in code/cfn_secrets.py [0:0]
def evaluate_template(template, job_id):
# Validate rules and increase risk value
#print(template)
risk = 0
failedRules = []
print("----------------")
#jsonTemplate = json.loads(template)
#print(template)
smite = re.compile(r'A3T[A-Z0-9]|(AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}')
matchobj = smite.search(template)
if matchobj: # True if matchobj is not "nothing"
print(matchobj.group())
risk = risk + 100
print("Risk value: " +str(risk))
failedRules.append("AWS Key Found")
print("killing job")
put_job_failure(job_id, "AWS Key Found")
else:
print("No match!!")
smite2 = re.compile(r'(^|[^A-Za-z0-9/+=])[A-Za-z0-9/+=]{40}(?![A-Za-z0-9/+=])')
matchObj2 = smite2.search(template)
if matchObj2:
print(matchObj2.group())
risk = risk + 100
print("Risk value: " +str(risk))
failedRules.append("AWS Secret Key Found")
print("killing job")
put_job_failure(job_id, "AWS Secret Key Found")
else:
print("No match!!")
print("----------------")
if risk > 10:
print("good job")
put_job_success(job_id, 'Job succesful, minimal or no risk detected.')
return risk, failedRules