ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 06:45:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(APIGatewayV2): improve check naming (#2966)

Browse Source
This commit is contained in:
Sergio Garcia
2023-10-25 16:59:06 +02:00
committed by GitHub
parent 4bfe145be3
commit 9bd2519c83
12 changed files with 31 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs/tutorials/aws/v2_to_v3_checks_mapping.md
View File

@@ -17,8 +17,8 @@ checks_v3_to_v2_mapping = {
"apigateway_restapi_public": "extra745", "apigateway_restapi_public": "extra745",
"apigateway_restapi_logging_enabled": "extra722", "apigateway_restapi_logging_enabled": "extra722",
"apigateway_restapi_waf_acl_attached": "extra744", "apigateway_restapi_waf_acl_attached": "extra744",
"apigatewayv2_access_logging_enabled": "extra7156", "apigatewayv2_api_access_logging_enabled": "extra7156",
"apigatewayv2_authorizers_enabled": "extra7157", "apigatewayv2_api_authorizers_enabled": "extra7157",
"appstream_fleet_default_internet_access_disabled": "extra7193", "appstream_fleet_default_internet_access_disabled": "extra7193",
"appstream_fleet_maximum_session_duration": "extra7190", "appstream_fleet_maximum_session_duration": "extra7190",
"appstream_fleet_session_disconnect_timeout": "extra7191", "appstream_fleet_session_disconnect_timeout": "extra7191",

4
prowler/compliance/aws/aws_foundational_security_best_practices_aws.json
View File

@@ -49,8 +49,8 @@
"apigateway_restapi_logging_enabled", "apigateway_restapi_logging_enabled",
"apigateway_restapi_client_certificate_enabled", "apigateway_restapi_client_certificate_enabled",
"apigateway_restapi_waf_acl_attached", "apigateway_restapi_waf_acl_attached",
"apigatewayv2_authorizers_enabled", "apigatewayv2_api_authorizers_enabled",
"apigatewayv2_access_logging_enabled" "apigatewayv2_api_access_logging_enabled"
] ]
}, },
{ {

2
prowler/compliance/aws/aws_well_architected_framework_reliability_pillar_aws.json
View File

@@ -45,7 +45,7 @@
], ],
"Checks": [ "Checks": [
"apigateway_restapi_logging_enabled", "apigateway_restapi_logging_enabled",
"apigatewayv2_access_logging_enabled", "apigatewayv2_api_access_logging_enabled",
"awslambda_function_invoke_api_operations_cloudtrail_logging_enabled", "awslambda_function_invoke_api_operations_cloudtrail_logging_enabled",
"cloudtrail_cloudwatch_logging_enabled", "cloudtrail_cloudwatch_logging_enabled",
"elb_logging_enabled", "elb_logging_enabled",

4
prowler/compliance/aws/aws_well_architected_framework_security_pillar_aws.json
View File

@@ -542,7 +542,7 @@
"cloudtrail_s3_dataevents_read_enabled", "cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled", "cloudtrail_s3_dataevents_write_enabled",
"acm_certificates_transparency_logs_enabled", "acm_certificates_transparency_logs_enabled",
"apigatewayv2_access_logging_enabled", "apigatewayv2_api_access_logging_enabled",
"awslambda_function_invoke_api_operations_cloudtrail_logging_enabled", "awslambda_function_invoke_api_operations_cloudtrail_logging_enabled",
"cloudfront_distributions_logging_enabled", "cloudfront_distributions_logging_enabled",
"cloudtrail_cloudwatch_logging_enabled", "cloudtrail_cloudwatch_logging_enabled",
@@ -694,7 +694,7 @@
"ec2_networkacl_allow_ingress_tcp_port_22", "ec2_networkacl_allow_ingress_tcp_port_22",
"sagemaker_notebook_instance_without_direct_internet_access_configured", "sagemaker_notebook_instance_without_direct_internet_access_configured",
"apigateway_restapi_authorizers_enabled", "apigateway_restapi_authorizers_enabled",
"apigatewayv2_authorizers_enabled", "apigatewayv2_api_authorizers_enabled",
"s3_bucket_acl_prohibited", "s3_bucket_acl_prohibited",
"s3_bucket_no_mfa_delete" "s3_bucket_no_mfa_delete"
] ]

0
prowler/providers/aws/services/apigatewayv2/apigatewayv2_access_logging_enabled/__init__.py → prowler/providers/aws/services/apigatewayv2/apigatewayv2_api_access_logging_enabled/__init__.py
View File

4
prowler/providers/aws/services/apigatewayv2/apigatewayv2_access_logging_enabled/apigatewayv2_access_logging_enabled.metadata.json → prowler/providers/aws/services/apigatewayv2/apigatewayv2_api_access_logging_enabled/apigatewayv2_api_access_logging_enabled.metadata.json
View File

