ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 23:05:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(aws): Improve tests and status from accessanalyzer to cloudwatch (#2711)

Browse Source
This commit is contained in:
Pepe Fagoaga
2023-08-11 11:04:04 +02:00
committed by GitHub
parent 3fafac75ef
commit 0313dba7b4
78 changed files with 725 additions and 287 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
tests/providers/aws/services/awslambda/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled_test.py
View File

@@ -147,8 +147,9 @@ class Test_awslambda_function_invoke_api_operations_cloudtrail_logging_enabled:
assert result[0].status == "FAIL"
assert (
result[0].status_extended
== f"Lambda function {function_name} is not recorded by CloudTrail"
== f"Lambda function {function_name} is not recorded by CloudTrail."
)
assert result[0].resource_tags == []
@mock_cloudtrail
@mock_s3
@@ -222,8 +223,9 @@ class Test_awslambda_function_invoke_api_operations_cloudtrail_logging_enabled:
assert result[0].status == "PASS"
assert (
result[0].status_extended
== f"Lambda function {function_name} is recorded by CloudTrail trail {trail_name}"
== f"Lambda function {function_name} is recorded by CloudTrail trail {trail_name}."
)
assert result[0].resource_tags == []
@mock_cloudtrail
@mock_s3
@@ -300,8 +302,9 @@ class Test_awslambda_function_invoke_api_operations_cloudtrail_logging_enabled:
assert result[0].status == "PASS"
assert (
result[0].status_extended
== f"Lambda function {function_name} is recorded by CloudTrail trail {trail_name}"
== f"Lambda function {function_name} is recorded by CloudTrail trail {trail_name}."
)
assert result[0].resource_tags == []
@mock_cloudtrail
@mock_s3
@@ -373,5 +376,6 @@ class Test_awslambda_function_invoke_api_operations_cloudtrail_logging_enabled:
assert result[0].status == "PASS"
assert (
result[0].status_extended
== f"Lambda function {function_name} is recorded by CloudTrail trail {trail_name}"
== f"Lambda function {function_name} is recorded by CloudTrail trail {trail_name}."
)
assert result[0].resource_tags == []

6
tests/providers/aws/services/awslambda/awslambda_function_no_secrets_in_code/awslambda_function_no_secrets_in_code_test.py
View File

@@ -76,8 +76,9 @@ class Test_awslambda_function_no_secrets_in_code:
assert result[0].status == "FAIL"
assert (
result[0].status_extended
== f"Potential secret found in Lambda function {function_name} code -> lambda_function.py: Secret Keyword on line 3"
== f"Potential secret found in Lambda function {function_name} code -> lambda_function.py: Secret Keyword on line 3."
)
assert result[0].resource_tags == []
def test_function_code_without_secrets(self):
lambda_client = mock.MagicMock
@@ -123,5 +124,6 @@ class Test_awslambda_function_no_secrets_in_code:
assert result[0].status == "PASS"
assert (
result[0].status_extended
== f"No secrets found in Lambda function {function_name} code"
== f"No secrets found in Lambda function {function_name} code."
)
assert result[0].resource_tags == []

9
tests/providers/aws/services/awslambda/awslambda_function_no_secrets_in_variables/awslambda_function_no_secrets_in_variables_test.py
View File

@@ -62,8 +62,9 @@ class Test_awslambda_function_no_secrets_in_variables:
assert result[0].status == "PASS"
assert (
result[0].status_extended
== f"No secrets found in Lambda function {function_name} variables"
== f"No secrets found in Lambda function {function_name} variables."
)
assert result[0].resource_tags == []
def test_function_secrets_in_variables(self):
lambda_client = mock.MagicMock
@@ -102,8 +103,9 @@ class Test_awslambda_function_no_secrets_in_variables:
assert result[0].status == "FAIL"
assert (
result[0].status_extended
== f"Potential secret found in Lambda function {function_name} variables -> Secret Keyword in variable db_password"
== f"Potential secret found in Lambda function {function_name} variables -> Secret Keyword in variable db_password."
)
assert result[0].resource_tags == []
def test_function_no_secrets_in_variables(self):
lambda_client = mock.MagicMock
@@ -142,5 +144,6 @@ class Test_awslambda_function_no_secrets_in_variables:
assert result[0].status == "PASS"
assert (
result[0].status_extended
== f"No secrets found in Lambda function {function_name} variables"
== f"No secrets found in Lambda function {function_name} variables."
)
assert result[0].resource_tags == []

9
tests/providers/aws/services/awslambda/awslambda_function_not_publicly_accessible/awslambda_function_not_publicly_accessible_test.py
View File

@@ -77,8 +77,9 @@ class Test_awslambda_function_not_publicly_accessible:
assert result[0].status == "FAIL"
assert (
result[0].status_extended
== f"Lambda function {function_name} has a policy resource-based policy with public access"
== f"Lambda function {function_name} has a policy resource-based policy with public access."
)
assert result[0].resource_tags == []
def test_function_not_public(self):
lambda_client = mock.MagicMock
@@ -131,8 +132,9 @@ class Test_awslambda_function_not_publicly_accessible:
assert result[0].status == "PASS"
assert (
result[0].status_extended
== f"Lambda function {function_name} has a policy resource-based policy not public"
== f"Lambda function {function_name} has a policy resource-based policy not public."
)
assert result[0].resource_tags == []
def test_function_public_with_canonical(self):
lambda_client = mock.MagicMock
@@ -185,5 +187,6 @@ class Test_awslambda_function_not_publicly_accessible:
assert result[0].status == "FAIL"
assert (
result[0].status_extended
== f"Lambda function {function_name} has a policy resource-based policy with public access"
== f"Lambda function {function_name} has a policy resource-based policy with public access."
)
assert result[0].resource_tags == []

3
tests/providers/aws/services/awslambda/awslambda_function_url_cors_policy/awslambda_function_url_cors_policy_test.py
View File

@@ -73,6 +73,7 @@ class Test_awslambda_function_url_cors_policy:
result[0].status_extended
== f"Lambda function {function_name} URL has a wide CORS configuration."
)
assert result[0].resource_tags == []
def test_function_cors_not_wide(self):
lambda_client = mock.MagicMock
@@ -116,6 +117,7 @@ class Test_awslambda_function_url_cors_policy:
result[0].status_extended
== f"Lambda function {function_name} does not have a wide CORS configuration."
)
assert result[0].resource_tags == []
def test_function_cors_wide_with_two_origins(self):
lambda_client = mock.MagicMock
@@ -161,3 +163,4 @@ class Test_awslambda_function_url_cors_policy:
result[0].status_extended
== f"Lambda function {function_name} URL has a wide CORS configuration."
)
assert result[0].resource_tags == []

2
tests/providers/aws/services/awslambda/awslambda_function_url_public/awslambda_function_url_public_test.py
View File

@@ -73,6 +73,7 @@ class Test_awslambda_function_url_public:
result[0].status_extended
== f"Lambda function {function_name} has a publicly accessible function URL."
)
assert result[0].resource_tags == []
def test_function_private_url(self):
lambda_client = mock.MagicMock
@@ -116,3 +117,4 @@ class Test_awslambda_function_url_public:
result[0].status_extended
== f"Lambda function {function_name} does not have a publicly accessible function URL."
)
assert result[0].resource_tags == []

6
tests/providers/aws/services/awslambda/awslambda_function_using_supported_runtimes/awslambda_function_using_supported_runtimes_test.py
View File

@@ -79,8 +79,9 @@ class Test_awslambda_function_using_supported_runtimes:
assert result[0].status == "FAIL"
assert (
result[0].status_extended
== f"Lambda function {function_name} is using {function_runtime} which is obsolete"
== f"Lambda function {function_name} is using {function_runtime} which is obsolete."
)
assert result[0].resource_tags == []
def test_function_supported_runtime(self):
lambda_client = mock.MagicMock
@@ -135,8 +136,9 @@ class Test_awslambda_function_using_supported_runtimes:
assert result[0].status == "PASS"
assert (
result[0].status_extended
== f"Lambda function {function_name} is using {function_runtime} which is supported"
== f"Lambda function {function_name} is using {function_runtime} which is supported."
)
assert result[0].resource_tags == []
def test_function_no_runtime(self):
lambda_client = mock.MagicMock