iam-policy-validator 1.14.5__py3-none-any.whl → 1.14.6__py3-none-any.whl

{iam_policy_validator-1.14.5.dist-info → iam_policy_validator-1.14.6.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: iam-policy-validator
-Version: 1.14.5
+Version: 1.14.6
 Summary: Validate AWS IAM policies for correctness and security using AWS Service Reference API
 Project-URL: Homepage, https://github.com/boogy/iam-policy-validator
 Project-URL: Documentation, https://github.com/boogy/iam-policy-validator/tree/main/docs

{iam_policy_validator-1.14.5.dist-info → iam_policy_validator-1.14.6.dist-info}/RECORD

@@ -1,6 +1,6 @@
 iam_validator/__init__.py,sha256=xHdUASOxFHwEXfT_GSr_KrkLlnxZ-pAAr1wW1PwAGko,693
 iam_validator/__main__.py,sha256=to_nz3n_IerJpVVZZ6WSFlFR5s_06J0csfPOTfQZG8g,197
-iam_validator/__version__.py,sha256=8ouM89pP7JLVFY6dwrTsOuZeWcu_xuQ3YwT7-1g9xn8,374
+iam_validator/__version__.py,sha256=WpHTF6NviSa8VivWMnhlxgCYH_CGf0PJr8rvIQ0xQuQ,374
 iam_validator/checks/__init__.py,sha256=OTkPnmlelu4YjMO8krjhu2wXiTV72RzopA5u1SfPQA0,1990
 iam_validator/checks/action_condition_enforcement.py,sha256=2-XUMbof9tQ7SHZNmAHMkR1DgbOIzY2eFWlp9S9dwLk,60625
 iam_validator/checks/action_resource_matching.py,sha256=qND0hfDgNoxFEdLWwrxOPVDfdj3k50nzedT2qF7nK7o,19428
@@ -54,7 +54,7 @@ iam_validator/core/models.py,sha256=lXUadIsTpp_j0Vt89Ez7aJkTKs2GD2ty3Ukl2NeY9Zo,
 iam_validator/core/policy_checks.py,sha256=FNVuS2GTffwCjjrlupVIazC172gSxKYAAT_ObV6Apbo,8803
 iam_validator/core/policy_loader.py,sha256=iid3mGfDzSXASzKDqbLnrqJHBdVQvvebofVqNImsGKM,29201
 iam_validator/core/pr_commenter.py,sha256=IZu2FQqzw73U_8ugTUq197ECLqk9mRCQpTWXPu5qk0k,35490
-iam_validator/core/report.py,sha256=IEHjNe6v_9nvcGA8_FNbXdG0AoV-yHVjiP1KQKnpEys,41376
+iam_validator/core/report.py,sha256=IDjBjSrzrE_JdkA8eTiSxyUL3g36sJMhTkxehEYzuBQ,45476
 iam_validator/core/aws_service/__init__.py,sha256=UqMh4HUdGlx2QF5OoueJJ2UlCnhX4QW_x3KeE_bxRQc,735
 iam_validator/core/aws_service/cache.py,sha256=DPuOOPPJC867KAYgV1e0RyQs_k3mtefMdYli3jPaN64,3589
 iam_validator/core/aws_service/client.py,sha256=Zv7rIpEFdUCDXKGp3migPDkj8L5eZltgrGe64M2t2Ko,7336
