How to use the cfripper.rules.DEFAULT_RULES.keys function in cfripper
To help you get started, we’ve selected a few cfripper examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
Skyscanner / cfripper / tests / test_main.py View on Github 
def test_with_templates(cf_path):
with open(cf_path) as cf_script:
cf_template = convert_json_or_yaml_to_dict(cf_script.read())
config = Config(project_name=cf_path, service_name=cf_path, stack_name=cf_path, rules=DEFAULT_RULES.keys())
# Scan result
cfmodel = pycfmodel.parse(cf_template).resolve()
rules = [DEFAULT_RULES.get(rule)(config) for rule in config.rules]
processor = RuleProcessor(*rules)
result = processor.process_cf_template(cfmodel, config)
# Use this to print the stack if there'IAMManagedPolicyWildcardActionRule an error
if len(result.exceptions):
print(cf_path)
traceback.print_tb(result.exceptions[0].__traceback__)
assert len(result.exceptions) == 0def test_stack_whitelist_joins_all_whitelisted_matching_stack_names():
mock_whitelist = {
"stackname": ["S3CrossAccountTrustRule"],
"notstackname": ["IAMRolesOverprivilegedRule"],
"stackname_withmorethings": ["CrossAccountTrustRule", "ManagedPolicyOnUserRule"],
}
config = Config(
project_name="project_mock",
service_name="service_mock",
stack_name="stackname_withmorethings",
stack_whitelist=mock_whitelist,
rules=DEFAULT_RULES.keys(),
)
whitelisted_rules = config.get_whitelisted_rules()
assert set(whitelisted_rules) == {"CrossAccountTrustRule", "ManagedPolicyOnUserRule", "S3CrossAccountTrustRule"}template = get_template(event)
extras = get_extras(event)
if not template:
# In case of an invalid script log a warning and return early
result = Result()
result.add_exception(TypeError(f"Malformed Event - could not parse!! Event: {str(event)}"))
logger.exception(f"Malformed Event - could not parse!! Event: {str(event)}")
return {"valid": True, "reason": "", "failed_rules": [], "exceptions": [x.args[0] for x in result.exceptions]}
# Process Rules
config = Config(
project_name=event.get("project"),
service_name=event.get("serviceName"),
stack_name=event.get("stack", {}).get("name"),
rules=DEFAULT_RULES.keys(),
event=event.get("event"),
template_url=event.get("stack_template_url", "N/A"),
aws_region=event.get("region", "N/A"),
aws_account_name=event.get("account", {}).get("name", "N/A"),
aws_account_id=event.get("account", {}).get("id", "N/A"),
aws_user_agent=event.get("user_agent", "N/A"),
)
logger.info("Scan started for: {}; {}; {};".format(config.project_name, config.service_name, config.stack_name))
rules = [DEFAULT_RULES.get(rule)(config) for rule in config.rules]
processor = RuleProcessor(*rules)
# TODO get AWS variables/parameters and pass them to resolve
cfmodel = pycfmodel.parse(template).resolve()def init_cfripper() -> Tuple[Config, RuleProcessor]:
config = Config(rules=DEFAULT_RULES.keys())
rule_processor = RuleProcessor(*[DEFAULT_RULES.get(rule)(config) for rule in config.rules])
return config, rule_processorcfripper
Library and CLI tool for analysing CloudFormation templates and check them for security compliance.
Package Health Score
84 / 100Popular cfripper functions
- cfripper.config.config.Config
- cfripper.config.filter.Filter
- cfripper.config.rule_config.RuleConfig
- cfripper.model.enums.RuleGranularity
- cfripper.model.enums.RuleGranularity.RESOURCE
- cfripper.model.enums.RuleMode
- cfripper.model.enums.RuleMode.BLOCKING
- cfripper.model.enums.RuleMode.MONITOR
- cfripper.model.enums.RuleRisk
- cfripper.model.enums.RuleRisk.HIGH
- cfripper.model.result.Failure
- cfripper.model.result.Result
- cfripper.model.rule.Rule
- cfripper.model.utils.convert_json_or_yaml_to_dict
- cfripper.rule_processor.RuleProcessor
- cfripper.rules.base_rules.Rule
- cfripper.rules.DEFAULT_RULES
- cfripper.rules.DEFAULT_RULES.get
- cfripper.rules.DEFAULT_RULES.keys
- cfripper.rules.SecurityGroupOpenToWorldRule.SecurityGroupOpenToWorldRule