o gj @sddZddZdS)cCs|}t||dS)N)get_allowed_actionspermissions_on_other_users)policyactionsrp/home/ubuntu/cloudmapper/venv/lib/python3.10/site-packages/parliament/community_auditors/privilege_escalation.pyauditsrcCsdd|D}t|}iddgddgddgd d gd d gd dgddgdddgddgddgdddgddgdddgddd gd!gd"d#gd$d%gd&dd'gdd(gdd)gd*gd+gd,}|D]}t|||r|jd-|||d.d/qjdS)0NcSsg|]}|qSr)lower).0xrrr sz.permissions_on_other_users..CreateAccessKeyziam:createaccesskeyCreateLoginProfileziam:createloginprofileUpdateLoginProfileziam:updateloginprofileCreateNewPolicyVersionziam:createpolicyversionSetExistingDefaultPolicyVersionziam:setdefaultpolicyversionAttachUserPolicyziam:attachuserpolicyAttachGroupPolicyziam:attachgrouppolicyAttachRolePolicyziam:attachrolepolicyzsts:assumerole PutUserPolicyziam:putuserpolicyPutGroupPolicyziam:putgrouppolicy PutRolePolicyziam:putrolepolicyAddUserToGroupziam:addusertogroupUpdateRolePolicyToAssumeItziam:updateassumerolepolicyCreateEC2WithExistingIP iam:passrolezec2:runinstances%PassExistingRoleToNewLambdaThenInvoke)rlambda:createfunctionzlambda:invokefunction3PassExistingRoleToNewLambdaThenTriggerWithNewDynamo)rrlambda:createeventsourcemappingzdynamodb:createtablezdynamodb:putitem8PassExistingRoleToNewLambdaThenTriggerWithExistingDynamo)rrrzglue:createdevendpointzcloudformation:createstackzdatapipeline:createpipelinezglue:updatedevendpointzlambda:updatefunctioncode)$PassExistingRoleToNewGlueDevEndpoint PassExistingRoleToCloudFormation!PassExistingRoleToNewDataPipelineUpdateExistingGlueDevEndpoint"EditExistingLambdaFunctionWithRolePRIVILEGE_ESCALATION)typer)location)setissubset add_finding)rexpanded_actionsexpanded_actions_normalizedescalation_methodskeyrrrr sr     %5 rN)rrrrrrs