From aec254b05a12fa268805391059d1f687af1cc876 Mon Sep 17 00:00:00 2001 From: Sergio Garcia <38561120+sergargar@users.noreply.github.com> Date: Tue, 23 May 2023 12:26:09 +0200 Subject: [PATCH] fix(inspector2): fix active findings count (#2395) --- .../inspector2_findings_exist.py | 11 ++- .../services/inspector2/inspector2_service.py | 2 +- .../inspector2_findings_exist_test.py | 67 ++++++++++++++++--- .../inspector2/inspector2_service_test.py | 38 +++++------ 4 files changed, 86 insertions(+), 32 deletions(-) diff --git a/prowler/providers/aws/services/inspector2/inspector2_findings_exist/inspector2_findings_exist.py b/prowler/providers/aws/services/inspector2/inspector2_findings_exist/inspector2_findings_exist.py index e1db6d4c..85248a3b 100644 --- a/prowler/providers/aws/services/inspector2/inspector2_findings_exist/inspector2_findings_exist.py +++ b/prowler/providers/aws/services/inspector2/inspector2_findings_exist/inspector2_findings_exist.py @@ -15,16 +15,21 @@ class inspector2_findings_exist(Check): report.resource_arn = "" report.region = inspector.region if inspector.status == "ENABLED": + active_findings = 0 report.status = "PASS" report.status_extended = "Inspector2 is enabled with no findings" for finding in inspector.findings: + if finding.status == "ACTIVE": + active_findings += 1 + if len(inspector.findings) > 0: report.status_extended = ( "Inspector2 is enabled with no active findings" ) - if finding.status == "ACTIVE": + if active_findings > 0: report.status = "FAIL" - report.status_extended = f"There are {str(len(inspector.findings))} ACTIVE Inspector2 findings." - break + report.status_extended = ( + f"There are {active_findings} ACTIVE Inspector2 findings." + ) findings.append(report) diff --git a/prowler/providers/aws/services/inspector2/inspector2_service.py b/prowler/providers/aws/services/inspector2/inspector2_service.py index 19d5dd1a..9fb5ff43 100644 --- a/prowler/providers/aws/services/inspector2/inspector2_service.py +++ b/prowler/providers/aws/services/inspector2/inspector2_service.py @@ -48,7 +48,7 @@ class Inspector2: ][0] self.inspectors.append( Inspector( - id="Inspector2", + id=self.audited_account, status=batch_get_account_status.get("state").get("status"), region=regional_client.region, ) diff --git a/tests/providers/aws/services/inspector2/inspector2_findings_exist/inspector2_findings_exist_test.py b/tests/providers/aws/services/inspector2/inspector2_findings_exist/inspector2_findings_exist_test.py index 47f884b4..c27761eb 100644 --- a/tests/providers/aws/services/inspector2/inspector2_findings_exist/inspector2_findings_exist_test.py +++ b/tests/providers/aws/services/inspector2/inspector2_findings_exist/inspector2_findings_exist_test.py @@ -19,7 +19,7 @@ class Test_inspector2_findings_exist: inspector2_client.region = AWS_REGION inspector2_client.inspectors = [ Inspector( - id="Inspector2", status="DISABLED", region=AWS_REGION, findings=[] + id=AWS_ACCOUNT_ID, status="DISABLED", region=AWS_REGION, findings=[] ) ] with mock.patch( @@ -37,7 +37,7 @@ class Test_inspector2_findings_exist: assert len(result) == 1 assert result[0].status == "FAIL" assert result[0].status_extended == "Inspector2 is not enabled." - assert result[0].resource_id == "Inspector2" + assert result[0].resource_id == AWS_ACCOUNT_ID assert result[0].resource_arn == "" assert result[0].region == AWS_REGION @@ -46,7 +46,9 @@ class Test_inspector2_findings_exist: inspector2_client = mock.MagicMock inspector2_client.region = AWS_REGION inspector2_client.inspectors = [ - Inspector(id="Inspector2", status="ENABLED", region=AWS_REGION, findings=[]) + Inspector( + id=AWS_ACCOUNT_ID, status="ENABLED", region=AWS_REGION, findings=[] + ) ] with mock.patch( "prowler.providers.aws.services.inspector2.inspector2_service.Inspector2", @@ -63,7 +65,7 @@ class Test_inspector2_findings_exist: assert len(result) == 1 assert result[0].status == "PASS" assert result[0].status_extended == "Inspector2 is enabled with no findings" - assert result[0].resource_id == "Inspector2" + assert result[0].resource_id == AWS_ACCOUNT_ID assert result[0].resource_arn == "" assert result[0].region == AWS_REGION @@ -73,7 +75,7 @@ class Test_inspector2_findings_exist: inspector2_client.region = AWS_REGION inspector2_client.inspectors = [ Inspector( - id="Inspector2", + id=AWS_ACCOUNT_ID, region=AWS_REGION, status="ENABLED", findings=[ @@ -106,7 +108,7 @@ class Test_inspector2_findings_exist: result[0].status_extended == "Inspector2 is enabled with no active findings" ) - assert result[0].resource_id == "Inspector2" + assert result[0].resource_id == AWS_ACCOUNT_ID assert result[0].resource_arn == "" assert result[0].region == AWS_REGION @@ -116,7 +118,7 @@ class Test_inspector2_findings_exist: inspector2_client.region = AWS_REGION inspector2_client.inspectors = [ Inspector( - id="Inspector2", + id=AWS_ACCOUNT_ID, region=AWS_REGION, status="ENABLED", findings=[ @@ -148,6 +150,55 @@ class Test_inspector2_findings_exist: assert ( result[0].status_extended == "There are 1 ACTIVE Inspector2 findings." ) - assert result[0].resource_id == "Inspector2" + assert result[0].resource_id == AWS_ACCOUNT_ID + assert result[0].resource_arn == "" + assert result[0].region == AWS_REGION + + def test_enabled_with_active_and_closed_findings(self): + # Mock the inspector2 client + inspector2_client = mock.MagicMock + inspector2_client.region = AWS_REGION + inspector2_client.inspectors = [ + Inspector( + id=AWS_ACCOUNT_ID, + region=AWS_REGION, + status="ENABLED", + findings=[ + InspectorFinding( + arn=FINDING_ARN, + region=AWS_REGION, + severity="MEDIUM", + status="ACTIVE", + title="CVE-2022-40897 - setuptools", + ), + InspectorFinding( + arn=FINDING_ARN, + region=AWS_REGION, + severity="MEDIUM", + status="CLOSED", + title="CVE-2022-27404 - freetype", + ), + ], + ) + ] + + with mock.patch( + "prowler.providers.aws.services.inspector2.inspector2_service.Inspector2", + new=inspector2_client, + ): + # Test Check + from prowler.providers.aws.services.inspector2.inspector2_findings_exist.inspector2_findings_exist import ( + inspector2_findings_exist, + ) + + check = inspector2_findings_exist() + result = check.execute() + + assert len(result) == 1 + assert result[0].status == "FAIL" + assert ( + result[0].status_extended == "There are 1 ACTIVE Inspector2 findings." + ) + assert result[0].resource_id == AWS_ACCOUNT_ID assert result[0].resource_arn == "" assert result[0].region == AWS_REGION diff --git a/tests/providers/aws/services/inspector2/inspector2_service_test.py b/tests/providers/aws/services/inspector2/inspector2_service_test.py index ef17c018..c49512c0 100644 --- a/tests/providers/aws/services/inspector2/inspector2_service_test.py +++ b/tests/providers/aws/services/inspector2/inspector2_service_test.py @@ -23,7 +23,7 @@ def mock_make_api_call(self, operation_name, kwargs): return { "accounts": [ { - "accountId": "string", + "accountId": AWS_ACCOUNT_ID, "resourceState": { "ec2": { "errorCode": "ALREADY_ENABLED", @@ -81,7 +81,6 @@ def mock_generate_regional_clients(service, audit_info): new=mock_generate_regional_clients, ) class Test_Inspector2_Service: - # Mocked Audit Info def set_mocked_audit_info(self): audit_info = AWS_Audit_Info( @@ -91,7 +90,7 @@ class Test_Inspector2_Service: profile_name=None, botocore_session=None, ), - audited_account=None, + audited_account=AWS_ACCOUNT_ID, audited_user_id=None, audited_partition="aws", audited_identity_arn=None, @@ -107,33 +106,32 @@ class Test_Inspector2_Service: def test__get_client__(self): audit_info = self.set_mocked_audit_info() - ssmincidents = Inspector2(audit_info) + inspector2 = Inspector2(audit_info) assert ( - ssmincidents.regional_clients[AWS_REGION].__class__.__name__ == "Inspector2" + inspector2.regional_clients[AWS_REGION].__class__.__name__ == "Inspector2" ) def test__get_service__(self): audit_info = self.set_mocked_audit_info() - ssmincidents = Inspector2(audit_info) - assert ssmincidents.service == "inspector2" + inspector2 = Inspector2(audit_info) + assert inspector2.service == "inspector2" def test__batch_get_account_status__(self): audit_info = self.set_mocked_audit_info() - ssmincidents = Inspector2(audit_info) - assert len(ssmincidents.inspectors) == 1 - assert ssmincidents.inspectors[0].id == "Inspector2" - assert ssmincidents.inspectors[0].region == AWS_REGION - assert ssmincidents.inspectors[0].status == "ENABLED" + inspector2 = Inspector2(audit_info) + assert len(inspector2.inspectors) == 1 + assert inspector2.inspectors[0].id == AWS_ACCOUNT_ID + assert inspector2.inspectors[0].region == AWS_REGION + assert inspector2.inspectors[0].status == "ENABLED" def test__list_findings__(self): audit_info = self.set_mocked_audit_info() - ssmincidents = Inspector2(audit_info) - assert len(ssmincidents.inspectors[0].findings) == 1 - assert ssmincidents.inspectors[0].findings[0].arn == FINDING_ARN - assert ssmincidents.inspectors[0].findings[0].region == AWS_REGION - assert ssmincidents.inspectors[0].findings[0].severity == "MEDIUM" - assert ssmincidents.inspectors[0].findings[0].status == "ACTIVE" + inspector2 = Inspector2(audit_info) + assert len(inspector2.inspectors[0].findings) == 1 + assert inspector2.inspectors[0].findings[0].arn == FINDING_ARN + assert inspector2.inspectors[0].findings[0].region == AWS_REGION + assert inspector2.inspectors[0].findings[0].severity == "MEDIUM" + assert inspector2.inspectors[0].findings[0].status == "ACTIVE" assert ( - ssmincidents.inspectors[0].findings[0].title - == "CVE-2022-40897 - setuptools" + inspector2.inspectors[0].findings[0].title == "CVE-2022-40897 - setuptools" )