@@ -85,7 +85,7 @@ iam_validator/core/formatters/json.py,sha256=A7gZ8P32GEdbDvrSn6v56yQ4fOP_kyMaoFV
 iam_validator/core/formatters/markdown.py,sha256=dk4STeY-tOEZsVrlmolIEqZvWYP9JhRtygxxNA49DEE,2293
 iam_validator/core/formatters/sarif.py,sha256=03MHSyuZm9FlzaPeWg7wH-UTzzCDhSy6vMPrFpFNkS8,18884
 iam_validator/integrations/__init__.py,sha256=7Hlor_X9j0NZaEjFuSvoXAAuSKQ-zgY19Rk-Dz3JpKo,616
-iam_validator/integrations/github_integration.py,sha256=IKhJW_v_lGZiuyPN_xWULzv2YBbaXHn8zBfaOdUm28g,69054
+iam_validator/integrations/github_integration.py,sha256=0aeQ_RPTZf5ij7dsBjmtIDz4oHl0BXLno9GperFzTbc,69004
 iam_validator/integrations/ms_teams.py,sha256=t2PlWuTDb6GGH-eDU1jnOKd8D1w4FCB68bahGA7MJcE,14475
 iam_validator/sdk/__init__.py,sha256=AZLnfdn3A9AWb0pMhsbu3GAOAzt6rV7Fi3E3d9_3ZdI,6388
 iam_validator/sdk/arn_matching.py,sha256=HSDpLltOYISq-SoPebAlM89mKOaUaghq_04urchEFDA,12778
@@ -99,8 +99,8 @@ iam_validator/utils/__init__.py,sha256=NveA2F3G1E6-ANZzFr7J6Q6u5mogvMp862iFokmYu
 iam_validator/utils/cache.py,sha256=wOQKOBeoG6QqC5f0oXcHz63Cjtu_-SsSS-0pTSwyAiM,3254
 iam_validator/utils/regex.py,sha256=xHoMECttb7qaMhts-c9b0GIxdhHNZTt-UBr7wNhWfzg,6219
 iam_validator/utils/terminal.py,sha256=FsRaRMH_JAyDgXWBCOgOEhbS89cs17HCmKYoughq5io,724
-iam_policy_validator-1.14.5.dist-info/METADATA,sha256=h6M6__GqJW5fWPtV0cEDqZ4sK259K5ulz68Jgt6COQE,34456
-iam_policy_validator-1.14.5.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
-iam_policy_validator-1.14.5.dist-info/entry_points.txt,sha256=8HtWd8O7mvPiPdZR5YbzY8or_qcqLM4-pKaFdhtFT8M,62
-iam_policy_validator-1.14.5.dist-info/licenses/LICENSE,sha256=AMnbFTBDcK4_MITe2wiQBkj0vg-jjBBhsc43ydC7tt4,1098
-iam_policy_validator-1.14.5.dist-info/RECORD,,
+iam_policy_validator-1.14.6.dist-info/METADATA,sha256=pAPaTarqbLi7q_cdHu3bkCVeu9BHed34jIQHgMXlj5I,34456
+iam_policy_validator-1.14.6.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
+iam_policy_validator-1.14.6.dist-info/entry_points.txt,sha256=8HtWd8O7mvPiPdZR5YbzY8or_qcqLM4-pKaFdhtFT8M,62
+iam_policy_validator-1.14.6.dist-info/licenses/LICENSE,sha256=AMnbFTBDcK4_MITe2wiQBkj0vg-jjBBhsc43ydC7tt4,1098
+iam_policy_validator-1.14.6.dist-info/RECORD,,

iam_validator/__version__.py

@@ -3,7 +3,7 @@
 This file is the single source of truth for the package version.
 """
 
-__version__ = "1.14.5"
+__version__ = "1.14.6"
 # Parse version, handling pre-release suffixes like -rc, -alpha, -beta
 _version_base = __version__.split("-", maxsplit=1)[0]  # Remove pre-release suffix if present
 __version_info__ = tuple(int(part) for part in _version_base.split("."))

iam_validator/core/report.py

@@ -478,13 +478,14 @@ class ReportGenerator:
 
         # Issue breakdown
         if report.total_issues > 0:
-            # Count issues - support both IAM validity and security severities
-            errors = sum(
-                1
-                for r in report.results
-                for i in r.issues
-                if i.severity in constants.HIGH_SEVERITY_LEVELS
+            # Count issues - separate validity errors from security findings
+            validity_errors = sum(
+                1 for r in report.results for i in r.issues if i.severity == "error"
             )
+            critical_findings = sum(
+                1 for r in report.results for i in r.issues if i.severity == "critical"
+            )
+            high_findings = sum(1 for r in report.results for i in r.issues if i.severity == "high")
             warnings = sum(
                 1 for r in report.results for i in r.issues if i.severity in ("warning", "medium")
             )
@@ -496,8 +497,12 @@ class ReportGenerator:
             lines.append("")
             lines.append("| Severity | Count |")
             lines.append("|----------|------:|")
-            if errors > 0:
-                lines.append(f"| 🔴 **Errors** | {errors} |")
+            if validity_errors > 0:
+                lines.append(f"| 🔴 **Errors** | {validity_errors} |")
+            if critical_findings > 0:
+                lines.append(f"| 🟣 **Critical** | {critical_findings} |")
+            if high_findings > 0:
+                lines.append(f"| 🔶 **High** | {high_findings} |")
             if warnings > 0:
                 lines.append(f"| 🟡 **Warnings** | {warnings} |")
             if infos > 0:
@@ -578,15 +583,31 @@ class ReportGenerator:
         )
         lines.append("")
 
-        # Group issues by severity - support both IAM validity and security severities
-        errors = [i for i in result.issues if i.severity in constants.HIGH_SEVERITY_LEVELS]
+        # Group issues by severity - separate validity errors from security findings
+        validity_errors = [i for i in result.issues if i.severity == "error"]
+        critical_findings = [i for i in result.issues if i.severity == "critical"]
+        high_findings = [i for i in result.issues if i.severity == "high"]
         warnings = [i for i in result.issues if i.severity in constants.MEDIUM_SEVERITY_LEVELS]
         infos = [i for i in result.issues if i.severity in constants.LOW_SEVERITY_LEVELS]
 
-        if errors:
+        if validity_errors:
             lines.append("### 🔴 Errors")
             lines.append("")
-            for issue in errors:
+            for issue in validity_errors:
+                lines.append(self._format_issue_markdown(issue, result.policy_file))
+            lines.append("")
+
+        if critical_findings:
+            lines.append("### 🟣 Critical")
+            lines.append("")
+            for issue in critical_findings:
+                lines.append(self._format_issue_markdown(issue, result.policy_file))
+            lines.append("")
+
+        if high_findings:
+            lines.append("### 🔶 High")
+            lines.append("")
+            for issue in high_findings:
                 lines.append(self._format_issue_markdown(issue, result.policy_file))
             lines.append("")
 
@@ -693,13 +714,14 @@ class ReportGenerator:
 
         # Issue breakdown
         if report.total_issues > 0:
-            # Count issues - support both IAM validity and security severities
-            errors = sum(
-                1
-                for r in report.results
-                for i in r.issues
-                if i.severity in constants.HIGH_SEVERITY_LEVELS
+            # Count issues - separate validity errors from security findings
+            validity_errors = sum(
+                1 for r in report.results for i in r.issues if i.severity == "error"
             )
+            critical_findings = sum(
+                1 for r in report.results for i in r.issues if i.severity == "critical"
+            )
+            high_findings = sum(1 for r in report.results for i in r.issues if i.severity == "high")
             warnings = sum(
                 1 for r in report.results for i in r.issues if i.severity in ("warning", "medium")
             )
@@ -711,8 +733,12 @@ class ReportGenerator:
             lines.append("")
             lines.append("| Severity | Count |")
             lines.append("|----------|------:|")
-            if errors > 0:
-                lines.append(f"| 🔴 **Errors** | {errors} |")
+            if validity_errors > 0:
+                lines.append(f"| 🔴 **Errors** | {validity_errors} |")
+            if critical_findings > 0:
+                lines.append(f"| 🟣 **Critical** | {critical_findings} |")
+            if high_findings > 0:
+                lines.append(f"| 🔶 **High** | {high_findings} |")
             if warnings > 0:
                 lines.append(f"| 🟡 **Warnings** | {warnings} |")
             if infos > 0:
@@ -789,15 +815,21 @@ class ReportGenerator:
 
                 policy_lines = []
 
