iam-policy-validator 1.3.1__py3-none-any.whl → 1.5.0__py3-none-any.whl

iam_validator/core/config/wildcards.py

@@ -0,0 +1,124 @@
+"""
+Default wildcard configurations for security best practices checks.
+
+These wildcards define which actions are considered "safe" to use with
+Resource: "*" (e.g., read-only describe operations).
+
+Using Python tuples instead of YAML lists provides:
+- Zero parsing overhead
+- Immutable by default (tuples)
+- Better performance
+- Easy PyPI packaging
+"""
+
+from typing import Final
+
+# ============================================================================
+# Allowed Wildcards for Resource: "*"
+# ============================================================================
+# These action patterns are considered safe to use with wildcard resources
+# They are typically read-only operations that need broad resource access
+
+DEFAULT_ALLOWED_WILDCARDS: Final[tuple[str, ...]] = (
+    # Auto Scaling
+    "autoscaling:Describe*",
+    # CloudWatch
+    "cloudwatch:Describe*",
+    "cloudwatch:Get*",
+    "cloudwatch:List*",
+    # DynamoDB
+    "dynamodb:Describe*",
+    # EC2
+    "ec2:Describe*",
+    # Elastic Load Balancing
+    "elasticloadbalancing:Describe*",
+    # IAM (non-sensitive read operations)
+    "iam:Get*",
+    "iam:List*",
+    # KMS
+    "kms:Describe*",
+    # Lambda
+    "lambda:Get*",
+    "lambda:List*",
+    # CloudWatch Logs
+    "logs:Describe*",
+    "logs:Filter*",
+    "logs:Get*",
+    # RDS
+    "rds:Describe*",
+    # Route53
+    "route53:Get*",
+    "route53:List*",
+    # S3 (safe read operations only)
+    "s3:Describe*",
+    "s3:GetBucket*",
+    "s3:GetM*",
+    "s3:List*",
+    # SQS
+    "sqs:Get*",
+    "sqs:List*",
+    # API Gateway
+    "apigateway:GET",
+)
+
+# ============================================================================
+# Service-Level Wildcards (Allowed Services)
+# ============================================================================
+# Services that are allowed to use service-level wildcards like "logs:*"
+# These are typically low-risk monitoring/logging services
+
+DEFAULT_SERVICE_WILDCARDS: Final[tuple[str, ...]] = (
+    "logs",
+    "cloudwatch",
+    "xray",
+)
+
+
+def get_allowed_wildcards() -> tuple[str, ...]:
+    """
+    Get tuple of allowed wildcard action patterns.
+
+    Returns:
+        Tuple of action patterns that are safe to use with Resource: "*"
+    """
+    return DEFAULT_ALLOWED_WILDCARDS
+
+
+def get_allowed_service_wildcards() -> tuple[str, ...]:
+    """
+    Get tuple of services allowed to use service-level wildcards.
+
+    Returns:
+        Tuple of service names (e.g., "logs", "cloudwatch")
+    """
+    return DEFAULT_SERVICE_WILDCARDS
+
+
+def is_allowed_wildcard(pattern: str) -> bool:
+    """
+    Check if a wildcard pattern is in the allowed list.
+
+    Args:
+        pattern: Action pattern to check (e.g., "s3:List*")
+
+    Returns:
+        True if pattern is in allowed wildcards
+
+    Performance: O(n) but typically small list (~25 items)
+    """
+    return pattern in DEFAULT_ALLOWED_WILDCARDS
+
+
+def is_allowed_service_wildcard(service: str) -> bool:
+    """
+    Check if a service is allowed to use service-level wildcards.
+
+    Args:
+        service: Service name (e.g., "logs", "s3")
+
+    Returns:
+        True if service is in allowed list
+
+    Performance: O(n) but very small list (~3 items)
+    """
+    return service in DEFAULT_SERVICE_WILDCARDS

iam_validator/core/config_loader.py

@@ -15,7 +15,7 @@ from typing import Any
 import yaml
 
 from iam_validator.core.check_registry import CheckConfig, CheckRegistry, PolicyCheck
-from iam_validator.core.defaults import get_default_config
+from iam_validator.core.config.defaults import get_default_config
 
 logger = logging.getLogger(__name__)
 
