Upload 13 files

.gitignore

@@ -0,0 +1,17 @@
+# IDE
+.idea/
+*.iml
+
+# Environments
+.venv
+
+# Packaging Artifacts
+dist/
+ssap_bill_of_materials/
+requirements.txt
+
+# Test Artifacts
+.coverage
+reports/
+.pytest_cache/
+__pycache__/

.kickstart.yml

@@ -0,0 +1,20 @@
+---
+starterName: "pythonLambda"
+starterVersion: "1.5.1"
+starterLibraries:
+- "kickstart-control-library:1.0.4"
+scope: "CTC"
+inputs:
+- name: "projectName"
+  value: "python-raven-vulnerability"
+- name: "sealId"
+  value: "123456"
+- name: "awsRegion"
+  value: "usEast1"
+- name: "environment"
+  value: "dev"
+- name: "architecture"
+  value: "event"
+- name: "lambdaName[0]"
+  value: "do-nothing-lambda"
+generated: "2024.07.31-14.06.11"

Jenkinsfile

@@ -0,0 +1,13 @@
+#!groovy
+@Library('[email protected]') _
+
+// keep 5 builds
+properties([buildDiscarder(logRotator(numToKeepStr: '5'))])
+
+buildPipeline()
+
+def buildPipeline() {
+    jules_pipelineRunner {
+        yml = 'jules.yml'
+    }
+}

Makefile

@@ -0,0 +1,61 @@
+# Grabs the list of packages from pyproject.toml
+PACKAGES := $(shell for pkg in `grep -o '"\.\.\/.*"' pyproject.toml | sed -e 's/"//g'`; do echo $$pkg; done)
+
+.PHONY: all
+.DEFAULT_GOAL=help
+
+.PHONY: clean
+clean:
+	rm -f .coverage
+	rm -f requirements.txt
+	rm -rf .pytest_cache
+	rm -rf dist
+	rm -rf reports
+
+.PHONY: distclean
+distclean: clean ## Remove all build and test artifacts and the virtual environment
+	rm -rf .venv
+
+.PHONY: build
+build: ## Create the virtual environment and install development dependencies
+	python -m poetry install
+
+.PHONY: update
+update: ## Update dependencies
+	python -m poetry update
+
+.PHONY: test
+test: ## Execute test cases
+	python -m poetry run pytest
+
+.PHONY: cover
+cover: ## Execute test cases and produce coverage reports
+	python -m poetry run pytest --cov . --junitxml reports/xunit.xml \
+	--cov-report xml:reports/coverage.xml --cov-report term-missing
+
+.PHONY: ssap
+ssap: ## Generates requirements.txt file
+	python -m poetry export --without-hashes -o requirements.txt
+
+.PHONY: collect-wheels
+collect-wheels: ## Collects all wheels under a single folder
+	@mkdir -p dist/wheels
+	@for pkg in $(PACKAGES); do cp $$pkg/dist/*.whl dist/wheels; done
+	@cp dist/*.whl dist/wheels
+
+.PHONY: package
+package: package-build collect-wheels ## Create lambda deployable zip packages for each lambda
+	@mkdir -p dist/package-exploded dist/package
+	$(eval WHEELS=$(shell ls dist/wheels))
+	@cd dist/wheels && pip install --platform manylinux2014_x86_64 --only-binary=:all: --implementation cp --target ../package-exploded $(WHEELS)
+	@cd dist/package-exploded && zip -x "*__pycache__*" -x "*dist-info*" -r ../package/lambda.zip *
+
+.PHONY: package-build
+package-build: ## Builds source and wheels archive
+	python -m poetry build
+
+.PHONY: help
+help: ## Show make target documentation
+	@awk -F ':|##' '/^[^\t].+?:.*?##/ {\
+	printf "\033[36m%-30s\033[0m %s\n", $$1, $$NF \
+	}' $(MAKEFILE_LIST)

README.md

@@ -0,0 +1,35 @@
+# Python Raven Vulnerability
+
+## Setup
+
+`python -m pip install --upgrade poetry` to install Poetry
+
+## Lambdas
+
+The project contains the following lambdas under the lambdas directory
+
+* do-nothing-lambda
+
+## Local Mode
+
+* `make build` to resolve and install dependencies
+* `make test` to execute the tests
+* `make package` to create deployable zipped packages
+* `make help` to see a list of all available commands
+
+### Deploying the Lambda from Local
+
+The Lambda should be deployed by publishing a new version to AWS which is referenced by the Lambda infrastructure using
+the "live" alias, therefore deploying the Lambda is a two step process:
+
+1. Publish a new version of the Lambda
+
+`aws lambda update-function-code --function-name app-<lambda-name> --publish --zip-file fileb://<path to zip file>`
+
+Note the Lambda version in the response.
+
+2. Update the "live" alias
+
+`aws lambda update-alias --function-name app-<lambda name> --name live --function-version <lambda version>`
+
+The "live" alias is updated automatically when deploying through jules.

jules.yml

@@ -0,0 +1,95 @@
+sealId: 123456
+node: python-3.10
+baseVersion: 1.0.0
+aim:
+  entitleAdmin: 'REPLACE_WITH_AIM_ENTITLEMENT'
+  collection: 'REPLACE_WITH_AIM_COLLECTION'
+  ru: python-raven-vulnerability
+  artifact: python-raven-vulnerability
+  script: cp dist/*.zip fileupload/
+buildConfig:
+  buildType: python
+  env:
+    variables:
+      - IDENTITY_SOURCE_LAMBDA: JET
+      - IDENTITY_SOURCE_AIM: JET
+sonarDetails:
+  additionalProperties:  >-
+    -Dsonar.language=py
+    -Dsonar.python.coverage.reportPaths=reports/**/coverage.xml
+    -Dsonar.sources=lambdas/
+    -Dsonar.inclusions=lambdas/**/src/**/*
+    -Dsonar.python.xunit.reportPath=reports/**/xunit.xml
+    -Dsonar.verbose=true
+testsight:
+  enabled: true
+  testReportDir: 'reports'
+aws:
+  endpointType: lambda
+mapping:
+  - name: default
+    build: --version
+    tasks:
+      preBuild:
+        - script: make ci-prebuild
+        - script: make ci
+      postBuild:
+        - script: make cover
+      postTest:
+        - script: make ssap
+  - name: develop
+    build: --version
+    tasks:
+      preBuild:
+        - script: make ci-prebuild
+        - script: make ci
+      postBuild:
+        - script: make cover
+      postTest:
+        - script: make ssap
+    awsDeployment:
+      - env: dev
+        accountId: 'REPLACE_WITH_AWS_DEV_ACCOUNT'
+        role: 123456-application-engineer
+        regions:
+          - region: us-east-1
+            functions:
+              - function: app-do-nothing-lambda
+                packageName: do-nothing-lambda.zip
+                publish: true
+                updateAliases:
+                  - name: live
+  - name: master
+    build: --version
+    preReleaseScans: true
+    tasks:
+      preBuild:
+        - script: make ci-prebuild
+        - script: make ci
+      postBuild:
+        - script: make cover
+      postTest:
+        - script: make ssap
+    awsDeployment:
+      - env: test
+        accountId: 'REPLACE_WITH_AWS_TEST_ACCOUNT'
+        role: 123456-application-operator
+        regions:
+          - region: us-east-1
+            functions:
+              - function: app-do-nothing-lambda
+                packageName: do-nothing-lambda.zip
+                publish: true
+                updateAliases:
+                  - name: live
+      - env: prod
+        accountId: 'REPLACE_WITH_AWS_PROD_ACCOUNT'
+        role: 123456-application-operator
+        regions:
+          - region: us-east-1
+            functions:
+              - function: app-do-nothing-lambda
+                packageName: do-nothing-lambda.zip
+                publish: true
+                updateAliases:
+                  - name: live

poetry.toml

@@ -0,0 +1,2 @@
+[virtualenvs]
+in-project = true

pyproject.toml

@@ -0,0 +1,26 @@
+[tool.poetry]
+name = "do-nothing-lambda"
+version = "1.0.0"
+description = "Do Nothing Lambda"
+authors = ["JPMC <[email protected]>"]
+
+[[tool.poetry.source]]
+name = "artifacts"
+url = "https://artifacts-read.gkp.jpmchase.net/artifactory/api/pypi/pypi/simple"
+default = true
+
+[tool.poetry.dependencies]
+python = "^3.10"
+
+[tool.poetry.group.dev.dependencies]
+boto3 = "==1.34.102"
+botocore = "==1.34.102"
+
+[tool.poetry.group.test.dependencies]
+pytest = "==8.2.0"
+coverage = "==7.5.1"
+pytest-cov = "==5.0.0"
+
+[build-system]
+requires = ["poetry-core>=1.0.0"]
+build-backend = "poetry.core.masonry.api"

requirements.txt

@@ -0,0 +1,17 @@
+matplotlib==3.6.2
+    # via
+    #   -r requirements.in
+    #   seaborn
+numpy==1.23.5
+    # via
+    #   -r requirements.in
+    #   contourpy
+    #   matplotlib
+    #   pandas
+    #   scipy
+    #   seaborn
+pandas==1.5.1
+    # via
+    #   -r requirements.in
+    #   seaborn
+Flask-Caching==2.3.0

src/do_nothing_lambda/handler.py

@@ -0,0 +1,9 @@
+import logging
+
+
+logger = logging.getLogger()
+logger.setLevel(logging.INFO)
+
+
+def execute(event, context):
+    logger.info("Received Event: %s", event)

test/test_handler.py

@@ -0,0 +1,5 @@
+from do_nothing_lambda.handler import execute
+
+
+def test_handler():
+    assert True