From 95df9bc316fb0ce45a7d483009931150164031a6 Mon Sep 17 00:00:00 2001 From: Divyanshu <40380497+0xDivyanshu@users.noreply.github.com> Date: Fri, 29 Apr 2022 17:49:04 +0530 Subject: [PATCH] feat(checks): New group and checks for Codebuild and EMR (#1112) --- checks/check_extra7174 | 63 +++++++++++++++++++++ checks/check_extra7175 | 52 +++++++++++++++++ checks/check_extra7176 | 55 ++++++++++++++++++ checks/check_extra7177 | 124 +++++++++++++++++++++++++++++++++++++++++ groups/group7_extras | 3 +- 5 files changed, 295 insertions(+), 2 deletions(-) create mode 100644 checks/check_extra7174 create mode 100644 checks/check_extra7175 create mode 100644 checks/check_extra7176 create mode 100644 checks/check_extra7177 diff --git a/checks/check_extra7174 b/checks/check_extra7174 new file mode 100644 index 00000000..5b5ff434 --- /dev/null +++ b/checks/check_extra7174 @@ -0,0 +1,63 @@ +#!/usr/bin/env bash + +# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy +# of the License at http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software distributed +# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR +# CONDITIONS OF ANY KIND, either express or implied. See the License for the +# specific language governing permissions and limitations under the License. + +CHECK_ID_extra7174="7.174" +CHECK_TITLE_extra7174="[extra7174] CodeBuild Project last invoked greater than 90 days" +CHECK_SCORED_extra7174="NOT_SCORED" +CHECK_CIS_LEVEL_extra7174="EXTRA" +CHECK_SEVERITY_extra7174="High" +CHECK_ASFF_TYPE_extra7174="AwsCodebuildProject" +CHECK_ALTERNATE_check7174="extra7174" +CHECK_SERVICENAME_extra7174="codebuild" +CHECK_RISK_extra7174='Older CodeBuild projects can be checked to see if they are currently in use' +CHECK_REMEDIATION_extra7174='Check if CodeBuild project are really in use and remove the stale ones' +CHECK_DOC_extra7174='https://docs.aws.amazon.com/codebuild/latest/userguide/delete-project.html' +CHECK_CAF_EPIC_extra7174='Infrastructure Security' + +extra7174(){ + # "Looking for all build projects with last build invocation greater then 90 days in all regions" + for regx in ${REGIONS}; do + LIST_OF_PROJECTS=$("${AWSCLI}" codebuild list-projects ${PROFILE_OPT} --region "${regx}" --query 'projects[*]' --output text 2>&1) + if grep -q -E 'AccessDenied|UnauthorizedOperation|AuthorizationError' <<< "${LIST_OF_PROJECTS}"; then + textInfo "${regx}: Access Denied trying to list Codebuild projects" "${regx}" + continue + fi + if [[ "${LIST_OF_PROJECTS}" ]]; then + for project in ${LIST_OF_PROJECTS}; do + project_id=$("${AWSCLI}" codebuild list-builds-for-project ${PROFILE_OPT} --project-name "${project}" --query 'ids[0]' --region "${regx}" --output text | head -n 1 2>&1) + if grep -q -E 'AccessDenied|UnauthorizedOperation|AuthorizationError' <<< "${project_id}"; then + textInfo "${regx}: Access Denied trying to fetch Id for Codebuild project" "${regx}" "${project}" + continue + elif grep -q -E 'None' <<< "${project_id}"; then + textInfo "${regx}: Codebuild project ${project} has been never build" "${regx}" "${project}" + continue + fi + last_invoked_time=$("${AWSCLI}" codebuild batch-get-builds ${PROFILE_OPT} --ids "${project_id}" --region "${regx}" --query 'builds[0].endTime' --output text 2>&1) + if grep -q -E 'AccessDenied|UnauthorizedOperation|AuthorizationError' <<< "${last_invoked_time}"; then + textInfo "${regx}: Access Denied trying to get build details for Codebuild project ID" "${regx}" "${project}" + elif grep -q -E 'None' <<< "${last_invoked_time}"; then + textInfo "${regx}: Codebuild project ${project} has been never build" "${regx}" "${project}" + else + HOWOLDER=$(how_older_from_today "${last_invoked_time}") + if [ "${HOWOLDER}" -ge 90 ]; then + textFail "${regx}: CodeBuild project ${project} was last invoked greater then 90 days" "${regx}" "${project}" + else + textPass "${regx}: Codebuild project ${project} was last invoked in the past 90 days" "${regx}" "${project}" + fi + fi + done + else + textInfo "${regx}: No CodeBuild Projects found" "${regx}" + fi + done +} diff --git a/checks/check_extra7175 b/checks/check_extra7175 new file mode 100644 index 00000000..bc80bcdc --- /dev/null +++ b/checks/check_extra7175 @@ -0,0 +1,52 @@ +#!/usr/bin/env bash + +# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy +# of the License at http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software distributed +# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR +# CONDITIONS OF ANY KIND, either express or implied. See the License for the +# specific language governing permissions and limitations under the License. + +CHECK_ID_extra7175="7.175" +CHECK_TITLE_extra7175="[extra7175] CodeBuild Project with an user controlled buildspec" +CHECK_SCORED_extra7175="NOT_SCORED" +CHECK_CIS_LEVEL_extra7175="EXTRA" +CHECK_SEVERITY_extra7175="High" +CHECK_ASFF_TYPE_extra7175="AwsCodebuildProject" +CHECK_ALTERNATE_check7175="extra7175" +CHECK_SERVICENAME_extra7175="codebuild" +CHECK_RISK_extra7175='The CodeBuild projects with user controlled buildspec' +CHECK_REMEDIATION_extra7175='Use buildspec.yml from a trusted source which user cant interfere with' +CHECK_DOC_extra7175='https://docs.aws.amazon.com/codebuild/latest/userguide/security.html' +CHECK_CAF_EPIC_extra7175='Infrastructure Security' + +extra7175(){ + # "Looking for all build projects with user controlled buildspec files" + for regx in ${REGIONS}; do + LIST_OF_PROJECTS=$("${AWSCLI}" codebuild list-projects ${PROFILE_OPT} --region "${regx}" --query 'projects[*]' --output text 2>&1) + if grep -q -E 'AccessDenied|UnauthorizedOperation|AuthorizationError' <<< "${LIST_OF_PROJECTS}"; then + textInfo "${regx}: Access Denied trying to list Codebuild projects" "${regx}" + continue + fi + if [[ "${LIST_OF_PROJECTS}" ]]; then + for project in ${LIST_OF_PROJECTS}; do + buildspec_file=$("${AWSCLI}" codebuild batch-get-projects ${PROFILE_OPT} --name "${project}" --query 'projects[0].source.buildspec' --region "${regx}" --output text 2>&1) + if grep -q -E 'AccessDenied|UnauthorizedOperation|AuthorizationError' <<< "${buildspec_file}"; then + textInfo "${regx}: Access Denied trying to fetch Id for Codebuild project" "${regx}" "${project}" + continue + fi + if [[ $buildspec_file == *.yml ]];then + textFail "${regx}: Codebuild project ${project} uses a user controlled buildspec" "${regx}" "${project}" + else + textPass "${regx}: Codebuild project ${project} not uses a user controlled buildspec" "${regx}" "${project}" + fi + done + else + textInfo "${regx}: No CodeBuild Projects found" "${regx}" + fi + done +} diff --git a/checks/check_extra7176 b/checks/check_extra7176 new file mode 100644 index 00000000..3bd611b1 --- /dev/null +++ b/checks/check_extra7176 @@ -0,0 +1,55 @@ +#!