Skip to content

Commit

Permalink
[aws][feat] Add collection of Inspector resource (#2242)
Browse files Browse the repository at this point in the history 
Co-authored-by: Matthias Veit <[email protected]>
  • Loading branch information
@1101-1 @aquamatthias
1101-1 and aquamatthias authored Oct 16, 2024
1 parent 6cacdf9 commit 8626219
Show file tree
Hide file tree
Showing 7 changed files with 695 additions and 5 deletions.
2 changes: 2 additions & 0 deletions plugins/aws/fix_plugin_aws/collector.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@
backup,
bedrock,
scp,
inspector,
)
from fix_plugin_aws.resource.base import (
AwsAccount,
Expand Down Expand Up @@ -117,6 +118,7 @@
+ backup.resources
+ amazonq.resources
+ bedrock.resources
+ inspector.resources
)
all_resources: List[Type[AwsResource]] = global_resources + regional_resources

Expand Down
2 changes: 1 addition & 1 deletion plugins/aws/fix_plugin_aws/resource/backup.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -175,7 +175,7 @@ class AwsBackupProtectedResource(AwsResource):
}
api_spec: ClassVar[AwsApiSpec] = AwsApiSpec("backup", "list-protected-resources", "Results")
mapping: ClassVar[Dict[str, Bender]] = {
"id": S("ResourceArn") >> F(lambda arn: arn.rsplit("/")[1]),
"id": S("ResourceArn") >> F(AwsResource.id_from_arn),
"name": S("ResourceName"),
"resource_arn": S("ResourceArn"),
"resource_type": S("ResourceType"),
Expand Down
434 changes: 434 additions & 0 deletions plugins/aws/fix_plugin_aws/resource/inspector.py
View file

Large diffs are not rendered by default.

