diff --git a/lib/outputs/outputs.py b/lib/outputs/outputs.py index 114164a6..860dd2da 100644 --- a/lib/outputs/outputs.py +++ b/lib/outputs/outputs.py @@ -483,7 +483,7 @@ def add_service_to_table(findings_table, current): ) current["Status"] = f"{Fore.RED}FAIL ({total_fails}){Style.RESET_ALL}" else: - current["Status"] = f"{Fore.GREEN}PASS ({current['Total']}){Style.RESET_ALL}" + current["Status"] = f"{Fore.GREEN}PASS {Style.RESET_ALL}" findings_table["Provider"].append(current["Provider"]) findings_table["Service"].append(current["Service"]) findings_table["Status"].append(current["Status"]) diff --git a/providers/azure/services/defender/defender_ensure_defender_for_app_services_is_on/defender_ensure_defender_for_app_services_is_on.py b/providers/azure/services/defender/defender_ensure_defender_for_app_services_is_on/defender_ensure_defender_for_app_services_is_on.py index 1149e339..70bb004c 100644 --- a/providers/azure/services/defender/defender_ensure_defender_for_app_services_is_on/defender_ensure_defender_for_app_services_is_on.py +++ b/providers/azure/services/defender/defender_ensure_defender_for_app_services_is_on/defender_ensure_defender_for_app_services_is_on.py @@ -6,7 +6,7 @@ class defender_ensure_defender_for_app_services_is_on(Check): def execute(self) -> Check_Report: findings = [] for subscription, pricings in defender_client.pricings.items(): - report = Check_Report(self.metadata) + report = Check_Report(self.metadata()) report.region = defender_client.region report.status = "PASS" report.resource_id = "Defender plan App Services" diff --git a/providers/azure/services/defender/defender_ensure_defender_for_arm_is_on/defender_ensure_defender_for_arm_is_on.py b/providers/azure/services/defender/defender_ensure_defender_for_arm_is_on/defender_ensure_defender_for_arm_is_on.py index 19a0b06c..d507f3fa 100644 --- a/providers/azure/services/defender/defender_ensure_defender_for_arm_is_on/defender_ensure_defender_for_arm_is_on.py +++ b/providers/azure/services/defender/defender_ensure_defender_for_arm_is_on/defender_ensure_defender_for_arm_is_on.py @@ -6,7 +6,7 @@ class defender_ensure_defender_for_arm_is_on(Check): def execute(self) -> Check_Report: findings = [] for subscription, pricings in defender_client.pricings.items(): - report = Check_Report(self.metadata) + report = Check_Report(self.metadata()) report.region = defender_client.region report.status = "PASS" report.resource_id = "Defender planARM" diff --git a/providers/azure/services/defender/defender_ensure_defender_for_azure_sql_databases_is_on/defender_ensure_defender_for_azure_sql_databases_is_on.py b/providers/azure/services/defender/defender_ensure_defender_for_azure_sql_databases_is_on/defender_ensure_defender_for_azure_sql_databases_is_on.py index 2c75dacc..66b9bee0 100644 --- a/providers/azure/services/defender/defender_ensure_defender_for_azure_sql_databases_is_on/defender_ensure_defender_for_azure_sql_databases_is_on.py +++ b/providers/azure/services/defender/defender_ensure_defender_for_azure_sql_databases_is_on/defender_ensure_defender_for_azure_sql_databases_is_on.py @@ -6,7 +6,7 @@ class defender_ensure_defender_for_azure_sql_databases_is_on(Check): def execute(self) -> Check_Report: findings = [] for subscription, pricings in defender_client.pricings.items(): - report = Check_Report(self.metadata) + report = Check_Report(self.metadata()) report.region = defender_client.region report.status = "PASS" report.resource_id = "Defender plan Azure sql db servers" diff --git a/providers/azure/services/defender/defender_ensure_defender_for_containers_is_on/defender_ensure_defender_for_containers_is_on.py b/providers/azure/services/defender/defender_ensure_defender_for_containers_is_on/defender_ensure_defender_for_containers_is_on.py index 42ba4604..055af9ad 100644 --- a/providers/azure/services/defender/defender_ensure_defender_for_containers_is_on/defender_ensure_defender_for_containers_is_on.py +++ b/providers/azure/services/defender/defender_ensure_defender_for_containers_is_on/defender_ensure_defender_for_containers_is_on.py @@ -6,7 +6,7 @@ class defender_ensure_defender_for_containers_is_on(Check): def execute(self) -> Check_Report: findings = [] for subscription, pricings in defender_client.pricings.items(): - report = Check_Report(self.metadata) + report = Check_Report(self.metadata()) report.region = defender_client.region report.status = "PASS" report.resource_id = "Defender plan Container Registries" diff --git a/providers/azure/services/defender/defender_ensure_defender_for_cosmosdb_is_on/defender_ensure_defender_for_cosmosdb_is_on.py b/providers/azure/services/defender/defender_ensure_defender_for_cosmosdb_is_on/defender_ensure_defender_for_cosmosdb_is_on.py index 687fbef8..5bd5e345 100644 --- a/providers/azure/services/defender/defender_ensure_defender_for_cosmosdb_is_on/defender_ensure_defender_for_cosmosdb_is_on.py +++ b/providers/azure/services/defender/defender_ensure_defender_for_cosmosdb_is_on/defender_ensure_defender_for_cosmosdb_is_on.py @@ -6,7 +6,7 @@ class defender_ensure_defender_for_cosmosdb_is_on(Check): def execute(self) -> Check_Report: findings = [] for subscription, pricings in defender_client.pricings.items(): - report = Check_Report(self.metadata) + report = Check_Report(self.metadata()) report.region = defender_client.region report.status = "PASS" report.resource_id = "Defender plan Cosmos DB" diff --git a/providers/azure/services/defender/defender_ensure_defender_for_databases_is_on/defender_ensure_defender_for_databases_is_on.py b/providers/azure/services/defender/defender_ensure_defender_for_databases_is_on/defender_ensure_defender_for_databases_is_on.py index a54a5760..5b2418bf 100644 --- a/providers/azure/services/defender/defender_ensure_defender_for_databases_is_on/defender_ensure_defender_for_databases_is_on.py +++ b/providers/azure/services/defender/defender_ensure_defender_for_databases_is_on/defender_ensure_defender_for_databases_is_on.py @@ -6,7 +6,7 @@ class defender_ensure_defender_for_databases_is_on(Check): def execute(self) -> Check_Report: findings = [] for subscription, pricings in defender_client.pricings.items(): - report = Check_Report(self.metadata) + report = Check_Report(self.metadata()) report.region = defender_client.region report.status = "PASS" report.resource_id = "Defender plan Databases" diff --git a/providers/azure/services/defender/defender_ensure_defender_for_dns_is_on/defender_ensure_defender_for_dns_is_on.py b/providers/azure/services/defender/defender_ensure_defender_for_dns_is_on/defender_ensure_defender_for_dns_is_on.py index dc464ce4..b6d5b0ae 100644 --- a/providers/azure/services/defender/defender_ensure_defender_for_dns_is_on/defender_ensure_defender_for_dns_is_on.py +++ b/providers/azure/services/defender/defender_ensure_defender_for_dns_is_on/defender_ensure_defender_for_dns_is_on.py @@ -6,7 +6,7 @@ class defender_ensure_defender_for_dns_is_on(Check): def execute(self) -> Check_Report: findings = [] for subscription, pricings in defender_client.pricings.items(): - report = Check_Report(self.metadata) + report = Check_Report(self.metadata()) report.region = defender_client.region report.status = "PASS" report.resource_id = "Defender plan DNS" diff --git a/providers/azure/services/defender/defender_ensure_defender_for_keyvault_is_on/defender_ensure_defender_for_keyvault_is_on.py b/providers/azure/services/defender/defender_ensure_defender_for_keyvault_is_on/defender_ensure_defender_for_keyvault_is_on.py index 2f7f7938..2f1bdb04 100644 --- a/providers/azure/services/defender/defender_ensure_defender_for_keyvault_is_on/defender_ensure_defender_for_keyvault_is_on.py +++ b/providers/azure/services/defender/defender_ensure_defender_for_keyvault_is_on/defender_ensure_defender_for_keyvault_is_on.py @@ -6,7 +6,7 @@ class defender_ensure_defender_for_keyvault_is_on(Check): def execute(self) -> Check_Report: findings = [] for subscription, pricings in defender_client.pricings.items(): - report = Check_Report(self.metadata) + report = Check_Report(self.metadata()) report.region = defender_client.region report.status = "PASS" report.resource_id = "Defender plan KeyVaults" diff --git a/providers/azure/services/defender/defender_ensure_defender_for_os_relational_databases_is_on/defender_ensure_defender_for_os_relational_databases_is_on.py b/providers/azure/services/defender/defender_ensure_defender_for_os_relational_databases_is_on/defender_ensure_defender_for_os_relational_databases_is_on.py index d858bb41..ae270738 100644 --- a/providers/azure/services/defender/defender_ensure_defender_for_os_relational_databases_is_on/defender_ensure_defender_for_os_relational_databases_is_on.py +++ b/providers/azure/services/defender/defender_ensure_defender_for_os_relational_databases_is_on/defender_ensure_defender_for_os_relational_databases_is_on.py @@ -6,7 +6,7 @@ class defender_ensure_defender_for_os_relational_databases_is_on(Check): def execute(self) -> Check_Report: findings = [] for subscription, pricings in defender_client.pricings.items(): - report = Check_Report(self.metadata) + report = Check_Report(self.metadata()) report.region = defender_client.region report.status = "PASS" report.resource_id = "Defender plan Open-Source Relational Databases" diff --git a/providers/azure/services/defender/defender_ensure_defender_for_server_is_on/defender_ensure_defender_for_server_is_on.py b/providers/azure/services/defender/defender_ensure_defender_for_server_is_on/defender_ensure_defender_for_server_is_on.py index 3f3884b9..cace2055 100644 --- a/providers/azure/services/defender/defender_ensure_defender_for_server_is_on/defender_ensure_defender_for_server_is_on.py +++ b/providers/azure/services/defender/defender_ensure_defender_for_server_is_on/defender_ensure_defender_for_server_is_on.py @@ -6,7 +6,7 @@ class defender_ensure_defender_for_server_is_on(Check): def execute(self) -> Check_Report: findings = [] for subscription, pricings in defender_client.pricings.items(): - report = Check_Report(self.metadata) + report = Check_Report(self.metadata()) report.region = defender_client.region report.status = "PASS" report.resource_id = "Defender plan Servers" diff --git a/providers/azure/services/defender/defender_ensure_defender_for_sql_servers_is_on/defender_ensure_defender_for_sql_servers_is_on.py b/providers/azure/services/defender/defender_ensure_defender_for_sql_servers_is_on/defender_ensure_defender_for_sql_servers_is_on.py index 1828ea39..b173b51f 100644 --- a/providers/azure/services/defender/defender_ensure_defender_for_sql_servers_is_on/defender_ensure_defender_for_sql_servers_is_on.py +++ b/providers/azure/services/defender/defender_ensure_defender_for_sql_servers_is_on/defender_ensure_defender_for_sql_servers_is_on.py @@ -6,7 +6,7 @@ class defender_ensure_defender_for_sql_servers_is_on(Check): def execute(self) -> Check_Report: findings = [] for subscription, pricings in defender_client.pricings.items(): - report = Check_Report(self.metadata) + report = Check_Report(self.metadata()) report.region = defender_client.region report.status = "PASS" report.resource_id = "Defender plan SQL Server VMs" diff --git a/providers/azure/services/defender/defender_ensure_defender_for_storage_is_on/defender_ensure_defender_for_storage_is_on.py b/providers/azure/services/defender/defender_ensure_defender_for_storage_is_on/defender_ensure_defender_for_storage_is_on.py index 5a7dd35d..3e35ea12 100644 --- a/providers/azure/services/defender/defender_ensure_defender_for_storage_is_on/defender_ensure_defender_for_storage_is_on.py +++ b/providers/azure/services/defender/defender_ensure_defender_for_storage_is_on/defender_ensure_defender_for_storage_is_on.py @@ -6,7 +6,7 @@ class defender_ensure_defender_for_storage_is_on(Check): def execute(self) -> Check_Report: findings = [] for subscription, pricings in defender_client.pricings.items(): - report = Check_Report(self.metadata) + report = Check_Report(self.metadata()) report.region = defender_client.region report.status = "PASS" report.resource_id = "Defender plan Storage Accounts" diff --git a/providers/azure/services/iam/iam_subscription_roles_owner_custom_not_created/iam_subscription_roles_owner_custom_not_created.py b/providers/azure/services/iam/iam_subscription_roles_owner_custom_not_created/iam_subscription_roles_owner_custom_not_created.py index 93d62c6b..1d0bcf12 100644 --- a/providers/azure/services/iam/iam_subscription_roles_owner_custom_not_created/iam_subscription_roles_owner_custom_not_created.py +++ b/providers/azure/services/iam/iam_subscription_roles_owner_custom_not_created/iam_subscription_roles_owner_custom_not_created.py @@ -9,7 +9,7 @@ class iam_subscription_roles_owner_custom_not_created(Check): findings = [] for subscription, roles in iam_client.roles.items(): for role in roles: - report = Check_Report(self.metadata) + report = Check_Report(self.metadata()) report.region = iam_client.region report.status = "PASS" report.status_extended = f"Role {role.name} from subscription {subscription} is not a custom owner role" diff --git a/providers/azure/services/storage/storage_blob_public_access_level_is_disabled/storage_blob_public_access_level_is_disabled.py b/providers/azure/services/storage/storage_blob_public_access_level_is_disabled/storage_blob_public_access_level_is_disabled.py index bf8dca1b..bab51203 100644 --- a/providers/azure/services/storage/storage_blob_public_access_level_is_disabled/storage_blob_public_access_level_is_disabled.py +++ b/providers/azure/services/storage/storage_blob_public_access_level_is_disabled/storage_blob_public_access_level_is_disabled.py @@ -7,7 +7,7 @@ class storage_blob_public_access_level_is_disabled(Check): findings = [] for subscription, storage_accounts in storage_client.storage_accounts.items(): for storage_account in storage_accounts: - report = Check_Report(self.metadata) + report = Check_Report(self.metadata()) report.region = storage_client.region report.status = "PASS" report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has allow blob public access disabled" diff --git a/providers/azure/services/storage/storage_default_network_access_rule_is_denied/storage_default_network_access_rule_is_denied.py b/providers/azure/services/storage/storage_default_network_access_rule_is_denied/storage_default_network_access_rule_is_denied.py index 02b1ef39..df4a4a42 100644 --- a/providers/azure/services/storage/storage_default_network_access_rule_is_denied/storage_default_network_access_rule_is_denied.py +++ b/providers/azure/services/storage/storage_default_network_access_rule_is_denied/storage_default_network_access_rule_is_denied.py @@ -7,7 +7,7 @@ class storage_default_network_access_rule_is_denied(Check): findings = [] for subscription, storage_accounts in storage_client.storage_accounts.items(): for storage_account in storage_accounts: - report = Check_Report(self.metadata) + report = Check_Report(self.metadata()) report.region = storage_client.region report.status = "PASS" report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has network access rule set to Deny" diff --git a/providers/azure/services/storage/storage_ensure_azure_services_are_trusted_to_access_is_enabled/storage_ensure_azure_services_are_trusted_to_access_is_enabled.py b/providers/azure/services/storage/storage_ensure_azure_services_are_trusted_to_access_is_enabled/storage_ensure_azure_services_are_trusted_to_access_is_enabled.py index 7451cf9e..54838209 100644 --- a/providers/azure/services/storage/storage_ensure_azure_services_are_trusted_to_access_is_enabled/storage_ensure_azure_services_are_trusted_to_access_is_enabled.py +++ b/providers/azure/services/storage/storage_ensure_azure_services_are_trusted_to_access_is_enabled/storage_ensure_azure_services_are_trusted_to_access_is_enabled.py @@ -7,7 +7,7 @@ class storage_ensure_azure_services_are_trusted_to_access_is_enabled(Check): findings = [] for subscription, storage_accounts in storage_client.storage_accounts.items(): for storage_account in storage_accounts: - report = Check_Report(self.metadata) + report = Check_Report(self.metadata()) report.region = storage_client.region report.status = "PASS" report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} allows trusted Microsoft services to access this storage account" diff --git a/providers/azure/services/storage/storage_ensure_encryption_with_customer_managed_keys/storage_ensure_encryption_with_customer_managed_keys.py b/providers/azure/services/storage/storage_ensure_encryption_with_customer_managed_keys/storage_ensure_encryption_with_customer_managed_keys.py index 659a10d9..3fce778e 100644 --- a/providers/azure/services/storage/storage_ensure_encryption_with_customer_managed_keys/storage_ensure_encryption_with_customer_managed_keys.py +++ b/providers/azure/services/storage/storage_ensure_encryption_with_customer_managed_keys/storage_ensure_encryption_with_customer_managed_keys.py @@ -7,7 +7,7 @@ class storage_ensure_encryption_with_customer_managed_keys(Check): findings = [] for subscription, storage_accounts in storage_client.storage_accounts.items(): for storage_account