From 9793de1e9689c25c4b3c08f8e85c8531519cc25a Mon Sep 17 00:00:00 2001 From: Sergio Garcia <38561120+sergargar@users.noreply.github.com> Date: Wed, 4 Oct 2023 12:37:15 +0200 Subject: [PATCH] fix(elb): add resource ARN to checks (#2906) --- .../elb/elb_insecure_ssl_ciphers/elb_insecure_ssl_ciphers.py | 1 + .../services/elb/elb_internet_facing/elb_internet_facing.py | 1 + .../services/elb/elb_logging_enabled/elb_logging_enabled.py | 1 + .../aws/services/elb/elb_ssl_listeners/elb_ssl_listeners.py | 1 + .../elb_insecure_ssl_ciphers_test.py | 5 +++++ .../elb/elb_internet_facing/elb_internet_facing_test.py | 5 +++++ .../elb/elb_logging_enabled/elb_logging_enabled_test.py | 5 +++++ .../services/elb/elb_ssl_listeners/elb_ssl_listeners_test.py | 5 +++++ 8 files changed, 24 insertions(+) diff --git a/prowler/providers/aws/services/elb/elb_insecure_ssl_ciphers/elb_insecure_ssl_ciphers.py b/prowler/providers/aws/services/elb/elb_insecure_ssl_ciphers/elb_insecure_ssl_ciphers.py index 279b4880..de782374 100644 --- a/prowler/providers/aws/services/elb/elb_insecure_ssl_ciphers/elb_insecure_ssl_ciphers.py +++ b/prowler/providers/aws/services/elb/elb_insecure_ssl_ciphers/elb_insecure_ssl_ciphers.py @@ -12,6 +12,7 @@ class elb_insecure_ssl_ciphers(Check): report = Check_Report_AWS(self.metadata()) report.region = lb.region report.resource_id = lb.name + report.resource_arn = lb.arn report.resource_tags = lb.tags report.status = "PASS" report.status_extended = ( diff --git a/prowler/providers/aws/services/elb/elb_internet_facing/elb_internet_facing.py b/prowler/providers/aws/services/elb/elb_internet_facing/elb_internet_facing.py index 6a1c0bff..0224cc7d 100644 --- a/prowler/providers/aws/services/elb/elb_internet_facing/elb_internet_facing.py +++ b/prowler/providers/aws/services/elb/elb_internet_facing/elb_internet_facing.py @@ -9,6 +9,7 @@ class elb_internet_facing(Check): report = Check_Report_AWS(self.metadata()) report.region = lb.region report.resource_id = lb.name + report.resource_arn = lb.arn report.resource_tags = lb.tags report.status = "PASS" report.status_extended = f"ELB {lb.name} is not internet facing." diff --git a/prowler/providers/aws/services/elb/elb_logging_enabled/elb_logging_enabled.py b/prowler/providers/aws/services/elb/elb_logging_enabled/elb_logging_enabled.py index 2d137e06..5af389ef 100644 --- a/prowler/providers/aws/services/elb/elb_logging_enabled/elb_logging_enabled.py +++ b/prowler/providers/aws/services/elb/elb_logging_enabled/elb_logging_enabled.py @@ -9,6 +9,7 @@ class elb_logging_enabled(Check): report = Check_Report_AWS(self.metadata()) report.region = lb.region report.resource_id = lb.name + report.resource_arn = lb.arn report.resource_tags = lb.tags report.status = "FAIL" report.status_extended = ( diff --git a/prowler/providers/aws/services/elb/elb_ssl_listeners/elb_ssl_listeners.py b/prowler/providers/aws/services/elb/elb_ssl_listeners/elb_ssl_listeners.py index ea703b93..875991b2 100644 --- a/prowler/providers/aws/services/elb/elb_ssl_listeners/elb_ssl_listeners.py +++ b/prowler/providers/aws/services/elb/elb_ssl_listeners/elb_ssl_listeners.py @@ -10,6 +10,7 @@ class elb_ssl_listeners(Check): report = Check_Report_AWS(self.metadata()) report.region = lb.region report.resource_id = lb.name + report.resource_arn = lb.arn report.resource_tags = lb.tags report.status = "PASS" report.status_extended = f"ELB {lb.name} has HTTPS listeners only." diff --git a/tests/providers/aws/services/elb/elb_insecure_ssl_ciphers/elb_insecure_ssl_ciphers_test.py b/tests/providers/aws/services/elb/elb_insecure_ssl_ciphers/elb_insecure_ssl_ciphers_test.py index 2026efb6..7a4c31be 100644 --- a/tests/providers/aws/services/elb/elb_insecure_ssl_ciphers/elb_insecure_ssl_ciphers_test.py +++ b/tests/providers/aws/services/elb/elb_insecure_ssl_ciphers/elb_insecure_ssl_ciphers_test.py @@ -9,6 +9,9 @@ from prowler.providers.common.models import Audit_Metadata AWS_REGION = "eu-west-1" AWS_ACCOUNT_NUMBER = "123456789012" +elb_arn = ( + f"arn:aws:elasticloadbalancing:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:loadbalancer/my-lb" +) class Test_elb_insecure_ssl_ciphers: @@ -115,6 +118,7 @@ class Test_elb_insecure_ssl_ciphers: result[0].status_extended, ) assert result[0].resource_id == "my-lb" + assert result[0].resource_arn == elb_arn @mock_ec2 @mock_elb @@ -160,3 +164,4 @@ class Test_elb_insecure_ssl_ciphers: result[0].status_extended, ) assert result[0].resource_id == "my-lb" + assert result[0].resource_arn == elb_arn diff --git a/tests/providers/aws/services/elb/elb_internet_facing/elb_internet_facing_test.py b/tests/providers/aws/services/elb/elb_internet_facing/elb_internet_facing_test.py index 8700533d..0a6d38d3 100644 --- a/tests/providers/aws/services/elb/elb_internet_facing/elb_internet_facing_test.py +++ b/tests/providers/aws/services/elb/elb_internet_facing/elb_internet_facing_test.py @@ -9,6 +9,9 @@ from prowler.providers.common.models import Audit_Metadata AWS_REGION = "eu-west-1" AWS_ACCOUNT_NUMBER = "123456789012" +elb_arn = ( + f"arn:aws:elasticloadbalancing:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:loadbalancer/my-lb" +) class Test_elb_request_smugling: @@ -108,6 +111,7 @@ class Test_elb_request_smugling: result[0].status_extended, ) assert result[0].resource_id == "my-lb" + assert result[0].resource_arn == elb_arn @mock_ec2 @mock_elb @@ -153,3 +157,4 @@ class Test_elb_request_smugling: result[0].status_extended, ) assert result[0].resource_id == "my-lb" + assert result[0].resource_arn == elb_arn diff --git a/tests/providers/aws/services/elb/elb_logging_enabled/elb_logging_enabled_test.py b/tests/providers/aws/services/elb/elb_logging_enabled/elb_logging_enabled_test.py index 3df75f3f..784a1b6a 100644 --- a/tests/providers/aws/services/elb/elb_logging_enabled/elb_logging_enabled_test.py +++ b/tests/providers/aws/services/elb/elb_logging_enabled/elb_logging_enabled_test.py @@ -9,6 +9,9 @@ from prowler.providers.common.models import Audit_Metadata AWS_REGION = "eu-west-1" AWS_ACCOUNT_NUMBER = "123456789012" +elb_arn = ( + f"arn:aws:elasticloadbalancing:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:loadbalancer/my-lb" +) class Test_elb_logging_enabled: @@ -108,6 +111,7 @@ class Test_elb_logging_enabled: result[0].status_extended, ) assert result[0].resource_id == "my-lb" + assert result[0].resource_arn == elb_arn @mock_ec2 @mock_elb @@ -165,3 +169,4 @@ class Test_elb_logging_enabled: result[0].status_extended, ) assert result[0].resource_id == "my-lb" + assert result[0].resource_arn == elb_arn diff --git a/tests/providers/aws/services/elb/elb_ssl_listeners/elb_ssl_listeners_test.py b/tests/providers/aws/services/elb/elb_ssl_listeners/elb_ssl_listeners_test.py index bbc8b4f6..885ba09a 100644 --- a/tests/providers/aws/services/elb/elb_ssl_listeners/elb_ssl_listeners_test.py +++ b/tests/providers/aws/services/elb/elb_ssl_listeners/elb_ssl_listeners_test.py @@ -9,6 +9,9 @@ from prowler.providers.common.models import Audit_Metadata AWS_REGION = "eu-west-1" AWS_ACCOUNT_NUMBER = "123456789012" +elb_arn = ( + f"arn:aws:elasticloadbalancing:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:loadbalancer/my-lb" +) class Test_elb_ssl_listeners: @@ -108,6 +111,7 @@ class Test_elb_ssl_listeners: result[0].status_extended, ) assert result[0].resource_id == "my-lb" + assert result[0].resource_arn == elb_arn @mock_ec2 @mock_elb @@ -151,3 +155,4 @@ class Test_elb_ssl_listeners: result[0].status_extended, ) assert result[0].resource_id == "my-lb" + assert result[0].resource_arn == elb_arn