diff --git a/prowler/lib/check/checks_loader.py b/prowler/lib/check/checks_loader.py index 6936f8c1..e33eabaf 100644 --- a/prowler/lib/check/checks_loader.py +++ b/prowler/lib/check/checks_loader.py @@ -32,21 +32,26 @@ def load_checks_to_execute( # First, loop over the bulk_checks_metadata to extract the needed subsets for check, metadata in bulk_checks_metadata.items(): - # Aliases - for alias in metadata.CheckAliases: - if alias not in check_aliases: - check_aliases[alias] = [] - check_aliases[alias].append(check) + try: + # Aliases + for alias in metadata.CheckAliases: + if alias not in check_aliases: + check_aliases[alias] = [] + check_aliases[alias].append(check) - # Severities - if metadata.Severity: - check_severities[metadata.Severity].append(check) + # Severities + if metadata.Severity: + check_severities[metadata.Severity].append(check) - # Categories - for category in metadata.Categories: - if category not in check_categories: - check_categories[category] = [] - check_categories[category].append(check) + # Categories + for category in metadata.Categories: + if category not in check_categories: + check_categories[category] = [] + check_categories[category].append(check) + except Exception as error: + logger.error( + f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}] -- {error}" + ) # Handle if there are checks passed using -c/--checks if check_list: @@ -105,6 +110,7 @@ def load_checks_to_execute( logger.error( f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}] -- {error}" ) + return checks_to_execute def update_checks_to_execute_with_aliases( diff --git a/prowler/lib/check/models.py b/prowler/lib/check/models.py index ce4a6d02..97b55a1b 100644 --- a/prowler/lib/check/models.py +++ b/prowler/lib/check/models.py @@ -3,8 +3,9 @@ import sys from abc import ABC, abstractmethod from dataclasses import dataclass -from pydantic import BaseModel, ValidationError +from pydantic import BaseModel, ValidationError, validator +from prowler.config.config import valid_severities from prowler.lib.logger import logger @@ -56,6 +57,18 @@ class Check_Metadata_Model(BaseModel): # store the compliance later if supplied Compliance: list = None + @validator("Severity", pre=True, always=True) + def severity_to_lower(severity): + return severity.lower() + + @validator("Severity") + def valid_severity(severity): + if severity not in valid_severities: + raise ValueError( + f"Invalid severity: {severity}. Severity must be one of {', '.join(valid_severities)}" + ) + return severity + class Check(ABC, Check_Metadata_Model): """Prowler Check""" diff --git a/prowler/providers/azure/services/monitor/monitor_storage_account_with_activity_logs_cmk_encrypted/monitor_storage_account_with_activity_logs_cmk_encrypted.metadata.json b/prowler/providers/azure/services/monitor/monitor_storage_account_with_activity_logs_cmk_encrypted/monitor_storage_account_with_activity_logs_cmk_encrypted.metadata.json index 0ed7896b..324c84f2 100644 --- a/prowler/providers/azure/services/monitor/monitor_storage_account_with_activity_logs_cmk_encrypted/monitor_storage_account_with_activity_logs_cmk_encrypted.metadata.json +++ b/prowler/providers/azure/services/monitor/monitor_storage_account_with_activity_logs_cmk_encrypted/monitor_storage_account_with_activity_logs_cmk_encrypted.metadata.json @@ -6,7 +6,7 @@ "ServiceName": "monitor", "SubServiceName": "", "ResourceIdTemplate": "", - "Severity": "Medium", + "Severity": "medium", "ResourceType": "Monitor", "Description": "Storage accounts with the activity log exports can be configured to use CustomerManaged Keys (CMK).", "Risk": "Configuring the storage account with the activity log export container to use CMKs provides additional confidentiality controls on log data, as a given user must have read permission on the corresponding storage account and must be granted decrypt permission by the CMK.",