feat(): add ECS task revision number (#1657)

Co-authored-by: sergargar <sergio@verica.io>

prowler/providers/aws/services/ecs/ecs_service.py

@@ -41,6 +41,7 @@ class ECS:
                             # we want the family name without the revision
                             name=sub(":.*", "", task_definition.split("/")[1]),
                             arn=task_definition,
+                            revision=task_definition.split(":")[-1],
                             region=regional_client.region,
                             environment_variables=[],
                         )
@@ -80,5 +81,6 @@ class ContainerEnvVariable(BaseModel):
 class TaskDefinition(BaseModel):
     name: str
     arn: str
+    revision: str
     region: str
     environment_variables: list[ContainerEnvVariable]

prowler/providers/aws/services/ecs/ecs_task_definitions_no_environment_secrets/ecs_task_definitions_no_environment_secrets.py

@@ -18,7 +18,7 @@ class ecs_task_definitions_no_environment_secrets(Check):
             report.resource_id = task_definition.name
             report.resource_arn = task_definition.arn
             report.status = "PASS"
-            report.status_extended = f"No secrets found in ECS task definition {task_definition.name} variables"
+            report.status_extended = f"No secrets found in variables of ECS task definition {task_definition.name} revision {task_definition.revision}"
             if task_definition.environment_variables:
                 for env_var in task_definition.environment_variables:
                     dump_env_vars = {}
@@ -36,7 +36,7 @@ class ecs_task_definitions_no_environment_secrets(Check):
 
                 if secrets.json():
                     report.status = "FAIL"
-                    report.status_extended = f"Potential secret found in ECS in ECS task definition {task_definition.name} variables"
+                    report.status_extended = f"Potential secret found in variables of ECS task definition {task_definition.name} revision {task_definition.revision}"
 
                 os.remove(temp_env_data_file.name)
 

tests/providers/aws/services/ecs/ecs_task_definitions_no_environment_secrets/ecs_task_definitions_no_environment_secrets_test.py

@@ -39,6 +39,7 @@ class Test_ecs_task_definitions_no_environment_secrets:
             TaskDefinition(
                 name=task_name,
                 arn=f"arn:aws:ecs:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:task-definition/{task_name}:1",
+                revision="1",
                 region=AWS_REGION,
                 environment_variables=[
                     ContainerEnvVariable(
@@ -61,7 +62,8 @@ class Test_ecs_task_definitions_no_environment_secrets:
             assert len(result) == 1
             assert result[0].status == "PASS"
             assert search(
-                "No secrets found in ECS task definition", result[0].status_extended
+                "No secrets found in variables of ECS task definition",
+                result[0].status_extended,
             )
             assert result[0].resource_id == task_name
             assert (
@@ -76,6 +78,7 @@ class Test_ecs_task_definitions_no_environment_secrets:
             TaskDefinition(
                 name=task_name,
                 arn=f"arn:aws:ecs:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:task-definition/{task_name}:1",
+                revision="1",
                 region=AWS_REGION,
                 environment_variables=[
                     ContainerEnvVariable(
@@ -98,7 +101,7 @@ class Test_ecs_task_definitions_no_environment_secrets:
             assert len(result) == 1
             assert result[0].status == "FAIL"
             assert search(
-                "Potential secret found in ECS in ECS task definition",
+                "Potential secret found in variables of ECS task definition",
                 result[0].status_extended,
             )
             assert result[0].resource_id == task_name