diff --git a/fixlib/fixlib/baseresources.py b/fixlib/fixlib/baseresources.py index df3038f0bd..0032907e1d 100644 --- a/fixlib/fixlib/baseresources.py +++ b/fixlib/fixlib/baseresources.py @@ -263,6 +263,15 @@ class Finding: details: Optional[Json] = None +SEVERITY_MAPPING = { + "INFORMATIONAL": Severity.info, + "LOW": Severity.low, + "MEDIUM": Severity.medium, + "HIGH": Severity.high, + "CRITICAL": Severity.critical, +} + + @define(slots=True) class Assessment: # The provider of the security assessment diff --git a/plugins/aws/fix_plugin_aws/resource/ec2.py b/plugins/aws/fix_plugin_aws/resource/ec2.py index 36dbbb414b..1a2209dceb 100644 --- a/plugins/aws/fix_plugin_aws/resource/ec2.py +++ b/plugins/aws/fix_plugin_aws/resource/ec2.py @@ -1412,8 +1412,9 @@ class AwsEc2Instance(EC2Taggable, AwsResource, BaseInstance): def collect_resources(cls, builder: GraphBuilder) -> None: super().collect_resources(builder) ec2_instance_types = set() - for instance in builder.nodes(clazz=AwsEc2Instance): - ec2_instance_types.add(instance.instance_type) + for instance in builder.nodes(clazz=AwsEc2Instance, _region=builder.region): + if instance.instance_type: + ec2_instance_types.add(instance.instance_type) if ec2_instance_types: builder.submit_work( service_name, AwsEc2InstanceType.collect_resource_types, builder, list(ec2_instance_types) diff --git a/plugins/aws/fix_plugin_aws/resource/inspector.py b/plugins/aws/fix_plugin_aws/resource/inspector.py index d89a27f173..12246e961d 100644 --- a/plugins/aws/fix_plugin_aws/resource/inspector.py +++ b/plugins/aws/fix_plugin_aws/resource/inspector.py @@ -10,7 +10,7 @@ from fix_plugin_aws.resource.ec2 import AwsEc2Instance from fix_plugin_aws.resource.ecr import AwsEcrRepository from fix_plugin_aws.resource.lambda_ import AwsLambdaFunction -from fixlib.baseresources import PhantomBaseResource, Severity, Finding +from fixlib.baseresources import SEVERITY_MAPPING, PhantomBaseResource, Severity, Finding from fixlib.json_bender import Bender, S, ForallBend, Bend, F from fixlib.types import Json @@ -105,18 +105,11 @@ class AwsInspectorFinding(AwsResource, PhantomBaseResource): updated_at: Optional[datetime] = field(default=None, metadata={"description": "The date and time the finding was last updated at."}) # fmt: skip def parse_finding(self, source: Json) -> Finding: - severity_mapping = { - "INFORMATIONAL": Severity.info, - "LOW": Severity.low, - "MEDIUM": Severity.medium, - "HIGH": Severity.high, - "CRITICAL": Severity.critical, - } finding_title = self.safe_name if not self.finding_severity: finding_severity = Severity.medium else: - finding_severity = severity_mapping.get(self.finding_severity, Severity.medium) + finding_severity = SEVERITY_MAPPING.get(self.finding_severity, Severity.medium) description = self.description remediation = "" if self.remediation and self.remediation.recommendation: diff --git a/plugins/aws/test/resources/files/ec2/describe-instance-types__instance_type_mac2_metal_m4_large.json b/plugins/aws/test/resources/files/ec2/describe-instance-types__instance_type_mac2_metal_m4_large.json new file mode 100644 index 0000000000..093544ce9a --- /dev/null +++ b/plugins/aws/test/resources/files/ec2/describe-instance-types__instance_type_mac2_metal_m4_large.json @@ -0,0 +1,128 @@ +{ + "InstanceTypes": [ + { + "InstanceType": "m4.large", + "CurrentGeneration": true, + "FreeTierEligible": false, + "SupportedUsageClasses": [ + "on-demand", + "spot" + ], + "SupportedRootDeviceTypes": [ + "ebs" + ], + "SupportedVirtualizationTypes": [ + "hvm" + ], + "BareMetal": false, + "Hypervisor": "nitro", + "ProcessorInfo": { + "SupportedArchitectures": [ + "x86_64" + ], + "SustainedClockSpeedInGhz": 3.5 + }, + "VCpuInfo": { + "DefaultVCpus": 8, + "DefaultCores": 4, + "DefaultThreadsPerCore": 2, + "ValidCores": [ + 2, + 4 + ], + "ValidThreadsPerCore": [ + 1, + 2 + ] + }, + "MemoryInfo": { + "SizeInMiB": 16384 + }, + "InstanceStorageSupported": false, + "InstanceStorageInfo": { + "EbsInfo": { + "EbsStorageSupported": false, + "EbsStorageInfo": { + "VolumeTypes": [ + "standard" + ], + "VolumeSizeInGiBMin": 1, + "VolumeSizeInGiBMax": 1024 + } + }, + "InstanceStorageSupported": false, + "InstanceStorageInfo": { + "VolumeTypes": [ + "standard" + ], + "VolumeSizeInGiBMin": 1, + "VolumeSizeInGiBMax": 1024 + } + }, + "GpuInfo": { + "GPUsSupported": false, + "GPUSupported": false, + "GPUSupportedOnDemand": false, + "GPUSupportedSpot": false + }, + "FpgaInfo": { + "FPGAsSupported": false, + "FPGASupported": false, + "FPGASupportedOnDemand": false, + "FPGASupportedSpot": false + }, + "InferenceAcceleratorInfo": { + "InferenceAcceleratorsSupported": false, + "InferenceAcceleratorsSupportedOnDemand": false, + "InferenceAcceleratorsSupportedSpot": false + }, + "EbsInfo": { + "EbsOptimizedSupport": "default", + "EncryptionSupport": "supported", + "EbsOptimizedInfo": { + "BaselineBandwidthInMbps": 2500, + "BaselineThroughputInMBps": 312.5, + "BaselineIops": 12000, + "MaximumBandwidthInMbps": 10000, + "MaximumThroughputInMBps": 1250, + "MaximumIops": 40000 + }, + "NvmeSupport": "required" + }, + "NetworkInfo": { + "NetworkPerformance": "Up to 12.5 Gigabit", + "MaximumNetworkInterfaces": 4, + "MaximumNetworkCards": 1, + "DefaultNetworkCardIndex": 0, + "NetworkCards": [ + { + "NetworkCardIndex": 0, + "NetworkPerformance": "Up to 12.5 Gigabit", + "MaximumNetworkInterfaces": 4 + } + ], + "Ipv4AddressesPerInterface": 15, + "Ipv6AddressesPerInterface": 15, + "Ipv6Supported": true, + "EnaSupport": "required", + "EfaSupported": false, + "EncryptionInTransitSupported": true + }, + "PlacementGroupInfo": { + "SupportedStrategies": [ + "cluster", + "partition", + "spread" + ] + }, + "HibernationSupported": false, + "BurstablePerformanceSupported": false, + "DedicatedHostsSupported": true, + "AutoRecoverySupported": true, + "SupportedBootModes": [ + "legacy-bios", + "uefi" + ] + } + ] +} \ No newline at end of file