معرفی شرکت ها
cfripper-1.9.0
تبلیغات ما
مشتریان به طور فزاینده ای آنلاین هستند. تبلیغات می تواند به آنها کمک کند تا کسب و کار شما را پیدا کنند.
مشاهده بیشتر
تبلیغات ما
مشتریان به طور فزاینده ای آنلاین هستند. تبلیغات می تواند به آنها کمک کند تا کسب و کار شما را پیدا کنند.
مشاهده بیشتر
تبلیغات ما
مشتریان به طور فزاینده ای آنلاین هستند. تبلیغات می تواند به آنها کمک کند تا کسب و کار شما را پیدا کنند.
مشاهده بیشتر
تبلیغات ما
مشتریان به طور فزاینده ای آنلاین هستند. تبلیغات می تواند به آنها کمک کند تا کسب و کار شما را پیدا کنند.
مشاهده بیشتر
تبلیغات ما
مشتریان به طور فزاینده ای آنلاین هستند. تبلیغات می تواند به آنها کمک کند تا کسب و کار شما را پیدا کنند.
مشاهده بیشترتوضیحات
Library and CLI tool for analysing CloudFormation templates and check them for security compliance.
| ویژگی | مقدار |
|---|---|
| سیستم عامل | - |
| نام فایل | cfripper-1.9.0 |
| نام | cfripper |
| نسخه کتابخانه | 1.9.0 |
| نگهدارنده | [] |
| ایمیل نگهدارنده | [] |
| نویسنده | Skyscanner Product Security |
| ایمیل نویسنده | security@skyscanner.net |
| آدرس صفحه اصلی | https://github.com/Skyscanner/cfripper |
| آدرس اینترنتی | https://pypi.org/project/cfripper/ |
| مجوز | - |
<p align="center">
<img src="docs/img/logo.png" width="200">
</p>
# CFRipper
[](https://badge.fury.io/py/cfripper)
[](https://lgtm.com/projects/g/Skyscanner/cfripper/alerts/)
[](https://lgtm.com/projects/g/Skyscanner/cfripper/context:python)
CFRipper is a Library and CLI security analyzer for AWS CloudFormation templates. You can use CFRipper to prevent deploying insecure AWS resources into your Cloud environment. You can write your own compliance checks by adding new custom plugins.
Docs and more details available in https://cfripper.readthedocs.io/
## CLI Usage
### Normal execution
```bash
$ cfripper /tmp/root.yaml /tmp/root_bypass.json --format txt
Analysing /tmp/root.yaml...
Not adding CrossAccountTrustRule failure in rootRole because no AWS Account ID was found in the config.
Valid: False
Issues found:
- FullWildcardPrincipalRule: rootRole should not allow full wildcard '*', or wildcard in account ID like 'arn:aws:iam::*:12345' at '*'
- IAMRolesOverprivilegedRule: Role 'rootRole' contains an insecure permission '*' in policy 'root'
Analysing /tmp/root_bypass.json...
Valid: True
```
### Using the "resolve" flag
```bash
$ cfripper /tmp/root.yaml /tmp/root_bypass.json --format txt --resolve
Analysing /tmp/root.yaml...
Not adding CrossAccountTrustRule failure in rootRole because no AWS Account ID was found in the config.
Valid: False
Issues found:
- FullWildcardPrincipalRule: rootRole should not allow full wildcard '*', or wildcard in account ID like 'arn:aws:iam::*:12345' at '*'
- IAMRolesOverprivilegedRule: Role 'rootRole' contains an insecure permission '*' in policy 'root'
Analysing /tmp/root_bypass.json...
Not adding CrossAccountTrustRule failure in rootRole because no AWS Account ID was found in the config.
Valid: False
Issues found:
- IAMRolesOverprivilegedRule: Role 'rootRole' contains an insecure permission '*' in policy 'root'
Monitored issues found:
- PartialWildcardPrincipalRule: rootRole contains an unknown principal: 123456789012
- PartialWildcardPrincipalRule: rootRole should not allow wildcard, account-wide or root in resource-id like 'arn:aws:iam::12345:root' at 'arn:aws:iam::123456789012:root'
```
### Using json format and output-folder argument
```bash
$ cfripper /tmp/root.yaml /tmp/root_bypass.json --format json --resolve --output-folder /tmp
Analysing /tmp/root.yaml...
Not adding CrossAccountTrustRule failure in rootRole because no AWS Account ID was found in the config.
Result saved in /tmp/root.yaml.cfripper.results.json
Analysing /tmp/root_bypass.json...
Not adding CrossAccountTrustRule failure in rootRole because no AWS Account ID was found in the config.
Result saved in /tmp/root_bypass.json.cfripper.results.json
```
### Using rules config file
```bash
$ cfripper tests/test_templates/config/security_group_firehose_ips.json --rules-config-file cfripper/config/rule_configs/example_rules_config_for_cli.py
Analysing tests/test_templates/config/security_group_firehose_ips.json...
Valid: True
```
### Using rules filters files
```bash
$ cfripper tests/test_templates/config/security_group_firehose_ips.json --rules-filters-folder cfripper/config/rule_configs/
example_rules_config_for_cli.py loaded
Analysing tests/test_templates/config/security_group_firehose_ips.json...
Valid: True
```
### Exit Codes
```python
"""
Analyse AWS Cloudformation templates passed by parameter.
Exit codes:
- 0 = all templates valid and scanned successfully
- 1 = error / issue in scanning at least one template
- 2 = at least one template is not valid according to CFRipper (template scanned successfully)
- 3 = unknown / unhandled exception in scanning the templates
"""
```
نیازمندی
| مقدار | نام |
|---|---|
| <2,>=1.4.7 | boto3 |
| >=1.2.0 | cfn-flip |
| >=8.0.0 | click |
| ~=0.13.1 | pluggy |
| >=0.20.0 | pycfmodel |
| ~=4.7.6 | pydash |
| >=4.2b1 | PyYAML |
| ==22.3.0 | black |
| >=3.3.0 | flake8 |
| ==4.3.21 | isort |
| >=3.6 | pytest |
| >=2.5.1 | pytest-cov |
| >=5.3.1 | pip-tools |
| ==3.1.9 | moto[cloudformation,s3] |
| ==8.1.2 | click |
| ==0.9.5 | csscompressor |
| ==2.0.2 | ghp-import |
| ==0.1.12 | htmlmin |
| ==4.11.3 | importlib-metadata |
| ==3.1.1 | Jinja2 |
| ==3.0.1 | jsmin |
| ==3.3.6 | Markdown |
| ==2.1.1 | MarkupSafe |
| ==1.3.4 | mergedeep |
| ==1.3.0 | mkdocs |
| ==1.0.2 | mkdocs-exclude |
| ==0.7.0 | mkdocs-macros-plugin |
| ==8.2.8 | mkdocs-material |
| ==1.0.3 | mkdocs-material-extensions |
| ==0.5.0 | mkdocs-minify-plugin |
| ==21.3 | packaging |
| ==2.11.2 | Pygments |
| ==9.3 | pymdown-extensions |
| ==3.0.7 | pyparsing |
| ==2.8.2 | python-dateutil |
| ==6.0 | PyYAML |
| ==0.1 | pyyaml-env-tag |
| ==1.16.0 | six |
| ==1.1.0 | termcolor |
| ==2.1.7 | watchdog |
| ==3.8.0 | zipp |
زبان مورد نیاز
| مقدار | نام |
|---|---|
| >=3.7 | Python |
نحوه نصب
نصب پکیج whl cfripper-1.9.0:
pip install cfripper-1.9.0.whl
نصب پکیج tar.gz cfripper-1.9.0:
pip install cfripper-1.9.0.tar.gz