@@ -1,12 +1,12 @@
{ {
"Provider": "aws", "Provider": "aws",
"CheckID": "apigatewayv2_access_logging_enabled", "CheckID": "apigatewayv2_api_access_logging_enabled",
"CheckTitle": "Ensure API Gateway V2 has Access Logging enabled.", "CheckTitle": "Ensure API Gateway V2 has Access Logging enabled.",
"CheckType": [ "CheckType": [
"IAM" "IAM"
], ],
"ServiceName": "apigateway", "ServiceName": "apigateway",
"SubServiceName": "rest_api", "SubServiceName": "",
"ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
"Severity": "medium", "Severity": "medium",
"ResourceType": "AwsApiGatewayV2Api", "ResourceType": "AwsApiGatewayV2Api",

2
prowler/providers/aws/services/apigatewayv2/apigatewayv2_access_logging_enabled/apigatewayv2_access_logging_enabled.py → prowler/providers/aws/services/apigatewayv2/apigatewayv2_api_access_logging_enabled/apigatewayv2_api_access_logging_enabled.py
View File

@@ -4,7 +4,7 @@ from prowler.providers.aws.services.apigatewayv2.apigatewayv2_client import (
) )
class apigatewayv2_access_logging_enabled(Check): class apigatewayv2_api_access_logging_enabled(Check):
def execute(self): def execute(self):
findings = [] findings = []
for api in apigatewayv2_client.apis: for api in apigatewayv2_client.apis:

0
prowler/providers/aws/services/apigatewayv2/apigatewayv2_authorizers_enabled/__init__.py → prowler/providers/aws/services/apigatewayv2/apigatewayv2_api_authorizers_enabled/__init__.py
View File

4
prowler/providers/aws/services/apigatewayv2/apigatewayv2_authorizers_enabled/apigatewayv2_authorizers_enabled.metadata.json → prowler/providers/aws/services/apigatewayv2/apigatewayv2_api_authorizers_enabled/apigatewayv2_api_authorizers_enabled.metadata.json
View File

@@ -1,12 +1,12 @@
{ {
"Provider": "aws", "Provider": "aws",
"CheckID": "apigatewayv2_authorizers_enabled", "CheckID": "apigatewayv2_api_authorizers_enabled",
"CheckTitle": "Checks if API Gateway V2 has configured authorizers.", "CheckTitle": "Checks if API Gateway V2 has configured authorizers.",
"CheckType": [ "CheckType": [
"Logging and Monitoring" "Logging and Monitoring"
], ],
"ServiceName": "apigateway", "ServiceName": "apigateway",
"SubServiceName": "api", "SubServiceName": "",
"ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
"Severity": "medium", "Severity": "medium",
"ResourceType": "AwsApiGatewayV2Api", "ResourceType": "AwsApiGatewayV2Api",

2
prowler/providers/aws/services/apigatewayv2/apigatewayv2_authorizers_enabled/apigatewayv2_authorizers_enabled.py → prowler/providers/aws/services/apigatewayv2/apigatewayv2_api_authorizers_enabled/apigatewayv2_api_authorizers_enabled.py
View File

@@ -4,7 +4,7 @@ from prowler.providers.aws.services.apigatewayv2.apigatewayv2_client import (
) )
class apigatewayv2_authorizers_enabled(Check): class apigatewayv2_api_authorizers_enabled(Check):
def execute(self): def execute(self):
findings = [] findings = []
for api in apigatewayv2_client.apis: for api in apigatewayv2_client.apis:

18
tests/providers/aws/services/apigatewayv2/apigatewayv2_access_logging_enabled/apigatewayv2_access_logging_enabled_test.py
View File

@@ -39,7 +39,7 @@ def mock_make_api_call(self, operation_name, kwarg):
@patch("botocore.client.BaseClient._make_api_call", new=mock_make_api_call) @patch("botocore.client.BaseClient._make_api_call", new=mock_make_api_call)
class Test_apigatewayv2_access_logging_enabled: class Test_apigatewayv2_api_access_logging_enabled:
def set_mocked_audit_info(self): def set_mocked_audit_info(self):
audit_info = AWS_Audit_Info( audit_info = AWS_Audit_Info(
session_config=None, session_config=None,
@@ -83,15 +83,15 @@ class Test_apigatewayv2_access_logging_enabled:
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info, new=current_audit_info,
), mock.patch( ), mock.patch(
"prowler.providers.aws.services.apigatewayv2.apigatewayv2_access_logging_enabled.apigatewayv2_access_logging_enabled.apigatewayv2_client", "prowler.providers.aws.services.apigatewayv2.apigatewayv2_api_access_logging_enabled.apigatewayv2_api_access_logging_enabled.apigatewayv2_client",
new=ApiGatewayV2(current_audit_info), new=ApiGatewayV2(current_audit_info),
): ):
# Test Check # Test Check
from prowler.providers.aws.services.apigatewayv2.apigatewayv2_access_logging_enabled.apigatewayv2_access_logging_enabled import ( from prowler.providers.aws.services.apigatewayv2.apigatewayv2_api_access_logging_enabled.apigatewayv2_api_access_logging_enabled import (
apigatewayv2_access_logging_enabled, apigatewayv2_api_access_logging_enabled,
) )
check = apigatewayv2_access_logging_enabled() check = apigatewayv2_api_access_logging_enabled()
result = check.execute() result = check.execute()
assert len(result) == 0 assert len(result) == 0
@@ -113,15 +113,15 @@ class Test_apigatewayv2_access_logging_enabled:
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info, new=current_audit_info,
), mock.patch( ), mock.patch(
"prowler.providers.aws.services.apigatewayv2.apigatewayv2_access_logging_enabled.apigatewayv2_access_logging_enabled.apigatewayv2_client", "prowler.providers.aws.services.apigatewayv2.apigatewayv2_api_access_logging_enabled.apigatewayv2_api_access_logging_enabled.apigatewayv2_client",
new=ApiGatewayV2(current_audit_info), new=ApiGatewayV2(current_audit_info),
): ):
# Test Check # Test Check
from prowler.providers.aws.services.apigatewayv2.apigatewayv2_access_logging_enabled.apigatewayv2_access_logging_enabled import ( from prowler.providers.aws.services.apigatewayv2.apigatewayv2_api_access_logging_enabled.apigatewayv2_api_access_logging_enabled import (
apigatewayv2_access_logging_enabled, apigatewayv2_api_access_logging_enabled,
) )
check = apigatewayv2_access_logging_enabled() check = apigatewayv2_api_access_logging_enabled()
result = check.execute() result = check.execute()
assert result[0].status == "PASS" assert result[0].status == "PASS"

18
tests/providers/aws/services/apigatewayv2/apigatewayv2_authorizers_enabled/apigatewayv2_authorizers_enabled_test.py
View File

@@ -39,7 +39,7 @@ def mock_make_api_call(self, operation_name, kwarg):
@patch("botocore.client.BaseClient._make_api_call", new=mock_make_api_call) @patch("botocore.client.BaseClient._make_api_call", new=mock_make_api_call)
class Test_apigatewayv2_authorizers_enabled: class Test_apigatewayv2_api_authorizers_enabled:
def set_mocked_audit_info(self): def set_mocked_audit_info(self):
audit_info = AWS_Audit_Info( audit_info = AWS_Audit_Info(
session_config=None, session_config=None,
@@ -83,15 +83,15 @@ class Test_apigatewayv2_authorizers_enabled:
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info, new=current_audit_info,
), mock.patch( ), mock.patch(
"prowler.providers.aws.services.apigatewayv2.apigatewayv2_authorizers_enabled.apigatewayv2_authorizers_enabled.apigatewayv2_client", "prowler.providers.aws.services.apigatewayv2.apigatewayv2_api_authorizers_enabled.apigatewayv2_api_authorizers_enabled.apigatewayv2_client",
new=ApiGatewayV2(current_audit_info), new=ApiGatewayV2(current_audit_info),
): ):
# Test Check # Test Check
from prowler.providers.aws.services.apigatewayv2.apigatewayv2_authorizers_enabled.apigatewayv2_authorizers_enabled import ( from prowler.providers.aws.services.apigatewayv2.apigatewayv2_api_authorizers_enabled.apigatewayv2_api_authorizers_enabled import (
apigatewayv2_authorizers_enabled, apigatewayv2_api_authorizers_enabled,
) )
check = apigatewayv2_authorizers_enabled() check = apigatewayv2_api_authorizers_enabled()
result = check.execute() result = check.execute()
assert len(result) == 0 assert len(result) == 0
@@ -119,15 +119,15 @@ class Test_apigatewayv2_authorizers_enabled:
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info", "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info, new=current_audit_info,
), mock.patch( ), mock.patch(
"prowler.providers.aws.services.apigatewayv2.apigatewayv2_authorizers_enabled.apigatewayv2_authorizers_enabled.apigatewayv2_client", "prowler.providers.aws.services.apigatewayv2.apigatewayv2_api_authorizers_enabled.apigatewayv2_api_authorizers_enabled.apigatewayv2_client",
new=ApiGatewayV2(current_audit_info), new=ApiGatewayV2(current_audit_info),
): ):
# Test Check # Test Check
from prowler.providers.aws.services.apigatewayv2.apigatewayv2_authorizers_enabled.apigatewayv2_authorizers_enabled import ( from prowler.providers.aws.services.apigatewayv2.apigatewayv2_api_authorizers_enabled.apigatewayv2_api_authorizers_enabled import (
apigatewayv2_authorizers_enabled, apigatewayv2_api_authorizers_enabled,
) )
check = apigatewayv2_authorizers_enabled() check = apigatewayv2_api_authorizers_enabled()
result = check.execute() result = check.execute()
assert result[0].status == "PASS" assert result[0].status == "PASS"