feat(lambda_cloudtrail check): improved logic and status extended (#2092)

2026-02-10 14:55:00 +00:00 · 2023-03-15 12:32:58 +01:00
parent 826a043748
commit 789b211586
3 changed files with 1509 additions and 1510 deletions
--- a/poetry.lock
+++ b/poetry.lock
--- a/prowler/providers/aws/services/awslambda/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled.py
+++ b/prowler/providers/aws/services/awslambda/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled.py
@@ -38,8 +38,7 @@ class awslambda_function_invoke_api_operations_cloudtrail_logging_enabled(Check)
                        ]:
                            if (
                                field_selector["Field"] == "resources.type"
-                                and field_selector["Equals"][0]
-                                == "AWS::Lambda::Function"
+                                and "AWS::Lambda::Function" in field_selector["Equals"]
                            ):
                                lambda_recorded_cloudtrail = True
                                break
@@ -47,7 +46,7 @@ class awslambda_function_invoke_api_operations_cloudtrail_logging_enabled(Check)
                        break
                if lambda_recorded_cloudtrail:
                    report.status = "PASS"
-                    report.status_extended = f"Lambda function {function.name} is recorded by CloudTrail {trail.name}"
+                    report.status_extended = f"Lambda function {function.name} is recorded by CloudTrail trail {trail.name}"
                    break
            findings.append(report)

--- a/tests/providers/aws/services/awslambda/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled_test.py
+++ b/tests/providers/aws/services/awslambda/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled_test.py
@@ -213,7 +213,7 @@ class Test_awslambda_function_invoke_api_operations_cloudtrail_logging_enabled:
            assert result[0].status == "PASS"
            assert (
                result[0].status_extended
-                == f"Lambda function {function_name} is recorded by CloudTrail {trail_name}"
+                == f"Lambda function {function_name} is recorded by CloudTrail trail {trail_name}"
            )

    @mock_cloudtrail
@@ -291,7 +291,7 @@ class Test_awslambda_function_invoke_api_operations_cloudtrail_logging_enabled:
            assert result[0].status == "PASS"
            assert (
                result[0].status_extended
-                == f"Lambda function {function_name} is recorded by CloudTrail {trail_name}"
+                == f"Lambda function {function_name} is recorded by CloudTrail trail {trail_name}"
            )

    @mock_cloudtrail
@@ -364,5 +364,5 @@ class Test_awslambda_function_invoke_api_operations_cloudtrail_logging_enabled:
            assert result[0].status == "PASS"
            assert (
                result[0].status_extended
-                == f"Lambda function {function_name} is recorded by CloudTrail {trail_name}"
+                == f"Lambda function {function_name} is recorded by CloudTrail trail {trail_name}"
            )