@@ -68,18 +68,38 @@ class ValidatorConfig:
             self.config_dict = config_dict or {}
 
         # Support both nested and flat structure
-        # New flat structure: each check is a top-level key ending with "_check"
-        # Old nested structure: all checks under "checks" key
+        # 1. Old nested structure: all checks under "checks" key
+        # 2. New flat structure: each check is a top-level key ending with "_check"
+        # 3. Default config structure: check IDs directly at top level (without "_check" suffix)
         if "checks" in self.config_dict:
             # Old nested structure
             self.checks_config = self.config_dict.get("checks", {})
         else:
-            # New flat structure - extract all keys ending with "_check"
-            self.checks_config = {
-                key.replace("_check", ""): value
-                for key, value in self.config_dict.items()
-                if key.endswith("_check") and isinstance(value, dict)
-            }
+            # New flat structure and default config structure
+            # Extract all keys ending with "_check" OR that look like check configurations
+            self.checks_config = {}
+
+            # First, add keys ending with "_check"
+            for key, value in self.config_dict.items():
+                if key.endswith("_check") and isinstance(value, dict):
+                    self.checks_config[key.replace("_check", "")] = value
+
+            # Then, add top-level keys that look like check configurations
+            # (they have dict values and contain typical check config keys like enabled, severity, etc.)
+            for key, value in self.config_dict.items():
+                if (
+                    key
+                    not in [
+                        "settings",
+                        "custom_checks",
+                        "custom_checks_dir",
+                    ]  # Skip special config keys
+                    and not key.endswith("_check")  # Skip if already processed above
+                    and isinstance(value, dict)  # Must be a dict
+                    and key not in self.checks_config  # Not already added
+                ):
+                    # This looks like a check configuration
+                    self.checks_config[key] = value
 
         self.custom_checks = self.config_dict.get("custom_checks", [])
         self.custom_checks_dir = self.config_dict.get("custom_checks_dir")

iam_validator/core/formatters/enhanced.py

@@ -36,13 +36,18 @@ class EnhancedFormatter(OutputFormatter):
 
         Args:
             report: Validation report to format
-            **kwargs: Additional options (color: bool = True)
+            **kwargs: Additional options:
+                - color (bool): Enable color output (default: True)
+                - show_summary (bool): Show Executive Summary panel (default: True)
+                - show_severity_breakdown (bool): Show Issue Severity Breakdown panel (default: True)
 
         Returns:
             Formatted string with ANSI codes for console display
         """
         # Allow disabling color for plain text output
         color = kwargs.get("color", True)
+        show_summary = kwargs.get("show_summary", True)
+        show_severity_breakdown = kwargs.get("show_severity_breakdown", True)
 
         # Use StringIO to capture Rich console output
         string_buffer = StringIO()
@@ -58,11 +63,12 @@ class EnhancedFormatter(OutputFormatter):
         console.print(Panel(title, border_style="bright_blue", padding=(1, 0)))
         console.print()
 
-        # Executive Summary with progress bars
-        self._print_summary_panel(console, report)
+        # Executive Summary with progress bars (optional)
+        if show_summary:
+            self._print_summary_panel(console, report)
 
-        # Severity breakdown if there are issues
-        if report.total_issues > 0:
+        # Severity breakdown if there are issues (optional)
+        if show_severity_breakdown and report.total_issues > 0:
             console.print()
             self._print_severity_breakdown(console, report)
 

iam_validator/core/formatters/sarif.py

@@ -100,7 +100,7 @@ class SARIFFormatter(OutputFormatter):
                     "text": "The specified condition key is not valid for this action"
                 },
                 "helpUri": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html",
-                "defaultConfiguration": {"level": "warning"},
+                "defaultConfiguration": {"level": "error"},
             },
             {
                 "id": "invalid-resource",
@@ -110,18 +110,55 @@ class SARIFFormatter(OutputFormatter):
                 "defaultConfiguration": {"level": "error"},
             },
             {
-                "id": "security-wildcard",
-                "shortDescription": {"text": "Overly Permissive Wildcard"},
+                "id": "duplicate-sid",
+                "shortDescription": {"text": "Duplicate Statement ID"},
+                "fullDescription": {
+                    "text": "Multiple statements use the same Statement ID (Sid), which can cause confusion"
+                },
+                "helpUri": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html",
+                "defaultConfiguration": {"level": "error"},
+            },
+            {
+                "id": "overly-permissive",
+                "shortDescription": {"text": "Overly Permissive Policy"},
                 "fullDescription": {
-                    "text": "Using wildcards in actions or resources can be a security risk"
+                    "text": "Policy grants overly broad permissions using wildcards in actions or resources"
                 },
-                "helpUri": "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html",
+                "helpUri": "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege",
                 "defaultConfiguration": {"level": "warning"},
             },
             {
-                "id": "security-sensitive-action",
-                "shortDescription": {"text": "Sensitive Action Without Conditions"},
-                "fullDescription": {"text": "Sensitive actions should have condition restrictions"},
+                "id": "missing-condition",
+                "shortDescription": {"text": "Missing Condition Restrictions"},
+                "fullDescription": {
+                    "text": "Sensitive actions should include condition restrictions to limit when they can be used"
+                },
+                "helpUri": "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#use-policy-conditions",
+                "defaultConfiguration": {"level": "warning"},
+            },
+            {
+                "id": "missing-required-condition",
+                "shortDescription": {"text": "Missing Required Condition"},
+                "fullDescription": {
+                    "text": "Specific actions require certain conditions to prevent privilege escalation or security issues"
+                },
+                "helpUri": "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html",
+                "defaultConfiguration": {"level": "error"},
+            },
+            {
+                "id": "invalid-principal",
+                "shortDescription": {"text": "Invalid Principal"},
+                "fullDescription": {
+                    "text": "The specified principal is invalid or improperly formatted"
+                },
+                "helpUri": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html",
+                "defaultConfiguration": {"level": "error"},
+            },
+            {
+                "id": "general-issue",
+                "shortDescription": {"text": "IAM Policy Issue"},
+                "fullDescription": {"text": "General IAM policy validation issue"},
+                "helpUri": "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html",
                 "defaultConfiguration": {"level": "warning"},
             },
         ]
@@ -170,18 +207,45 @@ class SARIFFormatter(OutputFormatter):
         return results
 
     def _get_rule_id(self, issue: ValidationIssue) -> str:
-        """Map issue to SARIF rule ID."""
+        """Map issue to SARIF rule ID.
+
+        Uses the issue_type field directly, converting underscores to hyphens
+        for SARIF rule ID format. Falls back to heuristic matching for unknown types.
+        """
+        # Map common issue types directly
+        issue_type_map = {
+            "invalid_action": "invalid-action",
+            "invalid_condition_key": "invalid-condition-key",
+            "invalid_resource": "invalid-resource",
+            "duplicate_sid": "duplicate-sid",
+            "overly_permissive": "overly-permissive",
+            "missing_condition": "missing-condition",
+            "missing_required_condition": "missing-required-condition",
+            "invalid_principal": "invalid-principal",
+        }
+
+        # Try direct mapping from issue_type
+        if issue.issue_type in issue_type_map:
+            return issue_type_map[issue.issue_type]
+
+        # Fallback: heuristic matching based on message
         message_lower = issue.message.lower()
 
         if "action" in message_lower and "not found" in message_lower:
             return "invalid-action"
         elif "condition key" in message_lower:
             return "invalid-condition-key"
-        elif "arn" in message_lower or "resource" in message_lower:
+        elif "duplicate" in message_lower and "sid" in message_lower:
+            return "duplicate-sid"
+        elif "wildcard" in message_lower or "overly permissive" in message_lower:
+            return "overly-permissive"
+        elif "missing" in message_lower and "condition" in message_lower:
+            if "required" in message_lower:
+                return "missing-required-condition"
+            return "missing-condition"
+        elif "principal" in message_lower:
+            return "invalid-principal"
+        elif "resource" in message_lower or "arn" in message_lower:
             return "invalid-resource"
-        elif "wildcard" in message_lower or "*" in issue.message:
-            return "security-wildcard"
-        elif "sensitive" in message_lower:
-            return "security-sensitive-action"
         else:
             return "general-issue"

iam_validator/core/models.py

@@ -4,10 +4,18 @@ This module defines Pydantic models for AWS service information,
 IAM policies, and validation results.
 """
 
-from typing import Any, ClassVar
+from typing import Any, ClassVar, Literal
 
 from pydantic import BaseModel, ConfigDict, Field
 
+# Policy Type Constants
+PolicyType = Literal[
+    "IDENTITY_POLICY",
+    "RESOURCE_POLICY",
+    "SERVICE_CONTROL_POLICY",
+    "RESOURCE_CONTROL_POLICY",
+]
+
 
 # AWS Service Reference Models
 class ServiceInfo(BaseModel):
@@ -202,9 +210,10 @@ class ValidationIssue(BaseModel):
 
         parts = []
 
-        # Add identifier for bot comment cleanup
+        # Add identifier for bot comment cleanup (HTML comment - not visible to users)
         if include_identifier:
-            parts.append("🤖 IAM Policy Validator\n")
+            parts.append("<!-- iam-policy-validator-review -->\n")
+            parts.append("🤖 **IAM Policy Validator**\n")
 
         # Build statement context for better navigation
         statement_context = f"Statement[{self.statement_index}]"
@@ -240,6 +249,7 @@ class PolicyValidationResult(BaseModel):
 
     policy_file: str
     is_valid: bool
+    policy_type: PolicyType = "IDENTITY_POLICY"
     issues: list[ValidationIssue] = Field(default_factory=list)
     actions_checked: int = 0
     condition_keys_checked: int = 0

iam_validator/core/policy_checks.py

@@ -16,6 +16,7 @@ from iam_validator.core.aws_fetcher import AWSServiceFetcher
 from iam_validator.core.check_registry import CheckRegistry
 from iam_validator.core.models import (
     IAMPolicy,
+    PolicyType,
     PolicyValidationResult,
     Statement,
     ValidationIssue,
@@ -112,17 +113,30 @@ class PolicyValidator:
             logger.debug(f"Could not find field line in {policy_file}: {e}")
             return None
 
-    async def validate_policy(self, policy: IAMPolicy, policy_file: str) -> PolicyValidationResult:
+    async def validate_policy(
+        self, policy: IAMPolicy, policy_file: str, policy_type: PolicyType = "IDENTITY_POLICY"
+    ) -> PolicyValidationResult:
         """Validate a complete IAM policy.
 
         Args:
             policy: IAM policy to validate
             policy_file: Path to the policy file
+            policy_type: Type of policy (IDENTITY_POLICY, RESOURCE_POLICY, SERVICE_CONTROL_POLICY)
 
         Returns:
             PolicyValidationResult with all findings
         """
-        result = PolicyValidationResult(policy_file=policy_file, is_valid=True)
+        result = PolicyValidationResult(
+            policy_file=policy_file, is_valid=True, policy_type=policy_type
+        )
+
+        # Apply automatic policy-type validation (not configurable - always runs)
+        from iam_validator.checks import policy_type_validation
+
+        policy_type_issues = await policy_type_validation.execute_policy(
+            policy, policy_file, policy_type=policy_type
+        )
+        result.issues.extend(policy_type_issues)
 
         for idx, statement in enumerate(policy.statement):
             # Get line number for this statement
@@ -460,6 +474,7 @@ async def validate_policies(
     config_path: str | None = None,
     use_registry: bool = True,
     custom_checks_dir: str | None = None,
+    policy_type: PolicyType = "IDENTITY_POLICY",
 ) -> list[PolicyValidationResult]:
     """Validate multiple policies concurrently.
 
@@ -468,6 +483,7 @@ async def validate_policies(
         config_path: Optional path to configuration file
         use_registry: If True, use CheckRegistry system; if False, use legacy validator
         custom_checks_dir: Optional path to directory containing custom checks for auto-discovery
+        policy_type: Type of policy (IDENTITY_POLICY, RESOURCE_POLICY, SERVICE_CONTROL_POLICY)
 
     Returns:
         List of validation results
@@ -492,7 +508,10 @@ async def validate_policies(
         ) as fetcher:
             validator = PolicyValidator(fetcher)
 
-            tasks = [validator.validate_policy(policy, file_path) for file_path, policy in policies]
+            tasks = [
+                validator.validate_policy(policy, file_path, policy_type)
+                for file_path, policy in policies
+            ]
 
             results = await asyncio.gather(*tasks)
 
@@ -560,7 +579,9 @@ async def validate_policies(
         aws_services_dir=aws_services_dir,
     ) as fetcher:
         tasks = [
-            _validate_policy_with_registry(policy, file_path, registry, fetcher, fail_on_severities)
+            _validate_policy_with_registry(
+                policy, file_path, registry, fetcher, fail_on_severities, policy_type
+            )
             for file_path, policy in policies
         ]
 
@@ -575,6 +596,7 @@ async def _validate_policy_with_registry(
     registry: CheckRegistry,
     fetcher: AWSServiceFetcher,
     fail_on_severities: list[str] | None = None,
+    policy_type: PolicyType = "IDENTITY_POLICY",
 ) -> PolicyValidationResult:
     """Validate a single policy using the CheckRegistry system.
 
@@ -584,15 +606,26 @@ async def _validate_policy_with_registry(
         registry: CheckRegistry instance with configured checks
         fetcher: AWS service fetcher instance
         fail_on_severities: List of severity levels that should cause validation to fail
+        policy_type: Type of policy (IDENTITY_POLICY, RESOURCE_POLICY, SERVICE_CONTROL_POLICY)
 
     Returns:
         PolicyValidationResult with all findings
     """
-    result = PolicyValidationResult(policy_file=policy_file, is_valid=True)
+    result = PolicyValidationResult(policy_file=policy_file, is_valid=True, policy_type=policy_type)
+
+    # Apply automatic policy-type validation (not configurable - always runs)
+    from iam_validator.checks import policy_type_validation
+
+    policy_type_issues = await policy_type_validation.execute_policy(
+        policy, policy_file, policy_type=policy_type
+    )
+    result.issues.extend(policy_type_issues)
 
     # Run policy-level checks first (checks that need to see the entire policy)
     # These checks examine relationships between statements, not individual statements
-    policy_level_issues = await registry.execute_policy_checks(policy, policy_file, fetcher)
+    policy_level_issues = await registry.execute_policy_checks(
+        policy, policy_file, fetcher, policy_type
+    )
     result.issues.extend(policy_level_issues)
 
     # Execute all statement-level checks for each statement

iam_validator/core/pr_commenter.py

@@ -20,17 +20,25 @@ class PRCommenter:
     # Identifier for bot comments (used for cleanup/updates)
     BOT_IDENTIFIER = "🤖 IAM Policy Validator"
     SUMMARY_IDENTIFIER = "<!-- iam-policy-validator-summary -->"
-    REVIEW_IDENTIFIER = "🤖 IAM Policy Validator"
+    REVIEW_IDENTIFIER = "<!-- iam-policy-validator-review -->"
 
-    def __init__(self, github: GitHubIntegration | None = None, cleanup_old_comments: bool = True):
+    def __init__(
+        self,
+        github: GitHubIntegration | None = None,
+        cleanup_old_comments: bool = True,
+        fail_on_severities: list[str] | None = None,
+    ):
         """Initialize PR commenter.
 
