def testAllDisabled(self):
        builder = scanner_builder.ScannerBuilder(
            FAKE_GLOBAL_CONFIGS, fake_runnable_scanners.ALL_DISABLED,
            FAKE_TIMESTAMP)
        runnable_pipelines = builder.build()

        self.assertEquals(0, len(runnable_pipelines))
    def testTwoEnabled(self, mock_bucket_rules_engine, mock_iam_rules_engine):
        builder = scanner_builder.ScannerBuilder(
            FAKE_GLOBAL_CONFIGS, fake_runnable_scanners.TWO_ENABLED,
            FAKE_TIMESTAMP)
        runnable_pipelines = builder.build()

        self.assertEquals(2, len(runnable_pipelines))
        expected_pipelines = ['BucketsAclScanner', 'IamPolicyScanner']
        for pipeline in runnable_pipelines:
            self.assertTrue(type(pipeline).__name__ in expected_pipelines)
Exemplo n.º 3
0
def main(_):
    """Run the scanners.

    Args:
        _ (list): argv, unused due to apputils.
    """
    forseti_config = FLAGS.forseti_config
    if forseti_config is None:
        LOGGER.error('Path to Forseti Security config needs to be specified.')
        sys.exit()

    try:
        configs = file_loader.read_and_parse_file(forseti_config)
    except IOError:
        LOGGER.error('Unable to open Forseti Security config file. '
                     'Please check your path and filename and try again.')
        sys.exit()
    global_configs = configs.get('global')
    scanner_configs = configs.get('scanner')

    log_util.set_logger_level_from_config(scanner_configs.get('loglevel'))

    snapshot_timestamp = _get_timestamp(global_configs)
    if not snapshot_timestamp:
        LOGGER.warn('No snapshot timestamp found. Exiting.')
        sys.exit()

    runnable_scanners = scanner_builder.ScannerBuilder(
        global_configs, scanner_configs, snapshot_timestamp).build()

    # TODO: Make resilient by letting the batch continue to run even if one
    # scanner errors out.
    # TODO: fix the bare except
    # pylint: disable=bare-except
    for scanner in runnable_scanners:
        try:
            scanner.run()
        except:
            LOGGER.error('Error running scanner: %s',
                         scanner.__class__.__name__,
                         exc_info=True)
    # pylint: enable=bare-except

    LOGGER.info('Scan complete!')