From 9bd2519c83d39f9562debaa717872db93c7ef2ff Mon Sep 17 00:00:00 2001 From: Sergio Garcia <38561120+sergargar@users.noreply.github.com> Date: Wed, 25 Oct 2023 16:59:06 +0200 Subject: [PATCH] chore(APIGatewayV2): improve check naming (#2966) --- docs/tutorials/aws/v2_to_v3_checks_mapping.md | 4 ++-- ...undational_security_best_practices_aws.json | 4 ++-- ...ected_framework_reliability_pillar_aws.json | 2 +- ...hitected_framework_security_pillar_aws.json | 4 ++-- .../__init__.py | 0 ...2_api_access_logging_enabled.metadata.json} | 4 ++-- ...apigatewayv2_api_access_logging_enabled.py} | 2 +- .../__init__.py | 0 ...ayv2_api_authorizers_enabled.metadata.json} | 4 ++-- .../apigatewayv2_api_authorizers_enabled.py} | 2 +- ...apigatewayv2_access_logging_enabled_test.py | 18 +++++++++--------- .../apigatewayv2_authorizers_enabled_test.py | 18 +++++++++--------- 12 files changed, 31 insertions(+), 31 deletions(-) rename prowler/providers/aws/services/apigatewayv2/{apigatewayv2_access_logging_enabled => apigatewayv2_api_access_logging_enabled}/__init__.py (100%) rename prowler/providers/aws/services/apigatewayv2/{apigatewayv2_access_logging_enabled/apigatewayv2_access_logging_enabled.metadata.json => apigatewayv2_api_access_logging_enabled/apigatewayv2_api_access_logging_enabled.metadata.json} (94%) rename prowler/providers/aws/services/apigatewayv2/{apigatewayv2_access_logging_enabled/apigatewayv2_access_logging_enabled.py => apigatewayv2_api_access_logging_enabled/apigatewayv2_api_access_logging_enabled.py} (95%) rename prowler/providers/aws/services/apigatewayv2/{apigatewayv2_authorizers_enabled => apigatewayv2_api_authorizers_enabled}/__init__.py (100%) rename prowler/providers/aws/services/apigatewayv2/{apigatewayv2_authorizers_enabled/apigatewayv2_authorizers_enabled.metadata.json => apigatewayv2_api_authorizers_enabled/apigatewayv2_api_authorizers_enabled.metadata.json} (92%) rename prowler/providers/aws/services/apigatewayv2/{apigatewayv2_authorizers_enabled/apigatewayv2_authorizers_enabled.py => apigatewayv2_api_authorizers_enabled/apigatewayv2_api_authorizers_enabled.py} (94%) diff --git a/docs/tutorials/aws/v2_to_v3_checks_mapping.md b/docs/tutorials/aws/v2_to_v3_checks_mapping.md index a5797f9a..b616c3bf 100644 --- a/docs/tutorials/aws/v2_to_v3_checks_mapping.md +++ b/docs/tutorials/aws/v2_to_v3_checks_mapping.md @@ -17,8 +17,8 @@ checks_v3_to_v2_mapping = { "apigateway_restapi_public": "extra745", "apigateway_restapi_logging_enabled": "extra722", "apigateway_restapi_waf_acl_attached": "extra744", - "apigatewayv2_access_logging_enabled": "extra7156", - "apigatewayv2_authorizers_enabled": "extra7157", + "apigatewayv2_api_access_logging_enabled": "extra7156", + "apigatewayv2_api_authorizers_enabled": "extra7157", "appstream_fleet_default_internet_access_disabled": "extra7193", "appstream_fleet_maximum_session_duration": "extra7190", "appstream_fleet_session_disconnect_timeout": "extra7191", diff --git a/prowler/compliance/aws/aws_foundational_security_best_practices_aws.json b/prowler/compliance/aws/aws_foundational_security_best_practices_aws.json index d7550de1..74345d21 100644 --- a/prowler/compliance/aws/aws_foundational_security_best_practices_aws.json +++ b/prowler/compliance/aws/aws_foundational_security_best_practices_aws.json @@ -49,8 +49,8 @@ "apigateway_restapi_logging_enabled", "apigateway_restapi_client_certificate_enabled", "apigateway_restapi_waf_acl_attached", - "apigatewayv2_authorizers_enabled", - "apigatewayv2_access_logging_enabled" + "apigatewayv2_api_authorizers_enabled", + "apigatewayv2_api_access_logging_enabled" ] }, { diff --git a/prowler/compliance/aws/aws_well_architected_framework_reliability_pillar_aws.json b/prowler/compliance/aws/aws_well_architected_framework_reliability_pillar_aws.json index 6395fca7..14634bc2 100644 --- a/prowler/compliance/aws/aws_well_architected_framework_reliability_pillar_aws.json +++ b/prowler/compliance/aws/aws_well_architected_framework_reliability_pillar_aws.json @@ -45,7 +45,7 @@ ], "Checks": [ "apigateway_restapi_logging_enabled", - "apigatewayv2_access_logging_enabled", + "apigatewayv2_api_access_logging_enabled", "awslambda_function_invoke_api_operations_cloudtrail_logging_enabled", "cloudtrail_cloudwatch_logging_enabled", "elb_logging_enabled", diff --git a/prowler/compliance/aws/aws_well_architected_framework_security_pillar_aws.json b/prowler/compliance/aws/aws_well_architected_framework_security_pillar_aws.json index 80f63e6d..b070d815 100644 --- a/prowler/compliance/aws/aws_well_architected_framework_security_pillar_aws.json +++ b/prowler/compliance/aws/aws_well_architected_framework_security_pillar_aws.json @@ -542,7 +542,7 @@ "cloudtrail_s3_dataevents_read_enabled", "cloudtrail_s3_dataevents_write_enabled", "acm_certificates_transparency_logs_enabled", - "apigatewayv2_access_logging_enabled", + "apigatewayv2_api_access_logging_enabled", "awslambda_function_invoke_api_operations_cloudtrail_logging_enabled", "cloudfront_distributions_logging_enabled", "cloudtrail_cloudwatch_logging_enabled", @@ -694,7 +694,7 @@ "ec2_networkacl_allow_ingress_tcp_port_22", "sagemaker_notebook_instance_without_direct_internet_access_configured", "apigateway_restapi_authorizers_enabled", - "apigatewayv2_authorizers_enabled", + "apigatewayv2_api_authorizers_enabled", "s3_bucket_acl_prohibited", "s3_bucket_no_mfa_delete" ] diff --git a/prowler/providers/aws/services/apigatewayv2/apigatewayv2_access_logging_enabled/__init__.py b/prowler/providers/aws/services/apigatewayv2/apigatewayv2_api_access_logging_enabled/__init__.py similarity index 100% rename from prowler/providers/aws/services/apigatewayv2/apigatewayv2_access_logging_enabled/__init__.py rename to prowler/providers/aws/services/apigatewayv2/apigatewayv2_api_access_logging_enabled/__init__.py diff --git a/prowler/providers/aws/services/apigatewayv2/apigatewayv2_access_logging_enabled/apigatewayv2_access_logging_enabled.metadata.json b/prowler/providers/aws/services/apigatewayv2/apigatewayv2_api_access_logging_enabled/apigatewayv2_api_access_logging_enabled.metadata.json similarity index 94% rename from prowler/providers/aws/services/apigatewayv2/apigatewayv2_access_logging_enabled/apigatewayv2_access_logging_enabled.metadata.json rename to prowler/providers/aws/services/apigatewayv2/apigatewayv2_api_access_logging_enabled/apigatewayv2_api_access_logging_enabled.metadata.json index 160f8b6f..ee6bd19c 100644 --- a/prowler/providers/aws/services/apigatewayv2/apigatewayv2_access_logging_enabled/apigatewayv2_access_logging_enabled.metadata.json +++ b/prowler/providers/aws/services/apigatewayv2/apigatewayv2_api_access_logging_enabled/apigatewayv2_api_access_logging_enabled.metadata.json @@ -1,12 +1,12 @@ { "Provider": "aws", - "CheckID": "apigatewayv2_access_logging_enabled", + "CheckID": "apigatewayv2_api_access_logging_enabled", "CheckTitle": "Ensure API Gateway V2 has Access Logging enabled.", "CheckType": [ "IAM" ], "ServiceName": "apigateway", - "SubServiceName": "rest_api", + "SubServiceName": "", "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", "Severity": "medium", "ResourceType": "AwsApiGatewayV2Api", diff --git a/prowler/providers/aws/services/apigatewayv2/apigatewayv2_access_logging_enabled/apigatewayv2_access_logging_enabled.py b/prowler/providers/aws/services/apigatewayv2/apigatewayv2_api_access_logging_enabled/apigatewayv2_api_access_logging_enabled.py similarity index 95% rename from prowler/providers/aws/services/apigatewayv2/apigatewayv2_access_logging_enabled/apigatewayv2_access_logging_enabled.py rename to prowler/providers/aws/services/apigatewayv2/apigatewayv2_api_access_logging_enabled/apigatewayv2_api_access_logging_enabled.py index 173e3f89..3a3c6f56 100644 --- a/prowler/providers/aws/services/apigatewayv2/apigatewayv2_access_logging_enabled/apigatewayv2_access_logging_enabled.py +++ b/prowler/providers/aws/services/apigatewayv2/apigatewayv2_api_access_logging_enabled/apigatewayv2_api_access_logging_enabled.py @@ -4,7 +4,7 @@ from prowler.providers.aws.services.apigatewayv2.apigatewayv2_client import ( ) -class apigatewayv2_access_logging_enabled(Check): +class apigatewayv2_api_access_logging_enabled(Check): def execute(self): findings = [] for api in apigatewayv2_client.apis: diff --git a/prowler/providers/aws/services/apigatewayv2/apigatewayv2_authorizers_enabled/__init__.py b/prowler/providers/aws/services/apigatewayv2/apigatewayv2_api_authorizers_enabled/__init__.py similarity index 100% rename from prowler/providers/aws/services/apigatewayv2/apigatewayv2_authorizers_enabled/__init__.py rename to prowler/providers/aws/services/apigatewayv2/apigatewayv2_api_authorizers_enabled/__init__.py diff --git a/prowler/providers/aws/services/apigatewayv2/apigatewayv2_authorizers_enabled/apigatewayv2_authorizers_enabled.metadata.json b/prowler/providers/aws/services/apigatewayv2/apigatewayv2_api_authorizers_enabled/apigatewayv2_api_authorizers_enabled.metadata.json similarity index 92% rename from prowler/providers/aws/services/apigatewayv2/apigatewayv2_authorizers_enabled/apigatewayv2_authorizers_enabled.metadata.json rename to prowler/providers/aws/services/apigatewayv2/apigatewayv2_api_authorizers_enabled/apigatewayv2_api_authorizers_enabled.metadata.json index 64a2c1d3..1a079c39 100644 --- a/prowler/providers/aws/services/apigatewayv2/apigatewayv2_authorizers_enabled/apigatewayv2_authorizers_enabled.metadata.json +++ b/prowler/providers/aws/services/apigatewayv2/apigatewayv2_api_authorizers_enabled/apigatewayv2_api_authorizers_enabled.metadata.json @@ -1,12 +1,12 @@ { "Provider": "aws", - "CheckID": "apigatewayv2_authorizers_enabled", + "CheckID": "apigatewayv2_api_authorizers_enabled", "CheckTitle": "Checks if API Gateway V2 has configured authorizers.", "CheckType": [ "Logging and Monitoring" ], "ServiceName": "apigateway", - "SubServiceName": "api", + "SubServiceName": "", "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", "Severity": "medium", "ResourceType": "AwsApiGatewayV2Api", diff --git a/prowler/providers/aws/services/apigatewayv2/apigatewayv2_authorizers_enabled/apigatewayv2_authorizers_enabled.py