def audit_impl(self):
"""
Audit
:return: violations
"""
if self.debug:
print('SecurityGroupIngressOpenToWorldRule - audit_impl'+lineno())
violating_ingresses = []
for groups in self.cfn_model.security_groups():
if self.debug:
print('group: '+str(groups)+lineno())
print('vars: '+str(vars(groups))+lineno())
for ingress in groups.ingresses:
if self.debug:
print('ingress: '+str(ingress)+lineno())
print('type: '+str(type(ingress)))
if type(ingress)== type(dict()):
if IpAddr.ip4_open(ingress,debug=self.debug) or IpAddr.ip6_open(ingress,debug=self.debug):
if self.debug:
print('ip4/6 address is open'+lineno())
violating_ingresses.append(str(groups.logical_resource_id))
else:
if IpAddr.ip4_open(ingress,debug=self.debug) or IpAddr.ip6_open(ingress,debug=self.debug):
if self.debug:
print('ip4/6 address is open'+lineno())
violating_ingresses.append(str(ingress.logical_resource_id))
routes= self.cfn_model.standalone_ingress()
if self.debug:
print('routes: '+str(routes)+lineno())
for standalone_ingress in routes:
if self.debug:
print('standalone_ingress: '+str(standalone_ingress)+lineno())
print('vars: '+str(vars(standalone_ingress))+lineno())
if IpAddr.ip4_open(standalone_ingress,debug=self.debug) or IpAddr.ip6_open(standalone_ingress,debug=self.debug):
if self.debug:
print('ip4/6 address is open' + lineno())
violating_ingresses.append(str(standalone_ingress.logical_resource_id))
return violating_ingresses
def test_ip4_not_open_list(self):
expected_result = False
dict = []
dict.append({'CidrIp':'192.168.1.0/32'})
real_result = class_to_test.ip4_open(ingress=dict, debug=True)
print('expected results: '+str(expected_result))
print('real results: '+str(real_result))
self.maxDiff = None
self.assertEqual(expected_result, real_result)
def test_ip4_not_open(self):
expected_result = False
dict = {}
dict['CidrIp'] = '192.168.1.0/32'
real_result = class_to_test.ip4_open(ingress=dict, debug=False)
print('expected results: '+str(expected_result))
print('real results: '+str(real_result))
self.maxDiff = None
self.assertEqual(expected_result, real_result)