From 58a29bf05847ad346a3d3d9de7771a3dd9db5dbe Mon Sep 17 00:00:00 2001 From: Sergio Garcia <38561120+sergargar@users.noreply.github.com> Date: Thu, 25 May 2023 13:30:01 +0200 Subject: [PATCH] fix(codebuild): handle FAIL in codebuild_project_user_controlled_buildspec (#2410) Co-authored-by: Pepe Fagoaga --- ...ebuild_project_user_controlled_buildspec.py | 8 ++++---- ...d_project_user_controlled_buildspec_test.py | 18 ++++++++++-------- 2 files changed, 14 insertions(+), 12 deletions(-) diff --git a/prowler/providers/aws/services/codebuild/codebuild_project_user_controlled_buildspec/codebuild_project_user_controlled_buildspec.py b/prowler/providers/aws/services/codebuild/codebuild_project_user_controlled_buildspec/codebuild_project_user_controlled_buildspec.py index 01d55fcf..73928192 100644 --- a/prowler/providers/aws/services/codebuild/codebuild_project_user_controlled_buildspec/codebuild_project_user_controlled_buildspec.py +++ b/prowler/providers/aws/services/codebuild/codebuild_project_user_controlled_buildspec/codebuild_project_user_controlled_buildspec.py @@ -12,14 +12,14 @@ class codebuild_project_user_controlled_buildspec(Check): report.region = project.region report.resource_id = project.name report.resource_arn = "" - report.status = "FAIL" - report.status_extended = f"CodeBuild project {project.name} does not use a user controlled buildspec" + report.status = "PASS" + report.status_extended = f"CodeBuild project {project.name} does not use an user controlled buildspec" if project.buildspec: if search(r".*\.yaml$", project.buildspec) or search( r".*\.yml$", project.buildspec ): - report.status = "PASS" - report.status_extended = f"CodeBuild project {project.name} uses a user controlled buildspec" + report.status = "FAIL" + report.status_extended = f"CodeBuild project {project.name} uses an user controlled buildspec" findings.append(report) diff --git a/tests/providers/aws/services/codebuild/codebuild_project_user_controlled_buildspec/codebuild_project_user_controlled_buildspec_test.py b/tests/providers/aws/services/codebuild/codebuild_project_user_controlled_buildspec/codebuild_project_user_controlled_buildspec_test.py index 436a4390..f6c645c6 100644 --- a/tests/providers/aws/services/codebuild/codebuild_project_user_controlled_buildspec/codebuild_project_user_controlled_buildspec_test.py +++ b/tests/providers/aws/services/codebuild/codebuild_project_user_controlled_buildspec/codebuild_project_user_controlled_buildspec_test.py @@ -27,9 +27,9 @@ class Test_codebuild_project_user_controlled_buildspec: result = check.execute() assert len(result) == 1 - assert result[0].status == "FAIL" + assert result[0].status == "PASS" assert search( - "does not use a user controlled buildspec", + "does not use an user controlled buildspec", result[0].status_extended, ) assert result[0].resource_id == "test" @@ -57,9 +57,9 @@ class Test_codebuild_project_user_controlled_buildspec: result = check.execute() assert len(result) == 1 - assert result[0].status == "FAIL" + assert result[0].status == "PASS" assert search( - "does not use a user controlled buildspec", + "does not use an user controlled buildspec", result[0].status_extended, ) assert result[0].resource_id == "test" @@ -87,8 +87,10 @@ class Test_codebuild_project_user_controlled_buildspec: result = check.execute() assert len(result) == 1 - assert result[0].status == "PASS" - assert search("uses a user controlled buildspec", result[0].status_extended) + assert result[0].status == "FAIL" + assert search( + "uses an user controlled buildspec", result[0].status_extended + ) assert result[0].resource_id == "test" assert result[0].resource_arn == "" @@ -114,9 +116,9 @@ class Test_codebuild_project_user_controlled_buildspec: result = check.execute() assert len(result) == 1 - assert result[0].status == "FAIL" + assert result[0].status == "PASS" assert search( - "does not use a user controlled buildspec", + "does not use an user controlled buildspec", result[0].status_extended, ) assert result[0].resource_id == "test"