b/prowler/providers/aws/services/apigatewayv2/apigatewayv2_api_authorizers_enabled/apigatewayv2_api_authorizers_enabled.py similarity index 94% rename from prowler/providers/aws/services/apigatewayv2/apigatewayv2_authorizers_enabled/apigatewayv2_authorizers_enabled.py rename to prowler/providers/aws/services/apigatewayv2/apigatewayv2_api_authorizers_enabled/apigatewayv2_api_authorizers_enabled.py index dead01ce..d0814102 100644 --- a/prowler/providers/aws/services/apigatewayv2/apigatewayv2_authorizers_enabled/apigatewayv2_authorizers_enabled.py +++ b/prowler/providers/aws/services/apigatewayv2/apigatewayv2_api_authorizers_enabled/apigatewayv2_api_authorizers_enabled.py @@ -4,7 +4,7 @@ from prowler.providers.aws.services.apigatewayv2.apigatewayv2_client import ( ) -class apigatewayv2_authorizers_enabled(Check): +class apigatewayv2_api_authorizers_enabled(Check): def execute(self): findings = [] for api in apigatewayv2_client.apis: diff --git a/tests/providers/aws/services/apigatewayv2/apigatewayv2_access_logging_enabled/apigatewayv2_access_logging_enabled_test.py b/tests/providers/aws/services/apigatewayv2/apigatewayv2_access_logging_enabled/apigatewayv2_access_logging_enabled_test.py index 6db14aee..c06cb972 100644 --- a/tests/providers/aws/services/apigatewayv2/apigatewayv2_access_logging_enabled/apigatewayv2_access_logging_enabled_test.py +++ b/tests/providers/aws/services/apigatewayv2/apigatewayv2_access_logging_enabled/apigatewayv2_access_logging_enabled_test.py @@ -39,7 +39,7 @@ def mock_make_api_call(self, operation_name, kwarg): @patch("botocore.client.BaseClient._make_api_call", new=mock_make_api_call) -class Test_apigatewayv2_access_logging_enabled: +class Test_apigatewayv2_api_access_logging_enabled: def set_mocked_audit_info(self): audit_info = AWS_Audit_Info( session_config=None, @@ -83,15 +83,15 @@ class Test_apigatewayv2_access_logging_enabled: "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", new=current_audit_info, ), mock.patch( - "prowler.providers.aws.services.apigatewayv2.apigatewayv2_access_logging_enabled.apigatewayv2_access_logging_enabled.apigatewayv2_client", + "prowler.providers.aws.services.apigatewayv2.apigatewayv2_api_access_logging_enabled.apigatewayv2_api_access_logging_enabled.apigatewayv2_client", new=ApiGatewayV2(current_audit_info), ): # Test Check - from prowler.providers.aws.services.apigatewayv2.apigatewayv2_access_logging_enabled.apigatewayv2_access_logging_enabled import ( - apigatewayv2_access_logging_enabled, + from prowler.providers.aws.services.apigatewayv2.apigatewayv2_api_access_logging_enabled.apigatewayv2_api_access_logging_enabled import ( + apigatewayv2_api_access_logging_enabled, ) - check = apigatewayv2_access_logging_enabled() + check = apigatewayv2_api_access_logging_enabled() result = check.execute() assert len(result) == 0 @@ -113,15 +113,15 @@ class Test_apigatewayv2_access_logging_enabled: "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", new=current_audit_info, ), mock.patch( - "prowler.providers.aws.services.apigatewayv2.apigatewayv2_access_logging_enabled.apigatewayv2_access_logging_enabled.apigatewayv2_client", + "prowler.providers.aws.services.apigatewayv2.apigatewayv2_api_access_logging_enabled.apigatewayv2_api_access_logging_enabled.apigatewayv2_client", new=ApiGatewayV2(current_audit_info), ): # Test