From a994553c16d6ce43a42408ca4e26f4d932c0cab4 Mon Sep 17 00:00:00 2001 From: Sergio Garcia <38561120+sergargar@users.noreply.github.com> Date: Tue, 31 Oct 2023 12:53:45 +0100 Subject: [PATCH] fix(allowlist): verify if allowlist file exists (#2988) --- prowler/lib/check/check.py | 9 +++++--- .../providers/aws/lib/allowlist/allowlist.py | 21 +++++++++---------- 2 files changed, 16 insertions(+), 14 deletions(-) diff --git a/prowler/lib/check/check.py b/prowler/lib/check/check.py index daeef528..deabd70d 100644 --- a/prowler/lib/check/check.py +++ b/prowler/lib/check/check.py @@ -552,9 +552,12 @@ def execute( ) # Allowlist findings - check_findings = allowlist_findings( - audit_output_options.allowlist_file, audit_info.audited_account, check_findings - ) + if audit_output_options.allowlist_file: + check_findings = allowlist_findings( + audit_output_options.allowlist_file, + audit_info.audited_account, + check_findings, + ) # Report the check's findings report(check_findings, audit_output_options, audit_info) diff --git a/prowler/providers/aws/lib/allowlist/allowlist.py b/prowler/providers/aws/lib/allowlist/allowlist.py index 5becf54d..b63340f7 100644 --- a/prowler/providers/aws/lib/allowlist/allowlist.py +++ b/prowler/providers/aws/lib/allowlist/allowlist.py @@ -121,17 +121,16 @@ def allowlist_findings( check_findings: [Any], ): # Check if finding is allowlisted - if allowlist: - for finding in check_findings: - if is_allowlisted( - allowlist, - audited_account, - finding.check_metadata.CheckID, - finding.region, - finding.resource_id, - unroll_tags(finding.resource_tags), - ): - finding.status = "WARNING" + for finding in check_findings: + if is_allowlisted( + allowlist, + audited_account, + finding.check_metadata.CheckID, + finding.region, + finding.resource_id, + unroll_tags(finding.resource_tags), + ): + finding.status = "WARNING" return check_findings