From 305b67fbed7c016c7d46b7552b08cd0ae9dc8703 Mon Sep 17 00:00:00 2001 From: Gabriel Soltz Date: Thu, 13 Apr 2023 14:18:31 +0200 Subject: [PATCH] feat(check): New check cloudtrail_bucket_requires_mfa_delete (#2194) Co-authored-by: Pepe Fagoaga --- .../__init__.py | 0 ...l_bucket_requires_mfa_delete.metadata.json | 36 +++ .../cloudtrail_bucket_requires_mfa_delete.py | 35 +++ .../aws/lib/allowlist/allowlist_test.py | 2 +- .../accessanalyzer_service_test.py | 44 ++- .../acm_certificates_expiration_check_test.py | 2 +- ...ificates_transparency_logs_enabled_test.py | 2 +- .../aws/services/acm/acm_service_test.py | 2 +- .../apigateway/apigateway_service_test.py | 2 +- .../apigatewayv2/apigatewayv2_service_test.py | 2 +- .../autoscaling/autoscaling_service_test.py | 2 +- ...udtrail_bucket_requires_mfa_delete_test.py | 260 ++++++++++++++++ ...udtrail_cloudwatch_logging_enabled_test.py | 291 ++++++++++-------- .../cloudtrail_insights_exist_test.py | 2 +- .../cloudtrail_kms_encryption_enabled_test.py | 44 ++- ...dtrail_log_file_validation_enabled_test.py | 44 ++- ...s_s3_bucket_access_logging_enabled_test.py | 163 +++++----- ..._bucket_is_not_publicly_accessible_test.py | 208 +++++++------ .../cloudtrail_multi_region_enabled_test.py | 2 +- ...udtrail_s3_dataevents_read_enabled_test.py | 2 +- ...dtrail_s3_dataevents_write_enabled_test.py | 2 +- .../cloudwatch/cloudwatch_service_test.py | 2 +- .../codebuild/codebuild_service_test.py | 2 +- .../services/config/config_service_test.py | 2 +- .../dynamodb/dynamodb_service_test.py | 2 +- .../aws/services/ec2/ec2_service_test.py | 2 +- .../aws/services/ecr/ecr_service_test.py | 2 +- .../aws/services/ecs/ecs_service_test.py | 2 +- .../aws/services/eks/eks_service_test.py | 2 +- .../aws/services/elb/elb_service_test.py | 2 +- .../aws/services/elbv2/elbv2_service_test.py | 2 +- .../aws/services/glue/glue_service_test.py | 2 +- .../guardduty/guardduty_service_test.py | 2 +- .../aws/services/iam/iam_service_test.py | 2 +- .../aws/services/kms/kms_service_test.py | 2 +- .../opensearch/opensearch_service_test.py | 2 +- .../aws/services/rds/rds_service_test.py | 2 +- .../redshift/redshift_service_test.py | 2 +- .../sagemaker/sagemaker_service_test.py | 2 +- .../aws/services/sns/sns_service_test.py | 2 +- .../aws/services/sqs/sqs_service_test.py | 2 +- .../trustedadvisor_service_test.py | 2 +- .../aws/services/vpc/vpc_service_test.py | 2 +- .../aws/services/waf/waf_service_test.py | 2 +- .../aws/services/wafv2/wafv2_service_test.py | 2 +- .../workspaces/workspaces_service_test.py | 2 +- 46 files changed, 839 insertions(+), 358 deletions(-) create mode 100644 prowler/providers/aws/services/cloudtrail/cloudtrail_bucket_requires_mfa_delete/__init__.py create mode 100644 prowler/providers/aws/services/cloudtrail/cloudtrail_bucket_requires_mfa_delete/cloudtrail_bucket_requires_mfa_delete.metadata.json create mode 100644 prowler/providers/aws/services/cloudtrail/cloudtrail_bucket_requires_mfa_delete/cloudtrail_bucket_requires_mfa_delete.py create mode 100644 tests/providers/aws/services/cloudtrail/cloudtrail_bucket_requires_mfa_delete/cloudtrail_bucket_requires_mfa_delete_test.py diff --git a/prowler/providers/aws/services/cloudtrail/cloudtrail_bucket_requires_mfa_delete/__init__.py b/prowler/providers/aws/services/cloudtrail/cloudtrail_bucket_requires_mfa_delete/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/prowler/providers/aws/services/cloudtrail/cloudtrail_bucket_requires_mfa_delete/cloudtrail_bucket_requires_mfa_delete.metadata.json b/prowler/providers/aws/services/cloudtrail/cloudtrail_bucket_requires_mfa_delete/cloudtrail_bucket_requires_mfa_delete.metadata.json new file mode 100644 index 00000000..1f8ec97e --- /dev/null +++ b/prowler/providers/aws/services/cloudtrail/cloudtrail_bucket_requires_mfa_delete/cloudtrail_bucket_requires_mfa_delete.metadata.json @@ -0,0 +1,36 @@ +{ + "Provider": "aws", + "CheckID": "cloudtrail_bucket_requires_mfa_delete", + "CheckTitle": "Ensure the S3 bucket CloudTrail bucket requires MFA delete", + "CheckType": [ + "Software and Configuration Checks", + "Industry and Regulatory Standards", + "CIS AWS Foundations Benchmark" + ], + "ServiceName": "cloudtrail", + "SubServiceName": "", + "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", + "Severity": "medium", + "ResourceType": "AwsCloudTrailTrail", + "Description": "Ensure the S3 bucket CloudTrail bucket requires MFA", + "Risk": "If the S3 bucket CloudTrail bucket does not require MFA, it can be deleted by an attacker.", + "RelatedUrl": "", + "Remediation": { + "Code": { + "CLI": "aws s3api put-bucket-versioning --bucket DOC-EXAMPLE-BUCKET1 --versioning-configuration Status=Enabled,MFADelete=Enabled --mfa \"SERIAL 123456\"", + "NativeIaC": "", + "Other": "", + "Terraform": "" + }, + "Recommendation": { + "Text": "Configure MFA Delete for the S3 bucket CloudTrail bucket", + "Url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiFactorAuthenticationDelete.html" + } + }, + "Categories": [ + "forensics-ready" + ], + "DependsOn": [], + "RelatedTo": [], + "Notes": "" +} diff --git a/prowler/providers/aws/services/cloudtrail/cloudtrail_bucket_requires_mfa_delete/cloudtrail_bucket_requires_mfa_delete.py b/prowler/providers/aws/services/cloudtrail/cloudtrail_bucket_requires_mfa_delete/cloudtrail_bucket_requires_mfa_delete.py new file mode 100644 index 00000000..9ce8349c --- /dev/null +++ b/prowler/providers/aws/services/cloudtrail/cloudtrail_bucket_requires_mfa_delete/cloudtrail_bucket_requires_mfa_delete.py @@ -0,0 +1,35 @@ +from prowler.lib.check.models import Check, Check_Report_AWS +from prowler.providers.aws.services.cloudtrail.cloudtrail_client import ( + cloudtrail_client, +) +from prowler.providers.aws.services.s3.s3_client import s3_client + + +class cloudtrail_bucket_requires_mfa_delete(Check): + def execute(self): + findings = [] + for trail in cloudtrail_client.trails: + if trail.is_logging: + trail_bucket_is_in_account = False + trail_bucket = trail.s3_bucket + report = Check_Report_AWS(self.metadata()) + report.region = trail.region + report.resource_id = trail.name + report.resource_arn = trail.arn + report.resource_tags = trail.tags + report.status = "FAIL" + report.status_extended = f"Trail {trail.name} bucket ({trail_bucket}) has not MFA delete enabled" + for bucket in s3_client.buckets: + if trail_bucket == bucket.name: + trail_bucket_is_in_account = True + if bucket.mfa_delete: + report.status = "PASS" + report.status_extended = f"Trail {trail.name} bucket ({trail_bucket}) has MFA delete enabled" + # check if trail bucket is a cross account bucket + if not trail_bucket_is_in_account: + report.status = "PASS" + report.status_extended = f"Trail {trail.name} bucket ({trail_bucket}) is a cross-account bucket in another account out of Prowler's permissions scope, please check it manually" + + findings.append(report) + + return findings diff --git a/tests/providers/aws/lib/allowlist/allowlist_test.py b/tests/providers/aws/lib/allowlist/allowlist_test.py index a5a259fc..161f75ea 100644 --- a/tests/providers/aws/lib/allowlist/allowlist_test.py +++ b/tests/providers/aws/lib/allowlist/allowlist_test.py @@ -11,7 +11,7 @@ from prowler.providers.aws.lib.allowlist.allowlist import ( ) from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info -AWS_ACCOUNT_NUMBER = 123456789012 +AWS_ACCOUNT_NUMBER = "123456789012" AWS_REGION = "us-east-1" diff --git a/tests/providers/aws/services/accessanalyzer/accessanalyzer_service_test.py b/tests/providers/aws/services/accessanalyzer/accessanalyzer_service_test.py index de76b164..b8ea793c 100644 --- a/tests/providers/aws/services/accessanalyzer/accessanalyzer_service_test.py +++ b/tests/providers/aws/services/accessanalyzer/accessanalyzer_service_test.py @@ -1,15 +1,19 @@ from unittest.mock import patch import botocore - -from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info +from boto3 import session from prowler.providers.aws.services.accessanalyzer.accessanalyzer_service import ( AccessAnalyzer, ) +from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info + # Mock Test Region AWS_REGION = "eu-west-1" +AWS_ACCOUNT_NUMBER = "123456789012" + + # Mocking Access Analyzer Calls make_api_call = botocore.client.BaseClient._make_api_call @@ -66,9 +70,31 @@ def mock_generate_regional_clients(service, audit_info): new=mock_generate_regional_clients, ) class Test_AccessAnalyzer_Service: + def set_mocked_audit_info(self): + audit_info = AWS_Audit_Info( + session_config=None, + original_session=None, + audit_session=session.Session( + profile_name=None, + botocore_session=None, + ), + audited_account=AWS_ACCOUNT_NUMBER, + audited_user_id=None, + audited_partition="aws", + audited_identity_arn=None, + profile=None, + profile_region=None, + credentials=None, + assumed_role_info=None, + audited_regions=["us-east-1", "eu-west-1"], + organizations_metadata=None, + audit_resources=None, + ) + return audit_info + # Test AccessAnalyzer Client def test__get_client__(self): - access_analyzer = AccessAnalyzer(current_audit_info) + access_analyzer = AccessAnalyzer(self.set_mocked_audit_info()) assert ( access_analyzer.regional_clients[AWS_REGION].__class__.__name__ == "AccessAnalyzer" @@ -76,18 +102,16 @@ class Test_AccessAnalyzer_Service: # Test AccessAnalyzer Session def test__get_session__(self): - access_analyzer = AccessAnalyzer(current_audit_info) + access_analyzer = AccessAnalyzer(self.set_mocked_audit_info()) assert access_analyzer.session.__class__.