def test_crossaccount_snstopicpolicy_method_1(self):
au = SNSAuditor(debug=True)
data = {
'policy': {
'Statement': [
{
'Principal': {
'AWS': '*'
},
'Condition': {
'StringEquals': {
'AWS:SourceOwner': '000000000000'
}
}
}
]
}
}
obj = SNSItem(region='test-region', account='test-account', name='test-name', config=data)
au.check_snstopicpolicy_crossaccount(obj)
self.assertEquals(len(obj.audit_issues), 1)
if len(obj.audit_issues) == 1:
for issue in obj.audit_issues:
self.assertEquals(issue.score, 10)
self.assertRegexpMatches(issue.issue, "Unknown Cross Account Access from .*")
self.assertIsNone(issue.notes)
def test_crossaccount_snstopicpolicy_method_1(self):
au = SNSAuditor(debug=True)
data = {
'SNSPolicy': {
'Statement': [
{
'Principal': {
'AWS': '*'
},
'Condition': {
'StringEquals': {
'AWS:SourceOwner': '000000000000'
}
}
}
]
}
}
obj = SNSItem(region='test-region', account='test-account', name='test-name', config=data)
au.check_snstopicpolicy_crossaccount(obj)
self.assertEquals(len(obj.audit_issues), 1)
if len(obj.audit_issues) == 1:
for issue in obj.audit_issues:
self.assertEquals(issue.score, 10)
self.assertRegexpMatches(issue.issue, "Unknown Cross Account Access from .*")
self.assertIsNone(issue.notes)
def test_crossaccount_snstopicpolicy_method_5(self):
au = SNSAuditor(debug=True)
data = {
'policy': {
'Statement': [{
'Principal': {
'AWS': '*'
},
'Condition': {
'StringEquals': {
# Missing SourceOwner
}
}
}]
}
}
obj = SNSItem(region='test-region',
account='test-account',
name='test-name',
config=data)
au.check_snstopicpolicy_crossaccount(obj)
self.assertEquals(len(obj.audit_issues), 1)
issue = obj.audit_issues[0]
self.assertEqual(issue.score, 10)
self.assertEqual(issue.issue, "SNS Topic open to everyone")
def check_arn(self, arn):
au = SNSAuditor(debug=True)
data = {'policy': {'Statement': [{'Principal': {'AWS': arn}}]}}
obj = SNSItem(region='test-region',
account='test-account',
name='test-name',
config=data)
au.check_snstopicpolicy_crossaccount(obj)
return obj
def check_arn(self, arn):
au = SNSAuditor(debug=True)
data = {
'policy': {
'Statement': [
{
'Principal': {
'AWS': arn
}
}
]
}
}
obj = SNSItem(region='test-region', account='test-account', name='test-name', config=data)
au.check_snstopicpolicy_crossaccount(obj)
return obj
def test_crossaccount_snstopicpolicy_method_6(self):
au = SNSAuditor(debug=True)
data = {
'policy': {
'Statement': [
{
'Principal': {
'AWS': '*'
},
'Condition': {
'StringEquals': {
'AWS:SourceOwner': 'BADDEADBEEF'
}
}
}
]
}
}
obj = SNSItem(region='test-region', account='test-account', name='test-name', config=data)
with self.assertRaises(InvalidSourceOwner):
au.check_snstopicpolicy_crossaccount(obj)
def test_crossaccount_snstopicpolicy_method_6(self):
au = SNSAuditor(debug=True)
data = {
'SNSPolicy': {
'Statement': [
{
'Principal': {
'AWS': '*'
},
'Condition': {
'StringEquals': {
'AWS:SourceOwner': 'BADDEADBEEF'
}
}
}
]
}
}
obj = SNSItem(region='test-region', account='test-account', name='test-name', config=data)
with self.assertRaises(InvalidSourceOwner):
au.check_snstopicpolicy_crossaccount(obj)
def test_crossaccount_snstopicpolicy_method_5(self):
au = SNSAuditor(debug=True)
data = {
'policy': {
'Statement': [
{
'Principal': {
'AWS': '*'
},
'Condition': {
'StringEquals': {
# Missing SourceOwner
}
}
}
]
}
}
obj = SNSItem(region='test-region', account='test-account', name='test-name', config=data)
au.check_snstopicpolicy_crossaccount(obj)
self.assertEquals(len(obj.audit_issues), 1)
issue = obj.audit_issues[0]
self.assertEqual(issue.score, 10)
self.assertEqual(issue.issue, "SNS Topic open to everyone")