-                # Group issues by severity - support both IAM validity and security severities
-                errors = [i for i in result.issues if i.severity in constants.HIGH_SEVERITY_LEVELS]
+                # Group issues by severity - separate validity errors from security findings
+                validity_errors = [i for i in result.issues if i.severity == "error"]
+                critical_findings = [i for i in result.issues if i.severity == "critical"]
+                high_findings = [i for i in result.issues if i.severity == "high"]
                 warnings = [i for i in result.issues if i.severity in ("warning", "medium")]
                 infos = [i for i in result.issues if i.severity in ("info", "low")]
 
                 # Build severity summary for header
                 severity_parts = []
-                if errors:
-                    severity_parts.append(f"🔴 {len(errors)}")
+                if validity_errors:
+                    severity_parts.append(f"🔴 {len(validity_errors)}")
+                if critical_findings:
+                    severity_parts.append(f"🟣 {len(critical_findings)}")
+                if high_findings:
+                    severity_parts.append(f"🔶 {len(high_findings)}")
                 if warnings:
                     severity_parts.append(f"🟡 {len(warnings)}")
                 if infos:
@@ -812,11 +844,57 @@ class ReportGenerator:
                 )
                 policy_lines.append("")
 
-                # Add errors (prioritized)
-                if errors:
+                # Add validity errors (prioritized)
+                if validity_errors:
                     policy_lines.append("### 🔴 Errors")
                     policy_lines.append("")
-                    for i, issue in enumerate(errors):
+                    for i, issue in enumerate(validity_errors):
+                        issue_content = self._format_issue_markdown(issue, result.policy_file)
+                        test_length = len("\n".join(details_lines + policy_lines)) + len(
+                            issue_content
+                        )
+                        if test_length > available_length:
+                            truncated = True
+                            break
+                        policy_lines.append(issue_content)
+                        issues_shown += 1
+                        # Add separator between issues within same severity
+                        if i < len(validity_errors) - 1:
+                            policy_lines.append("---")
+                            policy_lines.append("")
+                    policy_lines.append("")
+
+                if truncated:
+                    break
+
+                # Add critical security findings
+                if critical_findings:
+                    policy_lines.append("### 🟣 Critical")
+                    policy_lines.append("")
+                    for i, issue in enumerate(critical_findings):
+                        issue_content = self._format_issue_markdown(issue, result.policy_file)
+                        test_length = len("\n".join(details_lines + policy_lines)) + len(
+                            issue_content
+                        )
+                        if test_length > available_length:
+                            truncated = True
+                            break
+                        policy_lines.append(issue_content)
+                        issues_shown += 1
+                        # Add separator between issues within same severity
+                        if i < len(critical_findings) - 1:
+                            policy_lines.append("---")
+                            policy_lines.append("")
+                    policy_lines.append("")
+
+                if truncated:
+                    break
+
+                # Add high security findings
+                if high_findings:
+                    policy_lines.append("### 🔶 High")
+                    policy_lines.append("")
+                    for i, issue in enumerate(high_findings):
                         issue_content = self._format_issue_markdown(issue, result.policy_file)
                         test_length = len("\n".join(details_lines + policy_lines)) + len(
                             issue_content
@@ -827,7 +905,7 @@ class ReportGenerator:
                         policy_lines.append(issue_content)
                         issues_shown += 1
                         # Add separator between issues within same severity
-                        if i < len(errors) - 1:
+                        if i < len(high_findings) - 1:
                             policy_lines.append("---")
                             policy_lines.append("")
                     policy_lines.append("")

iam_validator/integrations/github_integration.py

@@ -1278,7 +1278,7 @@ class GitHubIntegration:
             logger.info(f"Submitting {event.value} review (no inline comments)")
             success = await self.create_review_with_comments(
                 comments=[],
-                body=body or f"<!-- {identifier} -->\nValidation complete.",
+                body=body,
                 event=event,
             )
             if not success: