def test_notify(mocker):
test_file = open(test_data + 'CIS_1-6.json')
event = json.loads(test_file.read())
test_file.close()
finding = findings.Finding(event['detail']['findings'][0])
logger = Logger(loglevel='info')
logger_obj = mocker.patch('lib.logger.Logger.info', return_value=None)
applogger = LogHandler('pytest')
mocker.patch('lib.applogger.LogHandler.add_message', return_value='')
# mocker.patch('lib.sechub_findings.Finding.resolve', return_value='')
mocker.patch('lib.sechub_findings.Finding.update_text', return_value='')
AWS = AWSClient('aws', 'us-east-1')
mocker.patch('lib.awsapi_helpers.AWSClient.postit', return_value='')
test_message = {
'Note': '',
'State': 'INFO',
'Account': '111111111111',
'Remediation': 'Remediate all the things',
'AffectedObject': 'An AWS Thingy',
'metrics_data': {
'status': 'RESOLVED'
}
}
findings.notify(finding,
test_message,
logger,
cwlogs=applogger,
sechub=True,
sns=AWS)
logger_obj.assert_called_once_with(
'INFO: "Remediate all the things" , Account Id: 111111111111, Resource: An AWS Thingy'
)
# assert logger_mock('message', mocker.ANY)
test_message = {}
findings.notify(finding,
test_message,
logger,
cwlogs=applogger,
sechub=True,
sns=AWS)
logger_obj.assert_called_with(
'INFO: error - missing note, Account Id: error, Resource: error')
# initialise loggers
LOG_LEVEL = os.getenv('log_level', 'info')
LOGGER = Logger(loglevel=LOG_LEVEL)
APPLOGGER = LogHandler(os.path.basename(
__file__[:-3])) # application logger for CW Logs
# Get AWS region from Lambda environment. If not present then we're not
# running under lambda, so defaulting to us-east-1
AWS_REGION = os.getenv('AWS_DEFAULT_REGION', 'us-east-1')
AWS_PARTITION = os.getenv('AWS_PARTITION', 'aws')
# Append region name to LAMBDA_ROLE
LAMBDA_ROLE += '_' + AWS_REGION
BOTO_CONFIG = Config(retries={'max_attempts': 10}, region_name=AWS_REGION)
AWS = AWSClient(AWS_PARTITION, AWS_REGION)
#------------------------------------------------------------------------------
# HANDLER
#------------------------------------------------------------------------------
def lambda_handler(event, context):
LOGGER.debug(event)
metrics = Metrics(event)
try:
for finding_rec in event['detail']['findings']:
finding = Finding(finding_rec)
LOGGER.info('FINDING_ID: ' + str(finding.details.get('Id')))
remediate(finding, metrics.get_metrics_from_finding(finding_rec))
except Exception as e:
LAMBDA_ROLE = 'SO0111_CIS29_memberRole'
REMEDIATION = 'Enable VPC flow logging in all VPCs'
AFFECTED_OBJECT = 'VPC Flow Logs'
#------------------------------
PLAYBOOK = os.path.basename(__file__[:-3])
# initialise LOGGERs
LOG_LEVEL = os.getenv('log_level', 'info')
LOGGER = Logger(loglevel=LOG_LEVEL)
APPLOGGER = LogHandler(PLAYBOOK) # application LOGGER for CW Logs
# Get AWS region from Lambda environment. If not present then we're not
# running under lambda, so defaulting to us-east-1
AWS_REGION = os.getenv('AWS_DEFAULT_REGION', 'us-east-1')
BOTO_CONFIG = Config(retries={'max_attempts': 10}, region_name=AWS_REGION)
AWS = AWSClient()
#------------------------------------------------------------------------------
# HANDLER
#------------------------------------------------------------------------------
def lambda_handler(event, context):
LOGGER.debug(event)
metrics = Metrics(event)
try:
for finding_rec in event['detail']['findings']:
finding = Finding(finding_rec)
remediate(finding, metrics.get_metrics_from_finding(finding_rec))
except Exception as e:
LOGGER.error(e)
# http://www.apache.org/licenses/ #
# #
# or in the "license" file accompanying this file. This file is distributed #
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express #
# or implied. See the License for the specific language governing permis- #
# sions and limitations under the License. #
###############################################################################
"""
Simple test to validate that the request format coming from the Cfn template
will turn into a valid API call.
"""
from botocore.stub import Stubber, ANY
import pytest
from lib.awsapi_helpers import AWSClient, BotoSession
aws = AWSClient()
#------------------------------------------------------------------------------
#
#------------------------------------------------------------------------------
def test_whoami():
aws.connect('sts', 'us-east-1')
stubber = Stubber(aws.CLIENT['sts']['us-east-1'])
stubber.add_response('get_caller_identity', {})
stubber.activate()
myaccount = aws.whoami()
assert 'sts' in aws.CLIENT
assert 'us-east-1' in aws.CLIENT['sts']
# http://www.apache.org/licenses/ #
# #
# or in the "license" file accompanying this file. This file is distributed #
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express #
# or implied. See the License for the specific language governing permis- #
# sions and limitations under the License. #
###############################################################################
"""
Simple test to validate that the request format coming from the Cfn template
will turn into a valid API call.
"""
from botocore.stub import Stubber, ANY
import pytest
from lib.awsapi_helpers import AWSClient, BotoSession
aws = AWSClient('aws', 'us-east-1')
#------------------------------------------------------------------------------
#
#------------------------------------------------------------------------------
def test_whoami():
aws.connect('sts', 'us-east-1')
stubber = Stubber(aws.CLIENT['sts']['us-east-1'])
stubber.add_response('get_caller_identity', {})
stubber.activate()
myaccount = aws.whoami()
assert 'sts' in aws.CLIENT
assert 'us-east-1' in aws.CLIENT['sts']