def test_notify(mocker):
    test_file = open(test_data + 'CIS_1-6.json')
    event = json.loads(test_file.read())
    test_file.close()

    finding = findings.Finding(event['detail']['findings'][0])

    logger = Logger(loglevel='info')
    logger_obj = mocker.patch('lib.logger.Logger.info', return_value=None)

    applogger = LogHandler('pytest')
    mocker.patch('lib.applogger.LogHandler.add_message', return_value='')

    # mocker.patch('lib.sechub_findings.Finding.resolve', return_value='')

    mocker.patch('lib.sechub_findings.Finding.update_text', return_value='')

    AWS = AWSClient('aws', 'us-east-1')
    mocker.patch('lib.awsapi_helpers.AWSClient.postit', return_value='')

    test_message = {
        'Note': '',
        'State': 'INFO',
        'Account': '111111111111',
        'Remediation': 'Remediate all the things',
        'AffectedObject': 'An AWS Thingy',
        'metrics_data': {
            'status': 'RESOLVED'
        }
    }
    findings.notify(finding,
                    test_message,
                    logger,
                    cwlogs=applogger,
                    sechub=True,
                    sns=AWS)
    logger_obj.assert_called_once_with(
        'INFO: "Remediate all the things" , Account Id: 111111111111, Resource: An AWS Thingy'
    )

    # assert logger_mock('message', mocker.ANY)
    test_message = {}
    findings.notify(finding,
                    test_message,
                    logger,
                    cwlogs=applogger,
                    sechub=True,
                    sns=AWS)
    logger_obj.assert_called_with(
        'INFO: error - missing note, Account Id: error, Resource: error')
# initialise loggers
LOG_LEVEL = os.getenv('log_level', 'info')
LOGGER = Logger(loglevel=LOG_LEVEL)
APPLOGGER = LogHandler(os.path.basename(
    __file__[:-3]))  # application logger for CW Logs

# Get AWS region from Lambda environment. If not present then we're not
# running under lambda, so defaulting to us-east-1
AWS_REGION = os.getenv('AWS_DEFAULT_REGION', 'us-east-1')
AWS_PARTITION = os.getenv('AWS_PARTITION', 'aws')

# Append region name to LAMBDA_ROLE
LAMBDA_ROLE += '_' + AWS_REGION
BOTO_CONFIG = Config(retries={'max_attempts': 10}, region_name=AWS_REGION)
AWS = AWSClient(AWS_PARTITION, AWS_REGION)


#------------------------------------------------------------------------------
# HANDLER
#------------------------------------------------------------------------------
def lambda_handler(event, context):

    LOGGER.debug(event)
    metrics = Metrics(event)
    try:
        for finding_rec in event['detail']['findings']:
            finding = Finding(finding_rec)
            LOGGER.info('FINDING_ID: ' + str(finding.details.get('Id')))
            remediate(finding, metrics.get_metrics_from_finding(finding_rec))
    except Exception as e:
Exemplo n.º 3
0
LAMBDA_ROLE = 'SO0111_CIS29_memberRole'
REMEDIATION = 'Enable VPC flow logging in all VPCs'
AFFECTED_OBJECT = 'VPC Flow Logs'
#------------------------------

PLAYBOOK = os.path.basename(__file__[:-3])
# initialise LOGGERs
LOG_LEVEL = os.getenv('log_level', 'info')
LOGGER = Logger(loglevel=LOG_LEVEL)
APPLOGGER = LogHandler(PLAYBOOK)  # application LOGGER for CW Logs

# Get AWS region from Lambda environment. If not present then we're not
# running under lambda, so defaulting to us-east-1
AWS_REGION = os.getenv('AWS_DEFAULT_REGION', 'us-east-1')
BOTO_CONFIG = Config(retries={'max_attempts': 10}, region_name=AWS_REGION)
AWS = AWSClient()


#------------------------------------------------------------------------------
# HANDLER
#------------------------------------------------------------------------------
def lambda_handler(event, context):

    LOGGER.debug(event)
    metrics = Metrics(event)
    try:
        for finding_rec in event['detail']['findings']:
            finding = Finding(finding_rec)
            remediate(finding, metrics.get_metrics_from_finding(finding_rec))
    except Exception as e:
        LOGGER.error(e)
Exemplo n.º 4
0
#      http://www.apache.org/licenses/                                        #
#                                                                             #
#  or in the "license" file accompanying this file. This file is distributed  #
#  on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express #
#  or implied. See the License for the specific language governing permis-    #
#  sions and limitations under the License.                                   #
###############################################################################
"""
Simple test to validate that the request format coming from the Cfn template
will turn into a valid API call.
"""
from botocore.stub import Stubber, ANY
import pytest
from lib.awsapi_helpers import AWSClient, BotoSession

aws = AWSClient()


#------------------------------------------------------------------------------
#
#------------------------------------------------------------------------------
def test_whoami():

    aws.connect('sts', 'us-east-1')
    stubber = Stubber(aws.CLIENT['sts']['us-east-1'])
    stubber.add_response('get_caller_identity', {})
    stubber.activate()
    myaccount = aws.whoami()
    assert 'sts' in aws.CLIENT
    assert 'us-east-1' in aws.CLIENT['sts']
Exemplo n.º 5
0
#      http://www.apache.org/licenses/                                        #
#                                                                             #
#  or in the "license" file accompanying this file. This file is distributed  #
#  on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express #
#  or implied. See the License for the specific language governing permis-    #
#  sions and limitations under the License.                                   #
###############################################################################
"""
Simple test to validate that the request format coming from the Cfn template
will turn into a valid API call.
"""
from botocore.stub import Stubber, ANY
import pytest
from lib.awsapi_helpers import AWSClient, BotoSession

aws = AWSClient('aws', 'us-east-1')


#------------------------------------------------------------------------------
#
#------------------------------------------------------------------------------
def test_whoami():

    aws.connect('sts', 'us-east-1')
    stubber = Stubber(aws.CLIENT['sts']['us-east-1'])
    stubber.add_response('get_caller_identity', {})
    stubber.activate()
    myaccount = aws.whoami()
    assert 'sts' in aws.CLIENT
    assert 'us-east-1' in aws.CLIENT['sts']