Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* - Refactoring evaluation to new form using functions that keep inline with Rust lifetimes. Ensuring that values from rules files (literals) can be used alongside values from payload consistently. This make query evaluation more efficient, allows for caching behavior for queries themselves to be introduced in addition to variables. - Added all unit tests for existing query evaluation back for the new evaluation model. - Brought consistency with evaluations where some values were retrieved and others had retrieve failures. Introduced a QueryResult that correctly captured this aspect. Allowed evaluations to take advantage of this result, which allowed to correctly test successfully values while reporting unsuccesful ones. - Added functionality to be able to filter values within a map directly. This allowed to use syntax `Resources[ Type == 'AWS::S3::Bucket' ]` instead of `Resources.*[ Type == 'AWS::S3::Bucket' ]`. This also paves the way to add key variable capture later like `Resource[ resource_name | Type == 'AWS::S3::Bucket' ]`. Then `resource_name` can be used as a variable in other evaluations - Ensured that all integration guard-examples testing works completely with the new evaluation engine. Introducing a new engine currently as an alternative engine that can be enabled using -n flag for validate and test for testing compatiblity in the field - Verbose graph for new engine event records got a facelift and produces very understandable ascii graphs that explains failures well. * Adding parsing for parameterized rules support. * Submitting next small cut * Adding more parser and eval logic * Adding first test sample successful run, Yay * 1. Fixed bug for eval_guard_clause end_record to file for error condition 2. Added support for CFN reporter to report with new engine as well 3. Added example for parameterized rule support * Moving context to mut * Migrated Tracker as well * Adding support for case conversations to test across tools * Adding variable capture along with parameterized rules * Added support for reporting variable names * Added testing for S3 buckets * Fixing equality clauses for correctly * Fix lhs when reading inside list * Fix in operator * - Added summary table - Exposed unresolved if there are none * - Fixed bug with LHS having embedded lists - Fixed display text to convey right value * - revert change for correct behavior TODO: Add variable resolution event * - Fix reporting and checks for in and eq operations when dealing with embedded lists on LHS in comparison with RHS * Adding SKIPs to context * Fix issue #186 * SKIP when there is no view projection * - Adding support for merge values - Adding support for serialization from Lambda * Changing Event Tracing * Minor fixes * Removing functional as it serves no purpose * - Adding support for String contains for in operation - Fixing rule for correctness * Added tests for "in" string contains * BlockClause entry for tracking * Fix for to being None * Fixed bug when performing filtering over all values * Exposing parameterized rules output and message * Adding support for same name rules for Config and CFN in the same file * Adding console reporter with improved messaging for checks * Output fix * Added support for run tests from root directory based on convention * Make handling literals consistent * Removing remanant literal handling * Adding new format for checks * Adding support for 'validate' to pick all guard files * Initial cut for built in support functions * - Next cut of builtin function support - fixing parse_string with escapes initial cut * Added support for embedded strings * Adding more built in functions * Adding traversal for JSON pointer based extraction * Minor warning fixes * CFN Awareness with auto-detection * Added single line with resource information * Few more mods * Improved reporting for CFN template driven by auto-detection * Fixed reporting failures * Bumping up version for Guard * - Fixed bug with reporting - Fixed testing * Support for Terraform plan files * - Fixing IN operation reporting - Adding code view propagation * Remove dead code * - Refactoring evaluation to new form using functions that keep inline with Rust lifetimes. Ensuring that values from rules files (literals) can be used alongside values from payload consistently. This make query evaluation more efficient, allows for caching behavior for queries themselves to be introduced in addition to variables. - Added all unit tests for existing query evaluation back for the new evaluation model. - Brought consistency with evaluations where some values were retrieved and others had retrieve failures. Introduced a QueryResult that correctly captured this aspect. Allowed evaluations to take advantage of this result, which allowed to correctly test successfully values while reporting unsuccesful ones. - Added functionality to be able to filter values within a map directly. This allowed to use syntax `Resources[ Type == 'AWS::S3::Bucket' ]` instead of `Resources.