mirror of
https://github.com/ghndrx/prowler.git
synced 2026-02-10 23:05:05 +00:00
fix(backups): change severity and only check report_plans if plans exists (#2291)
Co-authored-by: Pepe Fagoaga <pepe@verica.io>
This commit is contained in:
Gabriel Soltz
@@ -10,7 +10,7 @@
|
||||
"ServiceName": "backup",
|
||||
"SubServiceName": "",
|
||||
"ResourceIdTemplate": "arn:partition:service:region:account-id:backup-plan:backup-plan-id",
|
||||
"Severity": "medium",
|
||||
"Severity": "low",
|
||||
"ResourceType": "AwsBackupBackupPlan",
|
||||
"Description": "This check ensures that there is at least one backup plan in place.",
|
||||
"Risk": "Without a backup plan, an organization may be at risk of losing important data due to accidental deletion, system failures, or natural disasters. This can result in significant financial and reputational damage for the organization.",
|
||||
|
||||
@@ -9,11 +9,13 @@ class backup_plans_exist(Check):
|
||||
report.status = "FAIL"
|
||||
report.status_extended = "No Backup Plan Exist"
|
||||
report.resource_arn = ""
|
||||
report.resource_id = "No Backups"
|
||||
report.resource_id = "Backups"
|
||||
report.region = backup_client.region
|
||||
if backup_client.backup_plans:
|
||||
report.status = "PASS"
|
||||
report.status_extended = f"At least one backup plan exists: { backup_client.backup_plans[0].name}"
|
||||
report.status_extended = (
|
||||
f"At least one backup plan exists: {backup_client.backup_plans[0].name}"
|
||||
)
|
||||
report.resource_arn = backup_client.backup_plans[0].arn
|
||||
report.resource_id = backup_client.backup_plans[0].name
|
||||
report.region = backup_client.backup_plans[0].region
|
||||
|
||||
@@ -5,18 +5,20 @@ from prowler.providers.aws.services.backup.backup_client import backup_client
|
||||
class backup_reportplans_exist(Check):
|
||||
def execute(self):
|
||||
findings = []
|
||||
report = Check_Report_AWS(self.metadata())
|
||||
report.status = "FAIL"
|
||||
report.status_extended = "No Backup Report Plan Exist"
|
||||
report.resource_arn = ""
|
||||
report.resource_id = "No Backups"
|
||||
report.region = backup_client.region
|
||||
if backup_client.backup_report_plans:
|
||||
report.status = "PASS"
|
||||
report.status_extended = f"At least one backup report plan exists: { backup_client.backup_report_plans[0].name}"
|
||||
report.resource_arn = backup_client.backup_report_plans[0].arn
|
||||
report.resource_id = backup_client.backup_report_plans[0].name
|
||||
report.region = backup_client.backup_report_plans[0].region
|
||||
# We only check report plans if backup plans exist, reducing noise
|
||||
if backup_client.backup_plans:
|
||||
report = Check_Report_AWS(self.metadata())
|
||||
report.status = "FAIL"
|
||||
report.status_extended = "No Backup Report Plan Exist"
|
||||
report.resource_arn = ""
|
||||
report.resource_id = "Backups"
|
||||
report.region = backup_client.region
|
||||
if backup_client.backup_report_plans:
|
||||
report.status = "PASS"
|
||||
report.status_extended = f"At least one backup report plan exists: { backup_client.backup_report_plans[0].name}"
|
||||
report.resource_arn = backup_client.backup_report_plans[0].arn
|
||||
report.resource_id = backup_client.backup_report_plans[0].name
|
||||
report.region = backup_client.backup_report_plans[0].region
|
||||
|
||||
findings.append(report)
|
||||
findings.append(report)
|
||||
return findings
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
"ServiceName": "backup",
|
||||
"SubServiceName": "",
|
||||
"ResourceIdTemplate": "arn:partition:service:region:account-id:backup-vault:backup-vault-id",
|
||||
"Severity": "medium",
|
||||
"Severity": "low",
|
||||
"ResourceType": "AwsBackupBackupVault",
|
||||
"Description": "This check ensures that AWS Backup vaults exist to provide a secure and durable storage location for backup data.",
|
||||
"Risk": "Without an AWS Backup vault, an organization's critical data may be at risk of being lost in the event of an accidental deletion, system failures, or natural disasters.",
|
||||
|
||||
@@ -9,7 +9,7 @@ class backup_vaults_exist(Check):
|
||||
report.status = "FAIL"
|
||||
report.status_extended = "No Backup Vault Exist"
|
||||
report.resource_arn = ""
|
||||
report.resource_id = "No Backups"
|
||||
report.resource_id = "Backups"
|
||||
report.region = backup_client.region
|
||||
if backup_client.backup_vaults:
|
||||
report.status = "PASS"
|
||||
|
||||
@@ -26,7 +26,7 @@ class Test_backup_plans_exist:
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "FAIL"
|
||||
assert result[0].status_extended == "No Backup Plan Exist"
|
||||
assert result[0].resource_id == "No Backups"
|
||||
assert result[0].resource_id == "Backups"
|
||||
assert result[0].resource_arn == ""
|
||||
assert result[0].region == AWS_REGION
|
||||
|
||||
|
||||
@@ -1,15 +1,47 @@
|
||||
from datetime import datetime
|
||||
from unittest import mock
|
||||
|
||||
from prowler.providers.aws.services.backup.backup_service import BackupReportPlan
|
||||
from prowler.providers.aws.services.backup.backup_service import (
|
||||
BackupPlan,
|
||||
BackupReportPlan,
|
||||
)
|
||||
|
||||
AWS_REGION = "eu-west-1"
|
||||
|
||||
|
||||
class Test_backup_reportplans_exist:
|
||||
def test_no_backup_plans(self):
|
||||
backup_client = mock.MagicMock
|
||||
backup_client.region = AWS_REGION
|
||||
backup_client.backup_plans = []
|
||||
with mock.patch(
|
||||
"prowler.providers.aws.services.backup.backup_service.Backup",
|
||||
new=backup_client,
|
||||
):
|
||||
# Test Check
|
||||
from prowler.providers.aws.services.backup.backup_reportplans_exist.backup_reportplans_exist import (
|
||||
backup_reportplans_exist,
|
||||
)
|
||||
|
||||
check = backup_reportplans_exist()
|
||||
result = check.execute()
|
||||
|
||||
assert len(result) == 0
|
||||
|
||||
def test_no_backup_report_plans(self):
|
||||
backup_client = mock.MagicMock
|
||||
backup_client.region = AWS_REGION
|
||||
backup_client.backup_plans = [
|
||||
BackupPlan(
|
||||
arn="ARN",
|
||||
id="MyBackupPlan",
|
||||
region=AWS_REGION,
|
||||
name="MyBackupPlan",
|
||||
version_id="version_id",
|
||||
last_execution_date=datetime(2015, 1, 1),
|
||||
advanced_settings=[],
|
||||
)
|
||||
]
|
||||
backup_client.backup_report_plans = []
|
||||
with mock.patch(
|
||||
"prowler.providers.aws.services.backup.backup_service.Backup",
|
||||
@@ -26,13 +58,24 @@ class Test_backup_reportplans_exist:
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "FAIL"
|
||||
assert result[0].status_extended == "No Backup Report Plan Exist"
|
||||
assert result[0].resource_id == "No Backups"
|
||||
assert result[0].resource_id == "Backups"
|
||||
assert result[0].resource_arn == ""
|
||||
assert result[0].region == AWS_REGION
|
||||
|
||||
def test_one_backup_report_plan(self):
|
||||
backup_client = mock.MagicMock
|
||||
backup_client.region = AWS_REGION
|
||||
backup_client.backup_plans = [
|
||||
BackupPlan(
|
||||
arn="ARN",
|
||||
id="MyBackupPlan",
|
||||
region=AWS_REGION,
|
||||
name="MyBackupPlan",
|
||||
version_id="version_id",
|
||||
last_execution_date=datetime(2015, 1, 1),
|
||||
advanced_settings=[],
|
||||
)
|
||||
]
|
||||
backup_client.backup_report_plans = [
|
||||
BackupReportPlan(
|
||||
arn="ARN",
|
||||
|
||||
@@ -25,7 +25,7 @@ class Test_backup_vaults_exist:
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "FAIL"
|
||||
assert result[0].status_extended == "No Backup Vault Exist"
|
||||
assert result[0].resource_id == "No Backups"
|
||||
assert result[0].resource_id == "Backups"
|
||||
assert result[0].resource_arn == ""
|
||||
assert result[0].region == AWS_REGION
|
||||
|
||||
|
||||
Reference in New Issue
Block a user