forked from p15670423/monkey
Changed rule name classes to inherit from RuleNameEnum to add a more specific type hints
This commit is contained in:
parent
baadb241e8
commit
3cb2a63a9d
|
@ -1,7 +1,7 @@
|
||||||
from enum import Enum
|
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.rule_name_enum import RuleNameEnum
|
||||||
|
|
||||||
|
|
||||||
class CloudformationRules(Enum):
|
class CloudformationRules(RuleNameEnum):
|
||||||
|
|
||||||
# Service Security
|
# Service Security
|
||||||
CLOUDFORMATION_STACK_WITH_ROLE = 'cloudformation-stack-with-role'
|
CLOUDFORMATION_STACK_WITH_ROLE = 'cloudformation-stack-with-role'
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
from enum import Enum
|
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.rule_name_enum import RuleNameEnum
|
||||||
|
|
||||||
|
|
||||||
class CloudTrailRules(Enum):
|
class CloudTrailRules(RuleNameEnum):
|
||||||
# Logging
|
# Logging
|
||||||
CLOUDTRAIL_DUPLICATED_GLOBAL_SERVICES_LOGGING = 'cloudtrail-duplicated-global-services-logging'
|
CLOUDTRAIL_DUPLICATED_GLOBAL_SERVICES_LOGGING = 'cloudtrail-duplicated-global-services-logging'
|
||||||
CLOUDTRAIL_NO_DATA_LOGGING = 'cloudtrail-no-data-logging'
|
CLOUDTRAIL_NO_DATA_LOGGING = 'cloudtrail-no-data-logging'
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
from enum import Enum
|
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.rule_name_enum import RuleNameEnum
|
||||||
|
|
||||||
|
|
||||||
class CloudWatchRules(Enum):
|
class CloudWatchRules(RuleNameEnum):
|
||||||
# Logging
|
# Logging
|
||||||
CLOUDWATCH_ALARM_WITHOUT_ACTIONS = 'cloudwatch-alarm-without-actions'
|
CLOUDWATCH_ALARM_WITHOUT_ACTIONS = 'cloudwatch-alarm-without-actions'
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
from enum import Enum
|
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.rule_name_enum import RuleNameEnum
|
||||||
|
|
||||||
|
|
||||||
class ConfigRules(Enum):
|
class ConfigRules(RuleNameEnum):
|
||||||
# Logging
|
# Logging
|
||||||
CONFIG_RECORDER_NOT_CONFIGURED = 'config-recorder-not-configured'
|
CONFIG_RECORDER_NOT_CONFIGURED = 'config-recorder-not-configured'
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
from enum import Enum
|
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.rule_name_enum import RuleNameEnum
|
||||||
|
|
||||||
|
|
||||||
class EC2Rules(Enum):
|
class EC2Rules(RuleNameEnum):
|
||||||
# Permissive firewall rules
|
# Permissive firewall rules
|
||||||
SECURITY_GROUP_ALL_PORTS_TO_ALL = 'ec2-security-group-opens-all-ports-to-all'
|
SECURITY_GROUP_ALL_PORTS_TO_ALL = 'ec2-security-group-opens-all-ports-to-all'
|
||||||
SECURITY_GROUP_OPENS_TCP_PORT_TO_ALL = 'ec2-security-group-opens-TCP-port-to-all'
|
SECURITY_GROUP_OPENS_TCP_PORT_TO_ALL = 'ec2-security-group-opens-TCP-port-to-all'
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
from enum import Enum
|
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.rule_name_enum import RuleNameEnum
|
||||||
|
|
||||||
|
|
||||||
class ELBRules(Enum):
|
class ELBRules(RuleNameEnum):
|
||||||
# Logging
|
# Logging
|
||||||
ELB_NO_ACCESS_LOGS = 'elb-no-access-logs'
|
ELB_NO_ACCESS_LOGS = 'elb-no-access-logs'
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
from enum import Enum
|
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.rule_name_enum import RuleNameEnum
|
||||||
|
|
||||||
|
|
||||||
class ELBv2Rules(Enum):
|
class ELBv2Rules(RuleNameEnum):
|
||||||
