ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(): IAM status messages switched fail and pass text and some grammar (#1756)

Browse Source 
Co-authored-by: Francesco Badraun <francesco.badraun@zxsecurity.co.nz>
Co-authored-by: sergargar <sergio@verica.io>
Co-authored-by: n4ch04 <nachor1992@gmail.com>
This commit is contained in:
Acknosyn
2023-01-25 22:29:04 +13:00
committed by GitHub
parent 36925f0dbd
commit 02e57927fc
26 changed files with 160 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
tests/providers/aws/services/iam/iam_disable_30_days_credentials/iam_disable_30_days_credentials_test.py
View File

@@ -33,7 +33,7 @@ class Test_iam_disable_30_days_credentials_test:
result = check.execute()
assert result[0].status == "PASS"
assert search(
f"User {user} has logged into the console in the past 30 days.",
f"User {user} has logged in to the console in the past 30 days.",
result[0].status_extended,
)
assert result[0].resource_id == user
@@ -65,7 +65,7 @@ class Test_iam_disable_30_days_credentials_test:
result = check.execute()
assert result[0].status == "FAIL"
assert search(
f"User {user} has not logged into the console in the past 30 days.",
f"User {user} has not logged in to the console in the past 30 days.",
result[0].status_extended,
)
assert result[0].resource_id == user
@@ -96,7 +96,7 @@ class Test_iam_disable_30_days_credentials_test:
result = check.execute()
assert result[0].status == "PASS"
assert search(
f"User {user} has not a console password or is unused.",
f"User {user} does not have a console password or is unused.",
result[0].status_extended,
)
assert result[0].resource_id == user

6
tests/providers/aws/services/iam/iam_disable_45_days_credentials/iam_disable_45_days_credentials_test.py
View File

@@ -33,7 +33,7 @@ class Test_iam_disable_45_days_credentials_test:
result = check.execute()
assert result[0].status == "PASS"
assert search(
f"User {user} has logged into the console in the past 45 days.",
f"User {user} has logged in to the console in the past 45 days.",
result[0].status_extended,
)
assert result[0].resource_id == user
@@ -65,7 +65,7 @@ class Test_iam_disable_45_days_credentials_test:
result = check.execute()
assert result[0].status == "FAIL"
assert search(
f"User {user} has not logged into the console in the past 45 days.",
f"User {user} has not logged in to the console in the past 45 days.",
result[0].status_extended,
)
assert result[0].resource_id == user
@@ -95,7 +95,7 @@ class Test_iam_disable_45_days_credentials_test:
result = check.execute()
assert result[0].status == "PASS"
assert search(
f"User {user} has not a console password or is unused.",
f"User {user} does not have a console password or is unused.",
result[0].status_extended,
)
assert result[0].resource_id == user

6
tests/providers/aws/services/iam/iam_disable_90_days_credentials/iam_disable_90_days_credentials_test.py
View File

@@ -33,7 +33,7 @@ class Test_iam_disable_90_days_credentials_test:
result = check.execute()
assert result[0].status == "PASS"
assert search(
f"User {user} has logged into the console in the past 90 days.",
f"User {user} has logged in to the console in the past 90 days.",
result[0].status_extended,
)
assert result[0].resource_id == user
@@ -65,7 +65,7 @@ class Test_iam_disable_90_days_credentials_test:
result = check.execute()
assert result[0].status == "FAIL"
assert search(
f"User {user} has not logged into the console in the past 90 days.",
f"User {user} has not logged in to the console in the past 90 days.",
result[0].status_extended,
)
assert result[0].resource_id == user
@@ -96,7 +96,7 @@ class Test_iam_disable_90_days_credentials_test:
result = check.execute()
assert result[0].status == "PASS"
assert search(
f"User {user} has not a console password or is unused.",
f"User {user} does not have a console password or is unused.",
result[0].status_extended,
)
assert result[0].resource_id == user

10
tests/providers/aws/services/iam/iam_no_root_access_key/iam_no_root_access_key_test.py
View File

@@ -15,6 +15,8 @@ class Test_iam_no_root_access_key_test:
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.iam.iam_service import IAM
current_audit_info.audited_partition = "aws"
with mock.patch(
"prowler.providers.aws.services.iam.iam_no_root_access_key.iam_no_root_access_key.iam_client",
new=IAM(current_audit_info),
@@ -35,7 +37,7 @@ class Test_iam_no_root_access_key_test:
# raise Exception
assert result[0].status == "PASS"
assert search(
"User <root_account> has not access keys.",
"User <root_account> does not have access keys.",
result[0].status_extended,
)
assert result[0].resource_id == "<root_account>"
@@ -53,6 +55,8 @@ class Test_iam_no_root_access_key_test:
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.iam.iam_service import IAM
current_audit_info.audited_partition = "aws"
with mock.patch(
"prowler.providers.aws.services.iam.iam_no_root_access_key.iam_no_root_access_key.iam_client",
new=IAM(current_audit_info),
@@ -91,6 +95,8 @@ class Test_iam_no_root_access_key_test:
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.iam.iam_service import IAM
current_audit_info.audited_partition = "aws"
with mock.patch(
"prowler.providers.aws.services.iam.iam_no_root_access_key.iam_no_root_access_key.iam_client",
new=IAM(current_audit_info),
@@ -129,6 +135,8 @@ class Test_iam_no_root_access_key_test:
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.iam.iam_service import IAM
current_audit_info.audited_partition = "aws"
with mock.patch(
"prowler.providers.aws.services.iam.iam_no_root_access_key.iam_no_root_access_key.iam_client",
new=IAM(current_audit_info),

15
tests/providers/aws/services/iam/iam_password_policy_lowercase/iam_password_policy_lowercase_test.py
View File

@@ -1,3 +1,4 @@
from re import search
from unittest import mock
from boto3 import client
@@ -14,6 +15,8 @@ class Test_iam_password_policy_lowercase:
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.iam.iam_service import IAM
current_audit_info.audited_partition = "aws"
with mock.patch(
"prowler.providers.aws.services.iam.iam_password_policy_lowercase.iam_password_policy_lowercase.iam_client",
new=IAM(current_audit_info),
@@ -26,6 +29,11 @@ class Test_iam_password_policy_lowercase:
check = iam_password_policy_lowercase()
result = check.execute()
assert result[0].status == "FAIL"
assert search(
"IAM password policy does not require at least one lowercase letter.",
result[0].status_extended,
)
assert result[0].resource_id == "password_policy"
@mock_iam
def test_iam_password_policy_lowercase_flag(self):
@@ -36,6 +44,8 @@ class Test_iam_password_policy_lowercase:
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.iam.iam_service import IAM
current_audit_info.audited_partition = "aws"
with mock.patch(
"prowler.providers.aws.services.iam.iam_password_policy_lowercase.iam_password_policy_lowercase.iam_client",
new=IAM(current_audit_info),
@@ -48,3 +58,8 @@ class Test_iam_password_policy_lowercase:
check = iam_password_policy_lowercase()
result = check.execute()
assert result[0].status == "PASS"
assert search(
"IAM password policy requires at least one lowercase letter.",
result[0].status_extended,
)
assert result[0].resource_id == "password_policy"

22
tests/providers/aws/services/iam/iam_password_policy_minimum_length_14/iam_password_policy_minimum_length_14_test.py
View File

@@ -1,3 +1,4 @@
from re import search
from unittest import mock
from boto3 import client
@@ -14,6 +15,8 @@ class Test_iam_password_policy_minimum_length_14:
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.iam.iam_service import IAM
current_audit_info.audited_partition = "aws"
with mock.patch(
"prowler.providers.aws.services.iam.iam_password_policy_minimum_length_14.iam_password_policy_minimum_length_14.iam_client",
new=IAM(current_audit_info),
@@ -26,6 +29,11 @@ class Test_iam_password_policy_minimum_length_14:
check = iam_password_policy_minimum_length_14()
result = check.execute()
assert result[0].status == "PASS"
assert search(
"IAM password policy requires minimum length of 14 characters.",
result[0].status_extended,
)
assert result[0].resource_id == "password_policy"
@mock_iam
def test_iam_password_policy_minimum_length_greater_14(self):
@@ -36,6 +44,8 @@ class Test_iam_password_policy_minimum_length_14:
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.iam.iam_service import IAM
current_audit_info.audited_partition = "aws"
with mock.patch(
"prowler.providers.aws.services.iam.iam_password_policy_minimum_length_14.iam_password_policy_minimum_length_14.iam_client",
new=IAM(current_audit_info),
@@ -48,6 +58,11 @@ class Test_iam_password_policy_minimum_length_14:
check = iam_password_policy_minimum_length_14()
result = check.execute()
assert result[0].status == "PASS"
assert search(
"IAM password policy requires minimum length of 14 characters.",
result[0].status_extended,
)
assert result[0].resource_id == "password_policy"
@mock_iam
def test_iam_password_policy_minimum_length_less_14(self):
@@ -58,6 +73,8 @@ class Test_iam_password_policy_minimum_length_14:
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.iam.iam_service import IAM
current_audit_info.audited_partition = "aws"
with mock.patch(
"prowler.providers.aws.services.iam.iam_password_policy_minimum_length_14.iam_password_policy_minimum_length_14.iam_client",
new=IAM(current_audit_info),
@@ -70,3 +87,8 @@ class Test_iam_password_policy_minimum_length_14:
check = iam_password_policy_minimum_length_14()
result = check.execute()
assert result[0].status == "FAIL"
assert search(
"IAM password policy does not require minimum length of 14 characters.",
result[0].status_extended,
)
assert result[0].resource_id == "password_policy"

15
tests/providers/aws/services/iam/iam_password_policy_number/iam_password_policy_number_test.py
View File

@@ -1,3 +1,4 @@
from re import search
from unittest import mock
from boto3 import client
@@ -14,6 +15,8 @@ class Test_iam_password_policy_number:
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.iam.iam_service import IAM
current_audit_info.audited_partition = "aws"
with mock.patch(
"prowler.providers.aws.services.iam.iam_password_policy_number.iam_password_policy_number.iam_client",
new=IAM(current_audit_info),
@@ -26,6 +29,11 @@ class Test_iam_password_policy_number:
check = iam_password_policy_number()
result = check.execute()
assert result[0].status == "FAIL"
assert search(
"IAM password policy does not require at least one number.",
result[0].status_extended,
)
assert result[0].resource_id == "password_policy"
@mock_iam
def test_iam_password_policy_number_flag(self):
@@ -36,6 +44,8 @@ class Test_iam_password_policy_number:
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.iam.iam_service import IAM
current_audit_info.audited_partition = "aws"
with mock.patch(
"prowler.providers.aws.services.iam.iam_password_policy_number.iam_password_policy_number.iam_client",
new=IAM(current_audit_info),
@@ -48,3 +58,8 @@ class Test_iam_password_policy_number:
check = iam_password_policy_number()
result = check.execute()
assert result[0].status == "PASS"
assert search(
"IAM password policy requires at least one number.",
result[0].status_extended,
)
assert result[0].resource_id == "password_policy"

15
tests/providers/aws/services/iam/iam_password_policy_symbol/iam_password_policy_symbol_test.py
View File

@@ -1,3 +1,4 @@
from re import search
from unittest import mock
from boto3 import client
@@ -14,6 +15,8 @@ class Test_iam_password_policy_symbol:
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.iam.iam_service import IAM
current_audit_info.audited_partition = "aws"
with mock.patch(
"prowler.providers.aws.services.iam.iam_password_policy_symbol.iam_password_policy_symbol.iam_client",
new=IAM(current_audit_info),
@@ -26,6 +29,11 @@ class Test_iam_password_policy_symbol:
check = iam_password_policy_symbol()
result = check.execute()
assert result[0].status == "FAIL"
assert search(
"IAM password policy does not require at least one symbol.",
result[0].status_extended,
)
assert result[0].resource_id == "password_policy"
@mock_iam
def test_iam_password_policy_symbol_flag(self):
@@ -36,6 +44,8 @@ class Test_iam_password_policy_symbol:
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.iam.iam_service import IAM
current_audit_info.audited_partition = "aws"
with mock.patch(
"prowler.providers.aws.services.iam.iam_password_policy_symbol.iam_password_policy_symbol.iam_client",
new=IAM(current_audit_info),
@@ -48,3 +58,8 @@ class Test_iam_password_policy_symbol:
check = iam_password_policy_symbol()
result = check.execute()
assert result[0].status == "PASS"
assert search(
"IAM password policy requires at least one symbol.",
result[0].status_extended,
)
assert result[0].resource_id == "password_policy"

9
tests/providers/aws/services/iam/iam_root_hardware_mfa_enabled/iam_root_hardware_mfa_enabled_test.py
View File

@@ -14,6 +14,8 @@ class Test_iam_root_hardware_mfa_enabled_test:
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.iam.iam_service import IAM
current_audit_info.audited_partition = "aws"
with mock.patch(
"prowler.providers.aws.services.iam.iam_root_hardware_mfa_enabled.iam_root_hardware_mfa_enabled.iam_client",
new=IAM(current_audit_info),
@@ -29,7 +31,7 @@ class Test_iam_root_hardware_mfa_enabled_test:
result = check.execute()
assert result[0].status == "FAIL"
assert search(
"Root account has a virtual MFA instead of a hardware MFA enabled.",
"Root account has a virtual MFA instead of a hardware MFA device enabled.",
result[0].status_extended,
)
assert result[0].resource_id == "root"
@@ -42,6 +44,8 @@ class Test_iam_root_hardware_mfa_enabled_test:
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.iam.iam_service import IAM
current_audit_info.audited_partition = "aws"
with mock.patch(
"prowler.providers.aws.services.iam.iam_root_hardware_mfa_enabled.iam_root_hardware_mfa_enabled.iam_client",
new=IAM(current_audit_info),
@@ -57,7 +61,8 @@ class Test_iam_root_hardware_mfa_enabled_test:
result = check.execute()
assert result[0].status == "PASS"
assert search(
"Root account has hardware MFA enabled.", result[0].status_extended
"Root account has a hardware MFA device enabled.",
result[0].status_extended,
)
assert result[0].resource_id == "root"
assert (

10
tests/providers/aws/services/iam/iam_rotate_access_key_90_days/iam_rotate_access_key_90_days_test.py
View File

@@ -15,6 +15,8 @@ class Test_iam_rotate_access_key_90_days_test:
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.iam.iam_service import IAM
current_audit_info.audited_partition = "aws"
with mock.patch(
"prowler.providers.aws.services.iam.iam_rotate_access_key_90_days.iam_rotate_access_key_90_days.iam_client",
new=IAM(current_audit_info),
@@ -29,7 +31,9 @@ class Test_iam_rotate_access_key_90_days_test:
check = iam_rotate_access_key_90_days()
result = check.execute()
assert result[0].status == "PASS"
assert result[0].status_extended == f"User {user} has not access keys."
assert (
result[0].status_extended == f"User {user} does not have access keys."
)
assert result[0].resource_id == user
assert result[0].resource_arn == arn
@@ -45,6 +49,8 @@ class Test_iam_rotate_access_key_90_days_test:
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.iam.iam_service import IAM
current_audit_info.audited_partition = "aws"
with mock.patch(
"prowler.providers.aws.services.iam.iam_rotate_access_key_90_days.iam_rotate_access_key_90_days.iam_client",
new=IAM(current_audit_info),
@@ -79,6 +85,8 @@ class Test_iam_rotate_access_key_90_days_test:
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.iam.iam_service import IAM
current_audit_info.audited_partition = "aws"
with mock.patch(
"prowler.providers.aws.services.iam.iam_rotate_access_key_90_days.iam_rotate_access_key_90_days.iam_client",
new=IAM(current_audit_info),

12
tests/providers/aws/services/iam/iam_user_hardware_mfa_enabled/iam_user_hardware_mfa_enabled_test.py
View File

@@ -14,6 +14,8 @@ class Test_iam_user_hardware_mfa_enabled_test:
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.iam.iam_service import IAM
current_audit_info.audited_partition = "aws"
with mock.patch(
"prowler.providers.aws.services.iam.iam_user_hardware_mfa_enabled.iam_user_hardware_mfa_enabled.iam_client",
new=IAM(current_audit_info),
@@ -28,7 +30,7 @@ class Test_iam_user_hardware_mfa_enabled_test:
assert result[0].status == "FAIL"
assert search(
f"User {user} has not any type of MFA enabled.",
f"User {user} does not have any type of MFA enabled.",
result[0].status_extended,
)
assert result[0].resource_id == user
@@ -42,6 +44,8 @@ class Test_iam_user_hardware_mfa_enabled_test:
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.iam.iam_service import IAM, MFADevice
current_audit_info.audited_partition = "aws"
with mock.patch(
"prowler.providers.aws.services.iam.iam_user_hardware_mfa_enabled.iam_user_hardware_mfa_enabled.iam_client",
new=IAM(current_audit_info),
@@ -62,7 +66,7 @@ class Test_iam_user_hardware_mfa_enabled_test:
assert len(result) == 1
assert result[0].status == "FAIL"
assert search(
f"User {user} has a virtual MFA instead of a hardware MFA enabled.",
f"User {user} has a virtual MFA instead of a hardware MFA device enabled.",
result[0].status_extended,
)
assert result[0].resource_id == user
@@ -76,6 +80,8 @@ class Test_iam_user_hardware_mfa_enabled_test:
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.iam.iam_service import IAM, MFADevice
current_audit_info.audited_partition = "aws"
with mock.patch(
"prowler.providers.aws.services.iam.iam_user_hardware_mfa_enabled.iam_user_hardware_mfa_enabled.iam_client",
new=IAM(current_audit_info),
@@ -96,7 +102,7 @@ class Test_iam_user_hardware_mfa_enabled_test:
assert len(result) == 1
assert result[0].status == "FAIL"
assert search(
f"User {user} has a virtual MFA instead of a hardware MFA enabled.",
f"User {user} has a virtual MFA instead of a hardware MFA device enabled.",
result[0].status_extended,
)
assert result[0].resource_id == user

4
tests/providers/aws/services/iam/iam_user_mfa_enabled_console_access/iam_user_mfa_enabled_console_access_test.py
View File

@@ -31,7 +31,7 @@ class Test_iam_user_mfa_enabled_console_access_test:
assert result[0].status == "PASS"
assert (
result[0].status_extended
== f"User {user} has not Console Password enabled."
== f"User {user} does not have Console Password enabled."
)
assert result[0].resource_id == user
assert result[0].resource_arn == arn
@@ -62,7 +62,7 @@ class Test_iam_user_mfa_enabled_console_access_test:
assert result[0].status == "PASS"
assert (
result[0].status_extended
== f"User {user} has not Console Password enabled."
== f"User {user} does not have Console Password enabled."
)
assert result[0].resource_id == user
assert result[0].resource_arn == arn

14
tests/providers/aws/services/iam/iam_user_two_active_access_key/iam_user_two_active_access_key_test.py
View File

@@ -20,6 +20,8 @@ class Test_iam_user_two_active_access_key:
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.iam.iam_service import IAM
current_audit_info.audited_partition = "aws"
with mock.patch(
"prowler.providers.aws.services.iam.iam_user_two_active_access_key.iam_user_two_active_access_key.iam_client",
new=IAM(current_audit_info),
@@ -52,6 +54,8 @@ class Test_iam_user_two_active_access_key:
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.iam.iam_service import IAM
current_audit_info.audited_partition = "aws"
with mock.patch(
"prowler.providers.aws.services.iam.iam_user_two_active_access_key.iam_user_two_active_access_key.iam_client",
new=IAM(current_audit_info),
@@ -69,7 +73,8 @@ class Test_iam_user_two_active_access_key:
assert result[0].resource_id == user
assert result[0].resource_arn == user_arn
assert search(
f"User {user} has not 2 active access keys.", result[0].status_extended
f"User {user} does not have 2 active access keys.",
result[0].status_extended,
)
@mock_iam
@@ -82,6 +87,8 @@ class Test_iam_user_two_active_access_key:
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.iam.iam_service import IAM
current_audit_info.audited_partition = "aws"
with mock.patch(
"prowler.providers.aws.services.iam.iam_user_two_active_access_key.iam_user_two_active_access_key.iam_client",
new=IAM(current_audit_info),
@@ -99,7 +106,8 @@ class Test_iam_user_two_active_access_key:
assert result[0].resource_id == user
assert result[0].resource_arn == user_arn
assert search(
f"User {user} has not 2 active access keys.", result[0].status_extended
f"User {user} does not have 2 active access keys.",
result[0].status_extended,
)
@mock_iam
@@ -107,6 +115,8 @@ class Test_iam_user_two_active_access_key:
from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
from prowler.providers.aws.services.iam.iam_service import IAM
current_audit_info.audited_partition = "aws"
with mock.patch(
"prowler.providers.aws.services.iam.iam_user_two_active_access_key.iam_user_two_active_access_key.iam_client",
new=IAM(current_audit_info),