Ejemplos de string_has_secrets en Python

Ejemplo n.º 1

 def scan_resource_conf(self, conf):
     if 'user_data' in conf.keys():
         user_data = conf['user_data'][0]
         if isinstance(user_data, str):
             if string_has_secrets(user_data, AWS):
                 return CheckResult.FAILED
     return CheckResult.PASSED

Ejemplo n.º 2

Archivo: LambdaEnvironmentCredentials.py Proyecto: tronxd/checkov

 def scan_resource_conf(self, conf):
     if len(conf.get('environment', [])) > 0 and isinstance(conf['environment'][0], dict) \
             and 'variables' in conf['environment'][0] \
             and isinstance(force_list(conf['environment'][0]['variables'])[0], dict):
         # variables can be a string, which in this case it points to a variable
         for values in list(force_list(conf['environment'][0]['variables'])[0].values()):
             for value in list(filter(lambda value: isinstance(value, str), force_list(values))):
                 if string_has_secrets(value, AWS, GENERAL):
                     return CheckResult.FAILED
     return CheckResult.PASSED

Ejemplo n.º 3

Archivo: EC2Credentials.py Proyecto: xB-2048/checkov

 def scan_resource_conf(self, conf):
     if 'Properties' in conf.keys():
         if 'UserData' in conf['Properties'].keys():
             user_data = conf['Properties']['UserData']
             # Cast to string as user data object can look slightly different depending
             # on Yaml or JSON CF Templates and how the B64 conversion is done.
             user_data_str = str(user_data)
             if isinstance(user_data_str, str):
                 if string_has_secrets(user_data_str, AWS):
                     return CheckResult.FAILED
     return CheckResult.PASSED

Ejemplo n.º 4

Archivo: VMCredsInCustomData.py Proyecto: xB-2048/checkov

 def scan_resource_conf(self, conf):
     os_profile = conf.get('os_profile')
     if os_profile:
         os_profile = os_profile[0]
         custom_data = os_profile.get('custom_data')
         if custom_data:
             custom_data = custom_data[0]
             if isinstance(custom_data, str):
                 if string_has_secrets(custom_data):
                     return CheckResult.FAILED
     return CheckResult.PASSED

Ejemplo n.º 5

Archivo: VMCredsInCustomData.py Proyecto: metahertz/checkov

 def scan_resource_conf(self, conf: Dict[str, List[Any]]) -> CheckResult:
     os_profile = conf.get("os_profile")
     if os_profile:
         os_profile = os_profile[0]
         if isinstance(os_profile, dict):
             custom_data = os_profile.get("custom_data")
             if custom_data:
                 custom_data = custom_data[0]
                 if isinstance(custom_data, str):
                     if string_has_secrets(custom_data):
                         return CheckResult.FAILED
     return CheckResult.PASSED

Ejemplo n.º 6

Archivo: LambdaEnvironmentCredentials.py Proyecto: vpnj012k/checkov

    def scan_resource_conf(self, conf):
        if 'Properties' in conf.keys():
            properties = conf['Properties']
            if 'Environment' in properties.keys():
                environment = properties['Environment']
                if 'Variables' in environment.keys():
                    variables = environment['Variables']
                    for value in variables.values():
                        if string_has_secrets(str(value)):
                            return CheckResult.FAILED

        return CheckResult.PASSED

Ejemplo n.º 7

Archivo: test_secrets.py Proyecto: tsmithv11/checkov

    def test_secrets(self):
        test_strings = [
            'AKIAIOSFODNN7EXAMPLE',
            'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY',
            '-----BEGIN RSA PRIVATE KEY-----\n',
            'Hello from Bridgecrew'
        ]

        # check that no category checks all
        self.assertEqual(3, sum(1 for s in test_strings if string_has_secrets(s)))

        # check one category
        self.assertEqual(2, sum(1 for s in test_strings if string_has_secrets(s, AWS)))

        # check two categories
        self.assertEqual(3, sum(1 for s in test_strings if string_has_secrets(s, AWS, GENERAL)))

        # check explicit all
        self.assertEqual(3, sum(1 for s in test_strings if string_has_secrets(s, ALL)))

        # check explicit all plus another category
        self.assertEqual(3, sum(1 for s in test_strings if string_has_secrets(s, ALL, AWS)))

Ejemplo n.º 8

    def scan_resource_conf(self, conf):
        self.evaluated_keys = ['Properties/Environment/Variables']
        if 'Properties' in conf.keys():
            properties = conf['Properties']
            if 'Environment' in properties.keys():
                environment = properties['Environment']
                if 'Variables' in environment.keys():
                    variables = environment['Variables']
                    for var_name, value in variables.items():
                        if string_has_secrets(str(value), AWS, GENERAL):
                            self.evaluated_keys = [
                                f'Properties/Environment/Variables/{var_name}'
                            ]
                            return CheckResult.FAILED

        return CheckResult.PASSED

Ejemplo n.º 9

Archivo: LambdaEnvironmentCredentials.py Proyecto: tohch4/checkov

 def scan_resource_conf(self, conf):
     self.evaluated_keys = 'environment/[0]/variables'
     if 'environment' in conf.keys():
         if isinstance(conf['environment'][0], dict):
             if 'variables' in conf['environment'][0]:
                 if isinstance(
                         force_list(conf['environment'][0]['variables'])[0],
                         dict):
                     # variables can be a string, which in this case it points to a variable
                     for values in list(
                             force_list(conf['environment'][0]['variables'])
                         [0].values()):
                         for value in list(
                                 filter(
                                     lambda value: isinstance(value, str),
                                     force_list(values))):
                             if string_has_secrets(value, AWS):
                                 return CheckResult.FAILED
     return CheckResult.PASSED

Ejemplo n.º 10

Archivo: LambdaEnvironmentCredentials.py Proyecto: tsmithv11/checkov

    def scan_resource_conf(self, conf: Dict[str, List[Any]]) -> CheckResult:
        environment = conf.get("environment", [])
        if environment and isinstance(environment[0], dict):
            self.evaluated_keys = ["environment"]

            variables = force_list(environment[0].get("variables", []))
            if variables and isinstance(variables[0], dict):
                self.evaluated_keys = ["environment/[0]/variables"]

                violated_envs = set()
                for key, values in variables[0].items():
                    # variables can be a string, which in this case it points to a variable
                    for value in [v for v in force_list(values) if isinstance(v, str)]:
                        if string_has_secrets(value, AWS, GENERAL):
                            violated_envs.add(key)

                if violated_envs:
                    self.evaluated_keys = [f"environment/[0]/variables/[0]/{env_key}" for env_key in violated_envs]

                    return CheckResult.FAILED
        return CheckResult.PASSED

Ejemplo n.º 11

Archivo: test_secrets.py Proyecto: tsmithv11/checkov

    def test_does_not_consider_single_hash_as_a_secret(self):
        # SHA1
        self.assertFalse(string_has_secrets("b5a5b36b6be8d98c6f1bea655536d67abef23be8"))

        # MD5
        self.assertFalse(string_has_secrets("d9de48cf0676e9edb99bd8ee1ed44a21"))