search

awslabs / aws-config-rules

[Node, Python, Java] Repository of sample Custom Rules for AWS Config.
http://aws.amazon.com/config/
Creative Commons Zero v1.0 Universal
1.61k stars 854 forks source link

Added Rule to check EC2 Instances against Qualys REST API #303

Open awfullyniceguy opened 4 years ago

awfullyniceguy commented 4 years ago

I confirm these files are made available under CC0 1.0 Universal (https://creativecommons.org/publicdomain/zero/1.0/legalcode)

Description of changes:

This config rule will check for Qualys Agent Reporting Status of an EC2 Instance. The rule leverages multiple services such as Secret Manager and KMS to store Qualys API Credentials. A detailed walk-through has been added inside the folder to ease deployment.

good-bot commented 4 years ago

Module EC2_Qualys_Reporting_Status_test EC2_Qualys_Reporting_Status/EC2_Qualys_Reporting_Status_test.py:1:0: C0103: Module name "EC2_Qualys_Reporting_Status_test" doesn't conform to '(?=.{2,128}$)([A-Z][A-Z_0-9]+A-Z0-9?)$' pattern (invalid-name) EC2_Qualys_Reporting_Status/EC2_Qualys_Reporting_Status_test.py:57:8: W1503: Redundant use of assertTrue with constant value True (redundant-unittest-assert) Module EC2_Qualys_Reporting_Status EC2_Qualys_Reporting_Status/EC2_Qualys_Reporting_Status.py:121:43: C0326: No space allowed around keyword argument assignment request_body = bytes(payload, encoding = 'utf-8') ^ (bad-whitespace) EC2_Qualys_Reporting_Status/EC2_Qualys_Reporting_Status.py:1:0: C0103: Module name "EC2_Qualys_Reporting_Status" doesn't conform to '(?=.{2,128}$)([A-Z][A-Z_0-9]+A-Z0-9?)$' pattern (invalid-name) EC2_Qualys_Reporting_Status/EC2_Qualys_Reporting_Status.py:47:4: W0231: init method from base class 'list' is not called (super-init-not-called) EC2_Qualys_Reporting_Status/EC2_Qualys_Reporting_Status.py:69:4: W0231: init method from base class 'dict' is not called (super-init-not-called) EC2_Qualys_Reporting_Status/EC2_Qualys_ReportingStatus.py:75:20: C0103: Variable name "aDict" doesn't conform to '[a-z][a-z0-9_]{2,30}$' pattern (invalid-name) EC2_Qualys_Reporting_Status/EC2_Qualys_ReportingStatus.py:77:20: C0103: Variable name "aDict" doesn't conform to '[a-z][a-z0-9_]{2,30}$' pattern (invalid-name) EC2_Qualys_Reporting_Status/EC2_Qualys_ReportingStatus.py:92:4: C0103: Variable name "instanceId" doesn't conform to '[a-z][a-z0-9_]{2,30}$' pattern (invalid-name) EC2_Qualys_Reporting_Status/EC2_Qualys_Reporting_Status.py:112:0: C0103: Function name "qualys_queryinstanceId" doesn't conform to '[a-z][a-z0-9_]{5,}$' pattern (invalid-name) EC2_Qualys_Reporting_Status/EC2_Qualys_ReportingStatus.py:119:4: C0103: Variable name "HOST" doesn't conform to '[a-z][a-z0-9_]{2,30}$' pattern (invalid-name) EC2_Qualys_Reporting_Status/EC2_Qualys_Reporting_Status.py:120:4: C0103: Variable name "APIURL" doesn't conform to '[a-z][a-z0-9_]{2,30}$' pattern (invalid-name) EC2_Qualys_Reporting_Status/EC2_Qualys_ReportingStatus.py:158:4: C0103: Variable name "e" doesn't conform to '[a-z][a-z0-9_]{2,30}$' pattern (invalid-name) EC2_Qualys_Reporting_Status/EC2_Qualys_Reporting_Status.py:159:8: R1720: Unnecessary "elif" after "raise" (no-else-raise) EC2_Qualys_Reporting_Status/EC2_Qualys_Reporting_Status.py:182:8: R1705: Unnecessary "else" after "return" (no-else-return) EC2_Qualys_Reporting_Status/EC2_Qualys_Reporting_Status.py:144:0: R1710: Either all return statements in a function should return an expression, or none of them should. (inconsistent-return-statements) EC2_Qualys_Reporting_Status/EC2_Qualys_Reporting_Status.py:187:12: W0612: Unused variable 'decoded_binary_secret' (unused-variable) EC2_Qualys_Reporting_Status/EC2_Qualys_ReportingStatus.py:266:8: C0103: Variable name "Reservations" doesn't conform to '[a-z][a-z0-9_]{2,30}$' pattern (invalid-name) EC2_Qualys_Reporting_Status/EC2_Qualys_ReportingStatus.py:267:8: C0103: Variable name "Instances" doesn't conform to '[a-z][a-z0-9_]{2,30}$' pattern (invalid-name) EC2_Qualys_Reporting_Status/EC2_Qualys_ReportingStatus.py:269:12: C0103: Variable name "InstanceId" doesn't conform to '[a-z][a-z0-9_]{2,30}$' pattern (invalid-name) EC2_Qualys_Reporting_Status/EC2_Qualys_ReportingStatus.py:270:12: C0103: Variable name "launchTime" doesn't conform to '[a-z][a-z0-9_]{2,30}$' pattern (invalid-name) EC2_Qualys_Reporting_Status/EC2_Qualys_Reporting_Status.py:290:4: R1705: Unnecessary "else" after "return" (no-else-return) EC2_Qualys_Reporting_Status/EC2_Qualys_Reporting_Status.py:270:12: W0612: Unused variable 'launchTime' (unused-variable) EC2_Qualys_Reporting_Status/EC2_Qualys_Reporting_Status.py:26:0: W0611: Unused ElementTree imported from xml.etree as ET (unused-import) EC2_Qualys_Reporting_Status/EC2_Qualys_Reporting_Status.py:23:0: C0411: standard import "import http.client" should be placed before "import boto3" (wrong-import-order) EC2_Qualys_Reporting_Status/EC2_Qualys_Reporting_Status.py:24:0: C0411: standard import "import base64" should be placed before "import boto3" (wrong-import-order) EC2_Qualys_Reporting_Status/EC2_Qualys_Reporting_Status.py:26:0: C0411: standard import "from xml.etree import ElementTree as ET" should be placed before "import boto3" (wrong-import-order) EC2_Qualys_Reporting_Status/EC2_Qualys_Reporting_Status.py:27:0: C0411: standard import "from xml.etree import cElementTree as ElementTree" should be placed before "import boto3" (wrong-import-order) EC2_Qualys_Reporting_Status/EC2_Qualys_Reporting_Status.py:28:0: C0411: standard import "import ast" should be placed before "import boto3" (wrong-import-order)

Your code has been rated at 9.97/10