-
Notifications
You must be signed in to change notification settings - Fork 9
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #7 from epam/public_rules
Public rules
- Loading branch information
Showing
7,723 changed files
with
180,584 additions
and
0 deletions.
The diff you're trying to view is too large. We only load the first 3000 changed files.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,55 @@ | ||
| name: 😺 New Policy Proposal | ||
| description: Template for creating new policy | ||
| title: "[New Policy Name]: " | ||
| labels: ["new_policy", "policy"] | ||
| body: | ||
| - type: markdown | ||
| attributes: | ||
| value: | | ||
| Thanks for taking the time to fill out this New Policy Proposal! | ||
| - type: input | ||
| id: contact | ||
| attributes: | ||
| label: Contact Details | ||
| description: How can we get in touch with you if we need more info? | ||
| placeholder: ex. test@test.com | ||
| validations: | ||
| required: false | ||
| - type: input | ||
| id: source | ||
| attributes: | ||
| label: Source (Link) | ||
| description: What source did you use? | ||
| placeholder: ex. my own; ex. CIS Benchmark AWS Foundation v1.2.0 (1.1) | ||
| validations: | ||
| required: true | ||
| - type: textarea | ||
| id: describe-policy | ||
| attributes: | ||
| label: Describe the Policy Proposal | ||
| description: A clear and concise description of what the new policy is. | ||
| validations: | ||
| required: true | ||
| - type: textarea | ||
| id: screenshots | ||
| attributes: | ||
| label: Screenshots | ||
| description: If applicable, add screenshots to help explain your proposal. | ||
| - type: textarea | ||
| id: reproduce | ||
| attributes: | ||
| label: Reproduce | ||
| description: "How to reproduce infrastructure with such a security risk?" | ||
| value: | | ||
| 1. | ||
| 2. | ||
| ... | ||
| - type: textarea | ||
| id: remediation | ||
| attributes: | ||
| label: Remediation | ||
| description: "How to fix security risk using gcloud cli or console?" | ||
| value: | | ||
| 1. | ||
| 2. | ||
| ... |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,45 @@ | ||
| name: 😾 Duplicate Exsiting Policy | ||
| description: Template for reporting a duplicate of an existing policy | ||
| title: "[Duplicate Policy Name]: " | ||
| labels: ["policy","duplicate"] | ||
| body: | ||
| - type: markdown | ||
| attributes: | ||
| value: | | ||
| Thanks for taking the time to fill out this duplicate of an existing policy! | ||
| - type: input | ||
| id: contact | ||
| attributes: | ||
| label: Contact Details | ||
| description: How can we get in touch with you if we need more info? | ||
| placeholder: ex. test@test.com | ||
| validations: | ||
| required: false | ||
| - type: input | ||
| id: policy1 | ||
| attributes: | ||
| label: First Duplicate Policy | ||
| description: Insert a link to the policy | ||
| placeholder: ex. policies/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days.yml | ||
| validations: | ||
| required: true | ||
| - type: input | ||
| id: policy2 | ||
| attributes: | ||
| label: Second Duplicate Policy | ||
| description: Insert a link to the policy | ||
| placeholder: ex. policies/ecc-aws-014-ensure_keys_are_rotated_every_90_days.yml | ||
| validations: | ||
| required: true | ||
| - type: textarea | ||
| id: add-info | ||
| attributes: | ||
| label: Additional information | ||
| description: Provide additional information. | ||
| validations: | ||
| required: false | ||
| - type: textarea | ||
| id: screenshots | ||
| attributes: | ||
| label: Screenshots | ||
| description: If applicable, add screenshots. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| name: 😿 Fix Policy Proposal | ||
| description: Template for Fix policy proposal | ||
| title: "[Fix Policy, name]: " | ||
| labels: ["policy", "bug"] | ||
| body: | ||
| - type: markdown | ||
| attributes: | ||
| value: | | ||
| Thanks for taking the time to fill out this Fix Policy Proposal! | ||
| - type: input | ||
| id: contact | ||
| attributes: | ||
| label: Contact Details | ||
| description: How can we get in touch with you if we need more info? | ||
| placeholder: ex. test@test.com | ||
| validations: | ||
| required: false | ||
| - type: textarea | ||
| id: description | ||
| attributes: | ||
| label: Describe the Fix Policy Proposal | ||
| description: A clear and concise description of what the Fix policy is. | ||
| validations: | ||
| required: true | ||
| - type: textarea | ||
| id: screenshots | ||
| attributes: | ||
| label: Screenshots | ||
| description: If applicable, add screenshots to help explain your proposal. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| name: 😿 Fix Terraform Proposal | ||
| description: Template for Fix terrafrom proposal | ||
| title: "[Fix Terraform, name]: " | ||
| labels: ["terraform", "bug"] | ||
| body: | ||
| - type: markdown | ||
| attributes: | ||
| value: | | ||
| Thanks for taking the time to fill out this Fix Terraform Proposal! | ||
| - type: input | ||
| id: contact | ||
| attributes: | ||
| label: Contact Details | ||
| description: How can we get in touch with you if we need more info? | ||
| placeholder: ex. test@test.com | ||
| validations: | ||
| required: false | ||
| - type: textarea | ||
| id: description | ||
| attributes: | ||
| label: Describe the Fix Terraform Proposal | ||
| description: A clear and concise description of what the Fix Terraform is. | ||
| validations: | ||
| required: true | ||
| - type: textarea | ||
| id: screenshots | ||
| attributes: | ||
| label: Screenshots | ||
| description: If applicable, add screenshots to help explain your proposal. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| name: 😿 Fix Test Proposal | ||
| description: Template for Fix test proposal | ||
| title: "[Fix Test, name]: " | ||
| labels: ["test", "bug"] | ||
| body: | ||
| - type: markdown | ||
| attributes: | ||
| value: | | ||
| Thanks for taking the time to fill out this Fix Test Proposal! | ||
| - type: input | ||
| id: contact | ||
| attributes: | ||
| label: Contact Details | ||
| description: How can we get in touch with you if we need more info? | ||
| placeholder: ex. test@test.com | ||
| validations: | ||
| required: false | ||
| - type: textarea | ||
| id: description | ||
| attributes: | ||
| label: Describe the Fix Test Proposal | ||
| description: A clear and concise description of what the Fix Test is. | ||
| validations: | ||
| required: true | ||
| - type: textarea | ||
| id: screenshots | ||
| attributes: | ||
| label: Screenshots | ||
| description: If applicable, add screenshots to help explain your proposal. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| name: 🙀 Report a security vulnerability | ||
| description: Template for reporting a security vulnerability | ||
| title: "[Vulnerability Name]: " | ||
| labels: ["vulnerability"] | ||
| body: | ||
| - type: markdown | ||
| attributes: | ||
| value: | | ||
| Thanks for taking the time to fill out this security vulnerability! | ||
| - type: input | ||
| id: contact | ||
| attributes: | ||
| label: Contact Details | ||
| description: How can we get in touch with you if we need more info? | ||
| placeholder: ex. test@test.com | ||
| validations: | ||
| required: false | ||
| - type: textarea | ||
| id: description | ||
| attributes: | ||
| label: Describe the security vulnerability | ||
| description: A clear and concise description of what the security vulnerability is. | ||
| validations: | ||
| required: true | ||
| - type: textarea | ||
| id: screenshots | ||
| attributes: | ||
| label: Screenshots | ||
| description: If applicable, add screenshots to help explain this security vulnerability. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| name: 😻 Feature request | ||
| description: Suggest an idea for this project | ||
| title: "[Feature Name]: " | ||
| labels: ["enhancement"] | ||
| body: | ||
| - type: textarea | ||
| id: problem_description | ||
| attributes: | ||
| label: Is your feature request related to a problem? Please describe. | ||
| description: A clear and concise description of what the problem is. Ex. I'm always frustrated when... | ||
| validations: | ||
| required: true | ||
| - type: textarea | ||
| id: solution_description | ||
| attributes: | ||
| label: Describe the solution you'd like | ||
| description: A clear and concise description of what you want to happen. | ||
| - type: textarea | ||
| id: alternative_description | ||
| attributes: | ||
| label: Describe alternatives you've considered | ||
| description: A clear and concise description of any alternative solutions or features you've considered. | ||
| - type: textarea | ||
| id: additional_context | ||
| attributes: | ||
| label: Additional context | ||
| description: Add any other context or screenshots about the feature request here. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,88 @@ | ||
| name: test-custodian-policies | ||
| on: | ||
| push: | ||
| pull_request_review: | ||
| types: | ||
| - submitted | ||
| jobs: | ||
| test_policy_red_flights: | ||
| runs-on: ubuntu-22.04 | ||
| container: python:3.8 | ||
| steps: | ||
| - uses: actions/checkout@v3 | ||
| - uses: ./.github/workflows/composite-action | ||
| - name: test_policy_red_flights | ||
| shell: bash | ||
| run: | | ||
| cd cloud-custodian | ||
| python3.8 -m venv .venv && source .venv/bin/activate | ||
| pip install poetry | ||
| make install | ||
| mkdir out | ||
| RULE_NAMES=$(find ./aws-custodian-policies/tests/ -maxdepth 1 -type d | tail -n +2 | awk -F '/' '{ print $NF }') | ||
| RED_WHITELISTED_RULE_NAMES=$(cat ./aws-custodian-policies/tests/.whitelisted_red) | ||
| touch .red_passed .red_failed .whitelisted_red_failed | ||
| echo "$RULE_NAMES" | | ||
| while IFS= read -r policy ; do | ||
| echo "red test $policy executing..." | ||
| mkdir out/$policy | ||
| cp aws-custodian-policies/tests/$policy/placebo-red/* out/$policy | ||
| ls out/$policy | ||
| red_policy_test_file_name="aws-custodian-policies.tests.$policy.red_policy_test" | ||
| python3 policy_as_test.py test aws-custodian-policies/policies/$policy.yml $red_policy_test_file_name out \ | ||
| && echo $policy >> .red_passed || if [[ $RED_WHITELISTED_RULE_NAMES =~ $policy ]]; \ | ||
| then echo $policy >> .whitelisted_red_failed; else echo $policy >> .red_failed; fi | ||
| rm -r out/$policy | ||
| done | ||
| echo "red tests executed" | ||
| echo "red_passed:" | ||
| cat .red_passed | ||
| echo "whitelisted_red_failed:" | ||
| cat .whitelisted_red_failed | ||
| echo "red_failed:" | ||
| cat .red_failed | ||
| test -s .red_failed && exit 1 | ||
| exit 0 | ||
| test_policy_green_flights: | ||
| runs-on: ubuntu-22.04 | ||
| container: python:3.8 | ||
| steps: | ||
| - uses: actions/checkout@v3 | ||
| - uses: ./.github/workflows/composite-action | ||
| - name: test_policy_green_flights | ||
| shell: bash | ||
| run: | | ||
| cd cloud-custodian | ||
| python3.8 -m venv .venv && source .venv/bin/activate | ||
| pip install poetry | ||
| make install | ||
| mkdir out | ||
| RULE_NAMES=$(find ./aws-custodian-policies/tests/ -maxdepth 1 -type d | tail -n +2 | awk -F '/' '{ print $NF }') | ||
| GREEN_WHITELISTED_RULE_NAMES=$(cat ./aws-custodian-policies/tests/.whitelisted_green) | ||
| touch .green_passed .green_failed .whitelisted_green_failed | ||
| echo "$RULE_NAMES" | | ||
| while IFS= read -r policy ; do | ||
| echo "green test $policy executing..." | ||
| mkdir out/$policy | ||
| cp aws-custodian-policies/tests/$policy/placebo-green/* out/$policy | ||
| ls out/$policy | ||
| green_policy_test_file_name=$(test -f aws-custodian-policies/tests/$policy/green_policy_test.py && echo "aws-custodian-policies.tests.$policy.green_policy_test" || echo "green_policy_test") | ||
| python3 policy_as_test.py test aws-custodian-policies/policies/$policy.yml $green_policy_test_file_name out \ | ||
| && echo $policy >> .green_passed || if [[ $GREEN_WHITELISTED_RULE_NAMES =~ $policy ]]; \ | ||
| then echo $policy >> .whitelisted_green_failed; else echo $policy >> .green_failed; fi | ||
| rm -r out/$policy | ||
| done | ||
| echo "green tests executed" | ||
| echo "green_passed:" | ||
| cat .green_passed | ||
| echo "whitelisted_green_failed:" | ||
| cat .whitelisted_green_failed | ||
| echo "green_failed:" | ||
| cat .green_failed | ||
| test -s .green_failed && exit 1 | ||
| exit 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| name: "Installing cloud-custodian" | ||
| description: "Installing cloud-custodian" | ||
| runs: | ||
| using: "composite" | ||
| steps: | ||
| - run: | | ||
| command -v git >/dev/null || ( apt-get update -y && apt-get install git -y ) | ||
| DEFAULT_CORE_BRANCH=main | ||
| CORE_BRANCH=$GITHUB_BASE_REF | ||
| echo "CORE_BRANCH = $CORE_BRANCH" | ||
| CORE_BRANCH=${CORE_BRANCH:-$GITHUB_REF_NAME} | ||
| echo "CORE_BRANCH = $CORE_BRANCH" | ||
| if [[ $CORE_BRANCH != "develop" && $CORE_BRANCH != "main" ]]; then CORE_BRANCH=$DEFAULT_CORE_BRANCH; fi | ||
| echo "Using $CORE_BRANCH in cloud-custodian" | ||
| echo "Core branch = $CORE_BRANCH" | ||
| git clone https://github.com/cloud-custodian/cloud-custodian.git --branch $CORE_BRANCH --depth 1 | ||
| mkdir aws-custodian-policies && cp -r policies tests aws-custodian-policies | ||
| cp -r aws-custodian-policies cloud-custodian | ||
| cp .github/workflows/scripts/policy_as_test.py cloud-custodian/. | ||
| cp .github/workflows/scripts/gcp_common.py cloud-custodian/tools/c7n_gcp/tests/. | ||
| cp .github/workflows/scripts/green_policy_test.py cloud-custodian/. | ||
| shell: bash |
Oops, something went wrong.