in storage_accounts: - report = Check_Report(self.metadata) + report = Check_Report(self.metadata()) report.region = storage_client.region report.status = "PASS" report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} encrypts with CMKs" diff --git a/providers/azure/services/storage/storage_ensure_minimum_tls_version_12/storage_ensure_minimum_tls_version_12.py b/providers/azure/services/storage/storage_ensure_minimum_tls_version_12/storage_ensure_minimum_tls_version_12.py index 03a298f9..322ec2e9 100644 --- a/providers/azure/services/storage/storage_ensure_minimum_tls_version_12/storage_ensure_minimum_tls_version_12.py +++ b/providers/azure/services/storage/storage_ensure_minimum_tls_version_12/storage_ensure_minimum_tls_version_12.py @@ -7,7 +7,7 @@ class storage_ensure_minimum_tls_version_12(Check): findings = [] for subscription, storage_accounts in storage_client.storage_accounts.items(): for storage_account in storage_accounts: - report = Check_Report(self.metadata) + report = Check_Report(self.metadata()) report.region = storage_client.region report.status = "PASS" report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has TLS version set to 1.2" diff --git a/providers/azure/services/storage/storage_infrastructure_encryption_is_enabled/storage_infrastructure_encryption_is_enabled.py b/providers/azure/services/storage/storage_infrastructure_encryption_is_enabled/storage_infrastructure_encryption_is_enabled.py index 54f3c78e..13835bdc 100644 --- a/providers/azure/services/storage/storage_infrastructure_encryption_is_enabled/storage_infrastructure_encryption_is_enabled.py +++ b/providers/azure/services/storage/storage_infrastructure_encryption_is_enabled/storage_infrastructure_encryption_is_enabled.py @@ -7,7 +7,7 @@ class storage_infrastructure_encryption_is_enabled(Check): findings = [] for subscription, storage_accounts in storage_client.storage_accounts.items(): for storage_account in storage_accounts: - report = Check_Report(self.metadata) + report = Check_Report(self.metadata()) report.region = storage_client.region report.status = "PASS" report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has infrastructure encryption enabled" diff --git a/providers/azure/services/storage/storage_secure_transfer_required_is_enabled/storage_secure_transfer_required_is_enabled.py b/providers/azure/services/storage/storage_secure_transfer_required_is_enabled/storage_secure_transfer_required_is_enabled.py index 61102c17..3790d068 100644 --- a/providers/azure/services/storage/storage_secure_transfer_required_is_enabled/storage_secure_transfer_required_is_enabled.py +++ b/providers/azure/services/storage/storage_secure_transfer_required_is_enabled/storage_secure_transfer_required_is_enabled.py @@ -7,7 +7,7 @@ class storage_secure_transfer_required_is_enabled(Check): findings = [] for subscription, storage_accounts in storage_client.storage_accounts.items(): for storage_account in storage_accounts: - report = Check_Report(self.metadata) + report = Check_Report(self.metadata()) report.region = storage_client.region report.status = "PASS" report.status_extended = f"Storage account {storage_account.name} from subscription {subscription} has secure transfer required enabled" diff --git a/prowler b/prowler old mode 100644 new mode 100755 index a70410a4..35102f33 --- a/prowler +++ b/prowler @@ -30,13 +30,13 @@ from lib.check.check import ( from lib.check.checks_loader import load_checks_to_execute from lib.check.compliance import update_checks_metadata_with_compliance from lib.logger import logger, set_logging_config -from providers.aws.aws_provider import aws_provider_set_session from lib.outputs.outputs import ( close_json, display_compliance_table, display_summary_table, send_to_s3_bucket, ) +from providers.aws.aws_provider import aws_provider_set_session from providers.aws.lib.allowlist.allowlist import parse_allowlist_file from providers.aws.lib.security_hub.security_hub import ( resolve_security_hub_previous_findings, @@ -427,11 +427,7 @@ if __name__ == "__main__": if findings: # Display summary table display_summary_table( - findings, - audit_info, - output_filename, - output_directory, - provider + findings, audit_info, output_filename, output_directory, provider ) if compliance_framework: