in code/cfn_ftp_port.py [0:0]
def evaluate_template(template, job_id):
# Validate rules and increase risk value
#print(template)
risk = 0
failedRules = []
print("----------------")
template = json.loads(template)
#print(template)
for r in template['Resources']:
#print(template['Resources'][r])
for s in template['Resources'][r]:
#print(s)
if template['Resources'][r][s] == template['Resources'][r]['Type']:
#print(template['Resources'][r]['Type'])
if template['Resources'][r]['Type'] == 'AWS::EC2::SecurityGroup':
#print(template['Resources'][r]['Properties'])
for sg in template['Resources'][r]['Properties']['SecurityGroupIngress']:
if sg == 'FromPort':
print(template['Resources'][r]['Properties']['SecurityGroupIngress']['FromPort'])
if str(template['Resources'][r]['Properties']['SecurityGroupIngress']['FromPort']) == '21':
risk = risk + 100
print("Risk value: " +str(risk))
failedRules.append("Found FTP port.")
print("killing job")
put_job_failure(job_id, "Found FTP port.")
print('Found FTP port.')
print("----------------")
if risk > 10:
print("good job")
put_job_success(job_id, 'Job succesful, minimal or no risk detected.')
return risk, failedRules