fix(list_checks): arn filtering checks after audit_info set (#1887)

2026-02-10 06:45:08 +00:00 · 2023-02-13 14:57:42 +01:00
parent 674332fddd
commit 6da45b5c2b
4 changed files with 102 additions and 34 deletions
--- a/tests/lib/check/check_test.py
+++ b/tests/lib/check/check_test.py
@@ -8,10 +8,12 @@ from mock import patch
 from prowler.lib.check.check import (
    exclude_checks_to_run,
    exclude_services_to_run,
+    get_checks_from_input_arn,
    list_modules,
    list_services,
    parse_checks_from_file,
    recover_checks_from_provider,
+    recover_checks_from_service,
    update_audit_metadata,
 )
 from prowler.lib.check.models import load_check_metadata
@@ -104,6 +106,23 @@ def mock_recover_checks_from_aws_provider(*_):
    ]


+def mock_recover_checks_from_aws_provider_lambda_service(*_):
+    return [
+        (
+            "awslambda_function_invoke_api_operations_cloudtrail_logging_enabled",
+            "/root_dir/fake_path/awslambda/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled",
+        ),
+        (
+            "awslambda_function_url_cors_policy",
+            "/root_dir/fake_path/awslambda/awslambda_function_url_cors_policy",
+        ),
+        (
+            "awslambda_function_no_secrets_in_code",
+            "/root_dir/fake_path/awslambda/awslambda_function_no_secrets_in_code",
+        ),
+    ]
+
+
 class Test_Check:
    def test_load_check_metadata(self):
        test_cases = [
@@ -247,6 +266,36 @@ class Test_Check:
        expected_modules = list_modules(provider, service)
        assert expected_modules == expected_packages

+    @patch(
+        "prowler.lib.check.check.recover_checks_from_provider",
+        new=mock_recover_checks_from_aws_provider,
+    )
+    def test_recover_checks_from_service(self):
+        service_list = ["accessanalyzer", "awslambda", "ec2"]
+        provider = "aws"
+        expected_checks = {
+            "accessanalyzer_enabled_without_findings",
+            "awslambda_function_url_cors_policy",
+            "ec2_securitygroup_allow_ingress_from_internet_to_any_port",
+        }
+        recovered_checks = recover_checks_from_service(service_list, provider)
+        assert recovered_checks == expected_checks
+
+    @patch(
+        "prowler.lib.check.check.recover_checks_from_provider",
+        new=mock_recover_checks_from_aws_provider_lambda_service,
+    )
+    def test_get_checks_from_input_arn(self):
+        audit_resources = ["arn:aws:lambda:us-east-1:123456789:function:test-lambda"]
+        provider = "aws"
+        expected_checks = {
+            "awslambda_function_url_cors_policy",
+            "awslambda_function_invoke_api_operations_cloudtrail_logging_enabled",
+            "awslambda_function_no_secrets_in_code",
+        }
+        recovered_checks = get_checks_from_input_arn(audit_resources, provider)
+        assert recovered_checks == expected_checks
+
    # def test_parse_checks_from_compliance_framework_two(self):
    #     test_case = {
    #         "input": {"compliance_frameworks": ["cis_v1.4_aws", "ens_v3_aws"]},