def test_group_detail_attached_managed_policies(self):
group_detail_json_input = auth_details_json["GroupDetailList"][1]
policy_details = PolicyDetails(auth_details_json.get("Policies"))
group_detail = GroupDetail(group_detail_json_input, policy_details)
results = group_detail.json
expected_group_detail_policy_results_file = os.path.abspath(
os.path.join(
os.path.dirname(__file__),
os.path.pardir,
"files",
"scanning",
"test_group_detail_results.json",
))
with open(expected_group_detail_policy_results_file) as f:
contents = f.read()
expected_group_detail_policy_results = json.loads(contents)
self.assertDictEqual(results, expected_group_detail_policy_results)
# Get the list of allowed actions
results = group_detail.all_allowed_actions
# print(json.dumps(results, indent=4))
# print(len(results))
self.assertTrue(len(results) > 100)
def test_group_detail_list_allowed_actions_lookup(self):
group_details_json_input = auth_details_json["GroupDetailList"]
policy_details = PolicyDetails(auth_details_json.get("Policies"))
group_detail_list = GroupDetailList(group_details_json_input,
policy_details)
# print(group_detail_list.group_names)
actions = group_detail_list.get_all_allowed_actions_for_group('biden')
self.assertTrue("s3:GetObject" in actions)
def __init__(self, auth_json):
self.auth_json = auth_json
self.policies = PolicyDetails(auth_json.get("Policies", None))
self.user_detail_list = PrincipalTypeDetails(
auth_json.get("UserDetailList", None))
self.group_detail_list = PrincipalTypeDetails(
auth_json.get("GroupDetailList", None))
self.role_detail_list = PrincipalTypeDetails(
auth_json.get("RoleDetailList", None))
self.findings = Findings()
self.customer_managed_policies_in_use = self._customer_managed_policies_in_use(
)
self.aws_managed_policies_in_use = self._aws_managed_policies_in_use()
def test_user_detail_attached_managed_policies(self):
user_detail_json_input = auth_details_json["UserDetailList"][2]
policy_details = PolicyDetails(auth_details_json.get("Policies"))
all_group_details_json = auth_details_json["GroupDetailList"]
all_group_details = GroupDetailList(all_group_details_json,
policy_details)
user_detail = UserDetail(user_detail_json_input, policy_details,
all_group_details)
expected_result = expected_user_detail_policy_results
results = user_detail.json
# print(json.dumps(results))
self.assertDictEqual(results, expected_result)
def test_role_detail_attached_managed_policies(self):
role_detail_json_input = auth_details_json["RoleDetailList"][2]
policy_details = PolicyDetails(auth_details_json.get("Policies"))
role_detail = RoleDetail(role_detail_json_input, policy_details)
expected_detail_policy_results_file = os.path.abspath(
os.path.join(
os.path.dirname(__file__),
os.path.pardir,
"files",
"scanning",
"test_role_detail_results.json",
))
with open(expected_detail_policy_results_file) as f:
contents = f.read()
expected_result = json.loads(contents)
results = role_detail.json
# print(json.dumps(results))
self.assertDictEqual(results, expected_result)