feat(unix timestamp): add unix timestamp to outputs (#2813)

2026-02-10 14:55:00 +00:00 · 2023-09-07 09:14:02 +02:00
parent 9f0c830511
commit 30ba6029f5
10 changed files with 209 additions and 17 deletions
--- a/tests/lib/cli/parser_test.py
+++ b/tests/lib/cli/parser_test.py
@@ -44,6 +44,7 @@ class Test_Parser:
        assert not parsed.verbose
        assert not parsed.no_banner
        assert not parsed.slack
+        assert not parsed.unix_timestamp
        assert parsed.log_level == "CRITICAL"
        assert not parsed.log_file
        assert not parsed.only_logs
@@ -90,6 +91,7 @@ class Test_Parser:
        assert not parsed.verbose
        assert not parsed.no_banner
        assert not parsed.slack
+        assert not parsed.unix_timestamp
        assert parsed.log_level == "CRITICAL"
        assert not parsed.log_file
        assert not parsed.only_logs
@@ -128,6 +130,7 @@ class Test_Parser:
        assert not parsed.verbose
        assert not parsed.no_banner
        assert not parsed.slack
+        assert not parsed.unix_timestamp
        assert parsed.log_level == "CRITICAL"
        assert not parsed.log_file
        assert not parsed.only_logs
@@ -287,6 +290,11 @@ class Test_Parser:
        parsed = self.parser.parse(command)
        assert parsed.slack

+    def test_root_parser_unix_timestamp(self):
+        command = [prowler_command, "--unix-timestamp"]
+        parsed = self.parser.parse(command)
+        assert parsed.unix_timestamp
+
    def test_logging_parser_only_logs_set(self):
        command = [prowler_command, "--only-logs"]
        parsed = self.parser.parse(command)
--- a/tests/lib/outputs/outputs_test.py
+++ b/tests/lib/outputs/outputs_test.py
@@ -1,5 +1,6 @@
 import os
 from os import path, remove
+from time import mktime
 from unittest import mock

 import boto3
@@ -973,7 +974,7 @@ class Test_Outputs:
                == expected
            )

