Add stdin support for reading policy (#188)

* Add stdin support for reading policy * Add ability to read from stdin for a policy to be analyzed such as `cat file.json | parliament` * Adds new FileType argument to read from stdin and don't allow both --file and stdin * Implements #163 * Simplify implementation to use single parameter * Since we can test if we are using stdin vs --file attribute we can just use the same attribute instead of 2 * Update argument help * Fix filename parameter passed to analyze_policy_string
duo-labs · Mar 25, 2021 · 1e5cb87 · 1e5cb87
1 parent 3873cf5
commit 1e5cb87
Showing 1 changed file with 18 additions and 11 deletions.
diff --git a/parliament/cli.py b/parliament/cli.py
@@ -137,7 +137,10 @@ def main():
         help='Provide a string such as \'{"Version": "2012-10-17","Statement": {"Effect": "Allow","Action": ["s3:GetObject", "s3:PutBucketPolicy"],"Resource": ["arn:aws:s3:::bucket1", "arn:aws:s3:::bucket2/*"]}}\'',
         type=str,
     )
-    parser.add_argument("--file", help="Provide a policy in a file", type=str)
+    parser.add_argument('--file',
+                            help="Provide a policy via stdin (e.g. through piping) or --file",
+                            type=argparse.FileType('r'),
+                            default=sys.stdin)
     parser.add_argument(
         "--directory", help="Provide a path to directory with policy files", type=str
     )
@@ -212,6 +215,10 @@ def main():
     if args.minimal and args.json:
         raise Exception("You cannot choose both minimal and json output")
 
+    # If I have some stdin to read it should be my policy, file input should indicate stdin
+    if not sys.stdin.isatty() and args.file.name != "<stdin>":
+        parser.error("You cannot pass a file with --file and use stdin together")
+
     # Change the exit status if there are errors
     exit_status = 0
     findings = []
@@ -311,16 +318,16 @@ def main():
         )
         findings.extend(policy.findings)
     elif args.file:
-        with open(args.file) as f:
-            contents = f.read()
-            policy = analyze_policy_string(
-                contents,
-                args.file,
-                private_auditors_custom_path=args.private_auditors,
-                include_community_auditors=args.include_community_auditors,
-                config=config,
-            )
-            findings.extend(policy.findings)
+        contents = args.file.read()
+        args.file.close()
+        policy = analyze_policy_string(
+            contents,
+            args.file.name,
+            private_auditors_custom_path=args.private_auditors,
+            include_community_auditors=args.include_community_auditors,
+            config=config,
+        )
+        findings.extend(policy.findings)
     elif args.directory:
         file_paths = find_files(
             directory=args.directory,