__name__ == "Session" # Test AccessAnalyzer Service def test__get_service__(self): - access_analyzer = AccessAnalyzer(current_audit_info) + access_analyzer = AccessAnalyzer(self.set_mocked_audit_info()) assert access_analyzer.service == "accessanalyzer" def test__list_analyzers__(self): - # Set partition for the service - current_audit_info.audited_partition = "aws" - access_analyzer = AccessAnalyzer(current_audit_info) + access_analyzer = AccessAnalyzer(self.set_mocked_audit_info()) assert len(access_analyzer.analyzers) == 1 assert access_analyzer.analyzers[0].arn == "ARN" assert access_analyzer.analyzers[0].name == "Test Analyzer" @@ -97,9 +121,7 @@ class Test_AccessAnalyzer_Service: assert access_analyzer.analyzers[0].region == AWS_REGION def test__list_findings__(self): - # Set partition for the service - current_audit_info.audited_partition = "aws" - access_analyzer = AccessAnalyzer(current_audit_info) + access_analyzer = AccessAnalyzer(self.set_mocked_audit_info()) assert len(access_analyzer.analyzers) == 1 assert len(access_analyzer.analyzers[0].findings) == 1 assert access_analyzer.analyzers[0].findings[0].status == "ARCHIVED" diff --git a/tests/providers/aws/services/acm/acm_certificates_expiration_check/acm_certificates_expiration_check_test.py b/tests/providers/aws/services/acm/acm_certificates_expiration_check/acm_certificates_expiration_check_test.py index 03d4b1d2..63eedbea 100644 --- a/tests/providers/aws/services/acm/acm_certificates_expiration_check/acm_certificates_expiration_check_test.py +++ b/tests/providers/aws/services/acm/acm_certificates_expiration_check/acm_certificates_expiration_check_test.py @@ -4,7 +4,7 @@ from unittest import mock from prowler.providers.aws.services.acm.acm_service import Certificate AWS_REGION = "us-east-1" -AWS_ACCOUNT_NUMBER = 123456789012 +AWS_ACCOUNT_NUMBER = "123456789012" DAYS_TO_EXPIRE_THRESHOLD = 7 diff --git a/tests/providers/aws/services/acm/acm_certificates_transparency_logs_enabled/acm_certificates_transparency_logs_enabled_test.py b/tests/providers/aws/services/acm/acm_certificates_transparency_logs_enabled/acm_certificates_transparency_logs_enabled_test.py index fa3c43af..2f8ca774 100644 --- a/tests/providers/aws/services/acm/acm_certificates_transparency_logs_enabled/acm_certificates_transparency_logs_enabled_test.py +++ b/tests/providers/aws/services/acm/acm_certificates_transparency_logs_enabled/acm_certificates_transparency_logs_enabled_test.py @@ -4,7 +4,7 @@ from unittest import mock from prowler.providers.aws.services.acm.acm_service import Certificate AWS_REGION = "us-east-1" -AWS_ACCOUNT_NUMBER = 123456789012 +AWS_ACCOUNT_NUMBER = "123456789012" class Test_acm_certificates_transparency_logs_enabled: diff --git a/tests/providers/aws/services/acm/acm_service_test.py b/tests/providers/aws/services/acm/acm_service_test.py index fbbb7191..e9f941c0 100644 --- a/tests/providers/aws/services/acm/acm_service_test.py +++ b/tests/providers/aws/services/acm/acm_service_test.py @@ -12,7 +12,7 @@ from prowler.providers.aws.services.acm.acm_service import ACM # from moto import mock_acm -AWS_ACCOUNT_NUMBER = 123456789012 +AWS_ACCOUNT_NUMBER = "123456789012" AWS_REGION = "us-east-1" # Mocking Access Analyzer Calls diff --git a/tests/providers/aws/services/apigateway/apigateway_service_test.py b/tests/providers/aws/services/apigateway/apigateway_service_test.py index cac50c53..29a27336 100644 --- a/tests/providers/aws/services/apigateway/apigateway_service_test.py +++ b/tests/providers/aws/services/apigateway/apigateway_service_test.py @@ -4,7 +4,7 @@ from moto import mock_apigateway from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info from prowler.providers.aws.services.apigateway.apigateway_service import APIGateway -AWS_ACCOUNT_NUMBER = 123456789012 +AWS_ACCOUNT_NUMBER = "123456789012" AWS_REGION = "us-east-1" diff --git a/tests/providers/aws/services/apigatewayv2/apigatewayv2_service_test.py b/tests/providers/aws/services/apigatewayv2/apigatewayv2_service_test.py index 2af97715..d2535271 100644 --- a/tests/providers/aws/services/apigatewayv2/apigatewayv2_service_test.py +++ b/tests/providers/aws/services/apigatewayv2/apigatewayv2_service_test.py @@ -8,7 +8,7 @@ from prowler.providers.aws.services.apigatewayv2.apigatewayv2_service import ( ApiGatewayV2, ) -AWS_ACCOUNT_NUMBER = 123456789012 +AWS_ACCOUNT_NUMBER = "123456789012" AWS_REGION = "us-east-1" # Mocking ApiGatewayV2 Calls diff --git a/tests/providers/aws/services/autoscaling/autoscaling_service_test.py b/tests/providers/aws/services/autoscaling/autoscaling_service_test.py index 49b6fb24..4a2cc145 100644 --- a/tests/providers/aws/services/autoscaling/autoscaling_service_test.py +++ b/tests/providers/aws/services/autoscaling/autoscaling_service_test.py @@ -6,7 +6,7 @@ from moto import mock_autoscaling from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info from prowler.providers.aws.services.autoscaling.autoscaling_service import AutoScaling -AWS_ACCOUNT_NUMBER = 123456789012 +AWS_ACCOUNT_NUMBER = "123456789012" AWS_REGION = "us-east-1" diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_bucket_requires_mfa_delete/cloudtrail_bucket_requires_mfa_delete_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_bucket_requires_mfa_delete/cloudtrail_bucket_requires_mfa_delete_test.py new file mode 100644 index 00000000..2c022c6e --- /dev/null +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_bucket_requires_mfa_delete/cloudtrail_bucket_requires_mfa_delete_test.py @@ -0,0 +1,260 @@ +from unittest import mock +from unittest.mock import patch + +import botocore +from boto3 import client, session +from moto import mock_cloudtrail, mock_iam, mock_s3 + +from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info +from prowler.providers.aws.services.cloudtrail.cloudtrail_service import Cloudtrail +from prowler.providers.aws.services.s3.s3_service import S3 + +AWS_ACCOUNT_NUMBER = "123456789012" + +# Mocking Backup Calls +make_api_call = botocore.client.BaseClient._make_api_call + + +class Test_cloudtrail_bucket_requires_mfa_delete: + def set_mocked_audit_info(self): + audit_info = AWS_Audit_Info( + session_config=None, + original_session=None, + audit_session=session.Session( + profile_name=None, + botocore_session=None, + ), + audited_account=AWS_ACCOUNT_NUMBER, + audited_user_id=None, + audited_partition="aws", + audited_identity_arn=None, + profile=None, + profile_region=None, + credentials=None, + assumed_role_info=None, + audited_regions=["us-east-1", "eu-west-1"], + organizations_metadata=None, + audit_resources=None, + ) + return audit_info + + @mock_cloudtrail + def test_no_trails(self): + current_audit_info = self.set_mocked_audit_info() + + with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( + "prowler.providers.aws.services.cloudtrail.cloudtrail_bucket_requires_mfa_delete.cloudtrail_bucket_requires_mfa_delete.cloudtrail_client", + new=Cloudtrail(current_audit_info), + ): + # Test Check + from prowler.providers.aws.services.cloudtrail.cloudtrail_bucket_requires_mfa_delete.cloudtrail_bucket_requires_mfa_delete import ( + cloudtrail_bucket_requires_mfa_delete, + ) + + check = cloudtrail_bucket_requires_mfa_delete() + result = check.execute() + assert len(result) == 0 + + @mock_cloudtrail + @mock_s3 + def test_trails_with_no_mfa_bucket(self): + current_audit_info = self.set_mocked_audit_info() + + cloudtrail_client_us_east_1 = client("cloudtrail", region_name="us-east-1") + s3_client_us_east_1 = client("s3", region_name="us-east-1") + trail_name_us = "trail_test_us_with_no_mfa_bucket" + bucket_name_us = "bucket_test_us_with_no_mfa" + s3_client_us_east_1.create_bucket(Bucket=bucket_name_us) + trail_us = cloudtrail_client_us_east_1.create_trail( + Name=trail_name_us, S3BucketName=bucket_name_us, IsMultiRegionTrail=False + ) + cloudtrail_client_us_east_1.start_logging(Name=trail_name_us) + cloudtrail_client_us_east_1.get_trail_status(Name=trail_name_us) + + with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( + "prowler.providers.aws.services.cloudtrail.cloudtrail_bucket_requires_mfa_delete.cloudtrail_bucket_requires_mfa_delete.cloudtrail_client", + new=Cloudtrail(current_audit_info), + ), mock.patch( + "prowler.providers.aws.services.cloudtrail.cloudtrail_bucket_requires_mfa_delete.cloudtrail_bucket_requires_mfa_delete.s3_client", + new=S3(current_audit_info), + ): + # Test Check + from prowler.providers.aws.services.cloudtrail.cloudtrail_bucket_requires_mfa_delete.cloudtrail_bucket_requires_mfa_delete import ( + cloudtrail_bucket_requires_mfa_delete, + ) + + check = cloudtrail_bucket_requires_mfa_delete() + result = check.execute() + assert len(result) == 1 + assert result[0].status == "FAIL" + assert ( + result[0].status_extended + == f"Trail {trail_name_us} bucket ({bucket_name_us}) has not MFA delete enabled" + ) + assert result[0].resource_id == trail_name_us + assert result[0].region == "us-east-1" + assert result[0].resource_arn == trail_us["TrailARN"] + + # Create an MFA device is not supported for moto, so we mock the call: + def mock_make_api_call_getbucketversioning_mfadelete_enabled( + self, operation_name, kwarg + ): + """ + Mock unsoportted AWS API call + """ + if operation_name == "GetBucketVersioning": + return {"MFADelete": "Enabled", "Status": "Enabled"} + return make_api_call(self, operation_name, kwarg) + + @mock_cloudtrail + @mock_s3 + @mock_iam + # Patch with mock_make_api_call_getbucketversioning_mfadelete_enabled: + @patch( + "botocore.client.BaseClient._make_api_call", + new=mock_make_api_call_getbucketversioning_mfadelete_enabled, + ) + def test_trails_with_mfa_bucket(self): + current_audit_info = self.set_mocked_audit_info() + + cloudtrail_client_us_east_1 = client("cloudtrail", region_name="us-east-1") + s3_client_us_east_1 = client("s3", region_name="us-east-1") + trail_name_us = "trail_test_us_with_mfa_bucket" + bucket_name_us = "bucket_test_us_with_mfa" + s3_client_us_east_1.create_bucket(Bucket=bucket_name_us) + trail_us = cloudtrail_client_us_east_1.create_trail( + Name=trail_name_us, S3BucketName=bucket_name_us, IsMultiRegionTrail=False + ) + cloudtrail_client_us_east_1.start_logging(Name=trail_name_us) + cloudtrail_client_us_east_1.get_trail_status(Name=trail_name_us) + + with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( + "prowler.providers.aws.services.cloudtrail.cloudtrail_bucket_requires_mfa_delete.cloudtrail_bucket_requires_mfa_delete.cloudtrail_client", + new=Cloudtrail(current_audit_info), + ), mock.patch( + "prowler.providers.aws.services.cloudtrail.cloudtrail_bucket_requires_mfa_delete.cloudtrail_bucket_requires_mfa_delete.s3_client", + new=S3(current_audit_info), + ): + # Test Check + from prowler.providers.aws.services.cloudtrail.cloudtrail_bucket_requires_mfa_delete.cloudtrail_bucket_requires_mfa_delete