*[ Type == 'AWS::S3::Bucket' ]`. This also paves the way to add key variable capture later like `Resource[ resource_name | Type == 'AWS::S3::Bucket' ]`. Then `resource_name` can be used as a variable in other evaluations - Ensured that all integration guard-examples testing works completely with the new evaluation engine. Introducing a new engine currently as an alternative engine that can be enabled using -n flag for validate and test for testing compatiblity in the field - Verbose graph for new engine event records got a facelift and produces very understandable ascii graphs that explains failures well. * Adding parsing for parameterized rules support. * Submitting next small cut * Adding more parser and eval logic * Adding first test sample successful run, Yay * 1. Fixed bug for eval_guard_clause end_record to file for error condition 2. Added support for CFN reporter to report with new engine as well 3. Added example for parameterized rule support * Moving context to mut * Migrated Tracker as well * Adding support for case conversations to test across tools * Adding variable capture along with parameterized rules * Added support for reporting variable names * Added testing for S3 buckets * Fixing equality clauses for correctly * Fix lhs when reading inside list * Fix in operator * - Added summary table - Exposed unresolved if there are none * - Fixed bug with LHS having embedded lists - Fixed display text to convey right value * - revert change for correct behavior TODO: Add variable resolution event * - Fix reporting and checks for in and eq operations when dealing with embedded lists on LHS in comparison with RHS * Adding SKIPs to context * Fix issue #186 * SKIP when there is no view projection * - Adding support for merge values - Adding support for serialization from Lambda * Changing Event Tracing * Minor fixes * Removing functional as it serves no purpose * - Adding support for String contains for in operation - Fixing rule for correctness * Added tests for "in" string contains * BlockClause entry for tracking * Fix for to being None * Fixed bug when performing filtering over all values * Exposing parameterized rules output and message * Adding support for same name rules for Config and CFN in the same file * Adding console reporter with improved messaging for checks * Output fix * Added support for run tests from root directory based on convention * Make handling literals consistent * Removing remanant literal handling * Adding new format for checks * Adding support for 'validate' to pick all guard files * Initial cut for built in support functions * - Next cut of builtin function support - fixing parse_string with escapes initial cut * Added support for embedded strings * Adding more built in functions * Adding traversal for JSON pointer based extraction * Minor warning fixes * CFN Awareness with auto-detection * Added single line with resource information * Few more mods * Improved reporting for CFN template driven by auto-detection * Fixed reporting failures * Bumping up version for Guard * - Fixed bug with reporting - Fixed testing * Support for Terraform plan files * - Fixing IN operation reporting - Adding code view propagation * Remove dead code * Fixing YAML with line numbers and more * Marker tracking for locations in file * Inline code for template for CFN * Improving the message for CFN templates * Fixing CFN template level functions * Ensuring chain works correctly for default display * Fixing test command to ensure all tests are correctly covered * Bug fix needed for list-of-lists * One pending in testing * TODO introduce new string_in operator to no overload * Push out * Add fixes for compilation errors * Remove unused imports * Remove 2 repeated command line args * Added overloaded behavior for data argument, verified payload & dir values * Move re-used scan for data into a method * Add support for multiple args for rules * Move file extension check into a method * Move string literals to constants * Resolve conflict with type * Move literals from test to constants * Add support for input-parameters as files * Add directory support for input-parameters * Updated help for input-parameters arg * Add unit test cases for various input combinations of data, rules and input-parameters * Move app name and app version to constants * Move string literals for rulegen to constants * Add security related unit tests for validate * Adding project contributer * Updated placeholder in LICENSE * Updated occurrences of organization * Remove instructions from LICENSE * Add more project contributors * Update README.md for cfn-guard-lambda Co-authored-by: diwakar <dchakrav-github@gmail.com> Co-authored-by: dchakrav-github <42748809+dchakrav-github@users.noreply.github.com> Co-authored-by: diwakar <diwakar@amazon.com> Co-authored-by: Akshay Rane <raneaks@amazon.com> Co-authored-by: Bryan Ayala <bryaayal@amazon.com>
- Loading branch information
6 people
committed
Jun 30, 2022
1 parent
2a41f44
commit 901d40a