fix(checks_loader): Handle exceptions and always load checks (#3479)

prowler/lib/check/checks_loader.py

@@ -32,21 +32,26 @@ def load_checks_to_execute(
 
         # First, loop over the bulk_checks_metadata to extract the needed subsets
         for check, metadata in bulk_checks_metadata.items():
-            # Aliases
+            try:
-            for alias in metadata.CheckAliases:
+                # Aliases
-                if alias not in check_aliases:
+                for alias in metadata.CheckAliases:
-                    check_aliases[alias] = []
+                    if alias not in check_aliases:
-                check_aliases[alias].append(check)
+                        check_aliases[alias] = []
+                    check_aliases[alias].append(check)
 
-            # Severities
+                # Severities
-            if metadata.Severity:
+                if metadata.Severity:
-                check_severities[metadata.Severity].append(check)
+                    check_severities[metadata.Severity].append(check)
 
-            # Categories
+                # Categories
-            for category in metadata.Categories:
+                for category in metadata.Categories:
-                if category not in check_categories:
+                    if category not in check_categories:
-                    check_categories[category] = []
+                        check_categories[category] = []
-                check_categories[category].append(check)
+                    check_categories[category].append(check)
+            except Exception as error:
+                logger.error(
+                    f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}] -- {error}"
+                )
 
         # Handle if there are checks passed using -c/--checks
         if check_list:
@@ -105,6 +110,7 @@ def load_checks_to_execute(
         logger.error(
             f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}] -- {error}"
         )
+        return checks_to_execute
 
 
 def update_checks_to_execute_with_aliases(

prowler/lib/check/models.py

@@ -3,8 +3,9 @@ import sys
 from abc import ABC, abstractmethod
 from dataclasses import dataclass
 
-from pydantic import BaseModel, ValidationError
+from pydantic import BaseModel, ValidationError, validator
 
+from prowler.config.config import valid_severities
 from prowler.lib.logger import logger
 
 
@@ -56,6 +57,18 @@ class Check_Metadata_Model(BaseModel):
     # store the compliance later if supplied
     Compliance: list = None
 
+    @validator("Severity", pre=True, always=True)
+    def severity_to_lower(severity):
+        return severity.lower()
+
+    @validator("Severity")
+    def valid_severity(severity):
+        if severity not in valid_severities:
+            raise ValueError(
+                f"Invalid severity: {severity}. Severity must be one of {', '.join(valid_severities)}"
+            )
+        return severity
+
 
 class Check(ABC, Check_Metadata_Model):
     """Prowler Check"""

prowler/providers/azure/services/monitor/monitor_storage_account_with_activity_logs_cmk_encrypted/monitor_storage_account_with_activity_logs_cmk_encrypted.metadata.json

@@ -6,7 +6,7 @@
   "ServiceName": "monitor",
   "SubServiceName": "",
   "ResourceIdTemplate": "",
-  "Severity": "Medium",
+  "Severity": "medium",
   "ResourceType": "Monitor",
   "Description": "Storage accounts with the activity log exports can be configured to use CustomerManaged Keys (CMK).",
   "Risk": "Configuring the storage account with the activity log export container to use CMKs provides additional confidentiality controls on log data, as a given user must have read permission on the corresponding storage account and must be granted decrypt permission by the CMK.",