-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathMakefile
More file actions
325 lines (267 loc) · 10.9 KB
/
Makefile
File metadata and controls
325 lines (267 loc) · 10.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
# PathShield Makefile
# ===================
# Development, testing, and deployment automation
.PHONY: help install install-dev test test-cov lint format type-check \
clean clean-build clean-pyc clean-test docker docker-build docker-run \
docker-test docker-push release security-scan pre-commit docs \
check-all run scan version
.DEFAULT_GOAL := help
# Variables
PYTHON := python3
PIP := $(PYTHON) -m pip
PYTEST := $(PYTHON) -m pytest
BLACK := $(PYTHON) -m black
FLAKE8 := $(PYTHON) -m flake8
MYPY := $(PYTHON) -m mypy
DOCKER := docker
DOCKER_IMAGE := pathshield/pathshield
DOCKER_TAG := latest
VERSION := $(shell $(PYTHON) -c "import pathshield; print(pathshield.__version__)")
# Colors for output
CYAN := \033[0;36m
GREEN := \033[0;32m
YELLOW := \033[0;33m
RED := \033[0;31m
NC := \033[0m # No Color
help: ## Show this help message
@echo "$(CYAN)PathShield - AWS Privilege Escalation Scanner$(NC)"
@echo "$(CYAN)==============================================$(NC)"
@echo ""
@echo "$(GREEN)Available targets:$(NC)"
@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf " $(CYAN)%-20s$(NC) %s\n", $$1, $$2}'
@echo ""
@echo "$(YELLOW)Examples:$(NC)"
@echo " make install-dev # Install with development dependencies"
@echo " make test # Run test suite"
@echo " make docker-build # Build Docker image"
@echo " make check-all # Run all quality checks"
# Installation targets
install: ## Install package for production use
@echo "$(GREEN)Installing PathShield...$(NC)"
$(PIP) install --upgrade pip
$(PIP) install -e .
install-dev: ## Install package with development dependencies
@echo "$(GREEN)Installing PathShield with dev dependencies...$(NC)"
$(PIP) install --upgrade pip
$(PIP) install -e ".[dev]"
@echo "$(GREEN)Installing pre-commit hooks...$(NC)"
pre-commit install
@echo "$(GREEN)Installation complete!$(NC)"
# Testing targets
test: ## Run test suite
@echo "$(GREEN)Running tests...$(NC)"
$(PYTEST) tests/ -v
test-cov: ## Run tests with coverage report
@echo "$(GREEN)Running tests with coverage...$(NC)"
$(PYTEST) tests/ -v --cov=pathshield --cov-report=html --cov-report=term
@echo "$(GREEN)Coverage report generated in htmlcov/index.html$(NC)"
test-fast: ## Run tests without coverage (faster)
@echo "$(GREEN)Running fast tests...$(NC)"
$(PYTEST) tests/ -v --no-cov -x
test-unit: ## Run unit tests only
@echo "$(GREEN)Running unit tests...$(NC)"
$(PYTEST) tests/ -v -m "not integration"
test-integration: ## Run integration tests only
@echo "$(GREEN)Running integration tests...$(NC)"
$(PYTEST) tests/ -v -m integration
test-watch: ## Run tests in watch mode
@echo "$(GREEN)Running tests in watch mode...$(NC)"
$(PYTEST) tests/ -v --no-cov -f
# Code quality targets
lint: ## Run code linters
@echo "$(GREEN)Running flake8...$(NC)"
$(FLAKE8) pathshield/ tests/ --max-line-length=100 --exclude=.git,__pycache__,build,dist,.tox,*.egg-info
format: ## Format code with black
@echo "$(GREEN)Formatting code with black...$(NC)"
$(BLACK) pathshield/ tests/ --line-length 100
format-check: ## Check code formatting without modifying
@echo "$(GREEN)Checking code formatting...$(NC)"
$(BLACK) pathshield/ tests/ --line-length 100 --check
type-check: ## Run type checking with mypy
@echo "$(GREEN)Running type checks...$(NC)"
$(MYPY) pathshield/ --python-version 3.9
security-scan: ## Run security vulnerability scan
@echo "$(GREEN)Running security scan...$(NC)"
$(PIP) install bandit safety
bandit -r pathshield/ -ll
safety check
check-all: format-check lint type-check test ## Run all quality checks
@echo "$(GREEN)All checks passed!$(NC)"
pre-commit: ## Run pre-commit hooks on all files
@echo "$(GREEN)Running pre-commit hooks...$(NC)"
pre-commit run --all-files
# Build targets
build: clean ## Build distribution packages
@echo "$(GREEN)Building distribution packages...$(NC)"
$(PYTHON) -m build
@echo "$(GREEN)Build complete! Packages in dist/$(NC)"
build-check: build ## Build and verify package
@echo "$(GREEN)Verifying package...$(NC)"
twine check dist/*
# Docker targets
docker-build: ## Build Docker image
@echo "$(GREEN)Building Docker image...$(NC)"
$(DOCKER) build -t $(DOCKER_IMAGE):$(DOCKER_TAG) .
$(DOCKER) tag $(DOCKER_IMAGE):$(DOCKER_TAG) $(DOCKER_IMAGE):$(VERSION)
@echo "$(GREEN)Docker image built: $(DOCKER_IMAGE):$(DOCKER_TAG)$(NC)"
docker-run: ## Run PathShield in Docker container
@echo "$(GREEN)Running PathShield in Docker...$(NC)"
$(DOCKER) run --rm -it \
-v ~/.aws:/root/.aws:ro \
$(DOCKER_IMAGE):$(DOCKER_TAG) \
scan --region us-east-1
docker-shell: ## Open shell in Docker container
@echo "$(GREEN)Opening shell in Docker container...$(NC)"
$(DOCKER) run --rm -it \
-v ~/.aws:/root/.aws:ro \
--entrypoint /bin/bash \
$(DOCKER_IMAGE):$(DOCKER_TAG)
docker-test: ## Run tests in Docker container
@echo "$(GREEN)Running tests in Docker...$(NC)"
$(DOCKER) run --rm \
$(DOCKER_IMAGE):$(DOCKER_TAG) \
-c "pytest tests/ -v"
docker-push: docker-build ## Push Docker image to registry
@echo "$(GREEN)Pushing Docker image...$(NC)"
$(DOCKER) push $(DOCKER_IMAGE):$(DOCKER_TAG)
$(DOCKER) push $(DOCKER_IMAGE):$(VERSION)
@echo "$(GREEN)Docker image pushed!$(NC)"
docker-compose-up: ## Start services with docker-compose
@echo "$(GREEN)Starting services...$(NC)"
docker-compose up -d
docker-compose-down: ## Stop docker-compose services
@echo "$(GREEN)Stopping services...$(NC)"
docker-compose down
# Cleanup targets
clean: clean-build clean-pyc clean-test ## Remove all build, test, and Python artifacts
clean-build: ## Remove build artifacts
@echo "$(YELLOW)Cleaning build artifacts...$(NC)"
rm -rf build/
rm -rf dist/
rm -rf .eggs/
find . -name '*.egg-info' -exec rm -rf {} +
find . -name '*.egg' -exec rm -f {} +
clean-pyc: ## Remove Python file artifacts
@echo "$(YELLOW)Cleaning Python artifacts...$(NC)"
find . -name '*.pyc' -exec rm -f {} +
find . -name '*.pyo' -exec rm -f {} +
find . -name '*~' -exec rm -f {} +
find . -name '__pycache__' -exec rm -rf {} +
clean-test: ## Remove test and coverage artifacts
@echo "$(YELLOW)Cleaning test artifacts...$(NC)"
rm -rf .tox/
rm -rf .pytest_cache/
rm -rf .coverage
rm -rf htmlcov/
rm -rf .mypy_cache/
# Documentation targets
docs: ## Generate documentation
@echo "$(GREEN)Generating documentation...$(NC)"
@echo "$(YELLOW)Documentation generation not yet implemented$(NC)"
docs-serve: ## Serve documentation locally
@echo "$(GREEN)Serving documentation...$(NC)"
@echo "$(YELLOW)Documentation serving not yet implemented$(NC)"
# Deployment targets
release-test: build-check ## Upload to TestPyPI
@echo "$(GREEN)Uploading to TestPyPI...$(NC)"
twine upload --repository testpypi dist/*
release: build-check ## Upload to PyPI
@echo "$(GREEN)Uploading to PyPI...$(NC)"
twine upload dist/*
@echo "$(GREEN)Release $(VERSION) published!$(NC)"
# Development targets
dev-setup: install-dev ## Complete development environment setup
@echo "$(GREEN)Setting up development environment...$(NC)"
@echo "$(GREEN)Installing additional tools...$(NC)"
$(PIP) install ipython jupyter
@echo "$(GREEN)Development environment ready!$(NC)"
requirements: ## Update requirements.txt
@echo "$(GREEN)Updating requirements.txt...$(NC)"
$(PIP) freeze > requirements.txt
@echo "$(GREEN)Requirements updated!$(NC)"
# Utility targets
version: ## Show version information
@echo "$(CYAN)PathShield version: $(VERSION)$(NC)"
@echo "$(CYAN)Python version: $(shell $(PYTHON) --version)$(NC)"
@echo "$(CYAN)Docker version: $(shell $(DOCKER) --version 2>/dev/null || echo 'Not installed')$(NC)"
run: ## Run PathShield with default settings
@echo "$(GREEN)Running PathShield...$(NC)"
pathshield scan --region us-east-1
scan: ## Run PathShield scan (alias for run)
@$(MAKE) run
scan-verbose: ## Run PathShield with verbose output
@echo "$(GREEN)Running PathShield (verbose)...$(NC)"
pathshield scan --region us-east-1 --verbose
scan-json: ## Run PathShield and output JSON
@echo "$(GREEN)Running PathShield (JSON output)...$(NC)"
pathshield scan --region us-east-1 --output json --output-file results.json
scan-sarif: ## Run PathShield and output SARIF
@echo "$(GREEN)Running PathShield (SARIF output)...$(NC)"
pathshield scan --region us-east-1 --output sarif --output-file results.sarif
scan-html: ## Run PathShield and output HTML dashboard
@echo "$(GREEN)Running PathShield (HTML output)...$(NC)"
pathshield scan --region us-east-1 --output html --output-file dashboard.html
# CI/CD targets
ci-test: ## Run CI/CD test pipeline
@echo "$(GREEN)Running CI test pipeline...$(NC)"
@$(MAKE) format-check
@$(MAKE) lint
@$(MAKE) type-check
@$(MAKE) test-cov
@echo "$(GREEN)CI tests passed!$(NC)"
ci-build: ## Run CI/CD build pipeline
@echo "$(GREEN)Running CI build pipeline...$(NC)"
@$(MAKE) clean
@$(MAKE) build
@$(MAKE) docker-build
@echo "$(GREEN)CI build complete!$(NC)"
# Benchmark targets
benchmark: ## Run performance benchmarks
@echo "$(GREEN)Running benchmarks...$(NC)"
@echo "$(YELLOW)Benchmarks not yet implemented$(NC)"
profile: ## Profile PathShield execution
@echo "$(GREEN)Profiling PathShield...$(NC)"
$(PYTHON) -m cProfile -o profile.stats -m pathshield.main scan --region us-east-1
@echo "$(GREEN)Profile saved to profile.stats$(NC)"
# Git targets
git-tag: ## Create and push git tag for version
@echo "$(GREEN)Creating git tag v$(VERSION)...$(NC)"
git tag -a v$(VERSION) -m "Release version $(VERSION)"
git push origin v$(VERSION)
@echo "$(GREEN)Tag v$(VERSION) created and pushed!$(NC)"
# Info targets
info: ## Show project information
@echo "$(CYAN)PathShield Project Information$(NC)"
@echo "$(CYAN)=============================$(NC)"
@echo "Version: $(VERSION)"
@echo "Python: $(shell $(PYTHON) --version)"
@echo "Project Root: $(shell pwd)"
@echo "Virtual Env: $(shell echo $$VIRTUAL_ENV)"
@echo ""
@echo "$(CYAN)Dependencies:$(NC)"
@$(PIP) list | grep -E 'boto3|click|rich|pyyaml|pydantic|networkx|jinja2'
tree: ## Show project structure
@echo "$(CYAN)Project Structure:$(NC)"
tree -L 3 -I '__pycache__|*.egg-info|.git|.tox|htmlcov|.pytest_cache|.mypy_cache'
todo: ## Show TODO items in code
@echo "$(CYAN)TODO items:$(NC)"
@grep -rn "TODO\|FIXME\|XXX\|HACK" pathshield/ tests/ || echo "No TODO items found"
# Maintenance targets
update-deps: ## Update all dependencies
@echo "$(GREEN)Updating dependencies...$(NC)"
$(PIP) install --upgrade pip setuptools wheel
$(PIP) install --upgrade -e ".[dev]"
@echo "$(GREEN)Dependencies updated!$(NC)"
check-deps: ## Check for outdated dependencies
@echo "$(GREEN)Checking for outdated dependencies...$(NC)"
$(PIP) list --outdated
# Workspace targets
workspace-clean: clean ## Clean workspace thoroughly
@echo "$(YELLOW)Cleaning workspace...$(NC)"
find . -name '.DS_Store' -delete
find . -name 'Thumbs.db' -delete
@echo "$(GREEN)Workspace cleaned!$(NC)"
workspace-reset: workspace-clean ## Reset workspace to clean state
@echo "$(YELLOW)Resetting workspace...$(NC)"
git clean -fdx -e venv -e .env
@echo "$(GREEN)Workspace reset!$(NC)"