def test_check_securitygroup_ec2_rfc1918(self): auditor = OpenStackSecurityGroupAuditor(accounts=['TEST_ACCOUNT']) auditor.prep_for_audit() item = OpenStackChangeItem(region=AWS_DEFAULT_REGION, account='TEST_ACCOUNT', name='INTERNAL_SG', config=INTERNAL_SG) auditor.check_securitygroup_ec2_rfc1918(item) self.assertEquals(len(item.audit_issues), 0)
def test_check_internet_accessible_ingress(self): auditor = OpenStackSecurityGroupAuditor(accounts=['TEST_ACCOUNT']) auditor.prep_for_audit() item = OpenStackChangeItem(region=AWS_DEFAULT_REGION, account='TEST_ACCOUNT', name='INTERNET_SG_INGRESS', config=INTERNET_SG_INGRESS) auditor.check_internet_accessible_ingress(item) self.assertEquals(len(item.audit_issues), 1) self.assertEquals(item.audit_issues[0].score, 0)
def test_check_securitygroup_ec2_rfc1918(self): auditor = OpenStackSecurityGroupAuditor(accounts=['TEST_ACCOUNT']) auditor.prep_for_audit() item = OpenStackChangeItem(region=AWS_DEFAULT_REGION, account='TEST_ACCOUNT', name='INTERNAL_SG', config=INTERNAL_SG) auditor.check_securitygroup_ec2_rfc1918(item) self.assertEqual(len(item.audit_issues), 0)
def test_check_internet_accessible_egress(self): auditor = OpenStackSecurityGroupAuditor(accounts=['TEST_ACCOUNT']) auditor.prep_for_audit() item = OpenStackChangeItem(region=AWS_DEFAULT_REGION, account='TEST_ACCOUNT', name='INTERNET_SG_EGRESS', config=INTERNET_SG_EGRESS) auditor.check_internet_accessible_egress(item) self.assertEqual(len(item.audit_issues), 1) self.assertEqual(item.audit_issues[0].score, 0)
def pre_test_setup(self): OpenStackSecurityGroupAuditor( accounts=['TEST_ACCOUNT']).OBJECT_STORE.clear() account_type_result = AccountType(name='AWS') db.session.add(account_type_result) db.session.commit() # main account = Account(identifier="123456789123", name="TEST_ACCOUNT", account_type_id=account_type_result.id, notes="TEST_ACCOUNT", third_party=False, active=True) db.session.add(account) db.session.commit()