Exemple #1
0
    def __init__(self, api_key):
        """Initialize the email util.

        Args:
            api_key: String of the sendgrid api key to auth email service.
        """
        self.logger = LogUtil.setup_logging(__name__)
        self.sendgrid = sendgrid.SendGridAPIClient(apikey=api_key)
Exemple #2
0
def main(_):
    """Run the scanner."""
    logger = LogUtil.setup_logging(__name__)

    file_path = FLAGS.rules
    output_path = FLAGS.output_path

    logger.info(('Initializing the rules engine: '
                 '\n    rules: {}').format(file_path))

    rules_engine = OrgRulesEngine(rules_file_path=file_path)
    rules_engine.build_rule_book()

    snapshot_timestamp = _get_timestamp(logger)
    if not snapshot_timestamp:
        logger.info('No snapshot timestamp found. Exiting.')
        sys.exit()

    org_policies = _get_org_policies(logger, snapshot_timestamp)
    project_policies = _get_project_policies(logger, snapshot_timestamp)

    if not org_policies and not project_policies:
        logger.info('No policies found. Exiting.')
        sys.exit()

    all_violations = _find_violations(
        logger,
        itertools.chain(org_policies.iteritems(),
                        project_policies.iteritems()), rules_engine)

    csv_name = csv_writer.write_csv(resource_name='policy_violations',
                                    data=_write_violations_output(
                                        logger, all_violations),
                                    write_header=True)
    logger.info('CSV filename: {}'.format(csv_name))

    # scanner timestamp for output file and email
    now_utc = datetime.utcnow()
    output_filename = _get_output_filename(now_utc)

    if output_path:
        _upload_csv_to_gcs(logger, output_path, output_filename, csv_name)

    if all_violations:
        _send_email(
            csv_name, now_utc, all_violations, {
                ResourceType.ORGANIZATION: len(org_policies.keys()),
                ResourceType.PROJECT: len(project_policies.keys())
            })

    logger.info('Done!')
Exemple #3
0
    def __init__(self, rules_file_path=None, logger_name=None):
        """Initialize.

        Args:
            rules_file_path: The path to the rules file.
            logger_name: The name of module for logger.
        """
        if not rules_file_path:
            raise InvalidRuleDefinitionError(
                'File path: {}'.format(rules_file_path))
        self.full_rules_path = rules_file_path.strip()

        if not logger_name:
            logger_name = __name__
        self.logger = LogUtil.setup_logging(logger_name)
Exemple #4
0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Writes the csv files for upload to Cloud SQL."""

import csv
import logging
import os
import tempfile

from google.cloud.security.common.data_access.errors import CSVFileError
from google.cloud.security.common.util.log_util import LogUtil

LOGGER = LogUtil.setup_logging(__name__)

ORG_IAM_POLICIES_FIELDNAMES = [
    'org_id', 'role', 'member_type', 'member_name', 'member_domain'
]

POLICY_VIOLATION_FIELDNAMES = [
    'resource_id', 'resource_type', 'rule_index', 'rule_name',
    'violation_type', 'role', 'member'
]

PROJECTS_FIELDNAMES = [
    'project_number', 'project_id', 'project_name', 'lifecycle_state',
    'parent_type', 'parent_id', 'raw_project', 'create_time'
]
Exemple #5
0
 def __init__(self, logger_name=None):
     if not logger_name:
         logger_name = __name__
     self.logger = LogUtil.setup_logging(logger_name)