fix(allowlist): single account checks handling (#2585)

Co-authored-by: thomscode <thomscode@gmail.com>
2026-02-10 14:55:00 +00:00 · 2023-07-14 09:55:27 +02:00
parent f33b96861c
commit 8f015d0672
2 changed files with 25 additions and 1 deletions
--- a/prowler/providers/aws/lib/allowlist/allowlist.py
+++ b/prowler/providers/aws/lib/allowlist/allowlist.py
@@ -126,8 +126,8 @@ def is_allowlisted(allowlist, audited_account, check, region, resource, tags):
        # want to merge allowlisted checks from * to the other accounts check list
        if "*" in allowlist["Accounts"]:
            checks_multi_account = allowlist["Accounts"]["*"]["Checks"]
+            allowlisted_checks.update(checks_multi_account)
        # Test if it is allowlisted
-        allowlisted_checks.update(checks_multi_account)
        if is_allowlisted_in_check(
            allowlisted_checks,
            audited_account,
--- a/tests/providers/aws/lib/allowlist/allowlist_test.py
+++ b/tests/providers/aws/lib/allowlist/allowlist_test.py
@@ -305,6 +305,30 @@ class Test_Allowlist:
            )
        )

+    def test_is_allowlisted_single_account(self):
+        allowlist = {
+            "Accounts": {
+                AWS_ACCOUNT_NUMBER: {
+                    "Checks": {
+                        "check_test": {
+                            "Regions": [AWS_REGION],
+                            "Resources": ["prowler"],
+                        }
+                    }
+                }
+            }
+        }
+
+        assert is_allowlisted(
+            allowlist, AWS_ACCOUNT_NUMBER, "check_test", AWS_REGION, "prowler", ""
+        )
+
+        assert not (
+            is_allowlisted(
+                allowlist, AWS_ACCOUNT_NUMBER, "check_test", "us-east-2", "test", ""
+            )
+        )
+
    def test_is_allowlisted_in_region(self):
        # Allowlist example
        allowlisted_regions = [AWS_REGION, "eu-west-1"]