Python IpAddr 예제들

예제 #1

    def audit_impl(self):
        """
    Audit
    :return: violations 
    """
        if self.debug:
            print('SecurityGroupEgressOpenToWorldRule - audit_impl' + lineno())
        violating_egresses = []

        for groups in self.cfn_model.security_groups():
            if self.debug:
                print('group: ' + str(groups) + lineno())
                print('vars: ' + str(vars(groups)) + lineno())

            for egress in groups.egresses:
                if self.debug:
                    print('egress: ' + str(egress) + lineno())

                if IpAddr.ip4_open(egress,
                                   debug=self.debug) or IpAddr.ip6_open(
                                       egress, debug=self.debug):
                    if self.debug:
                        print('ip4/6 address is open' + lineno())
                    violating_egresses.append(str(groups.logical_resource_id))

        routes = self.cfn_model.standalone_egress()

        if self.debug:
            print('routes: ' + str(routes) + lineno())
        for standalone_egress in routes:
            if self.debug:
                print('standalone_egress: ' + str(standalone_egress) +
                      lineno())
                print('vars: ' + str(vars(standalone_egress)) + lineno())

            if IpAddr.ip4_open(standalone_egress,
                               debug=self.debug) or IpAddr.ip6_open(
                                   standalone_egress, debug=self.debug):
                if self.debug:
                    print('ip4/6 address is open' + lineno())
                violating_egresses.append(
                    standalone_egress.logical_resource_id)

        return violating_egresses

예제 #2

    def test_ip6_open(self):

        expected_result = True

        dict = {}
        dict['CidrIp'] = '::/0'

        real_result = class_to_test.ip6_open(ingress=dict, debug=False)

        print('expected results: ' + str(expected_result))
        print('real results: ' + str(real_result))

        self.maxDiff = None
        self.assertEqual(expected_result, real_result)

예제 #3

    def test_ip4_not_open_list(self):

        expected_result = False

        dict = []
        dict.append({'CidrIp': '192.168.1.0/32'})

        real_result = class_to_test.ip4_open(ingress=dict, debug=True)

        print('expected results: ' + str(expected_result))
        print('real results: ' + str(real_result))

        self.maxDiff = None
        self.assertEqual(expected_result, real_result)

예제 #4

    def test_ip4_not_open(self):

        expected_result = False

        dict = {}
        dict['CidrIp'] = '192.168.1.0/32'

        real_result = class_to_test.ip4_open(ingress=dict, debug=False)

        print('expected results: ' + str(expected_result))
        print('real results: ' + str(real_result))

        self.maxDiff = None
        self.assertEqual(expected_result, real_result)

예제 #5

    def test_ip6_range_list(self):

        expected_result = False

        dict = []
        dict.append({'CidrIp': '2001:0db8:85a3:0000:0000:8a2e:0370/64'})

        real_result = class_to_test.ip6_cidr_range(ingress=dict, debug=False)

        print('expected results: ' + str(expected_result))
        print('real results: ' + str(real_result))

        self.maxDiff = None
        self.assertEqual(expected_result, real_result)

예제 #6

    def test_ip6_no_range(self):

        expected_result = True

        dict = {}
        dict['CidrIp'] = '2001:0db8:85a3:0000:0000:8a2e:0370/128'

        real_result = class_to_test.ip6_cidr_range(ingress=dict, debug=False)

        print('expected results: ' + str(expected_result))
        print('real results: ' + str(real_result))

        self.maxDiff = None
        self.assertEqual(expected_result, real_result)

예제 #7

    def audit_impl(self):
        """
        Audit
        :return: violations
        """
        if self.debug:
            print('SecurityGroupIngressCidrNon32Rule - audit_impl' + lineno())
        logical_resource_ids = []

        # Iterate over each of the security groups in the cloudformation template
        for groups in self.cfn_model.security_groups():

            if self.debug:
                print('group: ' + str(groups) + lineno())
                print('vars: ' + str(vars(groups)) + lineno())

            # If the security group has ingresses
            if hasattr(groups, 'ingresses'):
                if len(groups.ingresses) > 0:

                    has_invalid_cidr = False

                    # Iterate over each on the ingresses
                    for ingresses in groups.ingresses:

                        if self.debug:
                            print('ingresses: ' + str(ingresses) + lineno())

                        if type(ingresses) == type(dict()):

                            if self.debug:
                                print('ingress is a dict' + lineno())

                            if IpAddr.ip4_cidr_range(
                                    ingresses, debug=self.debug
                            ) == True or IpAddr.ip6_cidr_range(
                                    ingresses, debug=self.debug):
                                if self.debug:
                                    print('ip4/6 address is /32 or /128' +
                                          lineno())

