cartography 0.95.0rc1__py3-none-any.whl → 0.96.0__py3-none-any.whl

cartography/models/aws/ec2/network_acl_rules.py

@@ -0,0 +1,98 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.nodes import ExtraNodeLabels
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class EC2NetworkAclRuleNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef('Id')
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+    network_acl_id: PropertyRef = PropertyRef('NetworkAclId')
+    protocol: PropertyRef = PropertyRef('Protocol')
+    fromport: PropertyRef = PropertyRef('FromPort')
+    toport: PropertyRef = PropertyRef('ToPort')
+    cidrblock: PropertyRef = PropertyRef('CidrBlock')
+    ipv6cidrblock: PropertyRef = PropertyRef('Ipv6CidrBlock')
+    egress: PropertyRef = PropertyRef('Egress')
+    rulenumber: PropertyRef = PropertyRef('RuleNumber')
+    ruleaction: PropertyRef = PropertyRef('RuleAction')
+    region: PropertyRef = PropertyRef('Region', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class EC2NetworkAclRuleAclRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class EC2NetworkAclRuleToAcl(CartographyRelSchema):
+    target_node_label: str = 'EC2NetworkAcl'
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {'network_acl_id': PropertyRef('NetworkAclId')},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "MEMBER_OF_NACL"
+    properties: EC2NetworkAclRuleAclRelProperties = EC2NetworkAclRuleAclRelProperties()
+
+
+@dataclass(frozen=True)
+class EC2NetworkAclRuleToAwsAccountRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class EC2NetworkAclRuleToAWSAccount(CartographyRelSchema):
+    target_node_label: str = 'AWSAccount'
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {'id': PropertyRef('AWS_ID', set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: EC2NetworkAclRuleToAwsAccountRelProperties = EC2NetworkAclRuleToAwsAccountRelProperties()
+
+
+@dataclass(frozen=True)
+class EC2NetworkAclInboundRuleSchema(CartographyNodeSchema):
+    """
+    Network interface as known by describe-network-interfaces.
+    """
+    label: str = 'EC2NetworkAclRule'
+    extra_node_labels: ExtraNodeLabels = ExtraNodeLabels(
+        ['IpPermissionInbound'],
+    )
+    properties: EC2NetworkAclRuleNodeProperties = EC2NetworkAclRuleNodeProperties()
+    sub_resource_relationship: EC2NetworkAclRuleToAWSAccount = EC2NetworkAclRuleToAWSAccount()
+    other_relationships: OtherRelationships = OtherRelationships(
+        [
+            EC2NetworkAclRuleToAcl(),
+        ],
+    )
+
+
+@dataclass(frozen=True)
+class EC2NetworkAclEgressRuleSchema(CartographyNodeSchema):
+    """
+    Network interface as known by describe-network-interfaces.
+    """
+    label: str = 'EC2NetworkAclRule'
+    extra_node_labels: ExtraNodeLabels = ExtraNodeLabels(
+        [
+            'IpPermissionEgress',
+        ],
+    )
+    properties: EC2NetworkAclRuleNodeProperties = EC2NetworkAclRuleNodeProperties()
+    sub_resource_relationship: EC2NetworkAclRuleToAWSAccount = EC2NetworkAclRuleToAWSAccount()
+    other_relationships: OtherRelationships = OtherRelationships(
+        [
+            EC2NetworkAclRuleToAcl(),
+        ],
+    )

cartography/models/aws/ec2/network_acls.py

@@ -0,0 +1,86 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class EC2NetworkAclNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef('Arn')
+    arn: PropertyRef = PropertyRef('Arn')
+    network_acl_id: PropertyRef = PropertyRef('Id')
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+    is_default: PropertyRef = PropertyRef('IsDefault')
+    region: PropertyRef = PropertyRef('Region', set_in_kwargs=True)
+    vpc_id: PropertyRef = PropertyRef('VpcId')
+
+
+@dataclass(frozen=True)
+class EC2NetworkAclToVpcRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class EC2NetworkAclToVpc(CartographyRelSchema):
+    target_node_label: str = 'AWSVpc'
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {'vpcid': PropertyRef('VpcId')},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "MEMBER_OF_AWS_VPC"
+    properties: EC2NetworkAclToVpcRelProperties = EC2NetworkAclToVpcRelProperties()
+
+
+@dataclass(frozen=True)
+class EC2NetworkAclToSubnetRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class EC2NetworkAclToSubnet(CartographyRelSchema):
+    target_node_label: str = 'EC2Subnet'
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {'subnetid': PropertyRef('SubnetId')},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "PART_OF_SUBNET"
+    properties: EC2NetworkAclToSubnetRelProperties = EC2NetworkAclToSubnetRelProperties()
+
+
+@dataclass(frozen=True)
+class EC2NetworkAclToAwsAccountRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class EC2NetworkAclToAWSAccount(CartographyRelSchema):
+    target_node_label: str = 'AWSAccount'
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {'id': PropertyRef('AWS_ID', set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: EC2NetworkAclToAwsAccountRelProperties = EC2NetworkAclToAwsAccountRelProperties()
+
+
+@dataclass(frozen=True)
+class EC2NetworkAclSchema(CartographyNodeSchema):
+    """
+    Network interface as known by describe-network-interfaces.
+    """
+    label: str = 'EC2NetworkAcl'
+    properties: EC2NetworkAclNodeProperties = EC2NetworkAclNodeProperties()
+    sub_resource_relationship: EC2NetworkAclToAWSAccount = EC2NetworkAclToAWSAccount()
+    other_relationships: OtherRelationships = OtherRelationships(
+        [
+            EC2NetworkAclToVpc(),
+            EC2NetworkAclToSubnet(),
+        ],
+    )

cartography/models/aws/identitycenter/awsidentitycenter.py

@@ -0,0 +1,44 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class IdentityCenterInstanceProperties(CartographyNodeProperties):
+    identity_store_id: PropertyRef = PropertyRef('IdentityStoreId')
+    arn: PropertyRef = PropertyRef('InstanceArn')
+    created_date: PropertyRef = PropertyRef('CreatedDate')
+    id: PropertyRef = PropertyRef('InstanceArn')
+    status: PropertyRef = PropertyRef('Status')
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class IdentityCenterToAwsAccountRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+# (:IdentityCenter)<-[:RESOURCE]-(:AWSAccount)
+class IdentityCenterToAWSAccount(CartographyRelSchema):
+    target_node_label: str = 'AWSAccount'
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {'id': PropertyRef('AWS_ID', set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: IdentityCenterToAwsAccountRelProperties = IdentityCenterToAwsAccountRelProperties()
+
+
+@dataclass(frozen=True)
+class AWSIdentityCenterInstanceSchema(CartographyNodeSchema):
+    label: str = 'AWSIdentityCenter'
+    properties: IdentityCenterInstanceProperties = IdentityCenterInstanceProperties()
+    sub_resource_relationship: IdentityCenterToAWSAccount = IdentityCenterToAWSAccount()

cartography/models/aws/identitycenter/awspermissionset.py

@@ -0,0 +1,84 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class PermissionSetProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef('PermissionSetArn')
+    name: PropertyRef = PropertyRef('Name')
+    arn: PropertyRef = PropertyRef('PermissionSetArn')
+    description: PropertyRef = PropertyRef('Description')
+    session_duration: PropertyRef = PropertyRef('SessionDuration')
+    instance_arn: PropertyRef = PropertyRef('InstanceArn', set_in_kwargs=True)
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class PermissionSetToInstanceRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class PermissionSetToInstance(CartographyRelSchema):
+    target_node_label: str = 'AWSIdentityCenter'
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {'arn': PropertyRef('InstanceArn', set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "HAS_PERMISSION_SET"
+    properties: PermissionSetToInstanceRelProperties = PermissionSetToInstanceRelProperties()
+
+
+@dataclass(frozen=True)
+class PermissionSetToAWSRoleRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class PermissionSetToAWSRole(CartographyRelSchema):
+    target_node_label: str = 'AWSRole'
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {'arn': PropertyRef('RoleHint', fuzzy_and_ignore_case=True)},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "ASSIGNED_TO_ROLE"
+    properties: PermissionSetToAWSRoleRelProperties = PermissionSetToAWSRoleRelProperties()
+
+
+@dataclass(frozen=True)
+class AWSPermissionSetToAwsAccountRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+# (:IdentityCenter)<-[:RESOURCE]-(:AWSAccount)
+class AWSPermissionSetToAWSAccount(CartographyRelSchema):
+    target_node_label: str = 'AWSAccount'
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {'id': PropertyRef('AWS_ID', set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: AWSPermissionSetToAwsAccountRelProperties = AWSPermissionSetToAwsAccountRelProperties()
+
+
+@dataclass(frozen=True)
+class AWSPermissionSetSchema(CartographyNodeSchema):
+    label: str = 'AWSPermissionSet'
+    properties: PermissionSetProperties = PermissionSetProperties()
+    sub_resource_relationship: AWSPermissionSetToAWSAccount = AWSPermissionSetToAWSAccount()
+    other_relationships: OtherRelationships = OtherRelationships(
+        [
+            PermissionSetToInstance(),
+            PermissionSetToAWSRole(),
+        ],
+    )

