policy

package

v1.11.0 Latest Latest Go to latest Published: Jun 9, 2023 License: MIT Imports: 5 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/BishopFox/cloudfox

Links

Open Source Insights

Documentation ¶

Index ¶

type ListOrString
- func (ls *ListOrString) UnmarshalJSON(b []byte) error
type Policy
- func ParseJSONPolicy(data []byte) (Policy, error)
type PolicyStatement
type PolicyStatementCondition
- func (psc *PolicyStatementCondition) IsEmpty() bool
- func (psc *PolicyStatementCondition) IsScopedOnAccountOrOrganization() bool
type PolicyStatementPrincipal
type PolicyStatementPrincipalObject

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ListOrString ¶

type ListOrString []string

func (*ListOrString) UnmarshalJSON ¶

func (ls *ListOrString) UnmarshalJSON(b []byte) error

type Policy ¶

type Policy struct {
	Version   string            `json:"Version"`
	Id        string            `json:"Id"`
	Statement []PolicyStatement `json:"Statement"`
}

func ParseJSONPolicy ¶

func ParseJSONPolicy(data []byte) (Policy, error)

func (*Policy) IsConditionallyPublic ¶

func (p *Policy) IsConditionallyPublic() bool

true iff there is at least one statement with principal * with conditions that do not scope access down to AWS accounts or organizations

func (*Policy) IsEmpty ¶

func (p *Policy) IsEmpty() bool

IsNull returns true iff the Policy is empty you cannot do a comparison like this: `p == Policy{}' since we use custom types in the struct`

func (*Policy) IsPublic ¶

func (p *Policy) IsPublic() bool

true iff there is at least one statement with principal * and no conditions

type PolicyStatement ¶

type PolicyStatement struct {
	Sid       string                   `json:"Sid,omitempty"`
	Effect    string                   `json:"Effect"`
	Principal PolicyStatementPrincipal `json:"Principal,omitempty"`
	Action    ListOrString             `json:"Action"`
	NotAction ListOrString             `json:"NotAction,omitempty"`
	Resource  ListOrString             `json:"Resource,omitempty"`
	Condition PolicyStatementCondition `json:"Condition,omitempty"`
}

func (*PolicyStatement) GetAllActionsAsString ¶

func (ps *PolicyStatement) GetAllActionsAsString() string

func (*PolicyStatement) GetAllPrincipalsAsString ¶

func (ps *PolicyStatement) GetAllPrincipalsAsString() string

func (*PolicyStatement) GetConditionsInEnglish ¶

func (ps *PolicyStatement) GetConditionsInEnglish(caller string) string

func (*PolicyStatement) GetStatementSummaryInEnglish ¶

func (ps *PolicyStatement) GetStatementSummaryInEnglish(caller string) string

func (*PolicyStatement) IsAllow ¶

func (ps *PolicyStatement) IsAllow() bool

func (*PolicyStatement) IsEmpty ¶

func (ps *PolicyStatement) IsEmpty() bool

type PolicyStatementCondition ¶

type PolicyStatementCondition map[string]map[string]ListOrString

https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html Conditions have the folling general structure:

"Condition" : { "{condition-operator}" : { "{condition-key}" : "{condition-value}" }}

func (*PolicyStatementCondition) IsEmpty ¶

func (psc *PolicyStatementCondition) IsEmpty() bool

func (*PolicyStatementCondition) IsScopedOnAccountOrOrganization ¶

func (psc *PolicyStatementCondition) IsScopedOnAccountOrOrganization() bool

IsScopedOnAccountOrOrganization returns true if the policy condition ensures access only for specific AWS accounts or organizations. If may return false even if access is restricted in such a way. Such policies should be reported to the user and analyzed case by case to judge if conditions are sufficently restrictive.

type PolicyStatementPrincipal ¶

type PolicyStatementPrincipal struct {
	S string
	O PolicyStatementPrincipalObject
}

func (*PolicyStatementPrincipal) IsEmpty ¶

func (psp *PolicyStatementPrincipal) IsEmpty() bool

func (*PolicyStatementPrincipal) IsPublic ¶

func (psp *PolicyStatementPrincipal) IsPublic() bool

func (*PolicyStatementPrincipal) MarshalJSON ¶

func (psp *PolicyStatementPrincipal) MarshalJSON() ([]byte, error)

func (*PolicyStatementPrincipal) UnmarshalJSON ¶

func (psp *PolicyStatementPrincipal) UnmarshalJSON(b []byte) error

type PolicyStatementPrincipalObject ¶

type PolicyStatementPrincipalObject struct {
	AWS           ListOrString `json:"AWS,omitempty"`
	CanonicalUser ListOrString `json:"CanonicalUser,omitempty"`
	Federated     ListOrString `json:"Federated,omitempty"`
	Service       ListOrString `json:"Service,omitempty"`
}

func (*PolicyStatementPrincipalObject) GetListOfPrincipals ¶

func (pspo *PolicyStatementPrincipalObject) GetListOfPrincipals() []string

func (*PolicyStatementPrincipalObject) IsEmpty ¶

func (pspo *PolicyStatementPrincipalObject) IsEmpty() bool

func (*PolicyStatementPrincipalObject) IsPublic ¶

func (pspo *PolicyStatementPrincipalObject) IsPublic() bool

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL