feat(scanner): Tag-based scan (#1751)

Co-authored-by: Toni de la Fuente <toni@blyx.com> Co-authored-by: Pepe Fagoaga <pepe@verica.io>
2026-02-10 14:55:00 +00:00 · 2023-01-31 12:19:29 +01:00
parent 0d1a5318ec
commit 3ac4dc8392
110 changed files with 1224 additions and 635 deletions
--- a/tests/lib/cli/parser_test.py
+++ b/tests/lib/cli/parser_test.py
@@ -54,6 +54,7 @@ class Test_Parser:
        assert not parsed.output_bucket_no_assume
        assert not parsed.shodan
        assert not parsed.allowlist_file
+        assert not parsed.scan_tags

    def test_default_parser_no_arguments_azure(self):
        provider = "azure"
@@ -795,6 +796,24 @@ class Test_Parser:
        parsed = self.parser.parse(command)
        assert parsed.allowlist_file == allowlist_file

+    def test_aws_parser_scan_tags_short(self):
+        argument = "-t"
+        scan_tag = "Key=Value"
+        command = [prowler_command, argument, scan_tag]
+        parsed = self.parser.parse(command)
+        assert len(parsed.scan_tags) == 1
+        assert scan_tag in parsed.scan_tags
+
+    def test_aws_parser_scan_tags_long(self):
+        argument = "--scan-tags"
+        scan_tag1 = "Key=Value"
+        scan_tag2 = "Key2=Value2"
+        command = [prowler_command, argument, scan_tag1, scan_tag2]
+        parsed = self.parser.parse(command)
+        assert len(parsed.scan_tags) == 2
+        assert scan_tag1 in parsed.scan_tags
+        assert scan_tag2 in parsed.scan_tags
+
    def test_parser_azure_auth_sp(self):
        argument = "--sp-env-auth"
        command = [prowler_command, "azure", argument]
--- a/tests/lib/outputs/outputs_test.py
+++ b/tests/lib/outputs/outputs_test.py
@@ -81,6 +81,7 @@ class Test_Outputs:
            assumed_role_info=None,
            audited_regions=["eu-west-2", "eu-west-1"],
            organizations_metadata=None,
+            audit_resources=None,
        )
        test_output_modes = [
            ["csv"],
@@ -258,6 +259,7 @@ class Test_Outputs:
            assumed_role_info=None,
            audited_regions=["eu-west-2", "eu-west-1"],
            organizations_metadata=None,
+            audit_resources=None,
        )
        finding = Check_Report(
            load_check_metadata(
@@ -327,6 +329,7 @@ class Test_Outputs:
            assumed_role_info=None,
            audited_regions=["eu-west-2", "eu-west-1"],
            organizations_metadata=None,
+            audit_resources=None,
        )
        # Creat mock bucket
        bucket_name = "test_bucket"
@@ -429,6 +432,7 @@ class Test_Outputs:
            assumed_role_info=None,
            audited_regions=["eu-west-2", "eu-west-1"],
            organizations_metadata=None,
+            audit_resources=None,
        )
        finding = Check_Report(
            load_check_metadata(
--- a/tests/lib/scan_filters/scan_filters_test.py
+++ b/tests/lib/scan_filters/scan_filters_test.py
@@ -0,0 +1,17 @@
+from prowler.lib.scan_filters.scan_filters import is_resource_filtered
+
+
+class Test_Scan_Filters:
+    def test_is_resource_filtered(self):
+        audit_resources = [
+            "arn:aws:iam::123456789012:user/test_user",
+            "arn:aws:s3:::test_bucket",
+        ]
+        assert is_resource_filtered(
+            "arn:aws:iam::123456789012:user/test_user", audit_resources
+        )
+        assert not is_resource_filtered(
+            "arn:aws:iam::123456789012:user/test1", audit_resources
+        )
+        assert is_resource_filtered("test_bucket", audit_resources)
+        assert is_resource_filtered("arn:aws:s3:::test_bucket", audit_resources)