diff --git a/examples/nullify.yaml b/examples/nullify.yaml index 0edae6b..4d99aa3 100644 --- a/examples/nullify.yaml +++ b/examples/nullify.yaml @@ -119,6 +119,12 @@ attack_surface: - domain_names: [live.prod.hosting.com] http: paths: [/main, /api/**/create] + aws_integration: + enable: true + primary_account_id: 123456789012 + primary_region: ap-southeast-2 + target_regions: [ap-southeast-2, us-east-2] + target_accounts: [123456789012, 123456789013] ignore: - http: methods: [DELETE] diff --git a/pkg/merger/merger_test.go b/pkg/merger/merger_test.go index cecadaf..2e2fa48 100644 --- a/pkg/merger/merger_test.go +++ b/pkg/merger/merger_test.go @@ -418,6 +418,38 @@ func TestMergeConfigFiles(t *testing.T) { }, }, }, + { + name: "attack surface with AWS integration merge", + globalConfig: &models.Configuration{ + AttackSurface: &models.AttackSurface{ + Enable: true, + AWSIntegration: &models.AWSIntegration{ + Enable: true, + PrimaryAccountID: "111111111111", + PrimaryRegion: "ap-southeast-2", + TargetRegions: &[]string{"ap-southeast-1", "us-east-2"}, + TargetAccounts: &[]string{"222222222222", "333333333333"}, + }, + }, + }, + repoConfig: nil, + expected: &models.Configuration{ + EnablePullRequestReviews: models.Bool(true), + EnableIssueDashboards: models.Bool(true), + SeverityThreshold: parser.DefaultSeverityThreshold, + PriorityThreshold: parser.DefaultPriorityThreshold, + AttackSurface: &models.AttackSurface{ + Enable: true, + AWSIntegration: &models.AWSIntegration{ + Enable: true, + PrimaryAccountID: "111111111111", + PrimaryRegion: "ap-southeast-2", + TargetRegions: &[]string{"ap-southeast-1", "us-east-2"}, + TargetAccounts: &[]string{"222222222222", "333333333333"}, + }, + }, + }, + }, } { t.Run(scenario.name, func(t *testing.T) { config := MergeConfigFiles(parser.NewDefaultConfig(), scenario.globalConfig, scenario.repoConfig) diff --git a/pkg/models/attack_surface.go b/pkg/models/attack_surface.go index 19d228d..39a3806 100644 --- a/pkg/models/attack_surface.go +++ b/pkg/models/attack_surface.go @@ -4,12 +4,21 @@ type AttackSurface struct { // global only Enable bool `yaml:"enable"` EnableDNSEnumeration bool `yaml:"enable_dns_enumeration"` + AWSIntegration *AWSIntegration `yaml:"aws_integration"` IPAddresses []string `yaml:"ip_addresses,omitempty"` DomainNames []string `yaml:"domain_names,omitempty"` IncludeOnly []AttackSurfaceIncludeOnly `yaml:"include_only,omitempty"` Ignore []AttackSurfaceIgnore `yaml:"ignore,omitempty"` } +type AWSIntegration struct { + Enable bool `yaml:"enable"` + PrimaryAccountID string `yaml:"primary_account_id,omitempty"` + PrimaryRegion string `yaml:"primary_region,omitempty"` + TargetRegions *[]string `yaml:"target_regions,omitempty"` + TargetAccounts *[]string `yaml:"target_accounts,omitempty"` +} + type AttackSurfaceIncludeOnly struct { DomainNames []string `yaml:"domain_names,omitempty"` HTTP *HTTPAttackSurfaceIncludeOnly `yaml:"http,omitempty"` diff --git a/tests/integration_test.go b/tests/integration_test.go index 004243c..065ec28 100644 --- a/tests/integration_test.go +++ b/tests/integration_test.go @@ -188,6 +188,13 @@ func TestIntegration(t *testing.T) { }, }, }, + AWSIntegration: &models.AWSIntegration{ + Enable: true, + PrimaryAccountID: "123456789012", + PrimaryRegion: "ap-southeast-2", + TargetRegions: &[]string{"ap-southeast-2", "us-east-2"}, + TargetAccounts: &[]string{"123456789012", "123456789013"}, + }, }, } diff --git a/tests/nullify.yaml b/tests/nullify.yaml index 979f7d3..0231e47 100644 --- a/tests/nullify.yaml +++ b/tests/nullify.yaml @@ -114,3 +114,9 @@ attack_surface: http: paths: [/auth] methods: [POST] + aws_integration: + enable: true + primary_account_id: 123456789012 + primary_region: ap-southeast-2 + target_regions: [ap-southeast-2, us-east-2] + target_accounts: [123456789012, 123456789013]