# Encryption
|
# Encryption
|
||||||
ELBV2_LISTENER_ALLOWING_CLEARTEXT = 'elbv2-listener-allowing-cleartext'
|
ELBV2_LISTENER_ALLOWING_CLEARTEXT = 'elbv2-listener-allowing-cleartext'
|
||||||
ELBV2_OLDER_SSL_POLICY = 'elbv2-older-ssl-policy'
|
ELBV2_OLDER_SSL_POLICY = 'elbv2-older-ssl-policy'
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
from enum import Enum
|
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.rule_name_enum import RuleNameEnum
|
||||||
|
|
||||||
|
|
||||||
class IAMRules(Enum):
|
class IAMRules(RuleNameEnum):
|
||||||
# Authentication/authorization
|
# Authentication/authorization
|
||||||
IAM_USER_NO_ACTIVE_KEY_ROTATION = 'iam-user-no-Active-key-rotation'
|
IAM_USER_NO_ACTIVE_KEY_ROTATION = 'iam-user-no-Active-key-rotation'
|
||||||
IAM_PASSWORD_POLICY_MINIMUM_LENGTH = 'iam-password-policy-minimum-length'
|
IAM_PASSWORD_POLICY_MINIMUM_LENGTH = 'iam-password-policy-minimum-length'
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
from enum import Enum
|
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.rule_name_enum import RuleNameEnum
|
||||||
|
|
||||||
|
|
||||||
class RDSRules(Enum):
|
class RDSRules(RuleNameEnum):
|
||||||
# Encryption
|
# Encryption
|
||||||
RDS_INSTANCE_STORAGE_NOT_ENCRYPTED = 'rds-instance-storage-not-encrypted'
|
RDS_INSTANCE_STORAGE_NOT_ENCRYPTED = 'rds-instance-storage-not-encrypted'
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
from enum import Enum
|
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.rule_name_enum import RuleNameEnum
|
||||||
|
|
||||||
|
|
||||||
class RedshiftRules(Enum):
|
class RedshiftRules(RuleNameEnum):
|
||||||
# Encryption
|
# Encryption
|
||||||
REDSHIFT_CLUSTER_DATABASE_NOT_ENCRYPTED = 'redshift-cluster-database-not-encrypted'
|
REDSHIFT_CLUSTER_DATABASE_NOT_ENCRYPTED = 'redshift-cluster-database-not-encrypted'
|
||||||
REDSHIFT_PARAMETER_GROUP_SSL_NOT_REQUIRED = 'redshift-parameter-group-ssl-not-required'
|
REDSHIFT_PARAMETER_GROUP_SSL_NOT_REQUIRED = 'redshift-parameter-group-ssl-not-required'
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
from enum import Enum
|
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.rule_name_enum import RuleNameEnum
|
||||||
|
|
||||||
|
|
||||||
class S3Rules(Enum):
|
class S3Rules(RuleNameEnum):
|
||||||
# Encryption
|
# Encryption
|
||||||
S3_BUCKET_ALLOWING_CLEARTEXT = 's3-bucket-allowing-cleartext'
|
S3_BUCKET_ALLOWING_CLEARTEXT = 's3-bucket-allowing-cleartext'
|
||||||
S3_BUCKET_NO_DEFAULT_ENCRYPTION = 's3-bucket-no-default-encryption'
|
S3_BUCKET_NO_DEFAULT_ENCRYPTION = 's3-bucket-no-default-encryption'
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
from enum import Enum
|
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.rule_name_enum import RuleNameEnum
|
||||||
|
|
||||||
|
|
||||||
class SESRules(Enum):
|
class SESRules(RuleNameEnum):
|
||||||
|
|
||||||
# Permissive policies
|
# Permissive policies
|
||||||
SES_IDENTITY_WORLD_SENDRAWEMAIL_POLICY = 'ses-identity-world-SendRawEmail-policy'
|
SES_IDENTITY_WORLD_SENDRAWEMAIL_POLICY = 'ses-identity-world-SendRawEmail-policy'
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
from enum import Enum
|
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.rule_name_enum import RuleNameEnum
|
||||||
|
|
||||||
|
|
||||||
class SNSRules(Enum):
|
class SNSRules(RuleNameEnum):
|
||||||
|
|
||||||
# Permissive policies
|
# Permissive policies
|
||||||
