4e0c5350cd483c85c736c522b786be90ea5bac4f",
"sha256:8d032bfc562a52318ae05047a6eb801ff31ccee172dc0d2504614e911d8fa83e",
"sha256:98c0b9e9b572893cdb0a00e66cf961a238f8d870d4e1dc8e679eb8bdc2eb1b86",
"sha256:9c7b9b498eb0c0d48b4c2abc0e10c2d78912203f972e0e63e3c9dc21f15abdaa",
"sha256:9cc4f107009bca5a81caef2fca843dbec4215c05e917a59dec0c8db5cff1d2aa",
"sha256:9d6e1f3185cbfd3d91ac77ea065d85d5215d3dfa45b191d14ddfcd952fa53796",
"sha256:a095aa0a996ea08b10580908e88fbaf81ecf798e923bbe64fb98d1807db3d68a",
"sha256:a3b2752de32c455f2521a51bd3ffb53c5b3ae92736afde67ce83477f5c1dd928",
"sha256:ab066f5ab67059d1f1000b5e1aa8bbd75b6ed1fc0014559aea41a9eb66fc2ce0",
"sha256:c1328d0c2f194ffda30a45f11058c02410e679456276bfa0bbe0b0ee87225fac",
"sha256:c35cca192ba700979d20ac43024a82b9b32a60da2f983bec6c0f5b84aead635c",
"sha256:cbbb0e4cd8ddcd5ef47641cfac97d8473ab6b132dd9a46bacb18872828031685",
"sha256:cdbb0d89923c80dbd435b9cf8bba0ff55585a3cdb28cbec65f376c041472c60d",
"sha256:cf2afe83a53f77aec067033199797832617890e15bed42f4a1a93ea24794ae3e",
"sha256:d5dd4b8e9cd0deb60e6fcc7b0647cbc1da6c33b9e786f9c79721fd303994832f",
"sha256:dfa0b97eb904255e2ab24166071b27408f1f69c8fbda58e9c0972804851e0558",
"sha256:e16c45b726acb780e1e6f88b286d3c10b3914ab03438f32117c4aa52d7f30d58",
"sha256:e1fabd473566fce2cf18ea41171d92814e4ef1495e04471786cbc943b89a3781",
"sha256:e3d3c4cc38b2882f9a15bafd30aec079582b819bec1b8afdbde8f7797008108a",
"sha256:e431e305a1f3126477abe9a184624a85308da8edf8486a863601d58419d26ffa",
"sha256:e7b4da9bafad21ea45a714d3ea6f3e1679099e420c8741c74905b92ee9bfa7cc",
"sha256:ee2b2fb6eb4ace35805f434e0f6409444e1466a47f620d1d5763a22600f0f892",
"sha256:ee6ae6bbcac0786807295e9687169fba80cb0617852b2fa118a99667e8e6815d",
"sha256:ef6f44409ab02e202b31a05dd6666797f9de2aa2b4b3534e9d450e42dea5e817",
"sha256:f67cf9f406cf0d2f08a3515ce2db5b82625a7257f88aad87904674def6ddaec1",
"sha256:f855b39e4f75abd0dfbcf74a82e84ae3fc260d523fcb3532786bcbbcb158322c",
"sha256:fc600f6ec19b273da1d85817eda339fb46ce9eef3e89f220055d8696e0a06908",
"sha256:fcbe3d9a53e013f8ab88734d7e517eb2cd06b7e689bedf22c0eb68db5e4a0a19",
"sha256:fde17bc42e0716c94bf19d92e4c9f5a00c5feb401f5bc01101fdf2a8b7cacf60",
"sha256:ff934ced84054b9018665ca3967fc48e1ac99e811f6cc99ea65978e1d384454b"
],
"index": "pypi",
"version": "==6.4.2"
"version": "==6.4.4"
},
"cryptography": {
"hashes": [
@@ -234,11 +243,11 @@
},
"dparse": {
"hashes": [
"sha256:a1b5f169102e1c894f9a7d5ccf6f9402a836a5d24be80a986c7ce9eaed78f367",
"sha256:e953a25e44ebb60a5c6efc2add4420c177f1d8404509da88da9729202f306994"
"sha256:b1514fb08895d85b18d4eba3b1b7025ff9e6ea07286282021e19def872129975",
"sha256:c348994a1f41c85f664d8f5a47442647bc4e22c5af5b1b26ef29aff0fa5dddcd"
],
"markers": "python_version >= '3.5'",
"version": "==0.5.1"
"version": "==0.5.2"
},
"gitdb": {
"hashes": [
@@ -346,11 +355,11 @@
"iam"
],
"hashes": [
"sha256:8bb8e267d9b948509d4739d81d995615a193d2c459f5c0a979aaeb0d3bd4b381",
"sha256:cbe8ad8a949f519771e5d25b670738604757fb67cd474d75d14c20677582e81f"
"sha256:6fb81f500c49f46f19f44b1db1c2ea56f19f90d0ca6b944866ae0f0eeab76398",
"sha256:a9529f295ac786ea80cdce682d57170f801c3618c3b540ced29d0473518f534d"
],
"index": "pypi",
"version": "==3.1.16"
"version": "==4.0.1"
},
"packaging": {
"hashes": [
@@ -362,11 +371,11 @@
},
"pbr": {
"hashes": [
"sha256:e547125940bcc052856ded43be8e101f63828c2d94239ffbe2b327ba3d5ccf0a",
"sha256:e8dca2f4b43560edef58813969f52a56cef023146cbb8931626db80e6c1c4308"
"sha256:cfcc4ff8e698256fc17ea3ff796478b050852585aa5bae79ecd05b2ab7b39b9a",
"sha256:da3e18aac0a3c003e9eea1a81bd23e5a3a75d745670dcf736317b7d966887fdf"
],
"markers": "python_version >= '2.6'",
"version": "==5.9.0"
"version": "==5.10.0"
},
"pluggy": {
"hashes": [
@@ -393,44 +402,44 @@
},
"pydantic": {
"hashes": [
"sha256:02eefd7087268b711a3ff4db528e9916ac9aa18616da7bca69c1871d0b7a091f",
"sha256:059b6c1795170809103a1538255883e1983e5b831faea6558ef873d4955b4a74",
"sha256:0bf07cab5b279859c253d26a9194a8906e6f4a210063b84b433cf90a569de0c1",
"sha256:1542636a39c4892c4f4fa6270696902acb186a9aaeac6f6cf92ce6ae2e88564b",
