[aws][feat] Add collection of Inspector resource (#2242)

Co-authored-by: Matthias Veit <matthias_veit@yahoo.de>

Author: 1101-1

plugins/aws/fix_plugin_aws/collector.py

@@ -49,6 +49,7 @@
     backup,
     bedrock,
     scp,
+    inspector,
 )
 from fix_plugin_aws.resource.base import (
     AwsAccount,
@@ -117,6 +118,7 @@
     + backup.resources
     + amazonq.resources
     + bedrock.resources
+    + inspector.resources
 )
 all_resources: List[Type[AwsResource]] = global_resources + regional_resources
 

plugins/aws/fix_plugin_aws/resource/backup.py

@@ -175,7 +175,7 @@ class AwsBackupProtectedResource(AwsResource):
     }
     api_spec: ClassVar[AwsApiSpec] = AwsApiSpec("backup", "list-protected-resources", "Results")
     mapping: ClassVar[Dict[str, Bender]] = {
-        "id": S("ResourceArn") >> F(lambda arn: arn.rsplit("/")[1]),
+        "id": S("ResourceArn") >> F(AwsResource.id_from_arn),
         "name": S("ResourceName"),
         "resource_arn": S("ResourceArn"),
         "resource_type": S("ResourceType"),

plugins/aws/fix_plugin_aws/resource/inspector.py

@@ -34,8 +34,8 @@ def count_kind(clazz: Type[AwsResource]) -> int:
     # make sure all threads have been joined
     assert len(threading.enumerate()) == 1
     # ensure the correct number of nodes and edges
-    assert count_kind(AwsResource) == 261
-    assert len(account_collector.graph.edges) == 575
+    assert count_kind(AwsResource) == 262
+    assert len(account_collector.graph.edges) == 577
     assert len(account_collector.graph.deferred_edges) == 2
     for node in account_collector.graph.nodes:
         if isinstance(node, AwsRegion):

plugins/aws/test/collector_test.py

@@ -0,0 +1,237 @@
+{
+    "findings": [
+        {
+            "awsAccountId": "foo",
+            "codeVulnerabilityDetails": {
+            "cwes": [
+                "foo",
+                "foo",
+                "foo"
+            ],
+            "detectorId": "foo",
+            "detectorName": "foo",
+            "detectorTags": [
+                "foo",
+                "foo",
+                "foo"
+            ],
+            "filePath": {
+                "endLine": 123,
+                "fileName": "foo",
+                "filePath": "foo",
+                "startLine": 123
+            },
+            "referenceUrls": [
+                "foo",
+                "foo",
+                "foo"
+            ],
+            "ruleId": "foo",
+            "sourceLambdaLayerArn": "foo"
+            },
+            "description": "foo",
+            "epss": {
+            "score": 1.234
+            },
+            "exploitAvailable": "NO",
+            "exploitabilityDetails": {
+            "lastKnownExploitAt": "2024-10-14T18:00:11Z"
+            },
+            "findingArn": "foo",
+            "firstObservedAt": "2024-10-14T18:00:11Z",
+            "fixAvailable": "NO",
+            "inspectorScore": 1.234,
+            "inspectorScoreDetails": {
+            "adjustedCvss": {
+                "adjustments": [
+                {
+                    "metric": "foo",
+                    "reason": "foo"
+                },
+                {
+                    "metric": "foo",
+                    "reason": "foo"
+                },
+                {
+                    "metric": "foo",
+                    "reason": "foo"
+                }
+                ],
+                "cvssSource": "foo",
+                "score": 1.234,
+                "scoreSource": "foo",
+                "scoringVector": "foo",
+                "version": "foo"
+            }
+            },
+            "lastObservedAt": "2024-10-14T18:00:11Z",
+            "networkReachabilityDetails": {
+            "networkPath": {
+                "steps": [
+                {
+                    "componentId": "foo",
+                    "componentType": "foo"
+                },
+                {
+                    "componentId": "foo",
+                    "componentType": "foo"
+                },
+                {
+                    "componentId": "foo",
+                    "componentType": "foo"
+                }
+                ]
+            },
+            "openPortRange": {
+                "begin": 123,
+                "end": 123
+            },
+            "protocol": "UDP"
+            },
+            "packageVulnerabilityDetails": {
+            "cvss": [
+                {
+                "baseScore": 1.234,
+                "scoringVector": "foo",
+                "source": "foo",
+                "version": "foo"
+                },
+                {
+                "baseScore": 1.234,
+                "scoringVector": "foo",
+                "source": "foo",
+                "version": "foo"
+                },
+                {
+                "baseScore": 1.234,
+                "scoringVector": "foo",
+                "source": "foo",
+                "version": "foo"
+                }
+            ],
+            "referenceUrls": [
+                "foo",
+                "foo",
+                "foo"
+            ],
+            "relatedVulnerabilities": [
+                "foo",
+                "foo",
+                "foo"
+            ],
+            "source": "foo",
+            "sourceUrl": "https://example.com",
+            "vendorCreatedAt": "2024-10-14T18:00:11Z",
+            "vendorSeverity": "foo",
+            "vendorUpdatedAt": "2024-10-14T18:00:11Z",
+            "vulnerabilityId": "foo",
+            "vulnerablePackages": [
+                {
+                "arch": "foo",
+                "epoch": 123,
+                "filePath": "foo",
+                "fixedInVersion": "foo",
+                "name": "foo",
+                "packageManager": "CARGO",
+                "release": "foo",
+                "remediation": "foo",
+                "sourceLambdaLayerArn": "foo",
+                "sourceLayerHash": "foo",
+                "version": "foo"
+                }
+            ]
+            },
+            "remediation": {
+            "recommendation": {
+                "Url": "https://example.com",
+                "text": "foo"
+            }
+            },
+            "resources": [
+            {
+                "details": {
+                "awsEc2Instance": {
+                    "iamInstanceProfileArn": "foo",
+                    "imageId": "foo",
+                    "ipV4Addresses": [
+                    "foo",
+                    "foo",
+                    "foo"
+                    ],
+                    "ipV6Addresses": [
+                    "foo",
+                    "foo",
+                    "foo"
+                    ],
+                    "keyName": "foo",
+                    "launchedAt": "2024-10-14T18:00:11Z",
+                    "platform": "foo",
+                    "subnetId": "foo",
+                    "type": "foo",
+                    "vpcId": "foo"
+                },
+                "awsEcrContainerImage": {
+                    "architecture": "foo",
+                    "author": "foo",
+                    "imageHash": "foo",
+                    "imageTags": [
+                    "foo",
+                    "foo",
+                    "foo"
+                    ],
+                    "platform": "foo",
+                    "pushedAt": "2024-10-14T18:00:11Z",
+                    "registry": "foo",
+                    "repositoryName": "foo"
+                },
+                "awsLambdaFunction": {
+                    "architectures": [
+                    "ARM64",
+                    "ARM64",
+                    "ARM64"
+                    ],
+                    "codeSha256": "foo",
+                    "executionRoleArn": "foo",
+                    "functionName": "foo",
+                    "lastModifiedAt": "2024-10-14T18:00:11Z",
+                    "layers": [
+                    "foo",
+                    "foo",
+                    "foo"
+                    ],
+                    "packageType": "ZIP",
+                    "runtime": "NODEJS_12_X",
+                    "version": "foo",
+                    "vpcConfig": {
+                    "securityGroupIds": [
+                        "foo",
+                        "foo",
+                        "foo"
+                    ],
+                    "subnetIds": [
+                        "foo",
+                        "foo",
+                        "foo"
+                    ],
+                    "vpcId": "foo"
+                    }
+                }
+                },
+                "id": "foo",
+                "partition": "foo",
+                "region": "foo",
+                "tags": {
+                "0": "foo"
+                },
+                "type": "AWS_ECR_CONTAINER_IMAGE"
+            }
+            ],
+            "severity": "LOW",
+            "status": "SUPPRESSED",
+            "title": "foo",
+            "type": "PACKAGE_VULNERABILITY",
+            "updatedAt": "2024-10-14T18:00:11Z"
+        }
+    ],
+    "nextToken": "foo"
+}

