in cartography/intel/aws/ec2.py [0:0]
def _get_cidr_association_statement(block_type):
ingest_cidr = """
MATCH (vpc:AWSVpc{id: {VpcId}})
WITH vpc
UNWIND {CidrBlock} as block_data
MERGE (new_block:#BLOCK_TYPE#{id: {VpcId} + '|' + block_data.#BLOCK_CIDR#})
ON CREATE SET new_block.firstseen = timestamp()
SET new_block.association_id = block_data.AssociationId,
new_block.cidr_block = block_data.#BLOCK_CIDR#,
new_block.block_state = block_data.#STATE_NAME#.State,
new_block.block_state_message = block_data.#STATE_NAME#.StatusMessage,
new_block.lastupdated = {aws_update_tag}
WITH vpc, new_block
MERGE (vpc)-[r:BLOCK_ASSOCIATION]->(new_block)
ON CREATE SET r.firstseen = timestamp()
SET r.lastupdated = {aws_update_tag}"""
BLOCK_CIDR = "CidrBlock"
STATE_NAME = "CidrBlockState"
# base label type. We add the AWS ipv4 or 6 depending on block type
BLOCK_TYPE = "AWSCidrBlock"
if block_type == "ipv6":
BLOCK_CIDR = "Ipv6" + BLOCK_CIDR
STATE_NAME = "Ipv6" + STATE_NAME
BLOCK_TYPE = BLOCK_TYPE + ":AWSIpv6CidrBlock"
elif block_type == "ipv4":
BLOCK_TYPE = BLOCK_TYPE + ":AWSIpv4CidrBlock"
else:
raise ValueError("Unsupported block type specified - {0}".format(block_type))
return ingest_cidr.replace("#BLOCK_CIDR#", BLOCK_CIDR)\
.replace("#STATE_NAME#", STATE_NAME)\
.replace("#BLOCK_TYPE#", BLOCK_TYPE)