fix(outputs): Table and Azure metadata (#1520)

2026-02-10 06:45:08 +00:00 · 2022-11-28 11:16:13 +01:00
parent d1f5d58eeb
commit 9a5e433489
22 changed files with 23 additions and 27 deletions
--- a/lib/outputs/outputs.py
+++ b/lib/outputs/outputs.py
@@ -483,7 +483,7 @@ def add_service_to_table(findings_table, current):
        )
        current["Status"] = f"{Fore.RED}FAIL ({total_fails}){Style.RESET_ALL}"
    else:
-        current["Status"] = f"{Fore.GREEN}PASS ({current['Total']}){Style.RESET_ALL}"
+        current["Status"] = f"{Fore.GREEN}PASS {Style.RESET_ALL}"
    findings_table["Provider"].append(current["Provider"])
    findings_table["Service"].append(current["Service"])
    findings_table["Status"].append(current["Status"])
--- a/providers/azure/services/defender/defender_ensure_defender_for_app_services_is_on/defender_ensure_defender_for_app_services_is_on.py
+++ b/providers/azure/services/defender/defender_ensure_defender_for_app_services_is_on/defender_ensure_defender_for_app_services_is_on.py
@@ -6,7 +6,7 @@ class defender_ensure_defender_for_app_services_is_on(Check):
    def execute(self) -> Check_Report:
        findings = []
        for subscription, pricings in defender_client.pricings.items():
-            report = Check_Report(self.metadata)
+            report = Check_Report(self.metadata())
            report.region = defender_client.region
            report.status = "PASS"
            report.resource_id = "Defender plan App Services"
--- a/providers/azure/services/defender/defender_ensure_defender_for_arm_is_on/defender_ensure_defender_for_arm_is_on.py
+++ b/providers/azure/services/defender/defender_ensure_defender_for_arm_is_on/defender_ensure_defender_for_arm_is_on.py
@@ -6,7 +6,7 @@ class defender_ensure_defender_for_arm_is_on(Check):
    def execute(self) -> Check_Report:
        findings = []
        for subscription, pricings in defender_client.pricings.items():
-            report = Check_Report(self.metadata)
+            report = Check_Report(self.metadata())
            report.region = defender_client.region
            report.status = "PASS"
            report.resource_id = "Defender planARM"
--- a/providers/azure/services/defender/defender_ensure_defender_for_azure_sql_databases_is_on/defender_ensure_defender_for_azure_sql_databases_is_on.py
+++ b/providers/azure/services/defender/defender_ensure_defender_for_azure_sql_databases_is_on/defender_ensure_defender_for_azure_sql_databases_is_on.py
@@ -6,7 +6,7 @@ class defender_ensure_defender_for_azure_sql_databases_is_on(Check):
    def execute(self) -> Check_Report:
        findings = []
        for subscription, pricings in defender_client.pricings.items():
-            report = Check_Report(self.metadata)
+            report = Check_Report(self.metadata())
            report.region = defender_client.region
            report.status = "PASS"
            report.resource_id = "Defender plan Azure sql db servers"
--- a/providers/azure/services/defender/defender_ensure_defender_for_containers_is_on/defender_ensure_defender_for_containers_is_on.py
+++ b/providers/azure/services/defender/defender_ensure_defender_for_containers_is_on/defender_ensure_defender_for_containers_is_on.py
@@ -6,7 +6,7 @@ class defender_ensure_defender_for_containers_is_on(Check):
    def execute(self) -> Check_Report:
        findings = []
        for subscription, pricings in defender_client.pricings.items():
-            report = Check_Report(self.metadata)
+            report = Check_Report(self.metadata())
            report.region = defender_client.region
            report.status = "PASS"
            report.resource_id = "Defender plan Container Registries"
--- a/providers/azure/services/defender/defender_ensure_defender_for_cosmosdb_is_on/defender_ensure_defender_for_cosmosdb_is_on.py
+++ b/providers/azure/services/defender/defender_ensure_defender_for_cosmosdb_is_on/defender_ensure_defender_for_cosmosdb_is_on.py
@@ -6,7 +6,7 @@ class defender_ensure_defender_for_cosmosdb_is_on(Check):
    def execute(self) -> Check_Report:
        findings = []
        for subscription, pricings in defender_client.pricings.items():
-            report = Check_Report(self.metadata)
+            report = Check_Report(self.metadata())
            report.region = defender_client.region
