def test_crossaccount_snstopicpolicy_method_1(self): au = SNSAuditor(debug=True) data = { 'policy': { 'Statement': [ { 'Principal': { 'AWS': '*' }, 'Condition': { 'StringEquals': { 'AWS:SourceOwner': '000000000000' } } } ] } } obj = SNSItem(region='test-region', account='test-account', name='test-name', config=data) au.check_snstopicpolicy_crossaccount(obj) self.assertEquals(len(obj.audit_issues), 1) if len(obj.audit_issues) == 1: for issue in obj.audit_issues: self.assertEquals(issue.score, 10) self.assertRegexpMatches(issue.issue, "Unknown Cross Account Access from .*") self.assertIsNone(issue.notes)
def test_crossaccount_snstopicpolicy_method_1(self): au = SNSAuditor(debug=True) data = { 'SNSPolicy': { 'Statement': [ { 'Principal': { 'AWS': '*' }, 'Condition': { 'StringEquals': { 'AWS:SourceOwner': '000000000000' } } } ] } } obj = SNSItem(region='test-region', account='test-account', name='test-name', config=data) au.check_snstopicpolicy_crossaccount(obj) self.assertEquals(len(obj.audit_issues), 1) if len(obj.audit_issues) == 1: for issue in obj.audit_issues: self.assertEquals(issue.score, 10) self.assertRegexpMatches(issue.issue, "Unknown Cross Account Access from .*") self.assertIsNone(issue.notes)
def test_crossaccount_snstopicpolicy_method_5(self): au = SNSAuditor(debug=True) data = { 'policy': { 'Statement': [{ 'Principal': { 'AWS': '*' }, 'Condition': { 'StringEquals': { # Missing SourceOwner } } }] } } obj = SNSItem(region='test-region', account='test-account', name='test-name', config=data) au.check_snstopicpolicy_crossaccount(obj) self.assertEquals(len(obj.audit_issues), 1) issue = obj.audit_issues[0] self.assertEqual(issue.score, 10) self.assertEqual(issue.issue, "SNS Topic open to everyone")
def check_arn(self, arn): au = SNSAuditor(debug=True) data = {'policy': {'Statement': [{'Principal': {'AWS': arn}}]}} obj = SNSItem(region='test-region', account='test-account', name='test-name', config=data) au.check_snstopicpolicy_crossaccount(obj) return obj
def check_arn(self, arn): au = SNSAuditor(debug=True) data = { 'policy': { 'Statement': [ { 'Principal': { 'AWS': arn } } ] } } obj = SNSItem(region='test-region', account='test-account', name='test-name', config=data) au.check_snstopicpolicy_crossaccount(obj) return obj
def test_crossaccount_snstopicpolicy_method_6(self): au = SNSAuditor(debug=True) data = { 'policy': { 'Statement': [ { 'Principal': { 'AWS': '*' }, 'Condition': { 'StringEquals': { 'AWS:SourceOwner': 'BADDEADBEEF' } } } ] } } obj = SNSItem(region='test-region', account='test-account', name='test-name', config=data) with self.assertRaises(InvalidSourceOwner): au.check_snstopicpolicy_crossaccount(obj)
def test_crossaccount_snstopicpolicy_method_6(self): au = SNSAuditor(debug=True) data = { 'SNSPolicy': { 'Statement': [ { 'Principal': { 'AWS': '*' }, 'Condition': { 'StringEquals': { 'AWS:SourceOwner': 'BADDEADBEEF' } } } ] } } obj = SNSItem(region='test-region', account='test-account', name='test-name', config=data) with self.assertRaises(InvalidSourceOwner): au.check_snstopicpolicy_crossaccount(obj)
def test_crossaccount_snstopicpolicy_method_5(self): au = SNSAuditor(debug=True) data = { 'policy': { 'Statement': [ { 'Principal': { 'AWS': '*' }, 'Condition': { 'StringEquals': { # Missing SourceOwner } } } ] } } obj = SNSItem(region='test-region', account='test-account', name='test-name', config=data) au.check_snstopicpolicy_crossaccount(obj) self.assertEquals(len(obj.audit_issues), 1) issue = obj.audit_issues[0] self.assertEqual(issue.score, 10) self.assertEqual(issue.issue, "SNS Topic open to everyone")