Skip to content

Commit

Permalink
[aws][feat] Add searching instances also by region and make `SEVERITY…
Browse files Browse the repository at this point in the history
…_MAPPING` statically (#2272)
  • Loading branch information
1101-1 authored Nov 1, 2024
1 parent 65c98f7 commit c22f979
Show file tree
Hide file tree
Showing 4 changed files with 142 additions and 11 deletions.
9 changes: 9 additions & 0 deletions fixlib/fixlib/baseresources.py
Original file line number Diff line number Diff line change
Expand Up @@ -263,6 +263,15 @@ class Finding:
details: Optional[Json] = None


SEVERITY_MAPPING = {
"INFORMATIONAL": Severity.info,
"LOW": Severity.low,
"MEDIUM": Severity.medium,
"HIGH": Severity.high,
"CRITICAL": Severity.critical,
}


@define(slots=True)
class Assessment:
# The provider of the security assessment
Expand Down
5 changes: 3 additions & 2 deletions plugins/aws/fix_plugin_aws/resource/ec2.py
Original file line number Diff line number Diff line change
Expand Up @@ -1412,8 +1412,9 @@ class AwsEc2Instance(EC2Taggable, AwsResource, BaseInstance):
def collect_resources(cls, builder: GraphBuilder) -> None:
super().collect_resources(builder)
ec2_instance_types = set()
for instance in builder.nodes(clazz=AwsEc2Instance):
ec2_instance_types.add(instance.instance_type)
for instance in builder.nodes(clazz=AwsEc2Instance, _region=builder.region):
if instance.instance_type:
ec2_instance_types.add(instance.instance_type)
if ec2_instance_types:
builder.submit_work(
service_name, AwsEc2InstanceType.collect_resource_types, builder, list(ec2_instance_types)
Expand Down
11 changes: 2 additions & 9 deletions plugins/aws/fix_plugin_aws/resource/inspector.py
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
from fix_plugin_aws.resource.ec2 import AwsEc2Instance
from fix_plugin_aws.resource.ecr import AwsEcrRepository
from fix_plugin_aws.resource.lambda_ import AwsLambdaFunction
from fixlib.baseresources import PhantomBaseResource, Severity, Finding
from fixlib.baseresources import SEVERITY_MAPPING, PhantomBaseResource, Severity, Finding
from fixlib.json_bender import Bender, S, ForallBend, Bend, F
from fixlib.types import Json

Expand Down Expand Up @@ -105,18 +105,11 @@ class AwsInspectorFinding(AwsResource, PhantomBaseResource):
updated_at: Optional[datetime] = field(default=None, metadata={"description": "The date and time the finding was last updated at."}) # fmt: skip

def parse_finding(self, source: Json) -> Finding:
severity_mapping = {
"INFORMATIONAL": Severity.info,
"LOW": Severity.low,
"MEDIUM": Severity.medium,
"HIGH": Severity.high,
"CRITICAL": Severity.critical,
}
finding_title = self.safe_name
if not self.finding_severity:
finding_severity = Severity.medium
else:
finding_severity = severity_mapping.get(self.finding_severity, Severity.medium)
finding_severity = SEVERITY_MAPPING.get(self.finding_severity, Severity.medium)
description = self.description
remediation = ""
if self.remediation and self.remediation.recommendation:
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,128 @@
{
"InstanceTypes": [
{
"InstanceType": "m4.large",
"CurrentGeneration": true,
"FreeTierEligible": false,
"SupportedUsageClasses": [
"on-demand",
"spot"
],
"SupportedRootDeviceTypes": [
"ebs"
],
"SupportedVirtualizationTypes": [
"hvm"
],
"BareMetal": false,
"Hypervisor": "nitro",
"ProcessorInfo": {
"SupportedArchitectures": [
"x86_64"
],
"SustainedClockSpeedInGhz": 3.5
},
"VCpuInfo": {
"DefaultVCpus": 8,
"DefaultCores": 4,
"DefaultThreadsPerCore": 2,
"ValidCores": [
2,
4
],
"ValidThreadsPerCore": [
1,
2
]
},
"MemoryInfo": {
"SizeInMiB": 16384
},
"InstanceStorageSupported": false,
"InstanceStorageInfo": {
"EbsInfo": {
"EbsStorageSupported": false,
"EbsStorageInfo": {
"VolumeTypes": [
"standard"
],
"VolumeSizeInGiBMin": 1,
"VolumeSizeInGiBMax": 1024
}
},
"InstanceStorageSupported": false,
"InstanceStorageInfo": {
"VolumeTypes": [
"standard"
],
"VolumeSizeInGiBMin": 1,
"VolumeSizeInGiBMax": 1024
}
},
"GpuInfo": {
"GPUsSupported": false,
"GPUSupported": false,
"GPUSupportedOnDemand": false,
"GPUSupportedSpot": false
},
"FpgaInfo": {
"FPGAsSupported": false,
"FPGASupported": false,
"FPGASupportedOnDemand": false,
"FPGASupportedSpot": false
},
"InferenceAcceleratorInfo": {
"InferenceAcceleratorsSupported": false,
"InferenceAcceleratorsSupportedOnDemand": false,
"InferenceAcceleratorsSupportedSpot": false
},
"EbsInfo": {
"EbsOptimizedSupport": "default",
"EncryptionSupport": "supported",
"EbsOptimizedInfo": {
"BaselineBandwidthInMbps": 2500,
"BaselineThroughputInMBps": 312.5,
"BaselineIops": 12000,
"MaximumBandwidthInMbps": 10000,
"MaximumThroughputInMBps": 1250,
"MaximumIops": 40000
},
"NvmeSupport": "required"
},
"NetworkInfo": {
"NetworkPerformance": "Up to 12.5 Gigabit",
"MaximumNetworkInterfaces": 4,
"MaximumNetworkCards": 1,
"DefaultNetworkCardIndex": 0,
"NetworkCards": [
{
"NetworkCardIndex": 0,
"NetworkPerformance": "Up to 12.5 Gigabit",
"MaximumNetworkInterfaces": 4
}
],
"Ipv4AddressesPerInterface": 15,
"Ipv6AddressesPerInterface": 15,
"Ipv6Supported": true,
"EnaSupport": "required",
"EfaSupported": false,
"EncryptionInTransitSupported": true
},
"PlacementGroupInfo": {
"SupportedStrategies": [
"cluster",
"partition",
"spread"
]
},
"HibernationSupported": false,
"BurstablePerformanceSupported": false,
"DedicatedHostsSupported": true,
"AutoRecoverySupported": true,
"SupportedBootModes": [
"legacy-bios",
"uefi"
]
}
]
}

0 comments on commit c22f979

Please sign in to comment.