ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(get_regions_from_audit_resources): fix logic and add tests (#2766)

Browse Source
This commit is contained in:
Nacho Rivera
2023-08-23 10:20:12 +02:00
committed by GitHub
parent 83bfd8a2d4
commit 0a9a1c26db
2 changed files with 12 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
prowler/providers/aws/aws_provider.py
View File

@@ -256,16 +256,14 @@ def get_checks_from_input_arn(audit_resources: list, provider: str) -> set:
return sorted(checks_from_arn) return sorted(checks_from_arn)
def get_regions_from_audit_resources(audit_resources: list) -> list: def get_regions_from_audit_resources(audit_resources: list) -> set:
"""get_regions_from_audit_resources gets the regions from the audit resources arns""" """get_regions_from_audit_resources gets the regions from the audit resources arns"""
audited_regions = [] audited_regions = set()
for resource in audit_resources: for resource in audit_resources:
region = resource.split(":")[3] region = resource.split(":")[3]
if region and region not in audited_regions: # Check if arn has a region if region:
audited_regions.append(region) audited_regions.add(region)
if audited_regions: return audited_regions
return audited_regions
return None
def get_available_aws_service_regions(service: str, audit_info: AWS_Audit_Info) -> list: def get_available_aws_service_regions(service: str, audit_info: AWS_Audit_Info) -> list:

9
tests/lib/check/check_test.py
View File

@@ -646,7 +646,7 @@ class Test_Check:
recovered_checks = get_checks_from_input_arn(audit_resources, provider) recovered_checks = get_checks_from_input_arn(audit_resources, provider)
assert recovered_checks == expected_checks assert recovered_checks == expected_checks
def test_get_regions_from_audit_resources(self): def test_get_regions_from_audit_resources_with_regions(self):
audit_resources = [ audit_resources = [
f"arn:aws:lambda:us-east-1:{AWS_ACCOUNT_NUMBER}:function:test-lambda", f"arn:aws:lambda:us-east-1:{AWS_ACCOUNT_NUMBER}:function:test-lambda",
f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:policy/test", f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:policy/test",
@@ -654,10 +654,15 @@ class Test_Check:
"arn:aws:s3:::bucket-name", "arn:aws:s3:::bucket-name",
"arn:aws:apigateway:us-east-2::/restapis/api-id/stages/stage-name", "arn:aws:apigateway:us-east-2::/restapis/api-id/stages/stage-name",
] ]
expected_regions = ["us-east-1", "eu-west-1", "us-east-2"] expected_regions = {"us-east-1", "eu-west-1", "us-east-2"}
recovered_regions = get_regions_from_audit_resources(audit_resources) recovered_regions = get_regions_from_audit_resources(audit_resources)
assert recovered_regions == expected_regions assert recovered_regions == expected_regions
def test_get_regions_from_audit_resources_without_regions(self):
audit_resources = ["arn:aws:s3:::bucket-name"]
recovered_regions = get_regions_from_audit_resources(audit_resources)
assert not recovered_regions
# def test_parse_checks_from_compliance_framework_two(self): # def test_parse_checks_from_compliance_framework_two(self):
# test_case = { # test_case = {
# "input": {"compliance_frameworks": ["cis_v1.4_aws", "ens_v3_aws"]}, # "input": {"compliance_frameworks": ["cis_v1.4_aws", "ens_v3_aws"]},