def test_group_detail_attached_managed_policies(self): group_detail_json_input = auth_details_json["GroupDetailList"][1] policy_details = PolicyDetails(auth_details_json.get("Policies")) group_detail = GroupDetail(group_detail_json_input, policy_details) results = group_detail.json expected_group_detail_policy_results_file = os.path.abspath( os.path.join( os.path.dirname(__file__), os.path.pardir, "files", "scanning", "test_group_detail_results.json", )) with open(expected_group_detail_policy_results_file) as f: contents = f.read() expected_group_detail_policy_results = json.loads(contents) self.assertDictEqual(results, expected_group_detail_policy_results) # Get the list of allowed actions results = group_detail.all_allowed_actions # print(json.dumps(results, indent=4)) # print(len(results)) self.assertTrue(len(results) > 100)
def test_group_detail_list_allowed_actions_lookup(self): group_details_json_input = auth_details_json["GroupDetailList"] policy_details = PolicyDetails(auth_details_json.get("Policies")) group_detail_list = GroupDetailList(group_details_json_input, policy_details) # print(group_detail_list.group_names) actions = group_detail_list.get_all_allowed_actions_for_group('biden') self.assertTrue("s3:GetObject" in actions)
def __init__(self, auth_json): self.auth_json = auth_json self.policies = PolicyDetails(auth_json.get("Policies", None)) self.user_detail_list = PrincipalTypeDetails( auth_json.get("UserDetailList", None)) self.group_detail_list = PrincipalTypeDetails( auth_json.get("GroupDetailList", None)) self.role_detail_list = PrincipalTypeDetails( auth_json.get("RoleDetailList", None)) self.findings = Findings() self.customer_managed_policies_in_use = self._customer_managed_policies_in_use( ) self.aws_managed_policies_in_use = self._aws_managed_policies_in_use()
def test_user_detail_attached_managed_policies(self): user_detail_json_input = auth_details_json["UserDetailList"][2] policy_details = PolicyDetails(auth_details_json.get("Policies")) all_group_details_json = auth_details_json["GroupDetailList"] all_group_details = GroupDetailList(all_group_details_json, policy_details) user_detail = UserDetail(user_detail_json_input, policy_details, all_group_details) expected_result = expected_user_detail_policy_results results = user_detail.json # print(json.dumps(results)) self.assertDictEqual(results, expected_result)
def test_role_detail_attached_managed_policies(self): role_detail_json_input = auth_details_json["RoleDetailList"][2] policy_details = PolicyDetails(auth_details_json.get("Policies")) role_detail = RoleDetail(role_detail_json_input, policy_details) expected_detail_policy_results_file = os.path.abspath( os.path.join( os.path.dirname(__file__), os.path.pardir, "files", "scanning", "test_role_detail_results.json", )) with open(expected_detail_policy_results_file) as f: contents = f.read() expected_result = json.loads(contents) results = role_detail.json # print(json.dumps(results)) self.assertDictEqual(results, expected_result)