-    def test_fill_json_ocsf(self):
+    def test_fill_json_ocsf_iso_format_timestamp(self):
        input_audit_info = AWS_Audit_Info(
            session_config=None,
            original_session=None,
@@ -1098,6 +1099,135 @@ class Test_Outputs:
            class_name="Security Finding",
        )
        output_options = mock.MagicMock()
+        output_options.unix_timestamp = False
+        assert fill_json_ocsf(input_audit_info, finding, output_options) == expected
+
+    def test_fill_json_ocsf_unix_timestamp(self):
+        input_audit_info = AWS_Audit_Info(
+            session_config=None,
+            original_session=None,
+            audit_session=None,
+            audited_account=AWS_ACCOUNT_ID,
+            audited_account_arn=f"arn:aws:iam::{AWS_ACCOUNT_ID}:root",
+            audited_identity_arn="test-arn",
+            audited_user_id="test",
+            audited_partition="aws",
+            profile="default",
+            profile_region="eu-west-1",
+            credentials=None,
+            assumed_role_info=None,
+            audited_regions=["eu-west-2", "eu-west-1"],
+            organizations_metadata=None,
+            audit_resources=None,
+            mfa_enabled=False,
+            audit_metadata=Audit_Metadata(
+                services_scanned=0,
+                expected_checks=[],
+                completed_checks=0,
+                audit_progress=0,
+            ),
+        )
+        finding = Check_Report(
+            load_check_metadata(
+                f"{path.dirname(path.realpath(__file__))}/fixtures/metadata.json"
+            ).json()
+        )
+        finding.resource_details = "Test resource details"
+        finding.resource_id = "test-resource"
+        finding.resource_arn = "test-arn"
+        finding.region = "eu-west-1"
+        finding.status = "PASS"
+        finding.status_extended = "This is a test"
+
+        expected = Check_Output_JSON_OCSF(
+            finding=Finding(
+                title="Ensure credentials unused for 30 days or greater are disabled",
+                desc="Ensure credentials unused for 30 days or greater are disabled",
+                supporting_data={
+                    "Risk": "Risk associated.",
+                    "Notes": "additional information",
+                },
+                remediation=Remediation_OCSF(
+                    kb_articles=[
+                        "code or URL to the code location.",
+                        "code or URL to the code location.",
+                        "cli command or URL to the cli command location.",
+                        "cli command or URL to the cli command location.",
+                        "https://myfp.com/recommendations/dangerous_things_and_how_to_fix_them.html",
+                    ],
+                    desc="Run sudo yum update and cross your fingers and toes.",
+                ),
+                types=["Software and Configuration Checks"],
+                src_url="https://serviceofficialsiteorpageforthissubject",
+                uid="prowler-aws-iam_disable_30_days_credentials-123456789012-eu-west-1-test-resource",
+                related_events=[
+                    "othercheck1",
+                    "othercheck2",
+                    "othercheck3",
+                    "othercheck4",
+                ],
+            ),
+            resources=[
+                Resources(
+                    group=Group(name="iam"),
+                    region="eu-west-1",
+                    name="test-resource",
+                    uid="test-arn",
+                    labels=[],
+                    type="AwsIamAccessAnalyzer",
+                    details="Test resource details",
+                )
+            ],
+            status_detail="This is a test",
+            compliance=Compliance_OCSF(
+                status="Success", requirements=[], status_detail="This is a test"
+            ),
+            message="This is a test",
+            severity_id=2,
+            severity="Low",
+            cloud=Cloud(
+                account=Account(name="", uid="123456789012"),
+                region="eu-west-1",
+                org=Organization(uid="", name=""),
+                provider="aws",
+                project_uid="",
+            ),
+            time=mktime(timestamp.timetuple()),
+            metadata=Metadata(
+                original_time=mktime(timestamp.timetuple()),
+                profiles=["default"],
+                product=Product(
+                    language="en",
+                    name="Prowler",
+                    version=prowler_version,
+                    vendor_name="Prowler/ProwlerPro",
+                    feature=Feature(
+                        name="iam_disable_30_days_credentials",
+                        uid="iam_disable_30_days_credentials",
+                        version=prowler_version,
+                    ),
+                ),
+                version="1.0.0-rc.3",
+            ),
+            state_id=0,
+            state="New",
+            status_id=1,
+            status="Success",
+            type_uid=200101,
+            type_name="Security Finding: Create",
+            impact_id=0,
+            impact="Unknown",
+            confidence_id=0,
+            confidence="Unknown",
+            activity_id=1,
+            activity_name="Create",
+            category_uid=2,
+            category_name="Findings",
+            class_uid=2001,
+            class_name="Security Finding",
+        )
+        output_options = mock.MagicMock()
+        output_options.unix_timestamp = True
        assert fill_json_ocsf(input_audit_info, finding, output_options) == expected

    def test_extract_findings_statistics_different_resources(self):
--- a/tests/lib/utils/utils_test.py
+++ b/tests/lib/utils/utils_test.py
@@ -1,7 +1,18 @@
-from prowler.lib.utils.utils import validate_ip_address
+from datetime import datetime
+from time import mktime
+
+from prowler.lib.utils.utils import outputs_unix_timestamp, validate_ip_address


-class Test_Validate_Ip_Address:
+class Test_utils:
    def test_validate_ip_address(self):
        assert validate_ip_address("88.26.151.198")
        assert not validate_ip_address("Not an IP")
+
+    def test_outputs_unix_timestamp_false(self):
+        time = datetime.now()
+        assert outputs_unix_timestamp(False, time) == time.isoformat()
+
+    def test_outputs_unix_timestamp_true(self):
+        time = datetime.now()
+        assert outputs_unix_timestamp(True, time) == mktime(time.timetuple())