more modifications for aws integration

Author: Vikranth Subramanian

examples/nullify.yaml

@@ -119,6 +119,12 @@ attack_surface:
     - domain_names: [live.prod.hosting.com]
       http:
         paths: [/main, /api/**/create]
+  aws_integration_configuration:
+    enable_aws_integration: true
+    primary_account_id: 123456789012
+    primary_region: ap-southeast-2
+    target_regions: [ap-southeast-2, us-east-2]
+    target_accounts: [123456789012, 123456789013]
   ignore:
     - http:
         methods: [DELETE]

pkg/merger/merger_test.go

@@ -418,6 +418,38 @@ func TestMergeConfigFiles(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "attack surface with AWS integration merge",
+			globalConfig: &models.Configuration{
+				AttackSurface: &models.AttackSurface{
+					Enable: true,
+					AWSIntegration: &models.AWSIntegration{
+						EnableAWSIntegration: true,
+						PrimaryAccountID:     "111111111111",
+						PrimaryRegion:        "ap-southeast-2",
+						TargetRegions:        &[]string{"ap-southeast-1", "us-east-2"},
+						TargetAccounts:       &[]string{"222222222222", "333333333333"},
+					},
+				},
+			},
+			repoConfig: nil,
+			expected: &models.Configuration{
+				EnablePullRequestReviews: models.Bool(true),
+				EnableIssueDashboards:    models.Bool(true),
+				SeverityThreshold:        parser.DefaultSeverityThreshold,
+				PriorityThreshold:        parser.DefaultPriorityThreshold,
+				AttackSurface: &models.AttackSurface{
+					Enable: true,
+					AWSIntegration: &models.AWSIntegration{
+						EnableAWSIntegration: true,
+						PrimaryAccountID:     "111111111111",
+						PrimaryRegion:        "ap-southeast-2",
+						TargetRegions:        &[]string{"ap-southeast-1", "us-east-2"},
+						TargetAccounts:       &[]string{"222222222222", "333333333333"},
+					},
+				},
+			},
+		},
 	} {
 		t.Run(scenario.name, func(t *testing.T) {
 			config := MergeConfigFiles(parser.NewDefaultConfig(), scenario.globalConfig, scenario.repoConfig)

pkg/models/attack_surface.go

@@ -4,13 +4,21 @@ type AttackSurface struct {
 	// global only
 	Enable               bool                       `yaml:"enable"`
 	EnableDNSEnumeration bool                       `yaml:"enable_dns_enumeration"`
-	EnableAWSIntegration bool                       `yaml:"enable_aws_integration"`
+	AWSIntegration       *AWSIntegration            `yaml:"aws_integration,omitempty"`
 	IPAddresses          []string                   `yaml:"ip_addresses,omitempty"`
 	DomainNames          []string                   `yaml:"domain_names,omitempty"`
 	IncludeOnly          []AttackSurfaceIncludeOnly `yaml:"include_only,omitempty"`
 	Ignore               []AttackSurfaceIgnore      `yaml:"ignore,omitempty"`
 }
 
+type AWSIntegration struct {
+	EnableAWSIntegration bool      `yaml:"enable_aws_integration"`
+	PrimaryAccountID     string    `yaml:"primary_account_id"`
+	PrimaryRegion        string    `yaml:"primary_region"`
+	TargetRegions        *[]string `yaml:"target_regions,omitempty"`
+	TargetAccounts       *[]string `yaml:"target_accounts,omitempty"`
+}
+
 type AttackSurfaceIncludeOnly struct {
 	DomainNames []string                      `yaml:"domain_names,omitempty"`
 	HTTP        *HTTPAttackSurfaceIncludeOnly `yaml:"http,omitempty"`

tests/integration_test.go

@@ -188,6 +188,13 @@ func TestIntegration(t *testing.T) {
 					},
 				},
 			},
+			AWSIntegration: &models.AWSIntegration{
+				EnableAWSIntegration: true,
+				PrimaryAccountID:     "123456789012",
+				PrimaryRegion:        "ap-southeast-2",
+				TargetRegions:        &[]string{"ap-southeast-2", "us-east-2"},
+				TargetAccounts:       &[]string{"123456789012", "123456789013"},
+			},
 		},
 	}