ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(allowlist): Add Allowlist feature (#1395)

Browse Source
This commit is contained in:
Sergio Garcia
2022-10-21 11:33:23 +02:00
committed by GitHub
parent bd6eb723dd
commit 53f8a9698f
10 changed files with 353 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
lib/outputs/outputs.py
View File

@@ -24,12 +24,12 @@ from lib.outputs.models import (
Severity,
)
from lib.utils.utils import file_exists, hash_sha512, open_file
from providers.aws.lib.allowlist.allowlist import is_allowlisted
from providers.aws.lib.security_hub.security_hub import send_to_security_hub
def report(check_findings, output_options, audit_info):
check_findings.sort(key=lambda x: x.region)
csv_fields = []
# check output options
file_descriptors = {}
@@ -46,6 +46,15 @@ def report(check_findings, output_options, audit_info):
if check_findings:
for finding in check_findings:
# Check if finding is allowlisted
if is_allowlisted(
output_options.allowlist_file,
audit_info.audited_account,
finding.check_metadata.CheckID,
finding.region,
finding.resource_id,
):
finding.status = "WARNING"
# Print findings by stdout
color = set_report_color(finding.status)
if output_options.is_quiet and "FAIL" in finding.status: