[aws][feat] Add searching instances also by region and make SEVERITY_MAPPING statically (#2272)

1101-1 · web-flow · commit c22f979ff314 · 2024-11-01T13:40:54.000+01:00
diff --git a/fixlib/fixlib/baseresources.py b/fixlib/fixlib/baseresources.py
@@ -263,6 +263,15 @@ class Finding:
     details: Optional[Json] = None
 
 
+SEVERITY_MAPPING = {
+    "INFORMATIONAL": Severity.info,
+    "LOW": Severity.low,
+    "MEDIUM": Severity.medium,
+    "HIGH": Severity.high,
+    "CRITICAL": Severity.critical,
+}
+
+
 @define(slots=True)
 class Assessment:
     # The provider of the security assessment
diff --git a/plugins/aws/fix_plugin_aws/resource/ec2.py b/plugins/aws/fix_plugin_aws/resource/ec2.py
@@ -1412,8 +1412,9 @@ class AwsEc2Instance(EC2Taggable, AwsResource, BaseInstance):
     def collect_resources(cls, builder: GraphBuilder) -> None:
         super().collect_resources(builder)
         ec2_instance_types = set()
-        for instance in builder.nodes(clazz=AwsEc2Instance):
-            ec2_instance_types.add(instance.instance_type)
+        for instance in builder.nodes(clazz=AwsEc2Instance, _region=builder.region):
+            if instance.instance_type:
+                ec2_instance_types.add(instance.instance_type)
         if ec2_instance_types:
             builder.submit_work(
                 service_name, AwsEc2InstanceType.collect_resource_types, builder, list(ec2_instance_types)
diff --git a/plugins/aws/fix_plugin_aws/resource/inspector.py b/plugins/aws/fix_plugin_aws/resource/inspector.py
@@ -10,7 +10,7 @@
 from fix_plugin_aws.resource.ec2 import AwsEc2Instance
 from fix_plugin_aws.resource.ecr import AwsEcrRepository
 from fix_plugin_aws.resource.lambda_ import AwsLambdaFunction
-from fixlib.baseresources import PhantomBaseResource, Severity, Finding
+from fixlib.baseresources import SEVERITY_MAPPING, PhantomBaseResource, Severity, Finding
 from fixlib.json_bender import Bender, S, ForallBend, Bend, F
 from fixlib.types import Json
 
@@ -105,18 +105,11 @@ class AwsInspectorFinding(AwsResource, PhantomBaseResource):
     updated_at: Optional[datetime] = field(default=None, metadata={"description": "The date and time the finding was last updated at."})  # fmt: skip
 
     def parse_finding(self, source: Json) -> Finding:
-        severity_mapping = {
-            "INFORMATIONAL": Severity.info,
-            "LOW": Severity.low,
-            "MEDIUM": Severity.medium,
-            "HIGH": Severity.high,
-            "CRITICAL": Severity.critical,
-        }
         finding_title = self.safe_name
         if not self.finding_severity:
             finding_severity = Severity.medium
         else:
-            finding_severity = severity_mapping.get(self.finding_severity, Severity.medium)
+            finding_severity = SEVERITY_MAPPING.get(self.finding_severity, Severity.medium)
         description = self.description
         remediation = ""
         if self.remediation and self.remediation.recommendation:
diff --git a/plugins/aws/test/resources/files/ec2/describe-instance-types__instance_type_mac2_metal_m4_large.json b/plugins/aws/test/resources/files/ec2/describe-instance-types__instance_type_mac2_metal_m4_large.json
@@ -0,0 +1,128 @@
+{
+    "InstanceTypes": [
+        {
+            "InstanceType": "m4.large",
+            "CurrentGeneration": true,
+            "FreeTierEligible": false,
+            "SupportedUsageClasses": [
+                "on-demand",
+                "spot"
+            ],
+            "SupportedRootDeviceTypes": [
+                "ebs"
+            ],
+            "SupportedVirtualizationTypes": [
+                "hvm"
+            ],
+            "BareMetal": false,
+            "Hypervisor": "nitro",
+            "ProcessorInfo": {
+                "SupportedArchitectures": [
+                    "x86_64"
+                ],
+                "SustainedClockSpeedInGhz": 3.5
+            },
+            "VCpuInfo": {
+                "DefaultVCpus": 8,
+                "DefaultCores": 4,
+                "DefaultThreadsPerCore": 2,
+                "ValidCores": [
+                    2,
+                    4
+                ],
+                "ValidThreadsPerCore": [
+                    1,
+                    2
+                ]
+            },
+            "MemoryInfo": {
+                "SizeInMiB": 16384
+            },
+            "InstanceStorageSupported": false,
+            "InstanceStorageInfo": {
+                "EbsInfo": {
+                    "EbsStorageSupported": false,
+                    "EbsStorageInfo": {
+                        "VolumeTypes": [
+                            "standard"
+                        ],
+                        "VolumeSizeInGiBMin": 1,
+                        "VolumeSizeInGiBMax": 1024
+                    }
+                },
+                "InstanceStorageSupported": false,
+                "InstanceStorageInfo": {
+                    "VolumeTypes": [
+                        "standard"
+                    ],
+                    "VolumeSizeInGiBMin": 1,
+                    "VolumeSizeInGiBMax": 1024
+                }
+            },
+            "GpuInfo": {
+                "GPUsSupported": false,
+                "GPUSupported": false,
+                "GPUSupportedOnDemand": false,
+                "GPUSupportedSpot": false
+            },
+            "FpgaInfo": {
+                "FPGAsSupported": false,
+                "FPGASupported": false,
+                "FPGASupportedOnDemand": false,
+                "FPGASupportedSpot": false
+            },
+            "InferenceAcceleratorInfo": {
+                "InferenceAcceleratorsSupported": false,
+                "InferenceAcceleratorsSupportedOnDemand": false,
+                "InferenceAcceleratorsSupportedSpot": false
+            },
+            "EbsInfo": {
+                "EbsOptimizedSupport": "default",
+                "EncryptionSupport": "supported",
+                "EbsOptimizedInfo": {
+                    "BaselineBandwidthInMbps": 2500,
+                    "BaselineThroughputInMBps": 312.5,
+                    "BaselineIops": 12000,
+                    "MaximumBandwidthInMbps": 10000,
+                    "MaximumThroughputInMBps": 1250,
+                    "MaximumIops": 40000
+                },
+                "NvmeSupport": "required"
+            },
+            "NetworkInfo": {
+                "NetworkPerformance": "Up to 12.5 Gigabit",
+                "MaximumNetworkInterfaces": 4,
+                "MaximumNetworkCards": 1,
+                "DefaultNetworkCardIndex": 0,
+                "NetworkCards": [
+                    {
+                        "NetworkCardIndex": 0,
+                        "NetworkPerformance": "Up to 12.5 Gigabit",
+                        "MaximumNetworkInterfaces": 4
+                    }
+                ],
+                "Ipv4AddressesPerInterface": 15,
+                "Ipv6AddressesPerInterface": 15,
+                "Ipv6Supported": true,
+                "EnaSupport": "required",
+                "EfaSupported": false,
+                "EncryptionInTransitSupported": true
+            },
+            "PlacementGroupInfo": {
+                "SupportedStrategies": [
+                    "cluster",
+                    "partition",
+                    "spread"
+                ]
+            },
+            "HibernationSupported": false,
+            "BurstablePerformanceSupported": false,
+            "DedicatedHostsSupported": true,
+            "AutoRecoverySupported": true,
+            "SupportedBootModes": [
+                "legacy-bios",
+                "uefi"
+            ]
+        }
+    ]
+}