/usr/bin/env bash + +# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy +# of the License at http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software distributed +# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR +# CONDITIONS OF ANY KIND, either express or implied. See the License for the +# specific language governing permissions and limitations under the License. + +CHECK_ID_extra7176="7.176" +CHECK_TITLE_extra7176="[extra7176] EMR Cluster without Public IP" +CHECK_SCORED_extra7176="NOT_SCORED" +CHECK_CIS_LEVEL_extra7176="EXTRA" +CHECK_SEVERITY_extra7176="Medium" +CHECK_ASFF_TYPE_extra7176="AwsEMR" +CHECK_ALTERNATE_check7176="extra7176" +CHECK_SERVICENAME_extra7176="emr" +CHECK_RISK_extra7176='EMR Cluster should not have Public IP' +CHECK_REMEDIATION_extra7176='Only make acceptable EMR clusters public' +CHECK_DOC_extra7176='https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-block-public-access.html' +CHECK_CAF_EPIC_extra7176='Infrastructure Security' + +extra7176(){ + # Public EMR cluster have their DNS ending with .amazonaws.com while private ones have format of ip-xxx-xx-xx.us-east-1.compute.internal. + for regx in ${REGIONS}; do + # List only EMR clusters with the following states: STARTING, BOOTSTRAPPING, RUNNING, WAITING, TERMINATING + # [NOT TERMINATED AND TERMINATED_WITH_ERRORS] + LIST_OF_CLUSTERS=$("${AWSCLI}" emr list-clusters ${PROFILE_OPT} --region "${regx}" --query 'Clusters[?(Status.State!=`TERMINATED` && Status.State!=`TERMINATED_WITH_ERRORS`)].Id' --output text 2>&1) + if grep -q -E 'AccessDenied|UnauthorizedOperation|AuthorizationError' <<< "${LIST_OF_CLUSTERS}"; then + textInfo "${regx}: Access Denied trying to list clusters of emr" "${regx}" + continue + fi + if [[ "${LIST_OF_CLUSTERS}" ]] + then + for cluster_id in ${LIST_OF_CLUSTERS}; do + master_public_dns=$("${AWSCLI}" emr describe-cluster ${PROFILE_OPT} --cluster-id "${cluster_id}" --query 'Cluster.MasterPublicDnsName' --region "${regx}" --output text 2>&1) + if grep -q -E 'AccessDenied|UnauthorizedOperation|AuthorizationError' <<< "${master_public_dns}"; then + textInfo "${regx}: Access Denied trying to describe emr cluster" "${regx}" "${cluster_id}" + continue + fi + if [[ $master_public_dns != None && $master_public_dns != *.internal ]];then + textFail "${regx}: EMR Cluster ${cluster_id} has a Public IP" "${regx}" "${cluster_id}" + else + textPass "${regx}: EMR Cluster ${cluster_id} has not a Public IP" "${regx}" "${cluster_id}" + fi + done + else + textInfo "${regx}: No EMR Clusters found" "${regx}" + fi + done +} diff --git a/checks/check_extra7177 b/checks/check_extra7177 new file mode 100644 index 00000000..5a82a0ef --- /dev/null +++ b/checks/check_extra7177 @@ -0,0 +1,124 @@ +#!/usr/bin/env bash + +# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy +# of the License at http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software distributed +# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR +# CONDITIONS OF ANY KIND, either express or implied. See the License for the +# specific language governing permissions and limitations under the License. + + +CHECK_ID_extra7177="7.177" +CHECK_TITLE_extra7177="[extra7177] Publicly accessible EMR Cluster" +CHECK_SCORED_extra7177="NOT_SCORED" +CHECK_CIS_LEVEL_extra7177="EXTRA" +CHECK_SEVERITY_extra7177="High" +CHECK_ASFF_TYPE_extra7177="AwsEMR" +CHECK_ALTERNATE_check7177="extra7177" +CHECK_SERVICENAME_extra7177="emr" +CHECK_RISK_extra7177='EMR Clusters should not be publicly accessible' +CHECK_REMEDIATION_extra7177='Only make acceptable EMR clusters public' +CHECK_DOC_extra7177='https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-block-public-access.html' +CHECK_CAF_EPIC_extra7177='Infrastructure Security' + +extra7177(){ + for regx in ${REGIONS}; do + # List only EMR clusters with the following states: STARTING, BOOTSTRAPPING, RUNNING, WAITING, TERMINATING + # [NOT TERMINATED AND TERMINATED_WITH_ERRORS] + LIST_OF_CLUSTERS=$("${AWSCLI}" emr list-clusters ${PROFILE_OPT} --region "${regx}" --query 'Clusters[?(Status.State!=`TERMINATED` && Status.State!=`TERMINATED_WITH_ERRORS`)].Id' --output text 2>&1) + if grep -q -E 'AccessDenied|UnauthorizedOperation|AuthorizationError' <<< "${LIST_OF_CLUSTERS}"; then + textInfo "${regx}: Access Denied trying to list EMR clusters" "${regx}" + continue + fi + if [[ "${LIST_OF_CLUSTERS}" ]] + then + for cluster_id in ${LIST_OF_CLUSTERS}; do + master_public_dns=$("${AWSCLI}" emr describe-cluster ${PROFILE_OPT} --cluster-id "${cluster_id}" --query 'Cluster.MasterPublicDnsName' --region "${regx}" --output text 2>&1) + if grep -q -E 'AccessDenied|UnauthorizedOperation|AuthorizationError' <<< "${master_public_dns}"; then + textInfo "${regx}: Access Denied trying to describe EMR cluster" "${regx}" "${cluster_id}" + continue + fi + if [[ $master_public_dns != None && $master_public_dns != *.internal ]];then + # If EMR cluster is Public, it is required to check their Security Groups for the Master, the Slaves and the additional ones + + # Retrive EMR Master Node Security Groups rules + master_node_sg=$("${AWSCLI}" emr describe-cluster --cluster-id "${cluster_id}" ${PROFILE_OPT} --region "${regx}" --query 'Cluster.Ec2InstanceAttributes.EmrManagedMasterSecurityGroup' --output text 2>&1) + if grep -q -E 'AccessDenied|UnauthorizedOperation|AuthorizationError' <<< "${master_node_sg}"; then + textInfo "${regx}: Access Denied trying to describe EMR cluster" "${regx}" "${cluster_id}" + continue + fi + master_node_sg_internet_open=$("${AWSCLI}" ec2 describe-security-groups --group-ids "${master_node_sg}" --query 'SecurityGroups[?length(IpPermissions[?(contains(IpRanges[].CidrIp, `0.0.0.0/0`) || contains(Ipv6Ranges[].CidrIpv6, `::/0`))]) > `0`].{GroupId:GroupId}' ${PROFILE_OPT} --region "${regx}" --output text 2>&1) + if grep -q -E 'AccessDenied|UnauthorizedOperation|AuthorizationError' <<< "${master_node_sg_internet_open}"; then + textInfo "$regx: Access Denied trying to describe security groups" "$regx" + continue + fi + + # Retrive EMR Slave Node Security Groups rules + slave_node_sg=$("${AWSCLI}" emr describe-cluster --cluster-id "${cluster_id}" ${PROFILE_OPT} --region "${regx}" --query 'Cluster.Ec2InstanceAttributes.EmrManagedSlaveSecurityGroup' --output text 2>&1) + if grep -q -E 'AccessDenied|UnauthorizedOperation|AuthorizationError' <<< "${slave_node_sg}"; then + textInfo "${regx}: Access Denied trying to describe EMR cluster" "${regx}" "${cluster_id}" + continue + fi + slave_node_sg_internet_open=$("${AWSCLI}" ec2 describe-security-groups --group-ids "${slave_node_sg}" --query 'SecurityGroups[?length(IpPermissions[?(contains(IpRanges[].CidrIp, `0.0.0.0/0`) || contains(Ipv6Ranges[].CidrIpv6, `::/0`))]) > `0`].{GroupId:GroupId}' ${PROFILE_OPT} --region "${regx}" --output text 2>&1) + if grep -q -E 'AccessDenied|UnauthorizedOperation|AuthorizationError' <<< "${slave_node_sg_internet_open}"; then + textInfo "$regx: Access Denied trying to describe security groups" "$regx" + continue + fi + + # Retrive EMR Additional Master node Security Groups rules + additional_master_node_sg_list=$("${AWSCLI}" emr describe-cluster --cluster-id "${cluster_id}" ${PROFILE_OPT} --region "${regx}" --query 'Cluster.Ec2InstanceAttributes.AdditionalMasterSecurityGroups' --output text 2>&1) + if grep -q -E 'AccessDenied|UnauthorizedOperation|AuthorizationError' <<< "${slave_node_sg}"; then + textInfo "${regx}: Access Denied trying to describe EMR cluster" "${regx}" "${cluster_id}" + continue + fi + local additional_master_node_sg_internet_open_list + if [[ "${additional_master_node_sg_list}" != "None" ]]; then + for additional_master_node_sg in ${additional_master_node_sg_list}; do + additional_master_node_sg_internet_open=$("${AWSCLI}" ec2 describe-security-groups --group-ids "${additional_master_node_sg}" --query 'SecurityGroups[?length(IpPermissions[?