Skip to content
This repository has been archived by the owner on Jun 5, 2023. It is now read-only.

Improve the Violation Identifier Fix (1.0) #1002

Merged
merged 2 commits into from
Jan 25, 2018
Merged

Improve the Violation Identifier Fix (1.0) #1002

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
67795de
improve the violation identifier fix
blueandgold Jan 25, 2018
b021864
fix test
blueandgold Jan 25, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 1 addition & 1 deletion google/cloud/security/scanner/audit/bigquery_rules_engine.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -248,7 +248,7 @@ def find_policy_violations(self, bigquery_acl):
if should_raise_violation:
yield self.RuleViolation(
resource_type='bigquery_dataset',
resource_id=bigquery_acl.project_id,
resource_id=bigquery_acl.dataset_id,
rule_name=self.rule_name,
rule_index=self.rule_index,
violation_type='BIGQUERY_VIOLATION',
Expand Down
8 changes: 5 additions & 3 deletions google/cloud/security/scanner/audit/buckets_rules_engine.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -231,15 +231,16 @@ def find_policy_violations(self, bucket_acl):
if should_raise_violation:
yield self.RuleViolation(
resource_type='bucket',
resource_id=bucket_acl.project_number,
resource_id=bucket_acl.bucket,
rule_name=self.rule_name,
rule_index=self.rule_index,
violation_type='BUCKET_VIOLATION',
role=bucket_acl.role,
entity=bucket_acl.entity,
email=bucket_acl.email,
domain=bucket_acl.domain,
bucket=bucket_acl.bucket)
bucket=bucket_acl.bucket,
project_number=bucket_acl.project_number)

# Rule violation.
# resource_type: string
Expand All @@ -255,4 +256,5 @@ def find_policy_violations(self, bucket_acl):
RuleViolation = namedtuple('RuleViolation',
['resource_type', 'resource_id', 'rule_name',
'rule_index', 'violation_type', 'role',
'entity', 'email', 'domain', 'bucket'])
'entity', 'email', 'domain', 'bucket',
'project_number'])
2 changes: 1 addition & 1 deletion google/cloud/security/scanner/audit/cloudsql_rules_engine.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -225,7 +225,7 @@ def find_policy_violations(self, cloudsql_acl):
if should_raise_violation:
yield self.RuleViolation(
resource_type='cloudsql',
resource_id=cloudsql_acl.project_number,
resource_id=cloudsql_acl.instance_name,
rule_name=self.rule_name,
rule_index=self.rule_index,
violation_type='CLOUD_SQL_VIOLATION',
Expand Down
3 changes: 2 additions & 1 deletion google/cloud/security/scanner/audit/instance_network_interface_rules_engine.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -237,6 +237,7 @@ def find_violations(self, instance_network_interface_list):
if 'natIP' in config]
yield self.RuleViolation(
resource_type='instance',
resource_id=instance_network_interface.name,
rule_name=self.rule_name,
rule_index=self.rule_index,
violation_type='INSTANCE_NETWORK_INTERFACE_VIOLATION',
Expand All @@ -254,6 +255,6 @@ def find_violations(self, instance_network_interface_list):
# network: string
# ip: string
RuleViolation = namedtuple('RuleViolation',
['resource_type', 'rule_name',
['resource_type', 'resource_id', 'rule_name',
'rule_index', 'violation_type', 'project',
'network', 'ip', 'raw_data'])
2 changes: 1 addition & 1 deletion google/cloud/security/scanner/scanners/bigquery_scanner.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ def _flatten_violations(violations):
violation_data['access_group_by_email'] = violation.group_email
violation_data['role'] = violation.role
yield {
'resource_id': violation.dataset_id,
'resource_id': violation.resource_id,
'resource_type': violation.resource_type,
'rule_index': violation.rule_index,
'rule_name': violation.rule_name,
Expand Down
3 changes: 2 additions & 1 deletion google/cloud/security/scanner/scanners/bucket_rules_scanner.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,8 +65,9 @@ def _flatten_violations(violations):
violation_data['email'] = violation.email
violation_data['domain'] = violation.domain
violation_data['bucket'] = violation.bucket
violation_data['project_number'] = violation.project_number
yield {
'resource_id': violation.bucket,
'resource_id': violation.resource_id,
'resource_type': violation.resource_type,
'rule_index': violation.rule_index,
'rule_name': violation.rule_name,
Expand Down
2 changes: 1 addition & 1 deletion google/cloud/security/scanner/scanners/cloudsql_rules_scanner.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ def _flatten_violations(violations):
violation.authorized_networks
violation_data['ssl_enabled'] = violation.ssl_enabled
yield {
'resource_id': violation.instance_name,
'resource_id': violation.resource_id,
'resource_type': violation.resource_type,
'rule_index': violation.rule_index,
'rule_name': violation.rule_name,
Expand Down
2 changes: 1 addition & 1 deletion google/cloud/security/scanner/scanners/instance_network_interface_scanner.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ def _flatten_violations(violations):
violation_data['ip'] = violation.ip
violation_data['raw_data'] = violation.raw_data
yield {
'resource_id': violation.project,
'resource_id': violation.resource_id,
'resource_type': violation.resource_type,
'rule_index': violation.rule_index,
'rule_name': violation.rule_name,
Expand Down
2 changes: 1 addition & 1 deletion tests/scanner/test_data/fake_bigquery_scanner_data.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,4 +38,4 @@
}
]

BIGQUERY_EXPECTED_VIOLATION_LIST = [Rule.RuleViolation(domain='', resource_id='12345678', special_group='', group_email='', rule_name='BigQuery test rule', role='OWNER', user_email='user@mockedexample.com', rule_index=0, dataset_id='xza', violation_type='BIGQUERY_VIOLATION', resource_type='bigquery_dataset'), Rule.RuleViolation(domain='', resource_id='12345678', special_group='', group_email='', rule_name='BigQuery test rule', role='OWNER', user_email='user1@mockedexample.com', rule_index=0, dataset_id='xza', violation_type='BIGQUERY_VIOLATION', resource_type='bigquery_dataset')]
BIGQUERY_EXPECTED_VIOLATION_LIST = [Rule.RuleViolation(domain='', resource_id='xza', special_group='', group_email='', rule_name='BigQuery test rule', role='OWNER', user_email='user@mockedexample.com', rule_index=0, dataset_id='xza', violation_type='BIGQUERY_VIOLATION', resource_type='bigquery_dataset'), Rule.RuleViolation(domain='', resource_id='xza', special_group='', group_email='', rule_name='BigQuery test rule', role='OWNER', user_email='user1@mockedexample.com', rule_index=0, dataset_id='xza', violation_type='BIGQUERY_VIOLATION', resource_type='bigquery_dataset')]