mirror of
https://github.com/ghndrx/prowler.git
synced 2026-02-10 14:55:00 +00:00
feat(severity): Run checks by severity (#1223)
This commit is contained in:
Pepe Fagoaga
@@ -98,6 +98,20 @@ def print_services(service_list: set):
|
|||||||
print(f"- {service}")
|
print(f"- {service}")
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
def print_checks(provider: str, check_list: set, bulk_checks_metadata: dict):
|
||||||
|
for check in check_list:
|
||||||
|
try:
|
||||||
|
print(
|
||||||
|
f"[{bulk_checks_metadata[check].CheckID}] {bulk_checks_metadata[check].CheckTitle} - {Fore.MAGENTA}{bulk_checks_metadata[check].ServiceName} {Fore.YELLOW}[{bulk_checks_metadata[check].Severity}]{Style.RESET_ALL}"
|
||||||
|
)
|
||||||
|
except KeyError as error:
|
||||||
|
logger.error(
|
||||||
|
f"Check {error} was not found for the {provider.upper()} provider"
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# List available groups
|
# List available groups
|
||||||
def list_groups(provider: str):
|
def list_groups(provider: str):
|
||||||
groups = parse_groups_from_file(groups_file)
|
groups = parse_groups_from_file(groups_file)
|
||||||
|
|||||||
@@ -15,6 +15,7 @@ def load_checks_to_execute(
|
|||||||
check_list: list,
|
check_list: list,
|
||||||
service_list: list,
|
service_list: list,
|
||||||
group_list: list,
|
group_list: list,
|
||||||
|
severities: list,
|
||||||
provider: str,
|
provider: str,
|
||||||
) -> set:
|
) -> set:
|
||||||
|
|
||||||
@@ -25,10 +26,13 @@ def load_checks_to_execute(
|
|||||||
for check_name in check_list:
|
for check_name in check_list:
|
||||||
checks_to_execute.add(check_name)
|
checks_to_execute.add(check_name)
|
||||||
|
|
||||||
# elif severity_list:
|
# Handle if there are some severities passed using --severity
|
||||||
# using bulk_checks_metadata
|
elif severities:
|
||||||
# elif compliance_list:
|
for check in bulk_checks_metadata:
|
||||||
# using bulk_checks_metadata
|
# Check check's severity
|
||||||
|
if bulk_checks_metadata[check].Severity in severities:
|
||||||
|
checks_to_execute.add(check)
|
||||||
|
|
||||||
# Handle if there are checks passed using -C/--checks-file
|
# Handle if there are checks passed using -C/--checks-file
|
||||||
elif checks_file:
|
elif checks_file:
|
||||||
try:
|
try:
|
||||||
|
|||||||
33
prowler
33
prowler
@@ -4,8 +4,6 @@
|
|||||||
import argparse
|
import argparse
|
||||||
import sys
|
import sys
|
||||||
|
|
||||||
from colorama import Fore, Style
|
|
||||||
|
|
||||||
from lib.banner import print_banner, print_version
|
from lib.banner import print_banner, print_version
|
||||||
from lib.check.check import (
|
from lib.check.check import (
|
||||||
bulk_load_checks_metadata,
|
bulk_load_checks_metadata,
|
||||||
@@ -15,6 +13,7 @@ from lib.check.check import (
|
|||||||
import_check,
|
import_check,
|
||||||
list_groups,
|
list_groups,
|
||||||
list_services,
|
list_services,
|
||||||
|
print_checks,
|
||||||
print_services,
|
print_services,
|
||||||
run_check,
|
run_check,
|
||||||
set_output_options,
|
set_output_options,
|
||||||
@@ -35,12 +34,19 @@ if __name__ == "__main__":
|
|||||||
group.add_argument("-C", "--checks-file", nargs="?", help="List of checks")
|
group.add_argument("-C", "--checks-file", nargs="?", help="List of checks")
|
||||||
group.add_argument("-s", "--services", nargs="+", help="List of services")
|
group.add_argument("-s", "--services", nargs="+", help="List of services")
|
||||||
group.add_argument("-g", "--groups", nargs="+", help="List of groups")
|
group.add_argument("-g", "--groups", nargs="+", help="List of groups")
|
||||||
|
group.add_argument(
|
||||||
|
"--severity",
|
||||||
|
nargs="+",
|
