mirror of
https://github.com/ghndrx/prowler.git
synced 2026-02-10 14:55:00 +00:00
test(audit_info): refactor route53 (#3141)
This commit is contained in:
Nacho Rivera
@@ -1,56 +1,23 @@
|
|||||||
from re import search
|
from re import search
|
||||||
from unittest import mock
|
from unittest import mock
|
||||||
|
|
||||||
from boto3 import client, resource, session
|
from boto3 import client, resource
|
||||||
from moto import mock_ec2, mock_route53
|
from moto import mock_ec2, mock_route53
|
||||||
from moto.core import DEFAULT_ACCOUNT_ID
|
|
||||||
|
|
||||||
from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
|
from tests.providers.aws.audit_info_utils import (
|
||||||
from prowler.providers.common.models import Audit_Metadata
|
AWS_REGION_US_EAST_1,
|
||||||
|
set_mocked_aws_audit_info,
|
||||||
AWS_REGION = "us-east-1"
|
)
|
||||||
|
|
||||||
|
|
||||||
class Test_route53_dangling_ip_subdomain_takeover:
|
class Test_route53_dangling_ip_subdomain_takeover:
|
||||||
# Mocked Audit Info
|
|
||||||
def set_mocked_audit_info(self):
|
|
||||||
audit_info = AWS_Audit_Info(
|
|
||||||
session_config=None,
|
|
||||||
original_session=None,
|
|
||||||
audit_session=session.Session(
|
|
||||||
profile_name=None,
|
|
||||||
botocore_session=None,
|
|
||||||
region_name=AWS_REGION,
|
|
||||||
),
|
|
||||||
audited_account=DEFAULT_ACCOUNT_ID,
|
|
||||||
audited_account_arn=f"arn:aws:iam::{DEFAULT_ACCOUNT_ID}:root",
|
|
||||||
audited_user_id=None,
|
|
||||||
audited_partition="aws",
|
|
||||||
audited_identity_arn=None,
|
|
||||||
profile=None,
|
|
||||||
profile_region=None,
|
|
||||||
credentials=None,
|
|
||||||
assumed_role_info=None,
|
|
||||||
audited_regions=[AWS_REGION],
|
|
||||||
organizations_metadata=None,
|
|
||||||
audit_resources=None,
|
|
||||||
mfa_enabled=False,
|
|
||||||
audit_metadata=Audit_Metadata(
|
|
||||||
services_scanned=0,
|
|
||||||
expected_checks=[],
|
|
||||||
completed_checks=0,
|
|
||||||
audit_progress=0,
|
|
||||||
),
|
|
||||||
)
|
|
||||||
return audit_info
|
|
||||||
|
|
||||||
@mock_ec2
|
@mock_ec2
|
||||||
@mock_route53
|
@mock_route53
|
||||||
def test_no_hosted_zones(self):
|
def test_no_hosted_zones(self):
|
||||||
from prowler.providers.aws.services.ec2.ec2_service import EC2
|
from prowler.providers.aws.services.ec2.ec2_service import EC2
|
||||||
from prowler.providers.aws.services.route53.route53_service import Route53
|
from prowler.providers.aws.services.route53.route53_service import Route53
|
||||||
|
|
||||||
audit_info = self.set_mocked_audit_info()
|
audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1])
|
||||||
|
|
||||||
with mock.patch(
|
with mock.patch(
|
||||||
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
|
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
|
||||||
@@ -77,7 +44,7 @@ class Test_route53_dangling_ip_subdomain_takeover:
|
|||||||
@mock_ec2
|
@mock_ec2
|
||||||
@mock_route53
|
@mock_route53
|
||||||
def test_hosted_zone_no_records(self):
|
def test_hosted_zone_no_records(self):
|
||||||
conn = client("route53", region_name=AWS_REGION)
|
conn = client("route53", region_name=AWS_REGION_US_EAST_1)
|
||||||
|
|
||||||
conn.create_hosted_zone(
|
conn.create_hosted_zone(
|
||||||
Name="testdns.aws.com.", CallerReference=str(hash("foo"))
|
Name="testdns.aws.com.", CallerReference=str(hash("foo"))
|
||||||
@@ -86,7 +53,7 @@ class Test_route53_dangling_ip_subdomain_takeover:
|
|||||||
from prowler.providers.aws.services.ec2.ec2_service import EC2
|
from prowler.providers.aws.services.ec2.ec2_service import EC2
|
||||||
from prowler.providers.aws.services.route53.route53_service import Route53
|
from prowler.providers.aws.services.route53.route53_service import Route53
|
||||||
|
|
||||||
audit_info = self.set_mocked_audit_info()
|
audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1])
|
||||||
|
|
||||||
with mock.patch(
|
with mock.patch(
|
||||||
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
|
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
|
||||||
@@ -113,7 +80,7 @@ class Test_route53_dangling_ip_subdomain_takeover:
|
|||||||
@mock_ec2
|
@mock_ec2
|
||||||
@mock_route53
|
@mock_route53
|
||||||
def test_hosted_zone_private_record(self):
|
def test_hosted_zone_private_record(self):
|
||||||
conn = client("route53", region_name=AWS_REGION)
|
conn = client("route53", region_name=AWS_REGION_US_EAST_1)
|
||||||
|
|
||||||
zone_id = conn.create_hosted_zone(
|
zone_id = conn.create_hosted_zone(
|
||||||
Name="testdns.aws.com.", CallerReference=str(hash("foo"))
|
Name="testdns.aws.com.", CallerReference=str(hash("foo"))
|
||||||
@@ -137,7 +104,7 @@ class Test_route53_dangling_ip_subdomain_takeover:
|
|||||||
from prowler.providers.aws.services.ec2.ec2_service import EC2
|
from prowler.providers.aws.services.ec2.ec2_service import EC2
|
||||||
from prowler.providers.aws.services.route53.route53_service import Route53
|
from prowler.providers.aws.services.route53.route53_service import Route53
|
||||||
|
|
||||||
audit_info = self.set_mocked_audit_info()
|
audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1])
|
||||||
|
|
||||||
with mock.patch(
|
with mock.patch(
|
||||||
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
|
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
|
||||||
@@ -177,7 +144,7 @@ class Test_route53_dangling_ip_subdomain_takeover:
|
|||||||
@mock_ec2
|
@mock_ec2
|
||||||
@mock_route53
|
@mock_route53
|
||||||
def test_hosted_zone_external_record(self):
|
def test_hosted_zone_external_record(self):
|
||||||
conn = client("route53", region_name=AWS_REGION)
|
conn = client("route53", region_name=AWS_REGION_US_EAST_1)
|
||||||
|
|
||||||
zone_id = conn.create_hosted_zone(
|
zone_id = conn.create_hosted_zone(
|
||||||
Name="testdns.aws.com.", CallerReference=str(hash("foo"))
|
Name="testdns.aws.com.", CallerReference=str(hash("foo"))
|
||||||
@@ -201,7 +168,7 @@ class Test_route53_dangling_ip_subdomain_takeover:
|
|||||||
from prowler.providers.aws.services.ec2.ec2_service import EC2
|
from prowler.providers.aws.services.ec2.ec2_service import EC2
|
||||||
from prowler.providers.aws.services.route53.route53_service import Route53
|
from prowler.providers.aws.services.route53.route53_service import Route53
|
||||||
|
|
||||||
audit_info = self.set_mocked_audit_info()
|
audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1])
|
||||||
|
|
||||||
with mock.patch(
|
with mock.patch(
|
||||||
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
|
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
|
||||||
@@ -241,7 +208,7 @@ class Test_route53_dangling_ip_subdomain_takeover:
|
|||||||
@mock_ec2
|
@mock_ec2
|
||||||
@mock_route53
|
@mock_route53
|
||||||
def test_hosted_zone_dangling_public_record(self):
|
def test_hosted_zone_dangling_public_record(self):
|
||||||
conn = client("route53", region_name=AWS_REGION)
|
conn = client("route53", region_name=AWS_REGION_US_EAST_1)
|
||||||
|
|
||||||
zone_id = conn.create_hosted_zone(
|
zone_id = conn.create_hosted_zone(
|
||||||
Name="testdns.aws.com.", CallerReference=str(hash("foo"))
|
Name="testdns.aws.com.", CallerReference=str(hash("foo"))
|
||||||
@@ -265,7 +232,7 @@ class Test_route53_dangling_ip_subdomain_takeover:
|
|||||||
from prowler.providers.aws.services.ec2.ec2_service import EC2
|
from prowler.providers.aws.services.ec2.ec2_service import EC2
|
||||||
from prowler.providers.aws.services.route53.route53_service import Route53
|
from prowler.providers.aws.services.route53.route53_service import Route53
|
||||||
|
|
||||||
audit_info = self.set_mocked_audit_info()
|
audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1])
|
||||||
|
|
||||||
with mock.patch(
|
with mock.patch(
|
||||||
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
|
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
|
||||||
@@ -305,8 +272,8 @@ class Test_route53_dangling_ip_subdomain_takeover:
|
|||||||
@mock_ec2
|
@mock_ec2
|
||||||
@mock_route53
|
@mock_route53
|
||||||
def test_hosted_zone_eip_record(self):
|
def test_hosted_zone_eip_record(self):
|
||||||
conn = client("route53", region_name=AWS_REGION)
|
conn = client("route53", region_name=AWS_REGION_US_EAST_1)
|
||||||
ec2 = client("ec2", region_name=AWS_REGION)
|
ec2 = client("ec2", region_name=AWS_REGION_US_EAST_1)
|
||||||
|
|
||||||
ec2.allocate_address(Domain="vpc", Address="17.5.7.3")
|
ec2.allocate_address(Domain="vpc", Address="17.5.7.3")
|
||||||
|
|
||||||
@@ -332,7 +299,7 @@ class Test_route53_dangling_ip_subdomain_takeover:
|
|||||||
from prowler.providers.aws.services.ec2.ec2_service import EC2
|
from prowler.providers.aws.services.ec2.ec2_service import EC2
|
||||||
from prowler.providers.aws.services.route53.route53_service import Route53
|
from prowler.providers.aws.services.route53.route53_service import Route53
|
||||||
|
|
||||||
audit_info = self.set_mocked_audit_info()
|
audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1])
|
||||||
|
|
||||||
with mock.patch(
|
with mock.patch(
|
||||||
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
|
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
|
||||||
@@ -372,9 +339,9 @@ class Test_route53_dangling_ip_subdomain_takeover:
|
|||||||
@mock_ec2
|
@mock_ec2
|
||||||
@mock_route53
|
@mock_route53
|
||||||
def test_hosted_zone_eni_record(self):
|
def test_hosted_zone_eni_record(self):
|
||||||
conn = client("route53", region_name=AWS_REGION)
|