            report.status = "PASS"
            report.resource_id = "Defender plan Cosmos DB"
--- a/providers/azure/services/defender/defender_ensure_defender_for_databases_is_on/defender_ensure_defender_for_databases_is_on.py
+++ b/providers/azure/services/defender/defender_ensure_defender_for_databases_is_on/defender_ensure_defender_for_databases_is_on.py
@@ -6,7 +6,7 @@ class defender_ensure_defender_for_databases_is_on(Check):
    def execute(self) -> Check_Report:
        findings = []
        for subscription, pricings in defender_client.pricings.items():
-            report = Check_Report(self.metadata)
+            report = Check_Report(self.metadata())
            report.region = defender_client.region
            report.status = "PASS"
            report.resource_id = "Defender plan Databases"
--- a/providers/azure/services/defender/defender_ensure_defender_for_dns_is_on/defender_ensure_defender_for_dns_is_on.py
+++ b/providers/azure/services/defender/defender_ensure_defender_for_dns_is_on/defender_ensure_defender_for_dns_is_on.py
@@ -6,7 +6,7 @@ class defender_ensure_defender_for_dns_is_on(Check):
    def execute(self) -> Check_Report:
        findings = []
        for subscription, pricings in defender_client.pricings.items():
-            report = Check_Report(self.metadata)
+            report = Check_Report(self.metadata())
            report.region = defender_client.region
            report.status = "PASS"
            report.resource_id = "Defender plan DNS"
--- a/providers/azure/services/defender/defender_ensure_defender_for_keyvault_is_on/defender_ensure_defender_for_keyvault_is_on.py
+++ b/providers/azure/services/defender/defender_ensure_defender_for_keyvault_is_on/defender_ensure_defender_for_keyvault_is_on.py
@@ -6,7 +6,7 @@ class defender_ensure_defender_for_keyvault_is_on(Check):
    def execute(self) -> Check_Report:
        findings = []
        for subscription, pricings in defender_client.pricings.items():
-            report = Check_Report(self.metadata)
+            report = Check_Report(self.metadata())
            report.region = defender_client.region
            report.status = "PASS"
            report.resource_id = "Defender plan KeyVaults"
--- a/providers/azure/services/defender/defender_ensure_defender_for_os_relational_databases_is_on/defender_ensure_defender_for_os_relational_databases_is_on.py
+++ b/providers/azure/services/defender/defender_ensure_defender_for_os_relational_databases_is_on/defender_ensure_defender_for_os_relational_databases_is_on.py
@@ -6,7 +6,7 @@ class defender_ensure_defender_for_os_relational_databases_is_on(Check):
    def execute(self) -> Check_Report:
        findings = []
        for subscription, pricings in defender_client.pricings.items():
-            report = Check_Report(self.metadata)
+            report = Check_Report(self.metadata())
            report.region = defender_client.region
            report.status = "PASS"
            report.resource_id = "Defender plan Open-Source Relational Databases"
--- a/providers/azure/services/defender/defender_ensure_defender_for_server_is_on/defender_ensure_defender_for_server_is_on.py
+++ b/providers/azure/services/defender/defender_ensure_defender_for_server_is_on/defender_ensure_defender_for_server_is_on.py
@@ -6,7 +6,7 @@ class defender_ensure_defender_for_server_is_on(Check):
    def execute(self) -> Check_Report:
        findings = []
        for subscription, pricings in defender_client.pricings.items():
-            report = Check_Report(self.metadata)
+            report = Check_Report(self.metadata())
            report.region = defender_client.region
            report.status = "PASS"
            report.resource_id = "Defender plan Servers"
--- a/providers/azure/services/defender/defender_ensure_defender_for_sql_servers_is_on/defender_ensure_defender_for_sql_servers_is_on.py
+++ b/providers/azure/services/defender/defender_ensure_defender_for_sql_servers_is_on/defender_ensure_defender_for_sql_servers_is_on.py
@@ -6,7 +6,7 @@ class defender_ensure_defender_for_sql_servers_is_on(Check):
    def execute(self) -> Check_Report:
        findings = []
        for subscription, pricings in defender_client.pricings.items():
-            report = Check_Report(self.metadata)
+            report = Check_Report(self.metadata())
            report.region = defender_client.region
            report.status = "PASS"
            report.resource_id = "Defender plan SQL Server VMs"
--- a/providers/azure/services/defender/defender_ensure_defender_for_storage_is_on/defender_ensure_defender_for_storage_is_on.py
+++ b/providers/azure/services/defender/defender_ensure_defender_for_storage_is_on/defender_ensure_defender_for_storage_is_on.py
@@ -6,7 +6,7 @@ class defender_ensure_defender_for_storage_is_on(Check):
    def execute(self) -> Check_Report:
        findings = []
        for subscription, pricings in defender_client.pricings.items():
-            report = Check_Report(self.metadata)
+            report = Check_Report(self.metadata())
            report.region = defender_client.region
            report.status = "PASS"
            report.resource_id = "Defender plan Storage Accounts"
--- a/providers/azure/services/iam/iam_subscription_roles_owner_custom_not_created/iam_subscription_roles_owner_custom_not_created.py
+++ b/providers/azure/services/iam/iam_subscription_roles_owner_custom_not_created/iam_subscription_roles_owner_custom_not_created.py
@@ -9,7 +9,7 @@ class iam_subscription_roles_owner_custom_not_created(Check):
        findings = []
        for subscription, roles in iam_client.roles.items():
            for role in roles:
-                report = Check_Report(self.metadata)
+                report = Check_Report(self.metadata())
                report.region = iam_client.region
                report.status = "PASS"
                report.status_extended = f"Role {role.name} from subscription {subscription} is not a custom owner role"
--- a/providers/azure/services/storage/storage_blob_public_access_level_is_disabled/storage_blob_public_access_level_is_disabled.py
+++ b/providers/azure/services/storage/storage_blob_public_access_level_is_disabled/storage_blob_public_access_level_is_disabled.py
@@ -7,7 +7,7 @@ class storage_blob_public_access_level_is_disabled(Check):
        findings = []
        for subscription, storage_accounts in storage_client.storage_accounts.items():
            for storage_account in storage_accounts:
-                report = Check_Report(self.metadata)
+                report = Check_Report(self.metadata())
                report.region = storage_client.region
                report.status = "PASS"
                report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has allow blob public access disabled"
--- a/providers/azure/services/storage/storage_default_network_access_rule_is_denied/storage_default_network_access_rule_is_denied.py
+++ b/providers/azure/services/storage/storage_default_network_access_rule_is_denied/storage_default_network_access_rule_is_denied.py
@@ -7,7 +7,7 @@ class storage_default_network_access_rule_is_denied(Check):
        findings = []
        for subscription, storage_accounts in storage_client.storage_accounts.items():
            for storage_account in storage_accounts:
-                report = Check_Report(self.metadata)
+                report = Check_Report(self.metadata())
                report.region = storage_client.region
                report.status = "PASS"
                report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has network access rule set to Deny"
--- a/providers/azure/services/storage/storage_ensure_azure_services_are_trusted_to_access_is_enabled/storage_ensure_azure_services_are_trusted_to_access_is_enabled.py
+++ b/providers/azure/services/storage/storage_ensure_azure_services_are_trusted_to_access_is_enabled/storage_ensure_azure_services_are_trusted_to_access_is_enabled.py
@@ -7,7 +7,7 @@ class storage_ensure_azure_services_are_trusted_to_access_is_enabled(Check):
        findings = []
        for subscription, storage_accounts in storage_client.storage_accounts.items():
            for storage_account in storage_accounts:
-                report = Check_Report(self.metadata)
+                report = Check_Report(self.metadata())
                report.region = storage_client.region
                report.status = "PASS"
                report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} allows trusted Microsoft services to access this storage account"