||||||
|
help="List of severities [informational, low, medium, high, critical]",
|
||||||
|
choices=["informational","low","medium","high","critical"]
|
||||||
|
)
|
||||||
|
# Exclude checks options
|
||||||
parser.add_argument("-e", "--excluded-checks", nargs="+", help="Checks to exclude")
|
parser.add_argument("-e", "--excluded-checks", nargs="+", help="Checks to exclude")
|
||||||
parser.add_argument("-E", "--excluded-groups", nargs="+", help="Groups to exclude")
|
parser.add_argument("-E", "--excluded-groups", nargs="+", help="Groups to exclude")
|
||||||
parser.add_argument(
|
parser.add_argument(
|
||||||
"-S", "--excluded-services", nargs="+", help="Services to exclude"
|
"-S", "--excluded-services", nargs="+", help="Services to exclude"
|
||||||
)
|
)
|
||||||
|
# List checks options
|
||||||
list_group = parser.add_mutually_exclusive_group()
|
list_group = parser.add_mutually_exclusive_group()
|
||||||
list_group.add_argument(
|
list_group.add_argument(
|
||||||
"-L", "--list-groups", action="store_true", help="List groups"
|
"-L", "--list-groups", action="store_true", help="List groups"
|
||||||
@@ -53,7 +59,7 @@ if __name__ == "__main__":
|
|||||||
)
|
)
|
||||||
|
|
||||||
parser.add_argument(
|
parser.add_argument(
|
||||||
"-b", "--no-banner", action="store_false", help="Hide Prowler Banner"
|
"-b", "--no-banner", action="store_false", help="Hide Prowler banner"
|
||||||
)
|
)
|
||||||
parser.add_argument(
|
parser.add_argument(
|
||||||
"-v", "--version", action="store_true", help="Show Prowler version"
|
"-v", "--version", action="store_true", help="Show Prowler version"
|
||||||
@@ -121,6 +127,7 @@ if __name__ == "__main__":
|
|||||||
services = args.services
|
services = args.services
|
||||||
groups = args.groups
|
groups = args.groups
|
||||||
checks_file = args.checks_file
|
checks_file = args.checks_file
|
||||||
|
severities = args.severity
|
||||||
|
|
||||||
# Set Logger configuration
|
# Set Logger configuration
|
||||||
set_logging_config(args.log_file, args.log_level)
|
set_logging_config(args.log_file, args.log_level)
|
||||||
@@ -155,7 +162,13 @@ if __name__ == "__main__":
|
|||||||
|
|
||||||
# Load checks to execute
|
# Load checks to execute
|
||||||
checks_to_execute = load_checks_to_execute(
|
checks_to_execute = load_checks_to_execute(
|
||||||
bulk_checks_metadata, checks_file, checks, services, groups, provider
|
bulk_checks_metadata,
|
||||||
|
checks_file,
|
||||||
|
checks,
|
||||||
|
services,
|
||||||
|
groups,
|
||||||
|
severities,
|
||||||
|
provider,
|
||||||
)
|
)
|
||||||
# Exclude checks if -e/--excluded-checks
|
# Exclude checks if -e/--excluded-checks
|
||||||
if excluded_checks:
|
if excluded_checks:
|
||||||
@@ -175,15 +188,7 @@ if __name__ == "__main__":
|
|||||||
|
|
||||||
# If -l/--list-checks passed as argument, print checks to execute and quit
|
# If -l/--list-checks passed as argument, print checks to execute and quit
|
||||||
if args.list_checks:
|
if args.list_checks:
|
||||||
for check in checks_to_execute:
|
print_checks(provider, checks_to_execute, bulk_checks_metadata)
|
||||||
try:
|
|
||||||
print(
|
|
||||||
f"[{bulk_checks_metadata[check].CheckID}] {bulk_checks_metadata[check].CheckTitle} - {Fore.MAGENTA}{bulk_checks_metadata[check].ServiceName} {Fore.YELLOW}[{bulk_checks_metadata[check].Severity}]{Style.RESET_ALL}"
|
|
||||||
)
|
|
||||||
except KeyError as error:
|
|
||||||
logger.error(
|
|
||||||
f"Check {error} was not found for the {provider.upper()} provider"
|
|
||||||
)
|
|
||||||
sys.exit()
|
sys.exit()
|
||||||
|
|
||||||
# Setting output options
|
# Setting output options
|
||||||
|
|||||||
Reference in New Issue
Block a user