Import Security Hub finding into the same region as the related resource @marcjay

Import Security Hub finding into the same region as the related resource

include/outputs

@@ -27,13 +27,13 @@ TIMESTAMP=$(get_iso8601_timestamp)
 PROWLER_PARAMETERS=$@
 
 # Ensure that output directory always exists when -M is used
-if [[ $MODE ]];then 
+if [[ $MODE ]];then
   mkdir -p "${OUTPUT_DIR}"
   if [[ "${MODES[@]}" =~ "html" ]]; then
     addHtmlHeader > ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
     HTML_REPORT_INIT="1"
   fi
-fi 
+fi
 
 if [[ $PROFILE == "" ]];then
   PROFILE="ENV"
@@ -60,7 +60,7 @@ textPass(){
     JSON_ASFF_OUTPUT=$(generateJsonAsffOutput "$1" "PASSED" "INFORMATIONAL")
     echo "${JSON_ASFF_OUTPUT}" | tee -a $OUTPUT_FILE_NAME.$EXTENSION_ASFF
     if [[ "${SEND_TO_SECURITY_HUB}" -eq 1 ]]; then
-      sendToSecurityHub "${JSON_ASFF_OUTPUT}"
+      sendToSecurityHub "${JSON_ASFF_OUTPUT}" "${REPREGION}"
     fi
   fi
   if is_junit_output_enabled; then
@@ -147,7 +147,7 @@ textFail(){
     JSON_ASFF_OUTPUT=$(generateJsonAsffOutput "$1" "${level}" "HIGH")
     echo "${JSON_ASFF_OUTPUT}" | tee -a ${OUTPUT_FILE_NAME}.${EXTENSION_ASFF}
     if [[ "${SEND_TO_SECURITY_HUB}" -eq 1 ]]; then
-      sendToSecurityHub "${JSON_ASFF_OUTPUT}"
+      sendToSecurityHub "${JSON_ASFF_OUTPUT}" "${REPREGION}"
     fi
   fi
   if is_junit_output_enabled; then
@@ -318,7 +318,7 @@ generateHtmlOutput(){
       echo '<td>'$TITLE_TEXT'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
       echo '<td>'$message'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
     echo '</tr>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-  fi 
+  fi
   if [[ $status == "PASS" ]];then
     echo '<tr class="p-3 mb-2 bg-success">' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
       echo '<td><i class="fas fa-thumbs-up"></i></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML

include/securityhub_integration

@@ -14,21 +14,26 @@
 # Checks that the correct mode (json-asff) has been specified if wanting to send check output to AWS Security Hub
 # and that Security Hub is enabled in the chosen region
 checkSecurityHubCompatibility(){
+  local regx
   if [[ "${MODE}" != "json-asff" ]]; then
     echo -e "\n$RED ERROR!$NORMAL Output can only be sent to Security Hub when the output mode is json-asff, i.e. -M json-asff -S\n"
     EXITCODE=1
     exit $EXITCODE
   fi
-  SECURITY_HUB_ENABLED=$($AWSCLI securityhub --region $REGION $PROFILE_OPT describe-hub)
-  if [[ -z "${SECURITY_HUB_ENABLED}" ]]; then
-    echo -e "\n$RED ERROR!$NORMAL Security Hub is not enabled in $REGION. Enable it by calling '$AWSCLI securityhub --region $REGION $PROFILE_OPT enable-security-hub'\n"
-    EXITCODE=1
-    exit $EXITCODE
-  fi
+  for regx in $REGIONS; do
+    SECURITY_HUB_ENABLED=$($AWSCLI securityhub --region "$regx" $PROFILE_OPT describe-hub)
+    if [[ -z "${SECURITY_HUB_ENABLED}" ]]; then
+      echo -e "\n$RED ERROR!$NORMAL Security Hub is not enabled in $regx. Enable it by calling '$AWSCLI securityhub --region $regx $PROFILE_OPT enable-security-hub'\n"
+      EXITCODE=1
+      exit $EXITCODE
+    fi
+  done
 }
 
 sendToSecurityHub(){
-  BATCH_IMPORT_RESULT=$($AWSCLI securityhub --region $REGION $PROFILE_OPT batch-import-findings --findings "$1")
+  local findings="$1"
+  local region="$2"
+  BATCH_IMPORT_RESULT=$($AWSCLI securityhub --region "$region" $PROFILE_OPT batch-import-findings --findings "${findings}")
   # A successful CLI response is: {"SuccessCount": 1,"FailedFindings": [],"FailedCount": 0}
   # Therefore, check that SuccessCount is indeed 1
   if [[ -z "${BATCH_IMPORT_RESULT}" ]] || ! jq -e '.SuccessCount == 1' <<< "${BATCH_IMPORT_RESULT}" > /dev/null 2>&1; then