ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-15 15:25:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(acm): add certificate id (#2903)

Browse Source
This commit is contained in:
Sergio Garcia
2023-10-03 13:03:46 +02:00
committed by GitHub
parent 436166c255
commit a4d3e78eb1
5 changed files with 37 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
prowler/providers/aws/services/acm/acm_certificates_expiration_check/acm_certificates_expiration_check.py
View File

@@ -12,14 +12,16 @@ class acm_certificates_expiration_check(Check):
report.region = certificate.region
if certificate.expiration_days > DAYS_TO_EXPIRE_THRESHOLD:
report.status = "PASS"
report.status_extended = f"ACM Certificate for {certificate.name} expires in {certificate.expiration_days} days."
report.resource_id = certificate.name
report.status_extended = f"ACM Certificate {certificate.id} for {certificate.name} expires in {certificate.expiration_days} days."
report.resource_id = certificate.id
report.resource_details = certificate.name
report.resource_arn = certificate.arn
report.resource_tags = certificate.tags
else:
report.status = "FAIL"
report.status_extended = f"ACM Certificate for {certificate.name} is about to expire in {DAYS_TO_EXPIRE_THRESHOLD} days."
report.resource_id = certificate.name
report.status_extended = f"ACM Certificate {certificate.id} for {certificate.name} is about to expire in {DAYS_TO_EXPIRE_THRESHOLD} days."
report.resource_id = certificate.id
report.resource_details = certificate.name
report.resource_arn = certificate.arn
report.resource_tags = certificate.tags

17
prowler/providers/aws/services/acm/acm_certificates_transparency_logs_enabled/acm_certificates_transparency_logs_enabled.py
View File

@@ -10,23 +10,24 @@ class acm_certificates_transparency_logs_enabled(Check):
report.region = certificate.region
if certificate.type == "IMPORTED":
report.status = "PASS"
report.status_extended = (
f"ACM Certificate for {certificate.name} is imported."
)
report.resource_id = certificate.name
report.status_extended = f"ACM Certificate {certificate.id} for {certificate.name} is imported."
report.resource_id = certificate.id
report.resource_details = certificate.name
report.resource_arn = certificate.arn
report.resource_tags = certificate.tags
else:
if not certificate.transparency_logging:
report.status = "FAIL"
report.status_extended = f"ACM Certificate for {certificate.name} has Certificate Transparency logging disabled."
report.resource_id = certificate.name
report.status_extended = f"ACM Certificate {certificate.id} for {certificate.name} has Certificate Transparency logging disabled."
report.resource_id = certificate.id
report.resource_details = certificate.name
report.resource_arn = certificate.arn
report.resource_tags = certificate.tags
else:
report.status = "PASS"
report.status_extended = f"ACM Certificate for {certificate.name} has Certificate Transparency logging enabled."
report.resource_id = certificate.name
report.status_extended = f"ACM Certificate {certificate.id} for {certificate.name} has Certificate Transparency logging enabled."
report.resource_id = certificate.id
report.resource_details = certificate.name
report.resource_arn = certificate.arn
report.resource_tags = certificate.tags
findings.append(report)

2
prowler/providers/aws/services/acm/acm_service.py
View File

@@ -47,6 +47,7 @@ class ACM(AWSService):
Certificate(
arn=certificate["CertificateArn"],
name=certificate["DomainName"],
id=certificate["CertificateArn"].split("/")[-1],
type=certificate["Type"],
expiration_days=certificate_expiration_time,
transparency_logging=False,
@@ -94,6 +95,7 @@ class ACM(AWSService):
class Certificate(BaseModel):
arn: str
name: str
id: str
type: str
tags: Optional[list] = []
expiration_days: int