From 965327e801f4146b5d16da30dd7ce894c0235333 Mon Sep 17 00:00:00 2001 From: Gabriel Pragin Date: Thu, 27 Jul 2023 02:44:09 -0700 Subject: [PATCH] chore(typos): Update check's status (#2629) Co-authored-by: Pepe Fagoaga --- .../apigateway_authorizers_enabled.py | 4 ++-- .../apigateway_client_certificate_enabled.py | 2 +- .../apigateway_waf_acl_attached.py | 2 +- .../apigatewayv2_authorizers_enabled.py | 8 ++------ .../awslambda_function_url_cors_policy.py | 4 ++-- .../awslambda_function_url_public.py | 4 ++-- .../cloudtrail_bucket_requires_mfa_delete.py | 6 +++--- .../cloudtrail_insights_exist.py | 6 ++---- .../config_recorder_all_regions_enabled.metadata.json | 2 +- .../ec2_instance_public_ip/ec2_instance_public_ip.py | 2 +- .../ec2_networkacl_allow_ingress_any_port.py | 2 +- .../ec2_networkacl_allow_ingress_tcp_port_22.py | 2 +- .../ec2_networkacl_allow_ingress_tcp_port_3389.py | 2 +- ...itygroup_allow_ingress_from_internet_to_any_port.py | 2 +- ...ngress_from_internet_to_port_mongodb_27017_27018.py | 2 +- ...llow_ingress_from_internet_to_tcp_ftp_port_20_21.py | 2 +- ...group_allow_ingress_from_internet_to_tcp_port_22.py | 2 +- ...oup_allow_ingress_from_internet_to_tcp_port_3389.py | 2 +- ...om_internet_to_tcp_port_cassandra_7199_9160_8888.py | 2 +- ..._to_tcp_port_elasticsearch_kibana_9200_9300_5601.py | 2 +- ...low_ingress_from_internet_to_tcp_port_kafka_9092.py | 2 +- ...ngress_from_internet_to_tcp_port_memcached_11211.py | 2 +- ...low_ingress_from_internet_to_tcp_port_mysql_3306.py | 2 +- ...gress_from_internet_to_tcp_port_oracle_1521_2483.py | 2 +- ..._ingress_from_internet_to_tcp_port_postgres_5432.py | 2 +- ...low_ingress_from_internet_to_tcp_port_redis_6379.py | 2 +- ...s_from_internet_to_tcp_port_sql_server_1433_1434.py | 2 +- ...llow_ingress_from_internet_to_tcp_port_telnet_23.py | 2 +- .../ecr_repositories_lifecycle_policy_enabled.py | 4 ++-- ...ks_cluster_kms_cmk_encryption_in_secrets_enabled.py | 4 +--- .../elb_insecure_ssl_ciphers.py | 2 +- .../elb/elb_logging_enabled/elb_logging_enabled.py | 4 +++- .../elbv2_deletion_protection.py | 4 +++- .../elbv2_insecure_ssl_ciphers.py | 2 +- .../elbv2_logging_enabled/elbv2_logging_enabled.py | 2 +- .../emr_cluster_master_nodes_no_public_ip.py | 6 ++++-- .../iam_role_cross_account_readonlyaccess_policy.py | 6 +++--- .../rds_instance_backup_enabled.py | 2 +- .../workspaces_vpc_2private_1public_subnets_nat.py | 4 ++-- .../cloudsql_instance_mysql_local_infile_flag.py | 4 ++-- .../cloudsql_instance_mysql_skip_show_database_flag.py | 4 ++-- .../cloudsql_instance_postgres_enable_pgaudit_flag.py | 4 ++-- .../cloudsql_instance_postgres_log_connections_flag.py | 4 ++-- ...oudsql_instance_postgres_log_disconnections_flag.py | 4 ++-- ...udsql_instance_postgres_log_error_verbosity_flag.py | 4 ++-- ...nstance_postgres_log_min_duration_statement_flag.py | 4 ++-- ...l_instance_postgres_log_min_error_statement_flag.py | 4 ++-- ...cloudsql_instance_postgres_log_min_messages_flag.py | 4 ++-- .../cloudsql_instance_postgres_log_statement_flag.py | 4 ++-- .../cloudsql_instance_public_ip.py | 4 ++-- ...tance_sqlserver_cross_db_ownership_chaining_flag.py | 4 ++-- ...instance_sqlserver_external_scripts_enabled_flag.py | 4 ++-- .../cloudsql_instance_sqlserver_remote_access_flag.py | 4 ++-- ...loudsql_instance_sqlserver_user_connections_flag.py | 4 ++-- .../cloudsql_instance_sqlserver_user_options_flag.py | 4 ++-- .../compute_instance_public_ip.py | 6 ++++-- .../apigateway_authorizers_enabled_test.py | 4 ++-- .../apigateway_client_certificate_enabled_test.py | 2 +- .../apigateway_waf_acl_attached_test.py | 2 +- .../apigatewayv2_authorizers_enabled_test.py | 2 +- .../awslambda_function_url_cors_policy_test.py | 6 +++--- .../awslambda_function_url_public_test.py | 4 ++-- .../cloudtrail_bucket_requires_mfa_delete_test.py | 8 ++++---- .../cloudtrail_insights_exist_test.py | 4 ++-- .../ec2_instance_public_ip_test.py | 5 +++-- .../ec2_networkacl_allow_ingress_any_port_test.py | 2 +- .../ec2_networkacl_allow_ingress_tcp_port_22_test.py | 2 +- .../ec2_networkacl_allow_ingress_tcp_port_3389_test.py | 2 +- ...oup_allow_ingress_from_internet_to_any_port_test.py | 4 ++-- ...s_from_internet_to_port_mongodb_27017_27018_test.py | 2 +- ...ingress_from_internet_to_tcp_ftp_port_20_21_test.py | 2 +- ..._allow_ingress_from_internet_to_tcp_port_22_test.py | 2 +- ...llow_ingress_from_internet_to_tcp_port_3389_test.py | 2 +- ...ternet_to_tcp_port_cassandra_7199_9160_8888_test.py | 2 +- ...cp_port_elasticsearch_kibana_9200_9300_5601_test.py | 2 +- ...ngress_from_internet_to_tcp_port_kafka_9092_test.py | 2 +- ...s_from_internet_to_tcp_port_memcached_11211_test.py | 2 +- ...ngress_from_internet_to_tcp_port_mysql_3306_test.py | 2 +- ..._from_internet_to_tcp_port_oracle_1521_2483_test.py | 2 +- ...ess_from_internet_to_tcp_port_postgres_5432_test.py | 2 +- ...ngress_from_internet_to_tcp_port_redis_6379_test.py | 2 +- ...m_internet_to_tcp_port_sql_server_1433_1434_test.py | 2 +- ...ingress_from_internet_to_tcp_port_telnet_23_test.py | 2 +- .../ecr_repositories_lifecycle_policy_enabled_test.py | 4 ++-- ...uster_kms_cmk_encryption_in_secrets_enabled_test.py | 3 ++- .../elb_insecure_ssl_ciphers_test.py | 2 +- .../elb_logging_enabled/elb_logging_enabled_test.py | 2 +- .../elbv2_deletion_protection_test.py | 2 +- .../elbv2_insecure_ssl_ciphers_test.py | 2 +- .../elbv2_logging_enabled_test.py | 2 +- .../emr_cluster_master_nodes_no_public_ip_test.py | 7 ++++--- ...am_role_cross_account_readonlyaccess_policy_test.py | 8 ++++---- .../rds_instance_backup_enabled_test.py | 2 +- ...workspaces_vpc_2private_1public_subnets_nat_test.py | 10 +++++----- 94 files changed, 154 insertions(+), 151 deletions(-) diff --git a/prowler/providers/aws/services/apigateway/apigateway_authorizers_enabled/apigateway_authorizers_enabled.py b/prowler/providers/aws/services/apigateway/apigateway_authorizers_enabled/apigateway_authorizers_enabled.py index 828ef242..53e38203 100644 --- a/prowler/providers/aws/services/apigateway/apigateway_authorizers_enabled/apigateway_authorizers_enabled.py +++ b/prowler/providers/aws/services/apigateway/apigateway_authorizers_enabled/apigateway_authorizers_enabled.py @@ -15,10 +15,10 @@ class apigateway_authorizers_enabled(Check): report.resource_tags = rest_api.tags if rest_api.authorizer: report.status = "PASS" - report.status_extended = f"API Gateway {rest_api.name} ID {rest_api.id} has authorizer configured." + report.status_extended = f"API Gateway {rest_api.name} ID {rest_api.id} has an authorizer configured." else: report.status = "FAIL" - report.status_extended = f"API Gateway {rest_api.name} ID {rest_api.id} has not authorizer configured." + report.status_extended = f"API Gateway {rest_api.name} ID {rest_api.id} does not have an authorizer configured." findings.append(report) return findings diff --git a/prowler/providers/aws/services/apigateway/apigateway_client_certificate_enabled/apigateway_client_certificate_enabled.py b/prowler/providers/aws/services/apigateway/apigateway_client_certificate_enabled/apigateway_client_certificate_enabled.py index 4f38eccb..e6fd44d6 100644 --- a/prowler/providers/aws/services/apigateway/apigateway_client_certificate_enabled/apigateway_client_certificate_enabled.py +++ b/prowler/providers/aws/services/apigateway/apigateway_client_certificate_enabled/apigateway_client_certificate_enabled.py @@ -19,7 +19,7 @@ class apigateway_client_certificate_enabled(Check): report.status_extended = f"API Gateway {rest_api.name} ID {rest_api.id} in stage {stage.name} has client certificate enabled." else: report.status = "FAIL" - report.status_extended = f"API Gateway {rest_api.name} ID {rest_api.id} in stage {stage.name} has not client certificate enabled." + report.status_extended = f"API Gateway {rest_api.name} ID {rest_api.id} in stage {stage.name} does not have client certificate enabled." findings.append(report) return findings diff --git a/prowler/providers/aws/services/apigateway/apigateway_waf_acl_attached/apigateway_waf_acl_attached.py b/prowler/providers/aws/services/apigateway/apigateway_waf_acl_attached/apigateway_waf_acl_attached.py index aa18e0ce..ae6f9f3b 100644 --- a/prowler/providers/aws/services/apigateway/apigateway_waf_acl_attached/apigateway_waf_acl_attached.py +++ b/prowler/providers/aws/services/apigateway/apigateway_waf_acl_attached/apigateway_waf_acl_attached.py @@ -19,7 +19,7 @@ class apigateway_waf_acl_attached(Check): report.status_extended = f"API Gateway {rest_api.name} ID {rest_api.id} in stage {stage.name} has {stage.waf} WAF ACL attached." else: report.status = "FAIL" - report.status_extended = f"API Gateway {rest_api.name} ID {rest_api.id} in stage {stage.name} has not WAF ACL attached." + report.status_extended = f"API Gateway {rest_api.name} ID {rest_api.id} in stage {stage.name} does not have WAF ACL attached." findings.append(report) return findings diff --git a/prowler/providers/aws/services/apigatewayv2/apigatewayv2_authorizers_enabled/apigatewayv2_authorizers_enabled.py b/prowler/providers/aws/services/apigatewayv2/apigatewayv2_authorizers_enabled/apigatewayv2_authorizers_enabled.py index bb34d79b..dead01ce 100644 --- a/prowler/providers/aws/services/apigatewayv2/apigatewayv2_authorizers_enabled/apigatewayv2_authorizers_enabled.py +++ b/prowler/providers/aws/services/apigatewayv2/apigatewayv2_authorizers_enabled/apigatewayv2_authorizers_enabled.py @@ -14,14 +14,10 @@ class apigatewayv2_authorizers_enabled(Check): report.resource_arn = api.arn report.resource_tags = api.tags report.status = "FAIL" - report.status_extended = ( - f"API Gateway V2 {api.name} ID {api.id} has not authorizer configured." - ) + report.status_extended = f"API Gateway V2 {api.name} ID {api.id} does not have an authorizer configured." if api.authorizer: report.status = "PASS" - report.status_extended = ( - f"API Gateway V2 {api.name} ID {api.id} has authorizer configured." - ) + report.status_extended = f"API Gateway V2 {api.name} ID {api.id} has an authorizer configured." findings.append(report) return findings diff --git a/prowler/providers/aws/services/awslambda/awslambda_function_url_cors_policy/awslambda_function_url_cors_policy.py b/prowler/providers/aws/services/awslambda/awslambda_function_url_cors_policy/awslambda_function_url_cors_policy.py index 76bd1c5f..840b2a35 100644 --- a/prowler/providers/aws/services/awslambda/awslambda_function_url_cors_policy/awslambda_function_url_cors_policy.py +++ b/prowler/providers/aws/services/awslambda/awslambda_function_url_cors_policy/awslambda_function_url_cors_policy.py @@ -14,10 +14,10 @@ class awslambda_function_url_cors_policy(Check): if function.url_config: if "*" in function.url_config.cors_config.allow_origins: report.status = "FAIL" - report.status_extended = f"Lambda function {function.name} URL has a wide CORS configuration" + report.status_extended = f"Lambda function {function.name} URL has a wide CORS configuration." else: report.status = "PASS" - report.status_extended = f"Lambda function {function.name} has not a wide CORS configuration" + report.status_extended = f"Lambda function {function.name} does not have a wide CORS configuration." findings.append(report) diff --git a/prowler/providers/aws/services/awslambda/awslambda_function_url_public/awslambda_function_url_public.py b/prowler/providers/aws/services/awslambda/awslambda_function_url_public/awslambda_function_url_public.py index 01543f70..a6365d4f 100644 --- a/prowler/providers/aws/services/awslambda/awslambda_function_url_public/awslambda_function_url_public.py +++ b/prowler/providers/aws/services/awslambda/awslambda_function_url_public/awslambda_function_url_public.py @@ -15,10 +15,10 @@ class awslambda_function_url_public(Check): if function.url_config: if function.url_config.auth_type == AuthType.AWS_IAM: report.status = "PASS" - report.status_extended = f"Lambda function {function.name} has not a publicly accessible function URL" + report.status_extended = f"Lambda function {function.name} does not have a publicly accessible function URL." else: report.status = "FAIL" - report.status_extended = f"Lambda function {function.name} has a publicly accessible function URL" + report.status_extended = f"Lambda function {function.name} has a publicly accessible function URL." findings.append(report) diff --git a/prowler/providers/aws/services/cloudtrail/cloudtrail_bucket_requires_mfa_delete/cloudtrail_bucket_requires_mfa_delete.py b/prowler/providers/aws/services/cloudtrail/cloudtrail_bucket_requires_mfa_delete/cloudtrail_bucket_requires_mfa_delete.py index 9ce8349c..d03c1cb7 100644 --- a/prowler/providers/aws/services/cloudtrail/cloudtrail_bucket_requires_mfa_delete/cloudtrail_bucket_requires_mfa_delete.py +++ b/prowler/providers/aws/services/cloudtrail/cloudtrail_bucket_requires_mfa_delete/cloudtrail_bucket_requires_mfa_delete.py @@ -18,17 +18,17 @@ class cloudtrail_bucket_requires_mfa_delete(Check): report.resource_arn = trail.arn report.resource_tags = trail.tags report.status = "FAIL" - report.status_extended = f"Trail {trail.name} bucket ({trail_bucket}) has not MFA delete enabled" + report.status_extended = f"Trail {trail.name} bucket ({trail_bucket}) does not have MFA delete enabled." for bucket in s3_client.buckets: if trail_bucket == bucket.name: trail_bucket_is_in_account = True if bucket.mfa_delete: report.status = "PASS" - report.status_extended = f"Trail {trail.name} bucket ({trail_bucket}) has MFA delete enabled" + report.status_extended = f"Trail {trail.name} bucket ({trail_bucket}) has MFA delete enabled." # check if trail bucket is a cross account bucket if not trail_bucket_is_in_account: report.status = "PASS" - report.status_extended = f"Trail {trail.name} bucket ({trail_bucket}) is a cross-account bucket in another account out of Prowler's permissions scope, please check it manually" + report.status_extended = f"Trail {trail.name} bucket ({trail_bucket}) is a cross-account bucket in another account out of Prowler's permissions scope, please check it manually." findings.append(report) diff --git a/prowler/providers/aws/services/cloudtrail/cloudtrail_insights_exist/cloudtrail_insights_exist.py b/prowler/providers/aws/services/cloudtrail/cloudtrail_insights_exist/cloudtrail_insights_exist.py index f792e64d..59972e14 100644 --- a/prowler/providers/aws/services/cloudtrail/cloudtrail_insights_exist/cloudtrail_insights_exist.py +++ b/prowler/providers/aws/services/cloudtrail/cloudtrail_insights_exist/cloudtrail_insights_exist.py @@ -15,13 +15,11 @@ class cloudtrail_insights_exist(Check): report.resource_arn = trail.arn report.resource_tags = trail.tags report.status = "FAIL" - report.status_extended = ( - f"Trail {trail.name} has not insight selectors and it is logging" - ) + report.status_extended = f"Trail {trail.name} does not have insight selectors and it is logging." if trail.has_insight_selectors: report.status = "PASS" report.status_extended = ( - f"Trail {trail.name} has insight selectors and it is logging" + f"Trail {trail.name} has insight selectors and it is logging." ) findings.append(report) return findings diff --git a/prowler/providers/aws/services/config/config_recorder_all_regions_enabled/config_recorder_all_regions_enabled.metadata.json b/prowler/providers/aws/services/config/config_recorder_all_regions_enabled/config_recorder_all_regions_enabled.metadata.json index 765e91bb..fc19821f 100644 --- a/prowler/providers/aws/services/config/config_recorder_all_regions_enabled/config_recorder_all_regions_enabled.metadata.json +++ b/prowler/providers/aws/services/config/config_recorder_all_regions_enabled/config_recorder_all_regions_enabled.metadata.json @@ -21,7 +21,7 @@ "Terraform": "https://docs.bridgecrew.io/docs/logging_5-enable-aws-config-regions#terraform" }, "Recommendation": { - "Text": "It is recommended to enable AWS Config be enabled in all regions.", + "Text": "It is recommended to enable AWS Config in all regions.", "Url": "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" } }, diff --git a/prowler/providers/aws/services/ec2/ec2_instance_public_ip/ec2_instance_public_ip.py b/prowler/providers/aws/services/ec2/ec2_instance_public_ip/ec2_instance_public_ip.py index 3eb7fec9..f64846d6 100644 --- a/prowler/providers/aws/services/ec2/ec2_instance_public_ip/ec2_instance_public_ip.py +++ b/prowler/providers/aws/services/ec2/ec2_instance_public_ip/ec2_instance_public_ip.py @@ -18,7 +18,7 @@ class ec2_instance_public_ip(Check): else: report.status = "PASS" report.status_extended = ( - f"EC2 Instance {instance.id} has not a Public IP." + f"EC2 Instance {instance.id} does not have a Public IP." ) report.resource_id = instance.id findings.append(report) diff --git a/prowler/providers/aws/services/ec2/ec2_networkacl_allow_ingress_any_port/ec2_networkacl_allow_ingress_any_port.py b/prowler/providers/aws/services/ec2/ec2_networkacl_allow_ingress_any_port/ec2_networkacl_allow_ingress_any_port.py index 2ca4b1ff..55a860a9 100644 --- a/prowler/providers/aws/services/ec2/ec2_networkacl_allow_ingress_any_port/ec2_networkacl_allow_ingress_any_port.py +++ b/prowler/providers/aws/services/ec2/ec2_networkacl_allow_ingress_any_port/ec2_networkacl_allow_ingress_any_port.py @@ -17,7 +17,7 @@ class ec2_networkacl_allow_ingress_any_port(Check): # If some entry allows it, that ACL is not securely configured if not check_network_acl(network_acl.entries, tcp_protocol, check_port): report.status = "PASS" - report.status_extended = f"Network ACL {network_acl.id} has not every port open to the Internet." + report.status_extended = f"Network ACL {network_acl.id} does not have every port open to the Internet." else: report.status = "FAIL" report.status_extended = ( diff --git a/prowler/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_22/ec2_networkacl_allow_ingress_tcp_port_22.py b/prowler/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_22/ec2_networkacl_allow_ingress_tcp_port_22.py index d9d9d9b5..38b7351a 100644 --- a/prowler/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_22/ec2_networkacl_allow_ingress_tcp_port_22.py +++ b/prowler/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_22/ec2_networkacl_allow_ingress_tcp_port_22.py @@ -16,7 +16,7 @@ class ec2_networkacl_allow_ingress_tcp_port_22(Check): # If some entry allows it, that ACL is not securely configured if not check_network_acl(network_acl.entries, tcp_protocol, check_port): report.status = "PASS" - report.status_extended = f"Network ACL {network_acl.id} has not SSH port 22 open to the Internet." + report.status_extended = f"Network ACL {network_acl.id} does not have SSH port 22 open to the Internet." report.resource_id = network_acl.id else: report.status = "FAIL" diff --git a/prowler/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_3389/ec2_networkacl_allow_ingress_tcp_port_3389.py b/prowler/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_3389/ec2_networkacl_allow_ingress_tcp_port_3389.py index ac1f561c..bc770114 100644 --- a/prowler/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_3389/ec2_networkacl_allow_ingress_tcp_port_3389.py +++ b/prowler/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_3389/ec2_networkacl_allow_ingress_tcp_port_3389.py @@ -16,7 +16,7 @@ class ec2_networkacl_allow_ingress_tcp_port_3389(Check): # If some entry allows it, that ACL is not securely configured if not check_network_acl(network_acl.entries, tcp_protocol, check_port): report.status = "PASS" - report.status_extended = f"Network ACL {network_acl.id} has not Microsoft RDP port 3389 open to the Internet." + report.status_extended = f"Network ACL {network_acl.id} does not have Microsoft RDP port 3389 open to the Internet." report.resource_id = network_acl.id else: report.status = "FAIL" diff --git a/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_any_port/ec2_securitygroup_allow_ingress_from_internet_to_any_port.py b/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_any_port/ec2_securitygroup_allow_ingress_from_internet_to_any_port.py index 14bcdce4..be416f1d 100644 --- a/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_any_port/ec2_securitygroup_allow_ingress_from_internet_to_any_port.py +++ b/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_any_port/ec2_securitygroup_allow_ingress_from_internet_to_any_port.py @@ -9,7 +9,7 @@ class ec2_securitygroup_allow_ingress_from_internet_to_any_port(Check): report = Check_Report_AWS(self.metadata()) report.region = security_group.region report.status = "PASS" - report.status_extended = f"Security group {security_group.name} ({security_group.id}) has not all ports open to the Internet." + report.status_extended = f"Security group {security_group.name} ({security_group.id}) does not have all ports open to the Internet." report.resource_details = security_group.name report.resource_id = security_group.id report.resource_arn = security_group.arn diff --git a/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018.py b/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018.py index 7afd304f..145586e9 100644 --- a/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018.py +++ b/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018.py @@ -15,7 +15,7 @@ class ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018( report.resource_arn = security_group.arn report.resource_tags = security_group.tags report.status = "PASS" - report.status_extended = f"Security group {security_group.name} ({security_group.id}) has not MongoDB ports 27017 and 27018 open to the Internet." + report.status_extended = f"Security group {security_group.name} ({security_group.id}) does not have MongoDB ports 27017 and 27018 open to the Internet." if not security_group.public_ports: # Loop through every security group's ingress rule and check it for ingress_rule in security_group.ingress_rules: diff --git a/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21.py b/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21.py index 45fc13ca..7d0159be 100644 --- a/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21.py +++ b/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21.py @@ -11,7 +11,7 @@ class ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21(Check) report = Check_Report_AWS(self.metadata()) report.region = security_group.region report.status = "PASS" - report.status_extended = f"Security group {security_group.name} ({security_group.id}) has not FTP ports 20 and 21 open to the Internet." + report.status_extended = f"Security group {security_group.name} ({security_group.id}) does not have FTP ports 20 and 21 open to the Internet." report.resource_details = security_group.name report.resource_id = security_group.id report.resource_arn = security_group.arn diff --git a/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22.py b/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22.py index d7813127..c1bec4a8 100644 --- a/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22.py +++ b/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22.py @@ -11,7 +11,7 @@ class ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22(Check): report = Check_Report_AWS(self.metadata()) report.region = security_group.region report.status = "PASS" - report.status_extended = f"Security group {security_group.name} ({security_group.id}) has not SSH port 22 open to the Internet." + report.status_extended = f"Security group {security_group.name} ({security_group.id}) does not have SSH port 22 open to the Internet." report.resource_details = security_group.name report.resource_id = security_group.id report.resource_arn = security_group.arn diff --git a/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389.py b/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389.py index 0a5e1f37..48ab7cb3 100644 --- a/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389.py +++ b/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389.py @@ -11,7 +11,7 @@ class ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389(Check): report = Check_Report_AWS(self.metadata()) report.region = security_group.region report.status = "PASS" - report.status_extended = f"Security group {security_group.name} ({security_group.id}) has not Microsoft RDP port 3389 open to the Internet." + report.status_extended = f"Security group {security_group.name} ({security_group.id}) does not have Microsoft RDP port 3389 open to the Internet." report.resource_details = security_group.name report.resource_id = security_group.id report.resource_arn = security_group.arn diff --git a/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888.py b/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888.py index 8a39b3f8..cdc236d2 100644 --- a/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888.py +++ b/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888.py @@ -17,7 +17,7 @@ class ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9 report.resource_arn = security_group.arn report.resource_tags = security_group.tags report.status = "PASS" - report.status_extended = f"Security group {security_group.name} ({security_group.id}) has not Casandra ports 7199, 8888 and 9160 open to the Internet." + report.status_extended = f"Security group {security_group.name} ({security_group.id}) does not have Casandra ports 7199, 8888 and 9160 open to the Internet." if not security_group.public_ports: # Loop through every security group's ingress rule and check it for ingress_rule in security_group.ingress_rules: diff --git a/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601.py b/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601.py index d411e061..5527be8d 100644 --- a/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601.py +++ b/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601.py @@ -17,7 +17,7 @@ class ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_ki report.resource_arn = security_group.arn report.resource_tags = security_group.tags report.status = "PASS" - report.status_extended = f"Security group {security_group.name} ({security_group.id}) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet." + report.status_extended = f"Security group {security_group.name} ({security_group.id}) does not have Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet." if not security_group.public_ports: # Loop through every security group's ingress rule and check it for ingress_rule in security_group.ingress_rules: diff --git a/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092.py b/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092.py index ffd41fa2..5b8bc7a9 100644 --- a/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092.py +++ b/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092.py @@ -15,7 +15,7 @@ class ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092(Check report.resource_arn = security_group.arn report.resource_tags = security_group.tags report.status = "PASS" - report.status_extended = f"Security group {security_group.name} ({security_group.id}) has not Kafka port 9092 open to the Internet." + report.status_extended = f"Security group {security_group.name} ({security_group.id}) does not have Kafka port 9092 open to the Internet." if not security_group.public_ports: # Loop through every security group's ingress rule and check it for ingress_rule in security_group.ingress_rules: diff --git a/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211.py b/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211.py index 74443086..23c9ad3a 100644 --- a/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211.py +++ b/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211.py @@ -15,7 +15,7 @@ class ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211( report.resource_arn = security_group.arn report.resource_tags = security_group.tags report.status = "PASS" - report.status_extended = f"Security group {security_group.name} ({security_group.id}) has not Memcached port 11211 open to the Internet." + report.status_extended = f"Security group {security_group.name} ({security_group.id}) does not have Memcached port 11211 open to the Internet." if not security_group.public_ports: # Loop through every security group's ingress rule and check it for ingress_rule in security_group.ingress_rules: diff --git a/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306.py b/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306.py index 822cee18..30092195 100644 --- a/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306.py +++ b/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306.py @@ -15,7 +15,7 @@ class ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306(Check report.resource_arn = security_group.arn report.resource_tags = security_group.tags report.status = "PASS" - report.status_extended = f"Security group {security_group.name} ({security_group.id}) has not MySQL port 3306 open to the Internet." + report.status_extended = f"Security group {security_group.name} ({security_group.id}) does not have MySQL port 3306 open to the Internet." if not security_group.public_ports: # Loop through every security group's ingress rule and check it for ingress_rule in security_group.ingress_rules: diff --git a/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483.py b/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483.py index 8ac7bd5c..154575ef 100644 --- a/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483.py +++ b/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483.py @@ -15,7 +15,7 @@ class ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 report.resource_arn = security_group.arn report.resource_tags = security_group.tags report.status = "PASS" - report.status_extended = f"Security group {security_group.name} ({security_group.id}) has not Oracle ports 1521 and 2483 open to the Internet." + report.status_extended = f"Security group {security_group.name} ({security_group.id}) does not have Oracle ports 1521 and 2483 open to the Internet." if not security_group.public_ports: # Loop through every security group's ingress rule and check it for ingress_rule in security_group.ingress_rules: diff --git a/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432.py b/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432.py index 9d5877f1..d107fc15 100644 --- a/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432.py +++ b/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432.py @@ -15,7 +15,7 @@ class ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432(Ch report.resource_arn = security_group.arn report.resource_tags = security_group.tags report.status = "PASS" - report.status_extended = f"Security group {security_group.name} ({security_group.id}) has not Postgres port 5432 open to the Internet." + report.status_extended = f"Security group {security_group.name} ({security_group.id}) does not have Postgres port 5432 open to the Internet." if not security_group.public_ports: # Loop through every security group's ingress rule and check it for ingress_rule in security_group.ingress_rules: diff --git a/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379.py b/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379.py index 3e0ccb25..e574240d 100644 --- a/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379.py +++ b/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379.py @@ -15,7 +15,7 @@ class ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379(Check report.resource_arn = security_group.arn report.resource_tags = security_group.tags report.status = "PASS" - report.status_extended = f"Security group {security_group.name} ({security_group.id}) has not Redis port 6379 open to the Internet." + report.status_extended = f"Security group {security_group.name} ({security_group.id}) does not have Redis port 6379 open to the Internet." if not security_group.public_ports: # Loop through every security group's ingress rule and check it for ingress_rule in security_group.ingress_rules: diff --git a/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434.py b/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434.py index e0b17a99..82e45ed3 100644 --- a/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434.py +++ b/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434.py @@ -17,7 +17,7 @@ class ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_ report.resource_arn = security_group.arn report.resource_tags = security_group.tags report.status = "PASS" - report.status_extended = f"Security group {security_group.name} ({security_group.id}) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet." + report.status_extended = f"Security group {security_group.name} ({security_group.id}) does not have Microsoft SQL Server ports 1433 and 1434 open to the Internet." if not security_group.public_ports: # Loop through every security group's ingress rule and check it for ingress_rule in security_group.ingress_rules: diff --git a/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23.py b/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23.py index f921a3cd..2e4d466b 100644 --- a/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23.py +++ b/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23.py @@ -15,7 +15,7 @@ class ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23(Check) report.resource_arn = security_group.arn report.resource_tags = security_group.tags report.status = "PASS" - report.status_extended = f"Security group {security_group.name} ({security_group.id}) has not Telnet port 23 open to the Internet." + report.status_extended = f"Security group {security_group.name} ({security_group.id}) does not have Telnet port 23 open to the Internet." if not security_group.public_ports: # Loop through every security group's ingress rule and check it for ingress_rule in security_group.ingress_rules: diff --git a/prowler/providers/aws/services/ecr/ecr_repositories_lifecycle_policy_enabled/ecr_repositories_lifecycle_policy_enabled.py b/prowler/providers/aws/services/ecr/ecr_repositories_lifecycle_policy_enabled/ecr_repositories_lifecycle_policy_enabled.py index da4d329f..dbba260d 100644 --- a/prowler/providers/aws/services/ecr/ecr_repositories_lifecycle_policy_enabled/ecr_repositories_lifecycle_policy_enabled.py +++ b/prowler/providers/aws/services/ecr/ecr_repositories_lifecycle_policy_enabled/ecr_repositories_lifecycle_policy_enabled.py @@ -13,10 +13,10 @@ class ecr_repositories_lifecycle_policy_enabled(Check): report.resource_arn = repository.arn report.resource_tags = repository.tags report.status = "FAIL" - report.status_extended = f"Repository {repository.name} has not a lifecycle policy configured" + report.status_extended = f"Repository {repository.name} does not have a lifecycle policy configured." if repository.lifecycle_policy: report.status = "PASS" - report.status_extended = f"Repository {repository.name} has a lifecycle policy configured" + report.status_extended = f"Repository {repository.name} has a lifecycle policy configured." findings.append(report) diff --git a/prowler/providers/aws/services/eks/eks_cluster_kms_cmk_encryption_in_secrets_enabled/eks_cluster_kms_cmk_encryption_in_secrets_enabled.py b/prowler/providers/aws/services/eks/eks_cluster_kms_cmk_encryption_in_secrets_enabled/eks_cluster_kms_cmk_encryption_in_secrets_enabled.py index 8fc85ca9..d187d8a3 100644 --- a/prowler/providers/aws/services/eks/eks_cluster_kms_cmk_encryption_in_secrets_enabled/eks_cluster_kms_cmk_encryption_in_secrets_enabled.py +++ b/prowler/providers/aws/services/eks/eks_cluster_kms_cmk_encryption_in_secrets_enabled/eks_cluster_kms_cmk_encryption_in_secrets_enabled.py @@ -12,9 +12,7 @@ class eks_cluster_kms_cmk_encryption_in_secrets_enabled(Check): report.resource_arn = cluster.arn report.resource_tags = cluster.tags report.status = "FAIL" - report.status_extended = ( - f"EKS cluster {cluster.name} has not encryption for Kubernetes secrets." - ) + report.status_extended = f"EKS cluster {cluster.name} does not have encryption for Kubernetes secrets." if cluster.encryptionConfig: report.status = "PASS" report.status_extended = ( diff --git a/prowler/providers/aws/services/elb/elb_insecure_ssl_ciphers/elb_insecure_ssl_ciphers.py b/prowler/providers/aws/services/elb/elb_insecure_ssl_ciphers/elb_insecure_ssl_ciphers.py index eff89818..279b4880 100644 --- a/prowler/providers/aws/services/elb/elb_insecure_ssl_ciphers/elb_insecure_ssl_ciphers.py +++ b/prowler/providers/aws/services/elb/elb_insecure_ssl_ciphers/elb_insecure_ssl_ciphers.py @@ -15,7 +15,7 @@ class elb_insecure_ssl_ciphers(Check): report.resource_tags = lb.tags report.status = "PASS" report.status_extended = ( - f"ELB {lb.name} has not insecure SSL protocols or ciphers." + f"ELB {lb.name} does not have insecure SSL protocols or ciphers." ) for listener in lb.listeners: if listener.protocol == "HTTPS" and not any( diff --git a/prowler/providers/aws/services/elb/elb_logging_enabled/elb_logging_enabled.py b/prowler/providers/aws/services/elb/elb_logging_enabled/elb_logging_enabled.py index 91eee1e0..2d137e06 100644 --- a/prowler/providers/aws/services/elb/elb_logging_enabled/elb_logging_enabled.py +++ b/prowler/providers/aws/services/elb/elb_logging_enabled/elb_logging_enabled.py @@ -11,7 +11,9 @@ class elb_logging_enabled(Check): report.resource_id = lb.name report.resource_tags = lb.tags report.status = "FAIL" - report.status_extended = f"ELB {lb.name} has not configured access logs." + report.status_extended = ( + f"ELB {lb.name} does not have access logs configured." + ) if lb.access_logs: report.status = "PASS" report.status_extended = ( diff --git a/prowler/providers/aws/services/elbv2/elbv2_deletion_protection/elbv2_deletion_protection.py b/prowler/providers/aws/services/elbv2/elbv2_deletion_protection/elbv2_deletion_protection.py index 6ef436be..12f5fafb 100644 --- a/prowler/providers/aws/services/elbv2/elbv2_deletion_protection/elbv2_deletion_protection.py +++ b/prowler/providers/aws/services/elbv2/elbv2_deletion_protection/elbv2_deletion_protection.py @@ -12,7 +12,9 @@ class elbv2_deletion_protection(Check): report.resource_arn = lb.arn report.resource_tags = lb.tags report.status = "FAIL" - report.status_extended = f"ELBv2 {lb.name} has not deletion protection." + report.status_extended = ( + f"ELBv2 {lb.name} does not have deletion protection enabled." + ) if lb.deletion_protection == "true": report.status = "PASS" report.status_extended = ( diff --git a/prowler/providers/aws/services/elbv2/elbv2_insecure_ssl_ciphers/elbv2_insecure_ssl_ciphers.py b/prowler/providers/aws/services/elbv2/elbv2_insecure_ssl_ciphers/elbv2_insecure_ssl_ciphers.py index 94441e95..40bcf1e1 100644 --- a/prowler/providers/aws/services/elbv2/elbv2_insecure_ssl_ciphers/elbv2_insecure_ssl_ciphers.py +++ b/prowler/providers/aws/services/elbv2/elbv2_insecure_ssl_ciphers/elbv2_insecure_ssl_ciphers.py @@ -25,7 +25,7 @@ class elbv2_insecure_ssl_ciphers(Check): report.resource_tags = lb.tags report.status = "PASS" report.status_extended = ( - f"ELBv2 {lb.name} has not insecure SSL protocols or ciphers." + f"ELBv2 {lb.name} does not have insecure SSL protocols or ciphers." ) for listener in lb.listeners: if ( diff --git a/prowler/providers/aws/services/elbv2/elbv2_logging_enabled/elbv2_logging_enabled.py b/prowler/providers/aws/services/elbv2/elbv2_logging_enabled/elbv2_logging_enabled.py index c79e1731..4896bea0 100644 --- a/prowler/providers/aws/services/elbv2/elbv2_logging_enabled/elbv2_logging_enabled.py +++ b/prowler/providers/aws/services/elbv2/elbv2_logging_enabled/elbv2_logging_enabled.py @@ -13,7 +13,7 @@ class elbv2_logging_enabled(Check): report.resource_tags = lb.tags report.status = "FAIL" report.status_extended = ( - f"ELBv2 ALB {lb.name} has not configured access logs." + f"ELBv2 ALB {lb.name} does not have access logs configured." ) if lb.access_logs == "true": report.status = "PASS" diff --git a/prowler/providers/aws/services/emr/emr_cluster_master_nodes_no_public_ip/emr_cluster_master_nodes_no_public_ip.py b/prowler/providers/aws/services/emr/emr_cluster_master_nodes_no_public_ip/emr_cluster_master_nodes_no_public_ip.py index eb14498c..2836390c 100644 --- a/prowler/providers/aws/services/emr/emr_cluster_master_nodes_no_public_ip/emr_cluster_master_nodes_no_public_ip.py +++ b/prowler/providers/aws/services/emr/emr_cluster_master_nodes_no_public_ip/emr_cluster_master_nodes_no_public_ip.py @@ -18,11 +18,13 @@ class emr_cluster_master_nodes_no_public_ip(Check): report.resource_tags = cluster.tags if cluster.public: report.status = "FAIL" - report.status_extended = f"EMR Cluster {cluster.id} has a Public IP" + report.status_extended = ( + f"EMR Cluster {cluster.id} has a Public IP." + ) else: report.status = "PASS" report.status_extended = ( - f"EMR Cluster {cluster.id} has not a Public IP" + f"EMR Cluster {cluster.id} does not have a Public IP." ) findings.append(report) diff --git a/prowler/providers/aws/services/iam/iam_role_cross_account_readonlyaccess_policy/iam_role_cross_account_readonlyaccess_policy.py b/prowler/providers/aws/services/iam/iam_role_cross_account_readonlyaccess_policy/iam_role_cross_account_readonlyaccess_policy.py index 6c59a0e8..2c053e67 100644 --- a/prowler/providers/aws/services/iam/iam_role_cross_account_readonlyaccess_policy/iam_role_cross_account_readonlyaccess_policy.py +++ b/prowler/providers/aws/services/iam/iam_role_cross_account_readonlyaccess_policy/iam_role_cross_account_readonlyaccess_policy.py @@ -16,11 +16,11 @@ class iam_role_cross_account_readonlyaccess_policy(Check): report.resource_tags = role.tags report.status = "PASS" report.status_extended = ( - f"IAM Role {role.name} has not ReadOnlyAccess policy" + f"IAM Role {role.name} does not have ReadOnlyAccess policy." ) for policy in role.attached_policies: if policy["PolicyName"] == "ReadOnlyAccess": - report.status_extended = f"IAM Role {role.name} has read-only access but is not cross account" + report.status_extended = f"IAM Role {role.name} has read-only access but is not cross account." cross_account_access = False if type(role.assume_role_policy["Statement"]) == list: for statement in role.assume_role_policy["Statement"]: @@ -72,7 +72,7 @@ class iam_role_cross_account_readonlyaccess_policy(Check): cross_account_access = True if cross_account_access: report.status = "FAIL" - report.status_extended = f"IAM Role {role.name} gives cross account read-only access!" + report.status_extended = f"IAM Role {role.name} gives cross account read-only access." findings.append(report) diff --git a/prowler/providers/aws/services/rds/rds_instance_backup_enabled/rds_instance_backup_enabled.py b/prowler/providers/aws/services/rds/rds_instance_backup_enabled/rds_instance_backup_enabled.py index 67b359f0..39f63d0b 100644 --- a/prowler/providers/aws/services/rds/rds_instance_backup_enabled/rds_instance_backup_enabled.py +++ b/prowler/providers/aws/services/rds/rds_instance_backup_enabled/rds_instance_backup_enabled.py @@ -17,7 +17,7 @@ class rds_instance_backup_enabled(Check): else: report.status = "FAIL" report.status_extended = ( - f"RDS Instance {db_instance.id} has not backup enabled." + f"RDS Instance {db_instance.id} does not have backup enabled." ) findings.append(report) diff --git a/prowler/providers/aws/services/workspaces/workspaces_vpc_2private_1public_subnets_nat/workspaces_vpc_2private_1public_subnets_nat.py b/prowler/providers/aws/services/workspaces/workspaces_vpc_2private_1public_subnets_nat/workspaces_vpc_2private_1public_subnets_nat.py index 32c7ae5b..cae7d5a7 100644 --- a/prowler/providers/aws/services/workspaces/workspaces_vpc_2private_1public_subnets_nat/workspaces_vpc_2private_1public_subnets_nat.py +++ b/prowler/providers/aws/services/workspaces/workspaces_vpc_2private_1public_subnets_nat/workspaces_vpc_2private_1public_subnets_nat.py @@ -15,7 +15,7 @@ class workspaces_vpc_2private_1public_subnets_nat(Check): report.resource_arn = workspace.arn report.resource_tags = workspace.tags report.status = "PASS" - report.status_extended = f"Workspace {workspace.id} is in a private subnet within a VPC which has 1 public subnet 2 private subnets with a NAT Gateway attached" + report.status_extended = f"Workspace {workspace.id} is in a private subnet within a VPC which has 1 public subnet 2 private subnets with a NAT Gateway attached." vpc_object = None is_in_private_subnet = False if workspace.subnet_id: @@ -45,7 +45,7 @@ class workspaces_vpc_2private_1public_subnets_nat(Check): or not is_in_private_subnet ): report.status = "FAIL" - report.status_extended = f"Workspace {workspace.id} is not in a private subnet or its VPC has not 1 public subnet and 2 private subnets with a NAT Gateway attached" + report.status_extended = f"Workspace {workspace.id} is not in a private subnet or its VPC does not have 1 public subnet and 2 private subnets with a NAT Gateway attached." findings.append(report) return findings diff --git a/prowler/providers/gcp/services/cloudsql/cloudsql_instance_mysql_local_infile_flag/cloudsql_instance_mysql_local_infile_flag.py b/prowler/providers/gcp/services/cloudsql/cloudsql_instance_mysql_local_infile_flag/cloudsql_instance_mysql_local_infile_flag.py index 76b7fb68..d77c9897 100644 --- a/prowler/providers/gcp/services/cloudsql/cloudsql_instance_mysql_local_infile_flag/cloudsql_instance_mysql_local_infile_flag.py +++ b/prowler/providers/gcp/services/cloudsql/cloudsql_instance_mysql_local_infile_flag/cloudsql_instance_mysql_local_infile_flag.py @@ -13,11 +13,11 @@ class cloudsql_instance_mysql_local_infile_flag(Check): report.resource_name = instance.name report.location = instance.region report.status = "FAIL" - report.status_extended = f"MySQL Instance {instance.name} has not 'local_infile' flag set to 'off'" + report.status_extended = f"MySQL Instance {instance.name} does not have 'local_infile' flag set to 'off'." for flag in instance.flags: if flag["name"] == "local_infile" and flag["value"] == "off": report.status = "PASS" - report.status_extended = f"MySQL Instance {instance.name} has 'local_infile' flag set to 'off'" + report.status_extended = f"MySQL Instance {instance.name} has 'local_infile' flag set to 'off'." break findings.append(report) diff --git a/prowler/providers/gcp/services/cloudsql/cloudsql_instance_mysql_skip_show_database_flag/cloudsql_instance_mysql_skip_show_database_flag.py b/prowler/providers/gcp/services/cloudsql/cloudsql_instance_mysql_skip_show_database_flag/cloudsql_instance_mysql_skip_show_database_flag.py index fe0e85a3..e1070cbc 100644 --- a/prowler/providers/gcp/services/cloudsql/cloudsql_instance_mysql_skip_show_database_flag/cloudsql_instance_mysql_skip_show_database_flag.py +++ b/prowler/providers/gcp/services/cloudsql/cloudsql_instance_mysql_skip_show_database_flag/cloudsql_instance_mysql_skip_show_database_flag.py @@ -13,11 +13,11 @@ class cloudsql_instance_mysql_skip_show_database_flag(Check): report.resource_name = instance.name report.location = instance.region report.status = "FAIL" - report.status_extended = f"MySQL Instance {instance.name} has not 'skip_show_database' flag set to 'on'" + report.status_extended = f"MySQL Instance {instance.name} does not have 'skip_show_database' flag set to 'on'." for flag in instance.flags: if flag["name"] == "skip_show_database" and flag["value"] == "on": report.status = "PASS" - report.status_extended = f"MySQL Instance {instance.name} has 'skip_show_database' flag set to 'on'" + report.status_extended = f"MySQL Instance {instance.name} has 'skip_show_database' flag set to 'on'." break findings.append(report) diff --git a/prowler/providers/gcp/services/cloudsql/cloudsql_instance_postgres_enable_pgaudit_flag/cloudsql_instance_postgres_enable_pgaudit_flag.py b/prowler/providers/gcp/services/cloudsql/cloudsql_instance_postgres_enable_pgaudit_flag/cloudsql_instance_postgres_enable_pgaudit_flag.py index 8d74a7b1..d8943650 100644 --- a/prowler/providers/gcp/services/cloudsql/cloudsql_instance_postgres_enable_pgaudit_flag/cloudsql_instance_postgres_enable_pgaudit_flag.py +++ b/prowler/providers/gcp/services/cloudsql/cloudsql_instance_postgres_enable_pgaudit_flag/cloudsql_instance_postgres_enable_pgaudit_flag.py @@ -13,14 +13,14 @@ class cloudsql_instance_postgres_enable_pgaudit_flag(Check): report.resource_name = instance.name report.location = instance.region report.status = "FAIL" - report.status_extended = f"PostgreSQL Instance {instance.name} has not 'cloudsql.enable_pgaudit' flag set to 'on'" + report.status_extended = f"PostgreSQL Instance {instance.name} does not have 'cloudsql.enable_pgaudit' flag set to 'on'." for flag in instance.flags: if ( flag["name"] == "cloudsql.enable_pgaudit" and flag["value"] == "on" ): report.status = "PASS" - report.status_extended = f"PostgreSQL Instance {instance.name} has 'cloudsql.enable_pgaudit' flag set to 'on'" + report.status_extended = f"PostgreSQL Instance {instance.name} has 'cloudsql.enable_pgaudit' flag set to 'on'." break findings.append(report) diff --git a/prowler/providers/gcp/services/cloudsql/cloudsql_instance_postgres_log_connections_flag/cloudsql_instance_postgres_log_connections_flag.py b/prowler/providers/gcp/services/cloudsql/cloudsql_instance_postgres_log_connections_flag/cloudsql_instance_postgres_log_connections_flag.py index 0d8ea3c9..63e083e4 100644 --- a/prowler/providers/gcp/services/cloudsql/cloudsql_instance_postgres_log_connections_flag/cloudsql_instance_postgres_log_connections_flag.py +++ b/prowler/providers/gcp/services/cloudsql/cloudsql_instance_postgres_log_connections_flag/cloudsql_instance_postgres_log_connections_flag.py @@ -13,11 +13,11 @@ class cloudsql_instance_postgres_log_connections_flag(Check): report.resource_name = instance.name report.location = instance.region report.status = "FAIL" - report.status_extended = f"PostgreSQL Instance {instance.name} has not 'log_connections' flag set to 'on'" + report.status_extended = f"PostgreSQL Instance {instance.name} does not have 'log_connections' flag set to 'on'." for flag in instance.flags: if flag["name"] == "log_connections" and flag["value"] == "on": report.status = "PASS" - report.status_extended = f"PostgreSQL Instance {instance.name} has 'log_connections' flag set to 'on'" + report.status_extended = f"PostgreSQL Instance {instance.name} has 'log_connections' flag set to 'on'." break findings.append(report) diff --git a/prowler/providers/gcp/services/cloudsql/cloudsql_instance_postgres_log_disconnections_flag/cloudsql_instance_postgres_log_disconnections_flag.py b/prowler/providers/gcp/services/cloudsql/cloudsql_instance_postgres_log_disconnections_flag/cloudsql_instance_postgres_log_disconnections_flag.py index 939a381c..cc5078f2 100644 --- a/prowler/providers/gcp/services/cloudsql/cloudsql_instance_postgres_log_disconnections_flag/cloudsql_instance_postgres_log_disconnections_flag.py +++ b/prowler/providers/gcp/services/cloudsql/cloudsql_instance_postgres_log_disconnections_flag/cloudsql_instance_postgres_log_disconnections_flag.py @@ -13,11 +13,11 @@ class cloudsql_instance_postgres_log_disconnections_flag(Check): report.resource_name = instance.name report.location = instance.region report.status = "FAIL" - report.status_extended = f"PostgreSQL Instance {instance.name} has not 'log_disconnections' flag set to 'on'" + report.status_extended = f"PostgreSQL Instance {instance.name} does not have 'log_disconnections' flag set to 'on'." for flag in instance.flags: if flag["name"] == "log_disconnections" and flag["value"] == "on": report.status = "PASS" - report.status_extended = f"PostgreSQL Instance {instance.name} has 'log_disconnections' flag set to 'on'" + report.status_extended = f"PostgreSQL Instance {instance.name} has 'log_disconnections' flag set to 'on'." break findings.append(report) diff --git a/prowler/providers/gcp/services/cloudsql/cloudsql_instance_postgres_log_error_verbosity_flag/cloudsql_instance_postgres_log_error_verbosity_flag.py b/prowler/providers/gcp/services/cloudsql/cloudsql_instance_postgres_log_error_verbosity_flag/cloudsql_instance_postgres_log_error_verbosity_flag.py index 643cc6b3..c593ee03 100644 --- a/prowler/providers/gcp/services/cloudsql/cloudsql_instance_postgres_log_error_verbosity_flag/cloudsql_instance_postgres_log_error_verbosity_flag.py +++ b/prowler/providers/gcp/services/cloudsql/cloudsql_instance_postgres_log_error_verbosity_flag/cloudsql_instance_postgres_log_error_verbosity_flag.py @@ -13,14 +13,14 @@ class cloudsql_instance_postgres_log_error_verbosity_flag(Check): report.resource_name = instance.name report.location = instance.region report.status = "FAIL" - report.status_extended = f"PostgreSQL Instance {instance.name} has not 'log_error_verbosity' flag set to 'default'" + report.status_extended = f"PostgreSQL Instance {instance.name} does not have 'log_error_verbosity' flag set to 'default'." for flag in instance.flags: if ( flag["name"] == "log_error_verbosity" and flag["value"] == "default" ): report.status = "PASS" - report.status_extended = f"PostgreSQL Instance {instance.name} has 'log_error_verbosity' flag set to 'default'" + report.status_extended = f"PostgreSQL Instance {instance.name} has 'log_error_verbosity' flag set to 'default'." break findings.append(report) diff --git a/prowler/providers/gcp/services/cloudsql/cloudsql_instance_postgres_log_min_duration_statement_flag/cloudsql_instance_postgres_log_min_duration_statement_flag.py b/prowler/providers/gcp/services/cloudsql/cloudsql_instance_postgres_log_min_duration_statement_flag/cloudsql_instance_postgres_log_min_duration_statement_flag.py index 16efe3d2..093a9d1e 100644 --- a/prowler/providers/gcp/services/cloudsql/cloudsql_instance_postgres_log_min_duration_statement_flag/cloudsql_instance_postgres_log_min_duration_statement_flag.py +++ b/prowler/providers/gcp/services/cloudsql/cloudsql_instance_postgres_log_min_duration_statement_flag/cloudsql_instance_postgres_log_min_duration_statement_flag.py @@ -13,14 +13,14 @@ class cloudsql_instance_postgres_log_min_duration_statement_flag(Check): report.resource_name = instance.name report.location = instance.region report.status = "FAIL" - report.status_extended = f"PostgreSQL Instance {instance.name} has not 'log_min_duration_statement' flag set to '-1'" + report.status_extended = f"PostgreSQL Instance {instance.name} does not have 'log_min_duration_statement' flag set to '-1'." for flag in instance.flags: if ( flag["name"] == "log_min_duration_statement" and flag["value"] == "-1" ): report.status = "PASS" - report.status_extended = f"PostgreSQL Instance {instance.name} has 'log_min_duration_statement' flag set to '-1'" + report.status_extended = f"PostgreSQL Instance {instance.name} has 'log_min_duration_statement' flag set to '-1'." break findings.append(report) diff --git a/prowler/providers/gcp/services/cloudsql/cloudsql_instance_postgres_log_min_error_statement_flag/cloudsql_instance_postgres_log_min_error_statement_flag.py b/prowler/providers/gcp/services/cloudsql/cloudsql_instance_postgres_log_min_error_statement_flag/cloudsql_instance_postgres_log_min_error_statement_flag.py index 6b87e914..1c2a0d52 100644 --- a/prowler/providers/gcp/services/cloudsql/cloudsql_instance_postgres_log_min_error_statement_flag/cloudsql_instance_postgres_log_min_error_statement_flag.py +++ b/prowler/providers/gcp/services/cloudsql/cloudsql_instance_postgres_log_min_error_statement_flag/cloudsql_instance_postgres_log_min_error_statement_flag.py @@ -14,14 +14,14 @@ class cloudsql_instance_postgres_log_min_error_statement_flag(Check): report.resource_name = instance.name report.location = instance.region report.status = "FAIL" - report.status_extended = f"PostgreSQL Instance {instance.name} has not 'log_min_error_statement' flag set minimum to '{desired_log_min_error_statement}'" + report.status_extended = f"PostgreSQL Instance {instance.name} does not have 'log_min_error_statement' flag set minimum to '{desired_log_min_error_statement}'." for flag in instance.flags: if ( flag["name"] == "log_min_error_statement" and flag["value"] == desired_log_min_error_statement ): report.status = "PASS" - report.status_extended = f"PostgreSQL Instance {instance.name} has 'log_min_error_statement' flag set minimum to '{desired_log_min_error_statement}'" + report.status_extended = f"PostgreSQL Instance {instance.name} has 'log_min_error_statement' flag set minimum to '{desired_log_min_error_statement}'." break findings.append(report) diff --git a/prowler/providers/gcp/services/cloudsql/cloudsql_instance_postgres_log_min_messages_flag/cloudsql_instance_postgres_log_min_messages_flag.py b/prowler/providers/gcp/services/cloudsql/cloudsql_instance_postgres_log_min_messages_flag/cloudsql_instance_postgres_log_min_messages_flag.py index 4419cd27..6a5d7654 100644 --- a/prowler/providers/gcp/services/cloudsql/cloudsql_instance_postgres_log_min_messages_flag/cloudsql_instance_postgres_log_min_messages_flag.py +++ b/prowler/providers/gcp/services/cloudsql/cloudsql_instance_postgres_log_min_messages_flag/cloudsql_instance_postgres_log_min_messages_flag.py @@ -14,14 +14,14 @@ class cloudsql_instance_postgres_log_min_messages_flag(Check): report.resource_name = instance.name report.location = instance.region report.status = "FAIL" - report.status_extended = f"PostgreSQL Instance {instance.name} has not 'log_min_messages' flag set minimum to '{desired_log_min_messages}'" + report.status_extended = f"PostgreSQL Instance {instance.name} does not have 'log_min_messages' flag set minimum to '{desired_log_min_messages}'." for flag in instance.flags: if ( flag["name"] == "log_min_messages" and flag["value"] == desired_log_min_messages ): report.status = "PASS" - report.status_extended = f"PostgreSQL Instance {instance.name} has 'log_min_messages' flag set minimum to '{desired_log_min_messages}'" + report.status_extended = f"PostgreSQL Instance {instance.name} has 'log_min_messages' flag set minimum to '{desired_log_min_messages}'." break findings.append(report) diff --git a/prowler/providers/gcp/services/cloudsql/cloudsql_instance_postgres_log_statement_flag/cloudsql_instance_postgres_log_statement_flag.py b/prowler/providers/gcp/services/cloudsql/cloudsql_instance_postgres_log_statement_flag/cloudsql_instance_postgres_log_statement_flag.py index ef964bfc..d57d348b 100644 --- a/prowler/providers/gcp/services/cloudsql/cloudsql_instance_postgres_log_statement_flag/cloudsql_instance_postgres_log_statement_flag.py +++ b/prowler/providers/gcp/services/cloudsql/cloudsql_instance_postgres_log_statement_flag/cloudsql_instance_postgres_log_statement_flag.py @@ -14,14 +14,14 @@ class cloudsql_instance_postgres_log_statement_flag(Check): report.resource_name = instance.name report.location = instance.region report.status = "FAIL" - report.status_extended = f"PostgreSQL Instance {instance.name} has not 'log_statement' flag set to '{desired_log_statement}'" + report.status_extended = f"PostgreSQL Instance {instance.name} does not have 'log_statement' flag set to '{desired_log_statement}'." for flag in instance.flags: if ( flag["name"] == "log_statement" and flag["value"] == desired_log_statement ): report.status = "PASS" - report.status_extended = f"PostgreSQL Instance {instance.name} has 'log_statement' flag set to '{desired_log_statement}'" + report.status_extended = f"PostgreSQL Instance {instance.name} has 'log_statement' flag set to '{desired_log_statement}'." break findings.append(report) diff --git a/prowler/providers/gcp/services/cloudsql/cloudsql_instance_public_ip/cloudsql_instance_public_ip.py b/prowler/providers/gcp/services/cloudsql/cloudsql_instance_public_ip/cloudsql_instance_public_ip.py index 52261b5b..4b17edb3 100644 --- a/prowler/providers/gcp/services/cloudsql/cloudsql_instance_public_ip/cloudsql_instance_public_ip.py +++ b/prowler/providers/gcp/services/cloudsql/cloudsql_instance_public_ip/cloudsql_instance_public_ip.py @@ -13,12 +13,12 @@ class cloudsql_instance_public_ip(Check): report.location = instance.region report.status = "PASS" report.status_extended = ( - f"Database Instance {instance.name} has not a public IP" + f"Database Instance {instance.name} does not have a public IP." ) if instance.public_ip: report.status = "FAIL" report.status_extended = ( - f"Database Instance {instance.name} has a public IP" + f"Database Instance {instance.name} has a public IP." ) findings.append(report) diff --git a/prowler/providers/gcp/services/cloudsql/cloudsql_instance_sqlserver_cross_db_ownership_chaining_flag/cloudsql_instance_sqlserver_cross_db_ownership_chaining_flag.py b/prowler/providers/gcp/services/cloudsql/cloudsql_instance_sqlserver_cross_db_ownership_chaining_flag/cloudsql_instance_sqlserver_cross_db_ownership_chaining_flag.py index 05d82e67..98e99bca 100644 --- a/prowler/providers/gcp/services/cloudsql/cloudsql_instance_sqlserver_cross_db_ownership_chaining_flag/cloudsql_instance_sqlserver_cross_db_ownership_chaining_flag.py +++ b/prowler/providers/gcp/services/cloudsql/cloudsql_instance_sqlserver_cross_db_ownership_chaining_flag/cloudsql_instance_sqlserver_cross_db_ownership_chaining_flag.py @@ -13,11 +13,11 @@ class cloudsql_instance_sqlserver_cross_db_ownership_chaining_flag(Check): report.resource_name = instance.name report.location = instance.region report.status = "PASS" - report.status_extended = f"SQL Server Instance {instance.name} has 'cross db ownership' flag set to 'off'" + report.status_extended = f"SQL Server Instance {instance.name} has 'cross db ownership' flag set to 'off'." for flag in instance.flags: if flag["name"] == "cross db ownership" and flag["value"] == "on": report.status = "FAIL" - report.status_extended = f"SQL Server Instance {instance.name} has not 'cross db ownership' flag set to 'off'" + report.status_extended = f"SQL Server Instance {instance.name} does not have 'cross db ownership' flag set to 'off'." break findings.append(report) diff --git a/prowler/providers/gcp/services/cloudsql/cloudsql_instance_sqlserver_external_scripts_enabled_flag/cloudsql_instance_sqlserver_external_scripts_enabled_flag.py b/prowler/providers/gcp/services/cloudsql/cloudsql_instance_sqlserver_external_scripts_enabled_flag/cloudsql_instance_sqlserver_external_scripts_enabled_flag.py index 6eecb891..1020a032 100644 --- a/prowler/providers/gcp/services/cloudsql/cloudsql_instance_sqlserver_external_scripts_enabled_flag/cloudsql_instance_sqlserver_external_scripts_enabled_flag.py +++ b/prowler/providers/gcp/services/cloudsql/cloudsql_instance_sqlserver_external_scripts_enabled_flag/cloudsql_instance_sqlserver_external_scripts_enabled_flag.py @@ -13,14 +13,14 @@ class cloudsql_instance_sqlserver_external_scripts_enabled_flag(Check): report.resource_name = instance.name report.location = instance.region report.status = "PASS" - report.status_extended = f"SQL Server Instance {instance.name} has 'external scripts enabled' flag set to 'off'" + report.status_extended = f"SQL Server Instance {instance.name} has 'external scripts enabled' flag set to 'off'." for flag in instance.flags: if ( flag["name"] == "external scripts enabled" and flag["value"] == "on" ): report.status = "FAIL" - report.status_extended = f"SQL Server Instance {instance.name} has not 'external scripts enabled' flag set to 'off'" + report.status_extended = f"SQL Server Instance {instance.name} does not have 'external scripts enabled' flag set to 'off'." break findings.append(report) diff --git a/prowler/providers/gcp/services/cloudsql/cloudsql_instance_sqlserver_remote_access_flag/cloudsql_instance_sqlserver_remote_access_flag.py b/prowler/providers/gcp/services/cloudsql/cloudsql_instance_sqlserver_remote_access_flag/cloudsql_instance_sqlserver_remote_access_flag.py index 398a2aed..5d29341a 100644 --- a/prowler/providers/gcp/services/cloudsql/cloudsql_instance_sqlserver_remote_access_flag/cloudsql_instance_sqlserver_remote_access_flag.py +++ b/prowler/providers/gcp/services/cloudsql/cloudsql_instance_sqlserver_remote_access_flag/cloudsql_instance_sqlserver_remote_access_flag.py @@ -13,11 +13,11 @@ class cloudsql_instance_sqlserver_remote_access_flag(Check): report.resource_name = instance.name report.location = instance.region report.status = "PASS" - report.status_extended = f"SQL Server Instance {instance.name} has not 'remote access' flag set to 'on'" + report.status_extended = f"SQL Server Instance {instance.name} does not have 'remote access' flag set to 'on'." for flag in instance.flags: if flag["name"] == "remote access" and flag["value"] == "on": report.status = "FAIL" - report.status_extended = f"SQL Server Instance {instance.name} has 'remote access' flag set to 'on'" + report.status_extended = f"SQL Server Instance {instance.name} has 'remote access' flag set to 'on'." break findings.append(report) diff --git a/prowler/providers/gcp/services/cloudsql/cloudsql_instance_sqlserver_user_connections_flag/cloudsql_instance_sqlserver_user_connections_flag.py b/prowler/providers/gcp/services/cloudsql/cloudsql_instance_sqlserver_user_connections_flag/cloudsql_instance_sqlserver_user_connections_flag.py index d250179b..a48278f7 100644 --- a/prowler/providers/gcp/services/cloudsql/cloudsql_instance_sqlserver_user_connections_flag/cloudsql_instance_sqlserver_user_connections_flag.py +++ b/prowler/providers/gcp/services/cloudsql/cloudsql_instance_sqlserver_user_connections_flag/cloudsql_instance_sqlserver_user_connections_flag.py @@ -13,11 +13,11 @@ class cloudsql_instance_sqlserver_user_connections_flag(Check): report.resource_name = instance.name report.location = instance.region report.status = "PASS" - report.status_extended = f"SQL Server Instance {instance.name} has 'user connections' flag set to '0'" + report.status_extended = f"SQL Server Instance {instance.name} has 'user connections' flag set to '0'." for flag in instance.flags: if flag["name"] == "user connections" and flag["value"] == "0": report.status = "FAIL" - report.status_extended = f"SQL Server Instance {instance.name} has not 'user connections' flag set to '0'" + report.status_extended = f"SQL Server Instance {instance.name} does not have 'user connections' flag set to '0'." break findings.append(report) diff --git a/prowler/providers/gcp/services/cloudsql/cloudsql_instance_sqlserver_user_options_flag/cloudsql_instance_sqlserver_user_options_flag.py b/prowler/providers/gcp/services/cloudsql/cloudsql_instance_sqlserver_user_options_flag/cloudsql_instance_sqlserver_user_options_flag.py index dcfe8de7..752f1838 100644 --- a/prowler/providers/gcp/services/cloudsql/cloudsql_instance_sqlserver_user_options_flag/cloudsql_instance_sqlserver_user_options_flag.py +++ b/prowler/providers/gcp/services/cloudsql/cloudsql_instance_sqlserver_user_options_flag/cloudsql_instance_sqlserver_user_options_flag.py @@ -13,11 +13,11 @@ class cloudsql_instance_sqlserver_user_options_flag(Check): report.resource_name = instance.name report.location = instance.region report.status = "PASS" - report.status_extended = f"SQL Server Instance {instance.name} has not 'user options' flag set" + report.status_extended = f"SQL Server Instance {instance.name} does not have 'user options' flag set." for flag in instance.flags: if flag["name"] == "user options" and flag["value"] != "": report.status = "FAIL" - report.status_extended = f"SQL Server Instance {instance.name} has 'user options' flag set" + report.status_extended = f"SQL Server Instance {instance.name} has 'user options' flag set." break findings.append(report) diff --git a/prowler/providers/gcp/services/compute/compute_instance_public_ip/compute_instance_public_ip.py b/prowler/providers/gcp/services/compute/compute_instance_public_ip/compute_instance_public_ip.py index 32889bf3..429b4d99 100644 --- a/prowler/providers/gcp/services/compute/compute_instance_public_ip/compute_instance_public_ip.py +++ b/prowler/providers/gcp/services/compute/compute_instance_public_ip/compute_instance_public_ip.py @@ -12,10 +12,12 @@ class compute_instance_public_ip(Check): report.resource_name = instance.name report.location = instance.zone report.status = "PASS" - report.status_extended = f"VM Instance {instance.name} has not a public IP" + report.status_extended = ( + f"VM Instance {instance.name} does not have a public IP." + ) if instance.public_ip: report.status = "FAIL" - report.status_extended = f"VM Instance {instance.name} has a public IP" + report.status_extended = f"VM Instance {instance.name} has a public IP." findings.append(report) return findings diff --git a/tests/providers/aws/services/apigateway/apigateway_authorizers_enabled/apigateway_authorizers_enabled_test.py b/tests/providers/aws/services/apigateway/apigateway_authorizers_enabled/apigateway_authorizers_enabled_test.py index fcdd8570..cc04c026 100644 --- a/tests/providers/aws/services/apigateway/apigateway_authorizers_enabled/apigateway_authorizers_enabled_test.py +++ b/tests/providers/aws/services/apigateway/apigateway_authorizers_enabled/apigateway_authorizers_enabled_test.py @@ -117,7 +117,7 @@ class Test_apigateway_authorizers_enabled: assert len(result) == 1 assert ( result[0].status_extended - == f"API Gateway test-rest-api ID {rest_api['id']} has authorizer configured." + == f"API Gateway test-rest-api ID {rest_api['id']} has an authorizer configured." ) assert result[0].resource_id == "test-rest-api" assert ( @@ -158,7 +158,7 @@ class Test_apigateway_authorizers_enabled: assert len(result) == 1 assert ( result[0].status_extended - == f"API Gateway test-rest-api ID {rest_api['id']} has not authorizer configured." + == f"API Gateway test-rest-api ID {rest_api['id']} does not have an authorizer configured." ) assert result[0].resource_id == "test-rest-api" assert ( diff --git a/tests/providers/aws/services/apigateway/apigateway_client_certificate_enabled/apigateway_client_certificate_enabled_test.py b/tests/providers/aws/services/apigateway/apigateway_client_certificate_enabled/apigateway_client_certificate_enabled_test.py index b3159a37..56466f05 100644 --- a/tests/providers/aws/services/apigateway/apigateway_client_certificate_enabled/apigateway_client_certificate_enabled_test.py +++ b/tests/providers/aws/services/apigateway/apigateway_client_certificate_enabled/apigateway_client_certificate_enabled_test.py @@ -127,7 +127,7 @@ class Test_apigateway_client_certificate_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"API Gateway test-rest-api ID {rest_api['id']} in stage test has not client certificate enabled." + == f"API Gateway test-rest-api ID {rest_api['id']} in stage test does not have client certificate enabled." ) assert result[0].resource_id == "test-rest-api" assert ( diff --git a/tests/providers/aws/services/apigateway/apigateway_waf_acl_attached/apigateway_waf_acl_attached_test.py b/tests/providers/aws/services/apigateway/apigateway_waf_acl_attached/apigateway_waf_acl_attached_test.py index 22863a4e..a3b2156a 100644 --- a/tests/providers/aws/services/apigateway/apigateway_waf_acl_attached/apigateway_waf_acl_attached_test.py +++ b/tests/providers/aws/services/apigateway/apigateway_waf_acl_attached/apigateway_waf_acl_attached_test.py @@ -205,7 +205,7 @@ class Test_apigateway_waf_acl_attached: assert len(result) == 1 assert ( result[0].status_extended - == f"API Gateway test-rest-api ID {rest_api['id']} in stage test has not WAF ACL attached." + == f"API Gateway test-rest-api ID {rest_api['id']} in stage test does not have WAF ACL attached." ) assert result[0].resource_id == "test-rest-api" assert ( diff --git a/tests/providers/aws/services/apigatewayv2/apigatewayv2_authorizers_enabled/apigatewayv2_authorizers_enabled_test.py b/tests/providers/aws/services/apigatewayv2/apigatewayv2_authorizers_enabled/apigatewayv2_authorizers_enabled_test.py index ccd6a210..5c58285c 100644 --- a/tests/providers/aws/services/apigatewayv2/apigatewayv2_authorizers_enabled/apigatewayv2_authorizers_enabled_test.py +++ b/tests/providers/aws/services/apigatewayv2/apigatewayv2_authorizers_enabled/apigatewayv2_authorizers_enabled_test.py @@ -127,6 +127,6 @@ class Test_apigatewayv2_authorizers_enabled: assert len(result) == 1 assert ( result[0].status_extended - == f"API Gateway V2 test-api ID {api['ApiId']} has authorizer configured." + == f"API Gateway V2 test-api ID {api['ApiId']} has an authorizer configured." ) assert result[0].resource_id == "test-api" diff --git a/tests/providers/aws/services/awslambda/awslambda_function_url_cors_policy/awslambda_function_url_cors_policy_test.py b/tests/providers/aws/services/awslambda/awslambda_function_url_cors_policy/awslambda_function_url_cors_policy_test.py index 942d9d05..8596ea99 100644 --- a/tests/providers/aws/services/awslambda/awslambda_function_url_cors_policy/awslambda_function_url_cors_policy_test.py +++ b/tests/providers/aws/services/awslambda/awslambda_function_url_cors_policy/awslambda_function_url_cors_policy_test.py @@ -71,7 +71,7 @@ class Test_awslambda_function_url_cors_policy: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Lambda function {function_name} URL has a wide CORS configuration" + == f"Lambda function {function_name} URL has a wide CORS configuration." ) def test_function_cors_not_wide(self): @@ -114,7 +114,7 @@ class Test_awslambda_function_url_cors_policy: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Lambda function {function_name} has not a wide CORS configuration" + == f"Lambda function {function_name} does not have a wide CORS configuration." ) def test_function_cors_wide_with_two_origins(self): @@ -159,5 +159,5 @@ class Test_awslambda_function_url_cors_policy: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Lambda function {function_name} URL has a wide CORS configuration" + == f"Lambda function {function_name} URL has a wide CORS configuration." ) diff --git a/tests/providers/aws/services/awslambda/awslambda_function_url_public/awslambda_function_url_public_test.py b/tests/providers/aws/services/awslambda/awslambda_function_url_public/awslambda_function_url_public_test.py index 4b3d0a26..b2a4c44a 100644 --- a/tests/providers/aws/services/awslambda/awslambda_function_url_public/awslambda_function_url_public_test.py +++ b/tests/providers/aws/services/awslambda/awslambda_function_url_public/awslambda_function_url_public_test.py @@ -71,7 +71,7 @@ class Test_awslambda_function_url_public: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Lambda function {function_name} has a publicly accessible function URL" + == f"Lambda function {function_name} has a publicly accessible function URL." ) def test_function_private_url(self): @@ -114,5 +114,5 @@ class Test_awslambda_function_url_public: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Lambda function {function_name} has not a publicly accessible function URL" + == f"Lambda function {function_name} does not have a publicly accessible function URL." ) diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_bucket_requires_mfa_delete/cloudtrail_bucket_requires_mfa_delete_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_bucket_requires_mfa_delete/cloudtrail_bucket_requires_mfa_delete_test.py index 4ba123ec..bc089f12 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_bucket_requires_mfa_delete/cloudtrail_bucket_requires_mfa_delete_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_bucket_requires_mfa_delete/cloudtrail_bucket_requires_mfa_delete_test.py @@ -97,7 +97,7 @@ class Test_cloudtrail_bucket_requires_mfa_delete: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Trail {trail_name_us} bucket ({bucket_name_us}) has not MFA delete enabled" + == f"Trail {trail_name_us} bucket ({bucket_name_us}) does not have MFA delete enabled." ) assert result[0].resource_id == trail_name_us assert result[0].region == "us-east-1" @@ -157,7 +157,7 @@ class Test_cloudtrail_bucket_requires_mfa_delete: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Trail {trail_name_us} bucket ({bucket_name_us}) has MFA delete enabled" + == f"Trail {trail_name_us} bucket ({bucket_name_us}) has MFA delete enabled." ) assert result[0].resource_id == trail_name_us assert result[0].region == "us-east-1" @@ -203,7 +203,7 @@ class Test_cloudtrail_bucket_requires_mfa_delete: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Trail {trail_name_us} bucket ({bucket_name_us}) is a cross-account bucket in another account out of Prowler's permissions scope, please check it manually" + == f"Trail {trail_name_us} bucket ({bucket_name_us}) is a cross-account bucket in another account out of Prowler's permissions scope, please check it manually." ) assert result[0].resource_id == trail_name_us assert result[0].region == "us-east-1" @@ -255,7 +255,7 @@ class Test_cloudtrail_bucket_requires_mfa_delete: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Trail {trail_name_us} bucket ({bucket_name_us}) is a cross-account bucket in another account out of Prowler's permissions scope, please check it manually" + == f"Trail {trail_name_us} bucket ({bucket_name_us}) is a cross-account bucket in another account out of Prowler's permissions scope, please check it manually." ) assert result[0].resource_id == trail_name_us assert result[0].region == "us-east-1" diff --git a/tests/providers/aws/services/cloudtrail/cloudtrail_insights_exist/cloudtrail_insights_exist_test.py b/tests/providers/aws/services/cloudtrail/cloudtrail_insights_exist/cloudtrail_insights_exist_test.py index abcd7e34..b0249451 100644 --- a/tests/providers/aws/services/cloudtrail/cloudtrail_insights_exist/cloudtrail_insights_exist_test.py +++ b/tests/providers/aws/services/cloudtrail/cloudtrail_insights_exist/cloudtrail_insights_exist_test.py @@ -90,7 +90,7 @@ class Test_cloudtrail_insights_exist: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Trail {trail_name_us} has not insight selectors and it is logging" + == f"Trail {trail_name_us} does not have insight selectors and it is logging." ) assert result[0].resource_id == trail_name_us assert result[0].region == "us-east-1" @@ -135,7 +135,7 @@ class Test_cloudtrail_insights_exist: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Trail {trail_name_us} has insight selectors and it is logging" + == f"Trail {trail_name_us} has insight selectors and it is logging." ) assert result[0].resource_id == trail_name_us assert result[0].region == "us-east-1" diff --git a/tests/providers/aws/services/ec2/ec2_instance_public_ip/ec2_instance_public_ip_test.py b/tests/providers/aws/services/ec2/ec2_instance_public_ip/ec2_instance_public_ip_test.py index bd1c4609..1d6b60bc 100644 --- a/tests/providers/aws/services/ec2/ec2_instance_public_ip/ec2_instance_public_ip_test.py +++ b/tests/providers/aws/services/ec2/ec2_instance_public_ip/ec2_instance_public_ip_test.py @@ -106,7 +106,7 @@ class Test_ec2_instance_public_ip: assert len(result) == 1 assert result[0].status == "PASS" assert search( - f"EC2 Instance {instance.id} has not a Public IP", + f"EC2 Instance {instance.id} does not have a Public IP.", result[0].status_extended, ) assert result[0].resource_id == instance.id @@ -154,7 +154,8 @@ class Test_ec2_instance_public_ip: assert len(result) == 1 assert result[0].status == "FAIL" assert search( - f"EC2 Instance {instance.id} has a Public IP", result[0].status_extended + f"EC2 Instance {instance.id} has a Public IP.", + result[0].status_extended, ) assert result[0].resource_id == instance.id assert ( diff --git a/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_any_port/ec2_networkacl_allow_ingress_any_port_test.py b/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_any_port/ec2_networkacl_allow_ingress_any_port_test.py index d3aac6d3..a565b3af 100644 --- a/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_any_port/ec2_networkacl_allow_ingress_any_port_test.py +++ b/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_any_port/ec2_networkacl_allow_ingress_any_port_test.py @@ -192,7 +192,7 @@ class ec2_networkacl_allow_ingress_any_port: assert nacl.status == "PASS" assert ( nacl.status_extended - == f"Network ACL {nacl_id} has not every port open to the Internet." + == f"Network ACL {nacl_id} does not have every port open to the Internet." ) assert ( nacl.resource_arn diff --git a/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_22/ec2_networkacl_allow_ingress_tcp_port_22_test.py b/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_22/ec2_networkacl_allow_ingress_tcp_port_22_test.py index c5183c22..ab28e19c 100644 --- a/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_22/ec2_networkacl_allow_ingress_tcp_port_22_test.py +++ b/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_22/ec2_networkacl_allow_ingress_tcp_port_22_test.py @@ -194,7 +194,7 @@ class Test_ec2_networkacl_allow_ingress_tcp_port_22: assert nacl.status == "PASS" assert ( nacl.status_extended - == f"Network ACL {nacl_id} has not SSH port 22 open to the Internet." + == f"Network ACL {nacl_id} does not have SSH port 22 open to the Internet." ) assert ( nacl.resource_arn diff --git a/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_3389/ec2_networkacl_allow_ingress_tcp_port_3389_test.py b/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_3389/ec2_networkacl_allow_ingress_tcp_port_3389_test.py index 05e79ff3..781a6e37 100644 --- a/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_3389/ec2_networkacl_allow_ingress_tcp_port_3389_test.py +++ b/tests/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_3389/ec2_networkacl_allow_ingress_tcp_port_3389_test.py @@ -194,7 +194,7 @@ class Test_ec2_networkacl_allow_ingress_tcp_port_3389: assert nacl.status == "PASS" assert ( nacl.status_extended - == f"Network ACL {nacl_id} has not Microsoft RDP port 3389 open to the Internet." + == f"Network ACL {nacl_id} does not have Microsoft RDP port 3389 open to the Internet." ) assert ( nacl.resource_arn diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_any_port/ec2_securitygroup_allow_ingress_from_internet_to_any_port_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_any_port/ec2_securitygroup_allow_ingress_from_internet_to_any_port_test.py index 1f3b4d50..b7e217c5 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_any_port/ec2_securitygroup_allow_ingress_from_internet_to_any_port_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_any_port/ec2_securitygroup_allow_ingress_from_internet_to_any_port_test.py @@ -179,7 +179,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_any_port: if sg.resource_id == default_sg_id: assert sg.status == "PASS" assert search( - "has not all ports open to the Internet", + "does not have all ports open to the Internet", sg.status_extended, ) assert ( @@ -240,7 +240,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_any_port: if sg.resource_id == default_sg_id: assert sg.status == "PASS" assert search( - "has not all ports open to the Internet", + "does not have all ports open to the Internet", sg.status_extended, ) assert ( diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018_test.py index 62521d80..3bc5e96d 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018_test.py @@ -187,7 +187,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_2 if sg.resource_id == default_sg_id: assert sg.status == "PASS" assert search( - "has not MongoDB ports 27017 and 27018 open to the Internet", + "does not have MongoDB ports 27017 and 27018 open to the Internet", sg.status_extended, ) assert ( diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21_test.py index 445f3731..306ccce3 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21_test.py @@ -187,7 +187,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21: if sg.resource_id == default_sg_id: assert sg.status == "PASS" assert search( - "has not FTP ports 20 and 21 open to the Internet", + "does not have FTP ports 20 and 21 open to the Internet", sg.status_extended, ) assert ( diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22_test.py index 80251a48..fc9aef63 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22_test.py @@ -181,7 +181,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22: if sg.resource_id == default_sg_id: assert sg.status == "PASS" assert search( - "has not SSH port 22 open to the Internet", + "does not have SSH port 22 open to the Internet", sg.status_extended, ) assert ( diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389_test.py index 0c7fe106..9094e252 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389_test.py @@ -181,7 +181,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389: if sg.resource_id == default_sg_id: assert sg.status == "PASS" assert search( - "has not Microsoft RDP port 3389 open to the Internet", + "does not have Microsoft RDP port 3389 open to the Internet", sg.status_extended, ) assert ( diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888_test.py index f194d329..894a6a64 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888_test.py @@ -187,7 +187,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7 if sg.resource_id == default_sg_id: assert sg.status == "PASS" assert search( - "has not Casandra ports 7199, 8888 and 9160 open to the Internet", + "does not have Casandra ports 7199, 8888 and 9160 open to the Internet", sg.status_extended, ) assert ( diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601_test.py index 4c3324a1..053b94c5 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601_test.py @@ -187,7 +187,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsear if sg.resource_id == default_sg_id: assert sg.status == "PASS" assert search( - "has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet", + "does not have Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet", sg.status_extended, ) assert ( diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092_test.py index 208a3e73..619d330a 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092_test.py @@ -186,7 +186,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092: if sg.resource_id == default_sg_id: assert sg.status == "PASS" assert search( - "has not Kafka port 9092 open to the Internet", + "does not have Kafka port 9092 open to the Internet", sg.status_extended, ) assert ( diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211_test.py index 913ae25d..e4a57701 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211_test.py @@ -187,7 +187,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_1 if sg.resource_id == default_sg_id: assert sg.status == "PASS" assert search( - "has not Memcached port 11211 open to the Internet", + "does not have Memcached port 11211 open to the Internet", sg.status_extended, ) assert ( diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306_test.py index 61ae819c..512d0183 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306_test.py @@ -187,7 +187,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306: if sg.resource_id == default_sg_id: assert sg.status == "PASS" assert search( - "has not MySQL port 3306 open to the Internet", + "does not have MySQL port 3306 open to the Internet", sg.status_extended, ) assert ( diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483_test.py index f5f5b61b..5843c979 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483_test.py @@ -187,7 +187,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521 if sg.resource_id == default_sg_id: assert sg.status == "PASS" assert search( - "has not Oracle ports 1521 and 2483 open to the Internet", + "does not have Oracle ports 1521 and 2483 open to the Internet", sg.status_extended, ) assert ( diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432_test.py index 452ff7f2..2312b83a 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432_test.py @@ -187,7 +187,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_54 if sg.resource_id == default_sg_id: assert sg.status == "PASS" assert search( - "has not Postgres port 5432 open to the Internet", + "does not have Postgres port 5432 open to the Internet", sg.status_extended, ) assert ( diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379_test.py index 850e6751..6b047c05 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379_test.py @@ -186,7 +186,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379: if sg.resource_id == default_sg_id: assert sg.status == "PASS" assert search( - "has not Redis port 6379 open to the Internet", + "does not have Redis port 6379 open to the Internet", sg.status_extended, ) assert ( diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434_test.py index e2640d52..57596f15 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434_test.py @@ -187,7 +187,7 @@ class ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_ if sg.resource_id == default_sg_id: assert sg.status == "PASS" assert search( - "has not Microsoft SQL Server ports 1433 and 1434 open to the Internet", + "does not have Microsoft SQL Server ports 1433 and 1434 open to the Internet", sg.status_extended, ) assert ( diff --git a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23_test.py b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23_test.py index feb21094..8a3aa3b5 100644 --- a/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23_test.py +++ b/tests/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23_test.py @@ -186,7 +186,7 @@ class Test_ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23: if sg.resource_id == default_sg_id: assert sg.status == "PASS" assert search( - "has not Telnet port 23 open to the Internet", + "does not have Telnet port 23 open to the Internet", sg.status_extended, ) assert ( diff --git a/tests/providers/aws/services/ecr/ecr_repositories_lifecycle_policy_enabled/ecr_repositories_lifecycle_policy_enabled_test.py b/tests/providers/aws/services/ecr/ecr_repositories_lifecycle_policy_enabled/ecr_repositories_lifecycle_policy_enabled_test.py index 87e4f070..11692d4e 100644 --- a/tests/providers/aws/services/ecr/ecr_repositories_lifecycle_policy_enabled/ecr_repositories_lifecycle_policy_enabled_test.py +++ b/tests/providers/aws/services/ecr/ecr_repositories_lifecycle_policy_enabled/ecr_repositories_lifecycle_policy_enabled_test.py @@ -97,7 +97,7 @@ class Test_ecr_repositories_lifecycle_policy_enabled: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Repository {repository_name} has a lifecycle policy configured" + == f"Repository {repository_name} has a lifecycle policy configured." ) assert result[0].resource_id == repository_name assert result[0].resource_arn == repository_arn @@ -138,7 +138,7 @@ class Test_ecr_repositories_lifecycle_policy_enabled: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Repository {repository_name} has not a lifecycle policy configured" + == f"Repository {repository_name} does not have a lifecycle policy configured." ) assert result[0].resource_id == repository_name assert result[0].resource_arn == repository_arn diff --git a/tests/providers/aws/services/eks/eks_cluster_kms_cmk_encryption_in_secrets_enabled/eks_cluster_kms_cmk_encryption_in_secrets_enabled_test.py b/tests/providers/aws/services/eks/eks_cluster_kms_cmk_encryption_in_secrets_enabled/eks_cluster_kms_cmk_encryption_in_secrets_enabled_test.py index 3b84a7f2..300a112e 100644 --- a/tests/providers/aws/services/eks/eks_cluster_kms_cmk_encryption_in_secrets_enabled/eks_cluster_kms_cmk_encryption_in_secrets_enabled_test.py +++ b/tests/providers/aws/services/eks/eks_cluster_kms_cmk_encryption_in_secrets_enabled/eks_cluster_kms_cmk_encryption_in_secrets_enabled_test.py @@ -51,7 +51,8 @@ class Test_eks_cluster_kms_cmk_encryption_in_secrets_enabled: assert len(result) == 1 assert result[0].status == "FAIL" assert search( - "has not encryption for Kubernetes secrets", result[0].status_extended + "does not have encryption for Kubernetes secrets", + result[0].status_extended, ) assert result[0].resource_id == cluster_name assert result[0].resource_arn == cluster_arn diff --git a/tests/providers/aws/services/elb/elb_insecure_ssl_ciphers/elb_insecure_ssl_ciphers_test.py b/tests/providers/aws/services/elb/elb_insecure_ssl_ciphers/elb_insecure_ssl_ciphers_test.py index df61e8b4..6c2a6079 100644 --- a/tests/providers/aws/services/elb/elb_insecure_ssl_ciphers/elb_insecure_ssl_ciphers_test.py +++ b/tests/providers/aws/services/elb/elb_insecure_ssl_ciphers/elb_insecure_ssl_ciphers_test.py @@ -104,7 +104,7 @@ class Test_elb_insecure_ssl_ciphers: assert len(result) == 1 assert result[0].status == "PASS" assert search( - "has not insecure SSL protocols or ciphers", + "does not have insecure SSL protocols or ciphers", result[0].status_extended, ) assert result[0].resource_id == "my-lb" diff --git a/tests/providers/aws/services/elb/elb_logging_enabled/elb_logging_enabled_test.py b/tests/providers/aws/services/elb/elb_logging_enabled/elb_logging_enabled_test.py index 4f5033c6..df3aec07 100644 --- a/tests/providers/aws/services/elb/elb_logging_enabled/elb_logging_enabled_test.py +++ b/tests/providers/aws/services/elb/elb_logging_enabled/elb_logging_enabled_test.py @@ -97,7 +97,7 @@ class Test_elb_logging_enabled: assert len(result) == 1 assert result[0].status == "FAIL" assert search( - "has not configured access logs", + "does not have access logs configured", result[0].status_extended, ) assert result[0].resource_id == "my-lb" diff --git a/tests/providers/aws/services/elbv2/elbv2_deletion_protection/elbv2_deletion_protection_test.py b/tests/providers/aws/services/elbv2/elbv2_deletion_protection/elbv2_deletion_protection_test.py index 1ec2d752..50b2a8eb 100644 --- a/tests/providers/aws/services/elbv2/elbv2_deletion_protection/elbv2_deletion_protection_test.py +++ b/tests/providers/aws/services/elbv2/elbv2_deletion_protection/elbv2_deletion_protection_test.py @@ -108,7 +108,7 @@ class Test_elbv2_deletion_protection: assert len(result) == 1 assert result[0].status == "FAIL" assert search( - "has not deletion protection", + "does not have deletion protection", result[0].status_extended, ) assert result[0].resource_id == "my-lb" diff --git a/tests/providers/aws/services/elbv2/elbv2_insecure_ssl_ciphers/elbv2_insecure_ssl_ciphers_test.py b/tests/providers/aws/services/elbv2/elbv2_insecure_ssl_ciphers/elbv2_insecure_ssl_ciphers_test.py index e70e4bab..48a98efc 100644 --- a/tests/providers/aws/services/elbv2/elbv2_insecure_ssl_ciphers/elbv2_insecure_ssl_ciphers_test.py +++ b/tests/providers/aws/services/elbv2/elbv2_insecure_ssl_ciphers/elbv2_insecure_ssl_ciphers_test.py @@ -125,7 +125,7 @@ class Test_elbv2_insecure_ssl_ciphers: assert len(result) == 1 assert result[0].status == "PASS" assert search( - "has not insecure SSL protocols or ciphers", + "does not have insecure SSL protocols or ciphers", result[0].status_extended, ) assert result[0].resource_id == "my-lb" diff --git a/tests/providers/aws/services/elbv2/elbv2_logging_enabled/elbv2_logging_enabled_test.py b/tests/providers/aws/services/elbv2/elbv2_logging_enabled/elbv2_logging_enabled_test.py index 3b52b219..148eddc9 100644 --- a/tests/providers/aws/services/elbv2/elbv2_logging_enabled/elbv2_logging_enabled_test.py +++ b/tests/providers/aws/services/elbv2/elbv2_logging_enabled/elbv2_logging_enabled_test.py @@ -111,7 +111,7 @@ class Test_elbv2_logging_enabled: assert len(result) == 1 assert result[0].status == "FAIL" assert search( - "has not configured access logs", + "does not have access logs configured", result[0].status_extended, ) assert result[0].resource_id == "my-lb" diff --git a/tests/providers/aws/services/emr/emr_cluster_master_nodes_no_public_ip/emr_cluster_master_nodes_no_public_ip_test.py b/tests/providers/aws/services/emr/emr_cluster_master_nodes_no_public_ip/emr_cluster_master_nodes_no_public_ip_test.py index f328c28b..3e4dc742 100644 --- a/tests/providers/aws/services/emr/emr_cluster_master_nodes_no_public_ip/emr_cluster_master_nodes_no_public_ip_test.py +++ b/tests/providers/aws/services/emr/emr_cluster_master_nodes_no_public_ip/emr_cluster_master_nodes_no_public_ip_test.py @@ -59,7 +59,8 @@ class Test_emr_cluster_master_nodes_no_public_ip: assert result[0].resource_arn == cluster_arn assert result[0].status == "FAIL" assert ( - result[0].status_extended == f"EMR Cluster {cluster_id} has a Public IP" + result[0].status_extended + == f"EMR Cluster {cluster_id} has a Public IP." ) def test_cluster_private_running(self): @@ -97,7 +98,7 @@ class Test_emr_cluster_master_nodes_no_public_ip: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"EMR Cluster {cluster_id} has not a Public IP" + == f"EMR Cluster {cluster_id} does not have a Public IP." ) def test_cluster_public_terminated(self): @@ -165,5 +166,5 @@ class Test_emr_cluster_master_nodes_no_public_ip: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"EMR Cluster {cluster_id} has not a Public IP" + == f"EMR Cluster {cluster_id} does not have a Public IP." ) diff --git a/tests/providers/aws/services/iam/iam_role_cross_account_readonlyaccess_policy/iam_role_cross_account_readonlyaccess_policy_test.py b/tests/providers/aws/services/iam/iam_role_cross_account_readonlyaccess_policy/iam_role_cross_account_readonlyaccess_policy_test.py index 72722c24..1fa3d510 100644 --- a/tests/providers/aws/services/iam/iam_role_cross_account_readonlyaccess_policy/iam_role_cross_account_readonlyaccess_policy_test.py +++ b/tests/providers/aws/services/iam/iam_role_cross_account_readonlyaccess_policy/iam_role_cross_account_readonlyaccess_policy_test.py @@ -97,7 +97,7 @@ class Test_iam_role_cross_account_readonlyaccess_policy: assert result[0].status == "PASS" assert ( result[0].status_extended - == "IAM Role test has not ReadOnlyAccess policy" + == "IAM Role test does not have ReadOnlyAccess policy." ) assert result[0].resource_id == "test" assert result[0].resource_arn == response["Role"]["Arn"] @@ -146,7 +146,7 @@ class Test_iam_role_cross_account_readonlyaccess_policy: assert result[0].status == "PASS" assert ( result[0].status_extended - == "IAM Role test has read-only access but is not cross account" + == "IAM Role test has read-only access but is not cross account." ) assert result[0].resource_id == "test" assert result[0].resource_arn == response["Role"]["Arn"] @@ -195,7 +195,7 @@ class Test_iam_role_cross_account_readonlyaccess_policy: assert result[0].status == "FAIL" assert ( result[0].status_extended - == "IAM Role test gives cross account read-only access!" + == "IAM Role test gives cross account read-only access." ) assert result[0].resource_id == "test" assert result[0].resource_arn == response["Role"]["Arn"] @@ -244,7 +244,7 @@ class Test_iam_role_cross_account_readonlyaccess_policy: assert result[0].status == "FAIL" assert ( result[0].status_extended - == "IAM Role test gives cross account read-only access!" + == "IAM Role test gives cross account read-only access." ) assert result[0].resource_id == "test" assert result[0].resource_arn == response["Role"]["Arn"] diff --git a/tests/providers/aws/services/rds/rds_instance_backup_enabled/rds_instance_backup_enabled_test.py b/tests/providers/aws/services/rds/rds_instance_backup_enabled/rds_instance_backup_enabled_test.py index c228aa16..c95b74a6 100644 --- a/tests/providers/aws/services/rds/rds_instance_backup_enabled/rds_instance_backup_enabled_test.py +++ b/tests/providers/aws/services/rds/rds_instance_backup_enabled/rds_instance_backup_enabled_test.py @@ -117,7 +117,7 @@ class Test_rds_instance_backup_enabled: assert len(result) == 1 assert result[0].status == "FAIL" assert search( - "has not backup enabled", + "does not have backup enabled", result[0].status_extended, ) assert result[0].resource_id == "db-master-1" diff --git a/tests/providers/aws/services/workspaces/workspaces_vpc_2private_1public_subnets_nat/workspaces_vpc_2private_1public_subnets_nat_test.py b/tests/providers/aws/services/workspaces/workspaces_vpc_2private_1public_subnets_nat/workspaces_vpc_2private_1public_subnets_nat_test.py index 71fe6108..843c1fa1 100644 --- a/tests/providers/aws/services/workspaces/workspaces_vpc_2private_1public_subnets_nat/workspaces_vpc_2private_1public_subnets_nat_test.py +++ b/tests/providers/aws/services/workspaces/workspaces_vpc_2private_1public_subnets_nat/workspaces_vpc_2private_1public_subnets_nat_test.py @@ -97,7 +97,7 @@ class Test_workspaces_vpc_2private_1public_subnets_nat: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Workspace {workspace_id} is not in a private subnet or its VPC has not 1 public subnet and 2 private subnets with a NAT Gateway attached" + == f"Workspace {workspace_id} is not in a private subnet or its VPC does not have 1 public subnet and 2 private subnets with a NAT Gateway attached." ) assert result[0].resource_id == workspace_id assert result[0].resource_arn == "" @@ -163,7 +163,7 @@ class Test_workspaces_vpc_2private_1public_subnets_nat: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Workspace {workspace_id} is not in a private subnet or its VPC has not 1 public subnet and 2 private subnets with a NAT Gateway attached" + == f"Workspace {workspace_id} is not in a private subnet or its VPC does not have 1 public subnet and 2 private subnets with a NAT Gateway attached." ) assert result[0].resource_id == workspace_id assert result[0].resource_arn == "" @@ -246,7 +246,7 @@ class Test_workspaces_vpc_2private_1public_subnets_nat: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Workspace {workspace_id} is not in a private subnet or its VPC has not 1 public subnet and 2 private subnets with a NAT Gateway attached" + == f"Workspace {workspace_id} is not in a private subnet or its VPC does not have 1 public subnet and 2 private subnets with a NAT Gateway attached." ) assert result[0].resource_id == workspace_id assert result[0].resource_arn == "" @@ -348,7 +348,7 @@ class Test_workspaces_vpc_2private_1public_subnets_nat: assert result[0].status == "FAIL" assert ( result[0].status_extended - == f"Workspace {workspace_id} is not in a private subnet or its VPC has not 1 public subnet and 2 private subnets with a NAT Gateway attached" + == f"Workspace {workspace_id} is not in a private subnet or its VPC does not have 1 public subnet and 2 private subnets with a NAT Gateway attached." ) assert result[0].resource_id == workspace_id assert result[0].resource_arn == "" @@ -458,7 +458,7 @@ class Test_workspaces_vpc_2private_1public_subnets_nat: assert result[0].status == "PASS" assert ( result[0].status_extended - == f"Workspace {workspace_id} is in a private subnet within a VPC which has 1 public subnet 2 private subnets with a NAT Gateway attached" + == f"Workspace {workspace_id} is in a private subnet within a VPC which has 1 public subnet 2 private subnets with a NAT Gateway attached." ) assert result[0].resource_id == workspace_id assert result[0].resource_arn == ""