"sha256:177071dfc0df6248fd22b43036f936cfe2508077a72af0933d0c1fa269b18537",
"sha256:18f3e912f9ad1bdec27fb06b8198a2ccc32f201e24174cec1b3424dda605a310",
"sha256:1dd8fecbad028cd89d04a46688d2fcc14423e8a196d5b0a5c65105664901f810",
"sha256:1ed987c3ff29fff7fd8c3ea3a3ea877ad310aae2ef9889a119e22d3f2db0691a",
"sha256:447d5521575f18e18240906beadc58551e97ec98142266e521c34968c76c8761",
"sha256:494f7c8537f0c02b740c229af4cb47c0d39840b829ecdcfc93d91dcbb0779892",
"sha256:4988c0f13c42bfa9ddd2fe2f569c9d54646ce84adc5de84228cfe83396f3bd58",
"sha256:4ce9ae9e91f46c344bec3b03d6ee9612802682c1551aaf627ad24045ce090761",
"sha256:5d93d4e95eacd313d2c765ebe40d49ca9dd2ed90e5b37d0d421c597af830c195",
"sha256:61b6760b08b7c395975d893e0b814a11cf011ebb24f7d869e7118f5a339a82e1",
"sha256:72ccb318bf0c9ab97fc04c10c37683d9eea952ed526707fabf9ac5ae59b701fd",
"sha256:79b485767c13788ee314669008d01f9ef3bc05db9ea3298f6a50d3ef596a154b",
"sha256:7eb57ba90929bac0b6cc2af2373893d80ac559adda6933e562dcfb375029acee",
"sha256:8bc541a405423ce0e51c19f637050acdbdf8feca34150e0d17f675e72d119580",
"sha256:969dd06110cb780da01336b281f53e2e7eb3a482831df441fb65dd30403f4608",
"sha256:985ceb5d0a86fcaa61e45781e567a59baa0da292d5ed2e490d612d0de5796918",
"sha256:9bcf8b6e011be08fb729d110f3e22e654a50f8a826b0575c7196616780683380",
"sha256:9ce157d979f742a915b75f792dbd6aa63b8eccaf46a1005ba03aa8a986bde34a",
"sha256:9f659a5ee95c8baa2436d392267988fd0f43eb774e5eb8739252e5a7e9cf07e0",
"sha256:a4a88dcd6ff8fd47c18b3a3709a89adb39a6373f4482e04c1b765045c7e282fd",
"sha256:a955260d47f03df08acf45689bd163ed9df82c0e0124beb4251b1290fa7ae728",
"sha256:a9af62e9b5b9bc67b2a195ebc2c2662fdf498a822d62f902bf27cccb52dbbf49",
"sha256:ae72f8098acb368d877b210ebe02ba12585e77bd0db78ac04a1ee9b9f5dd2166",
"sha256:b83ba3825bc91dfa989d4eed76865e71aea3a6ca1388b59fc801ee04c4d8d0d6",
"sha256:c11951b404e08b01b151222a1cb1a9f0a860a8153ce8334149ab9199cd198131",
"sha256:c320c64dd876e45254bdd350f0179da737463eea41c43bacbee9d8c9d1021f11",
"sha256:c8098a724c2784bf03e8070993f6d46aa2eeca031f8d8a048dff277703e6e193",
"sha256:d12f96b5b64bec3f43c8e82b4aab7599d0157f11c798c9f9c528a72b9e0b339a",
"sha256:e565a785233c2d03724c4dc55464559639b1ba9ecf091288dd47ad9c629433bd",
"sha256:f0f047e11febe5c3198ed346b507e1d010330d56ad615a7e0a89fae604065a0e",
"sha256:fe4670cb32ea98ffbf5a1262f14c3e102cccd92b1869df3bb09538158ba90fe6"
"sha256:1061c6ee6204f4f5a27133126854948e3b3d51fcc16ead2e5d04378c199b2f44",
"sha256:19b5686387ea0d1ea52ecc4cffb71abb21702c5e5b2ac626fd4dbaa0834aa49d",
"sha256:2bd446bdb7755c3a94e56d7bdfd3ee92396070efa8ef3a34fab9579fe6aa1d84",
"sha256:328558c9f2eed77bd8fffad3cef39dbbe3edc7044517f4625a769d45d4cf7555",
"sha256:32e0b4fb13ad4db4058a7c3c80e2569adbd810c25e6ca3bbd8b2a9cc2cc871d7",
"sha256:3ee0d69b2a5b341fc7927e92cae7ddcfd95e624dfc4870b32a85568bd65e6131",
"sha256:4aafd4e55e8ad5bd1b19572ea2df546ccace7945853832bb99422a79c70ce9b8",
"sha256:4b3946f87e5cef3ba2e7bd3a4eb5a20385fe36521d6cc1ebf3c08a6697c6cfb3",
"sha256:4de71c718c9756d679420c69f216776c2e977459f77e8f679a4a961dc7304a56",
"sha256:5565a49effe38d51882cb7bac18bda013cdb34d80ac336428e8908f0b72499b0",
"sha256:5803ad846cdd1ed0d97eb00292b870c29c1f03732a010e66908ff48a762f20e4",
"sha256:5da164119602212a3fe7e3bc08911a89db4710ae51444b4224c2382fd09ad453",
"sha256:615661bfc37e82ac677543704437ff737418e4ea04bef9cf11c6d27346606044",
"sha256:78a4d6bdfd116a559aeec9a4cfe77dda62acc6233f8b56a716edad2651023e5e",
"sha256:7d0f183b305629765910eaad707800d2f47c6ac5bcfb8c6397abdc30b69eeb15",
"sha256:7ead3cd020d526f75b4188e0a8d71c0dbbe1b4b6b5dc0ea775a93aca16256aeb",
"sha256:84d76ecc908d917f4684b354a39fd885d69dd0491be175f3465fe4b59811c001",
"sha256:8cb0bc509bfb71305d7a59d00163d5f9fc4530f0881ea32c74ff4f74c85f3d3d",
"sha256:91089b2e281713f3893cd01d8e576771cd5bfdfbff5d0ed95969f47ef6d676c3",
"sha256:9c9e04a6cdb7a363d7cb3ccf0efea51e0abb48e180c0d31dca8d247967d85c6e",
"sha256:a8c5360a0297a713b4123608a7909e6869e1b56d0e96eb0d792c27585d40757f",
"sha256:afacf6d2a41ed91fc631bade88b1d319c51ab5418870802cedb590b709c5ae3c",
"sha256:b34ba24f3e2d0b39b43f0ca62008f7ba962cff51efa56e64ee25c4af6eed987b",
"sha256:bd67cb2c2d9602ad159389c29e4ca964b86fa2f35c2faef54c3eb28b4efd36c8",
"sha256:c0f5e142ef8217019e3eef6ae1b6b55f09a7a15972958d44fbd228214cede567",
"sha256:cdb4272678db803ddf94caa4f94f8672e9a46bae4a44f167095e4d06fec12979",
"sha256:d70916235d478404a3fa8c997b003b5f33aeac4686ac1baa767234a0f8ac2326",
"sha256:d8ce3fb0841763a89322ea0432f1f59a2d3feae07a63ea2c958b2315e1ae8adb",
"sha256:e0b214e57623a535936005797567231a12d0da0c29711eb3514bc2b3cd008d0f",
"sha256:e631c70c9280e3129f071635b81207cad85e6c08e253539467e4ead0e5b219aa",
"sha256:e78578f0c7481c850d1c969aca9a65405887003484d24f6110458fb02cca7747",
"sha256:f0ca86b525264daa5f6b192f216a0d1e860b7383e3da1c65a1908f9c02f42801",
"sha256:f1a68f4f65a9ee64b6ccccb5bf7e17db07caebd2730109cb8a95863cfa9c4e55",
"sha256:fafe841be1103f340a24977f61dee76172e4ae5f647ab9e7fd1e1fca51524f08",
"sha256:ff68fc85355532ea77559ede81f35fff79a6a5543477e168ab3a381887caea76"
],
"index": "pypi",
"version": "==1.9.1"
"version": "==1.9.2"
},
"pyparsing": {
"hashes": [
@@ -458,10 +467,10 @@
},
"pytz": {
"hashes": [
"sha256:1e760e2fe6a8163bc0b3d9a19c4f84342afa0a2affebfaa84b01b978a02ecaa7",
"sha256:e68985985296d9a66a881eb3193b0906246245294a881e7c8afe623866ac6a5c"
"sha256:220f481bdafa09c3955dfbdddb7b57780e9a94f5127e35456a48589b9e0c0197",
"sha256:cea221417204f2d1a2aa03ddae3e867921971d0d76f14d87abb4414415bbdcf5"
],
"version": "==2022.1"
"version": "==2022.2.1"
},
"pyyaml": {
"hashes": [
@@ -528,13 +537,17 @@
},
"ruamel.yaml.clib": {
"hashes": [
"sha256:066f886bc90cc2ce44df8b5f7acfc6a7e2b2e672713f027136464492b0c34d7c",
"sha256:0847201b767447fc33b9c235780d3aa90357d20dd6108b92be544427bea197dd",
"sha256:1070ba9dd7f9370d0513d649420c3b362ac2d687fe78c6e888f5b12bf8bc7bee",
"sha256:1866cf2c284a03b9524a5cc00daca56d80057c5ce3cdc86a52020f4c720856f0",
"sha256:1b4139a6ffbca8ef60fdaf9b33dec05143ba746a6f0ae0f9d11d38239211d335",
"sha256:210c8fcfeff90514b7133010bf14e3bad652c8efde6b20e00c43854bf94fa5a6",
"sha256:221eca6f35076c6ae472a531afa1c223b9c29377e62936f61bc8e6e8bdc5f9e7",
"sha256:31ea73e564a7b5fbbe8188ab8b334393e06d997914a4e184975348f204790277",
"sha256:3fb9575a5acd13031c57a62cc7823e5d2ff8bc3835ba4d94b921b4e6ee664104",
"sha256:4ff604ce439abb20794f05613c374759ce10e3595d1867764dd1ae675b85acbd",
"sha256:61bc5e5ca632d95925907c569daa559ea194a4d16084ba86084be98ab1cec1c6",
"sha256:6e7be2c5bcb297f5b82fee9c665eb2eb7001d1050deaba8471842979293a80b0",
"sha256:72a2b8b2ff0a627496aad76f37a652bcef400fd861721744201ef1b45199ab78",
"sha256:77df077d32921ad46f34816a9a16e6356d8100374579bc35e15bab5d4e9377de",
@@ -550,6 +563,7 @@
"sha256:ada3f400d9923a190ea8b59c8f60680c4ef8a4b0dfae134d2f2ff68429adfab5",
"sha256:bf75d28fa071645c529b5474a550a44686821decebdd00e21127ef1fd566eabe",
"sha256:cfdb9389d888c5b74af297e51ce357b800dd844898af9d4a547ffc143fa56751",
"sha256:d3c620a54748a3d4cf0bcfe623e388407c8e85a4b06b8188e126302bcab93ea8",
"sha256:d67f273097c368265a7b81e152e07fb90ed395df6e552b9fa858c6d2c9f42502",
"sha256:dc6a613d6c74eef5a14a214d433d06291526145431c3b964f5e16529b1842bed",
"sha256:de9c6b8a1ba52919ae919f3ae96abb72b994dd0350226e28f3686cb4f142165c"
@@ -575,11 +589,11 @@
},
"setuptools": {
"hashes": [
"sha256:0d33c374d41c7863419fc8f6c10bfe25b7b498aa34164d135c622e52580c6b16",
"sha256:c04b44a57a6265fe34a4a444e965884716d34bae963119a76353434d6f18e450"
"sha256:2e24e0bec025f035a2e72cdd1961119f557d78ad331bb00ff82efb2ab8da8e82",
"sha256:7732871f4f7fa58fb6bdcaeadb0161b2bd046c85905dbaa066bdcbcc81953b57"
],
"markers": "python_version >= '3.7'",
"version": "==63.2.0"
"version": "==65.3.0"
},
"six": {
"hashes": [
@@ -638,11 +652,11 @@
},
"urllib3": {
"hashes": [
"sha256:8298d6d56d39be0e3bc13c1c97d133f9b45d797169a0e11cdd0e0489d786f7ec",
"sha256:879ba4d1e89654d9769ce13121e0f94310ea32e8d2f8cf587b77c08bbcdb30d6"
"sha256:3fa96cf423e6987997fc326ae8df396db2a8b7c667747d47ddd8ecba91f4a74e",
"sha256:b930dd878d5a8afb066a637fbb35144fe7901e3b209d1cd4f524bd0e9deee997"
],
"markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5' and python_version < '4'",
"version": "==1.26.10"
"version": "==1.26.12"
},
"vulture": {
"hashes": [

2
lib/outputs/models.py
View File

@@ -5,7 +5,7 @@ from pydantic import BaseModel
from config.config import timestamp
from lib.check.models import Check_Report, ComplianceItem, Remediation
from providers.aws.models import AWS_Organizations_Info
from providers.aws.lib.audit_info.models import AWS_Organizations_Info
@dataclass

2
lib/outputs/outputs.py
View File

@@ -24,7 +24,7 @@ from lib.outputs.models import (
Severity,
)
from lib.utils.utils import file_exists, hash_sha512, open_file
from providers.aws.lib.security_hub import send_to_security_hub
from providers.aws.lib.security_hub.security_hub import send_to_security_hub
def report(check_findings, output_options, audit_info):

2
lib/outputs/outputs_test.py
View File

@@ -32,7 +32,7 @@ from lib.outputs.outputs import (
set_report_color,
)
from lib.utils.utils import hash_sha512, open_file
from providers.aws.models import AWS_Audit_Info
from providers.aws.lib.audit_info.models import AWS_Audit_Info
class Test_Outputs:

29
providers/aws/aws_provider.py
View File

@@ -10,8 +10,8 @@ from config.config import aws_services_json_file
from lib.logger import logger
from lib.utils.utils import open_file, parse_json_file
from providers.aws.lib.arn.arn import arn_parsing
from providers.aws.models import (
AWS_Assume_Role,
from providers.aws.lib.audit_info.audit_info import current_audit_info
from providers.aws.lib.audit_info.models import (
AWS_Audit_Info,
AWS_Credentials,
AWS_Organizations_Info,
@@ -91,31 +91,12 @@ def provider_set_session(
input_regions,
organizations_role_arn,
):
# Mark variable that stores all the info about the audit as global
global current_audit_info
# Assumed AWS session
assumed_session = None
# Setting session
current_audit_info = AWS_Audit_Info(
original_session=None,
audit_session=None,
audited_account=None,
audited_user_id=None,
audited_partition=None,
audited_identity_arn=None,
profile=input_profile,
profile_region=None,
credentials=None,
assumed_role_info=AWS_Assume_Role(
role_arn=None,
session_duration=None,
external_id=None,
),
audited_regions=input_regions,
organizations_metadata=None,
)
current_audit_info.profile = input_profile
current_audit_info.audited_regions = input_regions
logger.info("Generating original session ...")
# Create an global original session using only profile/basic credentials info

2
providers/aws/aws_provider_test.py
View File

@@ -10,7 +10,7 @@ from providers.aws.aws_provider import (
get_region_global_service,
validate_credentials,
)
from providers.aws.models import AWS_Assume_Role, AWS_Audit_Info
from providers.aws.lib.audit_info.models import AWS_Assume_Role, AWS_Audit_Info
ACCOUNT_ID = 123456789012

26
providers/aws/lib/audit_info/audit_info.py Normal file
View File

@@ -0,0 +1,26 @@
from boto3 import session
from providers.aws.lib.audit_info.models import AWS_Assume_Role, AWS_Audit_Info
# Default Current Audit Info
current_audit_info = AWS_Audit_Info(
original_session=None,
audit_session=session.Session(
profile_name=None,
botocore_session=None,
),
audited_account=None,
audited_user_id=None,
audited_partition=None,
audited_identity_arn=None,
profile=None,
profile_region=None,
credentials=None,
assumed_role_info=AWS_Assume_Role(
role_arn=None,
session_duration=None,
external_id=None,
),
audited_regions=None,
organizations_metadata=None,
)

0
providers/aws/models.py → providers/aws/lib/audit_info/models.py
View File

0
providers/aws/lib/security_hub/__init__.py Normal file
View File

2
providers/aws/lib/security_hub.py → providers/aws/lib/security_hub/security_hub.py
View File

@@ -7,7 +7,7 @@ from boto3 import session
from config.config import json_asff_file_suffix, timestamp_utc
from lib.logger import logger
from lib.outputs.models import Check_Output_JSON_ASFF
from providers.aws.models import AWS_Audit_Info
from providers.aws.lib.audit_info.models import AWS_Audit_Info
def send_to_security_hub(

4
providers/aws/services/ec2/ec2_client.py Normal file
View File

@@ -0,0 +1,4 @@
from providers.aws.lib.audit_info.audit_info import current_audit_info
from providers.aws.services.ec2.ec2_service import EC2
ec2_client = EC2(current_audit_info)

2
providers/aws/services/ec2/ec2_ebs_public_snapshot/ec2_ebs_public_snapshot.py
View File

@@ -1,5 +1,5 @@
from lib.check.models import Check, Check_Report
from providers.aws.services.ec2.ec2_service import ec2_client
from providers.aws.services.ec2.ec2_client import ec2_client
class ec2_ebs_public_snapshot(Check):

2
providers/aws/services/ec2/ec2_ebs_snapshots_encrypted/ec2_ebs_snapshots_encrypted.py
View File

@@ -1,5 +1,5 @@
from lib.check.models import Check, Check_Report
from providers.aws.services.ec2.ec2_service import ec2_client
from providers.aws.services.ec2.ec2_client import ec2_client
class ec2_ebs_snapshots_encrypted(Check):

2
providers/aws/services/ec2/ec2_instance_public_ip/ec2_instance_public_ip.py
View File

@@ -1,5 +1,5 @@
from lib.check.models import Check, Check_Report
from providers.aws.services.ec2.ec2_service import ec2_client
from providers.aws.services.ec2.ec2_client import ec2_client
class ec2_instance_public_ip(Check):

2
providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_22/ec2_networkacl_allow_ingress_tcp_port_22.py
View File

@@ -1,5 +1,5 @@
from lib.check.models import Check, Check_Report
from providers.aws.services.ec2.ec2_service import ec2_client
from providers.aws.services.ec2.ec2_client import ec2_client
from providers.aws.services.ec2.lib.network_acls import check_network_acl

2
providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_3389/ec2_networkacl_allow_ingress_tcp_port_3389.py
View File

@@ -1,5 +1,5 @@
from lib.check.models import Check, Check_Report
from providers.aws.services.ec2.ec2_service import ec2_client
from providers.aws.services.ec2.ec2_client import ec2_client
from providers.aws.services.ec2.lib.network_acls import check_network_acl

2
providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_any_port/ec2_securitygroup_allow_ingress_from_internet_to_any_port.py
View File

@@ -1,5 +1,5 @@
from lib.check.models import Check, Check_Report
from providers.aws.services.ec2.ec2_service import ec2_client
from providers.aws.services.ec2.ec2_client import ec2_client
from providers.aws.services.ec2.lib.security_groups import check_security_group

4
providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21.py
View File

@@ -1,7 +1,9 @@
from lib.check.models import Check, Check_Report
from providers.aws.services.ec2.ec2_service import ec2_client
from providers.aws.services.ec2.ec2_client import ec2_client
from providers.aws.services.ec2.lib.security_groups import check_security_group
class ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21(Check):
def execute(self):
findings = []

2
providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22.py
View File

@@ -1,5 +1,5 @@
from lib.check.models import Check, Check_Report
from providers.aws.services.ec2.ec2_service import ec2_client
from providers.aws.services.ec2.ec2_client import ec2_client
from providers.aws.services.ec2.lib.security_groups import check_security_group

2
providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389.py
View File

@@ -1,5 +1,5 @@
from lib.check.models import Check, Check_Report
from providers.aws.services.ec2.ec2_service import ec2_client
from providers.aws.services.ec2.ec2_client import ec2_client
from providers.aws.services.ec2.lib.security_groups import check_security_group

2
providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306.py
View File

@@ -1,5 +1,5 @@
from lib.check.models import Check, Check_Report
from providers.aws.services.ec2.ec2_service import ec2_client
from providers.aws.services.ec2.ec2_client import ec2_client
from providers.aws.services.ec2.lib.security_groups import check_security_group

2
providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483.py
View File

@@ -1,5 +1,5 @@
from lib.check.models import Check, Check_Report
from providers.aws.services.ec2.ec2_service import ec2_client
from providers.aws.services.ec2.ec2_client import ec2_client
from providers.aws.services.ec2.lib.security_groups import check_security_group

7
providers/aws/services/ec2/ec2_service.py
View File

@@ -2,7 +2,7 @@ import threading
from dataclasses import dataclass
from lib.logger import logger
from providers.aws.aws_provider import current_audit_info, generate_regional_clients
from providers.aws.aws_provider import generate_regional_clients
################## EC2
@@ -129,7 +129,7 @@ class EC2:
)
encrypted = False
for page in describe_snapshots_paginator.paginate(
OwnerIds=[self.audited_account]
OwnerIds=[str(self.audited_account)]
):
for snapshot in page["Snapshots"]:
if snapshot["Encrypted"]:
@@ -234,6 +234,3 @@ class NetworkACL:
self.id = id
self.region = region
self.entries = entries
ec2_client = EC2(current_audit_info)

167
providers/aws/services/ec2/ec2_service_test.py Normal file
View File

@@ -0,0 +1,167 @@
from boto3 import client, resource, session
from moto import mock_ec2
from providers.aws.lib.audit_info.models import AWS_Audit_Info
from providers.aws.services.ec2.ec2_service import EC2
AWS_ACCOUNT_NUMBER = 123456789012
AWS_REGION = "us-east-1"
class Test_EC2_Service:
# Mocked Audit Info
def set_mocked_audit_info(self):
audit_info = AWS_Audit_Info(
original_session=None,
audit_session=session.Session(
profile_name=None,
botocore_session=None,
),
audited_account=AWS_ACCOUNT_NUMBER,
audited_user_id=None,
audited_partition="aws",
audited_identity_arn=None,
profile=None,
profile_region=None,
credentials=None,
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
)
return audit_info
# Test EC2 Service
@mock_ec2
def test_service(self):
# EC2 client for this test class
audit_info = self.set_mocked_audit_info()
ec2 = EC2(audit_info)
assert ec2.service == "ec2"
# Test EC2 Client
@mock_ec2
def test_client(self):
# EC2 client for this test class
audit_info = self.set_mocked_audit_info()
ec2 = EC2(audit_info)
for client in ec2.regional_clients.values():
assert client.__class__.__name__ == "EC2"
# Test EC2 Session
@mock_ec2
def test__get_session__(self):
# EC2 client for this test class
audit_info = self.set_mocked_audit_info()
ec2 = EC2(audit_info)
assert ec2.session.__class__.__name__ == "Session"
# Test EC2 Session
@mock_ec2
def test_audited_account(self):
# EC2 client for this test class
audit_info = self.set_mocked_audit_info()
ec2 = EC2(audit_info)
assert ec2.audited_account == AWS_ACCOUNT_NUMBER
# Test EC2 Describe Instances
@mock_ec2
def test__describe_instances__(self):
# Generate EC2 Client
ec2_resource = resource("ec2", region_name=AWS_REGION)
ec2_client = client("ec2", region_name=AWS_REGION)
# Get AMI image
image_response = ec2_client.describe_images()
image_id = image_response["Images"][0]["ImageId"]
# Create EC2 Instances
ec2_resource.create_instances(
MinCount=2,
MaxCount=2,
ImageId=image_id,
)
# EC2 client for this test class
audit_info = self.set_mocked_audit_info()
ec2 = EC2(audit_info)
assert len(ec2.instances) == len(
ec2_client.describe_instances()["Reservations"][0]["Instances"]
)
# Test EC2 Describe Security Groups
@mock_ec2
def test__describe_security_groups__(self):
# Generate EC2 Client
ec2_client = client("ec2", region_name=AWS_REGION)
# Create EC2 Security Group
sg_id = ec2_client.create_security_group(
Description="test-description",
GroupName="test-security-group",
)["GroupId"]
# EC2 client for this test class
audit_info = self.set_mocked_audit_info()
ec2 = EC2(audit_info)
assert sg_id in str(ec2.security_groups)
# Test EC2 Describe Nacls
@mock_ec2
def test__describe_network_acls__(self):
# Generate EC2 Client
ec2_client = client("ec2", region_name=AWS_REGION)
ec2_resource = resource("ec2", region_name=AWS_REGION)
# Create EC2 VPC and SG
vpc_id = ec2_client.create_vpc(CidrBlock="10.0.0.0/16")["Vpc"]["VpcId"]
nacl_id = ec2_resource.create_network_acl(
VpcId=vpc_id,
).id
# EC2 client for this test class
audit_info = self.set_mocked_audit_info()
ec2 = EC2(audit_info)
assert nacl_id in str(ec2.network_acls)
# Test EC2 Describe Snapshots
@mock_ec2
def test__describe_snapshots__(self):
# Generate EC2 Client
ec2_client = client("ec2", region_name=AWS_REGION)
ec2_resource = resource("ec2", region_name=AWS_REGION)
# Create EC2 Volume and Snapshot
volume_id = ec2_resource.create_volume(
AvailabilityZone="us-east-1a",
Size=80,
VolumeType="gp2",
).id
snapshot_id = ec2_client.create_snapshot(
VolumeId=volume_id,
)["SnapshotId"]
# EC2 client for this test class
audit_info = self.set_mocked_audit_info()
ec2 = EC2(audit_info)
assert snapshot_id in str(ec2.snapshots)
# Test EC2 Describe Snapshots
@mock_ec2
def test__get_snapshot_public__(self):
# Generate EC2 Client
ec2_client = client("ec2", region_name=AWS_REGION)
ec2_resource = resource("ec2", region_name=AWS_REGION)
# Create EC2 Volume and Snapshot
volume_id = ec2_resource.create_volume(
AvailabilityZone="us-east-1a",
Size=80,
VolumeType="gp2",
).id
snapshot_id = ec2_client.create_snapshot(
VolumeId=volume_id,
)["SnapshotId"]
ec2_client.modify_snapshot_attribute(
Attribute="createVolumePermission",
GroupNames=[
"all",
],
OperationType="add",
SnapshotId=snapshot_id,
)
# EC2 client for this test class
audit_info = self.set_mocked_audit_info()
ec2 = EC2(audit_info)
for snapshot in ec2.snapshots:
if snapshot.id == snapshot_id:
assert snapshot.public == True

2
providers/aws/services/iam/iam_administrator_access_with_mfa/iam_administrator_access_with_mfa.py
View File

@@ -1,5 +1,5 @@
from lib.check.models import Check, Check_Report
from providers.aws.services.iam.iam_service import iam_client
from providers.aws.services.iam.iam_client import iam_client
class iam_administrator_access_with_mfa(Check):

2
providers/aws/services/iam/iam_avoid_root_usage/iam_avoid_root_usage.py
View File

@@ -1,7 +1,7 @@
import datetime
from lib.check.models import Check, Check_Report
from providers.aws.services.iam.iam_service import iam_client
from providers.aws.services.iam.iam_client import iam_client
maximum_access_days = 1

4
providers/aws/services/iam/iam_client.py Normal file
View File

@@ -0,0 +1,4 @@
from providers.aws.lib.audit_info.audit_info import current_audit_info
from providers.aws.services.iam.iam_service import IAM
iam_client = IAM(current_audit_info)

