def lambda_handler()

in source/sfm-respond-to-inspector-agent-id-findings.py [0:0]

• 44 lines of code
• 10 McCabe index (conditional complexity)

def lambda_handler(event, context):

    logger.info('Event: {}'.format(json.dumps(event)))

    now = datetime.datetime.now().replace(microsecond=0).isoformat() + "Z"

    assessment_run_arn = json.loads(event['Records'][0]['Sns']['Message'])['AssessmentRunArn']
    instance_id = json.loads(event['Records'][0]['Sns']['Message'])['AgentId']

    # Get the list of findings for the given agent on the given assessment run.
    findings_arns = inspector_client.list_findings(
        assessmentRunArns = [assessment_run_arn],
        filter={'agentIds': [instance_id]},
        maxResults = INSPECTOR_RESOURCE_LIMIT
    )['findingArns']

    logger.info('AssessmentRunArn: {}, AgentId: {}, FindingsArn: {}'.format(assessment_run_arn,instance_id,findings_arns))

    # Now get the findings details.
    if findings_arns:
        logger.info('getting the findings details')
        ssm_findings = []
        findings = inspector_client.describe_findings(findingArns = findings_arns)['findings']

        inventories = {}

        # Loop through the findings.
        logger.info('looping through the findings')
        for finding in findings:

            inventory_finding = {
                "Finding":finding['id'],
                "Severity":finding['severity'],
                "Criticality":FINDING_SORT_ORDER[finding['severity']]
            }
            logger.debug('inventory finding: {}'.format(inventory_finding))

            # Build the JSON object that we can use for the SSM inventory.
            ssm_findings.append(inventory_finding)

            inventories[instance_id] = ssm_findings

            # Sort the findings by their severity (defined by their sort value).
            for instance in inventories:
                inventories[instance].sort(key=operator.itemgetter('Criticality'))

            # Lastly, for each instance, report the inventory of findings.
            for instance_id, content in inventories.items():

                # The instance may have terminated since the assessment was run, so we
                # need to account for API failures.
                try:
                    ssm_client.put_inventory(
                        InstanceId = instance_id,
                        Items = [
                            {
                                "CaptureTime": now,
                                "SchemaVersion": "1.1",
                                "TypeName": "Custom:InspectorFindings",
                                "Content": content
                            }
                        ]
                    )

                except botocore.exceptions.ClientError as e:
                    logger.error('Error putting inventory to instance {0}: {1}'.format(instance_id, e))

    return