예제 #1
0
def run(dry_run, gitlab_project_id=None, thread_pool_size=10):
    accounts = queries.get_aws_accounts()
    settings = queries.get_app_interface_settings()
    aws = AWSApi(thread_pool_size, accounts, settings=settings)
    existing_keys = aws.get_users_keys()
    existing_keys_list = [
        key for user_key in existing_keys.values()
        for keys in user_key.values() for key in keys
    ]
    logging.info("found {} existing keys".format(len(existing_keys_list)))

    app_int_github_repos = queries.get_repos(server="https://github.com")
    all_repos = get_all_repos_to_scan(app_int_github_repos)
    logging.info("about to scan {} repos".format(len(all_repos)))

    results = threaded.run(
        git_secrets.scan_history,
        all_repos,
        thread_pool_size,
        existing_keys=existing_keys_list,
    )
    all_leaked_keys = [key for keys in results for key in keys]

    deleted_keys = aws_sos.get_deleted_keys(accounts)
    keys_to_delete = [
        {
            "account": account,
            "key": key
        } for key in all_leaked_keys
        for account, user_keys in existing_keys.items()
        if key in [uk for uks in user_keys.values()
                   for uk in uks] and key not in deleted_keys[account]
    ]
    aws_sos.act(dry_run, gitlab_project_id, accounts, keys_to_delete)
 def test_get_deleted_keys(self):
     a = {"name": "a", "deleteKeys": ["k1", "k2"]}
     b = {"name": "b", "deleteKeys": None}
     c = {"name": "c", "deleteKeys": []}
     accounts = [a, b, c]
     expected_result = {a["name"]: a["deleteKeys"]}
     keys_to_delete = integ.get_deleted_keys(accounts)
     self.assertEqual(keys_to_delete, expected_result)