(contains(IpRanges[].CidrIp, `0.0.0.0/0`) || contains(Ipv6Ranges[].CidrIpv6, `::/0`))]) > `0`].{GroupId:GroupId}' ${PROFILE_OPT} --region "${regx}" --output text 2>&1) + if grep -q -E 'AccessDenied|UnauthorizedOperation|AuthorizationError' <<< "${slave_node_sg_internet_open}"; then + textInfo "$regx: Access Denied trying to describe security groups" "$regx" + continue + fi + # Store additional master node security groups that allows access from the internet + additional_master_node_sg_internet_open_list+=( "${additional_master_node_sg_internet_open}" ) + done + fi + + # Retrive EMR Additional Slave node Security Groups rules + additional_slave_node_sg_list=$("${AWSCLI}" emr describe-cluster --cluster-id "${cluster_id}" ${PROFILE_OPT} --region "${regx}" --query 'Cluster.Ec2InstanceAttributes.AdditionalSlaveSecurityGroups' --output text 2>&1) + if grep -q -E 'AccessDenied|UnauthorizedOperation|AuthorizationError' <<< "${slave_node_sg}"; then + textInfo "${regx}: Access Denied trying to describe EMR cluster" "${regx}" "${cluster_id}" + continue + fi + local additional_slave_node_sg_internet_open_list + if [[ "${additional_slave_node_sg_list}" != "None" ]]; then + for additional_slave_node_sg in ${additional_master_node_sg_list}; do + additional_slave_node_sg_internet_open=$("${AWSCLI}" ec2 describe-security-groups --group-ids "${additional_slave_node_sg}" --query 'SecurityGroups[?length(IpPermissions[?(contains(IpRanges[].CidrIp, `0.0.0.0/0`) || contains(Ipv6Ranges[].CidrIpv6, `::/0`))]) > `0`].{GroupId:GroupId}' ${PROFILE_OPT} --region "${regx}" --output text 2>&1) + if grep -q -E 'AccessDenied|UnauthorizedOperation|AuthorizationError' <<< "${additional_slave_node_sg_internet_open}"; then + textInfo "$regx: Access Denied trying to describe security groups" "$regx" + continue + fi + # Store additional slave node security groups that allows access from the internet + additional_slave_node_sg_internet_open_list+=( "${additional_slave_node_sg_internet_open}" ) + done + fi + + # Check if EMR Cluster is publicly accessible through a Security Group + if [[ -n "${master_node_sg_internet_open}" || -n "${slave_node_sg_internet_open}" || "${#additional_master_node_sg_internet_open_list[@]}" -ne 0 || "${#additional_slave_node_sg_internet_open_list[@]}" -ne 0 ]]; then + textFail "${regx}: EMR Cluster ${cluster_id} is publicly accessible through the following Security Groups: Master Node ${master_node_sg_internet_open} ${additional_master_node_sg_internet_open_list[*]} -- Slaves Nodes ${slave_node_sg_internet_open} ${additional_slave_node_sg_internet_open_list[*]}" "${regx}" "${cluster_id}" + else + textPass "${regx}: EMR Cluster ${cluster_id} is not publicly accessible" "${regx}" "${cluster_id}" + fi + else + textPass "${regx}: EMR Cluster ${cluster_id} is not publicly accessible" "${regx}" "${cluster_id}" + fi + done + else + textInfo "${regx}: No EMR Clusters found" "${regx}" + fi + done +} diff --git a/groups/group7_extras b/groups/group7_extras index fb65883c..c04d0b04 100644 --- a/groups/group7_extras +++ b/groups/group7_extras @@ -15,8 +15,7 @@ GROUP_ID[7]='extras' GROUP_NUMBER[7]='7.0' GROUP_TITLE[7]='Extras - all non CIS specific checks - [extras] ****************' GROUP_RUN_BY_DEFAULT[7]='Y' # run it when execute_all is called -GROUP_CHECKS[7]='extra71,extra72,extra73,extra74,extra75,extra76,extra77,extra78,extra79,extra710,extra711,extra712,extra713,extra714,extra715,extra716,extra717,extra718,extra719,extra720,extra721,extra722,extra723,extra724,extra725,extra726,extra727,extra728,extra729,extra730,extra731,extra732,extra733,extra734,extra735,extra736,extra738,extra739,extra740,extra741,extra742,extra743,extra744,extra745,extra746,extra747,extra748,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra757,extra758,extra761,extra762,extra763,extra764,extra765,extra767,extra768,extra769,extra770,extra771,extra772,extra773,extra774,extra775,extra776,extra777,extra778,extra779,extra780,extra781,extra782,extra783,extra784,extra785,extra786,extra787,extra788,extra791,extra792,extra793,extra794,extra795,extra796,extra797,extra798,extra799,extra7100,extra7101,extra7102,extra7103,extra7104,extra7105,extra7106,extra7107,extra7108,extra7109,extra7110,extra7111,extra7112,extra7113,extra7114,extra7115,extra7116,extra7117,extra7118,extra7119,extra7120,extra7121,extra7122,extra7123,extra7124,extra7125,extra7126,extra7127,extra7128,extra7129,extra7130,extra7131,extra7132,extra7133,extra7134,extra7135,extra7136,extra7137,extra7138,extra7139,extra7140,extra7141,extra7142,extra7143,extra7144,extra7145,extra7146,extra7147,extra7148,extra7149,extra7150,extra7151,extra7152,extra7153,extra7154,extra7155,extra7156,extra7157,extra7158,extra7159,extra7160,extra7161,extra7162,extra7163,extra7164,extra7165,extra7166,extra7167,extra7168,extra7169,extra7170,extra7171,extra7172,extra7173' - +GROUP_CHECKS[7]='extra71,extra72,extra73,extra74,extra75,extra76,extra77,extra78,extra79,extra710,extra711,extra712,extra713,extra714,extra715,extra716,extra717,extra718,extra719,extra720,extra721,extra722,extra723,extra724,extra725,extra726,extra727,extra728,extra729,extra730,extra731,extra732,extra733,extra734,extra735,extra736,extra738,extra739,extra740,extra741,extra742,extra743,extra744,extra745,extra746,extra747,extra748,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra757,extra758,extra761,extra762,extra763,extra764,extra765,extra767,extra768,extra769,extra770,extra771,extra772,extra773,extra774,extra775,extra776,extra777,extra778,extra779,extra780,extra781,extra782,extra783,extra784,extra785,extra786,extra787,extra788,extra791,extra792,extra793,extra794,extra795,extra796,extra797,extra798,extra799,extra7100,extra7101,extra7102,extra7103,extra7104,extra7105,extra7106,extra7107,extra7108,extra7109,extra7110,extra7111,extra7112,extra7113,extra7114,extra7115,extra7116,extra7117,extra7118,extra7119,extra7120,extra7121,extra7122,extra7123,extra7124,extra7125,extra7126,extra7127,extra7128,extra7129,extra7130,extra7131,extra7132,extra7133,extra7134,extra7135,extra7136,extra7137,extra7138,extra7139,extra7140,extra7141,extra7142,extra7143,extra7144,extra7145,extra7146,extra7147,extra7148,extra7149,extra7150,extra7151,extra7152,extra7153,extra7154,extra7155,extra7156,extra7157,extra7158,extra7159,extra7160,extra7161,extra7162,extra7163,extra7164,extra7165,extra7166,extra7167,extra7168,extra7169,extra7170,extra7171,extra7172,extra7173,extra7174,extra7175,extra7176,extra7177' # Extras 759 and 760 (lambda variables and code secrets finder are not included) # to run detect-secrets use `./prowler -g secrets`