fix(checks_loader): Handle exceptions and always load checks (#3479)

2026-02-10 06:45:08 +00:00 · 2024-03-04 10:51:59 +01:00
parent f91ccedc83
commit 60ed9d08d3
3 changed files with 34 additions and 15 deletions
--- a/prowler/lib/check/checks_loader.py
+++ b/prowler/lib/check/checks_loader.py
@@ -32,6 +32,7 @@ def load_checks_to_execute(

        # First, loop over the bulk_checks_metadata to extract the needed subsets
        for check, metadata in bulk_checks_metadata.items():
+            try:
                # Aliases
                for alias in metadata.CheckAliases:
                    if alias not in check_aliases:
@@ -47,6 +48,10 @@ def load_checks_to_execute(
                    if category not in check_categories:
                        check_categories[category] = []
                    check_categories[category].append(check)
+            except Exception as error:
+                logger.error(
+                    f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}] -- {error}"
+                )

        # Handle if there are checks passed using -c/--checks
        if check_list:
@@ -105,6 +110,7 @@ def load_checks_to_execute(
        logger.error(
            f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}] -- {error}"
        )
+        return checks_to_execute


 def update_checks_to_execute_with_aliases(
--- a/prowler/lib/check/models.py
+++ b/prowler/lib/check/models.py
@@ -3,8 +3,9 @@ import sys
 from abc import ABC, abstractmethod
 from dataclasses import dataclass

-from pydantic import BaseModel, ValidationError
+from pydantic import BaseModel, ValidationError, validator

+from prowler.config.config import valid_severities
 from prowler.lib.logger import logger


@@ -56,6 +57,18 @@ class Check_Metadata_Model(BaseModel):
    # store the compliance later if supplied
    Compliance: list = None

+    @validator("Severity", pre=True, always=True)
+    def severity_to_lower(severity):
+        return severity.lower()
+
+    @validator("Severity")
+    def valid_severity(severity):
+        if severity not in valid_severities:
+            raise ValueError(
+                f"Invalid severity: {severity}. Severity must be one of {', '.join(valid_severities)}"
+            )
+        return severity
+

 class Check(ABC, Check_Metadata_Model):
    """Prowler Check"""
--- a/prowler/providers/azure/services/monitor/monitor_storage_account_with_activity_logs_cmk_encrypted/monitor_storage_account_with_activity_logs_cmk_encrypted.metadata.json
+++ b/prowler/providers/azure/services/monitor/monitor_storage_account_with_activity_logs_cmk_encrypted/monitor_storage_account_with_activity_logs_cmk_encrypted.metadata.json
@@ -6,7 +6,7 @@
  "ServiceName": "monitor",
  "SubServiceName": "",
  "ResourceIdTemplate": "",
-  "Severity": "Medium",
+  "Severity": "medium",
  "ResourceType": "Monitor",
  "Description": "Storage accounts with the activity log exports can be configured to use CustomerManaged Keys (CMK).",
  "Risk": "Configuring the storage account with the activity log export container to use CMKs provides additional confidentiality controls on log data, as a given user must have read permission on the corresponding storage account and must be granted decrypt permission by the CMK.",