def test_remove_debug_rules(): original_failed_monitored_rules = [ Failure( rule="a", reason="something", rule_mode=RuleMode.MONITOR, granularity=RuleGranularity.STACK, risk_value=RuleRisk.HIGH, ), Failure( rule="b", reason="something", rule_mode=RuleMode.DEBUG, granularity=RuleGranularity.STACK, risk_value=RuleRisk.MEDIUM, ), Failure( rule="c", reason="something", rule_mode=RuleMode.MONITOR, granularity=RuleGranularity.STACK, risk_value=RuleRisk.LOW, ), ] list_with_no_debug_rules = [ original_failed_monitored_rules[0], original_failed_monitored_rules[2] ] processed_list = RuleProcessor.remove_debug_rules( rules=original_failed_monitored_rules) assert list_with_no_debug_rules == processed_list
def handler(event, context): """ Main entry point of the Lambda function. :param event: { "stack_template_url": String, "project": String, "stack": { "name": String, }, "event": String, "region": String, "account": { "name": String, "id": String, }, "user_agent": String, } :param context: :return: """ setup_logging() if not event.get("stack_template_url") and not event.get("stack", {}).get("name"): raise ValueError( "Invalid event type: no parameter 'stack_template_url' or 'stack::name' in request." ) template = get_template(event) if not template: # In case of an invalid script log a warning and return early result = Result() result.add_exception( TypeError( f"Malformed Event - could not parse!! Event: {str(event)}")) logger.exception( f"Malformed Event - could not parse!! Event: {str(event)}") return { "valid": True, "reason": "", "failed_rules": [], "exceptions": [x.args[0] for x in result.exceptions] } # Process Rules config = Config( project_name=event.get("project"), service_name=event.get("serviceName"), stack_name=event.get("stack", {}).get("name"), rules=DEFAULT_RULES.keys(), event=event.get("event"), template_url=event.get("stack_template_url", "N/A"), aws_region=event.get("region", "N/A"), aws_account_name=event.get("account", {}).get("name", "N/A"), aws_account_id=event.get("account", {}).get("id", "N/A"), aws_user_agent=event.get("user_agent", "N/A"), ) logger.info("Scan started for: {}; {}; {};".format(config.project_name, config.service_name, config.stack_name)) rules = [DEFAULT_RULES.get(rule)(config) for rule in config.rules] processor = RuleProcessor(*rules) # TODO get AWS variables/parameters and pass them to resolve cfmodel = pycfmodel.parse(template).resolve() result = processor.process_cf_template(cfmodel, config) perform_logging(result, config, event) return { "valid": result.valid, "reason": ",".join( ["{}-{}".format(r.rule, r.reason) for r in result.failed_rules]), "failed_rules": [ failure.serializable() for failure in RuleProcessor.remove_debug_rules( rules=result.failed_rules) ], "exceptions": [x.args[0] for x in result.exceptions], "warnings": [ failure.serializable() for failure in RuleProcessor.remove_debug_rules( rules=result.failed_monitored_rules) ], }
def test_remove_debug_rules_no_rules(): processed_list = RuleProcessor.remove_debug_rules(rules=[]) assert [] == processed_list