         Args:
             github: GitHubIntegration instance (will create one if None)
             cleanup_old_comments: Whether to clean up old bot comments before posting new ones
+            fail_on_severities: List of severity levels that should trigger REQUEST_CHANGES
+                               (e.g., ["error", "critical", "high"])
         """
         self.github = github
         self.cleanup_old_comments = cleanup_old_comments
+        self.fail_on_severities = fail_on_severities or ["error", "critical"]
 
     async def post_findings_to_pr(
         self,
@@ -136,17 +144,22 @@ class PRCommenter:
         for file_comments in comments_by_file.values():
             all_comments.extend(file_comments)
 
-        # Determine review event based on issues
-        has_errors = any(
-            issue.severity == "error" for result in report.results for issue in result.issues
+        # Determine review event based on fail_on_severities config
+        # Check if any issue has a severity that should trigger REQUEST_CHANGES
+        has_blocking_issues = any(
+            issue.severity in self.fail_on_severities
+            for result in report.results
+            for issue in result.issues
         )
 
-        event = ReviewEvent.REQUEST_CHANGES if has_errors else ReviewEvent.COMMENT
+        # Set review event: request changes if any blocking issues, else comment
+        event = ReviewEvent.REQUEST_CHANGES if has_blocking_issues else ReviewEvent.COMMENT
 
-        # Post review with comments (include identifier in review body for potential future cleanup)
+        # Post review with comments (include identifier in review body for cleanup)
         review_body = (
             f"{self.REVIEW_IDENTIFIER}\n\n"
-            f"## IAM Policy Validation Results\n\n"
+            f"🤖 **IAM Policy Validator**\n\n"
+            f"## Validation Results\n\n"
             f"Found {report.total_issues} issues across {report.total_policies} policies.\n"
             f"See inline comments for details."
         )
@@ -279,6 +292,7 @@ async def post_report_to_pr(
     report_file: str,
     create_review: bool = True,
     add_summary: bool = True,
+    config_path: str | None = None,
 ) -> bool:
     """Post a JSON report to a PR.
 
@@ -286,6 +300,7 @@ async def post_report_to_pr(
         report_file: Path to JSON report file
         create_review: Whether to create line-specific review
         add_summary: Whether to add summary comment
+        config_path: Optional path to config file (to get fail_on_severity)
 
     Returns:
         True if successful, False otherwise
@@ -297,9 +312,15 @@ async def post_report_to_pr(
 
         report = ValidationReport.model_validate(report_data)
 
+        # Load config to get fail_on_severity setting
+        from iam_validator.core.config_loader import ConfigLoader
+
+        config = ConfigLoader.load_config(config_path)
+        fail_on_severities = config.get_setting("fail_on_severity", ["error", "critical"])
+
         # Post to PR
         async with GitHubIntegration() as github:
-            commenter = PRCommenter(github)
+            commenter = PRCommenter(github, fail_on_severities=fail_on_severities)
             return await commenter.post_findings_to_pr(
                 report,
                 create_review=create_review,

iam_policy_validator-1.3.1.dist-info/RECORD

@@ -1,54 +0,0 @@
-iam_validator/__init__.py,sha256=APnMR3Fu4fHhxfsHBvUM2dJIwazgvLKQbfOsSgFPidg,693
-iam_validator/__main__.py,sha256=to_nz3n_IerJpVVZZ6WSFlFR5s_06J0csfPOTfQZG8g,197
-iam_validator/__version__.py,sha256=hbgDe5p_vG5JrspHS61bAQLyKxbRMqbUDzeKUVq_gmo,206
-iam_validator/checks/__init__.py,sha256=eKTPgiZ1i3zvyP6OdKgLx9s3u69onITMYifmJPJwZgM,968
-iam_validator/checks/action_condition_enforcement.py,sha256=3M1Wj89Af6H-ywBTruZbJPzhCBBQVanVb5hwv-fkiDE,29721
-iam_validator/checks/action_resource_constraint.py,sha256=p-gP7S9QYR6M7vffrnJY6LOlMUTn0kpEbrxQ8pTY5rs,6031
-iam_validator/checks/action_validation.py,sha256=IpxtTsk58f2zEZ-xzAoyHw4QK8BCRV43OffP-8ydf9E,2578
-iam_validator/checks/condition_key_validation.py,sha256=bc4LQ8IRKyt0RquaQvQvVjmeJnuOUAFRL8xdduLPa_U,2661
-iam_validator/checks/policy_size.py,sha256=4cvZiWRJXGuvYo8PRcdD1Py_ZL8Xw0lOJfXTs6EX-_I,5753
-iam_validator/checks/resource_validation.py,sha256=AEIoiR6AKYLuVaA8ne3QE5qy6NCMDe98_2JAiwE9-JU,4261
-iam_validator/checks/security_best_practices.py,sha256=uf3ZAhBkyN8ka9bZHWi2kkAGIibhqWMIF06DBXsgu9U,23093
-iam_validator/checks/sid_uniqueness.py,sha256=U2Kk5lYi9mHhhTpCWAD0ZQfxcLnIJJa7KGC5nOzTEbY,5145
-iam_validator/checks/utils/__init__.py,sha256=j0X4ibUB6RGx2a-kNoJnlVZwHfoEvzZsIeTmJIAoFzA,45
-iam_validator/checks/utils/policy_level_checks.py,sha256=2V60C0zhKfsFPjQ-NMlD3EemtwA9S6-4no8nETgXdQE,5274
-iam_validator/checks/utils/sensitive_action_matcher.py,sha256=VlTpgjMnympYa28kOdm6xRIUL2P87rOvm1O2NdnjtVI,8900
-iam_validator/checks/utils/wildcard_expansion.py,sha256=V3V_KRpapOzPBhpUObJjGHoMhvCH90QvDxppeEHIG_U,3152
-iam_validator/commands/__init__.py,sha256=M-5bo8w0TCWydK0cXgJyPD2fmk8bpQs-3b26YbgLzlc,565
-iam_validator/commands/analyze.py,sha256=TWlDaZ8gVOdNv6__KQQfzeLVW36qLiL5IzlhGYfvq_g,16501
-iam_validator/commands/base.py,sha256=5baCCMwxz7pdQ6XMpWfXFNz7i1l5dB8Qv9dKKR04Gzs,1074
-iam_validator/commands/cache.py,sha256=NHfbIDWI8tj-3o-4fIZJQS-Vvd9bxIH3Lk6kBtNuiUU,14212
-iam_validator/commands/download_services.py,sha256=anRcobOuhkiEmHpwW_AJb1e2ifgkgYAO2-b9-JBrBcg,9152
-iam_validator/commands/post_to_pr.py,sha256=hl_K-XlELYN-ArjMdgQqysvIE-26yf9XdrMl4ToDwG0,2148
-iam_validator/commands/validate.py,sha256=R295cOTly8n7zL1jfvbh9RuCgiM5edBqbf6YMn_4G9A,14013
-iam_validator/core/__init__.py,sha256=1FvJPMrbzJfS9YbRUJCshJLd5gzWwR9Fd_slS0Aq9c8,416
-iam_validator/core/access_analyzer.py,sha256=poeT1i74jXpKr1B3UmvqiTvCTbq82zffWgZHwiFUwoo,24337
-iam_validator/core/access_analyzer_report.py,sha256=IrQVszlhFfQ6WykYLpig7TU3hf8dnQTegPDsOvHjR5Q,24873
-iam_validator/core/aws_fetcher.py,sha256=0rG7qi3Lz6ulU6pDL0nZ6sklgSAS5pwo0ViykDspRt8,33382
-iam_validator/core/aws_global_conditions.py,sha256=ADVcMEWhgvDZWdBmRUQN3HB7a9OycbTLecXFAy3LPbo,5837
-iam_validator/core/check_registry.py,sha256=wxqaF2t_3lWgT6x7_PnnZ8XGjHKUxUk72UlmdYBLFyo,15679
-iam_validator/core/cli.py,sha256=PkXiZjlgrQ21QustBbspefYsdbxst4gxoClyG2_HQR8,3843
-iam_validator/core/config_loader.py,sha256=Pq2rd6LJtEZET0ZeW4hEZS2ZRLC5gNRsKbtLyIsT21I,16516
-iam_validator/core/defaults.py,sha256=brGPx0_8zmsMNddYryMKbcoIh8VJq2mdXZdGDItAsQs,13251
-iam_validator/core/models.py,sha256=rWIZnD-I81Sg4asgOhnB10FWJC5mxQ2JO9bdS0sHb4Q,10772
-iam_validator/core/policy_checks.py,sha256=pMlZ2XkuqppVOUZq__e8w_yGoy7lIHjAB5RiTXwJo4Q,25114
-iam_validator/core/policy_loader.py,sha256=TR7SpzlRG3TwH4HBGEFUuhNOmxIR8Cud2SQ-AmHWBpM,14040
-iam_validator/core/pr_commenter.py,sha256=TOhVXKTFcRHQ9EVuShXQcKXn9aNjB1mU6FnR2jvltmw,10581
-iam_validator/core/report.py,sha256=Yeh_u9jQvTyDV3ignyPcWEQVfFcxNZNrxf4T0fjeWb4,33283
-iam_validator/core/formatters/__init__.py,sha256=fnCKAEBXItnOf2m4rhVs7zwMaTxbG6ESh3CF8V5j5ec,868
-iam_validator/core/formatters/base.py,sha256=SShDeDiy5mYQnS6BpA8xYg91N-KX1EObkOtlrVHqx1Q,4451
-iam_validator/core/formatters/console.py,sha256=lX4Yp4bTW61fxe0fCiHuO6bCZtC_6cjCwqDNQ55nT_8,1937
-iam_validator/core/formatters/csv.py,sha256=2FaN6Y_0TPMFOb3A3tNtj0-9bkEc5P-6eZ7eLROIqFE,5899
-iam_validator/core/formatters/enhanced.py,sha256=-W9JACV4FNVWoWtfVxXLla4d__Gg96SASbNAijpJnT0,16638
-iam_validator/core/formatters/html.py,sha256=j4sQi-wXiD9kCHldW5JCzbJe0frhiP5uQI9KlH3Sj_g,22994
-iam_validator/core/formatters/json.py,sha256=A7gZ8P32GEdbDvrSn6v56yQ4fOP_kyMaoFVXG2bgnew,939
-iam_validator/core/formatters/markdown.py,sha256=aPAY6FpZBHsVBDag3FAsB_X9CZzznFjX9dQr0ysDrTE,2251
-iam_validator/core/formatters/sarif.py,sha256=tqp8g7RmUh0HRk-kKDaucx4sa-5I9ikgkSpy1MM8Vi4,7200
-iam_validator/integrations/__init__.py,sha256=7Hlor_X9j0NZaEjFuSvoXAAuSKQ-zgY19Rk-Dz3JpKo,616
-iam_validator/integrations/github_integration.py,sha256=bKs94vNT4PmcmUPUeuY2WJFhCYpUY2SWiBP1vj-andA,25673
-iam_validator/integrations/ms_teams.py,sha256=t2PlWuTDb6GGH-eDU1jnOKd8D1w4FCB68bahGA7MJcE,14475
-iam_policy_validator-1.3.1.dist-info/METADATA,sha256=NNF1fvnG9g8pGMopQ71yn5rHtWnRIVMBUGPEeNLX9jI,29465
-iam_policy_validator-1.3.1.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-iam_policy_validator-1.3.1.dist-info/entry_points.txt,sha256=8HtWd8O7mvPiPdZR5YbzY8or_qcqLM4-pKaFdhtFT8M,62
-iam_policy_validator-1.3.1.dist-info/licenses/LICENSE,sha256=AMnbFTBDcK4_MITe2wiQBkj0vg-jjBBhsc43ydC7tt4,1098
-iam_policy_validator-1.3.1.dist-info/RECORD,,