import ( + cloudtrail_bucket_requires_mfa_delete, + ) + + check = cloudtrail_bucket_requires_mfa_delete() + result = check.execute() + assert len(result) == 1 + assert result[0].status == "PASS" + assert ( + result[0].status_extended + == f"Trail {trail_name_us} bucket ({bucket_name_us}) has MFA delete enabled" + ) + assert result[0].resource_id == trail_name_us + assert result[0].region == "us-east-1" + assert result[0].resource_arn == trail_us["TrailARN"] + + @mock_cloudtrail + @mock_s3 + def test_trails_with_no_mfa_bucket_cross(self): + current_audit_info = self.set_mocked_audit_info() + + cloudtrail_client_us_east_1 = client("cloudtrail", region_name="us-east-1") + s3_client_us_east_1 = client("s3", region_name="us-east-1") + trail_name_us = "trail_test_us_with_no_mfa_bucket" + bucket_name_us = "bucket_test_us_with_no_mfa" + s3_client_us_east_1.create_bucket(Bucket=bucket_name_us) + trail_us = cloudtrail_client_us_east_1.create_trail( + Name=trail_name_us, S3BucketName=bucket_name_us, IsMultiRegionTrail=False + ) + cloudtrail_client_us_east_1.start_logging(Name=trail_name_us) + cloudtrail_client_us_east_1.get_trail_status(Name=trail_name_us) + + with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( + "prowler.providers.aws.services.cloudtrail.cloudtrail_bucket_requires_mfa_delete.cloudtrail_bucket_requires_mfa_delete.cloudtrail_client", + new=Cloudtrail(current_audit_info), + ), mock.patch( + "prowler.providers.aws.services.cloudtrail.cloudtrail_bucket_requires_mfa_delete.cloudtrail_bucket_requires_mfa_delete.s3_client", + new=S3(current_audit_info), + ) as s3_client: + # Test Check + from prowler.providers.aws.services.cloudtrail.cloudtrail_bucket_requires_mfa_delete.cloudtrail_bucket_requires_mfa_delete import ( + cloudtrail_bucket_requires_mfa_delete, + ) + + # Empty s3 buckets to simulate the bucket is in another account + s3_client.buckets = [] + + check = cloudtrail_bucket_requires_mfa_delete() + result = check.execute() + assert len(result) == 1 + assert result[0].status == "PASS" + assert ( + result[0].status_extended + == f"Trail {trail_name_us} bucket ({bucket_name_us}) is a cross-account bucket in another account out of Prowler's permissions scope, please check it manually" + ) + assert result[0].resource_id == trail_name_us + assert result[0].region == "us-east-1" + assert result[0].resource_arn == trail_us["TrailARN"] + + @mock_cloudtrail + @mock_s3 + @mock_iam + # Patch with mock_make_api_call_getbucketversioning_mfadelete_enabled: + @patch( + "botocore.client.BaseClient._make_api_call", + new=mock_make_api_call_getbucketversioning_mfadelete_enabled, + ) + def test_trails_with_mfa_bucket_cross(self): + current_audit_info = self.set_mocked_audit_info() + + cloudtrail_client_us_east_1 = client("cloudtrail", region_name="us-east-1") + s3_client_us_east_1 = client("s3", region_name="us-east-1") + trail_name_us = "trail_test_us_with_mfa_bucket" + bucket_name_us = "bucket_test_us_with_mfa" + s3_client_us_east_1.create_bucket(Bucket=bucket_name_us) + trail_us = cloudtrail_client_us_east_1.create_trail( + Name=trail_name_us, S3BucketName=bucket_name_us, IsMultiRegionTrail=False + ) + cloudtrail_client_us_east_1.start_logging(Name=trail_name_us) + cloudtrail_client_us_east_1.get_trail_status(Name=trail_name_us) + + with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=current_audit_info, + ), mock.patch( + "prowler.providers.aws.services.cloudtrail.cloudtrail_bucket_requires_mfa_delete.cloudtrail_bucket_requires_mfa_delete.cloudtrail_client", + new=Cloudtrail(current_audit_info), + ), mock.patch( + "prowler.providers.aws.services.cloudtrail.cloudtrail_bucket_requires_mfa_delete.cloudtrail_bucket_requires_mfa_delete.s3_client", + new=S3(current_audit_info), + ) as s3_client: + # Test Check + from prowler.providers.aws.services.cloudtrail.cloudtrail_bucket_requires_mfa_delete.cloudtrail_bucket_requires_mfa_delete import ( + cloudtrail_bucket_requires_mfa_delete, + ) + + # Empty s3 buckets to simulate the bucket is in another account + s3_client.buckets = [] + + check = cloudtrail_bucket_requires_mfa_delete() + result = check.execute() + assert len(result) == 1 + assert result[0].status == "PASS" + assert ( + result[0].status_extended + == f"Trail {trail_name_us} bucket ({bucket_name_us}) is a cross-account bucket in another account out of Prowler's permissions scope, please check it manually" + ) + assert result[0].resource_id == trail_name_us + assert result[0].region == "us-east-1" + assert result[0].resource_arn == trail_us["TrailARN"] diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_cloudwatch_logging_enabled/cloudtrail_cloudwatch_logging_enabled_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_cloudwatch_logging_enabled/cloudtrail_cloudwatch_logging_enabled_test.py index a1b8ad61..29851dec 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_cloudwatch_logging_enabled/cloudtrail_cloudwatch_logging_enabled_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_cloudwatch_logging_enabled/cloudtrail_cloudwatch_logging_enabled_test.py @@ -2,11 +2,37 @@ from datetime import datetime, timedelta, timezone from re import search from unittest import mock -from boto3 import client +from boto3 import client, session from moto import mock_cloudtrail, mock_s3 +from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info + +AWS_ACCOUNT_NUMBER = "123456789012" + class Test_cloudtrail_cloudwatch_logging_enabled: + def set_mocked_audit_info(self): + audit_info = AWS_Audit_Info( + session_config=None, + original_session=None, + audit_session=session.Session( + profile_name=None, + botocore_session=None, + ), + audited_account=AWS_ACCOUNT_NUMBER, + audited_user_id=None, + audited_partition="aws", + audited_identity_arn=None, + profile=None, + profile_region=None, + credentials=None, + assumed_role_info=None, + audited_regions=["us-east-1", "eu-west-1"], + organizations_metadata=None, + audit_resources=None, + ) + return audit_info + @mock_cloudtrail @mock_s3 def test_trails_sending_logs_during_and_not_last_day(self): @@ -30,58 +56,58 @@ class Test_cloudtrail_cloudwatch_logging_enabled: Name=trail_name_eu, S3BucketName=bucket_name_eu, IsMultiRegionTrail=False ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( Cloudtrail, ) - current_audit_info.audited_partition = "aws" - current_audit_info.audited_regions = ["eu-west-1", "us-east-1"] - with mock.patch( - "prowler.providers.aws.services.cloudtrail.cloudtrail_cloudwatch_logging_enabled.cloudtrail_cloudwatch_logging_enabled.cloudtrail_client", - new=Cloudtrail(current_audit_info), - ) as service_client: - # Test Check - from prowler.providers.aws.services.cloudtrail.cloudtrail_cloudwatch_logging_enabled.cloudtrail_cloudwatch_logging_enabled import ( - cloudtrail_cloudwatch_logging_enabled, - ) + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=self.set_mocked_audit_info(), + ): + with mock.patch( + "prowler.providers.aws.services.cloudtrail.cloudtrail_cloudwatch_logging_enabled.cloudtrail_cloudwatch_logging_enabled.cloudtrail_client", + new=Cloudtrail(self.set_mocked_audit_info()), + ) as service_client: + # Test Check + from prowler.providers.aws.services.cloudtrail.cloudtrail_cloudwatch_logging_enabled.cloudtrail_cloudwatch_logging_enabled import ( + cloudtrail_cloudwatch_logging_enabled, + ) - for trail in service_client.trails: - if trail.name == trail_name_us: - trail.latest_cloudwatch_delivery_time = datetime.now().replace( - tzinfo=timezone.utc - ) - elif trail.name == trail_name_eu: - trail.latest_cloudwatch_delivery_time = ( - datetime.now() - timedelta(days=2) - ).replace(tzinfo=timezone.utc) + for trail in service_client.trails: + if trail.name == trail_name_us: + trail.latest_cloudwatch_delivery_time = datetime.now().replace( + tzinfo=timezone.utc + ) + elif trail.name == trail_name_eu: + trail.latest_cloudwatch_delivery_time = ( + datetime.now() - timedelta(days=2) + ).replace(tzinfo=timezone.utc) - regions = [] - for region in service_client.regional_clients.keys(): - regions.append(region) + regions = [] + for region in service_client.regional_clients.keys(): + regions.append(region) - check = cloudtrail_cloudwatch_logging_enabled() - result = check.execute() - # len of result if has to be 2 since we only have 2 single region trails - assert len(result) == 2 - for report in result: - if report.resource_id == trail_name_us: - assert report.resource_id == trail_name_us - assert report.resource_arn == trail_us["TrailARN"] - assert report.status == "PASS" - assert search( - report.status_extended, - f"Single region trail {trail_name_us} has been logging the last 24h", - ) - if report.resource_id == trail_name_eu: - assert report.resource_id == trail_name_eu - assert report.resource_arn == trail_eu["TrailARN"] - assert report.status == "FAIL" - assert search( - report.status_extended, - f"Single region trail {trail_name_eu} is not logging in the last 24h", - ) + check = cloudtrail_cloudwatch_logging_enabled() + result = check.execute() + # len of result if has to be 2 since we only have 2 single region trails + assert len(result) == 2 + for report in result: + if report.resource_id == trail_name_us: + assert report.resource_id == trail_name_us + assert report.resource_arn == trail_us["TrailARN"] + assert report.status == "PASS" + assert search( + report.status_extended, + f"Single region trail {trail_name_us} has been logging the last 24h", + ) + if report.resource_id == trail_name_eu: + assert report.resource_id == trail_name_eu + assert report.resource_arn == trail_eu["TrailARN"] + assert report.status == "FAIL" + assert search( + report.status_extended, + f"Single region trail {trail_name_eu} is not logging in the last 24h", + ) @mock_cloudtrail @mock_s3 @@ -106,58 +132,61 @@ class Test_cloudtrail_cloudwatch_logging_enabled: Name=trail_name_eu, S3BucketName=bucket_name_eu, IsMultiRegionTrail=False ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( Cloudtrail, ) - current_audit_info.audited_partition = "aws" - current_audit_info.audited_regions = ["eu-west-1", "us-east-1"] - with mock.patch( - "prowler.providers.aws.services.cloudtrail.cloudtrail_cloudwatch_logging_enabled.cloudtrail_cloudwatch_logging_enabled.cloudtrail_client", - new=Cloudtrail(current_audit_info), - ) as service_client: - # Test Check - from prowler.providers.aws.services.cloudtrail.cloudtrail_cloudwatch_logging_enabled.cloudtrail_cloudwatch_logging_enabled import ( - cloudtrail_cloudwatch_logging_enabled, - ) + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=self.set_mocked_audit_info(), + ): + with mock.patch( + "prowler.providers.aws.services.cloudtrail.cloudtrail_cloudwatch_logging_enabled.cloudtrail_cloudwatch_logging_enabled.cloudtrail_client", + new=Cloudtrail(self.set_mocked_audit_info()), + ) as service_client: + # Test Check + from prowler.providers.aws.services.cloudtrail.cloudtrail_cloudwatch_logging_enabled.cloudtrail_cloudwatch_logging_enabled import ( + cloudtrail_cloudwatch_logging_enabled, + ) - for trail in service_client.trails: - if trail.name == trail_name_us: - trail.latest_cloudwatch_delivery_time = datetime.now().replace( - tzinfo=timezone.utc - ) - elif trail.name == trail_name_eu: - trail.latest_cloudwatch_delivery_time = ( - datetime.now() - timedelta(days=2) - ).replace(tzinfo=timezone.utc) + for trail in service_client.trails: + if trail.name == trail_name_us: + trail.latest_cloudwatch_delivery_time = datetime.now().replace( + tzinfo=timezone.utc + ) + elif trail.name == trail_name_eu: + trail.latest_cloudwatch_delivery_time = ( + datetime.now() - timedelta(days=2) + ).replace(tzinfo=timezone.utc) - regions = [] - for region in service_client.regional_clients.keys(): - regions.append(region) + regions = [] + for region in service_client.regional_clients.keys(): + regions.append(region) - check = cloudtrail_cloudwatch_logging_enabled() - result = check.execute() - # len of result should be 3 -> (1 multiregion entry per region + 1 entry because of single region trail) - assert len(result) == 3 - for report in result: - if report.resource_id == trail_name_us: - assert report.resource_id == trail_name_us - assert report.resource_arn == trail_us["TrailARN"] - assert report.status == "PASS" - assert search( - report.status_extended, - f"Multiregion trail {trail_name_us} has been logging the last 24h", - ) - if report.resource_id == trail_name_eu and report.region == "eu-west-1": - assert report.resource_id == trail_name_eu - assert report.resource_arn == trail_eu["TrailARN"] - assert report.status == "FAIL" - assert search( - report.status_extended, - f"Single region trail {trail_name_eu} is not logging in the last 24h", - ) + check = cloudtrail_cloudwatch_logging_enabled() + result = check.execute() + # len of result should be 3 -> (1 multiregion entry per region + 1 entry because of single region trail) + assert len(result) == 3 + for report in result: + if report.resource_id == trail_name_us: + assert report.resource_id == trail_name_us + assert report.resource_arn == trail_us["TrailARN"] + assert report.status == "PASS" + assert search( + report.status_extended, + f"Multiregion trail {trail_name_us} has been logging the last 24h", + ) + if ( + report.resource_id == trail_name_eu + and report.region == "eu-west-1" + ): + assert report.resource_id == trail_name_eu + assert report.resource_arn == trail_eu["TrailARN"] + assert report.status == "FAIL" + assert search( + report.status_extended, + f"Single region trail {trail_name_eu} is not logging in the last 24h", + ) @mock_cloudtrail @mock_s3 @@ -182,53 +211,53 @@ class Test_cloudtrail_cloudwatch_logging_enabled: Name=trail_name_eu, S3BucketName=bucket_name_eu, IsMultiRegionTrail=False ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( Cloudtrail, ) - current_audit_info.audited_partition = "aws" - current_audit_info.audited_regions = ["eu-west-1", "us-east-1"] - with mock.patch( - "prowler.providers.aws.services.cloudtrail.cloudtrail_cloudwatch_logging_enabled.cloudtrail_cloudwatch_logging_enabled.cloudtrail_client", - new=Cloudtrail(current_audit_info), - ) as service_client: - # Test Check - from prowler.providers.aws.services.cloudtrail.cloudtrail_cloudwatch_logging_enabled.cloudtrail_cloudwatch_logging_enabled import ( - cloudtrail_cloudwatch_logging_enabled, - ) + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=self.set_mocked_audit_info(), + ): + with mock.patch( + "prowler.providers.aws.services.cloudtrail.cloudtrail_cloudwatch_logging_enabled.cloudtrail_cloudwatch_logging_enabled.cloudtrail_client", + new=Cloudtrail(self.set_mocked_audit_info()), + ) as service_client: + # Test Check + from prowler.providers.aws.services.cloudtrail.cloudtrail_cloudwatch_logging_enabled.cloudtrail_cloudwatch_logging_enabled import ( + cloudtrail_cloudwatch_logging_enabled, + ) - for trail in service_client.trails: - if trail.name == trail_name_us: - trail.latest_cloudwatch_delivery_time = datetime.now().replace( - tzinfo=timezone.utc - ) - elif trail.name == trail_name_us: - trail.latest_cloudwatch_delivery_time = None + for trail in service_client.trails: + if trail.name == trail_name_us: + trail.latest_cloudwatch_delivery_time = datetime.now().replace( + tzinfo=timezone.utc + ) + elif trail.name == trail_name_us: + trail.latest_cloudwatch_delivery_time = None - regions = [] - for region in service_client.regional_clients.keys(): - regions.append(region) + regions = [] + for region in service_client.regional_clients.keys(): + regions.append(region) - check = cloudtrail_cloudwatch_logging_enabled() - result = check.execute() - # len of result if has to be 2 since we only have 2 single region trails - assert len(result) == 2 - for report in result: - if report.resource_id == trail_name_us: - assert report.resource_id == trail_name_us - assert report.resource_arn == trail_us["TrailARN"] - assert report.status == "PASS" - assert ( - report.status_extended - == f"Single region trail {trail_name_us} has been logging the last 24h" - ) - if report.resource_id == trail_name_eu: - assert report.resource_id == trail_name_eu - assert report.resource_arn == trail_eu["TrailARN"] - assert report.status == "FAIL" - assert ( - report.status_extended - == f"Single region trail {trail_name_eu} is not logging in the last 24h or not configured to deliver logs" - ) + check = cloudtrail_cloudwatch_logging_enabled() + result = check.execute() + # len of result if has to be 2 since we only have 2 single region trails + assert len(result) == 2 + for report in result: + if report.resource_id == trail_name_us: + assert report.resource_id == trail_name_us + assert report.resource_arn == trail_us["TrailARN"] + assert report.status == "PASS" + assert ( + report.status_extended + == f"Single region trail {trail_name_us} has been logging the last 24h" + ) + if report.resource_id == trail_name_eu: + assert report.resource_id == trail_name_eu + assert report.resource_arn == trail_eu["TrailARN"] + assert report.status == "FAIL" + assert ( + report.status_extended + == f"Single region trail {trail_name_eu} is not logging in the last 24h or not configured to deliver logs" + ) diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_insights_exist/cloudtrail_insights_exist_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_insights_exist/cloudtrail_insights_exist_test.py index 53ecff59..3debb85f 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_insights_exist/cloudtrail_insights_exist_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_insights_exist/cloudtrail_insights_exist_test.py @@ -6,7 +6,7 @@ from moto import mock_cloudtrail, mock_s3 from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info from prowler.providers.aws.services.cloudtrail.cloudtrail_service import Cloudtrail -AWS_ACCOUNT_NUMBER = 123456789012 +AWS_ACCOUNT_NUMBER = "123456789012" class Test_cloudtrail_insights_exist: diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_kms_encryption_enabled/cloudtrail_kms_encryption_enabled_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_kms_encryption_enabled/cloudtrail_kms_encryption_enabled_test.py index e1d2b7ce..cfc33884 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_kms_encryption_enabled/cloudtrail_kms_encryption_enabled_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_kms_encryption_enabled/cloudtrail_kms_encryption_enabled_test.py @@ -1,11 +1,37 @@ from re import search from unittest import mock -from boto3 import client +from boto3 import client, session from moto import mock_cloudtrail, mock_kms, mock_s3 +from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info + +AWS_ACCOUNT_NUMBER = "123456789012" + class Test_cloudtrail_kms_encryption_enabled: + def set_mocked_audit_info(self): + audit_info = AWS_Audit_Info( + session_config=None, + original_session=None, + audit_session=session.Session( + profile_name=None, + botocore_session=None, + ), + audited_account=AWS_ACCOUNT_NUMBER, + audited_user_id=None, + audited_partition="aws", + audited_identity_arn=None, + profile=None, + profile_region=None, + credentials=None, + assumed_role_info=None, + audited_regions=["us-east-1", "eu-west-1"], + organizations_metadata=None, + audit_resources=None, + ) + return audit_info + @mock_cloudtrail @mock_s3 def test_trail_no_kms(self): @@ -18,16 +44,16 @@ class Test_cloudtrail_kms_encryption_enabled: Name=trail_name_us, S3BucketName=bucket_name_us, IsMultiRegionTrail=False ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( Cloudtrail, ) - current_audit_info.audited_partition = "aws" - with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=self.set_mocked_audit_info(), + ), mock.patch( "prowler.providers.aws.services.cloudtrail.cloudtrail_kms_encryption_enabled.cloudtrail_kms_encryption_enabled.cloudtrail_client", - new=Cloudtrail(current_audit_info), + new=Cloudtrail(self.set_mocked_audit_info()), ): # Test Check from prowler.providers.aws.services.cloudtrail.cloudtrail_kms_encryption_enabled.cloudtrail_kms_encryption_enabled import ( @@ -64,16 +90,16 @@ class Test_cloudtrail_kms_encryption_enabled: KmsKeyId=key_arn, ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( Cloudtrail, ) - current_audit_info.audited_partition = "aws" - with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=self.set_mocked_audit_info(), + ), mock.patch( "prowler.providers.aws.services.cloudtrail.cloudtrail_kms_encryption_enabled.cloudtrail_kms_encryption_enabled.cloudtrail_client", - new=Cloudtrail(current_audit_info), + new=Cloudtrail(self.set_mocked_audit_info()), ): # Test Check from prowler.providers.aws.services.cloudtrail.cloudtrail_kms_encryption_enabled.cloudtrail_kms_encryption_enabled import ( diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_log_file_validation_enabled/cloudtrail_log_file_validation_enabled_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_log_file_validation_enabled/cloudtrail_log_file_validation_enabled_test.py index 644dc12e..24fe765c 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_log_file_validation_enabled/cloudtrail_log_file_validation_enabled_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_log_file_validation_enabled/cloudtrail_log_file_validation_enabled_test.py @@ -1,11 +1,37 @@ from re import search from unittest import mock -from boto3 import client +from boto3 import client, session from moto import mock_cloudtrail, mock_s3 +from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info + +AWS_ACCOUNT_NUMBER = "123456789012" + class Test_cloudtrail_log_file_validation_enabled: + def set_mocked_audit_info(self): + audit_info = AWS_Audit_Info( + session_config=None, + original_session=None, + audit_session=session.Session( + profile_name=None, + botocore_session=None, + ), + audited_account=AWS_ACCOUNT_NUMBER, + audited_user_id=None, + audited_partition="aws", + audited_identity_arn=None, + profile=None, + profile_region=None, + credentials=None, + assumed_role_info=None, + audited_regions=["us-east-1", "eu-west-1"], + organizations_metadata=None, + audit_resources=None, + ) + return audit_info + @mock_cloudtrail @mock_s3 def test_no_logging_validation(self): @@ -17,16 +43,16 @@ class Test_cloudtrail_log_file_validation_enabled: trail_us = cloudtrail_client_us_east_1.create_trail( Name=trail_name_us, S3BucketName=bucket_name_us, IsMultiRegionTrail=False ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( Cloudtrail, ) - current_audit_info.audited_partition = "aws" - with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=self.set_mocked_audit_info(), + ), mock.patch( "prowler.providers.aws.services.cloudtrail.cloudtrail_log_file_validation_enabled.cloudtrail_log_file_validation_enabled.cloudtrail_client", - new=Cloudtrail(current_audit_info), + new=Cloudtrail(self.set_mocked_audit_info()), ): # Test Check from prowler.providers.aws.services.cloudtrail.cloudtrail_log_file_validation_enabled.cloudtrail_log_file_validation_enabled import ( @@ -68,16 +94,16 @@ class Test_cloudtrail_log_file_validation_enabled: Name=trail_name_eu, S3BucketName=bucket_name_eu, IsMultiRegionTrail=False ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( Cloudtrail, ) - current_audit_info.audited_partition = "aws" - with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=self.set_mocked_audit_info(), + ), mock.patch( "prowler.providers.aws.services.cloudtrail.cloudtrail_log_file_validation_enabled.cloudtrail_log_file_validation_enabled.cloudtrail_client", - new=Cloudtrail(current_audit_info), + new=Cloudtrail(self.set_mocked_audit_info()), ) as service_client: # Test Check from prowler.providers.aws.services.cloudtrail.cloudtrail_log_file_validation_enabled.cloudtrail_log_file_validation_enabled import ( diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_access_logging_enabled/cloudtrail_logs_s3_bucket_access_logging_enabled_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_access_logging_enabled/cloudtrail_logs_s3_bucket_access_logging_enabled_test.py index 4f17086e..99a6d1e2 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_access_logging_enabled/cloudtrail_logs_s3_bucket_access_logging_enabled_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_access_logging_enabled/cloudtrail_logs_s3_bucket_access_logging_enabled_test.py @@ -1,11 +1,37 @@ from re import search from unittest import mock -from boto3 import client +from boto3 import client, session from moto import mock_cloudtrail, mock_s3 +from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info + +AWS_ACCOUNT_NUMBER = "123456789012" + class Test_cloudtrail_logs_s3_bucket_access_logging_enabled: + def set_mocked_audit_info(self): + audit_info = AWS_Audit_Info( + session_config=None, + original_session=None, + audit_session=session.Session( + profile_name=None, + botocore_session=None, + ), + audited_account=AWS_ACCOUNT_NUMBER, + audited_user_id=None, + audited_partition="aws", + audited_identity_arn=None, + profile=None, + profile_region=None, + credentials=None, + assumed_role_info=None, + audited_regions=["us-east-1", "eu-west-1"], + organizations_metadata=None, + audit_resources=None, + ) + return audit_info + @mock_cloudtrail @mock_s3 def test_bucket_not_logging(self): @@ -18,38 +44,37 @@ class Test_cloudtrail_logs_s3_bucket_access_logging_enabled: Name=trail_name_us, S3BucketName=bucket_name_us, IsMultiRegionTrail=False ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( Cloudtrail, ) from prowler.providers.aws.services.s3.s3_service import S3 - current_audit_info.audited_partition = "aws" - with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=self.set_mocked_audit_info(), + ), mock.patch( "prowler.providers.aws.services.cloudtrail.cloudtrail_logs_s3_bucket_access_logging_enabled.cloudtrail_logs_s3_bucket_access_logging_enabled.cloudtrail_client", - new=Cloudtrail(current_audit_info), + new=Cloudtrail(self.set_mocked_audit_info()), + ), mock.patch( + "prowler.providers.aws.services.cloudtrail.cloudtrail_logs_s3_bucket_access_logging_enabled.cloudtrail_logs_s3_bucket_access_logging_enabled.s3_client", + new=S3(self.set_mocked_audit_info()), ): - with mock.patch( - "prowler.providers.aws.services.cloudtrail.cloudtrail_logs_s3_bucket_access_logging_enabled.cloudtrail_logs_s3_bucket_access_logging_enabled.s3_client", - new=S3(current_audit_info), - ): - # Test Check - from prowler.providers.aws.services.cloudtrail.cloudtrail_logs_s3_bucket_access_logging_enabled.cloudtrail_logs_s3_bucket_access_logging_enabled import ( - cloudtrail_logs_s3_bucket_access_logging_enabled, - ) + # Test Check + from prowler.providers.aws.services.cloudtrail.cloudtrail_logs_s3_bucket_access_logging_enabled.cloudtrail_logs_s3_bucket_access_logging_enabled import ( + cloudtrail_logs_s3_bucket_access_logging_enabled, + ) - check = cloudtrail_logs_s3_bucket_access_logging_enabled() - result = check.execute() + check = cloudtrail_logs_s3_bucket_access_logging_enabled() + result = check.execute() - assert len(result) == 1 - assert result[0].status == "FAIL" - assert search( - "S3 bucket access logging is not enabled for bucket", - result[0].status_extended, - ) - assert result[0].resource_id == trail_name_us - assert result[0].resource_arn == trail_us["TrailARN"] + assert len(result) == 1 + assert result[0].status == "FAIL" + assert search( + "S3 bucket access logging is not enabled for bucket", + result[0].status_extended, + ) + assert result[0].resource_id == trail_name_us + assert result[0].resource_arn == trail_us["TrailARN"] @mock_cloudtrail @mock_s3 @@ -83,38 +108,37 @@ class Test_cloudtrail_logs_s3_bucket_access_logging_enabled: }, ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( Cloudtrail, ) from prowler.providers.aws.services.s3.s3_service import S3 - current_audit_info.audited_partition = "aws" - with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=self.set_mocked_audit_info(), + ), mock.patch( "prowler.providers.aws.services.cloudtrail.cloudtrail_logs_s3_bucket_access_logging_enabled.cloudtrail_logs_s3_bucket_access_logging_enabled.cloudtrail_client", - new=Cloudtrail(current_audit_info), + new=Cloudtrail(self.set_mocked_audit_info()), + ), mock.patch( + "prowler.providers.aws.services.cloudtrail.cloudtrail_logs_s3_bucket_access_logging_enabled.cloudtrail_logs_s3_bucket_access_logging_enabled.s3_client", + new=S3(self.set_mocked_audit_info()), ): - with mock.patch( - "prowler.providers.aws.services.cloudtrail.cloudtrail_logs_s3_bucket_access_logging_enabled.cloudtrail_logs_s3_bucket_access_logging_enabled.s3_client", - new=S3(current_audit_info), - ): - # Test Check - from prowler.providers.aws.services.cloudtrail.cloudtrail_logs_s3_bucket_access_logging_enabled.cloudtrail_logs_s3_bucket_access_logging_enabled import ( - cloudtrail_logs_s3_bucket_access_logging_enabled, - ) + # Test Check + from prowler.providers.aws.services.cloudtrail.cloudtrail_logs_s3_bucket_access_logging_enabled.cloudtrail_logs_s3_bucket_access_logging_enabled import ( + cloudtrail_logs_s3_bucket_access_logging_enabled, + ) - check = cloudtrail_logs_s3_bucket_access_logging_enabled() - result = check.execute() + check = cloudtrail_logs_s3_bucket_access_logging_enabled() + result = check.execute() - assert len(result) == 1 - assert result[0].status == "PASS" - assert search( - "S3 bucket access logging is enabled for bucket", - result[0].status_extended, - ) - assert result[0].resource_id == trail_name_us - assert result[0].resource_arn == trail_us["TrailARN"] + assert len(result) == 1 + assert result[0].status == "PASS" + assert search( + "S3 bucket access logging is enabled for bucket", + result[0].status_extended, + ) + assert result[0].resource_id == trail_name_us + assert result[0].resource_arn == trail_us["TrailARN"] @mock_cloudtrail @mock_s3 @@ -128,38 +152,37 @@ class Test_cloudtrail_logs_s3_bucket_access_logging_enabled: Name=trail_name_us, S3BucketName=bucket_name_us, IsMultiRegionTrail=False ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( Cloudtrail, ) from prowler.providers.aws.services.s3.s3_service import S3 - current_audit_info.audited_partition = "aws" - with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=self.set_mocked_audit_info(), + ), mock.patch( "prowler.providers.aws.services.cloudtrail.cloudtrail_logs_s3_bucket_access_logging_enabled.cloudtrail_logs_s3_bucket_access_logging_enabled.cloudtrail_client", - new=Cloudtrail(current_audit_info), - ): - with mock.patch( - "prowler.providers.aws.services.cloudtrail.cloudtrail_logs_s3_bucket_access_logging_enabled.cloudtrail_logs_s3_bucket_access_logging_enabled.s3_client", - new=S3(current_audit_info), - ) as s3_client: - # Test Check - from prowler.providers.aws.services.cloudtrail.cloudtrail_logs_s3_bucket_access_logging_enabled.cloudtrail_logs_s3_bucket_access_logging_enabled import ( - cloudtrail_logs_s3_bucket_access_logging_enabled, - ) + new=Cloudtrail(self.set_mocked_audit_info()), + ), mock.patch( + "prowler.providers.aws.services.cloudtrail.cloudtrail_logs_s3_bucket_access_logging_enabled.cloudtrail_logs_s3_bucket_access_logging_enabled.s3_client", + new=S3(self.set_mocked_audit_info()), + ) as s3_client: + # Test Check + from prowler.providers.aws.services.cloudtrail.cloudtrail_logs_s3_bucket_access_logging_enabled.cloudtrail_logs_s3_bucket_access_logging_enabled import ( + cloudtrail_logs_s3_bucket_access_logging_enabled, + ) - # Empty s3 buckets to simulate the bucket is in another account - s3_client.buckets = [] + # Empty s3 buckets to simulate the bucket is in another account + s3_client.buckets = [] - check = cloudtrail_logs_s3_bucket_access_logging_enabled() - result = check.execute() + check = cloudtrail_logs_s3_bucket_access_logging_enabled() + result = check.execute() - assert len(result) == 1 - assert result[0].status == "FAIL" - assert search( - "in another account out of Prowler's permissions scope, please check it manually", - result[0].status_extended, - ) - assert result[0].resource_id == trail_name_us - assert result[0].resource_arn == trail_us["TrailARN"] + assert len(result) == 1 + assert result[0].status == "FAIL" + assert search( + "in another account out of Prowler's permissions scope, please check it manually", + result[0].status_extended, + ) + assert result[0].resource_id == trail_name_us + assert result[0].resource_arn == trail_us["TrailARN"] diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_is_not_publicly_accessible/cloudtrail_logs_s3_bucket_is_not_publicly_accessible_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_is_not_publicly_accessible/cloudtrail_logs_s3_bucket_is_not_publicly_accessible_test.py index 2ae7c0d4..5c7ff94e 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_is_not_publicly_accessible/cloudtrail_logs_s3_bucket_is_not_publicly_accessible_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_is_not_publicly_accessible/cloudtrail_logs_s3_bucket_is_not_publicly_accessible_test.py @@ -1,11 +1,37 @@ from re import search from unittest import mock -from boto3 import client +from boto3 import client, session from moto import mock_cloudtrail, mock_s3 +from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info + +AWS_ACCOUNT_NUMBER = "123456789012" + class Test_cloudtrail_logs_s3_bucket_is_not_publicly_accessible: + def set_mocked_audit_info(self): + audit_info = AWS_Audit_Info( + session_config=None, + original_session=None, + audit_session=session.Session( + profile_name=None, + botocore_session=None, + ), + audited_account=AWS_ACCOUNT_NUMBER, + audited_user_id=None, + audited_partition="aws", + audited_identity_arn=None, + profile=None, + profile_region=None, + credentials=None, + assumed_role_info=None, + audited_regions=["us-east-1", "eu-west-1"], + organizations_metadata=None, + audit_resources=None, + ) + return audit_info + @mock_cloudtrail @mock_s3 def test_trail_bucket_no_acl(self): @@ -17,38 +43,39 @@ class Test_cloudtrail_logs_s3_bucket_is_not_publicly_accessible: trail_us = cloudtrail_client.create_trail( Name=trail_name_us, S3BucketName=bucket_name_us, IsMultiRegionTrail=False ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info + from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( Cloudtrail, ) from prowler.providers.aws.services.s3.s3_service import S3 - current_audit_info.audited_partition = "aws" - with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=self.set_mocked_audit_info(), + ), mock.patch( "prowler.providers.aws.services.cloudtrail.cloudtrail_logs_s3_bucket_is_not_publicly_accessible.cloudtrail_logs_s3_bucket_is_not_publicly_accessible.cloudtrail_client", - new=Cloudtrail(current_audit_info), + new=Cloudtrail(self.set_mocked_audit_info()), + ), mock.patch( + "prowler.providers.aws.services.cloudtrail.cloudtrail_logs_s3_bucket_is_not_publicly_accessible.cloudtrail_logs_s3_bucket_is_not_publicly_accessible.s3_client", + new=S3(self.set_mocked_audit_info()), ): - with mock.patch( - "prowler.providers.aws.services.cloudtrail.cloudtrail_logs_s3_bucket_access_logging_enabled.cloudtrail_logs_s3_bucket_access_logging_enabled.s3_client", - new=S3(current_audit_info), - ): - # Test Check - from prowler.providers.aws.services.cloudtrail.cloudtrail_logs_s3_bucket_is_not_publicly_accessible.cloudtrail_logs_s3_bucket_is_not_publicly_accessible import ( - cloudtrail_logs_s3_bucket_is_not_publicly_accessible, - ) + # Test Check + from prowler.providers.aws.services.cloudtrail.cloudtrail_logs_s3_bucket_is_not_publicly_accessible.cloudtrail_logs_s3_bucket_is_not_publicly_accessible import ( + cloudtrail_logs_s3_bucket_is_not_publicly_accessible, + ) - check = cloudtrail_logs_s3_bucket_is_not_publicly_accessible() - result = check.execute() + check = cloudtrail_logs_s3_bucket_is_not_publicly_accessible() + result = check.execute() - assert len(result) == 1 - assert result[0].status == "PASS" - assert result[0].resource_id == trail_name_us - assert result[0].resource_arn == trail_us["TrailARN"] - assert search( - result[0].status_extended, - f"S3 Bucket {bucket_name_us} from single region trail {trail_name_us} is not publicly accessible", - ) + assert len(result) == 1 + assert result[0].status == "PASS" + assert result[0].resource_id == trail_name_us + + assert result[0].resource_arn == trail_us["TrailARN"] + assert search( + result[0].status_extended, + f"S3 Bucket {bucket_name_us} from single region trail {trail_name_us} is not publicly accessible", + ) @mock_cloudtrail @mock_s3 @@ -81,38 +108,37 @@ class Test_cloudtrail_logs_s3_bucket_is_not_publicly_accessible: Name=trail_name_us, S3BucketName=bucket_name_us, IsMultiRegionTrail=False ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( Cloudtrail, ) from prowler.providers.aws.services.s3.s3_service import S3 - current_audit_info.audited_partition = "aws" - with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=self.set_mocked_audit_info(), + ), mock.patch( "prowler.providers.aws.services.cloudtrail.cloudtrail_logs_s3_bucket_is_not_publicly_accessible.cloudtrail_logs_s3_bucket_is_not_publicly_accessible.cloudtrail_client", - new=Cloudtrail(current_audit_info), + new=Cloudtrail(self.set_mocked_audit_info()), + ), mock.patch( + "prowler.providers.aws.services.cloudtrail.cloudtrail_logs_s3_bucket_is_not_publicly_accessible.cloudtrail_logs_s3_bucket_is_not_publicly_accessible.s3_client", + new=S3(self.set_mocked_audit_info()), ): - with mock.patch( - "prowler.providers.aws.services.cloudtrail.cloudtrail_logs_s3_bucket_is_not_publicly_accessible.cloudtrail_logs_s3_bucket_is_not_publicly_accessible.s3_client", - new=S3(current_audit_info), - ): - # Test Check - from prowler.providers.aws.services.cloudtrail.cloudtrail_logs_s3_bucket_is_not_publicly_accessible.cloudtrail_logs_s3_bucket_is_not_publicly_accessible import ( - cloudtrail_logs_s3_bucket_is_not_publicly_accessible, - ) + # Test Check + from prowler.providers.aws.services.cloudtrail.cloudtrail_logs_s3_bucket_is_not_publicly_accessible.cloudtrail_logs_s3_bucket_is_not_publicly_accessible import ( + cloudtrail_logs_s3_bucket_is_not_publicly_accessible, + ) - check = cloudtrail_logs_s3_bucket_is_not_publicly_accessible() - result = check.execute() + check = cloudtrail_logs_s3_bucket_is_not_publicly_accessible() + result = check.execute() - assert len(result) == 1 - assert result[0].status == "FAIL" - assert result[0].resource_id == trail_name_us - assert result[0].resource_arn == trail_us["TrailARN"] - assert search( - result[0].status_extended, - f"S3 Bucket {bucket_name_us} from single region trail {trail_name_us} is publicly accessible", - ) + assert len(result) == 1 + assert result[0].status == "FAIL" + assert result[0].resource_id == trail_name_us + assert result[0].resource_arn == trail_us["TrailARN"] + assert search( + result[0].status_extended, + f"S3 Bucket {bucket_name_us} from single region trail {trail_name_us} is publicly accessible", + ) @mock_cloudtrail @mock_s3 @@ -144,38 +170,37 @@ class Test_cloudtrail_logs_s3_bucket_is_not_publicly_accessible: }, Bucket=bucket_name_us, ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( Cloudtrail, ) from prowler.providers.aws.services.s3.s3_service import S3 - current_audit_info.audited_partition = "aws" - with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=self.set_mocked_audit_info(), + ), mock.patch( "prowler.providers.aws.services.cloudtrail.cloudtrail_logs_s3_bucket_is_not_publicly_accessible.cloudtrail_logs_s3_bucket_is_not_publicly_accessible.cloudtrail_client", - new=Cloudtrail(current_audit_info), + new=Cloudtrail(self.set_mocked_audit_info()), + ), mock.patch( + "prowler.providers.aws.services.cloudtrail.cloudtrail_logs_s3_bucket_is_not_publicly_accessible.cloudtrail_logs_s3_bucket_is_not_publicly_accessible.s3_client", + new=S3(self.set_mocked_audit_info()), ): - with mock.patch( - "prowler.providers.aws.services.cloudtrail.cloudtrail_logs_s3_bucket_is_not_publicly_accessible.cloudtrail_logs_s3_bucket_is_not_publicly_accessible.s3_client", - new=S3(current_audit_info), - ): - # Test Check - from prowler.providers.aws.services.cloudtrail.cloudtrail_logs_s3_bucket_is_not_publicly_accessible.cloudtrail_logs_s3_bucket_is_not_publicly_accessible import ( - cloudtrail_logs_s3_bucket_is_not_publicly_accessible, - ) + # Test Check + from prowler.providers.aws.services.cloudtrail.cloudtrail_logs_s3_bucket_is_not_publicly_accessible.cloudtrail_logs_s3_bucket_is_not_publicly_accessible import ( + cloudtrail_logs_s3_bucket_is_not_publicly_accessible, + ) - check = cloudtrail_logs_s3_bucket_is_not_publicly_accessible() - result = check.execute() + check = cloudtrail_logs_s3_bucket_is_not_publicly_accessible() + result = check.execute() - assert len(result) == 1 - assert result[0].status == "PASS" - assert result[0].resource_id == trail_name_us - assert result[0].resource_arn == trail_us["TrailARN"] - assert search( - result[0].status_extended, - f"S3 Bucket {bucket_name_us} from single region trail {trail_name_us} is not publicly accessible", - ) + assert len(result) == 1 + assert result[0].status == "PASS" + assert result[0].resource_id == trail_name_us + assert result[0].resource_arn == trail_us["TrailARN"] + assert search( + result[0].status_extended, + f"S3 Bucket {bucket_name_us} from single region trail {trail_name_us} is not publicly accessible", + ) @mock_cloudtrail @mock_s3 @@ -189,38 +214,37 @@ class Test_cloudtrail_logs_s3_bucket_is_not_publicly_accessible: Name=trail_name_us, S3BucketName=bucket_name_us, IsMultiRegionTrail=False ) - from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info from prowler.providers.aws.services.cloudtrail.cloudtrail_service import ( Cloudtrail, ) from prowler.providers.aws.services.s3.s3_service import S3 - current_audit_info.audited_partition = "aws" - with mock.patch( + "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", + new=self.set_mocked_audit_info(), + ), mock.patch( "prowler.providers.aws.services.cloudtrail.cloudtrail_logs_s3_bucket_is_not_publicly_accessible.cloudtrail_logs_s3_bucket_is_not_publicly_accessible.cloudtrail_client", - new=Cloudtrail(current_audit_info), - ): - with mock.patch( - "prowler.providers.aws.services.cloudtrail.cloudtrail_logs_s3_bucket_is_not_publicly_accessible.cloudtrail_logs_s3_bucket_is_not_publicly_accessible.s3_client", - new=S3(current_audit_info), - ) as s3_client: - # Test Check - from prowler.providers.aws.services.cloudtrail.cloudtrail_logs_s3_bucket_is_not_publicly_accessible.cloudtrail_logs_s3_bucket_is_not_publicly_accessible import ( - cloudtrail_logs_s3_bucket_is_not_publicly_accessible, - ) + new=Cloudtrail(self.set_mocked_audit_info()), + ), mock.patch( + "prowler.providers.aws.services.cloudtrail.cloudtrail_logs_s3_bucket_is_not_publicly_accessible.cloudtrail_logs_s3_bucket_is_not_publicly_accessible.s3_client", + new=S3(self.set_mocked_audit_info()), + ) as s3_client: + # Test Check + from prowler.providers.aws.services.cloudtrail.cloudtrail_logs_s3_bucket_is_not_publicly_accessible.cloudtrail_logs_s3_bucket_is_not_publicly_accessible import ( + cloudtrail_logs_s3_bucket_is_not_publicly_accessible, + ) - # Empty s3 buckets to simulate the bucket is in another account - s3_client.buckets = [] + # Empty s3 buckets to simulate the bucket is in another account + s3_client.buckets = [] - check = cloudtrail_logs_s3_bucket_is_not_publicly_accessible() - result = check.execute() + check = cloudtrail_logs_s3_bucket_is_not_publicly_accessible() + result = check.execute() - assert len(result) == 1 - assert result[0].status == "PASS" - assert result[0].resource_id == trail_name_us - assert result[0].resource_arn == trail_us["TrailARN"] - assert search( - "is a cross-account bucket in another account out of Prowler's permissions scope", - result[0].status_extended, - ) + assert len(result) == 1 + assert result[0].status == "PASS" + assert result[0].resource_id == trail_name_us + assert result[0].resource_arn == trail_us["TrailARN"] + assert search( + "is a cross-account bucket in another account out of Prowler's permissions scope", + result[0].status_extended, + ) diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled/cloudtrail_multi_region_enabled_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled/cloudtrail_multi_region_enabled_test.py index e021a18e..a05524c3 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled/cloudtrail_multi_region_enabled_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled/cloudtrail_multi_region_enabled_test.py @@ -7,7 +7,7 @@ from moto import mock_cloudtrail, mock_s3 from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info from prowler.providers.aws.services.cloudtrail.cloudtrail_service import Trail -AWS_ACCOUNT_NUMBER = 123456789012 +AWS_ACCOUNT_NUMBER = "123456789012" class Test_cloudtrail_multi_region_enabled: diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_read_enabled/cloudtrail_s3_dataevents_read_enabled_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_read_enabled/cloudtrail_s3_dataevents_read_enabled_test.py index 6f5bf179..e2909eb0 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_read_enabled/cloudtrail_s3_dataevents_read_enabled_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_read_enabled/cloudtrail_s3_dataevents_read_enabled_test.py @@ -6,7 +6,7 @@ from moto import mock_cloudtrail, mock_s3 from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info -AWS_ACCOUNT_NUMBER = 123456789012 +AWS_ACCOUNT_NUMBER = "123456789012" class Test_cloudtrail_s3_dataevents_read_enabled: diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_write_enabled/cloudtrail_s3_dataevents_write_enabled_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_write_enabled/cloudtrail_s3_dataevents_write_enabled_test.py index ebf717fa..42ed177e 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_write_enabled/cloudtrail_s3_dataevents_write_enabled_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_write_enabled/cloudtrail_s3_dataevents_write_enabled_test.py @@ -6,7 +6,7 @@ from moto import mock_cloudtrail, mock_s3 from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info -AWS_ACCOUNT_NUMBER = 123456789012 +AWS_ACCOUNT_NUMBER = "123456789012" class Test_cloudtrail_s3_dataevents_write_enabled: diff --git a/tests/providers/aws/services/cloudwatch/cloudwatch_service_test.py b/tests/providers/aws/services/cloudwatch/cloudwatch_service_test.py index 57ed549c..439d1552 100644 --- a/tests/providers/aws/services/cloudwatch/cloudwatch_service_test.py +++ b/tests/providers/aws/services/cloudwatch/cloudwatch_service_test.py @@ -5,7 +5,7 @@ from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info from prowler.providers.aws.services.cloudwatch.cloudwatch_service import CloudWatch from prowler.providers.common.models import Audit_Metadata -AWS_ACCOUNT_NUMBER = 123456789012 +AWS_ACCOUNT_NUMBER = "123456789012" AWS_REGION = "us-east-1" diff --git a/tests/providers/aws/services/codebuild/codebuild_service_test.py b/tests/providers/aws/services/codebuild/codebuild_service_test.py index e00494d3..dd47d7d6 100644 --- a/tests/providers/aws/services/codebuild/codebuild_service_test.py +++ b/tests/providers/aws/services/codebuild/codebuild_service_test.py @@ -10,7 +10,7 @@ from prowler.providers.aws.services.codebuild.codebuild_service import Codebuild # Mock Test Region AWS_REGION = "eu-west-1" -AWS_ACCOUNT_NUMBER = 123456789012 +AWS_ACCOUNT_NUMBER = "123456789012" # last time invoked time last_invoked_time = datetime.now() - timedelta(days=2) diff --git a/tests/providers/aws/services/config/config_service_test.py b/tests/providers/aws/services/config/config_service_test.py index ac8a7eb0..11386a49 100644 --- a/tests/providers/aws/services/config/config_service_test.py +++ b/tests/providers/aws/services/config/config_service_test.py @@ -4,7 +4,7 @@ from moto import mock_config from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info from prowler.providers.aws.services.config.config_service import Config -AWS_ACCOUNT_NUMBER = 123456789012 +AWS_ACCOUNT_NUMBER = "123456789012" AWS_REGION = "us-east-1" diff --git a/tests/providers/aws/services/dynamodb/dynamodb_service_test.py b/tests/providers/aws/services/dynamodb/dynamodb_service_test.py index 45db3802..509929c2 100644 --- a/tests/providers/aws/services/dynamodb/dynamodb_service_test.py +++ b/tests/providers/aws/services/dynamodb/dynamodb_service_test.py @@ -4,7 +4,7 @@ from moto import mock_dax, mock_dynamodb from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info from prowler.providers.aws.services.dynamodb.dynamodb_service import DAX, DynamoDB -AWS_ACCOUNT_NUMBER = 123456789012 +AWS_ACCOUNT_NUMBER = "123456789012" AWS_REGION = "us-east-1" diff --git a/tests/providers/aws/services/ec2/ec2_service_test.py b/tests/providers/aws/services/ec2/ec2_service_test.py index 94485b50..c6262287 100644 --- a/tests/providers/aws/services/ec2/ec2_service_test.py +++ b/tests/providers/aws/services/ec2/ec2_service_test.py @@ -11,7 +11,7 @@ from moto import mock_ec2 from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info from prowler.providers.aws.services.ec2.ec2_service import EC2 -AWS_ACCOUNT_NUMBER = 123456789012 +AWS_ACCOUNT_NUMBER = "123456789012" AWS_REGION = "us-east-1" EXAMPLE_AMI_ID = "ami-12c6146b" MOCK_DATETIME = datetime(2023, 1, 4, 7, 27, 30, tzinfo=tzutc()) diff --git a/tests/providers/aws/services/ecr/ecr_service_test.py b/tests/providers/aws/services/ecr/ecr_service_test.py index 8d0622e4..cd6ab939 100644 --- a/tests/providers/aws/services/ecr/ecr_service_test.py +++ b/tests/providers/aws/services/ecr/ecr_service_test.py @@ -7,7 +7,7 @@ from moto import mock_ecr from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info from prowler.providers.aws.services.ecr.ecr_service import ECR -AWS_ACCOUNT_NUMBER = 123456789012 +AWS_ACCOUNT_NUMBER = "123456789012" AWS_REGION = "eu-west-1" repo_arn = f"arn:aws:ecr:eu-west-1:{AWS_ACCOUNT_NUMBER}:repository/test-repo" diff --git a/tests/providers/aws/services/ecs/ecs_service_test.py b/tests/providers/aws/services/ecs/ecs_service_test.py index 6e53c067..a2024cb0 100644 --- a/tests/providers/aws/services/ecs/ecs_service_test.py +++ b/tests/providers/aws/services/ecs/ecs_service_test.py @@ -6,7 +6,7 @@ from moto import mock_ecs from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info from prowler.providers.aws.services.ecs.ecs_service import ECS -AWS_ACCOUNT_NUMBER = 123456789012 +AWS_ACCOUNT_NUMBER = "123456789012" AWS_REGION = "eu-west-1" diff --git a/tests/providers/aws/services/eks/eks_service_test.py b/tests/providers/aws/services/eks/eks_service_test.py index 437f0d67..089bd39f 100644 --- a/tests/providers/aws/services/eks/eks_service_test.py +++ b/tests/providers/aws/services/eks/eks_service_test.py @@ -6,7 +6,7 @@ from moto import mock_ec2, mock_eks