conn = client("route53", region_name=AWS_REGION_US_EAST_1)
|
||||||
ec2 = resource("ec2", region_name=AWS_REGION)
|
ec2 = resource("ec2", region_name=AWS_REGION_US_EAST_1)
|
||||||
ec2_client = client("ec2", region_name=AWS_REGION)
|
ec2_client = client("ec2", region_name=AWS_REGION_US_EAST_1)
|
||||||
vpc = ec2.create_vpc(CidrBlock="10.0.0.0/16")
|
vpc = ec2.create_vpc(CidrBlock="10.0.0.0/16")
|
||||||
subnet = ec2.create_subnet(VpcId=vpc.id, CidrBlock="10.0.0.0/18")
|
subnet = ec2.create_subnet(VpcId=vpc.id, CidrBlock="10.0.0.0/18")
|
||||||
eni_id = ec2.create_network_interface(SubnetId=subnet.id).id
|
eni_id = ec2.create_network_interface(SubnetId=subnet.id).id
|
||||||
@@ -405,7 +372,7 @@ class Test_route53_dangling_ip_subdomain_takeover:
|
|||||||
from prowler.providers.aws.services.ec2.ec2_service import EC2
|
from prowler.providers.aws.services.ec2.ec2_service import EC2
|
||||||
from prowler.providers.aws.services.route53.route53_service import Route53
|
from prowler.providers.aws.services.route53.route53_service import Route53
|
||||||
|
|
||||||
audit_info = self.set_mocked_audit_info()
|
audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1])
|
||||||
|
|
||||||
with mock.patch(
|
with mock.patch(
|
||||||
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
|
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
|
||||||
|
|||||||
@@ -1,8 +1,7 @@
|
|||||||
from unittest import mock
|
from unittest import mock
|
||||||
|
|
||||||
from prowler.providers.aws.services.route53.route53_service import Domain
|
from prowler.providers.aws.services.route53.route53_service import Domain
|
||||||
|
from tests.providers.aws.audit_info_utils import AWS_REGION_US_EAST_1
|
||||||
AWS_REGION = "us-east-1"
|
|
||||||
|
|
||||||
|
|
||||||
class Test_route53_domains_privacy_protection_enabled:
|
class Test_route53_domains_privacy_protection_enabled:
|
||||||
@@ -29,7 +28,7 @@ class Test_route53_domains_privacy_protection_enabled:
|
|||||||
domain_name = "test-domain.com"
|
domain_name = "test-domain.com"
|
||||||
route53domains.domains = {
|
route53domains.domains = {
|
||||||
domain_name: Domain(
|
domain_name: Domain(
|
||||||
name=domain_name, region=AWS_REGION, admin_privacy=False
|
name=domain_name, region=AWS_REGION_US_EAST_1, admin_privacy=False
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -47,7 +46,7 @@ class Test_route53_domains_privacy_protection_enabled:
|
|||||||
|
|
||||||
assert len(result) == 1
|
assert len(result) == 1
|
||||||
assert result[0].resource_id == domain_name
|
assert result[0].resource_id == domain_name
|
||||||
assert result[0].region == AWS_REGION
|
assert result[0].region == AWS_REGION_US_EAST_1
|
||||||
assert result[0].status == "FAIL"
|
assert result[0].status == "FAIL"
|
||||||
assert (
|
assert (
|
||||||
result[0].status_extended
|
result[0].status_extended
|
||||||
@@ -58,7 +57,9 @@ class Test_route53_domains_privacy_protection_enabled:
|
|||||||
route53domains = mock.MagicMock
|
route53domains = mock.MagicMock
|
||||||
domain_name = "test-domain.com"
|
domain_name = "test-domain.com"
|
||||||
route53domains.domains = {
|
route53domains.domains = {
|
||||||
domain_name: Domain(name=domain_name, region=AWS_REGION, admin_privacy=True)
|
domain_name: Domain(
|
||||||
|
name=domain_name, region=AWS_REGION_US_EAST_1, admin_privacy=True
|
||||||
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
with mock.patch(
|
with mock.patch(
|
||||||
@@ -75,7 +76,7 @@ class Test_route53_domains_privacy_protection_enabled:
|
|||||||
|
|
||||||
assert len(result) == 1
|
assert len(result) == 1
|
||||||
assert result[0].resource_id == domain_name
|
assert result[0].resource_id == domain_name
|
||||||
assert result[0].region == AWS_REGION
|
assert result[0].region == AWS_REGION_US_EAST_1
|
||||||
assert result[0].status == "PASS"
|
assert result[0].status == "PASS"
|
||||||
assert (
|
assert (
|
||||||
result[0].status_extended
|
result[0].status_extended
|
||||||
|
|||||||
@@ -1,8 +1,7 @@
|
|||||||
from unittest import mock
|
from unittest import mock
|
||||||
|
|
||||||
from prowler.providers.aws.services.route53.route53_service import Domain
|
from prowler.providers.aws.services.route53.route53_service import Domain
|
||||||
|
from tests.providers.aws.audit_info_utils import AWS_REGION_US_EAST_1
|
||||||
AWS_REGION = "us-east-1"
|
|
||||||
|
|
||||||
|
|
||||||
class Test_route53_domains_transferlock_enabled:
|
class Test_route53_domains_transferlock_enabled:
|
||||||
@@ -30,7 +29,7 @@ class Test_route53_domains_transferlock_enabled:
|
|||||||
route53domains.domains = {
|
route53domains.domains = {
|
||||||
domain_name: Domain(
|
domain_name: Domain(
|
||||||
name=domain_name,
|
name=domain_name,
|
||||||
region=AWS_REGION,
