diff --git a/poetry.lock b/poetry.lock index ce71c81f..0d215925 100644 --- a/poetry.lock +++ b/poetry.lock @@ -771,19 +771,19 @@ testing = ["pre-commit"] [[package]] name = "flake8" -version = "6.0.0" +version = "6.1.0" description = "the modular source code checker: pep8 pyflakes and co" optional = false python-versions = ">=3.8.1" files = [ - {file = "flake8-6.0.0-py2.py3-none-any.whl", hash = "sha256:3833794e27ff64ea4e9cf5d410082a8b97ff1a06c16aa3d2027339cd0f1195c7"}, - {file = "flake8-6.0.0.tar.gz", hash = "sha256:c61007e76655af75e6785a931f452915b371dc48f56efd765247c8fe68f2b181"}, + {file = "flake8-6.1.0-py2.py3-none-any.whl", hash = "sha256:ffdfce58ea94c6580c77888a86506937f9a1a227dfcd15f245d694ae20a6b6e5"}, + {file = "flake8-6.1.0.tar.gz", hash = "sha256:d5b3857f07c030bdb5bf41c7f53799571d75c4491748a3adcd47de929e34cd23"}, ] [package.dependencies] mccabe = ">=0.7.0,<0.8.0" -pycodestyle = ">=2.10.0,<2.11.0" -pyflakes = ">=3.0.0,<3.1.0" +pycodestyle = ">=2.11.0,<2.12.0" +pyflakes = ">=3.1.0,<3.2.0" [[package]] name = "freezegun" @@ -1696,13 +1696,13 @@ pyasn1 = ">=0.4.6,<0.6.0" [[package]] name = "pycodestyle" -version = "2.10.0" +version = "2.11.0" description = "Python style guide checker" optional = false -python-versions = ">=3.6" +python-versions = ">=3.8" files = [ - {file = "pycodestyle-2.10.0-py2.py3-none-any.whl", hash = "sha256:8a4eaf0d0495c7395bdab3589ac2db602797d76207242c17d470186815706610"}, - {file = "pycodestyle-2.10.0.tar.gz", hash = "sha256:347187bdb476329d98f695c213d7295a846d1152ff4fe9bacb8a9590b8ee7053"}, + {file = "pycodestyle-2.11.0-py2.py3-none-any.whl", hash = "sha256:5d1013ba8dc7895b548be5afb05740ca82454fd899971563d2ef625d090326f8"}, + {file = "pycodestyle-2.11.0.tar.gz", hash = "sha256:259bcc17857d8a8b3b4a2327324b79e5f020a13c16074670f9c8c8f872ea76d0"}, ] [[package]] @@ -1770,13 +1770,13 @@ email = ["email-validator (>=1.0.3)"] [[package]] name = "pyflakes" -version = "3.0.1" +version = "3.1.0" description = "passive checker of Python programs" optional = false -python-versions = ">=3.6" +python-versions = ">=3.8" files = [ - {file = "pyflakes-3.0.1-py2.py3-none-any.whl", hash = "sha256:ec55bf7fe21fff7f1ad2f7da62363d749e2a470500eab1b555334b67aa1ef8cf"}, - {file = "pyflakes-3.0.1.tar.gz", hash = "sha256:ec8b276a6b60bd80defed25add7e439881c19e64850afd9b346283d4165fd0fd"}, + {file = "pyflakes-3.1.0-py2.py3-none-any.whl", hash = "sha256:4132f6d49cb4dae6819e5379898f2b8cce3c5f23994194c24b77d5da2e36f774"}, + {file = "pyflakes-3.1.0.tar.gz", hash = "sha256:a0aae034c444db0071aa077972ba4768d40c830d9539fd45bf4cd3f8f6992efc"}, ] [[package]] @@ -2876,4 +2876,4 @@ docs = ["mkdocs", "mkdocs-material"] [metadata] lock-version = "2.0" python-versions = "^3.9" -content-hash = "0dcd58a094380d0e001a751afd104a543f27cc55c4dbd42db02e120f4da90220" +content-hash = "95a3c66d752dc8552a3e2c032545cda76f13f056ff0f0554a8664f20c8da39c4" diff --git a/prowler/lib/outputs/models.py b/prowler/lib/outputs/models.py index f1ca76aa..b58ad3ae 100644 --- a/prowler/lib/outputs/models.py +++ b/prowler/lib/outputs/models.py @@ -184,7 +184,7 @@ def unroll_tags(tags: list): if tags and tags != [{}] and tags != [None]: for item in tags: # Check if there are tags in list - if type(item) == dict: + if isinstance(item, dict): for key, value in item.items(): if not unrolled_items: # Check the pattern of tags (Key:Value or Key:key/Value:value) @@ -219,7 +219,7 @@ def unroll_dict(dict: dict): unrolled_items = "" separator = "|" for key, value in dict.items(): - if type(value) == list: + if isinstance(value, list): value = ", ".join(value) if not unrolled_items: unrolled_items = f"{key}: {value}" @@ -232,7 +232,7 @@ def unroll_dict(dict: dict): def unroll_dict_to_list(dict: dict): list = [] for key, value in dict.items(): - if type(value) == list: + if isinstance(value, list): value = ", ".join(value) list.append(f"{key}: {value}") else: diff --git a/prowler/providers/aws/services/iam/iam_aws_attached_policy_no_administrative_privileges/iam_aws_attached_policy_no_administrative_privileges.py