plugins/aws/test/resources/files/inspector2/list-findings__EQUALS_test.json

@@ -0,0 +1,6 @@
+from fix_plugin_aws.resource.inspector import AwsInspectorFinding
+from test.resources import round_trip_for
+
+
+def test_inspector_findings() -> None:
+    round_trip_for(AwsInspectorFinding)

plugins/aws/test/resources/inspector_test.py

@@ -239,6 +239,8 @@ def process_shape_items(shape_items: List[Tuple[Any, Any]], prop_prefix: str, cl
     elif isinstance(shape, StringShape):
         return []
     elif isinstance(shape, ListShape):
+        if isinstance(shape.member, StringShape):
+            return []
         process_shape_items(shape.member.members.items(), prop_prefix, clazz_name)
     else:
         if getattr(shape, "members", None) is None:
@@ -280,7 +282,7 @@ def create_test_response(service: str, function: str, is_pascal: bool = False) -
 
     def sample(shape: Shape) -> JsonElement:
         if isinstance(shape, StringShape) and shape.enum:
-            return shape.enum[1]
+            return shape.enum[-1]
         elif isinstance(shape, StringShape) and "8601" in shape.documentation:
             return utc_str()
         elif isinstance(shape, StringShape) and "URL" in shape.documentation:
@@ -983,12 +985,21 @@ def default_imports() -> str:
         #     prefix="Bedrock",
         # )
     ],
+    "inspector2": [
+        # Findings
+        AwsFixModel(
+            api_action="list-findings",
+            result_property="findings",
+            result_shape="ListFindingsResponse",
+            prefix="InspectorV2",
+        ),
+    ],
 }
 
 
 if __name__ == "__main__":
     """print some test data"""
-    print(json.dumps(create_test_response("bedrock-agent", "get-knowledge-base"), indent=2))
+    # print(json.dumps(create_test_response("inspector2", "list-coverage"), indent=2))
 
     """print the class models"""
     # print(default_imports())