feat(json-asff): adds AWS resource tags in json-asff and SecurityHub findings (#2786)

Co-authored-by: samuel.burgos <samuel.burgos@flywire.com>
Co-authored-by: Sergio Garcia <sergargar1@gmail.com>

prowler/lib/outputs/json.py

@@ -63,12 +63,14 @@ def fill_json_asff(finding_output, audit_info, finding, output_options):
             if len(finding.status_extended) > 1000
             else finding.status_extended
         )
+        resource_tags = generate_json_asff_resource_tags(finding.resource_tags)
         finding_output.Resources = [
             Resource(
                 Id=finding.resource_arn,
                 Type=finding.check_metadata.ResourceType,
                 Partition=audit_info.audited_partition,
                 Region=finding.region,
+                Tags=resource_tags,
             )
         ]
         # Iterate for each compliance framework
@@ -121,6 +123,26 @@ def generate_json_asff_status(status: str) -> str:
     return json_asff_status
 
 
+def generate_json_asff_resource_tags(tags):
+    try:
+        resource_tags = {}
+        if tags and tags != [None]:
+            for tag in tags:
+                if "Key" in tag and "Value" in tag:
+                    resource_tags[tag["Key"]] = tag["Value"]
+                else:
+                    resource_tags.update(tag)
+            if len(resource_tags) == 0:
+                return None
+        else:
+            return None
+        return resource_tags
+    except Exception as error:
+        logger.error(
+            f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
+        )
+
+
 def fill_json_ocsf(audit_info, finding, output_options) -> Check_Output_JSON_OCSF:
     try:
         resource_region = ""

prowler/lib/outputs/models.py

@@ -683,6 +683,7 @@ class Resource(BaseModel):
     Id: str
     Partition: str
     Region: str
+    Tags: Optional[dict]
 
 
 class Compliance(BaseModel):

prowler/lib/outputs/outputs.py

@@ -102,7 +102,7 @@ def report(check_findings, output_options, audit_info):
                                 )
 
                                 json.dump(
-                                    finding_output.dict(),
+                                    finding_output.dict(exclude_none=True),
                                     file_descriptors["json-asff"],
                                     indent=4,
                                 )

prowler/providers/aws/lib/security_hub/security_hub.py

@@ -40,7 +40,9 @@ def prepare_security_hub_findings(
         )
 
         # Include that finding within their region in the JSON format
-        security_hub_findings_per_region[region].append(finding_json_asff.dict())
+        security_hub_findings_per_region[region].append(
+            finding_json_asff.dict(exclude_none=True)
+        )
 
     return security_hub_findings_per_region
 

tests/lib/outputs/outputs_test.py

@@ -28,6 +28,7 @@ from prowler.lib.outputs.json import (
     fill_json_asff,
     fill_json_ocsf,
     generate_json_asff_status,
+    generate_json_asff_resource_tags,
     generate_json_ocsf_severity_id,
     generate_json_ocsf_status,
     generate_json_ocsf_status_id,
@@ -1349,6 +1350,17 @@ class Test_Outputs:
         assert generate_json_asff_status("WARNING") == "WARNING"
         assert generate_json_asff_status("SOMETHING ELSE") == "NOT_AVAILABLE"
 
+    def test_generate_json_asff_resource_tags(self):
+        assert generate_json_asff_resource_tags(None) is None
+        assert generate_json_asff_resource_tags([]) is None
+        assert generate_json_asff_resource_tags([{}]) is None
+        assert generate_json_asff_resource_tags([{"key1": "value1"}]) == {
+            "key1": "value1"
+        }
+        assert generate_json_asff_resource_tags(
+            [{"Key": "key1", "Value": "value1"}]
+        ) == {"key1": "value1"}
+
     def test_generate_json_ocsf_status(self):
         assert generate_json_ocsf_status("PASS") == "Success"
         assert generate_json_ocsf_status("FAIL") == "Failure"