ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 06:45:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(findingID): remove duplicate finding IDs (#2890)

Browse Source
This commit is contained in:
Sergio Garcia
2023-10-03 11:31:33 +02:00
committed by GitHub
parent 9974c84440
commit 0745a57f52
12 changed files with 52 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
prowler/providers/aws/services/iam/iam_disable_30_days_credentials/iam_disable_30_days_credentials.py
View File

@@ -67,7 +67,7 @@ class iam_disable_30_days_credentials(Check):
old_access_keys = True
report = Check_Report_AWS(self.metadata())
report.region = iam_client.region
report.resource_id = user["user"]
report.resource_id = user["user"] + "/AccessKey1"
report.resource_arn = user["arn"]
report.status = "FAIL"
report.status_extended = f"User {user['user']} has not used access key 1 in the last {maximum_expiration_days} days ({access_key_1_last_used_date.days} days)."
@@ -86,7 +86,7 @@ class iam_disable_30_days_credentials(Check):
old_access_keys = True
report = Check_Report_AWS(self.metadata())
report.region = iam_client.region
report.resource_id = user["user"]
report.resource_id = user["user"] + "/AccessKey2"
report.resource_arn = user["arn"]
report.status = "FAIL"
report.status_extended = f"User {user['user']} has not used access key 2 in the last {maximum_expiration_days} days ({access_key_2_last_used_date.days} days)."

4
prowler/providers/aws/services/iam/iam_disable_45_days_credentials/iam_disable_45_days_credentials.py
View File

@@ -67,7 +67,7 @@ class iam_disable_45_days_credentials(Check):
old_access_keys = True
report = Check_Report_AWS(self.metadata())
report.region = iam_client.region
report.resource_id = user["user"]
report.resource_id = user["user"] + "/AccessKey1"
report.resource_arn = user["arn"]
report.status = "FAIL"
report.status_extended = f"User {user['user']} has not used access key 1 in the last {maximum_expiration_days} days ({access_key_1_last_used_date.days} days)."
@@ -86,7 +86,7 @@ class iam_disable_45_days_credentials(Check):
old_access_keys = True
report = Check_Report_AWS(self.metadata())
report.region = iam_client.region
report.resource_id = user["user"]
report.resource_id = user["user"] + "/AccessKey2"
report.resource_arn = user["arn"]
report.status = "FAIL"
report.status_extended = f"User {user['user']} has not used access key 2 in the last {maximum_expiration_days} days ({access_key_2_last_used_date.days} days)."

4
prowler/providers/aws/services/iam/iam_disable_90_days_credentials/iam_disable_90_days_credentials.py
View File

@@ -67,7 +67,7 @@ class iam_disable_90_days_credentials(Check):
old_access_keys = True
report = Check_Report_AWS(self.metadata())
report.region = iam_client.region
report.resource_id = user["user"]
report.resource_id = user["user"] + "/AccessKey1"
report.resource_arn = user["arn"]
report.status = "FAIL"
report.status_extended = f"User {user['user']} has not used access key 1 in the last {maximum_expiration_days} days ({access_key_1_last_used_date.days} days)."
@@ -86,7 +86,7 @@ class iam_disable_90_days_credentials(Check):
old_access_keys = True
report = Check_Report_AWS(self.metadata())
report.region = iam_client.region
report.resource_id = user["user"]
report.resource_id = user["user"] + "/AccessKey2"
report.resource_arn = user["arn"]
report.status = "FAIL"
report.status_extended = f"User {user['user']} has not used access key 2 in the last {maximum_expiration_days} days ({access_key_2_last_used_date.days} days)."

2
prowler/providers/aws/services/iam/iam_inline_policy_no_administrative_privileges/iam_inline_policy_no_administrative_privileges.py
View File

@@ -10,7 +10,7 @@ class iam_inline_policy_no_administrative_privileges(Check):
report = Check_Report_AWS(self.metadata())
report.region = iam_client.region
report.resource_arn = policy.arn
report.resource_id = policy.entity
report.resource_id = f"{policy.entity}/{policy.name}"
report.resource_tags = policy.tags
report.status = "PASS"
report.status_extended = f"{policy.type} policy {policy.name} for IAM identity {policy.arn} does not allow '*:*' administrative privileges."

4
prowler/providers/aws/services/iam/iam_policy_attached_only_to_group_or_roles/iam_policy_attached_only_to_group_or_roles.py
View File

@@ -14,7 +14,7 @@ class iam_policy_attached_only_to_group_or_roles(Check):
report.region = iam_client.region
report.status = "FAIL"
report.status_extended = f"User {user.name} has the policy {policy['PolicyName']} attached."
report.resource_id = user.name
report.resource_id = f"{user.name}/{policy['PolicyName']}"
report.resource_arn = user.arn
findings.append(report)
if user.inline_policies:
@@ -23,7 +23,7 @@ class iam_policy_attached_only_to_group_or_roles(Check):
report.region = iam_client.region
report.status = "FAIL"
report.status_extended = f"User {user.name} has the inline policy {policy} attached."
report.resource_id = user.name
report.resource_id = f"{user.name}/{policy}"
report.resource_arn = user.arn
findings.append(report)

2
prowler/providers/aws/services/route53/route53_dangling_ip_subdomain_takeover/route53_dangling_ip_subdomain_takeover.py
View File

@@ -25,7 +25,7 @@ class route53_dangling_ip_subdomain_takeover(Check):
# Check if record is an IP Address
if validate_ip_address(record):
report = Check_Report_AWS(self.metadata())
report.resource_id = record_set.hosted_zone_id
report.resource_id = f"{record_set.hosted_zone_id}/{record}"
report.resource_arn = route53_client.hosted_zones[
record_set.hosted_zone_id
].arn

8
tests/providers/aws/services/iam/iam_disable_30_days_credentials/iam_disable_30_days_credentials_test.py
View File

@@ -275,7 +275,7 @@ class Test_iam_disable_30_days_credentials_test:
result[1].status_extended
== f"User {user} has not used access key 1 in the last 30 days (100 days)."
)
assert result[1].resource_id == user
assert result[1].resource_id == user + "/AccessKey1"
assert result[1].resource_arn == arn
assert result[1].region == AWS_REGION
@@ -325,7 +325,7 @@ class Test_iam_disable_30_days_credentials_test:
result[1].status_extended
== f"User {user} has not used access key 2 in the last 30 days (100 days)."
)
assert result[1].resource_id == user
assert result[1].resource_id == user + "/AccessKey2"
assert result[1].resource_arn == arn
assert result[1].region == AWS_REGION
@@ -380,7 +380,7 @@ class Test_iam_disable_30_days_credentials_test:
result[1].status_extended
== f"User {user} has not used access key 1 in the last 30 days (100 days)."
)
assert result[1].resource_id == user
assert result[1].resource_id == user + "/AccessKey1"
assert result[1].resource_arn == arn
assert result[1].region == AWS_REGION
@@ -389,7 +389,7 @@ class Test_iam_disable_30_days_credentials_test:
result[2].status_extended
== f"User {user} has not used access key 2 in the last 30 days (100 days)."
)
assert result[2].resource_id == user
assert result[2].resource_id == user + "/AccessKey2"
assert result[2].resource_arn == arn
assert result[2].region == AWS_REGION

8
tests/providers/aws/services/iam/iam_disable_45_days_credentials/iam_disable_45_days_credentials_test.py
View File

@@ -275,7 +275,7 @@ class Test_iam_disable_45_days_credentials_test:
result[1].status_extended
== f"User {user} has not used access key 1 in the last 45 days (100 days)."
)
assert result[1].resource_id == user
assert result[1].resource_id == user + "/AccessKey1"
assert result[1].resource_arn == arn
assert result[1].region == AWS_REGION
@@ -325,7 +325,7 @@ class Test_iam_disable_45_days_credentials_test:
result[1].status_extended
== f"User {user} has not used access key 2 in the last 45 days (100 days)."
)
assert result[1].resource_id == user
assert result[1].resource_id == user + "/AccessKey2"
assert result[1].resource_arn == arn
assert result[1].region == AWS_REGION
@@ -380,7 +380,7 @@ class Test_iam_disable_45_days_credentials_test:
result[1].status_extended
== f"User {user} has not used access key 1 in the last 45 days (100 days)."
)
assert result[1].resource_id == user
assert result[1].resource_id == user + "/AccessKey1"
assert result[1].resource_arn == arn
assert result[1].region == AWS_REGION
assert result[2].status == "FAIL"
@@ -388,7 +388,7 @@ class Test_iam_disable_45_days_credentials_test:
result[2].status_extended
== f"User {user} has not used access key 2 in the last 45 days (100 days)."
)
assert result[2].resource_id == user
assert result[2].resource_id == user + "/AccessKey2"
assert result[2].resource_arn == arn
assert result[2].region == AWS_REGION

8
tests/providers/aws/services/iam/iam_disable_90_days_credentials/iam_disable_90_days_credentials_test.py
View File

@@ -273,7 +273,7 @@ class Test_iam_disable_90_days_credentials_test:
result[1].status_extended
== f"User {user} has not used access key 1 in the last 90 days (100 days)."
)
assert result[1].resource_id == user
assert result[1].resource_id == user + "/AccessKey1"
assert result[1].resource_arn == arn
assert result[1].region == AWS_REGION
@@ -323,7 +323,7 @@ class Test_iam_disable_90_days_credentials_test:
result[1].status_extended
== f"User {user} has not used access key 2 in the last 90 days (100 days)."
)
assert result[1].resource_id == user
assert result[1].resource_id == user + "/AccessKey2"
assert result[1].resource_arn == arn
assert result[1].region == AWS_REGION
@@ -378,7 +378,7 @@ class Test_iam_disable_90_days_credentials_test:
result[1].status_extended
== f"User {user} has not used access key 1 in the last 90 days (100 days)."
)
assert result[1].resource_id == user
assert result[1].resource_id == user + "/AccessKey1"
assert result[1].resource_arn == arn
assert result[1].region == AWS_REGION
assert result[2].status == "FAIL"
@@ -386,7 +386,7 @@ class Test_iam_disable_90_days_credentials_test:
result[2].status_extended
== f"User {user} has not used access key 2 in the last 90 days (100 days)."
)
assert result[2].resource_id == user
assert result[2].resource_id == user + "/AccessKey2"
assert result[2].resource_arn == arn
assert result[2].region == AWS_REGION

12
tests/providers/aws/services/iam/iam_inline_policy_no_administrative_privileges/iam_inline_policy_no_administrative_privileges_test.py
View File

@@ -128,7 +128,7 @@ class Test_iam_inline_policy_no_administrative_privileges:
assert len(results) == 1
assert results[0].region == AWS_REGION
assert results[0].resource_arn == group_arn
assert results[0].resource_id == group_name
assert results[0].resource_id == f"{group_name}/{policy_name}"
assert results[0].resource_tags == []
assert results[0].status == "FAIL"
assert (
@@ -172,7 +172,7 @@ class Test_iam_inline_policy_no_administrative_privileges:
assert len(results) == 1
assert results[0].region == AWS_REGION
assert results[0].resource_arn == group_arn
assert results[0].resource_id == group_name
assert results[0].resource_id == f"{group_name}/{policy_name}"
assert results[0].resource_tags == []
assert results[0].status == "PASS"
assert (
@@ -316,7 +316,7 @@ class Test_iam_inline_policy_no_administrative_privileges:
assert len(results) == 1
assert results[0].region == AWS_REGION
assert results[0].resource_arn == role_arn
assert results[0].resource_id == role_name
assert results[0].resource_id == f"{role_name}/{policy_name}"
assert results[0].resource_tags == []
assert results[0].status == "FAIL"
assert (
@@ -363,7 +363,7 @@ class Test_iam_inline_policy_no_administrative_privileges:
assert len(results) == 1
assert results[0].region == AWS_REGION
assert results[0].resource_arn == role_arn
assert results[0].resource_id == role_name
assert results[0].resource_id == f"{role_name}/{policy_name}"
assert results[0].resource_tags == []
assert results[0].status == "PASS"
assert (
@@ -507,7 +507,7 @@ class Test_iam_inline_policy_no_administrative_privileges:
assert len(results) == 1
assert results[0].region == AWS_REGION
assert results[0].resource_arn == user_arn
assert results[0].resource_id == user_name
assert results[0].resource_id == f"{user_name}/{policy_name}"
assert results[0].resource_tags == []
assert results[0].status == "FAIL"
assert (
@@ -553,7 +553,7 @@ class Test_iam_inline_policy_no_administrative_privileges:
assert len(results) == 1
assert results[0].region == AWS_REGION
assert results[0].resource_arn == user_arn
assert results[0].resource_id == user_name
assert results[0].resource_id == f"{user_name}/{policy_name}"
assert results[0].resource_tags == []
assert results[0].status == "PASS"
assert (

8
tests/providers/aws/services/iam/iam_policy_attached_only_to_group_or_roles/iam_policy_attached_only_to_group_or_roles_test.py
View File

@@ -83,7 +83,7 @@ class Test_iam_policy_attached_only_to_group_or_roles:
== f"User {user} has the policy {policy_name} attached."
)
assert result[0].region == AWS_REGION
assert result[0].resource_id == user
assert result[0].resource_id == f"{user}/{policy_name}"
assert (
result[0].resource_arn
== f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:user/{user}"
@@ -133,7 +133,7 @@ class Test_iam_policy_attached_only_to_group_or_roles:
== f"User {user} has the policy {policyName} attached."
)
assert result[0].region == AWS_REGION
assert result[0].resource_id == user
assert result[0].resource_id == f"{user}/{policyName}"
assert result[0].status == "FAIL"
assert (
@@ -141,7 +141,7 @@ class Test_iam_policy_attached_only_to_group_or_roles:
== f"User {user} has the policy {policyName} attached."
)
assert result[0].region == AWS_REGION
assert result[0].resource_id == user
assert result[0].resource_id == f"{user}/{policyName}"
assert (
result[0].resource_arn
== f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:user/{user}"
@@ -186,7 +186,7 @@ class Test_iam_policy_attached_only_to_group_or_roles:
== f"User {user} has the inline policy {policyName} attached."
)
assert result[0].region == AWS_REGION
assert result[0].resource_id == user
assert result[0].resource_id == f"{user}/{policyName}"
assert (
result[0].resource_arn
== f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:user/{user}"

25
tests/providers/aws/services/route53/route53_dangling_ip_subdomain_takeover/route53_dangling_ip_subdomain_takeover_test.py
View File

@@ -165,7 +165,10 @@ class Test_route53_dangling_ip_subdomain_takeover:
"is not a dangling IP",
result[0].status_extended,
)
assert result[0].resource_id == zone_id.replace("/hostedzone/", "")
assert (
result[0].resource_id
== zone_id.replace("/hostedzone/", "") + "/192.168.1.1"
)
assert (
result[0].resource_arn
== f"arn:{audit_info.audited_partition}:route53:::hostedzone/{zone_id.replace('/hostedzone/','')}"
@@ -226,7 +229,10 @@ class Test_route53_dangling_ip_subdomain_takeover:
"does not belong to AWS and it is not a dangling IP",
result[0].status_extended,
)
assert result[0].resource_id == zone_id.replace("/hostedzone/", "")
assert (
result[0].resource_id
== zone_id.replace("/hostedzone/", "") + "/17.5.7.3"
)
assert (
result[0].resource_arn
== f"arn:{audit_info.audited_partition}:route53:::hostedzone/{zone_id.replace('/hostedzone/','')}"
@@ -287,7 +293,10 @@ class Test_route53_dangling_ip_subdomain_takeover:
"is a dangling IP",
result[0].status_extended,
)
assert result[0].resource_id == zone_id.replace("/hostedzone/", "")
assert (
result[0].resource_id
== zone_id.replace("/hostedzone/", "") + "/54.152.12.70"
)
assert (
result[0].resource_arn
== f"arn:{audit_info.audited_partition}:route53:::hostedzone/{zone_id.replace('/hostedzone/','')}"
@@ -351,7 +360,10 @@ class Test_route53_dangling_ip_subdomain_takeover:
"is not a dangling IP",
result[0].status_extended,
)
assert result[0].resource_id == zone_id.replace("/hostedzone/", "")
assert (
result[0].resource_id
== zone_id.replace("/hostedzone/", "") + "/17.5.7.3"
)
assert (
result[0].resource_arn
== f"arn:{audit_info.audited_partition}:route53:::hostedzone/{zone_id.replace('/hostedzone/','')}"
@@ -421,7 +433,10 @@ class Test_route53_dangling_ip_subdomain_takeover:
"is not a dangling IP",
result[0].status_extended,
)
assert result[0].resource_id == zone_id.replace("/hostedzone/", "")
assert (
result[0].resource_id
== zone_id.replace("/hostedzone/", "") + "/17.5.7.3"
)
assert (
result[0].resource_arn
== f"arn:{audit_info.audited_partition}:route53:::hostedzone/{zone_id.replace('/hostedzone/','')}"