You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@click.option("-s", "--skip-open-report", required=False, default=False, is_flag=True, help="Don't open the HTML report in the web browser after creating. This helps when running the report in automation.")
36
37
@click.option("-m", "--minimize", required=False, default=False, is_flag=True, help="Reduce the size of the HTML Report by pulling the Cloudsplaining Javascript code over the internet.")
38
+
@click.option("-aR", "--flag-all-risky-actions", is_flag=True, help="Flag all risky actions, regardless of whether resource ARN constraints or conditions are used.")
Copy file name to clipboardExpand all lines: cloudsplaining/command/scan_policy_file.py
+15-4Lines changed: 15 additions & 4 deletions
Original file line number
Diff line number
Diff line change
@@ -31,10 +31,11 @@
31
31
@click.option("-i", "--input-file", type=str, help="Path of the IAM policy file to evaluate.")
32
32
@click.option("-e", "--exclusions-file", help="A yaml file containing a list of actions to ignore when scanning.", type=click.Path(exists=True), required=False, default=EXCLUSIONS_FILE)
33
33
@click.option("--high-priority-only", required=False, default=False, is_flag=True, help="If issues are found, only print the high priority risks (Resource Exposure, Privilege Escalation, Data Exfiltration). This can help with prioritization.")
34
+
@click.option("-aR", "--flag-all-risky-actions", is_flag=True, help="Flag all risky actions, regardless of whether resource ARN constraints or conditions are used.")
Scan a policy document for missing resource constraints.
141
150
142
151
:param policy_json: Dictionary containing the IAM policy.
143
152
:param exclusions_config: Exclusions configuration. If none, just send an empty dictionary. Defaults to the contents of cloudsplaining.shared.default-exclusions.yml
"The exclusions provided is not an Exclusions type object. "
@@ -130,7 +140,10 @@ def __init__(
130
140
exclusions.is_policy_excluded(policy_name)
131
141
orexclusions.is_policy_excluded(policy_id)
132
142
):
133
-
inline_policy=InlinePolicy(policy_detail)
143
+
# NOTE: The Exclusions were not here before the #254 fix (which was an unfiled bug I just discovered) so the presence of this might break some older unit tests. Might need to fix that.
0 commit comments