cartography/models/aws/identitycenter/awsssouser.py

@@ -0,0 +1,68 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.nodes import ExtraNodeLabels
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class SSOUserProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef('UserId', extra_index=True)
+    user_name: PropertyRef = PropertyRef('UserName')
+    identity_store_id: PropertyRef = PropertyRef('IdentityStoreId')
+    external_id: PropertyRef = PropertyRef('ExternalId', extra_index=True)
+    region: PropertyRef = PropertyRef('Region')
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class SSOUserToOktaUserRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class SSOUserToOktaUser(CartographyRelSchema):
+    target_node_label: str = 'UserAccount'
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {'id': PropertyRef('ExternalId')},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "CAN_ASSUME_IDENTITY"
+    properties: SSOUserToOktaUserRelProperties = SSOUserToOktaUserRelProperties()
+
+
+@dataclass(frozen=True)
+class AWSSSOUserToAwsAccountRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+# (:IdentityCenter)<-[:RESOURCE]-(:AWSAccount)
+class AWSSSOUserToAWSAccount(CartographyRelSchema):
+    target_node_label: str = 'AWSAccount'
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {'id': PropertyRef('AWS_ID', set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: AWSSSOUserToAwsAccountRelProperties = AWSSSOUserToAwsAccountRelProperties()
+
+
+@dataclass(frozen=True)
+class AWSSSOUserSchema(CartographyNodeSchema):
+    label: str = 'AWSSSOUser'
+    properties: SSOUserProperties = SSOUserProperties()
+    extra_node_labels: ExtraNodeLabels = ExtraNodeLabels(["UserAccount"])
+    sub_resource_relationship: AWSSSOUserToAWSAccount = AWSSSOUserToAWSAccount()
+    other_relationships: OtherRelationships = OtherRelationships(
+        [
+            SSOUserToOktaUser(),
+        ],
+    )

cartography/models/core/common.py

@@ -8,7 +8,14 @@ class PropertyRef:
     (PropertyRef.set_in_kwargs=True).
     """
 
-    def __init__(self, name: str, set_in_kwargs=False, extra_index=False, ignore_case=False):
+    def __init__(
+        self,
+        name: str,
+        set_in_kwargs=False,
+        extra_index=False,
+        ignore_case=False,
+        fuzzy_and_ignore_case=False,
+    ):
         """
         :param name: The name of the property
         :param set_in_kwargs: Optional. If True, the property is not defined on the data dict, and we expect to find the
@@ -33,11 +40,21 @@ class PropertyRef:
             cartography catalog of GitHubUser nodes. Therefore, you would need `ignore_case=True` in the PropertyRef
             that points to the GitHubUser node's name field, otherwise if one of your employees' GitHub usernames
             contains capital letters, you would not be able to map them properly to a GitHubUser node in your graph.
+        :param fuzzy_and_ignore_case: If True, performs a fuzzy + case-insensitive match when comparing the value of
+        this property using the `CONTAINS` operator.
+        query. Defaults to False. This only has effect as part of a TargetNodeMatcher and is not supported for the
+        sub resource relationship.
         """
         self.name = name
         self.set_in_kwargs = set_in_kwargs
         self.extra_index = extra_index
         self.ignore_case = ignore_case
+        self.fuzzy_and_ignore_case = fuzzy_and_ignore_case
+        if self.fuzzy_and_ignore_case and self.ignore_case:
+            raise ValueError(
+                f'Error setting PropertyRef "{self.name}": ignore_case cannot be used together with'
+                'fuzzy_and_ignore_case. Pick one or the other.',
+            )
 
     def _parameterize_name(self) -> str:
         return f"${self.name}"

cartography/models/github/orgs.py

@@ -0,0 +1,26 @@
+"""
+This schema does not handle the org's relationships.  Those are handled by other schemas, for example:
+* GitHubTeamSchema defines (GitHubOrganization)-[RESOURCE]->(GitHubTeam)
+* GitHubUserSchema defines (GitHubUser)-[MEMBER_OF|UNAFFILIATED]->(GitHubOrganization)
+(There may be others, these are just two examples.)
+"""
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+
+
+@dataclass(frozen=True)
+class GitHubOrganizationNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef('url')
+    username: PropertyRef = PropertyRef('login', extra_index=True)
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class GitHubOrganizationSchema(CartographyNodeSchema):
+    label: str = 'GitHubOrganization'
+    properties: GitHubOrganizationNodeProperties = GitHubOrganizationNodeProperties()
+    other_relationships = None
+    sub_resource_relationship = None

cartography/models/github/users.py

@@ -0,0 +1,119 @@
+"""
+RE: Tenant relationship between GitHubUser and GitHubOrganization
+
+Note this relationship is implemented via 'other_relationships' and not via the 'sub_resource_relationship'
+as might be expected.
+
+The 'sub_resource_relationship' typically describes the relationship of a node to its tenant (the org, project, or
+other resource to which other nodes belong).  An assumption of that relationship is that if the tenant goes
+away, all nodes related to it should be cleaned up.
+
+In GitHub, though the GitHubUser's tenant seems to be GitHubOrganization, users actually exist independently.  There
+is a concept of 'UNAFFILIATED' users (https://docs.github.com/en/graphql/reference/enums#roleinorganization) like
+Enterprise Owners who are related to an org even if they are not direct members of it.  You would not want them to be
+cleaned up, if an org goes away, and you could want them in your graph even if they are not members of any org in
+the enterprise.
+
+To allow for this in the schema, this relationship is treated as any other node-to-node relationship, via
+'other_relationships', instead of as the typical 'sub_resource_relationship'.
+
+RE: GitHubOrganizationUserSchema vs GitHubUnaffiliatedUserSchema
+
+As noted above, there are implicitly two types of users, those that are part of, or affiliated, to a target
+GitHubOrganization, and those thare are not part, or unaffiliated.   Both are represented as GitHubUser nodes,
+but there are two schemas below to allow for some differences between them, e.g., unaffiliated lack these properties:
+  * the 'role' property, because unaffiliated have no 'role' in the target org
+  * the 'has_2fa_enabled' property, because the GitHub api does not return it, for these users
+The main importance of having two schemas is to allow the two sets of users to be loaded separately.  If we are loading
+an unaffiliated user, but the user already exists in the graph (perhaps they are members of another GitHub orgs for
+example), then loading the unaffiliated user will not blank out the 'role' and 'has_2fa_enabled' properties.
+"""
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class BaseGitHubUserNodeProperties(CartographyNodeProperties):
+    # core properties in all GitHubUser nodes
+    id: PropertyRef = PropertyRef('url')
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+    fullname: PropertyRef = PropertyRef('name')
+    username: PropertyRef = PropertyRef('login', extra_index=True)
+    is_site_admin: PropertyRef = PropertyRef('isSiteAdmin')
+    is_enterprise_owner: PropertyRef = PropertyRef('isEnterpriseOwner')
+    email: PropertyRef = PropertyRef('email')
+    company: PropertyRef = PropertyRef('company')
+
+
+@dataclass(frozen=True)
+class GitHubOrganizationUserNodeProperties(BaseGitHubUserNodeProperties):
+    # specified for affiliated users only. The GitHub api does not return this property for unaffiliated users.
+    has_2fa_enabled: PropertyRef = PropertyRef('hasTwoFactorEnabled')
+    # specified for affiliated uers only.  Unaffiliated users do not have a 'role' in the target organization.
+    role: PropertyRef = PropertyRef('role')
+
+
+@dataclass(frozen=True)
+class GitHubUnaffiliatedUserNodeProperties(BaseGitHubUserNodeProperties):
+    # No additional properties needed
+    pass
+
+
+@dataclass(frozen=True)
+class GitHubUserToOrganizationRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class GitHubUserMemberOfOrganizationRel(CartographyRelSchema):
+    target_node_label: str = 'GitHubOrganization'
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {'id': PropertyRef('MEMBER_OF')},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "MEMBER_OF"
+    properties: GitHubUserToOrganizationRelProperties = GitHubUserToOrganizationRelProperties()
+
+
+@dataclass(frozen=True)
+class GitHubUserUnaffiliatedOrganizationRel(CartographyRelSchema):
+    target_node_label: str = 'GitHubOrganization'
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {'id': PropertyRef('UNAFFILIATED')},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "UNAFFILIATED"
+    properties: GitHubUserToOrganizationRelProperties = GitHubUserToOrganizationRelProperties()
+
+
+@dataclass(frozen=True)
+class GitHubOrganizationUserSchema(CartographyNodeSchema):
+    label: str = 'GitHubUser'
+    properties: GitHubOrganizationUserNodeProperties = GitHubOrganizationUserNodeProperties()
+    other_relationships: OtherRelationships = OtherRelationships(
+        [
+            GitHubUserMemberOfOrganizationRel(),
+        ],
+    )
+    sub_resource_relationship = None
+
+
+@dataclass(frozen=True)
+class GitHubUnaffiliatedUserSchema(CartographyNodeSchema):
+    label: str = 'GitHubUser'
+    properties: GitHubUnaffiliatedUserNodeProperties = GitHubUnaffiliatedUserNodeProperties()
+    other_relationships: OtherRelationships = OtherRelationships(
+        [
+            GitHubUserUnaffiliatedOrganizationRel(),
+        ],
+    )
+    sub_resource_relationship = None

cartography/models/semgrep/dependencies.py

@@ -0,0 +1,90 @@
+from dataclasses import dataclass
+from typing import Optional
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.nodes import ExtraNodeLabels
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class SemgrepDependencyNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef('id')
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+    name: PropertyRef = PropertyRef('name')
+    ecosystem: PropertyRef = PropertyRef('ecosystem')
+    version: PropertyRef = PropertyRef('version')
+
+
+@dataclass(frozen=True)
+class SemgrepDependencyToSemgrepDeploymentRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+# (:SemgrepDependency)<-[:RESOURCE]-(:SemgrepDeployment)
+class SemgrepDependencyToSemgrepDeploymentSchema(CartographyRelSchema):
+    target_node_label: str = 'SemgrepDeployment'
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {'id': PropertyRef('DEPLOYMENT_ID', set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: SemgrepDependencyToSemgrepDeploymentRelProperties = SemgrepDependencyToSemgrepDeploymentRelProperties()
+
+
+@dataclass(frozen=True)
+class SemgrepDependencyToGithubRepoRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+    specifier: PropertyRef = PropertyRef('specifier')
+    transitivity: PropertyRef = PropertyRef('transitivity')
+    url: PropertyRef = PropertyRef('url')
+
+
+@dataclass(frozen=True)
+# (:SemgrepDependency)<-[:REQUIRES]-(:GitHubRepository)
+class SemgrepDependencyToGithubRepoRel(CartographyRelSchema):
+    target_node_label: str = 'GitHubRepository'
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {'id': PropertyRef('repo_url')},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "REQUIRES"
+    properties: SemgrepDependencyToGithubRepoRelProperties = SemgrepDependencyToGithubRepoRelProperties()
+
+
+@dataclass(frozen=True)
+class SemgrepSCAFindngToDependencyRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class SemgrepGoLibrarySchema(CartographyNodeSchema):
+    label: str = 'GoLibrary'
+    extra_node_labels: Optional[ExtraNodeLabels] = ExtraNodeLabels(['Dependency', 'SemgrepDependency'])
+    properties: SemgrepDependencyNodeProperties = SemgrepDependencyNodeProperties()
+    sub_resource_relationship: SemgrepDependencyToSemgrepDeploymentSchema = SemgrepDependencyToSemgrepDeploymentSchema()
+    other_relationships: OtherRelationships = OtherRelationships(
+        [
+            SemgrepDependencyToGithubRepoRel(),
+        ],
+    )
+
+
+@dataclass(frozen=True)
+class SemgrepNpmLibrarySchema(CartographyNodeSchema):
+    label: str = 'NpmLibrary'
+    extra_node_labels: Optional[ExtraNodeLabels] = ExtraNodeLabels(['Dependency', 'SemgrepDependency'])
+    properties: SemgrepDependencyNodeProperties = SemgrepDependencyNodeProperties()
+    sub_resource_relationship: SemgrepDependencyToSemgrepDeploymentSchema = SemgrepDependencyToSemgrepDeploymentSchema()
+    other_relationships: OtherRelationships = OtherRelationships(
+        [
+            SemgrepDependencyToGithubRepoRel(),
+        ],
+    )