Fix tags filtering for s3

ochuprykov · ochuprykov · commit 1bd8d36925c2 · 2018-12-27T13:54:52.000+02:00
Tag value is array of possible values for specified tag.
Should check if specific tag contains value from this array.
diff --git a/hammer/identification/lambdas/api/s3_bucket_acl.py b/hammer/identification/lambdas/api/s3_bucket_acl.py
@@ -45,4 +45,4 @@ def remediate(security_feature, account, config, ids, tags):
             response[security_feature][bucket.name] = result
         return response
     else:
-        return server_error(text="Failed to check S3 ACL")
+        return server_error(text="Failed to check S3 ACL")
diff --git a/hammer/identification/lambdas/api/s3_bucket_policy.py b/hammer/identification/lambdas/api/s3_bucket_policy.py
@@ -45,4 +45,4 @@ def remediate(security_feature, account, config, ids, tags):
             response[security_feature][bucket.name] = result
         return response
     else:
-        return server_error(text="Failed to check S3 policy")
+        return server_error(text="Failed to check S3 policy")
diff --git a/hammer/library/aws/s3.py b/hammer/library/aws/s3.py
@@ -443,7 +443,12 @@ def encrypt_bucket(self, kms_key_id=None):
         return True
 
     def contains_tags(self, tags):
-        return all(tag in self.tags.items() for tag in tags.items())
+        for tag_name in tags:
+            if tag_name not in self.tags:
+                return False
+            if self.tags[tag_name] not in tags[tag_name]:
+                return False
+        return True
 
 
 class S3BucketsPolicyChecker(object):