--- a/providers/azure/services/storage/storage_ensure_encryption_with_customer_managed_keys/storage_ensure_encryption_with_customer_managed_keys.py
+++ b/providers/azure/services/storage/storage_ensure_encryption_with_customer_managed_keys/storage_ensure_encryption_with_customer_managed_keys.py
@@ -7,7 +7,7 @@ class storage_ensure_encryption_with_customer_managed_keys(Check):
        findings = []
        for subscription, storage_accounts in storage_client.storage_accounts.items():
            for storage_account in storage_accounts:
-                report = Check_Report(self.metadata)
+                report = Check_Report(self.metadata())
                report.region = storage_client.region
                report.status = "PASS"
                report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} encrypts with CMKs"
--- a/providers/azure/services/storage/storage_ensure_minimum_tls_version_12/storage_ensure_minimum_tls_version_12.py
+++ b/providers/azure/services/storage/storage_ensure_minimum_tls_version_12/storage_ensure_minimum_tls_version_12.py
@@ -7,7 +7,7 @@ class storage_ensure_minimum_tls_version_12(Check):
        findings = []
        for subscription, storage_accounts in storage_client.storage_accounts.items():
            for storage_account in storage_accounts:
-                report = Check_Report(self.metadata)
+                report = Check_Report(self.metadata())
                report.region = storage_client.region
                report.status = "PASS"
                report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has TLS version set to 1.2"
--- a/providers/azure/services/storage/storage_infrastructure_encryption_is_enabled/storage_infrastructure_encryption_is_enabled.py
+++ b/providers/azure/services/storage/storage_infrastructure_encryption_is_enabled/storage_infrastructure_encryption_is_enabled.py
@@ -7,7 +7,7 @@ class storage_infrastructure_encryption_is_enabled(Check):
        findings = []
        for subscription, storage_accounts in storage_client.storage_accounts.items():
            for storage_account in storage_accounts:
-                report = Check_Report(self.metadata)
+                report = Check_Report(self.metadata())
                report.region = storage_client.region
                report.status = "PASS"
                report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has infrastructure encryption enabled"
--- a/providers/azure/services/storage/storage_secure_transfer_required_is_enabled/storage_secure_transfer_required_is_enabled.py
+++ b/providers/azure/services/storage/storage_secure_transfer_required_is_enabled/storage_secure_transfer_required_is_enabled.py
@@ -7,7 +7,7 @@ class storage_secure_transfer_required_is_enabled(Check):
        findings = []
        for subscription, storage_accounts in storage_client.storage_accounts.items():
            for storage_account in storage_accounts:
-                report = Check_Report(self.metadata)
+                report = Check_Report(self.metadata())
                report.region = storage_client.region
                report.status = "PASS"
                report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has secure transfer required enabled"
--- a/8
+++ b/8
@@ -30,13 +30,13 @@ from lib.check.check import (
 from lib.check.checks_loader import load_checks_to_execute
 from lib.check.compliance import update_checks_metadata_with_compliance
 from lib.logger import logger, set_logging_config
-from providers.aws.aws_provider import aws_provider_set_session
 from lib.outputs.outputs import (
    close_json,
    display_compliance_table,
    display_summary_table,
    send_to_s3_bucket,
 )
+from providers.aws.aws_provider import aws_provider_set_session
 from providers.aws.lib.allowlist.allowlist import parse_allowlist_file
 from providers.aws.lib.security_hub.security_hub import (
    resolve_security_hub_previous_findings,
@@ -427,11 +427,7 @@ if __name__ == "__main__":
    if findings:
        # Display summary table
        display_summary_table(
-            findings,
-            audit_info,
-            output_filename,
-            output_directory,
-            provider
+            findings, audit_info, output_filename, output_directory, provider
        )

        if compliance_framework: