Fix S3CrossAccountTrustRule granularity, rename s3_bucket_policy, add… (

#87) * Fix S3CrossAccountTrustRule granularity, rename s3_bucket_policy, add changelog to docs * Bump version
Skyscanner · Dec 17, 2019 · 24cf2dd · 24cf2dd
1 parent b009f32
commit 24cf2dd
Show file tree

Hide file tree

Showing 8 changed files with 14 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,13 @@
 # Changelog
 All notable changes to this project will be documented in this file.
 
+## [0.11.3] - 2019-12-17
+### Improvements
+- `S3CrossAccountTrustRule` now accepts resource level exceptions
+- New documentation!
+### Breaking changes
+- `cfripper.rules.s3_bucked_policy` renamed to `cfripper.rules.s3_bucket_policy` (typo)
+
 ## [0.11.2] - 2019-11-26
 ### Fixes
 - Fix `get_template` when AWS doesn't return a dict.

diff --git a/cfripper/rules/__init__.py b/cfripper/rules/__init__.py
@@ -22,7 +22,7 @@
 from cfripper.rules.managed_policy_on_user import *  # noqa: F403
 from cfripper.rules.policy_on_user import *  # noqa: F403
 from cfripper.rules.privilege_escalation import *  # noqa: F403
-from cfripper.rules.s3_bucked_policy import *  # noqa: F403
+from cfripper.rules.s3_bucket_policy import *  # noqa: F403
 from cfripper.rules.s3_public_access import *  # noqa: F403
 from cfripper.rules.security_group import *  # noqa: F403
 from cfripper.rules.sns_topic_policy_not_principal import *  # noqa: F403

diff --git a/cfripper/rules/cross_account_trust.py b/cfripper/rules/cross_account_trust.py
@@ -35,6 +35,8 @@ class CrossAccountCheckingRule(PrincipalCheckingRule):
     This class provides common methods used to detect access permissions from other accounts
     """
 
+    GRANULARITY = RuleGranularity.RESOURCE
+
     @property
     def valid_principals(self) -> Set[str]:
         if self._valid_principals is None:
@@ -86,7 +88,6 @@ class CrossAccountTrustRule(CrossAccountCheckingRule):
 
     REASON = "{} has forbidden cross-account trust relationship with {}"
     ROOT_PATTERN = re.compile(REGEX_CROSS_ACCOUNT_ROOT)
-    GRANULARITY = RuleGranularity.RESOURCE
 
     def invoke(self, cfmodel):
         for logical_id, resource in cfmodel.Resources.items():

diff --git a/cfripper/rules/s3_bucked_policy.py → cfripper/rules/s3_bucket_policy.py b/cfripper/rules/s3_bucked_policy.py → cfripper/rules/s3_bucket_policy.py
diff --git a/docs/changelog.md b/docs/changelog.md
@@ -0,0 +1 @@
+../CHANGELOG.md
diff --git a/mkdocs.yml b/mkdocs.yml
@@ -13,6 +13,7 @@ repo_url: https://github.com/Skyscanner/cfripper
 nav:
   - Home: index.md
   - Rules: rules.md
+  - Changelog: changelog.md
   - Contributing: contributing.md
   - Code of conduct: code_of_conduct.md
 

diff --git a/setup.py b/setup.py
@@ -27,7 +27,7 @@
 
 setup(
     name="cfripper",
-    version="0.11.2",
+    version="0.11.3",
     author="Skyscanner Product Security",
     author_email="security@skyscanner.net",
     long_description=long_description,

diff --git a/tests/rules/test_S3BucketPolicyWildcardActionRule.py b/tests/rules/test_S3BucketPolicyWildcardActionRule.py
@@ -15,7 +15,7 @@
 import pytest
 
 from cfripper.model.result import Result
-from cfripper.rules.s3_bucked_policy import S3BucketPolicyWildcardActionRule
+from cfripper.rules.s3_bucket_policy import S3BucketPolicyWildcardActionRule
 from tests.utils import get_cfmodel_from