SNS_TOPIC_WORLD_SUBSCRIBE_POLICY = 'sns-topic-world-Subscribe-policy'
|
SNS_TOPIC_WORLD_SUBSCRIBE_POLICY = 'sns-topic-world-Subscribe-policy'
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
from enum import Enum
|
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.rule_name_enum import RuleNameEnum
|
||||||
|
|
||||||
|
|
||||||
class SQSRules(Enum):
|
class SQSRules(RuleNameEnum):
|
||||||
|
|
||||||
# Permissive policies
|
# Permissive policies
|
||||||
SQS_QUEUE_WORLD_SENDMESSAGE_POLICY = 'sqs-queue-world-SendMessage-policy'
|
SQS_QUEUE_WORLD_SENDMESSAGE_POLICY = 'sqs-queue-world-SendMessage-policy'
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
from enum import Enum
|
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.rule_name_enum import RuleNameEnum
|
||||||
|
|
||||||
|
|
||||||
class VPCRules(Enum):
|
class VPCRules(RuleNameEnum):
|
||||||
# Logging
|
# Logging
|
||||||
SUBNET_WITHOUT_FLOW_LOG = 'vpc-subnet-without-flow-log'
|
SUBNET_WITHOUT_FLOW_LOG = 'vpc-subnet-without-flow-log'
|
||||||
|
|
||||||
|
|
|
@ -12,6 +12,7 @@ from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.elbv2_rul
|
||||||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.iam_rules import IAMRules
|
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.iam_rules import IAMRules
|
||||||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.rds_rules import RDSRules
|
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.rds_rules import RDSRules
|
||||||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.redshift_rules import RedshiftRules
|
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.redshift_rules import RedshiftRules
|
||||||
|
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.rule_name_enum import RuleNameEnum
|
||||||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.s3_rules import S3Rules
|
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.s3_rules import S3Rules
|
||||||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.ses_rules import SESRules
|
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.ses_rules import SESRules
|
||||||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.sns_rules import SNSRules
|
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.sns_rules import SNSRules
|
||||||
|
@ -23,7 +24,7 @@ from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.vpc_rules
|
||||||
class ScoutSuiteFindingMap(ABC):
|
class ScoutSuiteFindingMap(ABC):
|
||||||
@property
|
@property
|
||||||
@abstractmethod
|
@abstractmethod
|
||||||
def rules(self) -> List[EC2Rules]:
|
def rules(self) -> List[RuleNameEnum]:
|
||||||
pass
|
pass
|
||||||
|
|
||||||
@property
|
@property
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
from abc import ABC, abstractmethod
|
from abc import ABC, abstractmethod
|
||||||
from enum import Enum
|
from enum import Enum, EnumMeta
|
||||||
from typing import List
|
from typing import List
|
||||||
|
|
||||||
from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import FINDINGS, SERVICES, SERVICE_TYPES
|
from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import FINDINGS, SERVICES, SERVICE_TYPES
|
||||||
|
@ -14,7 +14,7 @@ class AbstractRulePathCreator(ABC):
|
||||||
|
|
||||||
@property
|
@property
|
||||||
@abstractmethod
|
@abstractmethod
|
||||||
def supported_rules(self) -> List:
|
def supported_rules(self) -> EnumMeta:
|
||||||
pass
|
pass
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
|
|
Loading…
Reference in New Issue