b/prowler/providers/aws/services/iam/iam_aws_attached_policy_no_administrative_privileges/iam_aws_attached_policy_no_administrative_privileges.py index dc5afe1e..bfec0374 100644 --- a/prowler/providers/aws/services/iam/iam_aws_attached_policy_no_administrative_privileges/iam_aws_attached_policy_no_administrative_privileges.py +++ b/prowler/providers/aws/services/iam/iam_aws_attached_policy_no_administrative_privileges/iam_aws_attached_policy_no_administrative_privileges.py @@ -17,7 +17,7 @@ class iam_aws_attached_policy_no_administrative_privileges(Check): report.status_extended = f"{policy.type} policy {policy.name} is attached but does not allow '*:*' administrative privileges" if policy.document: # Check the statements, if one includes *:* stop iterating over the rest - if type(policy.document["Statement"]) != list: + if not isinstance(policy.document["Statement"], list): policy_statements = [policy.document["Statement"]] else: policy_statements = policy.document["Statement"] diff --git a/prowler/providers/aws/services/iam/iam_customer_attached_policy_no_administrative_privileges/iam_customer_attached_policy_no_administrative_privileges.py b/prowler/providers/aws/services/iam/iam_customer_attached_policy_no_administrative_privileges/iam_customer_attached_policy_no_administrative_privileges.py index f7f850fc..2b6cb3e0 100644 --- a/prowler/providers/aws/services/iam/iam_customer_attached_policy_no_administrative_privileges/iam_customer_attached_policy_no_administrative_privileges.py +++ b/prowler/providers/aws/services/iam/iam_customer_attached_policy_no_administrative_privileges/iam_customer_attached_policy_no_administrative_privileges.py @@ -17,7 +17,7 @@ class iam_customer_attached_policy_no_administrative_privileges(Check): report.status_extended = f"{policy.type} policy {policy.name} is attached but does not allow '*:*' administrative privileges" if policy.document: # Check the statements, if one includes *:* stop iterating over the rest - if type(policy.document["Statement"]) != list: + if not isinstance(policy.document["Statement"], list): policy_statements = [policy.document["Statement"]] else: policy_statements = policy.document["Statement"] diff --git a/prowler/providers/aws/services/iam/iam_customer_unattached_policy_no_administrative_privileges/iam_customer_unattached_policy_no_administrative_privileges.py b/prowler/providers/aws/services/iam/iam_customer_unattached_policy_no_administrative_privileges/iam_customer_unattached_policy_no_administrative_privileges.py index 478c3423..bab71c5d 100644 --- a/prowler/providers/aws/services/iam/iam_customer_unattached_policy_no_administrative_privileges/iam_customer_unattached_policy_no_administrative_privileges.py +++ b/prowler/providers/aws/services/iam/iam_customer_unattached_policy_no_administrative_privileges/iam_customer_unattached_policy_no_administrative_privileges.py @@ -17,7 +17,7 @@ class iam_customer_unattached_policy_no_administrative_privileges(Check): report.status_extended = f"{policy.type} policy {policy.name} is unattached and does not allow '*:*' administrative privileges" if policy.document: # Check the statements, if one includes *:* stop iterating over the rest - if type(policy.document["Statement"]) != list: + if not isinstance(policy.document["Statement"], list): policy_statements = [policy.document["Statement"]] else: policy_statements = policy.document["Statement"] diff --git a/prowler/providers/aws/services/iam/iam_no_custom_policy_permissive_role_assumption/iam_no_custom_policy_permissive_role_assumption.py b/prowler/providers/aws/services/iam/iam_no_custom_policy_permissive_role_assumption/iam_no_custom_policy_permissive_role_assumption.py index b030f139..ff3ac0fd 100644 --- a/prowler/providers/aws/services/iam/iam_no_custom_policy_permissive_role_assumption/iam_no_custom_policy_permissive_role_assumption.py +++ b/prowler/providers/aws/services/iam/iam_no_custom_policy_permissive_role_assumption/iam_no_custom_policy_permissive_role_assumption.py @@ -16,7 +16,7 @@ class iam_no_custom_policy_permissive_role_assumption(Check): report.status = "PASS" report.status_extended = f"Custom Policy {policy.name} does not allow permissive STS Role assumption" if policy.document: - if type(policy.document["Statement"]) != list: + if not isinstance(policy.document["Statement"], list): policy_statements = [policy.document["Statement"]] else: policy_statements = policy.document["Statement"] @@ -27,7 +27,7 @@ class iam_no_custom_policy_permissive_role_assumption(Check): and "Resource" in statement and "*" in statement["Resource"] ): - if type(statement["Action"]) == list: + if isinstance(statement["Action"], list): for action in statement["Action"]: if ( action == "sts:AssumeRole" diff --git a/prowler/providers/aws/services/iam/iam_policy_allows_privilege_escalation/iam_policy_allows_privilege_escalation.py b/prowler/providers/aws/services/iam/iam_policy_allows_privilege_escalation/iam_policy_allows_privilege_escalation.py index f7c616cc..cf74ec76 100644 --- a/prowler/providers/aws/services/iam/iam_policy_allows_privilege_escalation/iam_policy_allows_privilege_escalation.py +++ b/prowler/providers/aws/services/iam/iam_policy_allows_privilege_escalation/iam_policy_allows_privilege_escalation.py @@ -76,7 +76,7 @@ class iam_policy_allows_privilege_escalation(Check): # Recover all policy actions if policy.document: - if type(policy.document["Statement"]) != list: + if not isinstance(policy.document["Statement"], list): policy_statements = [policy.document["Statement"]] else: policy_statements = policy.document["Statement"] diff --git a/prowler/providers/aws/services/iam/iam_policy_no_full_access_to_cloudtrail/iam_policy_no_full_access_to_cloudtrail.py b/prowler/providers/aws/services/iam/iam_policy_no_full_access_to_cloudtrail/iam_policy_no_full_access_to_cloudtrail.py index 66f8a3fc..3bc39b40 100644 --- a/prowler/providers/aws/services/iam/iam_policy_no_full_access_to_cloudtrail/iam_policy_no_full_access_to_cloudtrail.py +++ b/prowler/providers/aws/services/iam/iam_policy_no_full_access_to_cloudtrail/iam_policy_no_full_access_to_cloudtrail.py @@ -18,7 +18,7 @@ class iam_policy_no_full_access_to_cloudtrail(Check): report.status = "PASS" report.status_extended = f"Custom Policy {policy.name} does not allow '{critical_service}:*' privileges" if policy.document: - if type(policy.document["Statement"]) != list: + if not isinstance(policy.document["Statement"], list): policy_statements = [policy.document["Statement"]] else: policy_statements = policy.document["Statement"] diff --git a/prowler/providers/aws/services/iam/iam_policy_no_full_access_to_kms/iam_policy_no_full_access_to_kms.py b/prowler/providers/aws/services/iam/iam_policy_no_full_access_to_kms/iam_policy_no_full_access_to_kms.py index 41dc0863..286e8c1f 100644 --- a/prowler/providers/aws/services/iam/iam_policy_no_full_access_to_kms/iam_policy_no_full_access_to_kms.py +++ b/prowler/providers/aws/services/iam/iam_policy_no_full_access_to_kms/iam_policy_no_full_access_to_kms.py @@ -18,7 +18,7 @@ class iam_policy_no_full_access_to_kms(Check): report.status = "PASS" report.status_extended = f"Custom Policy {policy.name} does not allow '{critical_service}:*' privileges" if policy.document: - if type(policy.document["Statement"]) != list: + if not isinstance(policy.document["Statement"], list): policy_statements = [policy.document["Statement"]] else: policy_statements = policy.document["Statement"] diff --git a/prowler/providers/aws/services/iam/iam_role_cross_account_readonlyaccess_policy/iam_role_cross_account_readonlyaccess_policy.py b/prowler/providers/aws/services/iam/iam_role_cross_account_readonlyaccess_policy/iam_role_cross_account_readonlyaccess_policy.py index ecc12885..605ca335 100644 --- a/prowler/providers/aws/services/iam/iam_role_cross_account_readonlyaccess_policy/iam_role_cross_account_readonlyaccess_policy.py +++ b/prowler/providers/aws/services/iam/iam_role_cross_account_readonlyaccess_policy/iam_role_cross_account_readonlyaccess_policy.py @@ -22,14 +22,16 @@ class iam_role_cross_account_readonlyaccess_policy(Check): if policy["PolicyName"] == "ReadOnlyAccess": report.status_extended = f"IAM Role {role.name} has read-only access but is not cross account." cross_account_access = False - if type(role.assume_role_policy["Statement"]) == list: + if isinstance(role.assume_role_policy["Statement"], list): for statement in role.assume_role_policy["Statement"]: if not cross_account_access: if ( statement["Effect"] == "Allow" and "AWS" in statement["Principal"] ): - if type(statement["Principal"]["AWS"]) == list: + if isinstance( + statement["Principal"]["AWS"], list + ): for aws_account in statement["Principal"][ "AWS" ]: @@ -55,7 +57,7 @@ class iam_role_cross_account_readonlyaccess_policy(Check): statement["Effect"] == "Allow" and "AWS" in statement["Principal"] ): - if type(statement["Principal"]["AWS"]) == list: + if isinstance(statement["Principal"]["AWS"], list): for aws_account in statement["Principal"]["AWS"]: if ( iam_client.audited_account diff --git a/prowler/providers/aws/services/iam/iam_service.py b/prowler/providers/aws/services/iam/iam_service.py index 4a2027a7..d625d0a8 100644 --- a/prowler/providers/aws/services/iam/iam_service.py +++ b/prowler/providers/aws/services/iam/iam_service.py @@ -13,7 +13,7 @@ from prowler.providers.aws.lib.service.service import AWSService def is_service_role(role): try: if "Statement" in role["AssumeRolePolicyDocument"]: - if type(role["AssumeRolePolicyDocument"]["Statement"]) == list: + if isinstance(role["AssumeRolePolicyDocument"]["Statement"], list): for statement in role["AssumeRolePolicyDocument"]["Statement"]: if ( statement["Effect"] == "Allow" diff --git a/prowler/providers/aws/services/kms/kms_key_not_publicly_accessible/kms_key_not_publicly_accessible.py b/prowler/providers/aws/services/kms/kms_key_not_publicly_accessible/kms_key_not_publicly_accessible.py index 6df4eb92..be040b48 100644 --- a/prowler/providers/aws/services/kms/kms_key_not_publicly_accessible/kms_key_not_publicly_accessible.py +++ b/prowler/providers/aws/services/kms/kms_key_not_publicly_accessible/kms_key_not_publicly_accessible.py @@ -31,7 +31,7 @@ class kms_key_not_publicly_accessible(Check): elif ( "Principal" in statement and "AWS" in statement["Principal"] ): - if type(statement["Principal"]["AWS"]) == str: + if isinstance(statement["Principal"]["AWS"], str): principals = [statement["Principal"]["AWS"]] else: principals = statement["Principal"]["AWS"] diff --git a/prowler/providers/aws/services/s3/s3_bucket_public_access/s3_bucket_public_access.py b/prowler/providers/aws/services/s3/s3_bucket_public_access/s3_bucket_public_access.py index e051740c..c6a41763 100644 --- a/prowler/providers/aws/services/s3/s3_bucket_public_access/s3_bucket_public_access.py +++ b/prowler/providers/aws/services/s3/s3_bucket_public_access/s3_bucket_public_access.py @@ -60,7 +60,9 @@ class s3_bucket_public_access(Check): and "AWS" in statement["Principal"] and statement["Effect"] == "Allow" ): - if type(statement["Principal"]["AWS"]) == str: + if isinstance( + statement["Principal"]["AWS"], str + ): principals = [statement["Principal"]["AWS"]] else: principals = statement["Principal"]["AWS"] diff --git a/prowler/providers/aws/services/vpc/vpc_endpoint_connections_trust_boundaries/vpc_endpoint_connections_trust_boundaries.py b/prowler/providers/aws/services/vpc/vpc_endpoint_connections_trust_boundaries/vpc_endpoint_connections_trust_boundaries.py index 99ff5ce3..de38a9ae 100644 --- a/prowler/providers/aws/services/vpc/vpc_endpoint_connections_trust_boundaries/vpc_endpoint_connections_trust_boundaries.py +++ b/prowler/providers/aws/services/vpc/vpc_endpoint_connections_trust_boundaries/vpc_endpoint_connections_trust_boundaries.py @@ -24,7 +24,7 @@ class vpc_endpoint_connections_trust_boundaries(Check): break else: - if type(statement["Principal"]["AWS"]) == str: + if isinstance(statement["Principal"]["AWS"], str): principals = [statement["Principal"]["AWS"]] else: principals = statement["Principal"]["AWS"] diff --git a/pyproject.toml b/pyproject.toml index 0b00ebe4..cde7b46c 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -56,7 +56,7 @@ bandit = "1.7.5" black = "22.12.0" coverage = "7.2.7" docker = "6.1.3" -flake8 = "6.0.0" +flake8 = "6.1.0" freezegun = "1.2.2" moto = "4.1.14" openapi-spec-validator = "0.6.0"