ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(codebuild): handle FAIL in codebuild_project_user_controlled_buildspec (#2410)

Browse Source 
Co-authored-by: Pepe Fagoaga <pepe@verica.io>
This commit is contained in:
Sergio Garcia
2023-05-25 13:30:01 +02:00
committed by GitHub
parent 7dac17de18
commit 58a29bf058
2 changed files with 14 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
prowler/providers/aws/services/codebuild/codebuild_project_user_controlled_buildspec/codebuild_project_user_controlled_buildspec.py
View File

@@ -12,14 +12,14 @@ class codebuild_project_user_controlled_buildspec(Check):
report.region = project.region report.region = project.region
report.resource_id = project.name report.resource_id = project.name
report.resource_arn = "" report.resource_arn = ""
report.status = "FAIL" report.status = "PASS"
report.status_extended = f"CodeBuild project {project.name} does not use a user controlled buildspec" report.status_extended = f"CodeBuild project {project.name} does not use an user controlled buildspec"
if project.buildspec: if project.buildspec:
if search(r".*\.yaml$", project.buildspec) or search( if search(r".*\.yaml$", project.buildspec) or search(
r".*\.yml$", project.buildspec r".*\.yml$", project.buildspec
): ):
report.status = "PASS" report.status = "FAIL"
report.status_extended = f"CodeBuild project {project.name} uses a user controlled buildspec" report.status_extended = f"CodeBuild project {project.name} uses an user controlled buildspec"
findings.append(report) findings.append(report)

18
tests/providers/aws/services/codebuild/codebuild_project_user_controlled_buildspec/codebuild_project_user_controlled_buildspec_test.py
View File

@@ -27,9 +27,9 @@ class Test_codebuild_project_user_controlled_buildspec:
result = check.execute() result = check.execute()
assert len(result) == 1 assert len(result) == 1
assert result[0].status == "FAIL" assert result[0].status == "PASS"
assert search( assert search(
"does not use a user controlled buildspec", "does not use an user controlled buildspec",
result[0].status_extended, result[0].status_extended,
) )
assert result[0].resource_id == "test" assert result[0].resource_id == "test"
@@ -57,9 +57,9 @@ class Test_codebuild_project_user_controlled_buildspec:
result = check.execute() result = check.execute()
assert len(result) == 1 assert len(result) == 1
assert result[0].status == "FAIL" assert result[0].status == "PASS"
assert search( assert search(
"does not use a user controlled buildspec", "does not use an user controlled buildspec",
result[0].status_extended, result[0].status_extended,
) )
assert result[0].resource_id == "test" assert result[0].resource_id == "test"
@@ -87,8 +87,10 @@ class Test_codebuild_project_user_controlled_buildspec:
result = check.execute() result = check.execute()
assert len(result) == 1 assert len(result) == 1
assert result[0].status == "PASS" assert result[0].status == "FAIL"
assert search("uses a user controlled buildspec", result[0].status_extended) assert search(
"uses an user controlled buildspec", result[0].status_extended
)
assert result[0].resource_id == "test" assert result[0].resource_id == "test"
assert result[0].resource_arn == "" assert result[0].resource_arn == ""
@@ -114,9 +116,9 @@ class Test_codebuild_project_user_controlled_buildspec:
result = check.execute() result = check.execute()
assert len(result) == 1 assert len(result) == 1
assert result[0].status == "FAIL" assert result[0].status == "PASS"
assert search( assert search(
"does not use a user controlled buildspec", "does not use an user controlled buildspec",
result[0].status_extended, result[0].status_extended,
) )
assert result[0].resource_id == "test" assert result[0].resource_id == "test"