2
providers/aws/services/iam/iam_disable_30_days_credentials/iam_disable_30_days_credentials.py
View File

@@ -1,7 +1,7 @@
import datetime
from lib.check.models import Check, Check_Report
from providers.aws.services.iam.iam_service import iam_client
from providers.aws.services.iam.iam_client import iam_client
maximum_expiration_days = 30

2
providers/aws/services/iam/iam_disable_90_days_credentials/iam_disable_90_days_credentials.py
View File

@@ -1,7 +1,7 @@
import datetime
from lib.check.models import Check, Check_Report
from providers.aws.services.iam.iam_service import iam_client
from providers.aws.services.iam.iam_client import iam_client
maximum_expiration_days = 90

2
providers/aws/services/iam/iam_no_root_access_key/iam_no_root_access_key.py
View File

@@ -1,5 +1,5 @@
from lib.check.models import Check, Check_Report
from providers.aws.services.iam.iam_service import iam_client
from providers.aws.services.iam.iam_client import iam_client
class iam_no_root_access_key(Check):

2
providers/aws/services/iam/iam_password_policy_expires_passwords_within_90_days_or_less/iam_password_policy_expires_passwords_within_90_days_or_less.py
View File

@@ -1,5 +1,5 @@
from lib.check.models import Check, Check_Report
from providers.aws.services.iam.iam_service import iam_client
from providers.aws.services.iam.iam_client import iam_client
class iam_password_policy_expires_passwords_within_90_days_or_less(Check):

2
providers/aws/services/iam/iam_policy_allows_privilege_escalation/iam_policy_allows_privilege_escalation.py
View File

@@ -1,5 +1,5 @@
from lib.check.models import Check, Check_Report
from providers.aws.services.iam.iam_service import iam_client
from providers.aws.services.iam.iam_client import iam_client
# Does the tool analyze both users and roles, or just one or the other? --> Everything using AttachementCount.
# Does the tool take a principal-centric or policy-centric approach? --> Policy-centric approach.

2
providers/aws/services/iam/iam_root_hardware_mfa_enabled/iam_root_hardware_mfa_enabled.py
View File

@@ -1,5 +1,5 @@
from lib.check.models import Check, Check_Report
from providers.aws.services.iam.iam_service import iam_client
from providers.aws.services.iam.iam_client import iam_client
class iam_root_hardware_mfa_enabled(Check):

2
providers/aws/services/iam/iam_root_mfa_enabled/iam_root_mfa_enabled.py
View File

@@ -1,5 +1,5 @@
from lib.check.models import Check, Check_Report
from providers.aws.services.iam.iam_service import iam_client
from providers.aws.services.iam.iam_client import iam_client
class iam_root_mfa_enabled(Check):

2
providers/aws/services/iam/iam_rotate_access_key_90_days/iam_rotate_access_key_90_days.py
View File

@@ -1,7 +1,7 @@
import datetime
from lib.check.models import Check, Check_Report
from providers.aws.services.iam.iam_service import iam_client
from providers.aws.services.iam.iam_client import iam_client
maximum_expiration_days = 90

5
providers/aws/services/iam/iam_service.py
View File

@@ -2,7 +2,7 @@ import csv
from dataclasses import dataclass
from lib.logger import logger
from providers.aws.aws_provider import current_audit_info, get_region_global_service
from providers.aws.aws_provider import get_region_global_service
################## IAM
@@ -312,6 +312,3 @@ class PasswordPolicy:
self.max_age = max_age
self.reuse_prevention = reuse_prevention
self.hard_expiry = hard_expiry
iam_client = IAM(current_audit_info)

376
providers/aws/services/iam/iam_service_test.py Normal file
View File

@@ -0,0 +1,376 @@
import json
from boto3 import client, session
from moto import mock_iam
from providers.aws.lib.audit_info.models import AWS_Audit_Info
from providers.aws.services.iam.iam_service import IAM
AWS_ACCOUNT_NUMBER = 123456789012
class Test_IAM_Service:
# Mocked Audit Info
def set_mocked_audit_info(self):
audit_info = AWS_Audit_Info(
original_session=None,
audit_session=session.Session(
profile_name=None,
botocore_session=None,
),
audited_account=None,
audited_user_id=None,
audited_partition=None,
audited_identity_arn=None,
profile=None,
profile_region=None,
credentials=None,
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
)
return audit_info
# Test IAM Client
@mock_iam
def test__get_client__(self):
# IAM client for this test class
audit_info = self.set_mocked_audit_info()
iam = IAM(audit_info)
assert iam.client.__class__.__name__ == "IAM"
# Test IAM Session
@mock_iam
def test__get_session__(self):
# IAM client for this test class
audit_info = self.set_mocked_audit_info()
iam = IAM(audit_info)
assert iam.session.__class__.__name__ == "Session"
# Test IAM Get Credential Report
@mock_iam
def test__get_credential_report__(self):
# Generate IAM Client
iam_client = client("iam")
# Create an IAM Users
iam_client.create_user(
UserName="user1",
)
# IAM client for this test class
audit_info = self.set_mocked_audit_info()
iam = IAM(audit_info)
assert len(iam.credential_report) == len(iam_client.list_users()["Users"])
# Test IAM Get Roles
@mock_iam
def test__get_roles__(self):
# Generate IAM Client
iam_client = client("iam")
# Create 2 IAM Roles
iam_client.create_role(
RoleName="role1",
AssumeRolePolicyDocument="string",
)
iam_client.create_role(
RoleName="role2",
AssumeRolePolicyDocument="string",
)
# IAM client for this test class
audit_info = self.set_mocked_audit_info()
iam = IAM(audit_info)
assert len(iam.roles) == len(iam_client.list_roles()["Roles"])
# Test IAM Get Groups
@mock_iam
def test__get_groups__(self):
# Generate IAM Client
iam_client = client("iam")
# Create 2 IAM Groups
iam_client.create_group(
GroupName="group1",
)
iam_client.create_group(
GroupName="group2",
)
# IAM client for this test class
audit_info = self.set_mocked_audit_info()
iam = IAM(audit_info)
assert len(iam.groups) == len(iam_client.list_groups()["Groups"])
# Test IAM Get Users
@mock_iam
def test__get_users__(self):
# Generate IAM Client
iam_client = client("iam")
# Create 2 IAM Users
iam_client.create_user(
UserName="user1",
)
iam_client.create_user(
UserName="user2",
)
# IAM client for this test class
audit_info = self.set_mocked_audit_info()
iam = IAM(audit_info)
assert len(iam.users) == len(iam_client.list_users()["Users"])
# Test IAM Get Customer Managed Policies
@mock_iam
def test__get_customer_managed_policies__(self):
# Generate IAM Client
iam_client = client("iam")
# Create a new IAM Policy
policy_document = """
{
"Version": "2012-10-17",
"Statement":
{
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::example_bucket"
}
}
"""
iam_client.create_policy(
PolicyName="policy1",
PolicyDocument=policy_document,
)
# IAM client for this test class
audit_info = self.set_mocked_audit_info()
iam = IAM(audit_info)
assert len(iam.customer_managed_policies) == len(
iam_client.list_policies(Scope="Local")["Policies"]
)
# Test IAM Get Customer Managed Policies Version
@mock_iam
def test__get_customer_managed_policies_version__(self):
# Generate IAM Client
iam_client = client("iam")
# Create a new IAM Policy
policy_document = """
{
"Version": "2012-10-17",
"Statement":
{
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::example_bucket"
}
}
"""
iam_client.create_policy(
PolicyName="policy1",
PolicyDocument=policy_document,
)
# IAM client for this test class
audit_info = self.set_mocked_audit_info()
iam = IAM(audit_info)
assert len(iam.customer_managed_policies) == 1
assert iam.customer_managed_policies[0]["PolicyDocument"] == json.loads(
policy_document
)
# Test IAM Get Account Summary
@mock_iam
def test__get_account_summary__(self):
# Generate IAM Client
iam_client = client("iam")
account_summary = iam_client.get_account_summary()
# IAM client for this test class
audit_info = self.set_mocked_audit_info()
iam = IAM(audit_info)
assert iam.account_summary == account_summary
# Test IAM Get Password Policy
@mock_iam
def test__get_password_policy__(self):
# Generate IAM Client
iam_client = client("iam")
# Update Password Policy
min_password_length = 123
require_symbols = False
require_numbers = True
require_upper = True
require_lower = False
allow_users_to_change = True
max_password_age = 123
password_reuse_prevention = 24
hard_expiry = True
iam_client.update_account_password_policy(
MinimumPasswordLength=min_password_length,
RequireSymbols=require_symbols,
RequireNumbers=require_numbers,
RequireUppercaseCharacters=require_upper,
RequireLowercaseCharacters=require_lower,
AllowUsersToChangePassword=allow_users_to_change,
MaxPasswordAge=max_password_age,
PasswordReusePrevention=password_reuse_prevention,
HardExpiry=hard_expiry,
)
# IAM client for this test class
audit_info = self.set_mocked_audit_info()
iam = IAM(audit_info)
assert iam.password_policy.length == min_password_length
assert iam.password_policy.symbols == require_symbols
assert iam.password_policy.numbers == require_numbers
assert iam.password_policy.uppercase == require_upper
assert iam.password_policy.lowercase == require_lower
assert iam.password_policy.allow_change == allow_users_to_change
assert iam.password_policy.expiration == True
assert iam.password_policy.max_age == max_password_age
assert iam.password_policy.reuse_prevention == password_reuse_prevention
assert iam.password_policy.hard_expiry == hard_expiry
# Test IAM List MFA Device
@mock_iam
def test__list_mfa_devices__(self):
# Generate IAM Client
iam_client = client("iam")
# Generate IAM user
iam_client.create_user(
UserName="user1",
)
# Create virtual MFA device
mfa_device_name = "test-mfa-device"
virtual_mfa_device = iam_client.create_virtual_mfa_device(
VirtualMFADeviceName=mfa_device_name,
)
iam_client.enable_mfa_device(
UserName="user1",
SerialNumber=virtual_mfa_device["VirtualMFADevice"]["SerialNumber"],
AuthenticationCode1="123456",
AuthenticationCode2="123456",
)
# IAM client for this test class
audit_info = self.set_mocked_audit_info()
iam = IAM(audit_info)
assert len(iam.users) == 1
assert len(iam.users[0].mfa_devices) == 1
assert (
iam.users[0].mfa_devices[0].serial_number
== f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:mfa/{mfa_device_name}"
)
assert iam.users[0].mfa_devices[0].type == "mfa"
# Test IAM List Virtual MFA Device
@mock_iam
def test__list_virtual_mfa_devices__(self):
# Generate IAM Client
iam_client = client("iam")
# Generate IAM user
username = "user1"
iam_client.create_user(
UserName=username,
)
# Create virtual MFA device
mfa_device_name = "test-mfa-device"
virtual_mfa_device = iam_client.create_virtual_mfa_device(
VirtualMFADeviceName=mfa_device_name,
)
iam_client.enable_mfa_device(
UserName=username,
SerialNumber=virtual_mfa_device["VirtualMFADevice"]["SerialNumber"],
AuthenticationCode1="123456",
AuthenticationCode2="123456",
)
# IAM client for this test class
audit_info = self.set_mocked_audit_info()
iam = IAM(audit_info)
assert len(iam.virtual_mfa_devices) == 1
assert (
iam.virtual_mfa_devices[0]["SerialNumber"]
== f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:mfa/{mfa_device_name}"
)
assert iam.virtual_mfa_devices[0]["User"]["UserName"] == username
# Test IAM Get Group Users
@mock_iam
def test__get_group_users__(self):
# Generate IAM Client
iam_client = client("iam")
# Generate IAM user
username = "user1"
iam_client.create_user(
UserName=username,
)
# Generate IAM group
group = "test-group"
iam_client.create_group(GroupName=group)
# Add user to group
iam_client.add_user_to_group(GroupName=group, UserName=username)
# IAM client for this test class
audit_info = self.set_mocked_audit_info()
iam = IAM(audit_info)
assert len(iam.groups) == 1
assert iam.groups[0].name == group
assert iam.groups[0].arn == f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:group/{group}"
assert len(iam.groups[0].users) == 1
assert iam.groups[0].users[0].name == username
# Test IAM List Attached Group Policies
@mock_iam
def test__list_attached_group_policies__(self):
# Generate IAM Client
iam_client = client("iam")
# Generate IAM user
username = "user1"
iam_client.create_user(
UserName=username,
)
# Generate IAM group
group = "test-group"
iam_client.create_group(GroupName=group)
# Create a new IAM Policy
policy_document = """
{
"Version": "2012-10-17",
"Statement":
{
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::example_bucket"
}
}
"""
policy_name = "policy1"
policy = iam_client.create_policy(
PolicyName=policy_name,
PolicyDocument=policy_document,
)
# Attach group policy
iam_client.attach_group_policy(
GroupName=group, PolicyArn=policy["Policy"]["Arn"]
)
# IAM client for this test class
audit_info = self.set_mocked_audit_info()
iam = IAM(audit_info)
assert len(iam.groups) == 1
assert iam.groups[0].name == group
assert len(iam.groups[0].attached_policies) == 1
assert iam.groups[0].attached_policies[0]["PolicyName"] == policy_name
assert (
iam.groups[0].attached_policies[0]["PolicyArn"] == policy["Policy"]["Arn"]
)

2
providers/aws/services/iam/iam_user_hardware_mfa_enabled/iam_user_hardware_mfa_enabled.py
View File

@@ -1,5 +1,5 @@
from lib.check.models import Check, Check_Report
from providers.aws.services.iam.iam_service import iam_client
from providers.aws.services.iam.iam_client import iam_client
class iam_user_hardware_mfa_enabled(Check):

2
providers/aws/services/iam/iam_user_mfa_enabled_console_access/iam_user_mfa_enabled_console_access.py
View File

@@ -1,5 +1,5 @@
from lib.check.models import Check, Check_Report
from providers.aws.services.iam.iam_service import iam_client
from providers.aws.services.iam.iam_client import iam_client
class iam_user_mfa_enabled_console_access(Check):

2
providers/aws/services/iam/iam_user_two_active_access_key/iam_user_two_active_access_key.py
View File

@@ -1,5 +1,5 @@
from lib.check.models import Check, Check_Report
from providers.aws.services.iam.iam_service import iam_client
from providers.aws.services.iam.iam_client import iam_client
class iam_user_two_active_access_key(Check):

2
providers/aws/services/s3/s3_bucket_object_versioning/s3_bucket_object_versioning.py
View File

@@ -1,5 +1,5 @@
from lib.check.models import Check, Check_Report
from providers.aws.services.s3.s3_service import s3_client
from providers.aws.services.s3.s3_client import s3_client
class s3_bucket_object_versioning(Check):

2
providers/aws/services/s3/s3_bucket_server_access_logging_enabled/s3_bucket_server_access_logging_enabled.py
View File

@@ -1,5 +1,5 @@
from lib.check.models import Check, Check_Report
from providers.aws.services.s3.s3_service import s3_client
from providers.aws.services.s3.s3_client import s3_client
class s3_bucket_server_access_logging_enabled(Check):

4
providers/aws/services/s3/s3_client.py Normal file
View File

@@ -0,0 +1,4 @@
from providers.aws.lib.audit_info.audit_info import current_audit_info
from providers.aws.services.s3.s3_service import S3
s3_client = S3(current_audit_info)

3
providers/aws/services/s3/s3_service.py
View File

@@ -88,6 +88,3 @@ class Bucket:
self.versioning = False
self.logging = False
self.region = region
s3_client = S3(current_audit_info)

151
providers/aws/services/s3/s3_service_test.py Normal file
View File

@@ -0,0 +1,151 @@
from boto3 import client, session
from moto import mock_s3
from providers.aws.lib.audit_info.models import AWS_Audit_Info
from providers.aws.services.s3.s3_service import S3
AWS_ACCOUNT_NUMBER = 123456789012
class Test_S3_Service:
# Mocked Audit Info
def set_mocked_audit_info(self):
audit_info = AWS_Audit_Info(
original_session=None,
audit_session=session.Session(
profile_name=None,
botocore_session=None,
),
audited_account=AWS_ACCOUNT_NUMBER,
audited_user_id=None,
audited_partition="aws",
audited_identity_arn=None,
profile=None,
profile_region=None,
credentials=None,
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
)
return audit_info
# Test S3 Service
@mock_s3
def test_service(self):
# S3 client for this test class
audit_info = self.set_mocked_audit_info()
s3 = S3(audit_info)
assert s3.service == "s3"
# Test S3 Client
@mock_s3
def test_client(self):
# S3 client for this test class
audit_info = self.set_mocked_audit_info()
s3 = S3(audit_info)
assert s3.client.__class__.__name__ == "S3"
# Test S3 Session
@mock_s3
def test__get_session__(self):
# S3 client for this test class
audit_info = self.set_mocked_audit_info()
s3 = S3(audit_info)
assert s3.session.__class__.__name__ == "Session"
# Test S3 Regional Clients
# @mock_s3
# def test_regional_clients(self):
# # S3 client for this test class
# audit_info = self.set_mocked_audit_info()
# s3 = S3(audit_info)
# print(s3.regional_clients.keys())
# Test S3 Session
@mock_s3
def test_audited_account(self):
# S3 client for this test class
audit_info = self.set_mocked_audit_info()
s3 = S3(audit_info)
assert s3.audited_account == AWS_ACCOUNT_NUMBER
# Test S3 List Buckets
@mock_s3
def test__list_buckets__(self):
# Generate S3 Client
s3_client = client("s3")
# Create S3 Bucket
bucket_name = "test-bucket"
s3_client.create_bucket(Bucket=bucket_name)
# S3 client for this test class
audit_info = self.set_mocked_audit_info()
s3 = S3(audit_info)
assert len(s3.buckets) == 1
assert s3.buckets[0].name == bucket_name
# Test S3 Get Bucket Versioning
@mock_s3
def test__get_bucket_versioning__(self):
# Generate S3 Client
s3_client = client("s3")
# Create S3 Bucket
bucket_name = "test-bucket"
s3_client.create_bucket(Bucket=bucket_name)
# Set Bucket Versioning
s3_client.put_bucket_versioning(
Bucket=bucket_name,
VersioningConfiguration={"MFADelete": "Disabled", "Status": "Enabled"},
)
# S3 client for this test class
audit_info = self.set_mocked_audit_info()
s3 = S3(audit_info)
assert len(s3.buckets) == 1
assert s3.buckets[0].name == bucket_name
assert s3.buckets[0].versioning == True
# Test S3 Get Bucket Versioning
# @mock_s3
# def test__get_bucket_logging__(self):
# # Generate S3 Client
# s3_client = client("s3")
# # Create S3 Bucket
# bucket_name = "test-bucket"
# s3_client.create_bucket(
# Bucket=bucket_name,
# ACL='private'
# )
# # Set Bucket Logging
# s3_client.put_bucket_logging(
# Bucket=bucket_name,
# BucketLoggingStatus={
# 'LoggingEnabled': {
# 'TargetBucket': bucket_name,
# 'TargetGrants': [
# {
# 'Grantee': {
# 'Type': 'Group',
# 'URI': 'http://acs.amazonaws.com/groups/s3/LogDelivery'
# },
# 'Permission': 'READ_ACP'
# },
# {
# 'Grantee': {
# 'Type': 'Group',
# 'URI': 'http://acs.amazonaws.com/groups/s3/LogDelivery'
# },
# 'Permission': 'WRITE'
# }
# ],
# 'TargetPrefix': 'test-prefix'
# }
# }
# )
# # S3 client for this test class
# audit_info = self.set_mocked_audit_info()
# s3 = S3(audit_info)
# print(s3.buckets)
# assert len(s3.buckets) == 1
# assert s3.buckets[0].name == bucket_name
# assert s3.buckets[0].versioning == True

4
prowler
View File

@@ -25,7 +25,9 @@ from lib.check.checks_loader import load_checks_to_execute
from lib.logger import logger, set_logging_config
from lib.outputs.outputs import close_json, send_to_s3_bucket
from providers.aws.aws_provider import provider_set_session
from providers.aws.lib.security_hub import resolve_security_hub_previous_findings
from providers.aws.lib.security_hub.security_hub import (
resolve_security_hub_previous_findings,
)
if __name__ == "__main__":
# CLI Arguments