This repository has been archived by the owner on May 24, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathscanner.py
148 lines (134 loc) · 5.77 KB
/
scanner.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
import sys
import os
import requests
import json
import argparse
def optionA(access,access2,access3, grade):
for data in access:
rules = data['relationships']
ruledata = rules['rule']
rulelist = ruledata['data']
aruleid = rulelist['id']
attributes = data['attributes']
rulename = attributes["rule-title"]
category = attributes['status']
message = attributes['message']
risk = attributes['risk-level']
info = data["id"]
if category == grade:
for data in access2:
relationship = data['relationships']
rules = relationship['rules']
identifier = rules['data']
attributes = data['attributes']
provider = attributes['provider']
awsservice = attributes['name']
for data in access3:
ruleid = data['id']
html = data['knowledge-base-html']
for data in identifier:
rulenum = data['id']
if aruleid == rulenum:
if aruleid == ruleid:
if ruleid == rulenum:
test = ( "https://www.cloudconformity.com/knowledge-base/" + provider + "/" + awsservice + "/" + html + ".html")
#print(ruleid)
print("\n", aruleid, "\n", rulename,"\n", category,"\n", message,"\n", risk,"\n", info, "\n", test)
def optionG(access,access2,access3, desired_risk):
for data in access:
rules = data['relationships']
ruledata = rules['rule']
rulelist = ruledata['data']
aruleid = rulelist['id']
attributes = data['attributes']
rulename = attributes["rule-title"]
category = attributes['status']
message = attributes['message']
risk = attributes['risk-level']
info = data["id"]
if category == "FAILURE":
if risk == desired_risk:
for data in access2:
relationship = data['relationships']
rules = relationship['rules']
identifier = rules['data']
attributes = data['attributes']
provider = attributes['provider']
awsservice = attributes['name']
for data in access3:
ruleid = data['id']
html = data['knowledge-base-html']
for data in identifier:
rulenum = data['id']
if aruleid == rulenum:
if aruleid == ruleid:
if ruleid == rulenum:
test = ( "https://www.cloudconformity.com/knowledge-base/" + provider + "/" + awsservice + "/" + html + ".html")
#print(ruleid)
print("\n", aruleid, "\n", rulename,"\n", category,"\n", message,"\n", risk,"\n", info, "\n", test)
def main():
# create cli argument for filepath
parser = argparse.ArgumentParser(description='Scan a CFT Template')
parser.add_argument("--scan",
choices=["all", "fail", "extreme", "veryhigh", "high", "medium", "low", "default"],
required=True, type=str, help="Filter your Scan by Severity")
parser.add_argument(dest="cloudformationtemp", help="specify file path")
args = parser.parse_args()
cloudformationtemp = args.cloudformationtemp
scan = args.scan
# set Environment variable.
api= os.environ.get('apiKey')
#API connection for CC
endpoint = 'https://us-west-2-api.cloudconformity.com'
url = endpoint+'/v1/template-scanner/scan'
url2 = endpoint+'/v1/services'
headers = {
'Content-Type': 'application/vnd.api+json',
'Authorization': api
}
#open file and print contents.
try:
contents = open(cloudformationtemp, 'r').read()
except ValueError:
print("Template Scanner could not process your template...")
sys.exit()
payload = {
'data': {
'attributes': {
'type': 'cloudformation-template',
'contents': contents
}
}
}
# post method
resp = requests.post(url, headers=headers, data=json.dumps(payload))
TurnResponsetoString = json.dumps(resp.json(), indent=2, sort_keys=True)
formResponse = json.loads(TurnResponsetoString)
# get method
response = requests.get(url2,headers=headers)
formatResponse = json.dumps(response.json(), indent=3, sort_keys=False)
results = json.loads(formatResponse)
# key for post call
access = formResponse['data']
# keys for get call
access2 = results['data']
access3 = results['included']
if scan == "all":
optionA(access,access2,access3, "SUCCESS")
optionA(access,access2,access3, "FAILURE")
elif scan == "fail":
optionA(access,access2,access3, "FAILURE")
elif scan == "extreme":
optionG(access,access2,access3, "EXTREME")
elif scan == "veryhigh":
optionG(access,access2,access3, "VERY_HIGH")
elif scan == "high":
optionG(access,access2,access3, "HIGH")
elif scan == "medium":
optionG(access,access2,access3, "MEDIUM")
elif scan == "low":
optionG(access,access2,access3, "LOW")
elif scan == "default":
print(TurnResponsetoString)
if __name__ =="__main__":
main()