build(deps-dev): bump pytest from 7.4.2 to 7.4.3 (#2981)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Pepe Fagoaga <pepe@verica.io>

poetry.lock

@@ -1933,13 +1933,13 @@ diagrams = ["jinja2", "railroad-diagrams"]
 
 [[package]]
 name = "pytest"
-version = "7.4.2"
+version = "7.4.3"
 description = "pytest: simple powerful testing with Python"
 optional = false
 python-versions = ">=3.7"
 files = [
-    {file = "pytest-7.4.2-py3-none-any.whl", hash = "sha256:1d881c6124e08ff0a1bb75ba3ec0bfd8b5354a01c194ddd5a0a870a48d99b002"},
-    {file = "pytest-7.4.2.tar.gz", hash = "sha256:a766259cfab564a2ad52cb1aae1b881a75c3eb7e34ca3779697c23ed47c47069"},
+    {file = "pytest-7.4.3-py3-none-any.whl", hash = "sha256:0d009c083ea859a71b76adf7c1d502e4bc170b80a8ef002da5806527b9591fac"},
+    {file = "pytest-7.4.3.tar.gz", hash = "sha256:d989d136982de4e3b29dabcc838ad581c64e8ed52c11fbe86ddebd9da0818cd5"},
 ]
 
 [package.dependencies]
@@ -2889,4 +2889,4 @@ docs = ["mkdocs", "mkdocs-material"]
 [metadata]
 lock-version = "2.0"
 python-versions = "^3.9"
-content-hash = "aef6e6b3e68e4fe079d80851d20290cf23290d69391529d4670183c24be14714"
+content-hash = "18a939f0238eb68ec48a95c569985f38683aaa795c1ca1eb280e402d3fa066ad"

pyproject.toml

@@ -64,7 +64,7 @@ mock = "5.1.0"
 moto = "4.2.6"
 openapi-spec-validator = "0.7.1"
 pylint = "3.0.2"
-pytest = "7.4.2"
+pytest = "7.4.3"
 pytest-cov = "4.1.0"
 pytest-randomly = "3.15.0"
 pytest-xdist = "3.3.1"

tests/providers/aws/audit_info_utils.py

@@ -4,6 +4,7 @@ from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
 from prowler.providers.common.models import Audit_Metadata
 
 AWS_REGION_US_EAST_1 = "us-east-1"
+AWS_REGION_EU_WEST_1 = "eu-west-1"
 AWS_PARTITION = "aws"
 AWS_ACCOUNT_NUMBER = "123456789012"
 AWS_ACCOUNT_ARN = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"

tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379_test.py

@@ -1,57 +1,35 @@
 from unittest import mock
 
-from boto3 import client, resource, session
+from boto3 import client, resource
 from moto import mock_ec2
 
-from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
 from prowler.providers.aws.services.vpc.vpc_service import VPC
-from prowler.providers.common.models import Audit_Metadata
-
-AWS_REGION = "us-east-1"
-AWS_ACCOUNT_NUMBER = "123456789012"
+from tests.providers.aws.audit_info_utils import (
+    AWS_REGION_EU_WEST_1,
+    AWS_REGION_US_EAST_1,
+    set_mocked_aws_audit_info,
+)
 
 
 class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379:
-    def set_mocked_audit_info(self):
-        audit_info = AWS_Audit_Info(
-            session_config=None,
-            original_session=None,
-            audit_session=session.Session(
-                profile_name=None,
-                botocore_session=None,
-            ),
-            audited_account=AWS_ACCOUNT_NUMBER,
-            audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root",
-            audited_user_id=None,
-            audited_partition="aws",
-            audited_identity_arn=None,
-            profile=None,
-            profile_region=None,
-            credentials=None,
-            assumed_role_info=None,
-            audited_regions=["us-east-1", "eu-west-1"],
-            organizations_metadata=None,
-            audit_resources=None,
-            mfa_enabled=False,
-            audit_metadata=Audit_Metadata(
-                services_scanned=0,
-                expected_checks=[],
-                completed_checks=0,
-                audit_progress=0,
-            ),
-        )
-
-        return audit_info
-
     @mock_ec2
     def test_ec2_default_sgs(self):
         # Create EC2 Mocked Resources
-        ec2_client = client("ec2", region_name=AWS_REGION)
-        ec2_client.create_vpc(CidrBlock="10.0.0.0/16")
+        ec2_client_us_east_1 = client("ec2", region_name=AWS_REGION_US_EAST_1)
+        ec2_client_us_east_1.create_vpc(CidrBlock="10.0.0.0/16")
+        sgs_us_east_1 = ec2_client_us_east_1.describe_security_groups()[
+            "SecurityGroups"
+        ]
 
+        ec2_client_eu_west_1 = client("ec2", region_name=AWS_REGION_EU_WEST_1)
+        sgs_eu_west_1 = ec2_client_eu_west_1.describe_security_groups()[
+            "SecurityGroups"
+        ]
         from prowler.providers.aws.services.ec2.ec2_service import EC2
 
-        current_audit_info = self.set_mocked_audit_info()
+        current_audit_info = set_mocked_aws_audit_info(
+            audited_regions=[AWS_REGION_US_EAST_1, AWS_REGION_EU_WEST_1]
+        )
 
         with mock.patch(
             "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
@@ -73,24 +51,55 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379:
             )
             result = check.execute()
 
-            # One default sg per region
+            # One default sg per region + VPC
             assert len(result) == 3
+
             # All are compliant by default
-            assert result[0].status == "PASS"
-            assert result[1].status == "PASS"
-            assert result[2].status == "PASS"
+            # 2 in us-east-1
+            for sg in sgs_us_east_1:
+                for res in result:
+                    if res.resource_id == sg["GroupId"]:
+                        assert res.status == "PASS"
+                        assert res.region == AWS_REGION_US_EAST_1
+                        assert (
+                            res.status_extended
+                            == f"Security group {sg['GroupName']} ({sg['GroupId']}) does not have Redis port 6379 open to the Internet."
+                        )
+                        assert (
+                            res.resource_arn
+                            == f"arn:{current_audit_info.audited_partition}:ec2:{AWS_REGION_US_EAST_1}:{current_audit_info.audited_account}:security-group/{sg['GroupId']}"
+                        )
+                        assert res.resource_details == sg["GroupName"]
+                        assert res.resource_tags == []
+
+            # 1 in eu-west-1
+            for sg in sgs_eu_west_1:
+                for res in result:
+                    if res.resource_id == sg["GroupId"]:
+                        assert res.status == "PASS"
+                        assert res.region == AWS_REGION_EU_WEST_1
+                        assert (
+                            res.status_extended
+                            == f"Security group {sg['GroupName']} ({sg['GroupId']}) does not have Redis port 6379 open to the Internet."
+                        )
+                        assert (
+                            res.resource_arn
+                            == f"arn:{current_audit_info.audited_partition}:ec2:{AWS_REGION_EU_WEST_1}:{current_audit_info.audited_account}:security-group/{sg['GroupId']}"
+                        )
+                        assert res.resource_details == sg["GroupName"]
+                        assert res.resource_tags == []
 
     @mock_ec2
     def test_ec2_non_compliant_default_sg(self):
         # Create EC2 Mocked Resources
-        ec2_client = client("ec2", region_name=AWS_REGION)
-        ec2_client.create_vpc(CidrBlock="10.0.0.0/16")
-        default_sg = ec2_client.describe_security_groups(GroupNames=["default"])[
-            "SecurityGroups"
-        ][0]
+        ec2_client_us_east_1 = client("ec2", region_name=AWS_REGION_US_EAST_1)
+        ec2_client_us_east_1.create_vpc(CidrBlock="10.0.0.0/16")
+        default_sg = ec2_client_us_east_1.describe_security_groups(
+            GroupNames=["default"]
+        )["SecurityGroups"][0]
         default_sg_id = default_sg["GroupId"]
         default_sg_name = default_sg["GroupName"]
-        ec2_client.authorize_security_group_ingress(
+        ec2_client_us_east_1.authorize_security_group_ingress(
             GroupId=default_sg_id,
             IpPermissions=[
                 {
@@ -104,7 +113,9 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379:
 
         from prowler.providers.aws.services.ec2.ec2_service import EC2
 
-        current_audit_info = self.set_mocked_audit_info()
+        current_audit_info = set_mocked_aws_audit_info(
+            audited_regions=[AWS_REGION_US_EAST_1, AWS_REGION_EU_WEST_1]
+        )
 
         with mock.patch(
             "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
@@ -126,20 +137,20 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379:
             )
             result = check.execute()
 
-            # One default sg per region
+            # One default sg per region + VPC
             assert len(result) == 3
-            # Search changed sg
+
             for sg in result:
                 if sg.resource_id == default_sg_id:
                     assert sg.status == "FAIL"
-                    assert sg.region == AWS_REGION
+                    assert sg.region == AWS_REGION_US_EAST_1
                     assert (
                         sg.status_extended
                         == f"Security group {default_sg_name} ({default_sg_id}) has Redis port 6379 open to the Internet."
                     )
                     assert (
                         sg.resource_arn
-                        == f"arn:{current_audit_info.audited_partition}:ec2:{AWS_REGION}:{current_audit_info.audited_account}:security-group/{default_sg_id}"
+                        == f"arn:{current_audit_info.audited_partition}:ec2:{AWS_REGION_US_EAST_1}:{current_audit_info.audited_account}:security-group/{default_sg_id}"
                     )
                     assert sg.resource_details == default_sg_name
                     assert sg.resource_tags == []
@@ -147,7 +158,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379:
     @mock_ec2
     def test_ec2_compliant_default_sg(self):
         # Create EC2 Mocked Resources
-        ec2_client = client("ec2", region_name=AWS_REGION)
+        ec2_client = client("ec2", region_name=AWS_REGION_US_EAST_1)
         ec2_client.create_vpc(CidrBlock="10.0.0.0/16")
         default_sg = ec2_client.describe_security_groups(GroupNames=["default"])[
             "SecurityGroups"
@@ -168,8 +179,9 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379:
 
         from prowler.providers.aws.services.ec2.ec2_service import EC2
 
-        current_audit_info = self.set_mocked_audit_info()
-
+        current_audit_info = set_mocked_aws_audit_info(
+            audited_regions=[AWS_REGION_US_EAST_1, AWS_REGION_EU_WEST_1]
+        )
         with mock.patch(
             "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
             new=current_audit_info,
@@ -192,18 +204,18 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379:
 
             # One default sg per region
             assert len(result) == 3
-            # Search changed sg
+
             for sg in result:
                 if sg.resource_id == default_sg_id:
                     assert sg.status == "PASS"
-                    assert sg.region == AWS_REGION
+                    assert sg.region == AWS_REGION_US_EAST_1
                     assert (
                         sg.status_extended
                         == f"Security group {default_sg_name} ({default_sg_id}) does not have Redis port 6379 open to the Internet."
                     )
                     assert (
                         sg.resource_arn
-                        == f"arn:{current_audit_info.audited_partition}:ec2:{AWS_REGION}:{current_audit_info.audited_account}:security-group/{default_sg_id}"
+                        == f"arn:{current_audit_info.audited_partition}:ec2:{AWS_REGION_US_EAST_1}:{current_audit_info.audited_account}:security-group/{default_sg_id}"
                     )
                     assert sg.resource_details == default_sg_name
                     assert sg.resource_tags == []
@@ -211,12 +223,14 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379:
     @mock_ec2
     def test_ec2_default_sgs_ignoring(self):
         # Create EC2 Mocked Resources
-        ec2_client = client("ec2", region_name=AWS_REGION)
+        ec2_client = client("ec2", region_name=AWS_REGION_US_EAST_1)
         ec2_client.create_vpc(CidrBlock="10.0.0.0/16")
 
         from prowler.providers.aws.services.ec2.ec2_service import EC2
 
-        current_audit_info = self.set_mocked_audit_info()
+        current_audit_info = set_mocked_aws_audit_info(
+            audited_regions=[AWS_REGION_US_EAST_1, AWS_REGION_EU_WEST_1]
+        )
         current_audit_info.ignore_unused_services = True
 
         with mock.patch(
@@ -225,6 +239,9 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379:
         ), mock.patch(
             "prowler.providers.aws.services.ec2.ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379.ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379.ec2_client",
             new=EC2(current_audit_info),
+        ), mock.patch(
+            "prowler.providers.aws.services.ec2.ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379.ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379.vpc_client",
+            new=VPC(current_audit_info),
         ):
             # Test Check
             from prowler.providers.aws.services.ec2.ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379.ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 import (
@@ -241,19 +258,17 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379:
     @mock_ec2
     def test_ec2_default_sgs_ignoring_vpc_in_use(self):
         # Create EC2 Mocked Resources
-        ec2 = resource("ec2", region_name=AWS_REGION)
+        ec2 = resource("ec2", region_name=AWS_REGION_US_EAST_1)
         vpc = ec2.create_vpc(CidrBlock="10.0.0.0/16")
         subnet = ec2.create_subnet(VpcId=vpc.id, CidrBlock="10.0.0.0/18")
         ec2.create_network_interface(SubnetId=subnet.id)
-        ec2_client = client("ec2", region_name=AWS_REGION)
-        default_sg = ec2_client.describe_security_groups(GroupNames=["default"])[
-            "SecurityGroups"
-        ][0]
-        default_sg["GroupId"]
-        default_sg["GroupName"]
+        ec2_client = client("ec2", region_name=AWS_REGION_US_EAST_1)
+
+        sgs_us_east_1 = ec2_client.describe_security_groups()["SecurityGroups"]
+
         from prowler.providers.aws.services.ec2.ec2_service import EC2
 
-        current_audit_info = self.set_mocked_audit_info()
+        current_audit_info = set_mocked_aws_audit_info()
         current_audit_info.ignore_unused_services = True
 
         with mock.patch(
@@ -277,5 +292,18 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379:
             result = check.execute()
 
             assert len(result) == 1
+
+            for sg in sgs_us_east_1:
+                if sg["GroupId"] == result[0].resource_id:
                     assert result[0].status == "PASS"
-            assert result[0].region == AWS_REGION
+                    assert result[0].region == AWS_REGION_US_EAST_1
+                    assert (
+                        result[0].status_extended
+                        == f"Security group {sg['GroupName']} ({sg['GroupId']}) does not have Redis port 6379 open to the Internet."
+                    )
+                    assert (
+                        result[0].resource_arn
+                        == f"arn:{current_audit_info.audited_partition}:ec2:{AWS_REGION_US_EAST_1}:{current_audit_info.audited_account}:security-group/{sg['GroupId']}"
+                    )
+                    assert result[0].resource_details == sg["GroupName"]
+                    assert result[0].resource_tags == []