From 976d0da26e662fb56d94c00111ffe26b07405185 Mon Sep 17 00:00:00 2001 From: Sergio Garcia <38561120+sergargar@users.noreply.github.com> Date: Thu, 19 Oct 2023 18:18:58 +0200 Subject: [PATCH] fix(resource filters): add missing resource filters (#2951) --- .../services/documentdb/documentdb_service.py | 28 +++++++++++-------- .../elasticache/elasticache_service.py | 16 +++++++---- .../aws/services/neptune/neptune_service.py | 18 +++++++----- 3 files changed, 37 insertions(+), 25 deletions(-) diff --git a/prowler/providers/aws/services/documentdb/documentdb_service.py b/prowler/providers/aws/services/documentdb/documentdb_service.py index 58befa99..9560c2fa 100644 --- a/prowler/providers/aws/services/documentdb/documentdb_service.py +++ b/prowler/providers/aws/services/documentdb/documentdb_service.py @@ -3,6 +3,7 @@ from typing import Optional from pydantic import BaseModel from prowler.lib.logger import logger +from prowler.lib.scan_filters.scan_filters import is_resource_filtered from prowler.providers.aws.lib.service.service import AWSService @@ -34,18 +35,21 @@ class DocumentDB(AWSService): ): for instance in page["DBInstances"]: instance_arn = instance["DBInstanceArn"] - self.db_instances[instance_arn] = Instance( - id=instance["DBInstanceIdentifier"], - arn=instance["DBInstanceArn"], - engine=instance["Engine"], - engine_version=instance["EngineVersion"], - status=instance["DBInstanceStatus"], - public=instance["PubliclyAccessible"], - encrypted=instance["StorageEncrypted"], - cluster_id=instance.get("DBClusterIdentifier"), - region=regional_client.region, - tags=instance.get("TagList", []), - ) + if not self.audit_resources or ( + is_resource_filtered(instance_arn, self.audit_resources) + ): + self.db_instances[instance_arn] = Instance( + id=instance["DBInstanceIdentifier"], + arn=instance["DBInstanceArn"], + engine=instance["Engine"], + engine_version=instance["EngineVersion"], + status=instance["DBInstanceStatus"], + public=instance["PubliclyAccessible"], + encrypted=instance["StorageEncrypted"], + cluster_id=instance.get("DBClusterIdentifier"), + region=regional_client.region, + tags=instance.get("TagList", []), + ) except Exception as error: logger.error( diff --git a/prowler/providers/aws/services/elasticache/elasticache_service.py b/prowler/providers/aws/services/elasticache/elasticache_service.py index 605e0cfa..d41d2cac 100644 --- a/prowler/providers/aws/services/elasticache/elasticache_service.py +++ b/prowler/providers/aws/services/elasticache/elasticache_service.py @@ -3,6 +3,7 @@ from typing import Optional from pydantic import BaseModel from prowler.lib.logger import logger +from prowler.lib.scan_filters.scan_filters import is_resource_filtered from prowler.providers.aws.lib.service.service import AWSService @@ -23,12 +24,15 @@ class ElastiCache(AWSService): "CacheClusters" ]: cluster_arn = cache_cluster["ARN"] - self.clusters[cluster_arn] = Cluster( - id=cache_cluster["CacheClusterId"], - arn=cluster_arn, - region=regional_client.region, - cache_subnet_group_id=cache_cluster["CacheSubnetGroupName"], - ) + if not self.audit_resources or ( + is_resource_filtered(cluster_arn, self.audit_resources) + ): + self.clusters[cluster_arn] = Cluster( + id=cache_cluster["CacheClusterId"], + arn=cluster_arn, + region=regional_client.region, + cache_subnet_group_id=cache_cluster["CacheSubnetGroupName"], + ) except Exception as error: logger.error( f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" diff --git a/prowler/providers/aws/services/neptune/neptune_service.py b/prowler/providers/aws/services/neptune/neptune_service.py index 8201ece1..aabbbcf3 100644 --- a/prowler/providers/aws/services/neptune/neptune_service.py +++ b/prowler/providers/aws/services/neptune/neptune_service.py @@ -3,6 +3,7 @@ from typing import Optional from pydantic import BaseModel from prowler.lib.logger import logger +from prowler.lib.scan_filters.scan_filters import is_resource_filtered from prowler.providers.aws.lib.service.service import AWSService @@ -31,13 +32,16 @@ class Neptune(AWSService): ], )["DBClusters"]: cluster_arn = cluster["DBClusterArn"] - self.clusters[cluster_arn] = Cluster( - arn=cluster_arn, - name=cluster["DBClusterIdentifier"], - id=cluster["DbClusterResourceId"], - db_subnet_group_id=cluster["DBSubnetGroup"], - region=regional_client.region, - ) + if not self.audit_resources or ( + is_resource_filtered(cluster_arn, self.audit_resources) + ): + self.clusters[cluster_arn] = Cluster( + arn=cluster_arn, + name=cluster["DBClusterIdentifier"], + id=cluster["DbClusterResourceId"], + db_subnet_group_id=cluster["DBSubnetGroup"], + region=regional_client.region, + ) except Exception as error: logger.error(