from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info from prowler.providers.aws.services.eks.eks_service import EKS -AWS_ACCOUNT_NUMBER = 123456789012 +AWS_ACCOUNT_NUMBER = "123456789012" AWS_REGION = "eu-west-1" cluster_name = "test" diff --git a/tests/providers/aws/services/elb/elb_service_test.py b/tests/providers/aws/services/elb/elb_service_test.py index 7e9b2442..0e397448 100644 --- a/tests/providers/aws/services/elb/elb_service_test.py +++ b/tests/providers/aws/services/elb/elb_service_test.py @@ -4,7 +4,7 @@ from moto import mock_ec2, mock_elb from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info from prowler.providers.aws.services.elb.elb_service import ELB -AWS_ACCOUNT_NUMBER = 123456789012 +AWS_ACCOUNT_NUMBER = "123456789012" AWS_REGION = "us-east-1" diff --git a/tests/providers/aws/services/elbv2/elbv2_service_test.py b/tests/providers/aws/services/elbv2/elbv2_service_test.py index f4242c22..df54d2be 100644 --- a/tests/providers/aws/services/elbv2/elbv2_service_test.py +++ b/tests/providers/aws/services/elbv2/elbv2_service_test.py @@ -4,7 +4,7 @@ from moto import mock_ec2, mock_elbv2 from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info from prowler.providers.aws.services.elbv2.elbv2_service import ELBv2 -AWS_ACCOUNT_NUMBER = 123456789012 +AWS_ACCOUNT_NUMBER = "123456789012" AWS_REGION = "us-east-1" diff --git a/tests/providers/aws/services/glue/glue_service_test.py b/tests/providers/aws/services/glue/glue_service_test.py index af314818..1fb15f1e 100644 --- a/tests/providers/aws/services/glue/glue_service_test.py +++ b/tests/providers/aws/services/glue/glue_service_test.py @@ -7,7 +7,7 @@ from moto import mock_glue from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info from prowler.providers.aws.services.glue.glue_service import Glue -AWS_ACCOUNT_NUMBER = 123456789012 +AWS_ACCOUNT_NUMBER = "123456789012" AWS_REGION = "us-east-1" # Mocking Access Analyzer Calls diff --git a/tests/providers/aws/services/guardduty/guardduty_service_test.py b/tests/providers/aws/services/guardduty/guardduty_service_test.py index 08f50055..4a6a6afc 100644 --- a/tests/providers/aws/services/guardduty/guardduty_service_test.py +++ b/tests/providers/aws/services/guardduty/guardduty_service_test.py @@ -7,7 +7,7 @@ from moto import mock_guardduty from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info from prowler.providers.aws.services.guardduty.guardduty_service import GuardDuty -AWS_ACCOUNT_NUMBER = 123456789012 +AWS_ACCOUNT_NUMBER = "123456789012" AWS_REGION = "eu-west-1" make_api_call = botocore.client.BaseClient._make_api_call diff --git a/tests/providers/aws/services/iam/iam_service_test.py b/tests/providers/aws/services/iam/iam_service_test.py index 9352a19b..20e0b6f1 100644 --- a/tests/providers/aws/services/iam/iam_service_test.py +++ b/tests/providers/aws/services/iam/iam_service_test.py @@ -7,7 +7,7 @@ from moto import mock_iam from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info from prowler.providers.aws.services.iam.iam_service import IAM, is_service_role -AWS_ACCOUNT_NUMBER = 123456789012 +AWS_ACCOUNT_NUMBER = "123456789012" TEST_DATETIME = "2023-01-01T12:01:01+00:00" diff --git a/tests/providers/aws/services/kms/kms_service_test.py b/tests/providers/aws/services/kms/kms_service_test.py index 93a8bc7e..ed60d59a 100644 --- a/tests/providers/aws/services/kms/kms_service_test.py +++ b/tests/providers/aws/services/kms/kms_service_test.py @@ -6,7 +6,7 @@ from moto import mock_kms from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info from prowler.providers.aws.services.kms.kms_service import KMS -AWS_ACCOUNT_NUMBER = 123456789012 +AWS_ACCOUNT_NUMBER = "123456789012" AWS_REGION = "us-east-1" diff --git a/tests/providers/aws/services/opensearch/opensearch_service_test.py b/tests/providers/aws/services/opensearch/opensearch_service_test.py index 87544112..0fc0b445 100644 --- a/tests/providers/aws/services/opensearch/opensearch_service_test.py +++ b/tests/providers/aws/services/opensearch/opensearch_service_test.py @@ -9,7 +9,7 @@ from prowler.providers.aws.services.opensearch.opensearch_service import ( OpenSearchService, ) -AWS_ACCOUNT_NUMBER = 123456789012 +AWS_ACCOUNT_NUMBER = "123456789012" AWS_REGION = "eu-west-1" test_domain_name = "test" diff --git a/tests/providers/aws/services/rds/rds_service_test.py b/tests/providers/aws/services/rds/rds_service_test.py index f53705ff..d19403ff 100644 --- a/tests/providers/aws/services/rds/rds_service_test.py +++ b/tests/providers/aws/services/rds/rds_service_test.py @@ -4,7 +4,7 @@ from moto import mock_rds from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info from prowler.providers.aws.services.rds.rds_service import RDS -AWS_ACCOUNT_NUMBER = 123456789012 +AWS_ACCOUNT_NUMBER = "123456789012" AWS_REGION = "us-east-1" diff --git a/tests/providers/aws/services/redshift/redshift_service_test.py b/tests/providers/aws/services/redshift/redshift_service_test.py index f20d6ec7..bd0c38ff 100644 --- a/tests/providers/aws/services/redshift/redshift_service_test.py +++ b/tests/providers/aws/services/redshift/redshift_service_test.py @@ -8,7 +8,7 @@ from moto import mock_redshift from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info from prowler.providers.aws.services.redshift.redshift_service import Redshift -AWS_ACCOUNT_NUMBER = 123456789012 +AWS_ACCOUNT_NUMBER = "123456789012" AWS_REGION = "eu-west-1" topic_name = "test-topic" diff --git a/tests/providers/aws/services/sagemaker/sagemaker_service_test.py b/tests/providers/aws/services/sagemaker/sagemaker_service_test.py index 6808d2d7..01229e71 100644 --- a/tests/providers/aws/services/sagemaker/sagemaker_service_test.py +++ b/tests/providers/aws/services/sagemaker/sagemaker_service_test.py @@ -7,7 +7,7 @@ from boto3 import session from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info from prowler.providers.aws.services.sagemaker.sagemaker_service import SageMaker -AWS_ACCOUNT_NUMBER = 123456789012 +AWS_ACCOUNT_NUMBER = "123456789012" AWS_REGION = "eu-west-1" test_notebook_instance = "test-notebook-instance" diff --git a/tests/providers/aws/services/sns/sns_service_test.py b/tests/providers/aws/services/sns/sns_service_test.py index b6922de9..02111903 100644 --- a/tests/providers/aws/services/sns/sns_service_test.py +++ b/tests/providers/aws/services/sns/sns_service_test.py @@ -9,7 +9,7 @@ from moto import mock_sns from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info from prowler.providers.aws.services.sns.sns_service import SNS -AWS_ACCOUNT_NUMBER = 123456789012 +AWS_ACCOUNT_NUMBER = "123456789012" AWS_REGION = "eu-west-1" topic_name = "test-topic" diff --git a/tests/providers/aws/services/sqs/sqs_service_test.py b/tests/providers/aws/services/sqs/sqs_service_test.py index 80b6194c..5d539245 100644 --- a/tests/providers/aws/services/sqs/sqs_service_test.py +++ b/tests/providers/aws/services/sqs/sqs_service_test.py @@ -9,7 +9,7 @@ from moto import mock_sqs from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info from prowler.providers.aws.services.sqs.sqs_service import SQS -AWS_ACCOUNT_NUMBER = 123456789012 +AWS_ACCOUNT_NUMBER = "123456789012" AWS_REGION = "eu-west-1" test_queue = "test-queue" diff --git a/tests/providers/aws/services/trustedadvisor/trustedadvisor_service_test.py b/tests/providers/aws/services/trustedadvisor/trustedadvisor_service_test.py index 2d63c6e7..542769ae 100644 --- a/tests/providers/aws/services/trustedadvisor/trustedadvisor_service_test.py +++ b/tests/providers/aws/services/trustedadvisor/trustedadvisor_service_test.py @@ -9,7 +9,7 @@ from prowler.providers.aws.services.trustedadvisor.trustedadvisor_service import TrustedAdvisor, ) -AWS_ACCOUNT_NUMBER = 123456789012 +AWS_ACCOUNT_NUMBER = "123456789012" AWS_REGION = "us-east-1" make_api_call = botocore.client.BaseClient._make_api_call diff --git a/tests/providers/aws/services/vpc/vpc_service_test.py b/tests/providers/aws/services/vpc/vpc_service_test.py index 6ea4fbe6..82405145 100644 --- a/tests/providers/aws/services/vpc/vpc_service_test.py +++ b/tests/providers/aws/services/vpc/vpc_service_test.py @@ -6,7 +6,7 @@ from moto import mock_ec2, mock_elbv2 from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info from prowler.providers.aws.services.vpc.vpc_service import VPC, Route -AWS_ACCOUNT_NUMBER = 123456789012 +AWS_ACCOUNT_NUMBER = "123456789012" AWS_REGION = "us-east-1" diff --git a/tests/providers/aws/services/waf/waf_service_test.py b/tests/providers/aws/services/waf/waf_service_test.py index 67213381..6e954b26 100644 --- a/tests/providers/aws/services/waf/waf_service_test.py +++ b/tests/providers/aws/services/waf/waf_service_test.py @@ -6,7 +6,7 @@ from boto3 import session from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info from prowler.providers.aws.services.waf.waf_service import WAF -AWS_ACCOUNT_NUMBER = 123456789012 +AWS_ACCOUNT_NUMBER = "123456789012" AWS_REGION = "us-east-1" # Mocking WAF-Regional Calls diff --git a/tests/providers/aws/services/wafv2/wafv2_service_test.py b/tests/providers/aws/services/wafv2/wafv2_service_test.py index f580b411..a70a486b 100644 --- a/tests/providers/aws/services/wafv2/wafv2_service_test.py +++ b/tests/providers/aws/services/wafv2/wafv2_service_test.py @@ -4,7 +4,7 @@ from moto import mock_ec2, mock_elbv2, mock_wafv2 from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info from prowler.providers.aws.services.wafv2.wafv2_service import WAFv2 -AWS_ACCOUNT_NUMBER = 123456789012 +AWS_ACCOUNT_NUMBER = "123456789012" AWS_REGION = "us-east-1" diff --git a/tests/providers/aws/services/workspaces/workspaces_service_test.py b/tests/providers/aws/services/workspaces/workspaces_service_test.py index 67c2a5be..5a851dd9 100644 --- a/tests/providers/aws/services/workspaces/workspaces_service_test.py +++ b/tests/providers/aws/services/workspaces/workspaces_service_test.py @@ -7,7 +7,7 @@ from boto3 import session from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info from prowler.providers.aws.services.workspaces.workspaces_service import WorkSpaces -AWS_ACCOUNT_NUMBER = 123456789012 +AWS_ACCOUNT_NUMBER = "123456789012" AWS_REGION = "eu-west-1"