fix(allowlist): verify if allowlist file exists (#2988)

2026-02-10 14:55:00 +00:00 · 2023-10-31 12:53:45 +01:00
parent 3fd2ae954d
commit a994553c16
2 changed files with 16 additions and 14 deletions
--- a/prowler/lib/check/check.py
+++ b/prowler/lib/check/check.py
@@ -552,9 +552,12 @@ def execute(
    )

    # Allowlist findings
-    check_findings = allowlist_findings(
-        audit_output_options.allowlist_file, audit_info.audited_account, check_findings
-    )
+    if audit_output_options.allowlist_file:
+        check_findings = allowlist_findings(
+            audit_output_options.allowlist_file,
+            audit_info.audited_account,
+            check_findings,
+        )

    # Report the check's findings
    report(check_findings, audit_output_options, audit_info)
--- a/prowler/providers/aws/lib/allowlist/allowlist.py
+++ b/prowler/providers/aws/lib/allowlist/allowlist.py
@@ -121,17 +121,16 @@ def allowlist_findings(
    check_findings: [Any],
 ):
    # Check if finding is allowlisted
-    if allowlist:
-        for finding in check_findings:
-            if is_allowlisted(
-                allowlist,
-                audited_account,
-                finding.check_metadata.CheckID,
-                finding.region,
-                finding.resource_id,
-                unroll_tags(finding.resource_tags),
-            ):
-                finding.status = "WARNING"
+    for finding in check_findings:
+        if is_allowlisted(
+            allowlist,
+            audited_account,
+            finding.check_metadata.CheckID,
+            finding.region,
+            finding.resource_id,
+            unroll_tags(finding.resource_tags),
+        ):
+            finding.status = "WARNING"
    return check_findings