|
region=AWS_REGION_US_EAST_1,
|
||||||
admin_privacy=False,
|
admin_privacy=False,
|
||||||
status_list=[""],
|
status_list=[""],
|
||||||
)
|
)
|
||||||
@@ -50,7 +49,7 @@ class Test_route53_domains_transferlock_enabled:
|
|||||||
|
|
||||||
assert len(result) == 1
|
assert len(result) == 1
|
||||||
assert result[0].resource_id == domain_name
|
assert result[0].resource_id == domain_name
|
||||||
assert result[0].region == AWS_REGION
|
assert result[0].region == AWS_REGION_US_EAST_1
|
||||||
assert result[0].status == "FAIL"
|
assert result[0].status == "FAIL"
|
||||||
assert (
|
assert (
|
||||||
result[0].status_extended
|
result[0].status_extended
|
||||||
@@ -63,7 +62,7 @@ class Test_route53_domains_transferlock_enabled:
|
|||||||
route53domains.domains = {
|
route53domains.domains = {
|
||||||
domain_name: Domain(
|
domain_name: Domain(
|
||||||
name=domain_name,
|
name=domain_name,
|
||||||
region=AWS_REGION,
|
region=AWS_REGION_US_EAST_1,
|
||||||
admin_privacy=False,
|
admin_privacy=False,
|
||||||
status_list=["clientTransferProhibited"],
|
status_list=["clientTransferProhibited"],
|
||||||
)
|
)
|
||||||
@@ -83,7 +82,7 @@ class Test_route53_domains_transferlock_enabled:
|
|||||||
|
|
||||||
assert len(result) == 1
|
assert len(result) == 1
|
||||||
assert result[0].resource_id == domain_name
|
assert result[0].resource_id == domain_name
|
||||||
assert result[0].region == AWS_REGION
|
assert result[0].region == AWS_REGION_US_EAST_1
|
||||||
assert result[0].status == "PASS"
|
assert result[0].status == "PASS"
|
||||||
assert (
|
assert (
|
||||||
result[0].status_extended
|
result[0].status_extended
|
||||||
|
|||||||
@@ -6,8 +6,7 @@ from prowler.providers.aws.services.route53.route53_service import (
|
|||||||
HostedZone,
|
HostedZone,
|
||||||
LoggingConfig,
|
LoggingConfig,
|
||||||
)
|
)
|
||||||
|
from tests.providers.aws.audit_info_utils import AWS_REGION_US_EAST_1
|
||||||
AWS_REGION = "us-east-1"
|
|
||||||
|
|
||||||
|
|
||||||
class Test_route53_public_hosted_zones_cloudwatch_logging_enabled:
|
class Test_route53_public_hosted_zones_cloudwatch_logging_enabled:
|
||||||
@@ -37,16 +36,14 @@ class Test_route53_public_hosted_zones_cloudwatch_logging_enabled:
|
|||||||
hosted_zone_name = "test-domain.com"
|
hosted_zone_name = "test-domain.com"
|
||||||
hosted_zone_id = "ABCDEF12345678"
|
hosted_zone_id = "ABCDEF12345678"
|
||||||
log_group_name = "test-log-group"
|
log_group_name = "test-log-group"
|
||||||
log_group_arn = (
|
log_group_arn = f"rn:aws:logs:{AWS_REGION_US_EAST_1}:{DEFAULT_ACCOUNT_ID}:log-group:{log_group_name}"
|
||||||
f"rn:aws:logs:{AWS_REGION}:{DEFAULT_ACCOUNT_ID}:log-group:{log_group_name}"
|
|
||||||
)
|
|
||||||
route53.hosted_zones = {
|
route53.hosted_zones = {
|
||||||
hosted_zone_name: HostedZone(
|
hosted_zone_name: HostedZone(
|
||||||
name=hosted_zone_name,
|
name=hosted_zone_name,
|
||||||
arn=f"arn:aws:route53:::{hosted_zone_id}",
|
arn=f"arn:aws:route53:::{hosted_zone_id}",
|
||||||
id=hosted_zone_id,
|
id=hosted_zone_id,
|
||||||
private_zone=False,
|
private_zone=False,
|
||||||
region=AWS_REGION,
|
region=AWS_REGION_US_EAST_1,
|
||||||
logging_config=LoggingConfig(cloudwatch_log_group_arn=log_group_arn),
|
logging_config=LoggingConfig(cloudwatch_log_group_arn=log_group_arn),
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
@@ -68,7 +65,7 @@ class Test_route53_public_hosted_zones_cloudwatch_logging_enabled:
|
|||||||
|
|
||||||
assert len(result) == 1
|
assert len(result) == 1
|
||||||
assert result[0].resource_id == hosted_zone_id
|
assert result[0].resource_id == hosted_zone_id
|
||||||
assert result[0].region == AWS_REGION
|
assert result[0].region == AWS_REGION_US_EAST_1
|
||||||
assert result[0].status == "PASS"
|
assert result[0].status == "PASS"
|
||||||
assert (
|
assert (
|
||||||
result[0].status_extended
|
result[0].status_extended
|
||||||
@@ -85,7 +82,7 @@ class Test_route53_public_hosted_zones_cloudwatch_logging_enabled:
|
|||||||
arn=f"arn:aws:route53:::{hosted_zone_id}",
|
arn=f"arn:aws:route53:::{hosted_zone_id}",
|
||||||
id=hosted_zone_id,
|
id=hosted_zone_id,
|
||||||
private_zone=False,
|
private_zone=False,
|
||||||
region=AWS_REGION,
|
region=AWS_REGION_US_EAST_1,
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -106,7 +103,7 @@ class Test_route53_public_hosted_zones_cloudwatch_logging_enabled:
|
|||||||
|
|
||||||
assert len(result) == 1
|
assert len(result) == 1
|
||||||
assert result[0].resource_id == hosted_zone_id
|
assert result[0].resource_id == hosted_zone_id
|
||||||
assert result[0].region == AWS_REGION
|
assert result[0].region == AWS_REGION_US_EAST_1
|
||||||
assert result[0].status == "FAIL"
|
assert result[0].status == "FAIL"
|
||||||
assert (
|
assert (
|
||||||
result[0].status_extended
|
result[0].status_extended
|
||||||
@@ -123,7 +120,7 @@ class Test_route53_public_hosted_zones_cloudwatch_logging_enabled:
|
|||||||
arn=f"arn:aws:route53:::{hosted_zone_id}",
|
arn=f"arn:aws:route53:::{hosted_zone_id}",
|
||||||
id=hosted_zone_id,
|
id=hosted_zone_id,
|
||||||
private_zone=True,
|
private_zone=True,
|
||||||
region=AWS_REGION,
|
region=AWS_REGION_US_EAST_1,
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -1,15 +1,14 @@
|
|||||||
from unittest.mock import patch
|
from unittest.mock import patch
|
||||||
|
|
||||||
import botocore
|
import botocore
|
||||||
from boto3 import client, session
|
from boto3 import client
|
||||||
from moto import mock_logs, mock_route53
|
from moto import mock_logs, mock_route53
|
||||||
|
|
||||||
from prowler.providers.aws.lib.audit_info.audit_info import AWS_Audit_Info
|
|
||||||
from prowler.providers.aws.services.route53.route53_service import Route53
|
from prowler.providers.aws.services.route53.route53_service import Route53
|
||||||
from prowler.providers.common.models import Audit_Metadata
|
from tests.providers.aws.audit_info_utils import (
|
||||||
|
AWS_REGION_US_EAST_1,
|
||||||
# Mock Test Region
|
set_mocked_aws_audit_info,
|
||||||
AWS_REGION = "us-east-1"
|
)
|
||||||
|
|
||||||
# Mocking Access Analyzer Calls
|
# Mocking Access Analyzer Calls
|
||||||
make_api_call = botocore.client.BaseClient._make_api_call
|
make_api_call = botocore.client.BaseClient._make_api_call
|
||||||
@@ -35,60 +34,30 @@ def mock_make_api_call(self, operation_name, kwarg):
|
|||||||
# Patch every AWS call using Boto3 and generate_regional_clients to have 1 client
|
# Patch every AWS call using Boto3 and generate_regional_clients to have 1 client
|
||||||
@patch("botocore.client.BaseClient._make_api_call", new=mock_make_api_call)
|
@patch("botocore.client.BaseClient._make_api_call", new=mock_make_api_call)
|
||||||
class Test_Route53_Service:
|
class Test_Route53_Service:
|
||||||
# Mocked Audit Info
|
|
||||||
def set_mocked_audit_info(self):
|
|
||||||
audit_info = AWS_Audit_Info(
|
|
||||||
session_config=None,
|
|
||||||
original_session=None,
|
|
||||||
audit_session=session.Session(
|
|
||||||
profile_name=None,
|
|
||||||
botocore_session=None,
|
|
||||||
),
|
|
||||||
audited_account=None,
|
|
||||||
audited_account_arn=None,
|
|
||||||
audited_user_id=None,
|
|
||||||
audited_partition="aws",
|
|
||||||
audited_identity_arn=None,
|
|
||||||
profile=None,
|
|
||||||
profile_region=AWS_REGION,
|
|
||||||
credentials=None,
|
|
||||||
assumed_role_info=None,
|
|
||||||
audited_regions=None,
|
|
||||||
organizations_metadata=None,
|
|
||||||
audit_resources=None,
|
|
||||||
mfa_enabled=False,
|
|
||||||
audit_metadata=Audit_Metadata(
|
|
||||||
services_scanned=0,
|
|
||||||
expected_checks=[],
|
|
||||||
completed_checks=0,
|
|
||||||
audit_progress=0,
|
|
||||||
),
|
|
||||||
)
|
|
||||||
return audit_info
|
|
||||||
|
|
||||||
# Test Route53 Client
|
# Test Route53 Client
|
||||||
@mock_route53
|
@mock_route53
|
||||||
def test__get_client__(self):
|
def test__get_client__(self):
|
||||||
route53 = Route53(self.set_mocked_audit_info())
|
route53 = Route53(set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]))
|
||||||
assert route53.client.__class__.__name__ == "Route53"
|
assert route53.client.__class__.__name__ == "Route53"
|
||||||
|
|
||||||
# Test Route53 Session
|
# Test Route53 Session
|
||||||
@mock_route53
|
@mock_route53
|
||||||
def test__get_session__(self):
|
def test__get_session__(self):
|
||||||
route53 = Route53(self.set_mocked_audit_info())
|
route53 = Route53(set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]))
|
||||||
assert route53.session.__class__.__name__ == "Session"
|
assert route53.session.__class__.__name__ == "Session"
|
||||||
|
|
||||||
# Test Route53 Service
|
# Test Route53 Service
|
||||||
@mock_route53
|
@mock_route53
|
||||||
def test__get_service__(self):
|
def test__get_service__(self):
|
||||||
route53 = Route53(self.set_mocked_audit_info())
|
route53 = Route53(set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]))
|
||||||
assert route53.service == "route53"
|
assert route53.service == "route53"
|
||||||
|
|
||||||
@mock_route53
|
@mock_route53
|
||||||
@mock_logs
|
@mock_logs
|
||||||
def test__list_hosted_zones__private_with_logging(self):
|
def test__list_hosted_zones__private_with_logging(self):
|
||||||
# Create Hosted Zone
|
# Create Hosted Zone
|
||||||
r53_client = client("route53", region_name=AWS_REGION)
|
r53_client = client("route53", region_name=AWS_REGION_US_EAST_1)
|
||||||
hosted_zone_name = "testdns.aws.com."
|
hosted_zone_name = "testdns.aws.com."
|
||||||
response = r53_client.create_hosted_zone(
|
response = r53_client.create_hosted_zone(
|
||||||
Name=hosted_zone_name,
|
Name=hosted_zone_name,
|
||||||
@@ -98,7 +67,7 @@ class Test_Route53_Service:
|
|||||||
hosted_zone_id = response["HostedZone"]["Id"].replace("/hostedzone/", "")
|
hosted_zone_id = response["HostedZone"]["Id"].replace("/hostedzone/", "")
|
||||||
hosted_zone_name = response["HostedZone"]["Name"]
|
hosted_zone_name = response["HostedZone"]["Name"]
|
||||||
# CloudWatch Client
|
# CloudWatch Client
|
||||||
logs_client = client("logs", region_name=AWS_REGION)
|
logs_client = client("logs", region_name=AWS_REGION_US_EAST_1)
|
||||||
log_group_name = "test-log-group"
|
log_group_name = "test-log-group"
|
||||||
_ = logs_client.create_log_group(logGroupName=log_group_name)
|
_ = logs_client.create_log_group(logGroupName=log_group_name)
|
||||||
log_group_arn = logs_client.describe_log_groups()["logGroups"][0]["arn"]
|
log_group_arn = logs_client.describe_log_groups()["logGroups"][0]["arn"]
|
||||||
@@ -109,7 +78,7 @@ class Test_Route53_Service:
|
|||||||
)
|
)
|
||||||
|
|
||||||
# Set partition for the service
|
# Set partition for the service
|
||||||
route53 = Route53(self.set_mocked_audit_info())
|
route53 = Route53(set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]))
|
||||||
assert len(route53.hosted_zones) == 1
|
assert len(route53.hosted_zones) == 1
|
||||||
assert route53.hosted_zones[hosted_zone_id]
|
assert route53.hosted_zones[hosted_zone_id]
|
||||||
assert route53.hosted_zones[hosted_zone_id].id == hosted_zone_id
|
assert route53.hosted_zones[hosted_zone_id].id == hosted_zone_id
|
||||||
@@ -124,7 +93,7 @@ class Test_Route53_Service:
|
|||||||
route53.hosted_zones[hosted_zone_id].logging_config.cloudwatch_log_group_arn
|
route53.hosted_zones[hosted_zone_id].logging_config.cloudwatch_log_group_arn
|
||||||
== log_group_arn
|
== log_group_arn
|
||||||
)
|
)
|
||||||
assert route53.hosted_zones[hosted_zone_id].region == AWS_REGION
|
assert route53.hosted_zones[hosted_zone_id].region == AWS_REGION_US_EAST_1
|
||||||
assert route53.hosted_zones[hosted_zone_id].tags == [
|
assert route53.hosted_zones[hosted_zone_id].tags == [
|
||||||
{"Key": "test", "Value": "test"},
|
{"Key": "test", "Value": "test"},
|
||||||
]
|
]
|
||||||
@@ -133,7 +102,7 @@ class Test_Route53_Service:
|
|||||||
@mock_logs
|
@mock_logs
|
||||||
def test__list_hosted_zones__public_with_logging(self):
|
def test__list_hosted_zones__public_with_logging(self):
|
||||||
# Create Hosted Zone
|
# Create Hosted Zone
|
||||||
r53_client = client("route53", region_name=AWS_REGION)
|
r53_client = client("route53", region_name=AWS_REGION_US_EAST_1)
|
||||||
hosted_zone_name = "testdns.aws.com."
|
hosted_zone_name = "testdns.aws.com."
|
||||||
response = r53_client.create_hosted_zone(
|
response = r53_client.create_hosted_zone(
|
||||||
Name=hosted_zone_name,
|
Name=hosted_zone_name,
|
||||||
@@ -143,7 +112,7 @@ class Test_Route53_Service:
|
|||||||
hosted_zone_id = response["HostedZone"]["Id"].replace("/hostedzone/", "")
|
hosted_zone_id = response["HostedZone"]["Id"].replace("/hostedzone/", "")
|
||||||
hosted_zone_name = response["HostedZone"]["Name"]
|
hosted_zone_name = response["HostedZone"]["Name"]
|
||||||
# CloudWatch Client
|
# CloudWatch Client
|
||||||
logs_client = client("logs", region_name=AWS_REGION)
|
logs_client = client("logs", region_name=AWS_REGION_US_EAST_1)
|
||||||
log_group_name = "test-log-group"
|
log_group_name = "test-log-group"
|
||||||
_ = logs_client.create_log_group(logGroupName=log_group_name)
|
_ = logs_client.create_log_group(logGroupName=log_group_name)
|
||||||
log_group_arn = logs_client.describe_log_groups()["logGroups"][0]["arn"]
|
log_group_arn = logs_client.describe_log_groups()["logGroups"][0]["arn"]
|
||||||
@@ -154,7 +123,7 @@ class Test_Route53_Service:
|
|||||||
)
|
)
|
||||||
|
|
||||||
# Set partition for the service
|
# Set partition for the service
|
||||||
route53 = Route53(self.set_mocked_audit_info())
|
route53 = Route53(set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]))
|
||||||
assert len(route53.hosted_zones) == 1
|
assert len(route53.hosted_zones) == 1
|
||||||
assert route53.hosted_zones[hosted_zone_id]
|
assert route53.hosted_zones[hosted_zone_id]
|
||||||
assert route53.hosted_zones[hosted_zone_id].id == hosted_zone_id
|
assert route53.hosted_zones[hosted_zone_id].id == hosted_zone_id
|
||||||
@@ -169,13 +138,13 @@ class Test_Route53_Service:
|
|||||||
route53.hosted_zones[hosted_zone_id].logging_config.cloudwatch_log_group_arn
|
route53.hosted_zones[hosted_zone_id].logging_config.cloudwatch_log_group_arn
|
||||||
== log_group_arn
|
== log_group_arn
|
||||||
)
|
)
|
||||||
assert route53.hosted_zones[hosted_zone_id].region == AWS_REGION
|
assert route53.hosted_zones[hosted_zone_id].region == AWS_REGION_US_EAST_1
|
||||||
|
|
||||||
@mock_route53
|
@mock_route53
|
||||||
@mock_logs
|
@mock_logs
|
||||||
def test__list_hosted_zones__private_without_logging(self):
|
def test__list_hosted_zones__private_without_logging(self):
|
||||||
# Create Hosted Zone
|
# Create Hosted Zone
|
||||||
r53_client = client("route53", region_name=AWS_REGION)
|
r53_client = client("route53", region_name=AWS_REGION_US_EAST_1)
|
||||||
hosted_zone_name = "testdns.aws.com."
|
hosted_zone_name = "testdns.aws.com."
