[FEATURE] Add first version of CLI #90

oscarbc96 · 2020-01-02T11:48:46Z

Add first version of a CLI

Examples

Help output

$ cfripper --help
Usage: cfripper [OPTIONS] [TEMPLATES]...

  Analyse AWS Cloudformation templates passed by parameter.

Options:
  --version                       Show the version and exit.
  --resolve / --no-resolve        Resolves cloudformation intrinsic functions
                                  [default: False]
  --resolve-parameters FILENAME   JSON/YML file containing key-value pairs
                                  used for resolving CloudFormation files with
                                  templated parameters. For example, {"abc":
                                  "ABC"} will change all occurrences of
                                  {"Ref": "abc"} in the CloudFormation file to
                                  "ABC".
  --format [json|txt]             Output format  [default: txt]
  --output-folder DIRECTORY       If not present, result will be sent to
                                  stdout
  --logging [CRITICAL|FATAL|ERROR|WARN|WARNING|INFO|DEBUG|NOTSET]
                                  Logging level  [default: INFO]
  --help                          Show this message and exit.

Normal execution

$ cfripper /tmp/root.yaml /tmp/root_bypass.json --format txt
Analysing /tmp/root.yaml...
Not adding CrossAccountTrustRule failure in rootRole because no AWS Account ID was found in the config.
Valid: False
IAMRolesOverprivilegedRule: Role 'rootRole' contains an insecure permission '*' in policy 'root'
FullWildcardPrincipalRule: rootRole should not allow wildcards in principals (principal: '*')

Analysing /tmp/root_bypass.json...
Valid: True

Using resolve flag

$ cfripper /tmp/root.yaml /tmp/root_bypass.json --format txt --resolve
Analysing /tmp/root.yaml...
Not adding CrossAccountTrustRule failure in rootRole because no AWS Account ID was found in the config.
Valid: False
IAMRolesOverprivilegedRule: Role 'rootRole' contains an insecure permission '*' in policy 'root'
FullWildcardPrincipalRule: rootRole should not allow wildcards in principals (principal: '*')

Analysing /tmp/root_bypass.json...
Not adding CrossAccountTrustRule failure in rootRole because no AWS Account ID was found in the config.
Valid: False
IAMRolesOverprivilegedRule: Role 'rootRole' contains an insecure permission '*' in policy 'root'

Using json format and output-folder argument

$ cfripper /tmp/root.yaml /tmp/root_bypass.json --format json --resolve --output-folder /tmp
Analysing /tmp/root.yaml...
Not adding CrossAccountTrustRule failure in rootRole because no AWS Account ID was found in the config.
Result saved in /tmp/root.yaml.cfripper.results.json
Analysing /tmp/root_bypass.json...
Not adding CrossAccountTrustRule failure in rootRole because no AWS Account ID was found in the config.
Result saved in /tmp/root_bypass.json.cfripper.results.json

setup.py

cfripper/cli.py

jsoucheiron · 2020-01-02T12:11:05Z

I'm not completely sure about including click by default, this will increase the payload size if it's deployed as a lambda, we might want to make it optional. How big is click?

ocrawford555

Left a couple of comments to review, but other than those this looks good to me, and a good addition to CFRipper! :)

cfripper/cli.py

setup.py

Makefile

cfripper/cli.py

cfripper/model/result.py

mkdocs.yml

cfripper/cli.py

jsoucheiron · 2020-01-07T10:42:00Z

cfripper/cli.py

+
+
+def save_to_file(file: Path, result: str) -> None:
+    file.write_text(result)


file is a keyword

jsoucheiron · 2020-01-07T10:44:35Z

cfripper/cli.py

+            process_template(template=template, resolve_parameters=resolve_parameters, **kwargs)
+
+    except Exception as e:
+        logging.exception(e)


Use a useful text here. The exception itself is logged regardless

oscarbc96 added 6 commits January 2, 2020 11:38

update setup.py to grap version from __version__

4e34509

add version file

bcc203a

add cli

43f19bd

Update changelog

005a43e

add entry point to setup

c1331ff

fix nit

098bbd0