From b67ca429e96c73dc9bc4fa08e183482b0b472065 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Toma=CC=81s=CC=8C=20Milata?= <tomas@asidatascience.com>
Date: Wed, 13 Dec 2017 13:38:27 +0000
Subject: [PATCH] Use a query to get AccountMFAEnabled rather than awk/sed

Parsing with awk/sed relies on the json being pretty printed (no other values on the same line), which is not always true, causing false-positive warings sometimes. Querying for SummaryMap.AccountMFAEnabled directly should be more robust
---
 prowler | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/prowler b/prowler
index ec859b9c..6ec5d7f9 100755
--- a/prowler
+++ b/prowler
@@ -696,7 +696,7 @@ check113(){
 check114(){
   ID114="1.14"
   TITLE114="Ensure hardware MFA is enabled for the root account (Scored)"
-  COMMAND113=$($AWSCLI iam get-account-summary $PROFILE_OPT --region $REGION --output json|grep AccountMFAEnabled | awk -F': ' '{ print $2 }'|sed 's/,//')
+  COMMAND113=$($AWSCLI iam get-account-summary $PROFILE_OPT --region $REGION --output json --query 'SummaryMap.AccountMFAEnabled')
   textTitle "$ID114" "$TITLE114" "SCORED" "LEVEL1"
   if [ "$COMMAND113" == "1" ]; then
     COMMAND114=$($AWSCLI iam list-virtual-mfa-devices $PROFILE_OPT --region $REGION --query 'VirtualMFADevices' --output text|grep :root |wc -l)