mirror of
https://github.com/ghndrx/prowler.git
synced 2026-02-10 14:55:00 +00:00
fix(aws): Add missing resources ARN (#2453)
This commit is contained in:
Pepe Fagoaga
@@ -11,7 +11,7 @@ class codebuild_project_older_90_days(Check):
|
||||
report = Check_Report_AWS(self.metadata())
|
||||
report.region = project.region
|
||||
report.resource_id = project.name
|
||||
report.resource_arn = ""
|
||||
report.resource_arn = project.arn
|
||||
report.status = "PASS"
|
||||
report.status_extended = (
|
||||
f"CodeBuild project {project.name} has been invoked in the last 90 days"
|
||||
|
||||
@@ -11,7 +11,7 @@ class codebuild_project_user_controlled_buildspec(Check):
|
||||
report = Check_Report_AWS(self.metadata())
|
||||
report.region = project.region
|
||||
report.resource_id = project.name
|
||||
report.resource_arn = ""
|
||||
report.resource_arn = project.arn
|
||||
report.status = "PASS"
|
||||
report.status_extended = f"CodeBuild project {project.name} does not use an user controlled buildspec"
|
||||
if project.buildspec:
|
||||
|
||||
@@ -14,6 +14,7 @@ class Codebuild:
|
||||
self.service = "codebuild"
|
||||
self.session = audit_info.audit_session
|
||||
self.audited_account = audit_info.audited_account
|
||||
self.audited_partition = audit_info.audited_partition
|
||||
self.audit_resources = audit_info.audit_resources
|
||||
self.regional_clients = generate_regional_clients(self.service, audit_info)
|
||||
self.projects = []
|
||||
@@ -38,12 +39,14 @@ class Codebuild:
|
||||
list_projects_paginator = regional_client.get_paginator("list_projects")
|
||||
for page in list_projects_paginator.paginate():
|
||||
for project in page["projects"]:
|
||||
project_arn = f"arn:{self.audited_partition}:codebuild:{regional_client.region}:{self.audited_account}:project/{project}"
|
||||
if not self.audit_resources or (
|
||||
is_resource_filtered(project, self.audit_resources)
|
||||
is_resource_filtered(project_arn, self.audit_resources)
|
||||
):
|
||||
self.projects.append(
|
||||
CodebuildProject(
|
||||
Project(
|
||||
name=project,
|
||||
arn=project_arn,
|
||||
region=regional_client.region,
|
||||
last_invoked_time=None,
|
||||
buildspec=None,
|
||||
@@ -84,8 +87,9 @@ class Codebuild:
|
||||
|
||||
|
||||
@dataclass
|
||||
class CodebuildProject:
|
||||
class Project:
|
||||
name: str
|
||||
arn: str
|
||||
region: str
|
||||
last_invoked_time: Optional[datetime.datetime]
|
||||
buildspec: Optional[str]
|
||||
|
||||
@@ -2,15 +2,21 @@ from datetime import datetime, timedelta, timezone
|
||||
from re import search
|
||||
from unittest import mock
|
||||
|
||||
from prowler.providers.aws.services.codebuild.codebuild_service import CodebuildProject
|
||||
from prowler.providers.aws.services.codebuild.codebuild_service import Project
|
||||
|
||||
AWS_REGION = "eu-west-1"
|
||||
AWS_ACCOUNT_NUMBER = "123456789012"
|
||||
|
||||
|
||||
class Test_codebuild_project_older_90_days:
|
||||
def test_project_not_built_in_last_90_days(self):
|
||||
codebuild_client = mock.MagicMock
|
||||
project_name = "test-project"
|
||||
project_arn = f"arn:aws:codebuild:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:project/{project_name}"
|
||||
codebuild_client.projects = [
|
||||
CodebuildProject(
|
||||
name="test",
|
||||
Project(
|
||||
name=project_name,
|
||||
arn=project_arn,
|
||||
region="eu-west-1",
|
||||
last_invoked_time=datetime.now(timezone.utc) - timedelta(days=100),
|
||||
buildspec=None,
|
||||
@@ -32,14 +38,20 @@ class Test_codebuild_project_older_90_days:
|
||||
assert search(
|
||||
"has not been invoked in the last 90 days", result[0].status_extended
|
||||
)
|
||||
assert result[0].resource_id == "test"
|
||||
assert result[0].resource_arn == ""
|
||||
assert result[0].resource_id == project_name
|
||||
assert result[0].resource_arn == project_arn
|
||||
|
||||
def test_project_not_built(self):
|
||||
codebuild_client = mock.MagicMock
|
||||
project_name = "test-project"
|
||||
project_arn = f"arn:aws:codebuild:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:project/{project_name}"
|
||||
codebuild_client.projects = [
|
||||
CodebuildProject(
|
||||
name="test", region="eu-west-1", last_invoked_time=None, buildspec=None
|
||||
Project(
|
||||
name=project_name,
|
||||
arn=project_arn,
|
||||
region="eu-west-1",
|
||||
last_invoked_time=None,
|
||||
buildspec=None,
|
||||
)
|
||||
]
|
||||
with mock.patch(
|
||||
@@ -56,14 +68,17 @@ class Test_codebuild_project_older_90_days:
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "FAIL"
|
||||
assert search("has never been built", result[0].status_extended)
|
||||
assert result[0].resource_id == "test"
|
||||
assert result[0].resource_arn == ""
|
||||
assert result[0].resource_id == project_name
|
||||
assert result[0].resource_arn == project_arn
|
||||
|
||||
def test_project_built_in_last_90_days(self):
|
||||
codebuild_client = mock.MagicMock
|
||||
project_name = "test-project"
|
||||
project_arn = f"arn:aws:codebuild:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:project/{project_name}"
|
||||
codebuild_client.projects = [
|
||||
CodebuildProject(
|
||||
name="test",
|
||||
Project(
|
||||
name=project_name,
|
||||
arn=project_arn,
|
||||
region="eu-west-1",
|
||||
last_invoked_time=datetime.now(timezone.utc) - timedelta(days=10),
|
||||
buildspec=None,
|
||||
@@ -85,5 +100,5 @@ class Test_codebuild_project_older_90_days:
|
||||
assert search(
|
||||
"has been invoked in the last 90 days", result[0].status_extended
|
||||
)
|
||||
assert result[0].resource_id == "test"
|
||||
assert result[0].resource_arn == ""
|
||||
assert result[0].resource_id == project_name
|
||||
assert result[0].resource_arn == project_arn
|
||||
|
||||
@@ -1,15 +1,21 @@
|
||||
from re import search
|
||||
from unittest import mock
|
||||
|
||||
from prowler.providers.aws.services.codebuild.codebuild_service import CodebuildProject
|
||||
from prowler.providers.aws.services.codebuild.codebuild_service import Project
|
||||
|
||||
AWS_REGION = "eu-west-1"
|
||||
AWS_ACCOUNT_NUMBER = "123456789012"
|
||||
|
||||
|
||||
class Test_codebuild_project_user_controlled_buildspec:
|
||||
def test_project_not_buildspec(self):
|
||||
codebuild_client = mock.MagicMock
|
||||
project_name = "test-project"
|
||||
project_arn = f"arn:aws:codebuild:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:project/{project_name}"
|
||||
codebuild_client.projects = [
|
||||
CodebuildProject(
|
||||
name="test",
|
||||
Project(
|
||||
name=project_name,
|
||||
arn=project_arn,
|
||||
region="eu-west-1",
|
||||
last_invoked_time=None,
|
||||
buildspec=None,
|
||||
@@ -32,14 +38,17 @@ class Test_codebuild_project_user_controlled_buildspec:
|
||||
"does not use an user controlled buildspec",
|
||||
result[0].status_extended,
|
||||
)
|
||||
assert result[0].resource_id == "test"
|
||||
assert result[0].resource_arn == ""
|
||||
assert result[0].resource_id == project_name
|
||||
assert result[0].resource_arn == project_arn
|
||||
|
||||
def test_project_buildspec_not_yaml(self):
|
||||
codebuild_client = mock.MagicMock
|
||||
project_name = "test-project"
|
||||
project_arn = f"arn:aws:codebuild:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:project/{project_name}"
|
||||
codebuild_client.projects = [
|
||||
CodebuildProject(
|
||||
name="test",
|
||||
Project(
|
||||
name=project_name,
|
||||
arn=project_arn,
|
||||
region="eu-west-1",
|
||||
last_invoked_time=None,
|
||||
buildspec="arn:aws:s3:::my-codebuild-sample2/buildspec.out",
|
||||
@@ -62,14 +71,17 @@ class Test_codebuild_project_user_controlled_buildspec:
|
||||
"does not use an user controlled buildspec",
|
||||
result[0].status_extended,
|
||||
)
|
||||
assert result[0].resource_id == "test"
|
||||
assert result[0].resource_arn == ""
|
||||
assert result[0].resource_id == project_name
|
||||
assert result[0].resource_arn == project_arn
|
||||
|
||||
def test_project_valid_buildspec(self):
|
||||
codebuild_client = mock.MagicMock
|
||||
project_name = "test-project"
|
||||
project_arn = f"arn:aws:codebuild:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:project/{project_name}"
|
||||
codebuild_client.projects = [
|
||||
CodebuildProject(
|
||||
name="test",
|
||||
Project(
|
||||
name=project_name,
|
||||
arn=project_arn,
|
||||
region="eu-west-1",
|
||||
last_invoked_time=None,
|
||||
buildspec="arn:aws:s3:::my-codebuild-sample2/buildspec.yaml",
|
||||
@@ -91,14 +103,17 @@ class Test_codebuild_project_user_controlled_buildspec:
|
||||
assert search(
|
||||
"uses an user controlled buildspec", result[0].status_extended
|
||||
)
|
||||
assert result[0].resource_id == "test"
|
||||
assert result[0].resource_arn == ""
|
||||
assert result[0].resource_id == project_name
|
||||
assert result[0].resource_arn == project_arn
|
||||
|
||||
def test_project_invalid_buildspec_without_extension(self):
|
||||
codebuild_client = mock.MagicMock
|
||||
project_name = "test-project"
|
||||
project_arn = f"arn:aws:codebuild:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:project/{project_name}"
|
||||
codebuild_client.projects = [
|
||||
CodebuildProject(
|
||||
name="test",
|
||||
Project(
|
||||
name=project_name,
|
||||
arn=project_arn,
|
||||
region="eu-west-1",
|
||||
last_invoked_time=None,
|
||||
buildspec="arn:aws:s3:::my-codebuild-sample2/buildspecyaml",
|
||||
@@ -121,5 +136,5 @@ class Test_codebuild_project_user_controlled_buildspec:
|
||||
"does not use an user controlled buildspec",
|
||||
result[0].status_extended,
|
||||
)
|
||||
assert result[0].resource_id == "test"
|
||||
assert result[0].resource_arn == ""
|
||||
assert result[0].resource_id == project_name
|
||||
assert result[0].resource_arn == project_arn
|
||||
|
||||
Reference in New Issue
Block a user