|
||||||
response = r53_client.create_hosted_zone(
|
response = r53_client.create_hosted_zone(
|
||||||
Name=hosted_zone_name,
|
Name=hosted_zone_name,
|
||||||
@@ -186,7 +155,7 @@ class Test_Route53_Service:
|
|||||||
hosted_zone_name = response["HostedZone"]["Name"]
|
hosted_zone_name = response["HostedZone"]["Name"]
|
||||||
|
|
||||||
# Set partition for the service
|
# Set partition for the service
|
||||||
route53 = Route53(self.set_mocked_audit_info())
|
route53 = Route53(set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]))
|
||||||
assert len(route53.hosted_zones) == 1
|
assert len(route53.hosted_zones) == 1
|
||||||
assert route53.hosted_zones[hosted_zone_id]
|
assert route53.hosted_zones[hosted_zone_id]
|
||||||
assert route53.hosted_zones[hosted_zone_id].id == hosted_zone_id
|
assert route53.hosted_zones[hosted_zone_id].id == hosted_zone_id
|
||||||
@@ -197,13 +166,13 @@ class Test_Route53_Service:
|
|||||||
assert route53.hosted_zones[hosted_zone_id].name == hosted_zone_name
|
assert route53.hosted_zones[hosted_zone_id].name == hosted_zone_name
|
||||||
assert route53.hosted_zones[hosted_zone_id].private_zone
|
assert route53.hosted_zones[hosted_zone_id].private_zone
|
||||||
assert not route53.hosted_zones[hosted_zone_id].logging_config
|
assert not route53.hosted_zones[hosted_zone_id].logging_config
|
||||||
assert route53.hosted_zones[hosted_zone_id].region == AWS_REGION
|
assert route53.hosted_zones[hosted_zone_id].region == AWS_REGION_US_EAST_1
|
||||||
|
|
||||||
@mock_route53
|
@mock_route53
|
||||||
@mock_logs
|
@mock_logs
|
||||||
def test__list_hosted_zones__public_without_logging(self):
|
def test__list_hosted_zones__public_without_logging(self):
|
||||||
# Create Hosted Zone
|
# Create Hosted Zone
|
||||||
r53_client = client("route53", region_name=AWS_REGION)
|
r53_client = client("route53", region_name=AWS_REGION_US_EAST_1)
|
||||||
hosted_zone_name = "testdns.aws.com."
|
hosted_zone_name = "testdns.aws.com."
|
||||||
response = r53_client.create_hosted_zone(
|
response = r53_client.create_hosted_zone(
|
||||||
Name=hosted_zone_name,
|
Name=hosted_zone_name,
|
||||||
@@ -214,7 +183,7 @@ class Test_Route53_Service:
|
|||||||
hosted_zone_name = response["HostedZone"]["Name"]
|
hosted_zone_name = response["HostedZone"]["Name"]
|
||||||
|
|
||||||
# Set partition for the service
|
# Set partition for the service
|
||||||
route53 = Route53(self.set_mocked_audit_info())
|
route53 = Route53(set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]))
|
||||||
assert len(route53.hosted_zones) == 1
|
assert len(route53.hosted_zones) == 1
|
||||||
assert route53.hosted_zones[hosted_zone_id]
|
assert route53.hosted_zones[hosted_zone_id]
|
||||||
assert route53.hosted_zones[hosted_zone_id].id == hosted_zone_id
|
assert route53.hosted_zones[hosted_zone_id].id == hosted_zone_id
|
||||||
@@ -226,12 +195,12 @@ class Test_Route53_Service:
|
|||||||
assert not route53.hosted_zones[hosted_zone_id].private_zone
|
assert not route53.hosted_zones[hosted_zone_id].private_zone
|
||||||
assert not route53.hosted_zones[hosted_zone_id].logging_config
|
assert not route53.hosted_zones[hosted_zone_id].logging_config
|
||||||
|
|
||||||
assert route53.hosted_zones[hosted_zone_id].region == AWS_REGION
|
assert route53.hosted_zones[hosted_zone_id].region == AWS_REGION_US_EAST_1
|
||||||
|
|
||||||
@mock_route53
|
@mock_route53
|
||||||
def test__list_resource_record_sets__(self):
|
def test__list_resource_record_sets__(self):
|
||||||
# Create Hosted Zone
|
# Create Hosted Zone
|
||||||
r53_client = client("route53", region_name=AWS_REGION)
|
r53_client = client("route53", region_name=AWS_REGION_US_EAST_1)
|
||||||
zone = r53_client.create_hosted_zone(
|
zone = r53_client.create_hosted_zone(
|
||||||
Name="testdns.aws.com", CallerReference=str(hash("foo"))
|
Name="testdns.aws.com", CallerReference=str(hash("foo"))
|
||||||
)
|
)
|
||||||
@@ -254,7 +223,7 @@ class Test_Route53_Service:
|
|||||||
)
|
)
|
||||||
|
|
||||||
# Set partition for the service
|
# Set partition for the service
|
||||||
route53 = Route53(self.set_mocked_audit_info())
|
route53 = Route53(set_mocked_aws_audit_info([AWS_REGION_US_EAST_1]))
|
||||||
assert (
|
assert (
|
||||||
len(route53.record_sets) == 3
|
len(route53.record_sets) == 3
|
||||||
) # Default NS and SOA records plus the A record just created
|
) # Default NS and SOA records plus the A record just created
|
||||||
@@ -265,4 +234,4 @@ class Test_Route53_Service:
|
|||||||
assert not set.is_alias
|
assert not set.is_alias
|
||||||
assert set.records == ["1.2.3.4"]
|
assert set.records == ["1.2.3.4"]
|
||||||
assert set.hosted_zone_id == zone_id.replace("/hostedzone/", "")
|
assert set.hosted_zone_id == zone_id.replace("/hostedzone/", "")
|
||||||
assert set.region == AWS_REGION
|
assert set.region == AWS_REGION_US_EAST_1
|
||||||
|
|||||||
@@ -2,14 +2,12 @@ from datetime import datetime
|
|||||||
from unittest.mock import patch
|
from unittest.mock import patch
