From 76a694d043ea99937fef7321abc434b01b941cf3 Mon Sep 17 00:00:00 2001
From: Fennerr <41741346+Fennerr@users.noreply.github.com>
Date: Thu, 5 Jan 2023 14:36:32 +0200
Subject: [PATCH] feat(): add ECS task revision number (#1657)

Co-authored-by: sergargar <sergio@verica.io>
---
 prowler/providers/aws/services/ecs/ecs_service.py          | 2 ++
 .../ecs_task_definitions_no_environment_secrets.py         | 4 ++--
 .../ecs_task_definitions_no_environment_secrets_test.py    | 7 +++++--
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/prowler/providers/aws/services/ecs/ecs_service.py b/prowler/providers/aws/services/ecs/ecs_service.py
index d017e933..c85794cc 100644
--- a/prowler/providers/aws/services/ecs/ecs_service.py
+++ b/prowler/providers/aws/services/ecs/ecs_service.py
@@ -41,6 +41,7 @@ class ECS:
                             # we want the family name without the revision
                             name=sub(":.*", "", task_definition.split("/")[1]),
                             arn=task_definition,
+                            revision=task_definition.split(":")[-1],
                             region=regional_client.region,
                             environment_variables=[],
                         )
@@ -80,5 +81,6 @@ class ContainerEnvVariable(BaseModel):
 class TaskDefinition(BaseModel):
     name: str
     arn: str
+    revision: str
     region: str
     environment_variables: list[ContainerEnvVariable]
diff --git a/prowler/providers/aws/services/ecs/ecs_task_definitions_no_environment_secrets/ecs_task_definitions_no_environment_secrets.py b/prowler/providers/aws/services/ecs/ecs_task_definitions_no_environment_secrets/ecs_task_definitions_no_environment_secrets.py
index d6d0f891..308efd29 100644
--- a/prowler/providers/aws/services/ecs/ecs_task_definitions_no_environment_secrets/ecs_task_definitions_no_environment_secrets.py
+++ b/prowler/providers/aws/services/ecs/ecs_task_definitions_no_environment_secrets/ecs_task_definitions_no_environment_secrets.py
@@ -18,7 +18,7 @@ class ecs_task_definitions_no_environment_secrets(Check):
             report.resource_id = task_definition.name
             report.resource_arn = task_definition.arn
             report.status = "PASS"
-            report.status_extended = f"No secrets found in ECS task definition {task_definition.name} variables"
+            report.status_extended = f"No secrets found in variables of ECS task definition {task_definition.name} revision {task_definition.revision}"
             if task_definition.environment_variables:
                 for env_var in task_definition.environment_variables:
                     dump_env_vars = {}
@@ -36,7 +36,7 @@ class ecs_task_definitions_no_environment_secrets(Check):
 
                 if secrets.json():
                     report.status = "FAIL"
-                    report.status_extended = f"Potential secret found in ECS in ECS task definition {task_definition.name} variables"
+                    report.status_extended = f"Potential secret found in variables of ECS task definition {task_definition.name} revision {task_definition.revision}"
 
                 os.remove(temp_env_data_file.name)
 
diff --git a/tests/providers/aws/services/ecs/ecs_task_definitions_no_environment_secrets/ecs_task_definitions_no_environment_secrets_test.py b/tests/providers/aws/services/ecs/ecs_task_definitions_no_environment_secrets/ecs_task_definitions_no_environment_secrets_test.py
index a8da2b65..cecef19b 100644
--- a/tests/providers/aws/services/ecs/ecs_task_definitions_no_environment_secrets/ecs_task_definitions_no_environment_secrets_test.py
+++ b/tests/providers/aws/services/ecs/ecs_task_definitions_no_environment_secrets/ecs_task_definitions_no_environment_secrets_test.py
@@ -39,6 +39,7 @@ class Test_ecs_task_definitions_no_environment_secrets:
             TaskDefinition(
                 name=task_name,
                 arn=f"arn:aws:ecs:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:task-definition/{task_name}:1",
+                revision="1",
                 region=AWS_REGION,
                 environment_variables=[
                     ContainerEnvVariable(
@@ -61,7 +62,8 @@ class Test_ecs_task_definitions_no_environment_secrets:
             assert len(result) == 1
             assert result[0].status == "PASS"
             assert search(
-                "No secrets found in ECS task definition", result[0].status_extended
+                "No secrets found in variables of ECS task definition",
+                result[0].status_extended,
             )
             assert result[0].resource_id == task_name
             assert (
@@ -76,6 +78,7 @@ class Test_ecs_task_definitions_no_environment_secrets:
             TaskDefinition(
                 name=task_name,
                 arn=f"arn:aws:ecs:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:task-definition/{task_name}:1",
+                revision="1",
                 region=AWS_REGION,
                 environment_variables=[
                     ContainerEnvVariable(
@@ -98,7 +101,7 @@ class Test_ecs_task_definitions_no_environment_secrets:
             assert len(result) == 1
             assert result[0].status == "FAIL"
             assert search(
-                "Potential secret found in ECS in ECS task definition",
+                "Potential secret found in variables of ECS task definition",
                 result[0].status_extended,
             )
             assert result[0].resource_id == task_name