Changed rule name classes to inherit from RuleNameEnum to add a more specific type hints
This commit is contained in:
VakarisZ
parent
baadb241e8
commit
3cb2a63a9d
|
|
@ -1,7 +1,7 @@
|
|||
from enum import Enum
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.rule_name_enum import RuleNameEnum
|
||||
|
||||
|
||||
class CloudformationRules(Enum):
|
||||
class CloudformationRules(RuleNameEnum):
|
||||
|
||||
# Service Security
|
||||
CLOUDFORMATION_STACK_WITH_ROLE = 'cloudformation-stack-with-role'
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
from enum import Enum
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.rule_name_enum import RuleNameEnum
|
||||
|
||||
|
||||
class CloudTrailRules(Enum):
|
||||
class CloudTrailRules(RuleNameEnum):
|
||||
# Logging
|
||||
CLOUDTRAIL_DUPLICATED_GLOBAL_SERVICES_LOGGING = 'cloudtrail-duplicated-global-services-logging'
|
||||
CLOUDTRAIL_NO_DATA_LOGGING = 'cloudtrail-no-data-logging'
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
from enum import Enum
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.rule_name_enum import RuleNameEnum
|
||||
|
||||
|
||||
class CloudWatchRules(Enum):
|
||||
class CloudWatchRules(RuleNameEnum):
|
||||
# Logging
|
||||
CLOUDWATCH_ALARM_WITHOUT_ACTIONS = 'cloudwatch-alarm-without-actions'
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
from enum import Enum
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.rule_name_enum import RuleNameEnum
|
||||
|
||||
|
||||
class ConfigRules(Enum):
|
||||
class ConfigRules(RuleNameEnum):
|
||||
# Logging
|
||||
CONFIG_RECORDER_NOT_CONFIGURED = 'config-recorder-not-configured'
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
from enum import Enum
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.rule_name_enum import RuleNameEnum
|
||||
|
||||
|
||||
class EC2Rules(Enum):
|
||||
class EC2Rules(RuleNameEnum):
|
||||
# Permissive firewall rules
|
||||
SECURITY_GROUP_ALL_PORTS_TO_ALL = 'ec2-security-group-opens-all-ports-to-all'
|
||||
SECURITY_GROUP_OPENS_TCP_PORT_TO_ALL = 'ec2-security-group-opens-TCP-port-to-all'
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
from enum import Enum
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.rule_name_enum import RuleNameEnum
|
||||
|
||||
|
||||
class ELBRules(Enum):
|
||||
class ELBRules(RuleNameEnum):
|
||||
# Logging
|
||||
ELB_NO_ACCESS_LOGS = 'elb-no-access-logs'
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
from enum import Enum
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.rule_name_enum import RuleNameEnum
|
||||
|
||||
|
||||
class ELBv2Rules(Enum):
|
||||
class ELBv2Rules(RuleNameEnum):
|
||||
# Encryption
|
||||
ELBV2_LISTENER_ALLOWING_CLEARTEXT = 'elbv2-listener-allowing-cleartext'
|
||||
ELBV2_OLDER_SSL_POLICY = 'elbv2-older-ssl-policy'
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
from enum import Enum
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.rule_name_enum import RuleNameEnum
|
||||
|
||||
|
||||
class IAMRules(Enum):
|
||||
class IAMRules(RuleNameEnum):
|
||||
# Authentication/authorization
|
||||
IAM_USER_NO_ACTIVE_KEY_ROTATION = 'iam-user-no-Active-key-rotation'
|
||||
IAM_PASSWORD_POLICY_MINIMUM_LENGTH = 'iam-password-policy-minimum-length'
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
from enum import Enum
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.rule_name_enum import RuleNameEnum
|
||||
|
||||
|
||||
class RDSRules(Enum):
|
||||
class RDSRules(RuleNameEnum):
|
||||
# Encryption
|
||||
RDS_INSTANCE_STORAGE_NOT_ENCRYPTED = 'rds-instance-storage-not-encrypted'
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
from enum import Enum
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.rule_name_enum import RuleNameEnum