|
||||||
|
|
||||||
import botocore
|
import botocore
|
||||||
from boto3 import session
|
|
||||||
|
|
||||||
from prowler.providers.aws.lib.audit_info.audit_info import AWS_Audit_Info
|
|
||||||
from prowler.providers.aws.services.route53.route53_service import Route53Domains
|
from prowler.providers.aws.services.route53.route53_service import Route53Domains
|
||||||
from prowler.providers.common.models import Audit_Metadata
|
from tests.providers.aws.audit_info_utils import (
|
||||||
|
AWS_REGION_US_EAST_1,
|
||||||
# Mock Test Region
|
set_mocked_aws_audit_info,
|
||||||
AWS_REGION = "us-east-1"
|
)
|
||||||
|
|
||||||
# Mocking Access Analyzer Calls
|
# Mocking Access Analyzer Calls
|
||||||
make_api_call = botocore.client.BaseClient._make_api_call
|
make_api_call = botocore.client.BaseClient._make_api_call
|
||||||
@@ -71,60 +69,38 @@ def mock_make_api_call(self, operation_name, kwarg):
|
|||||||
# Patch every AWS call using Boto3 and generate_regional_clients to have 1 client
|
# Patch every AWS call using Boto3 and generate_regional_clients to have 1 client
|
||||||
@patch("botocore.client.BaseClient._make_api_call", new=mock_make_api_call)
|
@patch("botocore.client.BaseClient._make_api_call", new=mock_make_api_call)
|
||||||
class Test_Route53_Service:
|
class Test_Route53_Service:
|
||||||
# Mocked Audit Info
|
|
||||||
def set_mocked_audit_info(self):
|
|
||||||
audit_info = AWS_Audit_Info(
|
|
||||||
session_config=None,
|
|
||||||
original_session=None,
|
|
||||||
audit_session=session.Session(
|
|
||||||
profile_name=None,
|
|
||||||
botocore_session=None,
|
|
||||||
),
|
|
||||||
audited_account=None,
|
|
||||||
audited_account_arn=None,
|
|
||||||
audited_user_id=None,
|
|
||||||
audited_partition="aws",
|
|
||||||
audited_identity_arn=None,
|
|
||||||
profile=None,
|
|
||||||
profile_region=AWS_REGION,
|
|
||||||
credentials=None,
|
|
||||||
assumed_role_info=None,
|
|
||||||
audited_regions=None,
|
|
||||||
organizations_metadata=None,
|
|
||||||
audit_resources=None,
|
|
||||||
mfa_enabled=False,
|
|
||||||
audit_metadata=Audit_Metadata(
|
|
||||||
services_scanned=0,
|
|
||||||
expected_checks=[],
|
|
||||||
completed_checks=0,
|
|
||||||
audit_progress=0,
|
|
||||||
),
|
|
||||||
)
|
|
||||||
return audit_info
|
|
||||||
|
|
||||||
# Test Route53Domains Client
|
# Test Route53Domains Client
|
||||||
def test__get_client__(self):
|
def test__get_client__(self):
|
||||||
route53domains = Route53Domains(self.set_mocked_audit_info())
|
route53domains = Route53Domains(
|
||||||
|
set_mocked_aws_audit_info([AWS_REGION_US_EAST_1])
|
||||||
|
)
|
||||||
assert route53domains.client.__class__.__name__ == "Route53Domains"
|
assert route53domains.client.__class__.__name__ == "Route53Domains"
|
||||||
|
|
||||||
# Test Route53Domains Session
|
# Test Route53Domains Session
|
||||||
def test__get_session__(self):
|
def test__get_session__(self):
|
||||||
route53domains = Route53Domains(self.set_mocked_audit_info())
|
route53domains = Route53Domains(
|
||||||
|
set_mocked_aws_audit_info([AWS_REGION_US_EAST_1])
|
||||||
|
)
|
||||||
assert route53domains.session.__class__.__name__ == "Session"
|
assert route53domains.session.__class__.__name__ == "Session"
|
||||||
|
|
||||||
# Test Route53Domains Service
|
# Test Route53Domains Service
|
||||||
def test__get_service__(self):
|
def test__get_service__(self):
|
||||||
route53domains = Route53Domains(self.set_mocked_audit_info())
|
route53domains = Route53Domains(
|
||||||
|
set_mocked_aws_audit_info([AWS_REGION_US_EAST_1])
|
||||||
|
)
|
||||||
assert route53domains.service == "route53domains"
|
assert route53domains.service == "route53domains"
|
||||||
|
|
||||||
def test__list_domains__(self):
|
def test__list_domains__(self):
|
||||||
route53domains = Route53Domains(self.set_mocked_audit_info())
|
route53domains = Route53Domains(
|
||||||
|
set_mocked_aws_audit_info([AWS_REGION_US_EAST_1])
|
||||||
|
)
|
||||||
domain_name = "test.domain.com"
|
domain_name = "test.domain.com"
|
||||||
assert len(route53domains.domains)
|
assert len(route53domains.domains)
|
||||||
assert route53domains.domains
|
assert route53domains.domains
|
||||||
assert route53domains.domains[domain_name]
|
assert route53domains.domains[domain_name]
|
||||||
assert route53domains.domains[domain_name].name == domain_name
|
assert route53domains.domains[domain_name].name == domain_name
|
||||||
assert route53domains.domains[domain_name].region == AWS_REGION
|
assert route53domains.domains[domain_name].region == AWS_REGION_US_EAST_1
|
||||||
assert route53domains.domains[domain_name].admin_privacy
|
assert route53domains.domains[domain_name].admin_privacy
|
||||||
assert route53domains.domains[domain_name].status_list
|
assert route53domains.domains[domain_name].status_list
|
||||||
assert len(route53domains.domains[domain_name].status_list) == 1
|
assert len(route53domains.domains[domain_name].status_list) == 1
|
||||||
|
|||||||
Reference in New Issue
Block a user