mirror of
https://github.com/ghndrx/prowler.git
synced 2026-02-11 07:15:15 +00:00
chore(security hub): improve securityhub_enabled check logic (#1851)
Co-authored-by: sergargar <sergargar@users.noreply.github.com>
This commit is contained in:
Sergio Garcia
@@ -10,11 +10,12 @@ class Test_accessanalyzer_enabled_without_findings:
|
||||
securityhub_client = mock.MagicMock
|
||||
securityhub_client.securityhubs = [
|
||||
SecurityHubHub(
|
||||
"",
|
||||
"Security Hub",
|
||||
"NOT_AVAILABLE",
|
||||
"",
|
||||
"eu-west-1",
|
||||
arn="",
|
||||
id="Security Hub",
|
||||
status="NOT_AVAILABLE",
|
||||
standards="",
|
||||
integrations="",
|
||||
region="eu-west-1",
|
||||
)
|
||||
]
|
||||
with mock.patch(
|
||||
@@ -33,15 +34,16 @@ class Test_accessanalyzer_enabled_without_findings:
|
||||
assert result[0].status_extended == "Security Hub is not enabled"
|
||||
assert result[0].resource_id == "Security Hub"
|
||||
|
||||
def test_securityhub_hub_active(self):
|
||||
def test_securityhub_hub_active_with_standards(self):
|
||||
securityhub_client = mock.MagicMock
|
||||
securityhub_client.securityhubs = [
|
||||
SecurityHubHub(
|
||||
"arn:aws:securityhub:us-east-1:0123456789012:hub/default",
|
||||
"default",
|
||||
"ACTIVE",
|
||||
"cis-aws-foundations-benchmark/v/1.2.0",
|
||||
"eu-west-1",
|
||||
arn="arn:aws:securityhub:us-east-1:0123456789012:hub/default",
|
||||
id="default",
|
||||
status="ACTIVE",
|
||||
standards="cis-aws-foundations-benchmark/v/1.2.0",
|
||||
integrations="",
|
||||
region="eu-west-1",
|
||||
)
|
||||
]
|
||||
with mock.patch(
|
||||
@@ -59,6 +61,68 @@ class Test_accessanalyzer_enabled_without_findings:
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== "Security Hub is enabled with standards cis-aws-foundations-benchmark/v/1.2.0"
|
||||
== "Security Hub is enabled with standards: cis-aws-foundations-benchmark/v/1.2.0"
|
||||
)
|
||||
assert result[0].resource_id == "default"
|
||||
|
||||
def test_securityhub_hub_active_with_integrations(self):
|
||||
securityhub_client = mock.MagicMock
|
||||
securityhub_client.securityhubs = [
|
||||
SecurityHubHub(
|
||||
arn="arn:aws:securityhub:us-east-1:0123456789012:hub/default",
|
||||
id="default",
|
||||
status="ACTIVE",
|
||||
standards="",
|
||||
integrations="prowler",
|
||||
region="eu-west-1",
|
||||
)
|
||||
]
|
||||
with mock.patch(
|
||||
"prowler.providers.aws.services.securityhub.securityhub_service.SecurityHub",
|
||||
new=securityhub_client,
|
||||
):
|
||||
# Test Check
|
||||
from prowler.providers.aws.services.securityhub.securityhub_enabled.securityhub_enabled import (
|
||||
securityhub_enabled,
|
||||
)
|
||||
|
||||
check = securityhub_enabled()
|
||||
result = check.execute()
|
||||
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== "Security Hub is enabled without standards but with integrations: prowler"
|
||||
)
|
||||
assert result[0].resource_id == "default"
|
||||
|
||||
def test_securityhub_hub_active_without_integrations_or_standards(self):
|
||||
securityhub_client = mock.MagicMock
|
||||
securityhub_client.securityhubs = [
|
||||
SecurityHubHub(
|
||||
arn="arn:aws:securityhub:us-east-1:0123456789012:hub/default",
|
||||
id="default",
|
||||
status="ACTIVE",
|
||||
standards="",
|
||||
integrations="",
|
||||
region="eu-west-1",
|
||||
)
|
||||
]
|
||||
with mock.patch(
|
||||
"prowler.providers.aws.services.securityhub.securityhub_service.SecurityHub",
|
||||
new=securityhub_client,
|
||||
):
|
||||
# Test Check
|
||||
from prowler.providers.aws.services.securityhub.securityhub_enabled.securityhub_enabled import (
|
||||
securityhub_enabled,
|
||||
)
|
||||
|
||||
check = securityhub_enabled()
|
||||
result = check.execute()
|
||||
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== "Security Hub is enabled but without any standard or integration"
|
||||
)
|
||||
assert result[0].resource_id == "default"
|
||||
|
||||
Reference in New Issue
Block a user