Python 1.6 - Analysis Results - Amazon Web Services

Amazon Web Services SDK
AWS-CDK
- AWS Lambda (AWS-CDK)
Known Limitations

Amazon Web Services SDK

The Python library boto3 for the AWS SDK is supported. The Python library aws-cdk (v1 and v2) is only supported for AWS Lambdas.

AWS Lambda in AWS deployment frameworks

The AWS Lambda functions declared in deployment framework configuration files are analyzed by a different extensions (com.castsoftware.cloudconfig). The Python analyzer will be responsible, however, of creating the link between Lambda Function objects having the runtime property value consistent with a python runtime (python3.5, ...) and the corresponding handler (a Python method object) during the application-level analysis step. It is highly recommended to add the com.castsoftware.cloudconfig extension so that proper migration of AWS objects takes place upon upgrading com.castsoftware.python extension from versions < 1.4.0-beta7.

Example

In the .yml deployment file below (taken from the Serverless examples for AWS) a Lambda function is defined (hello) and the handler's method name is referred:

service: aws-python # NOTE: update this with your service name

frameworkVersion: '2'


provider:
  name: aws
  runtime: python3.8
  lambdaHashingVersion: 20201221

functions:
  hello:
    handler: handler.hello

Where the Python code of the handler:

# handler.py

def hello(event, context):
    body = {
        "message": "Go Serverless v2.0! Your function executed successfully!",
        "input": event,
    }

    return {"statusCode": 200, "body": json.dumps(body)}

Results:

AWS Lambda (Boto3)

Supported API methods (boto3)	Link Type	Caller	Callee
botocore.client.Lambda.invoke	callLink	Python callable artifact	Python Call to AWS Lambda Function
botocore.client.Lambda.invoke_async	callLink	Python callable artifact	Python Call to AWS Lambda Function

Example

A simple example showing representation of an invocation of a AWS Lambda function:

def func():
    lambda_client.invoke(FunctionName='otherfunctionname',
                     InvocationType='RequestResponse',
                     Payload=lambda_payload)

AWS SQS (Boto3)

Supported API methods (boto3)	Link Type	Caller	Callee
botocore.client.SQS.send_message	callLink	Python callable artifact	Python AWS SQS Publisher
botocore.client.SQS.send_message_batch	callLink	Python callable artifact	Python AWS SQS Unknown Publisher
botocore.client.SQS.receive_message	callLink	Python AWS SQS Unknown Receiver, Python AWS SQS Receiver	Python callable artifact

Code samples

In this code, the module sqs_send_message.py publishes a message into the "SQS_QUEUE_URL" queue and in sqs_receive_message.py is received:

# Adapted from https://boto3.amazonaws.com/v1/documentation/api/latest/guide/sqs-example-sending-receiving-msgs.html#example
# sqs_receive_message.py

import boto3

# Create SQS client
sqs = boto3.client('sqs')

queue_url = 'SQS_QUEUE_URL'

# Receive message from SQS queue
response = sqs.receive_message(QueueUrl=queue_url, ...)

and:

# Adapted from https://boto3.amazonaws.com/v1/documentation/api/latest/guide/sqs-example-sending-receiving-msgs.html#example
# sqs_send_message.py
 
import boto3

# Create SQS client
sqs = boto3.client('sqs')

queue_url = 'SQS_QUEUE_URL'

# Send message to SQS queue
response = sqs.send_message(QueueUrl=queue_url, ...)

Results:

When the name of the queue passed to the API method calls is resolvable (either because of unavailability or because of technical limitations), the analyzer will create Unknown Publisher and Receive objects.

AWS SNS (Boto3)

There are two different APIs to manage SNS services, one based on a low-level client and the higher-level one based on resources.

Supported API methods (boto3)	Link Type	Caller	Callee	Remarks
botocore.client.SNS.create_topic	N/A	N/A	N/A	Determines the topic
botocore.client.SNS.publish	callLink	Python callable artifact	Python AWS SNS Publisher, Python AWS SNS Unknown Publisher, Python SMS
botocore.client.SNS.publish_batch	callLink	Python callable artifact	Python AWS SNS Publisher, Python AWS SNS Unknown Publisher
botocore.client.SNS.subscribe	callLink	Python AWS SNS Receiver, Python AWS SNS Unknown Receiver	Python Call to AWS Lambda Function, Python AWS SQS Publisher, Python SMS, Python Email
boto3.resources.factory.sns.create_topic	N/A	N/A	N/A	Determines the topic
boto3.resources.factory.sns.ServiceResource.Topic	N/A	N/A	N/A	Determines the topic
boto3.resources.factory.sns.Topic.publish	callLink	Python callable artifact	Python AWS SNS Publisher, Python AWS SNS Unknown Publisher, Python SMS
boto3.resources.factory.sns.Topic.subscribe	callLink	Python AWS SNS Receiver, Python AWS SNS Unknown Receiver	Python Call to AWS Lambda Function, Python AWS SQS Publisher, Python SMS, Python Email
boto3.resources.factory.sns.PlatformEndpoint.publish	callLink	Python callable artifact	Python AWS SNS Publisher, Python AWS SNS Unknown Publisher, Python SMS

The supported protocols are as follows:

Protocol	Object/s created	Name of the object
email	Python AWS Email	an Email (the email addresses are not evaluated)
http/https	Python POST service request	the url (evaluated from the endpoint)
lambda	Python Call to AWS Lambda Function	the name of the lambda function (evaluated from the endpoint)
sms	Python AWS SMS	an SMS (the SMS numbers are not evaluated)
sqs	Python AWS Simple Queue Service Publisher	the name of the queue (evaluated from the endpoint)

Example

The code example below shows a basic usage of the boto3 library and the results as seen in Enlighten after analysis of the code.

import boto3

client = boto3.client('sns', region_name='eu-west-3')
topicArn1 = client.create_topic( Name = "TOPIC1")['TopicArn']

def publish(topic):
    client.publish(TopicArn=topic, Message='<your message>')

def subscribe(topic):
    client.subscribe(TopicArn=topic, Protocol="email", Endpoint="lili@lala.com")
    client.subscribe(TopicArn=topic, Protocol="sms", Endpoint="123456789")
    client.subscribe(TopicArn=topic, Protocol="sqs", Endpoint="arn:partition:service:region:account-id:queueName")
    client.subscribe(TopicArn=topic, Protocol="http", Endpoint="http://foourl")
    client.subscribe(TopicArn=topic, Protocol="lambda", Endpoint="fooarn:function:lambda_name:v2")
    
publish(topicArn1)
subscribe(topicArn1)

The callLink links between the Publisher and the respective Subscribers are created by the Web Services Linker extension during application level.

For each method a maximum of one subscriber per given topic will be created as shown in the image above. In the absence of a well-resolved topic, the analyzer will create Unknown Publishers and Subscribers. There is no link created between unknown objects.

We can also have direct sms deliveries from calls to publish API methods:

import boto3
AWS_REGION = "us-east-1"

def send_sms_from_resource():
    sns = boto3.resource("sns", region_name=AWS_REGION)
    platform_endpoint = sns.PlatformEndpoint('endpointArn')
    platform_endpoint.publish(PhoneNumber='123456789')

def send_sms():
    conn = boto3.client("sns", region_name=AWS_REGION)
    conn.publish(PhoneNumber='123456789')

Where the corresponding objects and links are:

AWS DynamoDB (Boto3)

See DynamoDB support for Python source code.

AWS S3 (Boto3)

Supported PI methods:

Method	Link Type (CRUD-like)	Caller	Callee
botocore.client.S3.put_object()	useInsertLink	Python callable artifact	Python S3 Bucket, Python Unknown S3 Bucket
botocore.client.S3.delete_bucket()	useDeleteLink	Python callable artifact	Python S3 Bucket. Python Unknown S3 Bucket
botocore.client.S3.delete_object()	useDeleteLink	Python callable artifact	Python S3 Bucket. Python Unknown S3 Bucket
botocore.client.S3.delete_objects()	useDeleteLink	Python callable artifact	Python S3 Bucket. Python Unknown S3 Bucket
botocore.client.S3.get_object()	useSelectLink	Python callable artifact	Python S3 Bucket, Python Unknown S3 Bucket
botocore.client.S3.get_object_torrent()	useSelectLink	Python callable artifact	Python S3 Bucket, Python Unknown S3 Bucket
botocore.client.S3.list_objects()	useSelectLink	Python callable artifact	Python S3 Bucket, Python Unknown S3 Bucket
botocore.client.S3.list_objects_v2()	useSelectLink	Python callable artifact	Python S3 Bucket, Python Unknown S3 Bucket
botocore.client.S3.put_bucket_logging()	useUpdateLink	Python callable artifact	Python S3 Bucket, Python Unknown S3 Bucket
botocore.client.S3.put_bucket_analytics_configuration()	useUpdateLink	Python callable artifact	Python S3 Bucket, Python Unknown S3 Bucket

Supported API methods() (botocore.client.S3)	Link Type (generic)	Caller	Callee	Other effects
botocore.client.S3.create_bucket()	callLink	Python callable artifact	Python S3 Bucket, Python Unknown S3 Bucket	Creation of S3 bucket
abort_multipart_upload, complete_multipart_upload, copy, copy_object, create_multipart_upload, delete_bucket_analytics_configuration, delete_bucket_cors, delete_bucket_encryption, delete_bucket_intelligent_tiering_configuration, delete_bucket_inventory_configuration, delete_bucket_lifecycle, delete_bucket_metrics_configuration, delete_bucket_ownership_controls, delete_bucket_policy, delete_bucket_replication, delete_bucket_tagging, delete_bucket_website, delete_object_tagging, delete_public_access_block, download_file, download_fileobj, generate_presigned_post, get_bucket_accelerate_configuration, get_bucket_acl, get_bucket_analytics_configuration, get_bucket_cors, get_bucket_encryption, get_bucket_intelligent_tiering_configuration, get_bucket_inventory_configuration, get_bucket_lifecycle, get_bucket_lifecycle_configuration, get_bucket_location, get_bucket_logging, get_bucket_metrics_configuration, get_bucket_notification, get_bucket_notification_configuration, get_bucket_ownership_controls, get_bucket_policy, get_bucket_policy_status, get_bucket_replication, get_bucket_request_payment, get_bucket_tagging, get_bucket_versioning, get_bucket_website, get_object_acl, get_object_legal_hold, get_object_lock_configuration, get_object_retention, get_object_tagging, get_object_torrent, get_public_access_block, head_bucket, head_object, list_bucket_analytics_configurations, list_bucket_intelligent_tiering_configurations, list_bucket_inventory_configurations, list_bucket_metrics_configurations, list_multipart_uploads, list_object_versions, list_parts, put_bucket_accelerate_configuration, put_bucket_acl, put_bucket_cors, put_bucket_encryption, put_bucket_intelligent_tiering_configuration, put_bucket_inventory_configuration, put_bucket_lifecycle, put_bucket_lifecycle_configuration, put_bucket_metrics_configuration, put_bucket_notification, put_bucket_notification_configuration, put_bucket_ownership_controls, put_bucket_policy, put_bucket_replication put_bucket_request_payment, put_bucket_tagging, put_bucket_versioning put_bucket_website, put_object_acl, put_object_legal_hold, put_object_lock_configuration, put_object_retention, put_object_tagging, put_public_access_block, restore_object, select_object_content, upload_file, upload_fileobj, upload_part, upload_part_copy	callLink	Python callable artifact	Python S3 Bucket, Python Unknown S3 Bucket

In the absence of a create_bucket call, references to buckets in other method calls are used to create table objects. In the case the name is well resolved, a regular S3 Bucket is created, otherwise an Unknown S3 Bucket is created. A maximum of one Unknown S3 Bucket per file is created, however a maximum of one per project (as it is already the case in analyzers for other languages such as TypeScript) is under consideration by CAST.

The long list of methods added to the last arrow in the table above correspond to methods that act on S3 Buckets and presumably using the AWS SDK API behind the scenes (those few methods only acting on the boto3 client object are not considered).

AWS-CDK

AWS Lambda (AWS-CDK)

Supported API (aws_cdk, v1 and v2)	Link type	Creates object (caller)	Callee	Support details	Remarks
aws_cdk.aws_lambda.Function	callLink	Python AWS Lambda Function	Python Method
aws_cdk.aws_lambda.CfnFunction	callLink	Python AWS Lambda Function	Python Method
aws_cdk.aws_lambda_python.PythonFunction	callLink	Python AWS Lambda Function	Python Method	default runtime = python	Only cdk v1
aws_cdk.aws_lambda_python_alpha.PythonFunction	callLink	Python AWS Lambda Function	Python Method	default runtime = python	Only cdk v2
aws_cdk.aws_lambda.Runtime	N/A	N/A	N/A	"from_image" not supported	Determines the runtime
aws_cdk.aws_lambda.Code.from_inline	N/A	N/A	N/A	code argument supported	Determines the handler
aws_cdk.aws_lambda.Code.inline	N/A	N/A	N/A	code argument supported	Determines the handler (deprecated in cdk v1)
aws_cdk.aws_lambda.Code.from_asset	N/A	N/A	N/A	path argument supported	Determines the handler
aws_cdk.aws_lambda.Code.asset	N/A	N/A	N/A	path argument supported	Determines the handler (deprecated in cdk v1)
aws_cdk.aws_lambda.InlineCode	N/A	N/A	N/A	code argument supported	Determines the handler
aws_cdk.aws_lambda.AssetCode	N/A	N/A	N/A	path argument supported	Determines the handler
aws_cdk.aws_lambda.AssetCode.from_asset	N/A	N/A	N/A	path argument supported	Determines the handler

Known Limitations

Monolithic pattern for lambda functions is not properly supported