                            else:
                                if self.debug:
                                    print(
                                        'ip4/6 address does not end with /32 or /128'
                                        + lineno())

                                if self.debug:
                                    print(
                                        "\n\n##########################################################"
                                    )
                                    print(
                                        'Resource is not valid - appending to list'
                                    )
                                    print('logical resource id: ' +
                                          str(groups.logical_resource_id) +
                                          lineno())
                                    print(
                                        "#############################################################\n"
                                    )
                                logical_resource_ids.append(
                                    str(groups.logical_resource_id))

                        elif type(ingresses) == type(list()):

                            if self.debug:
                                print("ingress is a list() " + lineno())

                            for item in ingresses:

                                if IpAddr.ip4_cidr_range(item,
                                                         debug=self.debug):
                                    if self.debug:
                                        print('ip4/6 address is /32 or /128' +
                                              lineno())
                                    continue

                                if IpAddr.ip6_cidr_range(item,
                                                         debug=self.debug):
                                    if self.debug:
                                        print('ip4/6 address is /32 or /128' +
                                              lineno())
                                    continue

                            if self.debug:
                                print(
                                    "\n\n##########################################################"
                                )
                                print(
                                    'Resource is not valid - appending to list'
                                )
                                print('logical resource id: ' +
                                      str(groups.logical_resource_id) +
                                      lineno())
                                print(
                                    "#############################################################\n"
                                )
                            logical_resource_ids.append(
                                str(groups.logical_resource_id))

                        else:

                            if self.debug:
                                print('vars: ' + str(vars(ingresses)) +
                                      lineno())
                                print('ingress is not a list or dict' +
                                      lineno())

                            if hasattr(ingresses, 'cidrIp'):
                                if self.debug:
                                    print('has cidrIp ' + lineno())

                                if IpAddr.ip4_cidr_range(ingresses,
                                                         debug=self.debug):

                                    if self.debug:
                                        print('ip4/6 address is /32 or /128' +
                                              lineno())

                                    continue

                            if hasattr(ingresses, 'cidrIpv6'):

                                if self.debug:
                                    print('ip4/6 address is /32 or /128' +
                                          lineno())

                                if IpAddr.ip6_cidr_range(ingresses,
                                                         debug=self.debug):
                                    if self.debug:
                                        print('ip4/6 address is /32 or /128' +
                                              lineno())

                                continue

                            if not hasattr(ingresses,
                                           'cidrIp') and not hasattr(
                                               ingresses, 'cidrIpv6'):
                                if self.debug:
                                    print('does not have a cidr entry')
                                continue

                            if self.debug:
                                print(
                                    "\n\n##########################################################"
                                )
                                print(
                                    'Resource is not valid - appending to list'
                                )
                                print('logical resource id: ' +
                                      str(groups.logical_resource_id) +
                                      lineno())
                                print(
                                    "#############################################################\n"
                                )
                            logical_resource_ids.append(
                                str(groups.logical_resource_id))
            else:
                sys.exit(1)

        if self.debug:
            print('violations: ' + str(list(set(logical_resource_ids))) +
                  lineno())

        if self.debug:
            print('Getting all the standalone ingress resources')

        standalone_resources = self.cfn_model.standalone_ingress()

        # iterate over the routes
        for resource in standalone_resources:

            if self.debug:
                print("\n\n#########################################")
                print('standalone resource: ' + str(resource) + lineno())
                print('vars: ' + str(vars(resource)) + lineno())
                print('type: ' + str(type(resource)) + lineno())
                print("############################################\n")

            if hasattr(resource, 'cidrIp'):

                if self.debug:
                    print('has cidrIp attributes' + lineno())

                if IpAddr.ip4_cidr_range(resource.cidrIp, debug=self.debug):
                    if self.debug:
                        print('ip4/6 address is /32 or /128' + lineno())
                    continue

                else:
                    if self.debug:
                        print('ip4/6 address does not end with /32 or /128' +
                              lineno())
                    logical_resource_ids.append(resource.logical_resource_id)

            if hasattr(resource, 'cidrIpv6'):
                if self.debug:
                    print('has cidrIpv6 attributes' + lineno())

                if IpAddr.ip6_cidr_range(resource.cidrIpv6, debug=self.debug):
                    if self.debug:
                        print('ip4/6 address is /32 or /128' + lineno())
                    continue

                else:
                    if self.debug:
                        print('ip4/6 address does not end with /32 or /128' +
                              lineno())
                    logical_resource_ids.append(resource.logical_resource_id)

        if self.debug:
            print('violations: ' + str(list(set(logical_resource_ids))) +
                  lineno())

        return logical_resource_ids