ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(audit-metadata): retrieve audit metadata from execution (#1803)

Browse Source
This commit is contained in:
Nacho Rivera
2023-01-31 11:24:01 +01:00
committed by GitHub
parent 94b7a219fd
commit 0d1a5318ec
8 changed files with 63 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
prowler/lib/check/check.py
View File

@@ -24,6 +24,7 @@ except Exception:
from prowler.lib.utils.utils import open_file, parse_json_file
from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
from prowler.providers.common.models import Audit_Metadata
from prowler.providers.common.outputs import Provider_Output_Options
@@ -316,6 +317,9 @@ def execute_checks(
audit_output_options: Provider_Output_Options,
) -> list:
all_findings = []
services_executed = set()
checks_executed = set()
total_checks_to_execute = len(checks_to_execute)
# Execution with the --only-logs flag
if audit_output_options.only_logs:
for check_name in checks_to_execute:
@@ -323,7 +327,14 @@ def execute_checks(
service = check_name.split("_")[0]
try:
check_findings = execute(
service, check_name, provider, audit_output_options, audit_info
service,
check_name,
provider,
audit_output_options,
audit_info,
services_executed,
checks_executed,
total_checks_to_execute,
)
all_findings.extend(check_findings)
@@ -359,7 +370,14 @@ def execute_checks(
)
try:
check_findings = execute(
service, check_name, provider, audit_output_options, audit_info
service,
check_name,
provider,
audit_output_options,
audit_info,
services_executed,
checks_executed,
total_checks_to_execute,
)
all_findings.extend(check_findings)
bar()
@@ -380,11 +398,14 @@ def execute_checks(
def execute(
service,
service: str,
check_name: str,
provider: str,
audit_output_options: Provider_Output_Options,
audit_info: AWS_Audit_Info,
services_executed: set,
checks_executed: set,
total_checks_to_execute: int,
):
# Import check module
check_module_path = (
@@ -396,6 +417,14 @@ def execute(
c = check_to_execute()
# Run check
check_findings = run_check(c, audit_output_options)
services_executed.add(service)
checks_executed.add(check_name)
audit_info.audit_metadata = Audit_Metadata(
services_scanned=len(services_executed),
expected_checks=total_checks_to_execute,
completed_checks=len(checks_executed),
audit_progress=100 * len(checks_executed) / total_checks_to_execute,
)
report(check_findings, audit_output_options, audit_info)
return check_findings

1
prowler/providers/aws/lib/audit_info/audit_info.py
View File

@@ -23,4 +23,5 @@ current_audit_info = AWS_Audit_Info(
),
audited_regions=None,
organizations_metadata=None,
audit_metadata=None,
)

2
prowler/providers/aws/lib/audit_info/models.py
View File

@@ -1,5 +1,6 @@
from dataclasses import dataclass
from datetime import datetime
from typing import Any, Optional
from boto3 import session
@@ -42,3 +43,4 @@ class AWS_Audit_Info:
assumed_role_info: AWS_Assume_Role
audited_regions: list
organizations_metadata: AWS_Organizations_Info
audit_metadata: Optional[Any] = None

4
prowler/providers/azure/lib/audit_info/audit_info.py
View File

@@ -3,4 +3,6 @@ from prowler.providers.azure.lib.audit_info.models import (
Azure_Identity_Info,
)
azure_audit_info = Azure_Audit_Info(credentials=None, identity=Azure_Identity_Info())
azure_audit_info = Azure_Audit_Info(
credentials=None, identity=Azure_Identity_Info(), audit_metadata=None
)

5
prowler/providers/azure/lib/audit_info/models.py
View File

@@ -1,4 +1,5 @@
from dataclasses import dataclass
from typing import Any, Optional
from azure.identity import DefaultAzureCredential
from pydantic import BaseModel
@@ -16,7 +17,9 @@ class Azure_Identity_Info(BaseModel):
class Azure_Audit_Info:
credentials: DefaultAzureCredential
identity: Azure_Identity_Info
audit_metadata: Optional[Any]
def __init__(self, credentials, identity):
def __init__(self, credentials, identity, audit_metadata):
self.credentials = credentials
self.identity = identity
self.audit_metadata = audit_metadata

8
prowler/providers/common/models.py Normal file
View File

@@ -0,0 +1,8 @@
from pydantic import BaseModel
class Audit_Metadata(BaseModel):
services_scanned: int
expected_checks: int
completed_checks: int
audit_progress: int

3
tests/providers/common/audit_info_test.py
View File

@@ -27,10 +27,11 @@ mock_current_audit_info = AWS_Audit_Info(
assumed_role_info=None,
audited_regions=["eu-west-2", "eu-west-1"],
organizations_metadata=None,
audit_metadata=None,
)
mock_azure_audit_info = Azure_Audit_Info(
credentials=None, identity=Azure_Identity_Info()
credentials=None, identity=Azure_Identity_Info(), audit_metadata=None
)
mock_set_audit_info = Audit_Info()

20
tests/providers/common/common_outputs_test.py
View File

@@ -1,18 +1,18 @@
from prowler.providers.common.outputs import (
Aws_Output_Options,
Azure_Output_Options,
set_provider_output_options,
)
from argparse import Namespace
from boto3 import session
from mock import patch
from prowler.providers.aws.lib.audit_info.audit_info import AWS_Audit_Info
from prowler.providers.azure.lib.audit_info.audit_info import (
Azure_Audit_Info,
Azure_Identity_Info,
)
from boto3 import session
from mock import patch
from argparse import Namespace
from prowler.providers.common.outputs import (
Aws_Output_Options,
Azure_Output_Options,
set_provider_output_options,
)
AWS_ACCOUNT_NUMBER = "012345678912"
DATETIME = "20230101120000"
@@ -30,7 +30,9 @@ def mock_change_config_var(*_):
class Test_Common_Output_Options:
# Mocked Azure Audit Info
def set_mocked_azure_audit_info(self):
audit_info = Azure_Audit_Info(credentials=None, identity=Azure_Identity_Info())
audit_info = Azure_Audit_Info(
credentials=None, identity=Azure_Identity_Info(), audit_metadata=None
)
return audit_info
# Mocked AWS Audit Info