in security_hub_correlation_cdk/lambdas/create_sh_finding/create_sh_finding.py [0:0]
def check_inspector_cve(sh_resource, ddbtable):
try:
inspector_cve_payload = ddbtable.scan(
FilterExpression=Attr('ResourceId').eq(sh_resource) & Attr('ProductName').eq('Inspector') & Attr('Severity').eq('CRITICAL')
)
for item in inspector_cve_payload['Items']:
while 'LastEvaluatedKey' in item:
inspector_cve_payload_paginate = ddbtable.scan(
FilterExpression=Attr('ResourceId').eq(sh_resource) & Attr('ProductName').eq('Inspector') & Attr('Severity').eq('CRITICAL'),
ExclusiveStartKey=inspector_cve_payload_paginate['LastEvaluatedKey']
)
for item in inspector_cve_payload_paginate['Items']:
if item['Count'] >= 3:
logger.info('Found {} Critical Inspector CVEs for {}.'.format(inspector_cve_payload['Count'],sh_resource))
return inspector_cve_payload
else:
logger.info('Minimum Critical Inspector CVE threshhold not met for {}.'.format(sh_resource))
if inspector_cve_payload['Count'] >= 3:
logger.info('Found {} Critical Inspector CVEs for {}.'.format(inspector_cve_payload['Count'],sh_resource))
return inspector_cve_payload
except ClientError as error_handle:
logger.error(error_handle.dynamodb_match['Error']['Code'])