How to use the pycfmodel.core.parse function in pycfmodel
To help you get started, we’ve selected a few pycfmodel examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
Skyscanner / cfripper / tests / test_rules_security_group_open_to_world.py View on Github 
def test_valid_security_group_not_slash0(self):
role_props = {
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"RootRole": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {"SecurityGroupIngress": [{"CidrIp": "10.0.0.0/8", "FromPort": 22, "ToPort": 22}]},
}
},
}
result = Result()
rule = SecurityGroupOpenToWorldRule(None, result)
resources = parse(role_props).resources
rule.invoke(resources, [])
assert result.valid
assert len(result.failed_rules) == 0role_props = {
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"RootRole": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"SecurityGroupIngress": [{"CidrIp": {"Ref": "MyParam"}, "FromPort": 22, "ToPort": 22}]
},
}
},
}
result = Result()
rule = SecurityGroupOpenToWorldRule(None, result)
resources = parse(role_props).resources
rule.invoke(resources, [])
assert result.valid
assert len(result.failed_rules) == 0def test_valid_security_group_port80(self):
role_props = {
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"RootRole": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {"SecurityGroupIngress": [{"CidrIp": "0.0.0.0/0", "FromPort": 80, "ToPort": 80}]},
}
},
}
result = Result()
rule = SecurityGroupOpenToWorldRule(None, result)
resources = parse(role_props).resources
rule.invoke(resources, [])
assert result.valid
assert len(result.failed_rules) == 0"Resources": {
"RootRole": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"SecurityGroupIngress": [
{"CidrIp": "10.0.0.0/8", "FromPort": 22, "ToPort": 22},
{"CidrIp": "0.0.0.0/0", "FromPort": 9090, "ToPort": 9090},
]
},
}
},
}
result = Result()
rule = SecurityGroupOpenToWorldRule(None, result)
resources = parse(role_props).resources
rule.invoke(resources, [])
assert result.failed_rules[0].reason == 'Port 9090 open to the world in security group "RootRole"'
assert result.failed_rules[0].rule == "SecurityGroupOpenToWorldRule"def test_invalid_security_group_range(self):
role_props = {
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"RootRole": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {"SecurityGroupIngress": [{"CidrIp": "0.0.0.0/0", "FromPort": 0, "ToPort": 100}]},
}
},
}
result = Result()
rule = SecurityGroupOpenToWorldRule(None, result)
resources = parse(role_props).resources
rule.invoke(resources, [])
assert result.failed_rules[0].reason == "Ports 0 - 100 open in Security Group RootRole"
assert result.failed_rules[0].rule == "SecurityGroupOpenToWorldRule"def test_valid_security_group_port443(self):
role_props = {
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"RootRole": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {"SecurityGroupIngress": [{"CidrIp": "0.0.0.0/0", "FromPort": 443, "ToPort": 443}]},
}
},
}
result = Result()
rule = SecurityGroupOpenToWorldRule(None, result)
resources = parse(role_props).resources
rule.invoke(resources, [])
assert result.valid
assert len(result.failed_rules) == 0def test_security_group_type_slash0(self):
role_props = {
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"RootRole": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {"SecurityGroupIngress": [{"CidrIp": "0.0.0.0/0", "FromPort": 22, "ToPort": 22}]},
}
},
}
result = Result()
rule = SecurityGroupOpenToWorldRule(None, result)
resources = parse(role_props).resources
rule.invoke(resources, [])
assert not result.valid
assert result.failed_rules[0].reason == 'Port 22 open to the world in security group "RootRole"'
assert result.failed_rules[0].rule == "SecurityGroupOpenToWorldRule"def test_invalid_security_group_cidripv6(self):
role_props = {
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"RootRole": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {"SecurityGroupIngress": [{"CidrIpv6": "::/0", "FromPort": 22, "ToPort": 22}]},
}
},
}
result = Result()
rule = SecurityGroupOpenToWorldRule(None, result)
resources = parse(role_props).resources
rule.invoke(resources, [])
assert result.failed_rules[0].reason == 'Port 22 open to the world in security group "RootRole"'
assert result.failed_rules[0].rule == "SecurityGroupOpenToWorldRule"pycfmodel
A python model for CloudFormation scripts
Package Health Score
78 / 100Popular pycfmodel functions
- pycfmodel.core.parse
- pycfmodel.model.base.CustomModel
- pycfmodel.model.cf_model.CFModel
- pycfmodel.model.parameter.Parameter
- pycfmodel.model.parameter.Parameter.NO_ECHO_NO_DEFAULT
- pycfmodel.model.resources.iam_managed_policy.IAMManagedPolicy
- pycfmodel.model.resources.iam_policy.IAMPolicy
- pycfmodel.model.resources.iam_role.IAMRole
- pycfmodel.model.resources.properties.policy_document.PolicyDocument
- pycfmodel.model.resources.properties.statement.Statement
- pycfmodel.model.resources.properties.statement_condition.StatementCondition
- pycfmodel.model.resources.resource.Resource
- pycfmodel.model.resources.s3_bucket_policy.S3BucketPolicy
- pycfmodel.model.resources.security_group_ingress.SecurityGroupIngress
- pycfmodel.model.resources.sqs_queue_policy.SQSQueuePolicy
- pycfmodel.model.types.Resolvable
- pycfmodel.model.types.ResolvableStr
- pycfmodel.parse
- pycfmodel.resolver.resolve
- pycfmodel.utils.is_resolvable_dict