|
||||
|
||||
|
||||
class RedshiftRules(Enum):
|
||||
class RedshiftRules(RuleNameEnum):
|
||||
# Encryption
|
||||
REDSHIFT_CLUSTER_DATABASE_NOT_ENCRYPTED = 'redshift-cluster-database-not-encrypted'
|
||||
REDSHIFT_PARAMETER_GROUP_SSL_NOT_REQUIRED = 'redshift-parameter-group-ssl-not-required'
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
from enum import Enum
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.rule_name_enum import RuleNameEnum
|
||||
|
||||
|
||||
class S3Rules(Enum):
|
||||
class S3Rules(RuleNameEnum):
|
||||
# Encryption
|
||||
S3_BUCKET_ALLOWING_CLEARTEXT = 's3-bucket-allowing-cleartext'
|
||||
S3_BUCKET_NO_DEFAULT_ENCRYPTION = 's3-bucket-no-default-encryption'
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
from enum import Enum
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.rule_name_enum import RuleNameEnum
|
||||
|
||||
|
||||
class SESRules(Enum):
|
||||
class SESRules(RuleNameEnum):
|
||||
|
||||
# Permissive policies
|
||||
SES_IDENTITY_WORLD_SENDRAWEMAIL_POLICY = 'ses-identity-world-SendRawEmail-policy'
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
from enum import Enum
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.rule_name_enum import RuleNameEnum
|
||||
|
||||
|
||||
class SNSRules(Enum):
|
||||
class SNSRules(RuleNameEnum):
|
||||
|
||||
# Permissive policies
|
||||
SNS_TOPIC_WORLD_SUBSCRIBE_POLICY = 'sns-topic-world-Subscribe-policy'
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
from enum import Enum
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.rule_name_enum import RuleNameEnum
|
||||
|
||||
|
||||
class SQSRules(Enum):
|
||||
class SQSRules(RuleNameEnum):
|
||||
|
||||
# Permissive policies
|
||||
SQS_QUEUE_WORLD_SENDMESSAGE_POLICY = 'sqs-queue-world-SendMessage-policy'
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
from enum import Enum
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.rule_name_enum import RuleNameEnum
|
||||
|
||||
|
||||
class VPCRules(Enum):
|
||||
class VPCRules(RuleNameEnum):
|
||||
# Logging
|
||||
SUBNET_WITHOUT_FLOW_LOG = 'vpc-subnet-without-flow-log'
|
||||
|
||||
|
|
|
|||
|
|
@ -12,6 +12,7 @@ from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.elbv2_rul
|
|||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.iam_rules import IAMRules
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.rds_rules import RDSRules
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.redshift_rules import RedshiftRules
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.rule_name_enum import RuleNameEnum
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.s3_rules import S3Rules
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.ses_rules import SESRules
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.sns_rules import SNSRules
|
||||
|
|
@ -23,7 +24,7 @@ from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.vpc_rules
|
|||
class ScoutSuiteFindingMap(ABC):
|
||||
@property
|
||||
@abstractmethod
|
||||
def rules(self) -> List[EC2Rules]:
|
||||
def rules(self) -> List[RuleNameEnum]:
|
||||
pass
|
||||
|
||||
@property
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
from abc import ABC, abstractmethod
|
||||
from enum import Enum
|
||||
from enum import Enum, EnumMeta
|
||||
from typing import List
|
||||
|
||||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import FINDINGS, SERVICES, SERVICE_TYPES
|
||||
|
|
@ -14,7 +14,7 @@ class AbstractRulePathCreator(ABC):
|
|||
|
||||
@property
|
||||
@abstractmethod
|
||||
def supported_rules(self) -> List:
|
||||
def supported_rules(self) -> EnumMeta:
|
||||
pass
|
||||
|
||||
@classmethod
|
||||
|
|
|
|||
Loading…
Reference in New Issue