diff --git a/prowler/lib/utils/utils.py b/prowler/lib/utils/utils.py index f6323e8a..3d9137fa 100644 --- a/prowler/lib/utils/utils.py +++ b/prowler/lib/utils/utils.py @@ -1,10 +1,15 @@ import json +import os import sys +import tempfile from hashlib import sha512 from io import TextIOWrapper from os.path import exists from typing import Any +from detect_secrets import SecretsCollection +from detect_secrets.settings import default_settings + from prowler.lib.logger import logger @@ -49,3 +54,20 @@ def file_exists(filename: str): # create sha512 hash for string def hash_sha512(string: str) -> str: return sha512(string.encode("utf-8")).hexdigest()[0:9] + + +def detect_secrets_scan(data): + temp_data_file = tempfile.NamedTemporaryFile(delete=False) + temp_data_file.write(bytes(data, encoding="raw_unicode_escape")) + temp_data_file.close() + + secrets = SecretsCollection() + with default_settings(): + secrets.scan_file(temp_data_file.name) + os.remove(temp_data_file.name) + + detect_secrets_output = secrets.json() + if detect_secrets_output: + return detect_secrets_output[temp_data_file.name] + else: + return None diff --git a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_group_no_secrets_in_logs/__init__.py b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_group_no_secrets_in_logs/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_group_no_secrets_in_logs/cloudwatch_log_group_no_secrets_in_logs.metadata.json b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_group_no_secrets_in_logs/cloudwatch_log_group_no_secrets_in_logs.metadata.json new file mode 100644 index 00000000..6536ad95 --- /dev/null +++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_group_no_secrets_in_logs/cloudwatch_log_group_no_secrets_in_logs.metadata.json @@ -0,0 +1,39 @@ +{ + "Provider": "aws", + "CheckID": "cloudwatch_log_group_no_secrets_in_logs", + "CheckTitle": "Check if secrets exists in CloudWatch logs.", + "CheckType": [ + "Protect", + "Secure development" + ], + "ServiceName": "cloudwatch", + "SubServiceName": "", + "ResourceIdTemplate": "arn:partition:cloudwatch:region:account-id:log-group/resource-id", + "Severity": "medium", + "ResourceType": "AwsCloudTrailLogGroup", + "Description": "Check if secrets exists in CloudWatch logs", + "Risk": "Storing sensitive data in CloudWatch logs could allow an attacker with read-only access to escalate their privileges or gain unauthorised access to systems.", + "RelatedUrl": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", + "Remediation": { + "Code": { + "CLI": "", + "NativeIaC": "", + "Other": "", + "Terraform": "" + }, + "Recommendation": { + "Text": "It is recommended that sensitive information is not logged to CloudWatch logs. Alternatively, sensitive data may be masked using a protection policy", + "Url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data.html" + } + }, + "Categories": [ + "secrets" + ], + "Tags": { + "Tag1Key": "value", + "Tag2Key": "value" + }, + "DependsOn": [], + "RelatedTo": [], + "Notes": "" +} diff --git a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_group_no_secrets_in_logs/cloudwatch_log_group_no_secrets_in_logs.py b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_group_no_secrets_in_logs/cloudwatch_log_group_no_secrets_in_logs.py new file mode 100644 index 00000000..5c71935b --- /dev/null +++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_group_no_secrets_in_logs/cloudwatch_log_group_no_secrets_in_logs.py @@ -0,0 +1,102 @@ +from json import dumps, loads + +from prowler.lib.check.models import Check, Check_Report_AWS +from prowler.lib.utils.utils import detect_secrets_scan +from prowler.providers.aws.services.cloudwatch.cloudwatch_service import ( + convert_to_cloudwatch_timestamp_format, +) +from prowler.providers.aws.services.cloudwatch.logs_client import logs_client + + +class cloudwatch_log_group_no_secrets_in_logs(Check): + def execute(self): + findings = [] + for log_group in logs_client.log_groups: + report = Check_Report_AWS(self.metadata()) + report.status = "PASS" + report.status_extended = f"No secrets found in {log_group.name} log group." + report.region = log_group.region + report.resource_id = log_group.name + report.resource_arn = log_group.arn + log_group_secrets = [] + if log_group.log_streams: + for log_stream_name in log_group.log_streams: + log_stream_secrets = {} + log_stream_data = "\n".join( + [ + dumps(event["message"]) + for event in log_group.log_streams[log_stream_name] + ] + ) + log_stream_secrets_output = detect_secrets_scan(log_stream_data) + + if log_stream_secrets_output: + for secret in log_stream_secrets_output: + flagged_event = log_group.log_streams[log_stream_name][ + secret["line_number"] - 1 + ] + cloudwatch_timestamp = ( + convert_to_cloudwatch_timestamp_format( + flagged_event["timestamp"] + ) + ) + if cloudwatch_timestamp not in log_stream_secrets.keys(): + log_stream_secrets[cloudwatch_timestamp] = SecretsDict() + + try: + log_event_data = dumps( + loads(flagged_event["message"]), indent=2 + ) + except Exception: + log_event_data = dumps( + flagged_event["message"], indent=2 + ) + if len(log_event_data.split("\n")) > 1: + # Can get more informative output if there is more than 1 line. + # Will rescan just this event to get the type of secret and the line number + event_detect_secrets_output = detect_secrets_scan( + log_event_data + ) + for secret in event_detect_secrets_output: + log_stream_secrets[cloudwatch_timestamp].add_secret( + secret["line_number"], secret["type"] + ) + else: + log_stream_secrets[cloudwatch_timestamp].add_secret( + 1, secret["type"] + ) + if log_stream_secrets: + secrets_string = "; ".join( + [ + f"at {timestamp} - {log_stream_secrets[timestamp].to_string()}" + for timestamp in log_stream_secrets + ] + ) + log_group_secrets.append( + f"in log stream {log_stream_name} {secrets_string}" + ) + if log_group_secrets: + secrets_string = "; ".join(log_group_secrets) + report.status = "FAIL" + report.status_extended = f"Potential secrets found in log group {log_group.name} {secrets_string}" + findings.append(report) + return findings + + +class SecretsDict(dict): + # Using this dict to remove duplicates of the secret type showing up multiple times on the same line + # Also includes the to_string method + def add_secret(self, line_number, secret_type): + if line_number not in self.keys(): + self[line_number] = [secret_type] + else: + if secret_type not in self[line_number]: + self[line_number] += [secret_type] + + def to_string(self): + return ", ".join( + [ + f"{', '.join(secret_types)} on line {line_number}" + for line_number, secret_types in sorted(self.items()) + ] + ) diff --git a/prowler/providers/aws/services/cloudwatch/cloudwatch_service.py b/prowler/providers/aws/services/cloudwatch/cloudwatch_service.py index a597aea0..aa3289cd 100644 --- a/prowler/providers/aws/services/cloudwatch/cloudwatch_service.py +++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_service.py @@ -1,4 +1,5 @@ import threading +from datetime import datetime, timezone from typing import Optional from pydantic import BaseModel @@ -93,6 +94,14 @@ class Logs: self.log_groups = [] self.__threading_call__(self.__describe_metric_filters__) self.__threading_call__(self.__describe_log_groups__) + if ( + "cloudwatch_log_group_no_secrets_in_logs" + in audit_info.audit_metadata.expected_checks + ): + self.events_per_log_group_threshold = ( + 1000 # The threshold for number of events to return per log group. + ) + self.__threading_call__(self.__get_log_events__) self.__list_tags_for_resource__() def __get_session__(self): @@ -108,7 +117,7 @@ class Logs: t.join() def __describe_metric_filters__(self, regional_client): - logger.info("CloudWatch Logs- Describing metric filters...") + logger.info("CloudWatch Logs - Describing metric filters...") try: describe_metric_filters_paginator = regional_client.get_paginator( "describe_metric_filters" @@ -133,7 +142,7 @@ class Logs: ) def __describe_log_groups__(self, regional_client): - logger.info("CloudWatch Logs- Describing log groups...") + logger.info("CloudWatch Logs - Describing log groups...") try: describe_log_groups_paginator = regional_client.get_paginator( "describe_log_groups" @@ -163,6 +172,38 @@ class Logs: f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) + def __get_log_events__(self, regional_client): + regional_log_groups = [ + log_group + for log_group in self.log_groups + if log_group.region == regional_client.region + ] + total_log_groups = len(regional_log_groups) + logger.info( + f"CloudWatch Logs - Retrieving log events for {total_log_groups} log groups in {regional_client.region}..." + ) + try: + for count, log_group in enumerate(regional_log_groups, start=1): + events = regional_client.filter_log_events( + logGroupName=log_group.name, + limit=self.events_per_log_group_threshold, + )["events"] + for event in events: + if event["logStreamName"] not in log_group.log_streams: + log_group.log_streams[event["logStreamName"]] = [] + log_group.log_streams[event["logStreamName"]].append(event) + if count % 10 == 0: + logger.info( + f"CloudWatch Logs - Retrieved log events for {count}/{total_log_groups} log groups in {regional_client.region}..." + ) + except Exception as error: + logger.error( + f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + ) + logger.info( + f"CloudWatch Logs - Finished retrieving log events in {regional_client.region}..." + ) + def __list_tags_for_resource__(self): logger.info("CloudWatch Logs - List Tags...") try: @@ -201,4 +242,24 @@ class LogGroup(BaseModel): retention_days: int kms_id: Optional[str] region: str + log_streams: dict[ + str, list[str] + ] = {} # Log stream name as the key, array of events as the value tags: Optional[list] = [] + + +def convert_to_cloudwatch_timestamp_format(epoch_time): + date_time = datetime.fromtimestamp( + epoch_time / 1000, datetime.now(timezone.utc).astimezone().tzinfo + ) + datetime_str = date_time.strftime( + "%Y-%m-%dT%H:%M:%S.!%f!%z" + ) # use exclamation marks as placeholders to convert datetime str to cloudwatch timestamp str + datetime_parts = datetime_str.split("!") + return ( + datetime_parts[0] + + datetime_parts[1][:-3] + + datetime_parts[2][:-2] + + ":" + + datetime_parts[2][-2:] + ) # Removes the microseconds, and places a ':' character in the timezone offset diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured/cloudwatch_changes_to_network_acls_alarm_configured_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured/cloudwatch_changes_to_network_acls_alarm_configured_test.py index dbcb5a74..b06909b8 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured/cloudwatch_changes_to_network_acls_alarm_configured_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured/cloudwatch_changes_to_network_acls_alarm_configured_test.py @@ -17,8 +17,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -64,8 +72,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -117,8 +133,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -182,8 +206,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -259,8 +291,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -336,8 +376,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured/cloudwatch_changes_to_network_gateways_alarm_configured_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured/cloudwatch_changes_to_network_gateways_alarm_configured_test.py index 273ddf67..e5e08820 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured/cloudwatch_changes_to_network_gateways_alarm_configured_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured/cloudwatch_changes_to_network_gateways_alarm_configured_test.py @@ -17,8 +17,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -64,8 +72,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -117,8 +133,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -182,8 +206,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -259,8 +291,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -336,8 +376,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured/cloudwatch_changes_to_network_route_tables_alarm_configured_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured/cloudwatch_changes_to_network_route_tables_alarm_configured_test.py index 520cf5e6..a8082b4a 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured/cloudwatch_changes_to_network_route_tables_alarm_configured_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured/cloudwatch_changes_to_network_route_tables_alarm_configured_test.py @@ -17,8 +17,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -64,8 +72,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -117,8 +133,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -182,8 +206,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -259,8 +291,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -336,8 +376,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_vpcs_alarm_configured/cloudwatch_changes_to_vpcs_alarm_configured_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_vpcs_alarm_configured/cloudwatch_changes_to_vpcs_alarm_configured_test.py index 2dec6689..87caee8f 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_vpcs_alarm_configured/cloudwatch_changes_to_vpcs_alarm_configured_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_vpcs_alarm_configured/cloudwatch_changes_to_vpcs_alarm_configured_test.py @@ -17,8 +17,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -64,8 +72,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -117,8 +133,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -182,8 +206,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -259,8 +291,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -336,8 +376,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_cross_account_sharing_disabled/cloudwatch_cross_account_sharing_disabled_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_cross_account_sharing_disabled/cloudwatch_cross_account_sharing_disabled_test.py index a93b8997..81e1b8c7 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_cross_account_sharing_disabled/cloudwatch_cross_account_sharing_disabled_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_cross_account_sharing_disabled/cloudwatch_cross_account_sharing_disabled_test.py @@ -11,8 +11,16 @@ class Test_cloudwatch_cross_account_sharing_disabled: def test_cloudwatch_without_cross_account_role(self): from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info from prowler.providers.aws.services.iam.iam_service import IAM + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) with mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_cross_account_sharing_disabled.cloudwatch_cross_account_sharing_disabled.iam_client", @@ -44,8 +52,16 @@ class Test_cloudwatch_cross_account_sharing_disabled: ) from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info from prowler.providers.aws.services.iam.iam_service import IAM + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) with mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_cross_account_sharing_disabled.cloudwatch_cross_account_sharing_disabled.iam_client", diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_kms_encryption_enabled/cloudwatch_log_group_kms_encryption_enabled_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_kms_encryption_enabled/cloudwatch_log_group_kms_encryption_enabled_test.py index 0c273d77..4e0cbb45 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_kms_encryption_enabled/cloudwatch_log_group_kms_encryption_enabled_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_kms_encryption_enabled/cloudwatch_log_group_kms_encryption_enabled_test.py @@ -10,8 +10,16 @@ class Test_cloudwatch_log_group_kms_encryption_enabled: def test_cloudwatch_no_log_groups(self): from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info from prowler.providers.aws.services.cloudwatch.cloudwatch_service import Logs + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) with mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_kms_encryption_enabled.cloudwatch_log_group_kms_encryption_enabled.logs_client", @@ -37,8 +45,16 @@ class Test_cloudwatch_log_group_kms_encryption_enabled: ) from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info from prowler.providers.aws.services.cloudwatch.cloudwatch_service import Logs + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) with mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_kms_encryption_enabled.cloudwatch_log_group_kms_encryption_enabled.logs_client", @@ -68,8 +84,16 @@ class Test_cloudwatch_log_group_kms_encryption_enabled: logs_client.create_log_group(logGroupName="test", kmsKeyId="test_kms_id") from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info from prowler.providers.aws.services.cloudwatch.cloudwatch_service import Logs + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) with mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_kms_encryption_enabled.cloudwatch_log_group_kms_encryption_enabled.logs_client", diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_no_secrets_in_logs/cloudwatch_log_group_no_secrets_in_logs_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_no_secrets_in_logs/cloudwatch_log_group_no_secrets_in_logs_test.py new file mode 100644 index 00000000..b870eb59 --- /dev/null +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_no_secrets_in_logs/cloudwatch_log_group_no_secrets_in_logs_test.py @@ -0,0 +1,129 @@ +from re import search +from unittest import mock + +from boto3 import client +from moto import mock_logs +from moto.core.utils import unix_time_millis + +AWS_REGION = "us-east-1" + + +class Test_cloudwatch_log_group_no_secrets_in_logs: + def test_cloudwatch_no_log_groups(self): + from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudwatch.cloudwatch_service import Logs + from prowler.providers.common.models import Audit_Metadata + + current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) + + with mock.patch( + "prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_no_secrets_in_logs.cloudwatch_log_group_no_secrets_in_logs.logs_client", + new=Logs(current_audit_info), + ): + # Test Check + from prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_no_secrets_in_logs.cloudwatch_log_group_no_secrets_in_logs import ( + cloudwatch_log_group_no_secrets_in_logs, + ) + + check = cloudwatch_log_group_no_secrets_in_logs() + result = check.execute() + + assert len(result) == 0 + + @mock_logs + def test_cloudwatch_log_group_without_secrets(self): + # Generate Logs Client + logs_client = client("logs", region_name=AWS_REGION) + # Request Logs group + logs_client.create_log_group(logGroupName="test") + logs_client.create_log_stream(logGroupName="test", logStreamName="test stream") + logs_client.put_log_events( + logGroupName="test", + logStreamName="test stream", + logEvents=[{"timestamp": 0, "message": "line"}], + ) + from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudwatch.cloudwatch_service import Logs + from prowler.providers.common.models import Audit_Metadata + + current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) + + with mock.patch( + "prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_no_secrets_in_logs.cloudwatch_log_group_no_secrets_in_logs.logs_client", + new=Logs(current_audit_info), + ): + # Test Check + from prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_no_secrets_in_logs.cloudwatch_log_group_no_secrets_in_logs import ( + cloudwatch_log_group_no_secrets_in_logs, + ) + + check = cloudwatch_log_group_no_secrets_in_logs() + result = check.execute() + + assert len(result) == 1 + assert result[0].status == "PASS" + assert result[0].status_extended == "No secrets found in test log group." + assert result[0].resource_id == "test" + + @mock_logs + def test_cloudwatch_log_group_with_secrets(self): + # Generate Logs Client + logs_client = client("logs", region_name=AWS_REGION) + # Request Logs group + logs_client.create_log_group(logGroupName="test") + logs_client.create_log_stream(logGroupName="test", logStreamName="test stream") + logs_client.put_log_events( + logGroupName="test", + logStreamName="test stream", + logEvents=[ + { + "timestamp": int(unix_time_millis()), + "message": "password = password123", + } + ], + ) + from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudwatch.cloudwatch_service import Logs + from prowler.providers.common.models import Audit_Metadata + + current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) + + with mock.patch( + "prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_no_secrets_in_logs.cloudwatch_log_group_no_secrets_in_logs.logs_client", + new=Logs(current_audit_info), + ): + # Test Check + from prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_no_secrets_in_logs.cloudwatch_log_group_no_secrets_in_logs import ( + cloudwatch_log_group_no_secrets_in_logs, + ) + + check = cloudwatch_log_group_no_secrets_in_logs() + result = check.execute() + + assert len(result) == 1 + assert result[0].status == "FAIL" + assert search( + "Potential secrets found in log group", result[0].status_extended + ) + assert result[0].resource_id == "test" diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_retention_policy_specific_days_enabled/cloudwatch_log_group_retention_policy_specific_days_enabled_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_retention_policy_specific_days_enabled/cloudwatch_log_group_retention_policy_specific_days_enabled_test.py index 26802a97..036b2d3f 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_retention_policy_specific_days_enabled/cloudwatch_log_group_retention_policy_specific_days_enabled_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_group_retention_policy_specific_days_enabled/cloudwatch_log_group_retention_policy_specific_days_enabled_test.py @@ -10,8 +10,16 @@ class Test_cloudwatch_log_group_retention_policy_specific_days_enabled: def test_cloudwatch_no_log_groups(self): from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info from prowler.providers.aws.services.cloudwatch.cloudwatch_service import Logs + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) with mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_retention_policy_specific_days_enabled.cloudwatch_log_group_retention_policy_specific_days_enabled.logs_client", @@ -37,8 +45,16 @@ class Test_cloudwatch_log_group_retention_policy_specific_days_enabled: ) from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info from prowler.providers.aws.services.cloudwatch.cloudwatch_service import Logs + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) with mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_retention_policy_specific_days_enabled.cloudwatch_log_group_retention_policy_specific_days_enabled.logs_client", @@ -71,8 +87,16 @@ class Test_cloudwatch_log_group_retention_policy_specific_days_enabled: logs_client.put_retention_policy(logGroupName="test", retentionInDays=400) from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info from prowler.providers.aws.services.cloudwatch.cloudwatch_service import Logs + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) with mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_retention_policy_specific_days_enabled.cloudwatch_log_group_retention_policy_specific_days_enabled.logs_client", @@ -105,8 +129,16 @@ class Test_cloudwatch_log_group_retention_policy_specific_days_enabled: logs_client.put_retention_policy(logGroupName="test", retentionInDays=7) from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info from prowler.providers.aws.services.cloudwatch.cloudwatch_service import Logs + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) with mock.patch( "prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_retention_policy_specific_days_enabled.cloudwatch_log_group_retention_policy_specific_days_enabled.logs_client", diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled_test.py index d32a8b4a..88a9e2b8 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled_test.py @@ -17,8 +17,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -66,8 +74,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -121,8 +137,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -188,8 +212,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -267,8 +299,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -346,8 +386,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled_test.py index eecc2b3f..ff6b69eb 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled_test.py @@ -17,8 +17,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -66,8 +74,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -121,8 +137,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -188,8 +212,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -267,8 +299,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -346,8 +386,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_authentication_failures/cloudwatch_log_metric_filter_authentication_failures_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_authentication_failures/cloudwatch_log_metric_filter_authentication_failures_test.py index 6d9d23c0..8398e469 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_authentication_failures/cloudwatch_log_metric_filter_authentication_failures_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_authentication_failures/cloudwatch_log_metric_filter_authentication_failures_test.py @@ -17,8 +17,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -64,8 +72,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -117,8 +133,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -182,8 +206,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -259,8 +291,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -336,8 +376,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_aws_organizations_changes/cloudwatch_log_metric_filter_aws_organizations_changes_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_aws_organizations_changes/cloudwatch_log_metric_filter_aws_organizations_changes_test.py index 822f5369..4ede6b54 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_aws_organizations_changes/cloudwatch_log_metric_filter_aws_organizations_changes_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_aws_organizations_changes/cloudwatch_log_metric_filter_aws_organizations_changes_test.py @@ -17,8 +17,16 @@ class Test_cloudwatch_log_metric_filter_aws_organizations_changes: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -64,8 +72,16 @@ class Test_cloudwatch_log_metric_filter_aws_organizations_changes: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -117,8 +133,16 @@ class Test_cloudwatch_log_metric_filter_aws_organizations_changes: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -182,8 +206,16 @@ class Test_cloudwatch_log_metric_filter_aws_organizations_changes: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -259,8 +291,16 @@ class Test_cloudwatch_log_metric_filter_aws_organizations_changes: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -336,8 +376,16 @@ class Test_cloudwatch_log_metric_filter_aws_organizations_changes: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk_test.py index 9751365c..111e02c3 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk_test.py @@ -17,8 +17,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -66,8 +74,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -121,8 +137,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -188,8 +212,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -267,8 +299,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -346,8 +386,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes_test.py index 1c9b8eaa..26017282 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes_test.py @@ -17,8 +17,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -64,8 +72,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -117,8 +133,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -182,8 +206,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -259,8 +291,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -336,8 +376,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_policy_changes/cloudwatch_log_metric_filter_policy_changes_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_policy_changes/cloudwatch_log_metric_filter_policy_changes_test.py index 4869c800..8ac23254 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_policy_changes/cloudwatch_log_metric_filter_policy_changes_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_policy_changes/cloudwatch_log_metric_filter_policy_changes_test.py @@ -17,8 +17,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -64,8 +72,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -117,8 +133,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -182,8 +206,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -259,8 +291,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -336,8 +376,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_root_usage/cloudwatch_log_metric_filter_root_usage_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_root_usage/cloudwatch_log_metric_filter_root_usage_test.py index dd0d9710..a41d1541 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_root_usage/cloudwatch_log_metric_filter_root_usage_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_root_usage/cloudwatch_log_metric_filter_root_usage_test.py @@ -17,8 +17,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -64,8 +72,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -117,8 +133,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -182,8 +206,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -259,8 +291,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -336,8 +376,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_security_group_changes/cloudwatch_log_metric_filter_security_group_changes_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_security_group_changes/cloudwatch_log_metric_filter_security_group_changes_test.py index 188eeff1..21715999 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_security_group_changes/cloudwatch_log_metric_filter_security_group_changes_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_security_group_changes/cloudwatch_log_metric_filter_security_group_changes_test.py @@ -17,8 +17,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -64,8 +72,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -117,8 +133,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -182,8 +206,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -259,8 +291,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -336,8 +376,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_sign_in_without_mfa/cloudwatch_log_metric_filter_sign_in_without_mfa_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_sign_in_without_mfa/cloudwatch_log_metric_filter_sign_in_without_mfa_test.py index 397a670a..cb73ba0d 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_sign_in_without_mfa/cloudwatch_log_metric_filter_sign_in_without_mfa_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_sign_in_without_mfa/cloudwatch_log_metric_filter_sign_in_without_mfa_test.py @@ -17,8 +17,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -64,8 +72,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -117,8 +133,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -182,8 +206,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -259,8 +291,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -336,8 +376,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_unauthorized_api_calls/cloudwatch_log_metric_filter_unauthorized_api_calls_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_unauthorized_api_calls/cloudwatch_log_metric_filter_unauthorized_api_calls_test.py index 6f13e3fe..232cdedb 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_unauthorized_api_calls/cloudwatch_log_metric_filter_unauthorized_api_calls_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_unauthorized_api_calls/cloudwatch_log_metric_filter_unauthorized_api_calls_test.py @@ -17,8 +17,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -64,8 +72,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -117,8 +133,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -182,8 +206,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -259,8 +291,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) @@ -336,8 +376,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls: CloudWatch, Logs, ) + from prowler.providers.common.models import Audit_Metadata current_audit_info.audited_partition = "aws" + current_audit_info.audit_metadata = Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ) from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( Cloudtrail, ) diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_service_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_service_test.py index b9feeab6..57ed549c 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_service_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_service_test.py @@ -3,6 +3,7 @@ from moto import mock_cloudwatch from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info from prowler.providers.aws.services.cloudwatch.cloudwatch_service import CloudWatch +from prowler.providers.common.models import Audit_Metadata AWS_ACCOUNT_NUMBER = 123456789012 AWS_REGION = "us-east-1" @@ -29,6 +30,13 @@ class Test_CloudWatch_Service: audited_regions=None, organizations_metadata=None, audit_resources=None, + audit_metadata=Audit_Metadata( + services_scanned=0, + # We need to set this check to call __describe_log_groups__ + expected_checks=["cloudwatch_log_group_no_secrets_in_logs"], + completed_checks=0, + audit_progress=0, + ), ) return audit_info