feat(allowlist): Add Allowlist feature (#1395)

lib/check/check.py

@@ -183,6 +183,7 @@ def set_output_options(
     input_output_directory: str,
     security_hub_enabled: bool,
     output_filename: str,
+    allowlist_file: str,
 ):
     global output_options
     output_options = Output_From_Options(
@@ -191,6 +192,7 @@ def set_output_options(
         output_directory=input_output_directory,
         security_hub_enabled=security_hub_enabled,
         output_filename=output_filename,
+        allowlist_file=allowlist_file,
         # set input options here
     )
     return output_options

lib/check/models.py

@@ -15,6 +15,7 @@ class Output_From_Options:
     output_directory: str
     security_hub_enabled: bool
     output_filename: str
+    allowlist_file: str
 
 
 # Testing Pending

lib/outputs/outputs.py

@@ -24,12 +24,12 @@ from lib.outputs.models import (
     Severity,
 )
 from lib.utils.utils import file_exists, hash_sha512, open_file
+from providers.aws.lib.allowlist.allowlist import is_allowlisted
 from providers.aws.lib.security_hub.security_hub import send_to_security_hub
 
 
 def report(check_findings, output_options, audit_info):
     check_findings.sort(key=lambda x: x.region)
-
     csv_fields = []
     # check output options
     file_descriptors = {}
@@ -46,6 +46,15 @@ def report(check_findings, output_options, audit_info):
 
     if check_findings:
         for finding in check_findings:
+            # Check if finding is allowlisted
+            if is_allowlisted(
+                output_options.allowlist_file,
+                audit_info.audited_account,
+                finding.check_metadata.CheckID,
+                finding.region,
+                finding.resource_id,
+            ):
+                finding.status = "WARNING"
             # Print findings by stdout
             color = set_report_color(finding.status)
             if output_options.is_quiet and "FAIL" in finding.status: