From 386f558eae2a8b80931e2b9ce97fd1f70be350e6 Mon Sep 17 00:00:00 2001
From: Pepe Fagoaga <pepe@verica.io>
Date: Mon, 31 Jul 2023 10:33:34 +0200
Subject: [PATCH] fix(ec2_instance_secrets_user_data): Include line numbers in
 status (#2639)

---
 .../ec2_instance_secrets_user_data.py            | 14 ++++++++++++--
 .../ec2_instance_secrets_user_data_test.py       | 16 ++++++++++++++--
 2 files changed, 26 insertions(+), 4 deletions(-)

diff --git a/prowler/providers/aws/services/ec2/ec2_instance_secrets_user_data/ec2_instance_secrets_user_data.py b/prowler/providers/aws/services/ec2/ec2_instance_secrets_user_data/ec2_instance_secrets_user_data.py
index 0413b1f1..9dc5c6a1 100644
--- a/prowler/providers/aws/services/ec2/ec2_instance_secrets_user_data/ec2_instance_secrets_user_data.py
+++ b/prowler/providers/aws/services/ec2/ec2_instance_secrets_user_data/ec2_instance_secrets_user_data.py
@@ -38,9 +38,19 @@ class ec2_instance_secrets_user_data(Check):
                     with default_settings():
                         secrets.scan_file(temp_user_data_file.name)
 
-                    if secrets.json():
+                    detect_secrets_output = secrets.json()
+                    if detect_secrets_output:
+                        secrets_string = ", ".join(
+                            [
+                                f"{secret['type']} on line {secret['line_number']}"
+                                for secret in detect_secrets_output[
+                                    temp_user_data_file.name
+                                ]
+                            ]
+                        )
                         report.status = "FAIL"
-                        report.status_extended = f"Potential secret found in EC2 instance {instance.id} User Data."
+                        report.status_extended = f"Potential secret found in EC2 instance {instance.id} User Data -> {secrets_string}."
+
                     else:
                         report.status = "PASS"
                         report.status_extended = (
diff --git a/tests/providers/aws/services/ec2/ec2_instance_secrets_user_data/ec2_instance_secrets_user_data_test.py b/tests/providers/aws/services/ec2/ec2_instance_secrets_user_data/ec2_instance_secrets_user_data_test.py
index 6e0c1728..fc7155f2 100644
--- a/tests/providers/aws/services/ec2/ec2_instance_secrets_user_data/ec2_instance_secrets_user_data_test.py
+++ b/tests/providers/aws/services/ec2/ec2_instance_secrets_user_data/ec2_instance_secrets_user_data_test.py
@@ -101,6 +101,12 @@ class Test_ec2_instance_secrets_user_data:
                 == f"No secrets found in EC2 instance {instance.id} User Data."
             )
             assert result[0].resource_id == instance.id
+            assert (
+                result[0].resource_arn
+                == f"arn:{current_audit_info.audited_partition}:ec2:{AWS_REGION}:{current_audit_info.audited_account}:instance/{instance.id}"
+            )
+            assert result[0].resource_tags is None
+            assert result[0].region == AWS_REGION
 
     @mock_ec2
     def test_one_ec2_with_secrets(self):
@@ -134,13 +140,15 @@ class Test_ec2_instance_secrets_user_data:
             assert result[0].status == "FAIL"
             assert (
                 result[0].status_extended
-                == f"Potential secret found in EC2 instance {instance.id} User Data."
+                == f"Potential secret found in EC2 instance {instance.id} User Data -> Secret Keyword on line 1."
             )
             assert result[0].resource_id == instance.id
             assert (
                 result[0].resource_arn
                 == f"arn:{current_audit_info.audited_partition}:ec2:{AWS_REGION}:{current_audit_info.audited_account}:instance/{instance.id}"
             )
+            assert result[0].resource_tags is None
+            assert result[0].region == AWS_REGION
 
     @mock_ec2
     def test_one_ec2_file_with_secrets(self):
@@ -177,13 +185,15 @@ class Test_ec2_instance_secrets_user_data:
             assert result[0].status == "FAIL"
             assert (
                 result[0].status_extended
-                == f"Potential secret found in EC2 instance {instance.id} User Data."
+                == f"Potential secret found in EC2 instance {instance.id} User Data -> Secret Keyword on line 1, Hex High Entropy String on line 3, Secret Keyword on line 3, Secret Keyword on line 4."
             )
             assert result[0].resource_id == instance.id
             assert (
                 result[0].resource_arn
                 == f"arn:{current_audit_info.audited_partition}:ec2:{AWS_REGION}:{current_audit_info.audited_account}:instance/{instance.id}"
             )
+            assert result[0].resource_tags is None
+            assert result[0].region == AWS_REGION
 
     @mock_ec2
     def test_one_launch_configurations_without_user_data(self):
@@ -221,3 +231,5 @@ class Test_ec2_instance_secrets_user_data:
                 result[0].resource_arn
                 == f"arn:{current_audit_info.audited_partition}:ec2:{AWS_REGION}:{current_audit_info.audited_account}:instance/{instance.id}"
             )
+            assert result[0].resource_tags is None
+            assert result[0].region == AWS_REGION