Check - from prowler.providers.aws.services.apigatewayv2.apigatewayv2_access_logging_enabled.apigatewayv2_access_logging_enabled import ( - apigatewayv2_access_logging_enabled, + from prowler.providers.aws.services.apigatewayv2.apigatewayv2_api_access_logging_enabled.apigatewayv2_api_access_logging_enabled import ( + apigatewayv2_api_access_logging_enabled, ) - check = apigatewayv2_access_logging_enabled() + check = apigatewayv2_api_access_logging_enabled() result = check.execute() assert result[0].status == "PASS" diff --git a/tests/providers/aws/services/apigatewayv2/apigatewayv2_authorizers_enabled/apigatewayv2_authorizers_enabled_test.py b/tests/providers/aws/services/apigatewayv2/apigatewayv2_authorizers_enabled/apigatewayv2_authorizers_enabled_test.py index 9bffe7d5..c2ae977a 100644 --- a/tests/providers/aws/services/apigatewayv2/apigatewayv2_authorizers_enabled/apigatewayv2_authorizers_enabled_test.py +++ b/tests/providers/aws/services/apigatewayv2/apigatewayv2_authorizers_enabled/apigatewayv2_authorizers_enabled_test.py @@ -39,7 +39,7 @@ def mock_make_api_call(self, operation_name, kwarg): @patch("botocore.client.BaseClient._make_api_call", new=mock_make_api_call) -class Test_apigatewayv2_authorizers_enabled: +class Test_apigatewayv2_api_authorizers_enabled: def set_mocked_audit_info(self): audit_info = AWS_Audit_Info( session_config=None, @@ -83,15 +83,15 @@ class Test_apigatewayv2_authorizers_enabled: "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", new=current_audit_info, ), mock.patch( - "prowler.providers.aws.services.apigatewayv2.apigatewayv2_authorizers_enabled.apigatewayv2_authorizers_enabled.apigatewayv2_client", + "prowler.providers.aws.services.apigatewayv2.apigatewayv2_api_authorizers_enabled.apigatewayv2_api_authorizers_enabled.apigatewayv2_client", new=ApiGatewayV2(current_audit_info), ): # Test Check - from prowler.providers.aws.services.apigatewayv2.apigatewayv2_authorizers_enabled.apigatewayv2_authorizers_enabled import ( - apigatewayv2_authorizers_enabled, + from prowler.providers.aws.services.apigatewayv2.apigatewayv2_api_authorizers_enabled.apigatewayv2_api_authorizers_enabled import ( + apigatewayv2_api_authorizers_enabled, ) - check = apigatewayv2_authorizers_enabled() + check = apigatewayv2_api_authorizers_enabled() result = check.execute() assert len(result) == 0 @@ -119,15 +119,15 @@ class Test_apigatewayv2_authorizers_enabled: "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", new=current_audit_info, ), mock.patch( - "prowler.providers.aws.services.apigatewayv2.apigatewayv2_authorizers_enabled.apigatewayv2_authorizers_enabled.apigatewayv2_client", + "prowler.providers.aws.services.apigatewayv2.apigatewayv2_api_authorizers_enabled.apigatewayv2_api_authorizers_enabled.apigatewayv2_client", new=ApiGatewayV2(current_audit_info), ): # Test Check - from prowler.providers.aws.services.apigatewayv2.apigatewayv2_authorizers_enabled.apigatewayv2_authorizers_enabled import ( - apigatewayv2_authorizers_enabled, + from prowler.providers.aws.services.apigatewayv2.apigatewayv2_api_authorizers_enabled.apigatewayv2_api_authorizers_enabled import ( + apigatewayv2_api_authorizers_enabled, ) - check = apigatewayv2_authorizers_enabled() + check = apigatewayv2_api_authorizers_enabled() result = check.execute() assert result[0].status == "PASS"