Python IAMPolicyAuditor.check_star_privileges 예제들

예제 #1

파일: test_iam.py 프로젝트: DataDog/security_monkey

    def test_iam_no_admin_list(self):
        import json
        from security_monkey.auditors.iam.iam_policy import IAMPolicyAuditor

        auditor = IAMPolicyAuditor(accounts=['unittest'])

        iamobj = MockIAMObj()
        iamobj.config = {'InlinePolicies': dict(MyPolicy=json.loads(NO_ADMIN_POLICY_LIST))}

        self.assertIs(len(iamobj.audit_issues), 0, "Policy should have 0 alert but has {}".format(len(iamobj.audit_issues)))
        auditor.check_star_privileges(iamobj)
        self.assertIs(len(iamobj.audit_issues), 0, "Policy should have 0 alert but has {}".format(len(iamobj.audit_issues)))

예제 #2

파일: test_iam.py 프로젝트: DataDog/security_monkey

    def test_full_admin_list(self):
        import json
        from security_monkey.auditors.iam.iam_policy import IAMPolicyAuditor

        auditor = IAMPolicyAuditor(accounts=['unittest'])

        iamobj = MockIAMObj()
        iamobj.config = {'InlinePolicies': dict(MyPolicy=json.loads(FULL_ADMIN_POLICY_LIST))}

        self.assertIs(len(iamobj.audit_issues), 0, "Policy should have 0 alert but has {}".format(len(iamobj.audit_issues)))
        auditor.check_star_privileges(iamobj)
        self.assertIs(len(iamobj.audit_issues), 1, "Policy should have 1 alert but has {}".format(len(iamobj.audit_issues)))
        self.assertEquals(iamobj.audit_issues[0].issue, 'Administrator Access')
        self.assertEquals(iamobj.audit_issues[0].notes, 'Actions: ["*"] Resources: ["someresource"]')

예제 #3

    def test_iam_no_admin_list(self):
        import json
        from security_monkey.auditors.iam.iam_policy import IAMPolicyAuditor

        auditor = IAMPolicyAuditor(accounts=['unittest'])

        iamobj = MockIAMObj()
        iamobj.config = {
            'InlinePolicies': dict(MyPolicy=json.loads(NO_ADMIN_POLICY_LIST))
        }

        self.assertIs(
            len(iamobj.audit_issues), 0,
            "Policy should have 0 alert but has {}".format(
                len(iamobj.audit_issues)))
        auditor.check_star_privileges(iamobj)
        self.assertIs(
            len(iamobj.audit_issues), 0,
            "Policy should have 0 alert but has {}".format(
                len(iamobj.audit_issues)))

예제 #4

    def test_full_admin_list(self):
        import json
        from security_monkey.auditors.iam.iam_policy import IAMPolicyAuditor

        auditor = IAMPolicyAuditor(accounts=['unittest'])

        iamobj = MockIAMObj()
        iamobj.config = {
            'InlinePolicies': dict(MyPolicy=json.loads(FULL_ADMIN_POLICY_LIST))
        }

        self.assertIs(
            len(iamobj.audit_issues), 0,
            "Policy should have 0 alert but has {}".format(
                len(iamobj.audit_issues)))
        auditor.check_star_privileges(iamobj)
        self.assertIs(
            len(iamobj.audit_issues), 1,
            "Policy should have 1 alert but has {}".format(
                len(iamobj.audit_issues)))
        self.assertEquals(iamobj.audit_issues[0].issue, 'Administrator Access')
        self.assertEquals(iamobj.audit_issues[0].notes,
                          'Actions: ["*"] Resources: ["someresource"]')