def test_check_securitygroup_ec2_rfc1918(self):
auditor = OpenStackSecurityGroupAuditor(accounts=['TEST_ACCOUNT'])
auditor.prep_for_audit()
item = OpenStackChangeItem(region=AWS_DEFAULT_REGION, account='TEST_ACCOUNT', name='INTERNAL_SG',
config=INTERNAL_SG)
auditor.check_securitygroup_ec2_rfc1918(item)
self.assertEquals(len(item.audit_issues), 0)
def test_check_internet_accessible_ingress(self):
auditor = OpenStackSecurityGroupAuditor(accounts=['TEST_ACCOUNT'])
auditor.prep_for_audit()
item = OpenStackChangeItem(region=AWS_DEFAULT_REGION, account='TEST_ACCOUNT', name='INTERNET_SG_INGRESS',
config=INTERNET_SG_INGRESS)
auditor.check_internet_accessible_ingress(item)
self.assertEquals(len(item.audit_issues), 1)
self.assertEquals(item.audit_issues[0].score, 0)
def test_check_securitygroup_ec2_rfc1918(self):
auditor = OpenStackSecurityGroupAuditor(accounts=['TEST_ACCOUNT'])
auditor.prep_for_audit()
item = OpenStackChangeItem(region=AWS_DEFAULT_REGION,
account='TEST_ACCOUNT',
name='INTERNAL_SG',
config=INTERNAL_SG)
auditor.check_securitygroup_ec2_rfc1918(item)
self.assertEqual(len(item.audit_issues), 0)
def test_check_internet_accessible_egress(self):
auditor = OpenStackSecurityGroupAuditor(accounts=['TEST_ACCOUNT'])
auditor.prep_for_audit()
item = OpenStackChangeItem(region=AWS_DEFAULT_REGION,
account='TEST_ACCOUNT',
name='INTERNET_SG_EGRESS',
config=INTERNET_SG_EGRESS)
auditor.check_internet_accessible_egress(item)
self.assertEqual(len(item.audit_issues), 1)
self.assertEqual(item.audit_issues[0].score, 0)
def pre_test_setup(self):
OpenStackSecurityGroupAuditor(
accounts=['TEST_ACCOUNT']).OBJECT_STORE.clear()
account_type_result = AccountType(name='AWS')
db.session.add(account_type_result)
db.session.commit()
# main
account = Account(identifier="123456789123",
name="TEST_ACCOUNT",
account_type_id=account_type_result.id,
notes="TEST_ACCOUNT",
third_party=False,
active=True)
db.session.add(account)
db.session.commit()