1. Advisor
  2. parliament
  3. functions
  4. parliament.finding.severity.LOW
View all parliament analysis

How to use the parliament.finding.severity.LOW function in parliament

To help you get started, we’ve selected a few parliament examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github duo-labs / cloudmapper / parliament / policy.py View on Github external
)
            return False
        self.version = self.policy_json["Version"]

        if self.version not in ["2012-10-17", "2008-10-17"]:
            self.add_finding(
                "Unknown Version used. Version must be either 2012-10-17 or 2008-10-17",
                severity.INVALID,
                location={"string": self.version},
            )
        elif self.version != "2012-10-17":
            # TODO I should have a check so that if an older version is being used,
            # and a variable is detected, it should be marked as higher severity.
            self.add_finding(
                "Older version used. Variables will not be allowed.",
                severity.LOW,
                location={"string": self.version},
            )

        # Check Statements
        if "Statement" not in self.policy_json:
            self.add_finding(
                "Policy does not contain a Statement element", severity.MALFORMED
            )
            return False
        stmts_json = make_list(self.policy_json["Statement"])
        for stmt_json in stmts_json:
            stmt = Statement(stmt_json)
            self.statements.append(stmt)

        if not self.is_valid:
            # Do not continue. Further checks will not work with invalid statements.
github duo-labs / cloudmapper / parliament / policy.py View on Github external
def check_bucket_privesc(refs, bucket_privilege, object_privilege):
            # If the bucket privilege exists for a bucket, but not the object privilege for objects
            # in that bucket then the bucket privilege can be abused to get that object privilege
            for resource in refs[bucket_privilege]:
                if not (
                    resource in refs[object_privilege]
                    or resource + "/*" in refs[object_privilege]
                ):
                    self.add_finding(
                        "Possible resource policy privilege escalation on {} due to s3:{} not being allowed, but does allow s3:{}".format(
                            resource, object_privilege, bucket_privilege
                        ),
                        severity.LOW,
                        location={},
                    )

parliament

parliament audits your AWS IAM policies

GitHub
BSD-3-Clause
Latest version published 2 months ago

Package Health Score

83 / 100
Full package analysis

Popular parliament functions

Similar packages