revert: master

2026-02-10 14:55:00 +00:00 · 2020-09-01 16:22:32 +02:00
parent 580523fde4
commit 43f3365bb4
2 changed files with 9 additions and 37 deletions
--- a/include/outputs
+++ b/include/outputs
@@ -256,7 +256,6 @@ generateJsonAsffOutput(){

  local severity=$3
  jq -M -c \
-  --arg UUID $(uuidgen | awk '{print tolower($0)}') \
  --arg ACCOUNT_NUM "$ACCOUNT_NUM" \
  --arg TITLE_TEXT "$TITLE_TEXT" \
  --arg MESSAGE "$(echo -e "${message}" | sed -e 's/^[[:space:]]*//')" \
@@ -270,15 +269,15 @@ generateJsonAsffOutput(){
  --arg TIMESTAMP "$(get_iso8601_timestamp)" \
  --arg PROWLER_VERSION "$PROWLER_VERSION" \
  --arg AWS_PARTITION "$AWS_PARTITION" \
-  -n '{
+-n '{
      "SchemaVersion": "2018-10-08",
-      "Id": "arn:\($AWS_PARTITION):securityhub:\($REPREGION):\($ACCOUNT_NUM):product/prowler/\($PROWLER_VERSION)/finding/\($UUID)",
+      "Id": "prowler-\($TITLE_ID)-\($ACCOUNT_NUM)-\($REPREGION)-\($UNIQUE_ID)",
      "ProductArn": "arn:\($AWS_PARTITION):securityhub:\($REPREGION):\($ACCOUNT_NUM):product/\($ACCOUNT_NUM)/default",
      "ProductFields": {
          "ProviderName": "Prowler",
          "ProviderVersion": $PROWLER_VERSION
      },
-      "GeneratorId": "prowler-\($TITLE_ID)-\($ACCOUNT_NUM)-\($REPREGION)-\($UNIQUE_ID)",
+      "GeneratorId": "prowler-\($PROWLER_VERSION)",
      "AwsAccountId": $ACCOUNT_NUM,
      "Types": [
          $TYPE
@@ -356,4 +355,4 @@ generateHtmlOutput(){
      echo '<td>'$message'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
    echo '</tr>'>> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
  fi
-}
+}
--- a/include/securityhub_integration
+++ b/include/securityhub_integration
@@ -28,42 +28,15 @@ checkSecurityHubCompatibility(){
      exit $EXITCODE
    fi
  done
-  # Get unresolved findings
-  SECURITY_HUB_PREVIOUS_FINDINGS=$($AWSCLI securityhub get-findings --filters '{"GeneratorId":[{"Value": "prowler-","Comparison":"PREFIX"}],"WorkflowStatus":[{"Value": "RESOLVED","Comparison":"NOT_EQUALS"}]}' | jq -r ".Findings[] | {Id, GeneratorId, Workflow, Compliance}"| jq -s)
 }

 sendToSecurityHub(){
  local findings="$1"
  local region="$2"
-  local generator_id=$(echo $findings | jq -r ".GeneratorId")
-  local status=$(echo $findings | jq -r ".Compliance.Status")
-  local product_arn=$(echo $findings | jq -r ".ProductArn")
-  PREVIOUS_FINDING=$(echo $SECURITY_HUB_PREVIOUS_FINDINGS | jq --arg finding "$generator_id" '.[] | select((.GeneratorId==$finding))' | jq -cs)
-  PREVIOUS_FINDING_IDS=$(echo $PREVIOUS_FINDING | jq -c --arg parn "$product_arn" 'map({"Id": .Id, ProductArn: $parn} )');
-  if [[ $PREVIOUS_FINDING != "[]" ]]; then
-
-    SAME_STATUS=$(echo $PREVIOUS_FINDING | jq --arg status "$status" '.[] | select(.Compliance.Status!=$status)')
-    SUPPRESSED=$(echo $PREVIOUS_FINDING | jq '.[] | select(.Workflow.Status=="SUPPRESSED")')
-    # If are old non-resolved findings with different status, resolve them and import new one    
-    if [[ ! -z $SAME_STATUS && -z $SUPPRESSED ]]; then
-      BATCH_UPDATE_RESULT=$($AWSCLI securityhub --region "$region" $PROFILE_OPT batch-update-findings --finding-identifiers "${PREVIOUS_FINDING_IDS}" --workflow '{"Status": "RESOLVED"}')
-      BATCH_IMPORT_RESULT=$($AWSCLI securityhub --region "$region" $PROFILE_OPT batch-import-findings --findings "${findings}")
-    else
-      # Update to avoid being deleted
-      BATCH_UPDATE_RESULT=$($AWSCLI securityhub --region "$region" $PROFILE_OPT batch-update-findings --finding-identifiers "${PREVIOUS_FINDING_IDS}" --note '{"Text": "Finding re-detected by Prowler scan", "UpdatedBy": "prowler"}')
-    fi
-  else
-    #If new (or no unresolved ones) import it
-    BATCH_IMPORT_RESULT=$($AWSCLI securityhub --region "$region" $PROFILE_OPT batch-import-findings --findings "${findings}")
-  fi
-
-  # Check for success if updated
-  if [[ ! -z "${BATCH_UPDATE_RESULT}" ]] && ! jq -e '.ProcessedFindings >= 1' <<< "${BATCH_UPDATE_RESULT}" > /dev/null 2>&1; then
-    echo -e "\n$RED ERROR!$NORMAL Failed to update AWS Security Hub finding\n"
-  fi
-
-  # Check for success if imported
-  if [[ ! -z "${BATCH_IMPORT_RESULT}" ]] && ! jq -e '.SuccessCount == 1' <<< "${BATCH_IMPORT_RESULT}" > /dev/null 2>&1; then
+  BATCH_IMPORT_RESULT=$($AWSCLI securityhub --region "$region" $PROFILE_OPT batch-import-findings --findings "${findings}")
+  # A successful CLI response is: {"SuccessCount": 1,"FailedFindings": [],"FailedCount": 0}
+  # Therefore, check that SuccessCount is indeed 1
+  if [[ -z "${BATCH_IMPORT_RESULT}" ]] || ! jq -e '.SuccessCount == 1' <<< "${BATCH_IMPORT_RESULT}" > /dev/null 2>&1; then
    echo -e "\n$RED ERROR!$NORMAL Failed to send check output to AWS Security Hub\n"
  fi
-}
+}