4 changes: 2 additions & 2 deletions plugins/aws/test/collector_test.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,8 +34,8 @@ def count_kind(clazz: Type[AwsResource]) -> int:
# make sure all threads have been joined
assert len(threading.enumerate()) == 1
# ensure the correct number of nodes and edges
assert count_kind(AwsResource) == 261
assert len(account_collector.graph.edges) == 575
assert count_kind(AwsResource) == 262
assert len(account_collector.graph.edges) == 577
assert len(account_collector.graph.deferred_edges) == 2
for node in account_collector.graph.nodes:
if isinstance(node, AwsRegion):
Expand Down
237 changes: 237 additions & 0 deletions plugins/aws/test/resources/files/inspector2/list-findings__EQUALS_test.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,237 @@
{
"findings": [
{
"awsAccountId": "foo",
"codeVulnerabilityDetails": {
"cwes": [
"foo",
"foo",
"foo"
],
"detectorId": "foo",
"detectorName": "foo",
"detectorTags": [
"foo",
"foo",
"foo"
],
"filePath": {
"endLine": 123,
"fileName": "foo",
"filePath": "foo",
"startLine": 123
},
"referenceUrls": [
"foo",
"foo",
"foo"
],
"ruleId": "foo",
"sourceLambdaLayerArn": "foo"
},
"description": "foo",
"epss": {
"score": 1.234
},
"exploitAvailable": "NO",
"exploitabilityDetails": {
"lastKnownExploitAt": "2024-10-14T18:00:11Z"
},
"findingArn": "foo",
"firstObservedAt": "2024-10-14T18:00:11Z",
"fixAvailable": "NO",
"inspectorScore": 1.234,
"inspectorScoreDetails": {
"adjustedCvss": {
"adjustments": [
{
"metric": "foo",
"reason": "foo"
},
{
"metric": "foo",
"reason": "foo"
},
{
"metric": "foo",
"reason": "foo"
}
],
"cvssSource": "foo",
"score": 1.234,
"scoreSource": "foo",
"scoringVector": "foo",
"version": "foo"
}
},
"lastObservedAt": "2024-10-14T18:00:11Z",
"networkReachabilityDetails": {
"networkPath": {
"steps": [
{
"componentId": "foo",
"componentType": "foo"
},
{
"componentId": "foo",
"componentType": "foo"
},
{
"componentId": "foo",
"componentType": "foo"
}
]
},
"openPortRange": {
"begin": 123,
"end": 123
},
"protocol": "UDP"
},
"packageVulnerabilityDetails": {
"cvss": [
{
"baseScore": 1.234,
"scoringVector": "foo",
"source": "foo",
"version": "foo"
},
{
"baseScore": 1.234,
"scoringVector": "foo",
"source": "foo",
"version": "foo"
},
{
"baseScore": 1.234,
"scoringVector": "foo",
"source": "foo",
"version": "foo"
}
],
"referenceUrls": [
"foo",
"foo",
"foo"
],
"relatedVulnerabilities": [
"foo",
"foo",
"foo"
],
"source": "foo",
"sourceUrl": "https://example.com",
"vendorCreatedAt": "2024-10-14T18:00:11Z",
"vendorSeverity": "foo",
"vendorUpdatedAt": "2024-10-14T18:00:11Z",
"vulnerabilityId": "foo",
"vulnerablePackages": [
{
"arch": "foo",
"epoch": 123,
"filePath": "foo",
"fixedInVersion": "foo",
"name": "foo",
"packageManager": "CARGO",
"release": "foo",
"remediation": "foo",
"sourceLambdaLayerArn": "foo",
"sourceLayerHash": "foo",
"version": "foo"
}
]
},
"remediation": {
"recommendation": {
"Url": "https://example.com",
"text": "foo"
}
},
"resources": [
{
"details": {
"awsEc2Instance": {
"iamInstanceProfileArn": "foo",
"imageId": "foo",
"ipV4Addresses": [
"foo",
"foo",
"foo"
],
"ipV6Addresses": [
"foo",
"foo",
"foo"
],
"keyName": "foo",
"launchedAt": "2024-10-14T18:00:11Z",
"platform": "foo",
"subnetId": "foo",
"type": "foo",
"vpcId": "foo"
},
"awsEcrContainerImage": {
"architecture": "foo",
"author": "foo",
"imageHash": "foo",
"imageTags": [
"foo",
"foo",
"foo"
],
"platform": "foo",
"pushedAt": "2024-10-14T18:00:11Z",
"registry": "foo",
"repositoryName": "foo"
},
"awsLambdaFunction": {
"architectures": [
"ARM64",
"ARM64",
"ARM64"
],
"codeSha256": "foo",
"executionRoleArn": "foo",
"functionName": "foo",
"lastModifiedAt": "2024-10-14T18:00:11Z",
"layers": [
"foo",
"foo",
"foo"
],
"packageType": "ZIP",
"runtime": "NODEJS_12_X",
"version": "foo",
"vpcConfig": {
"securityGroupIds": [
"foo",
"foo",
"foo"
],
"subnetIds": [
"foo",
"foo",
"foo"
],
"vpcId": "foo"
}
}
},
"id": "foo",
"partition": "foo",
"region": "foo",
"tags": {
"0": "foo"
},
"type": "AWS_ECR_CONTAINER_IMAGE"
}
],
"severity": "LOW",
"status": "SUPPRESSED",
"title": "foo",
"type": "PACKAGE_VULNERABILITY",
"updatedAt": "2024-10-14T18:00:11Z"
}
],
"nextToken": "foo"
}
6 changes: 6 additions & 0 deletions plugins/aws/test/resources/inspector_test.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
from fix_plugin_aws.resource.inspector import AwsInspectorFinding
from test.resources import round_trip_for


def test_inspector_findings() -> None:
round_trip_for(AwsInspectorFinding)
15 changes: 13 additions & 2 deletions plugins/aws/tools/aws_model_gen.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -239,6 +239,8 @@ def process_shape_items(shape_items: List[Tuple[Any, Any]], prop_prefix: str, cl
elif isinstance(shape, StringShape):
return []
elif isinstance(shape, ListShape):
if isinstance(shape.member, StringShape):
return []
process_shape_items(shape.member.members.items(), prop_prefix, clazz_name)
else:
if getattr(shape, "members", None) is None:
Expand Down Expand Up @@ -280,7 +282,7 @@ def create_test_response(service: str, function: str, is_pascal: bool = False) -

def sample(shape: Shape) -> JsonElement:
if isinstance(shape, StringShape) and shape.enum:
return shape.enum[1]
return shape.enum[-1]
elif isinstance(shape, StringShape) and "8601" in shape.documentation:
return utc_str()
elif isinstance(shape, StringShape) and "URL" in shape.documentation:
Expand Down Expand Up @@ -983,12 +985,21 @@ def default_imports() -> str:
# prefix="Bedrock",
# )
],
"inspector2": [
# Findings
AwsFixModel(
api_action="list-findings",
result_property="findings",
result_shape="ListFindingsResponse",
prefix="InspectorV2",
),
],
}


if __name__ == "__main__":
"""print some test data"""
print(json.dumps(create_test_response("bedrock-agent", "get-knowledge-base"), indent=2))
# print(json.dumps(create_test_response("inspector2", "list-coverage"), indent=2))

"""print the class models"""
# print(default_imports())
Expand Down

0 comments on commit 8626219

Please sign in to comment.