Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
def analyze_policy_string(policy_str, filepath=None):
"""Given a string reperesenting a policy, convert it to a Policy object with findings"""
try:
# TODO Need to write my own json parser so I can track line numbers. See https://stackoverflow.com/questions/7225056/python-json-decoding-library-which-can-associate-decoded-items-with-original-li
policy_json = json.loads(policy_str)
except ValueError as e:
policy = Policy(None)
policy.add_finding("MALFORMED_JSON", detail="json parsing error: {}".format(e))
return policy
policy = Policy(policy_json, filepath)
policy.analyze()
return policy
def get_privilege_statements(policy_doc, privilege_matches, resource_arn, principal):
policy = parliament.policy.Policy(policy_doc)
policy.analyze()
policy_privilege_matches = []
for privilege_match in privilege_matches:
references = policy.get_references(
privilege_match["privilege_prefix"], privilege_match["privilege_name"]
)
statements_for_resource = []
for reference in references:
expanded_reference = replace_principal_variables(reference, principal)
# TODO I need to do something for NotResource and NotAction
if parliament.is_arn_match(
privilege_match["resource_type"], expanded_reference, resource_arn
):
def analyze_policy_string(policy_str, filepath=None):
"""Given a string reperesenting a policy, convert it to a Policy object with findings"""
try:
# TODO Need to write my own json parser so I can track line numbers. See https://stackoverflow.com/questions/7225056/python-json-decoding-library-which-can-associate-decoded-items-with-original-li
policy_json = json.loads(policy_str)
except ValueError as e:
policy = Policy(None)
policy.add_finding("MALFORMED_JSON", detail="json parsing error: {}".format(e))
return policy
policy = Policy(policy_json, filepath)
policy.analyze()
return policy