Analyzing¶
analysis.analyze¶
Functions to support the analyze capability in this tool
-
policy_sentry.analysis.analyze.
analyze_by_access_level
(policy_json, access_level)¶ Determine if a policy has any actions with a given access level. This is particularly useful when determining who has ‘Permissions management’ level access
Parameters: - policy_json – a dictionary representing the AWS JSON policy
- access_level – The normalized access level - either ‘read’, ‘list’, ‘write’, ‘tagging’, or ‘permissions-management’
-
policy_sentry.analysis.analyze.
analyze_policy_file
(policy_file, account_id, from_audit_file, finding_type, excluded_role_patterns)¶ Given a policy file, determine risky actions based on a separate file containing a list of actions. If it matches a policy exclusion pattern from the report-config.yml file, that policy file will be skipped.
Parameters: - policy_file – The path to the policy file to be evaluated
- account_id – The AWS Account ID
- from_audit_file – The file containing the list of problematic actions
- finding_type – The type of finding - resource_exposure, privilege_escalation, network_exposure, or credentials_exposure
- excluded_role_patterns – A RegEx pattern for excluding policy names from evaluation.
Returns: False if the policy name matches excluded role patterns, or if it does not, a dictionary containing the findings.
Return type: dict
-
policy_sentry.analysis.analyze.
analyze_statement_by_access_level
(statement_json, access_level)¶ Determine if a statement has any actions with a given access level.
Parameters: - statement_json – a dictionary representing a statement from an AWS JSON policy
- access_level – The access level - either ‘Read’, ‘List’, ‘Write’, ‘Tagging’, or ‘Permissions management’
-
policy_sentry.analysis.analyze.
determine_actions_to_expand
(action_list)¶ Determine if an action needs to get expanded from its wildcard
Parameters: action_list – A list of actions Returns: A list of actions Return type: list
-
policy_sentry.analysis.analyze.
determine_risky_actions
(requested_actions, audit_file)¶ compare the actions in the policy against the audit file of high risk actions
Parameters: - requested_actions – A list of the actions that are requested by the policy under evaluation
- audit_file – The absolute path to the file that contains a list of IAM action to evaluate.
Returns: a list of any actions that are included in the file of risky actions
-
policy_sentry.analysis.analyze.
determine_risky_actions_from_list
(requested_actions, risky_actions)¶ compare the actions in the policy against a list of high risk actions
Parameters: - requested_actions – A list of the actions that are requested by the policy under evaluation
- risky_actions – A list of risky IAM actions to evaluate.
Returns: a list of any actions that are included in the file of risky actions
-
policy_sentry.analysis.analyze.
expand
(action)¶ expand the action wildcards into a full action
Parameters: action – An action in the form with a wildcard - like s3:Get*, or s3:L* Returns: A list of all the expanded actions (like actions matching s3:Get*) Return type: list
-
policy_sentry.analysis.analyze.
read_risky_iam_permissions_text_file
(audit_file)¶ read in the audit file of high risk actions
Parameters: audit_file – Path to the file containing a list of risky actions Return risky_actions: A list of actions from the file