feat(output): Report generation data, color legend and assumed role information (#1300)

* feat(color-code): include legend * chore(version): alfa -> alpha * chore: remove comments * feat(credentials): Include report generation data
2026-02-10 23:05:05 +00:00 · 2022-08-03 17:09:38 +02:00
parent 0b34940e20
commit 5e40fc28c9
5 changed files with 42 additions and 2 deletions
--- a/config/config.py
+++ b/config/config.py
@@ -3,7 +3,7 @@ from os import getcwd

 timestamp = datetime.today()
 timestamp_utc = datetime.now(timezone.utc).replace(tzinfo=timezone.utc)
-prowler_version = "3.0-alfa"
+prowler_version = "3.0-alpha"

 # Groups
 groups_file = "groups.json"
--- a/lib/banner.py
+++ b/lib/banner.py
@@ -14,6 +14,13 @@ def print_banner():
 | |_) | | | (_) \ V  V /| |  __/ |
 | .__/|_|  \___/ \_/\_/ |_|\___|_|v{prowler_version}
 |_|{Fore.BLUE} the handy cloud security tool
-{Fore.YELLOW} Date: {timestamp.strftime("%Y-%m-%d %H:%M:%S")}{Style.RESET_ALL}
+
+{Fore.YELLOW}Date: {timestamp.strftime("%Y-%m-%d %H:%M:%S")}{Style.RESET_ALL}
+
+Color code for results:
+ - {Fore.YELLOW}INFO (Information){Style.RESET_ALL}
+ - {Fore.GREEN}PASS (Recommended value){Style.RESET_ALL}
+ - {Fore.YELLOW}WARNING (Ignored by allowlist){Style.RESET_ALL}
+ - {Fore.RED}FAIL (Fix required){Style.RESET_ALL}
 """
    print(banner)
--- a/providers/aws/aws_provider.py
+++ b/providers/aws/aws_provider.py
@@ -7,6 +7,7 @@ from arnparse import arnparse
 from boto3 import client, session
 from botocore.credentials import RefreshableCredentials
 from botocore.session import get_session
+from colorama import Fore, Style

 from config.config import aws_services_json_file, json_asff_file_suffix, timestamp_utc
 from lib.arn.arn import arn_parsing
@@ -105,7 +106,9 @@ def provider_set_session(
        original_session=None,
        audit_session=None,
        audited_account=None,
+        audited_user_id=None,
        audited_partition=None,
+        audited_identity_arn=None,
        profile=input_profile,
        profile_region=None,
        credentials=None,
@@ -130,6 +133,8 @@ def provider_set_session(
    logger.info(f"Original caller identity ARN : {caller_identity['Arn']}")

    current_audit_info.audited_account = caller_identity["Account"]
+    current_audit_info.audited_identity_arn = caller_identity["Arn"]
+    current_audit_info.audited_user_id = caller_identity["UserId"]
    current_audit_info.audited_partition = arnparse(caller_identity["Arn"]).partition

    logger.info("Checking if organizations role assumption is needed ...")
@@ -204,9 +209,33 @@ def provider_set_session(
    else:
        current_audit_info.profile_region = "us-east-1"

+    print_audit_credentials(current_audit_info)
    return current_audit_info


+def print_audit_credentials(audit_info: AWS_Audit_Info):
+    # Beautify audited regions, set "all" if there is no filter region
+    regions = (
+        ", ".join(audit_info.audited_regions)
+        if audit_info.audited_regions != None
+        else "all"
+    )
+    # Beautify audited profile, set "default" if there is no profile set
+    profile = audit_info.profile if audit_info.profile != None else "default"
+
+    report = f"""
+This report is being generated using credentials below:
+
+AWS-CLI Profile: {Fore.YELLOW}[{profile}]{Style.RESET_ALL} AWS API Region: {Fore.YELLOW}[{audit_info.profile_region}]{Style.RESET_ALL} AWS Filter Region: {Fore.YELLOW}[{regions}]{Style.RESET_ALL}
+AWS Account: {Fore.YELLOW}[{audit_info.audited_account}]{Style.RESET_ALL} UserId: {Fore.YELLOW}[{audit_info.audited_user_id}]{Style.RESET_ALL}
+Caller Identity ARN: {Fore.YELLOW}[{audit_info.audited_identity_arn}]{Style.RESET_ALL}
+"""
+    # If -A is set, print Assumed Role ARN
+    if audit_info.assumed_role_info.role_arn != None:
+        report += f"Assumed Role ARN: {Fore.YELLOW}[{audit_info.assumed_role_info.role_arn}]{Style.RESET_ALL}"
+    print(report)
+
+
 def validate_credentials(validate_session: session) -> dict:
    try:
        validate_credentials_client = validate_session.client("sts")
--- a/providers/aws/aws_provider_test.py
+++ b/providers/aws/aws_provider_test.py
@@ -71,6 +71,8 @@ class Test_AWS_Provider:
            audit_session=None,
            audited_account=None,
            audited_partition=None,
+            audited_identity_arn=None,
+            audited_user_id=None,
            profile=None,
            profile_region=None,
            credentials=None,
--- a/providers/aws/models.py
+++ b/providers/aws/models.py
@@ -33,6 +33,8 @@ class AWS_Audit_Info:
    original_session: session.Session
    audit_session: session.Session
    audited_account: int
+    audited_identity_arn: str
+    audited_user_id: str
    audited_partition: str
    profile: str
    profile_region: str