ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 06:45:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(check_loader): Add validation in 'Categories' field from metadata (#3480)

Browse Source
This commit is contained in:
Pedro Martín
2024-03-04 11:37:50 +01:00
committed by GitHub
parent f20319550c
commit 98dea32288
5 changed files with 20 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
prowler/lib/check/models.py
View File

@@ -1,4 +1,5 @@
import os import os
import re
import sys import sys
from abc import ABC, abstractmethod from abc import ABC, abstractmethod
from dataclasses import dataclass from dataclasses import dataclass
@@ -57,6 +58,17 @@ class Check_Metadata_Model(BaseModel):
# store the compliance later if supplied # store the compliance later if supplied
Compliance: list = None Compliance: list = None
@validator("Categories", each_item=True, pre=True, always=True)
def valid_category(value):
if not isinstance(value, str):
raise ValueError("Categories must be a list of strings")
value_lower = value.lower()
if not re.match("^[a-z-]+$", value_lower):
raise ValueError(
f"Invalid category: {value}. Categories can only contain lowercase letters and hyphen '-'"
)
return value_lower
@validator("Severity", pre=True, always=True) @validator("Severity", pre=True, always=True)
def severity_to_lower(severity): def severity_to_lower(severity):
return severity.lower() return severity.lower()

4
tests/lib/check/fixtures/bulk_checks_metadata.py
View File

@@ -59,7 +59,7 @@ test_bulk_checks_metadata = {
Url="", Url="",
), ),
), ),
Categories=["secrets", ""], Categories=["secrets"],
DependsOn=[], DependsOn=[],
RelatedTo=[], RelatedTo=[],
Notes="", Notes="",
@@ -143,7 +143,7 @@ test_bulk_checks_metadata = {
Url="https://docs.aws.amazon.com/workspaces/latest/adminguide/amazon-workspaces-vpc.html", Url="https://docs.aws.amazon.com/workspaces/latest/adminguide/amazon-workspaces-vpc.html",
), ),
), ),
Categories=[""], Categories=[],
DependsOn=[], DependsOn=[],
RelatedTo=[], RelatedTo=[],
Notes="", Notes="",

4
tests/lib/check/fixtures/metadata.json
View File

@@ -1,7 +1,7 @@
{ {
"Categories": [ "Categories": [
"cat1", "cat-one",
"cat2" "cat-two"
], ],
"CheckID": "iam_user_accesskey_unused", "CheckID": "iam_user_accesskey_unused",
"CheckTitle": "Ensure Access Keys unused are disabled", "CheckTitle": "Ensure Access Keys unused are disabled",

4
tests/lib/outputs/fixtures/metadata.json
View File

@@ -1,7 +1,7 @@
{ {
"Categories": [ "Categories": [
"cat1", "cat-one",
"cat2" "cat-two"
], ],
"CheckID": "iam_user_accesskey_unused", "CheckID": "iam_user_accesskey_unused",
"CheckTitle": "Ensure Access Keys unused are disabled", "CheckTitle": "Ensure Access Keys unused are disabled",

4
tests/providers/aws/lib/security_hub/fixtures/metadata.json
View File

@@ -1,7 +1,7 @@
{ {
"Categories": [ "Categories": [
"cat1", "cat-one",
"cat2" "cat-two"
], ],
"CheckID": "iam_user_accesskey_unused", "CheckID": "iam_user_accesskey_unused",
"CheckTitle": "Ensure Access Keys unused are disabled", "CheckTitle": "Ensure Access Keys unused are disabled",