def test_3_sns_slurp(self, test_patch): class MockSNS(object): def get_all_topics(self): return {'ListTopicsResponse': {'ListTopicsResult': {'Topics': [ {'TopicArn': 'arn:aws:sns:us-west-2:000000000000:NameZero' } ] } } } def get_topic_attributes(self, arn): return {'GetTopicAttributesResponse': {'GetTopicAttributesResult': {'Attributes': {'Policy': '{"json": "value"}' } } } } from security_monkey.watchers.sns import SNS test_patch.return_value = MockSNS() cw = SNS(debug=True) (items, el) = cw.slurp() for item in items: name = item.config['Name']['Name'] self.assertEqual(name, 'NameZero') policy = item.config['policy'] self.assertDictEqual(policy, {"json": "value"})
def test_3_sns_slurp(self, test_patch): class MockSNS(object): def get_all_topics(self): return {'ListTopicsResponse': {'ListTopicsResult': {'Topics': [ {'TopicArn': 'arn:aws:sns:us-west-2:000000000000:NameZero' } ] } } } def get_topic_attributes(self, arn): return {'GetTopicAttributesResponse': {'GetTopicAttributesResult': {'Attributes': {'Policy': '{"json": "value"}' } } } } from security_monkey.watchers.sns import SNS test_patch.return_value = MockSNS() cw = SNS(debug=True) (items, el) = cw.slurp() for item in items: name = item.config['Name']['Name'] self.assertEqual(name, 'NameZero') policy = item.config['SNSPolicy'] self.assertDictEqual(policy, {"json": "value"})
def test_0_sns_slurp(self, test_patch): """Should add an exception to the exception map when slurping accounts that don't exist.""" from security_monkey.watchers.sns import SNS import boto.sns test_patch.return_value = None accounts = ['doesntexist1', 'doesntexist2'] cw = SNS(accounts=accounts, debug=True) #with self.assertRaises(BotoConnectionIssue): (items, el) = cw.slurp() for account in accounts: for region in boto.sns.regions(): if region.name not in TROUBLE_REGIONS: self.assertIn(('sns', account, region.name), el)
def test_1_sns_slurp(self, test_patch): """Should add an exception to the exception map when provided with invalid JSON.""" class MockSNS(object): def get_all_topics(self, next_token=None): return { 'ListTopicsResponse': { 'ListTopicsResult': { 'NextToken': False, 'Topics': [{ 'TopicArn': 'arn:aws:sns:us-west-2:000000000000:NameZero' }, { 'TopicArn': 'arn:aws:sns:us-east-1:111111111111:NameOne' }] } } } def get_topic_attributes(self, arn): return { 'GetTopicAttributesResponse': { 'GetTopicAttributesResult': { 'Attributes': { 'Policy': '{"json": "that": "won\'t": "parse"}' } } } } from security_monkey.watchers.sns import SNS import boto.sns test_patch.return_value = MockSNS() accounts = ['testaccount'] cw = SNS(accounts=accounts, debug=True) (items, el) = cw.slurp() for account in accounts: for region in boto.sns.regions(): if region.name not in TROUBLE_REGIONS: self.assertIn( ('sns', account, region.name, 'arn:aws:sns:us-west-2:000000000000:NameZero'), el) self.assertIn( ('sns', account, region.name, 'arn:aws:sns:us-east-1:111111111111:NameOne'), el)
def test_2_sns_slurp(self, test_patch): class MockSNS(object): def get_all_topics(self, next_token=None): return { 'ListTopicsResponse': { 'ListTopicsResult': { 'NextToken': False, 'Topics': [ { 'TopicArn': 'arn:aws:sns:us-west-2:000000000000:NameZero' }, # Invalid ARN is missing region: { 'TopicArn': 'arn:aws:sns::111111111111:NameOne' } ] } } } def get_topic_attributes(self, arn): return { 'GetTopicAttributesResponse': { 'GetTopicAttributesResult': { 'Attributes': { 'Policy': '{"json": "is_fun"}' } } } } from security_monkey.watchers.sns import SNS import boto.sns test_patch.return_value = MockSNS() accounts = ['testaccount'] cw = SNS(accounts=accounts, debug=True) (items, el) = cw.slurp() for account in accounts: for region in boto.sns.regions(): if region.name not in TROUBLE_REGIONS: self.assertIn(('sns', account, region.name, 'arn:aws:sns::111111111111:NameOne'), el)
def find_sns_changes(accounts): """ Runs watchers/sns """ accounts = __prep_accounts__(accounts) cw = SNS(accounts=accounts, debug=True) (items, exception_map) = cw.slurp() cw.find_changes(current=items, exception_map=exception_map) # Audit these changed items items_to_audit = [] for item in cw.created_items + cw.changed_items: snsitem = SNSItem(region=item.region, account=item.account, name=item.name, config=item.new_config) items_to_audit.append(snsitem) au = SNSAuditor(debug=True) au.audit_these_objects(items_to_audit) au.save_issues() cw.save() db.session.close()
def find_sns_changes(accounts): """ Runs watchers/sns """ accounts = __prep_accounts__(accounts) cw = SNS(accounts=accounts, debug=True) (items, exception_map) = cw.slurp() cw.find_changes(current=items, exception_map=exception_map) # Audit these changed items items_to_audit = [] for item in cw.created_items + cw.changed_items: snsitem = SNSItem(region=item.region, account=item.account, name=item.name, config=item.new_config) items_to_audit.append(snsitem) au = SNSAuditor(accounts=accounts, debug=True) au.audit_these_objects(items_to_audit) au.save_issues() cw.save() db.session.close()
def test_1_sns_slurp(self, test_patch): """Should add an exception to the exception map when provided with invalid JSON.""" class MockSNS(object): def get_all_topics(self, next_token=None): return {'ListTopicsResponse': {'ListTopicsResult': {'NextToken': False, 'Topics': [ {'TopicArn': 'arn:aws:sns:us-west-2:000000000000:NameZero' }, {'TopicArn': 'arn:aws:sns:us-east-1:111111111111:NameOne' } ] } } } def get_topic_attributes(self, arn): return {'GetTopicAttributesResponse': {'GetTopicAttributesResult': {'Attributes': {'Policy': '{"json": "that": "won\'t": "parse"}' } } } } from security_monkey.watchers.sns import SNS import boto.sns test_patch.return_value = MockSNS() accounts = ['testaccount'] cw = SNS(accounts=accounts, debug=True) (items, el) = cw.slurp() for account in accounts: for region in boto.sns.regions(): if region.name not in TROUBLE_REGIONS: self.assertIn(('sns', account, region.name, 'arn:aws:sns:us-west-2:000000000000:NameZero'), el) self.assertIn(('sns', account, region.name, 'arn:aws:sns:us-east-1:111111111111:NameOne'), el)
def test_2_sns_slurp(self, test_patch): class MockSNS(object): def get_all_topics(self, next_token=None): return {'ListTopicsResponse': {'ListTopicsResult': {'NextToken': False, 'Topics': [ {'TopicArn': 'arn:aws:sns:us-west-2:000000000000:NameZero' }, # Invalid ARN is missing region: {'TopicArn': 'arn:aws:sns::111111111111:NameOne' } ] } } } def get_topic_attributes(self, arn): return {'GetTopicAttributesResponse': {'GetTopicAttributesResult': {'Attributes': {'Policy': '{"json": "is_fun"}' } } } } from security_monkey.watchers.sns import SNS import boto.sns test_patch.return_value = MockSNS() accounts = ['testaccount'] cw = SNS(accounts=accounts, debug=True) (items, el) = cw.slurp() for account in accounts: for region in boto.sns.regions(): if region.name not in TROUBLE_REGIONS: self.assertIn(('sns', account, region.name, 'arn:aws:sns::111111111111:NameOne'), el)