From bd05aaa4f9f9d5f7bd369d7e7aeae5da95927106 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pedro=20Mart=C3=ADn?= Date: Tue, 27 Feb 2024 13:33:38 +0100 Subject: [PATCH] feat(azure): add new check related with Public IPs in Shodan.io (#3433) Co-authored-by: Sergio Garcia <38561120+sergargar@users.noreply.github.com> --- docs/developer-guide/unit-testing.md | 2 +- docs/tutorials/configuration_file.md | 4 + docs/tutorials/pentesting.md | 7 +- prowler/config/config.yaml | 3 + .../azure/lib/arguments/arguments.py | 11 +++ .../network_public_ip_shodan/__init__.py | 0 .../network_public_ip_shodan.metadata.json | 32 ++++++++ .../network_public_ip_shodan.py | 40 ++++++++++ .../azure/services/network/network_service.py | 32 ++++++++ prowler/providers/common/outputs.py | 6 ++ tests/config/config_test.py | 4 +- tests/config/fixtures/config.yaml | 3 + tests/lib/cli/parser_test.py | 15 ++++ ...unt_firewall_use_selected_networks_test.py | 3 +- .../cosmosdb_account_use_aad_and_rbac_test.py | 3 +- ...osdb_account_use_private_endpoints_test.py | 3 +- ...re_defender_for_app_services_is_on_test.py | 3 +- ...nder_ensure_defender_for_arm_is_on_test.py | 3 +- ...nder_for_azure_sql_databases_is_on_test.py | 3 +- ...sure_defender_for_containers_is_on_test.py | 3 +- ...ensure_defender_for_cosmosdb_is_on_test.py | 3 +- ...nsure_defender_for_databases_is_on_test.py | 3 +- ...nder_ensure_defender_for_dns_is_on_test.py | 3 +- ...ensure_defender_for_keyvault_is_on_test.py | 3 +- ..._for_os_relational_databases_is_on_test.py | 3 +- ...r_ensure_defender_for_server_is_on_test.py | 3 +- ...ure_defender_for_sql_servers_is_on_test.py | 3 +- ..._ensure_defender_for_storage_is_on_test.py | 3 +- .../network_bastion_host_exists_test.py | 3 +- ...network_flow_log_more_than_90_days_test.py | 3 +- ...rk_http_internet_access_restricted_test.py | 3 +- .../network_public_ip_shodan_test.py | 78 +++++++++++++++++++ ...ork_rdp_internet_access_restricted_test.py | 3 +- .../services/network/network_service_test.py | 32 ++++++++ ...ork_ssh_internet_access_restricted_test.py | 3 +- ...ork_udp_internet_access_restricted_test.py | 3 +- .../network_watcher_enabled_test.py | 4 +- ...ver_allow_access_services_disabled_test.py | 3 +- ...le_server_connection_throttling_on_test.py | 3 +- ...lexible_server_enforce_ssl_enabled_test.py | 3 +- ...flexible_server_log_checkpoints_on_test.py | 3 +- ...flexible_server_log_connections_on_test.py | 3 +- ...xible_server_log_disconnections_on_test.py | 3 +- ...erver_log_retention_days_greater_3_test.py | 3 +- ...rver_azuread_administrator_enabled_test.py | 3 +- ...lserver_microsoft_defender_enabled_test.py | 3 +- .../sqlserver_tde_encrypted_with_cmk_test.py | 3 +- .../sqlserver_tde_encryption_enabled_test.py | 3 +- ...server_unrestricted_inbound_access_test.py | 3 +- ...mails_notifications_admins_enabled_test.py | 3 +- ...a_periodic_recurring_scans_enabled_test.py | 3 +- ...lserver_va_scan_reports_configured_test.py | 3 +- ...r_vulnerability_assessment_enabled_test.py | 3 +- ...ob_public_access_level_is_disabled_test.py | 3 +- ...ault_network_access_rule_is_denied_test.py | 3 +- ...s_are_trusted_to_access_is_enabled_test.py | 3 +- ...ryption_with_customer_managed_keys_test.py | 3 +- ...rage_ensure_minimum_tls_version_12_test.py | 3 +- ...vate_endpoints_in_storage_accounts_test.py | 3 +- ...rage_ensure_soft_delete_is_enabled_test.py | 3 +- ...frastructure_encryption_is_enabled_test.py | 3 +- ...ecure_transfer_required_is_enabled_test.py | 3 +- tests/providers/common/common_outputs_test.py | 2 + 63 files changed, 315 insertions(+), 98 deletions(-) create mode 100644 prowler/providers/azure/services/network/network_public_ip_shodan/__init__.py create mode 100644 prowler/providers/azure/services/network/network_public_ip_shodan/network_public_ip_shodan.metadata.json create mode 100644 prowler/providers/azure/services/network/network_public_ip_shodan/network_public_ip_shodan.py create mode 100644 tests/providers/azure/services/network/network_public_ip_shodan/network_public_ip_shodan_test.py diff --git a/docs/developer-guide/unit-testing.md b/docs/developer-guide/unit-testing.md index 34cadfea..323d47e6 100644 --- a/docs/developer-guide/unit-testing.md +++ b/docs/developer-guide/unit-testing.md @@ -527,7 +527,7 @@ from unittest import mock from uuid import uuid4 # Azure Constants -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION diff --git a/docs/tutorials/configuration_file.md b/docs/tutorials/configuration_file.md index 995adf9e..62bc7c96 100644 --- a/docs/tutorials/configuration_file.md +++ b/docs/tutorials/configuration_file.md @@ -41,6 +41,7 @@ The following list includes all the Azure checks with configurable variables tha | Check Name | Value | Type | |---------------------------------------------------------------|--------------------------------------------------|-----------------| +| `network_public_ip_shodan` | `shodan_api_key` | String | | `app_ensure_php_version_is_latest` | `php_latest_version` | String | | `app_ensure_python_version_is_latest` | `python_latest_version` | String | | `app_ensure_java_version_is_latest` | `java_latest_version` | String | @@ -136,6 +137,9 @@ aws: # Azure Configuration azure: + # Azure Network Configuration + # azure.network_public_ip_shodan + shodan_api_key: null # Azure App Configuration # azure.app_ensure_php_version_is_latest diff --git a/docs/tutorials/pentesting.md b/docs/tutorials/pentesting.md index 03d56607..b31de750 100644 --- a/docs/tutorials/pentesting.md +++ b/docs/tutorials/pentesting.md @@ -50,6 +50,7 @@ Several checks analyse resources that are exposed to the Internet, these are: - sagemaker_notebook_instance_without_direct_internet_access_configured - sns_topics_not_publicly_accessible - sqs_queues_not_publicly_accessible +- network_public_ip_shodan ... @@ -64,5 +65,9 @@ prowler --categories internet-exposed Prowler allows you check if any elastic ip in your AWS Account is exposed in Shodan with `-N`/`--shodan ` option: ```console -prowler aws --shodan -c ec2_elastic_ip_shodan +prowler aws -N/--shodan -c ec2_elastic_ip_shodan +``` +Also, you can check if any of your Azure Subscription has an public IP exposed in shodan: +```console +prowler azure -N/--shodan -c network_public_ip_shodan ``` diff --git a/prowler/config/config.yaml b/prowler/config/config.yaml index 4d124712..27819da3 100644 --- a/prowler/config/config.yaml +++ b/prowler/config/config.yaml @@ -89,6 +89,9 @@ aws: # Azure Configuration azure: + # Azure Network Configuration + # azure.network_public_ip_shodan + shodan_api_key: null # Azure App Service # azure.app_ensure_php_version_is_latest diff --git a/prowler/providers/azure/lib/arguments/arguments.py b/prowler/providers/azure/lib/arguments/arguments.py index 30cf7a33..0be26292 100644 --- a/prowler/providers/azure/lib/arguments/arguments.py +++ b/prowler/providers/azure/lib/arguments/arguments.py @@ -52,6 +52,17 @@ def init_parser(self): type=validate_azure_region, help="Azure region from `az cloud list --output table`, by default AzureCloud", ) + # 3rd Party Integrations + azure_3rd_party_subparser = azure_parser.add_argument_group( + "3rd Party Integrations" + ) + azure_3rd_party_subparser.add_argument( + "-N", + "--shodan", + nargs="?", + default=None, + help="Shodan API key used by check network_public_ip_shodan.", + ) def validate_azure_region(region): diff --git a/prowler/providers/azure/services/network/network_public_ip_shodan/__init__.py b/prowler/providers/azure/services/network/network_public_ip_shodan/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/prowler/providers/azure/services/network/network_public_ip_shodan/network_public_ip_shodan.metadata.json b/prowler/providers/azure/services/network/network_public_ip_shodan/network_public_ip_shodan.metadata.json new file mode 100644 index 00000000..c27bf219 --- /dev/null +++ b/prowler/providers/azure/services/network/network_public_ip_shodan/network_public_ip_shodan.metadata.json @@ -0,0 +1,32 @@ +{ + "Provider": "azure", + "CheckID": "network_public_ip_shodan", + "CheckTitle": "Check if an Azure Public IP is exposed in Shodan (requires Shodan API KEY).", + "CheckType": [], + "ServiceName": "network", + "SubServiceName": "", + "ResourceIdTemplate": "", + "Severity": "high", + "ResourceType": "Network", + "Description": "Check if an Azure Public IP is exposed in Shodan (requires Shodan API KEY).", + "Risk": "If an Azure Public IP is exposed in Shodan, it can be accessed by anyone on the internet. This can lead to unauthorized access to your resources.", + "RelatedUrl": "", + "Remediation": { + "Code": { + "CLI": "", + "NativeIaC": "", + "Other": "", + "Terraform": "" + }, + "Recommendation": { + "Text": "Check Identified IPs; Consider changing them to private ones and delete them from Shodan.", + "Url": "https://www.shodan.io/" + } + }, + "Categories": [ + "internet-exposed" + ], + "DependsOn": [], + "RelatedTo": [], + "Notes": "" +} diff --git a/prowler/providers/azure/services/network/network_public_ip_shodan/network_public_ip_shodan.py b/prowler/providers/azure/services/network/network_public_ip_shodan/network_public_ip_shodan.py new file mode 100644 index 00000000..1f88e6e4 --- /dev/null +++ b/prowler/providers/azure/services/network/network_public_ip_shodan/network_public_ip_shodan.py @@ -0,0 +1,40 @@ +import shodan + +from prowler.lib.check.models import Check, Check_Report_Azure +from prowler.lib.logger import logger +from prowler.providers.azure.services.network.network_client import network_client + + +class network_public_ip_shodan(Check): + def execute(self): + findings = [] + shodan_api_key = network_client.audit_config.get("shodan_api_key") + if shodan_api_key: + api = shodan.Shodan(shodan_api_key) + for subscription, public_ips in network_client.public_ip_addresses.items(): + for ip in public_ips: + report = Check_Report_Azure(self.metadata()) + report.subscription = subscription + report.resource_name = ip.name + report.resource_id = ip.id + try: + shodan_info = api.host(ip.ip_address) + report.status = "FAIL" + report.status_extended = f"Public IP {ip.ip_address} listed in Shodan with open ports {str(shodan_info['ports'])} and ISP {shodan_info['isp']} in {shodan_info['country_name']}. More info at https://www.shodan.io/host/{ip.ip_address}." + findings.append(report) + except shodan.APIError as error: + if "No information available for that IP" in error.value: + report.status = "PASS" + report.status_extended = ( + f"Public IP {ip.ip_address} is not listed in Shodan." + ) + findings.append(report) + continue + else: + logger.error(f"Unknown Shodan API Error: {error.value}") + + else: + logger.error( + "ERROR: No Shodan API Key -- Please input a Shodan API Key with -N/--shodan or in config.yaml" + ) + return findings diff --git a/prowler/providers/azure/services/network/network_service.py b/prowler/providers/azure/services/network/network_service.py index 80ac95e3..1a7d55c8 100644 --- a/prowler/providers/azure/services/network/network_service.py +++ b/prowler/providers/azure/services/network/network_service.py @@ -13,6 +13,7 @@ class Network(AzureService): self.security_groups = self.__get_security_groups__() self.bastion_hosts = self.__get_bastion_hosts__() self.network_watchers = self.__get_network_watchers__() + self.public_ip_addresses = self.__get_public_ip_addresses__() def __get_security_groups__(self): logger.info("Network - Getting Network Security Groups...") @@ -92,6 +93,29 @@ class Network(AzureService): ) return bastion_hosts + def __get_public_ip_addresses__(self): + logger.info("Network - Getting Public IP Addresses...") + public_ip_addresses = {} + for subscription, client in self.clients.items(): + try: + public_ip_addresses.update({subscription: []}) + public_ip_addresses_list = client.public_ip_addresses.list_all() + for public_ip_address in public_ip_addresses_list: + public_ip_addresses[subscription].append( + PublicIp( + id=public_ip_address.id, + name=public_ip_address.name, + location=public_ip_address.location, + ip_address=public_ip_address.ip_address, + ) + ) + + except Exception as error: + logger.error( + f"Subscription name: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + ) + return public_ip_addresses + @dataclass class BastionHost: @@ -114,3 +138,11 @@ class SecurityGroup: name: str location: str security_rules: list + + +@dataclass +class PublicIp: + id: str + name: str + location: str + ip_address: str diff --git a/prowler/providers/common/outputs.py b/prowler/providers/common/outputs.py index 36388998..9b514999 100644 --- a/prowler/providers/common/outputs.py +++ b/prowler/providers/common/outputs.py @@ -78,6 +78,12 @@ class Azure_Output_Options(Provider_Output_Options): # First call Provider_Output_Options init super().__init__(arguments, allowlist_file, bulk_checks_metadata) + # Confire Shodan API + if arguments.shodan: + audit_info = change_config_var( + "shodan_api_key", arguments.shodan, audit_info + ) + # Check if custom output filename was input, if not, set the default if ( not hasattr(arguments, "output_filename") diff --git a/tests/config/config_test.py b/tests/config/config_test.py index cd58552b..90fa4857 100644 --- a/tests/config/config_test.py +++ b/tests/config/config_test.py @@ -51,6 +51,8 @@ config_aws = { "organizations_trusted_delegated_administrators": [], } +config_azure = {"shodan_api_key": None} + class Test_Config: def test_get_aws_available_regions(self): @@ -184,7 +186,7 @@ class Test_Config: config_test_file = f"{path}/fixtures/config.yaml" provider = "azure" - assert load_and_validate_config_file(provider, config_test_file) is None + assert load_and_validate_config_file(provider, config_test_file) == config_azure def test_load_and_validate_config_file_old_format(self): path = pathlib.Path(os.path.dirname(os.path.realpath(__file__))) diff --git a/tests/config/fixtures/config.yaml b/tests/config/fixtures/config.yaml index 24673100..0996ac0d 100644 --- a/tests/config/fixtures/config.yaml +++ b/tests/config/fixtures/config.yaml @@ -56,6 +56,9 @@ aws: # Azure Configuration azure: + # Azure Network Configuration + # azure.network_public_ip_shodan + shodan_api_key: null # GCP Configuration gcp: diff --git a/tests/lib/cli/parser_test.py b/tests/lib/cli/parser_test.py index cbd0fac1..7d860d4e 100644 --- a/tests/lib/cli/parser_test.py +++ b/tests/lib/cli/parser_test.py @@ -122,6 +122,7 @@ class Test_Parser: assert not parsed.sp_env_auth assert not parsed.browser_auth assert not parsed.managed_identity_auth + assert not parsed.shodan def test_default_parser_no_arguments_gcp(self): provider = "gcp" @@ -1052,6 +1053,20 @@ class Test_Parser: assert parsed.provider == "azure" assert parsed.az_cli_auth + def test_azure_parser_shodan_short(self): + argument = "-N" + shodan_api_key = str(uuid.uuid4()) + command = [prowler_command, "azure", argument, shodan_api_key] + parsed = self.parser.parse(command) + assert parsed.shodan == shodan_api_key + + def test_azure_parser_shodan_long(self): + argument = "--shodan" + shodan_api_key = str(uuid.uuid4()) + command = [prowler_command, "azure", argument, shodan_api_key] + parsed = self.parser.parse(command) + assert parsed.shodan == shodan_api_key + def test_parser_azure_auth_managed_identity(self): argument = "--managed-identity-auth" command = [prowler_command, "azure", argument] diff --git a/tests/providers/azure/services/cosmosdb/cosmosdb_account_firewall_use_selected_networks/cosmosdb_account_firewall_use_selected_networks_test.py b/tests/providers/azure/services/cosmosdb/cosmosdb_account_firewall_use_selected_networks/cosmosdb_account_firewall_use_selected_networks_test.py index d79d8ea3..64187ba0 100644 --- a/tests/providers/azure/services/cosmosdb/cosmosdb_account_firewall_use_selected_networks/cosmosdb_account_firewall_use_selected_networks_test.py +++ b/tests/providers/azure/services/cosmosdb/cosmosdb_account_firewall_use_selected_networks/cosmosdb_account_firewall_use_selected_networks_test.py @@ -2,8 +2,7 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.cosmosdb.cosmosdb_service import Account - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION class Test_cosmosdb_account_firewall_use_selected_networks: diff --git a/tests/providers/azure/services/cosmosdb/cosmosdb_account_use_aad_and_rbac/cosmosdb_account_use_aad_and_rbac_test.py b/tests/providers/azure/services/cosmosdb/cosmosdb_account_use_aad_and_rbac/cosmosdb_account_use_aad_and_rbac_test.py index 1c414fb4..5530262b 100644 --- a/tests/providers/azure/services/cosmosdb/cosmosdb_account_use_aad_and_rbac/cosmosdb_account_use_aad_and_rbac_test.py +++ b/tests/providers/azure/services/cosmosdb/cosmosdb_account_use_aad_and_rbac/cosmosdb_account_use_aad_and_rbac_test.py @@ -2,8 +2,7 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.cosmosdb.cosmosdb_service import Account - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION class Test_cosmosdb_account_use_aad_and_rbac: diff --git a/tests/providers/azure/services/cosmosdb/cosmosdb_account_use_private_endpoints/cosmosdb_account_use_private_endpoints_test.py b/tests/providers/azure/services/cosmosdb/cosmosdb_account_use_private_endpoints/cosmosdb_account_use_private_endpoints_test.py index 259a144a..4fdf18a1 100644 --- a/tests/providers/azure/services/cosmosdb/cosmosdb_account_use_private_endpoints/cosmosdb_account_use_private_endpoints_test.py +++ b/tests/providers/azure/services/cosmosdb/cosmosdb_account_use_private_endpoints/cosmosdb_account_use_private_endpoints_test.py @@ -4,8 +4,7 @@ from uuid import uuid4 from azure.mgmt.cosmosdb.models import PrivateEndpointConnection from prowler.providers.azure.services.cosmosdb.cosmosdb_service import Account - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION class Test_cosmosdb_account_use_private_endpoints: diff --git a/tests/providers/azure/services/defender/defender_ensure_defender_for_app_services_is_on/defender_ensure_defender_for_app_services_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_defender_for_app_services_is_on/defender_ensure_defender_for_app_services_is_on_test.py index 4dad232d..fc659680 100644 --- a/tests/providers/azure/services/defender/defender_ensure_defender_for_app_services_is_on/defender_ensure_defender_for_app_services_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_defender_for_app_services_is_on/defender_ensure_defender_for_app_services_is_on_test.py @@ -2,8 +2,7 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Pricing - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION class Test_defender_ensure_defender_for_app_services_is_on: diff --git a/tests/providers/azure/services/defender/defender_ensure_defender_for_arm_is_on/defender_ensure_defender_for_arm_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_defender_for_arm_is_on/defender_ensure_defender_for_arm_is_on_test.py index 262bf81b..648ae416 100644 --- a/tests/providers/azure/services/defender/defender_ensure_defender_for_arm_is_on/defender_ensure_defender_for_arm_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_defender_for_arm_is_on/defender_ensure_defender_for_arm_is_on_test.py @@ -2,8 +2,7 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Pricing - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION class Test_defender_ensure_defender_for_arm_is_on: diff --git a/tests/providers/azure/services/defender/defender_ensure_defender_for_azure_sql_databases_is_on/defender_ensure_defender_for_azure_sql_databases_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_defender_for_azure_sql_databases_is_on/defender_ensure_defender_for_azure_sql_databases_is_on_test.py index 85179099..3e4a4a5e 100644 --- a/tests/providers/azure/services/defender/defender_ensure_defender_for_azure_sql_databases_is_on/defender_ensure_defender_for_azure_sql_databases_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_defender_for_azure_sql_databases_is_on/defender_ensure_defender_for_azure_sql_databases_is_on_test.py @@ -2,8 +2,7 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Pricing - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION class Test_defender_ensure_defender_for_azure_sql_databases_is_on: diff --git a/tests/providers/azure/services/defender/defender_ensure_defender_for_containers_is_on/defender_ensure_defender_for_containers_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_defender_for_containers_is_on/defender_ensure_defender_for_containers_is_on_test.py index 326a99a2..fae2a50d 100644 --- a/tests/providers/azure/services/defender/defender_ensure_defender_for_containers_is_on/defender_ensure_defender_for_containers_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_defender_for_containers_is_on/defender_ensure_defender_for_containers_is_on_test.py @@ -2,8 +2,7 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Pricing - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION class Test_defender_ensure_defender_for_containers_is_on: diff --git a/tests/providers/azure/services/defender/defender_ensure_defender_for_cosmosdb_is_on/defender_ensure_defender_for_cosmosdb_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_defender_for_cosmosdb_is_on/defender_ensure_defender_for_cosmosdb_is_on_test.py index 3af45e24..c3263174 100644 --- a/tests/providers/azure/services/defender/defender_ensure_defender_for_cosmosdb_is_on/defender_ensure_defender_for_cosmosdb_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_defender_for_cosmosdb_is_on/defender_ensure_defender_for_cosmosdb_is_on_test.py @@ -2,8 +2,7 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Pricing - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION class Test_defender_ensure_defender_for_cosmosdb_is_on: diff --git a/tests/providers/azure/services/defender/defender_ensure_defender_for_databases_is_on/defender_ensure_defender_for_databases_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_defender_for_databases_is_on/defender_ensure_defender_for_databases_is_on_test.py index c06510ea..bcc0abb8 100644 --- a/tests/providers/azure/services/defender/defender_ensure_defender_for_databases_is_on/defender_ensure_defender_for_databases_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_defender_for_databases_is_on/defender_ensure_defender_for_databases_is_on_test.py @@ -2,8 +2,7 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Pricing - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION class Test_defender_ensure_defender_for_databases_is_on: diff --git a/tests/providers/azure/services/defender/defender_ensure_defender_for_dns_is_on/defender_ensure_defender_for_dns_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_defender_for_dns_is_on/defender_ensure_defender_for_dns_is_on_test.py index 87550dad..f3335dbc 100644 --- a/tests/providers/azure/services/defender/defender_ensure_defender_for_dns_is_on/defender_ensure_defender_for_dns_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_defender_for_dns_is_on/defender_ensure_defender_for_dns_is_on_test.py @@ -2,8 +2,7 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Pricing - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION class Test_defender_ensure_defender_for_dns_is_on: diff --git a/tests/providers/azure/services/defender/defender_ensure_defender_for_keyvault_is_on/defender_ensure_defender_for_keyvault_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_defender_for_keyvault_is_on/defender_ensure_defender_for_keyvault_is_on_test.py index ed1c9408..b9d88bc5 100644 --- a/tests/providers/azure/services/defender/defender_ensure_defender_for_keyvault_is_on/defender_ensure_defender_for_keyvault_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_defender_for_keyvault_is_on/defender_ensure_defender_for_keyvault_is_on_test.py @@ -2,8 +2,7 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Pricing - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION class Test_defender_ensure_defender_for_keyvault_is_on: diff --git a/tests/providers/azure/services/defender/defender_ensure_defender_for_os_relational_databases_is_on/defender_ensure_defender_for_os_relational_databases_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_defender_for_os_relational_databases_is_on/defender_ensure_defender_for_os_relational_databases_is_on_test.py index 26dd3c1f..416ac243 100644 --- a/tests/providers/azure/services/defender/defender_ensure_defender_for_os_relational_databases_is_on/defender_ensure_defender_for_os_relational_databases_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_defender_for_os_relational_databases_is_on/defender_ensure_defender_for_os_relational_databases_is_on_test.py @@ -2,8 +2,7 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Pricing - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION class Test_defender_ensure_defender_for_os_relational_databases_is_on: diff --git a/tests/providers/azure/services/defender/defender_ensure_defender_for_server_is_on/defender_ensure_defender_for_server_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_defender_for_server_is_on/defender_ensure_defender_for_server_is_on_test.py index c045862a..e23c8380 100644 --- a/tests/providers/azure/services/defender/defender_ensure_defender_for_server_is_on/defender_ensure_defender_for_server_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_defender_for_server_is_on/defender_ensure_defender_for_server_is_on_test.py @@ -2,8 +2,7 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Pricing - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION class Test_defender_ensure_defender_for_server_is_on: diff --git a/tests/providers/azure/services/defender/defender_ensure_defender_for_sql_servers_is_on/defender_ensure_defender_for_sql_servers_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_defender_for_sql_servers_is_on/defender_ensure_defender_for_sql_servers_is_on_test.py index b69c20cf..7e37b869 100644 --- a/tests/providers/azure/services/defender/defender_ensure_defender_for_sql_servers_is_on/defender_ensure_defender_for_sql_servers_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_defender_for_sql_servers_is_on/defender_ensure_defender_for_sql_servers_is_on_test.py @@ -2,8 +2,7 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Pricing - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION class Test_defender_ensure_defender_for_sql_servers_is_on: diff --git a/tests/providers/azure/services/defender/defender_ensure_defender_for_storage_is_on/defender_ensure_defender_for_storage_is_on_test.py b/tests/providers/azure/services/defender/defender_ensure_defender_for_storage_is_on/defender_ensure_defender_for_storage_is_on_test.py index 75ad4eac..92895271 100644 --- a/tests/providers/azure/services/defender/defender_ensure_defender_for_storage_is_on/defender_ensure_defender_for_storage_is_on_test.py +++ b/tests/providers/azure/services/defender/defender_ensure_defender_for_storage_is_on/defender_ensure_defender_for_storage_is_on_test.py @@ -2,8 +2,7 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.defender.defender_service import Pricing - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION class Test_defender_ensure_defender_for_storage_is_on: diff --git a/tests/providers/azure/services/network/network_bastion_host_exists/network_bastion_host_exists_test.py b/tests/providers/azure/services/network/network_bastion_host_exists/network_bastion_host_exists_test.py index 64b4fe28..bf4fce59 100644 --- a/tests/providers/azure/services/network/network_bastion_host_exists/network_bastion_host_exists_test.py +++ b/tests/providers/azure/services/network/network_bastion_host_exists/network_bastion_host_exists_test.py @@ -2,8 +2,7 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.network.network_service import BastionHost - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION class Test_network_bastion_host_exists: diff --git a/tests/providers/azure/services/network/network_flow_log_more_than_90_days/network_flow_log_more_than_90_days_test.py b/tests/providers/azure/services/network/network_flow_log_more_than_90_days/network_flow_log_more_than_90_days_test.py index b4d230c7..d2f79c97 100644 --- a/tests/providers/azure/services/network/network_flow_log_more_than_90_days/network_flow_log_more_than_90_days_test.py +++ b/tests/providers/azure/services/network/network_flow_log_more_than_90_days/network_flow_log_more_than_90_days_test.py @@ -4,8 +4,7 @@ from uuid import uuid4 from azure.mgmt.network.models._models import FlowLog, RetentionPolicyParameters from prowler.providers.azure.services.network.network_service import NetworkWatcher - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION class Test_network_flow_log_more_than_90_days: diff --git a/tests/providers/azure/services/network/network_http_internet_access_restricted/network_http_internet_access_restricted_test.py b/tests/providers/azure/services/network/network_http_internet_access_restricted/network_http_internet_access_restricted_test.py index 2c68acab..6f19e376 100644 --- a/tests/providers/azure/services/network/network_http_internet_access_restricted/network_http_internet_access_restricted_test.py +++ b/tests/providers/azure/services/network/network_http_internet_access_restricted/network_http_internet_access_restricted_test.py @@ -4,8 +4,7 @@ from uuid import uuid4 from azure.mgmt.network.models._models import SecurityRule from prowler.providers.azure.services.network.network_service import SecurityGroup - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION class Test_network_http_internet_access_restricted: diff --git a/tests/providers/azure/services/network/network_public_ip_shodan/network_public_ip_shodan_test.py b/tests/providers/azure/services/network/network_public_ip_shodan/network_public_ip_shodan_test.py new file mode 100644 index 00000000..128aba54 --- /dev/null +++ b/tests/providers/azure/services/network/network_public_ip_shodan/network_public_ip_shodan_test.py @@ -0,0 +1,78 @@ +from unittest import mock + +from prowler.providers.azure.services.network.network_service import PublicIp +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION + + +class Test_network_public_ip_shodan: + def test_no_public_ip_addresses(self): + network_client = mock.MagicMock + network_client.public_ip_addresses = {} + network_client.audit_info = mock.MagicMock + + with mock.patch( + "prowler.providers.azure.services.network.network_service.Network", + new=network_client, + ) as service_client, mock.patch( + "prowler.providers.azure.services.network.network_client.network_client", + new=service_client, + ): + from prowler.providers.azure.services.network.network_public_ip_shodan.network_public_ip_shodan import ( + network_public_ip_shodan, + ) + + network_client.audit_config = {"shodan_api_key": "api_key"} + + check = network_public_ip_shodan() + result = check.execute() + assert len(result) == 0 + + def test_network_ip_in_shodan(self): + network_client = mock.MagicMock + public_ip_id = "id" + public_ip_name = "name" + ip_address = "ip_address" + shodan_info = { + "ports": [80, 443], + "isp": "Microsoft Corporation", + "country_name": "country_name", + } + network_client.audit_info = mock.MagicMock + + network_client.public_ip_addresses = { + AZURE_SUBSCRIPTION: [ + PublicIp( + id=public_ip_id, + name=public_ip_name, + location=None, + ip_address=ip_address, + ) + ] + } + + with mock.patch( + "prowler.providers.azure.services.network.network_service.Network", + new=network_client, + ) as service_client, mock.patch( + "prowler.providers.azure.services.network.network_client.network_client", + new=service_client, + ), mock.patch( + "prowler.providers.azure.services.network.network_public_ip_shodan.network_public_ip_shodan.shodan.Shodan.host", + return_value=shodan_info, + ): + from prowler.providers.azure.services.network.network_public_ip_shodan.network_public_ip_shodan import ( + network_public_ip_shodan, + ) + + network_client.audit_config = {"shodan_api_key": "api_key"} + check = network_public_ip_shodan() + result = check.execute() + assert len(result) == 1 + assert result[0].status == "FAIL" + assert ( + result[0].status_extended + == f"Public IP {ip_address} listed in Shodan with open ports {str(shodan_info['ports'])} and ISP {shodan_info['isp']} in {shodan_info['country_name']}. More info at https://www.shodan.io/host/{ip_address}." + ) + assert result[0].subscription == AZURE_SUBSCRIPTION + assert result[0].resource_name == public_ip_name + assert result[0].resource_id == public_ip_id diff --git a/tests/providers/azure/services/network/network_rdp_internet_access_restricted/network_rdp_internet_access_restricted_test.py b/tests/providers/azure/services/network/network_rdp_internet_access_restricted/network_rdp_internet_access_restricted_test.py index 0935e738..e4434279 100644 --- a/tests/providers/azure/services/network/network_rdp_internet_access_restricted/network_rdp_internet_access_restricted_test.py +++ b/tests/providers/azure/services/network/network_rdp_internet_access_restricted/network_rdp_internet_access_restricted_test.py @@ -4,8 +4,7 @@ from uuid import uuid4 from azure.mgmt.network.models._models import SecurityRule from prowler.providers.azure.services.network.network_service import SecurityGroup - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION class Test_network_rdp_internet_access_restricted: diff --git a/tests/providers/azure/services/network/network_service_test.py b/tests/providers/azure/services/network/network_service_test.py index d1d0f3fb..6d6fb176 100644 --- a/tests/providers/azure/services/network/network_service_test.py +++ b/tests/providers/azure/services/network/network_service_test.py @@ -6,6 +6,7 @@ from prowler.providers.azure.services.network.network_service import ( BastionHost, Network, NetworkWatcher, + PublicIp, SecurityGroup, ) from tests.providers.azure.azure_fixtures import ( @@ -52,6 +53,19 @@ def mock_network_get_network_watchers(_): } +def mock_network_get_public_ip_addresses(_): + return { + AZURE_SUBSCRIPTION: [ + PublicIp( + id="id", + name="name", + location="location", + ip_address="ip_address", + ) + ] + } + + @patch( "prowler.providers.azure.services.network.network_service.Network.__get_security_groups__", new=mock_network_get_security_groups, @@ -64,6 +78,10 @@ def mock_network_get_network_watchers(_): "prowler.providers.azure.services.network.network_service.Network.__get_network_watchers__", new=mock_network_get_network_watchers, ) +@patch( + "prowler.providers.azure.services.network.network_service.Network.__get_public_ip_addresses__", + new=mock_network_get_public_ip_addresses, +) class Test_Network_Service: def test__get_client__(self): network = Network(set_mocked_azure_audit_info()) @@ -127,3 +145,17 @@ class Test_Network_Service: assert network.bastion_hosts[AZURE_SUBSCRIPTION][0].id == "id" assert network.bastion_hosts[AZURE_SUBSCRIPTION][0].name == "name" assert network.bastion_hosts[AZURE_SUBSCRIPTION][0].location == "location" + + def __get_public_ip_addresses__(self): + network = Network(set_mocked_azure_audit_info()) + assert ( + network.public_ip_addresses[AZURE_SUBSCRIPTION][0].__class__.__name__ + == "PublicIp" + ) + assert network.public_ip_addresses[AZURE_SUBSCRIPTION][0].id == "id" + assert network.public_ip_addresses[AZURE_SUBSCRIPTION][0].name == "name" + assert network.public_ip_addresses[AZURE_SUBSCRIPTION][0].location == "location" + assert ( + network.public_ip_addresses[AZURE_SUBSCRIPTION][0].ip_address + == "ip_address" + ) diff --git a/tests/providers/azure/services/network/network_ssh_internet_access_restricted/network_ssh_internet_access_restricted_test.py b/tests/providers/azure/services/network/network_ssh_internet_access_restricted/network_ssh_internet_access_restricted_test.py index ffb24bb2..8d001d82 100644 --- a/tests/providers/azure/services/network/network_ssh_internet_access_restricted/network_ssh_internet_access_restricted_test.py +++ b/tests/providers/azure/services/network/network_ssh_internet_access_restricted/network_ssh_internet_access_restricted_test.py @@ -4,8 +4,7 @@ from uuid import uuid4 from azure.mgmt.network.models._models import SecurityRule from prowler.providers.azure.services.network.network_service import SecurityGroup - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION class Test_network_ssh_internet_access_restricted: diff --git a/tests/providers/azure/services/network/network_udp_internet_access_restricted/network_udp_internet_access_restricted_test.py b/tests/providers/azure/services/network/network_udp_internet_access_restricted/network_udp_internet_access_restricted_test.py index 2ffd1e53..f9400110 100644 --- a/tests/providers/azure/services/network/network_udp_internet_access_restricted/network_udp_internet_access_restricted_test.py +++ b/tests/providers/azure/services/network/network_udp_internet_access_restricted/network_udp_internet_access_restricted_test.py @@ -4,8 +4,7 @@ from uuid import uuid4 from azure.mgmt.network.models._models import SecurityRule from prowler.providers.azure.services.network.network_service import SecurityGroup - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION class Test_network_udp_internet_access_restricted: diff --git a/tests/providers/azure/services/network/network_watcher_enabled/network_watcher_enabled_test.py b/tests/providers/azure/services/network/network_watcher_enabled/network_watcher_enabled_test.py index b8c3c855..d4bef404 100644 --- a/tests/providers/azure/services/network/network_watcher_enabled/network_watcher_enabled_test.py +++ b/tests/providers/azure/services/network/network_watcher_enabled/network_watcher_enabled_test.py @@ -1,9 +1,7 @@ from unittest import mock -from uuid import uuid4 from prowler.providers.azure.services.network.network_service import NetworkWatcher - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION class Test_network_watcher_enabled: diff --git a/tests/providers/azure/services/postgresql/postgresql_flexible_server_allow_access_services_disabled/postgresql_flexible_server_allow_access_services_disabled_test.py b/tests/providers/azure/services/postgresql/postgresql_flexible_server_allow_access_services_disabled/postgresql_flexible_server_allow_access_services_disabled_test.py index 28a0a997..87ca80a6 100644 --- a/tests/providers/azure/services/postgresql/postgresql_flexible_server_allow_access_services_disabled/postgresql_flexible_server_allow_access_services_disabled_test.py +++ b/tests/providers/azure/services/postgresql/postgresql_flexible_server_allow_access_services_disabled/postgresql_flexible_server_allow_access_services_disabled_test.py @@ -5,8 +5,7 @@ from prowler.providers.azure.services.postgresql.postgresql_service import ( Firewall, Server, ) - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION class Test_postgresql_flexible_server_allow_access_services_disabled: diff --git a/tests/providers/azure/services/postgresql/postgresql_flexible_server_connection_throttling_on/postgresql_flexible_server_connection_throttling_on_test.py b/tests/providers/azure/services/postgresql/postgresql_flexible_server_connection_throttling_on/postgresql_flexible_server_connection_throttling_on_test.py index de6a4a88..59efcbf5 100644 --- a/tests/providers/azure/services/postgresql/postgresql_flexible_server_connection_throttling_on/postgresql_flexible_server_connection_throttling_on_test.py +++ b/tests/providers/azure/services/postgresql/postgresql_flexible_server_connection_throttling_on/postgresql_flexible_server_connection_throttling_on_test.py @@ -2,8 +2,7 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.postgresql.postgresql_service import Server - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION class Test_postgresql_flexible_server_connection_throttling_on: diff --git a/tests/providers/azure/services/postgresql/postgresql_flexible_server_enforce_ssl_enabled/postgresql_flexible_server_enforce_ssl_enabled_test.py b/tests/providers/azure/services/postgresql/postgresql_flexible_server_enforce_ssl_enabled/postgresql_flexible_server_enforce_ssl_enabled_test.py index 11cf6f26..0544c412 100644 --- a/tests/providers/azure/services/postgresql/postgresql_flexible_server_enforce_ssl_enabled/postgresql_flexible_server_enforce_ssl_enabled_test.py +++ b/tests/providers/azure/services/postgresql/postgresql_flexible_server_enforce_ssl_enabled/postgresql_flexible_server_enforce_ssl_enabled_test.py @@ -2,8 +2,7 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.postgresql.postgresql_service import Server - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION class Test_postgresql_flexible_server_enforce_ssl_enabled: diff --git a/tests/providers/azure/services/postgresql/postgresql_flexible_server_log_checkpoints_on/postgresql_flexible_server_log_checkpoints_on_test.py b/tests/providers/azure/services/postgresql/postgresql_flexible_server_log_checkpoints_on/postgresql_flexible_server_log_checkpoints_on_test.py index 9e04dea9..2d2960cb 100644 --- a/tests/providers/azure/services/postgresql/postgresql_flexible_server_log_checkpoints_on/postgresql_flexible_server_log_checkpoints_on_test.py +++ b/tests/providers/azure/services/postgresql/postgresql_flexible_server_log_checkpoints_on/postgresql_flexible_server_log_checkpoints_on_test.py @@ -2,8 +2,7 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.postgresql.postgresql_service import Server - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION class Test_postgresql_flexible_server_log_checkpoints_on: diff --git a/tests/providers/azure/services/postgresql/postgresql_flexible_server_log_connections_on/postgresql_flexible_server_log_connections_on_test.py b/tests/providers/azure/services/postgresql/postgresql_flexible_server_log_connections_on/postgresql_flexible_server_log_connections_on_test.py index 56e1f169..98e7724b 100644 --- a/tests/providers/azure/services/postgresql/postgresql_flexible_server_log_connections_on/postgresql_flexible_server_log_connections_on_test.py +++ b/tests/providers/azure/services/postgresql/postgresql_flexible_server_log_connections_on/postgresql_flexible_server_log_connections_on_test.py @@ -2,8 +2,7 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.postgresql.postgresql_service import Server - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION class Test_postgresql_flexible_server_log_connections_on: diff --git a/tests/providers/azure/services/postgresql/postgresql_flexible_server_log_disconnections_on/postgresql_flexible_server_log_disconnections_on_test.py b/tests/providers/azure/services/postgresql/postgresql_flexible_server_log_disconnections_on/postgresql_flexible_server_log_disconnections_on_test.py index bd360868..fff5d27b 100644 --- a/tests/providers/azure/services/postgresql/postgresql_flexible_server_log_disconnections_on/postgresql_flexible_server_log_disconnections_on_test.py +++ b/tests/providers/azure/services/postgresql/postgresql_flexible_server_log_disconnections_on/postgresql_flexible_server_log_disconnections_on_test.py @@ -2,8 +2,7 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.postgresql.postgresql_service import Server - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION class Test_postgresql_flexible_server_log_disconnections_on: diff --git a/tests/providers/azure/services/postgresql/postgresql_flexible_server_log_retention_days_greater_3/postgresql_flexible_server_log_retention_days_greater_3_test.py b/tests/providers/azure/services/postgresql/postgresql_flexible_server_log_retention_days_greater_3/postgresql_flexible_server_log_retention_days_greater_3_test.py index f3f650db..fdc47627 100644 --- a/tests/providers/azure/services/postgresql/postgresql_flexible_server_log_retention_days_greater_3/postgresql_flexible_server_log_retention_days_greater_3_test.py +++ b/tests/providers/azure/services/postgresql/postgresql_flexible_server_log_retention_days_greater_3/postgresql_flexible_server_log_retention_days_greater_3_test.py @@ -2,8 +2,7 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.postgresql.postgresql_service import Server - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION class Test_postgresql_flexible_server_log_retention_days_greater_3: diff --git a/tests/providers/azure/services/sqlserver/sqlserver_azuread_administrator_enabled/sqlserver_azuread_administrator_enabled_test.py b/tests/providers/azure/services/sqlserver/sqlserver_azuread_administrator_enabled/sqlserver_azuread_administrator_enabled_test.py index f1302c33..4bda9d24 100644 --- a/tests/providers/azure/services/sqlserver/sqlserver_azuread_administrator_enabled/sqlserver_azuread_administrator_enabled_test.py +++ b/tests/providers/azure/services/sqlserver/sqlserver_azuread_administrator_enabled/sqlserver_azuread_administrator_enabled_test.py @@ -4,8 +4,7 @@ from uuid import uuid4 from azure.mgmt.sql.models import ServerExternalAdministrator from prowler.providers.azure.services.sqlserver.sqlserver_service import Server - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION class Test_sqlserver_azuread_administrator_enabled: diff --git a/tests/providers/azure/services/sqlserver/sqlserver_microsoft_defender_enabled/sqlserver_microsoft_defender_enabled_test.py b/tests/providers/azure/services/sqlserver/sqlserver_microsoft_defender_enabled/sqlserver_microsoft_defender_enabled_test.py index 605e3df8..f4bb81d6 100644 --- a/tests/providers/azure/services/sqlserver/sqlserver_microsoft_defender_enabled/sqlserver_microsoft_defender_enabled_test.py +++ b/tests/providers/azure/services/sqlserver/sqlserver_microsoft_defender_enabled/sqlserver_microsoft_defender_enabled_test.py @@ -4,8 +4,7 @@ from uuid import uuid4 from azure.mgmt.sql.models import ServerSecurityAlertPolicy from prowler.providers.azure.services.sqlserver.sqlserver_service import Server - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION class Test_sqlserver_microsoft_defender_enabled: diff --git a/tests/providers/azure/services/sqlserver/sqlserver_tde_encrypted_with_cmk/sqlserver_tde_encrypted_with_cmk_test.py b/tests/providers/azure/services/sqlserver/sqlserver_tde_encrypted_with_cmk/sqlserver_tde_encrypted_with_cmk_test.py index 2bd5dbc2..a2f3be2b 100644 --- a/tests/providers/azure/services/sqlserver/sqlserver_tde_encrypted_with_cmk/sqlserver_tde_encrypted_with_cmk_test.py +++ b/tests/providers/azure/services/sqlserver/sqlserver_tde_encrypted_with_cmk/sqlserver_tde_encrypted_with_cmk_test.py @@ -7,8 +7,7 @@ from prowler.providers.azure.services.sqlserver.sqlserver_service import ( Database, Server, ) - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION class Test_sqlserver_tde_encrypted_with_cmk: diff --git a/tests/providers/azure/services/sqlserver/sqlserver_tde_encryption_enabled/sqlserver_tde_encryption_enabled_test.py b/tests/providers/azure/services/sqlserver/sqlserver_tde_encryption_enabled/sqlserver_tde_encryption_enabled_test.py index 928baeca..05308a8f 100644 --- a/tests/providers/azure/services/sqlserver/sqlserver_tde_encryption_enabled/sqlserver_tde_encryption_enabled_test.py +++ b/tests/providers/azure/services/sqlserver/sqlserver_tde_encryption_enabled/sqlserver_tde_encryption_enabled_test.py @@ -7,8 +7,7 @@ from prowler.providers.azure.services.sqlserver.sqlserver_service import ( Database, Server, ) - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION class Test_sqlserver_tde_encryption_enabled: diff --git a/tests/providers/azure/services/sqlserver/sqlserver_unrestricted_inbound_access/sqlserver_unrestricted_inbound_access_test.py b/tests/providers/azure/services/sqlserver/sqlserver_unrestricted_inbound_access/sqlserver_unrestricted_inbound_access_test.py index 23c6760a..74056f68 100644 --- a/tests/providers/azure/services/sqlserver/sqlserver_unrestricted_inbound_access/sqlserver_unrestricted_inbound_access_test.py +++ b/tests/providers/azure/services/sqlserver/sqlserver_unrestricted_inbound_access/sqlserver_unrestricted_inbound_access_test.py @@ -4,8 +4,7 @@ from uuid import uuid4 from azure.mgmt.sql.models import FirewallRule from prowler.providers.azure.services.sqlserver.sqlserver_service import Server - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION class Test_sqlserver_unrestricted_inbound_access: diff --git a/tests/providers/azure/services/sqlserver/sqlserver_va_emails_notifications_admins_enabled/sqlserver_va_emails_notifications_admins_enabled_test.py b/tests/providers/azure/services/sqlserver/sqlserver_va_emails_notifications_admins_enabled/sqlserver_va_emails_notifications_admins_enabled_test.py index a86e1764..bff8a005 100644 --- a/tests/providers/azure/services/sqlserver/sqlserver_va_emails_notifications_admins_enabled/sqlserver_va_emails_notifications_admins_enabled_test.py +++ b/tests/providers/azure/services/sqlserver/sqlserver_va_emails_notifications_admins_enabled/sqlserver_va_emails_notifications_admins_enabled_test.py @@ -7,8 +7,7 @@ from azure.mgmt.sql.models import ( ) from prowler.providers.azure.services.sqlserver.sqlserver_service import Server - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION class Test_sqlserver_va_emails_notifications_admins_enabled: diff --git a/tests/providers/azure/services/sqlserver/sqlserver_va_periodic_recurring_scans_enabled/sqlserver_va_periodic_recurring_scans_enabled_test.py b/tests/providers/azure/services/sqlserver/sqlserver_va_periodic_recurring_scans_enabled/sqlserver_va_periodic_recurring_scans_enabled_test.py index 07918929..fa1a43d3 100644 --- a/tests/providers/azure/services/sqlserver/sqlserver_va_periodic_recurring_scans_enabled/sqlserver_va_periodic_recurring_scans_enabled_test.py +++ b/tests/providers/azure/services/sqlserver/sqlserver_va_periodic_recurring_scans_enabled/sqlserver_va_periodic_recurring_scans_enabled_test.py @@ -7,8 +7,7 @@ from azure.mgmt.sql.models import ( ) from prowler.providers.azure.services.sqlserver.sqlserver_service import Server - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION class Test_sqlserver_va_periodic_recurring_scans_enabled: diff --git a/tests/providers/azure/services/sqlserver/sqlserver_va_scan_reports_configured/sqlserver_va_scan_reports_configured_test.py b/tests/providers/azure/services/sqlserver/sqlserver_va_scan_reports_configured/sqlserver_va_scan_reports_configured_test.py index 5b364bf4..5bff4f61 100644 --- a/tests/providers/azure/services/sqlserver/sqlserver_va_scan_reports_configured/sqlserver_va_scan_reports_configured_test.py +++ b/tests/providers/azure/services/sqlserver/sqlserver_va_scan_reports_configured/sqlserver_va_scan_reports_configured_test.py @@ -7,8 +7,7 @@ from azure.mgmt.sql.models import ( ) from prowler.providers.azure.services.sqlserver.sqlserver_service import Server - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION class Test_sqlserver_va_scan_reports_configured: diff --git a/tests/providers/azure/services/sqlserver/sqlserver_vulnerability_assessment_enabled/sqlserver_vulnerability_assessment_enabled_test.py b/tests/providers/azure/services/sqlserver/sqlserver_vulnerability_assessment_enabled/sqlserver_vulnerability_assessment_enabled_test.py index e89ce817..ed1abbc1 100644 --- a/tests/providers/azure/services/sqlserver/sqlserver_vulnerability_assessment_enabled/sqlserver_vulnerability_assessment_enabled_test.py +++ b/tests/providers/azure/services/sqlserver/sqlserver_vulnerability_assessment_enabled/sqlserver_vulnerability_assessment_enabled_test.py @@ -11,8 +11,7 @@ from prowler.providers.azure.services.sqlserver.sqlserver_service import ( Database, Server, ) - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION class Test_sqlserver_vulnerability_assessment_enabled: diff --git a/tests/providers/azure/services/storage/storage_blob_public_access_level_is_disabled/storage_blob_public_access_level_is_disabled_test.py b/tests/providers/azure/services/storage/storage_blob_public_access_level_is_disabled/storage_blob_public_access_level_is_disabled_test.py index 51abd7a9..ce91bd55 100644 --- a/tests/providers/azure/services/storage/storage_blob_public_access_level_is_disabled/storage_blob_public_access_level_is_disabled_test.py +++ b/tests/providers/azure/services/storage/storage_blob_public_access_level_is_disabled/storage_blob_public_access_level_is_disabled_test.py @@ -2,8 +2,7 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.storage.storage_service import Account - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION class Test_storage_blob_public_access_level_is_disabled: diff --git a/tests/providers/azure/services/storage/storage_default_network_access_rule_is_denied/storage_default_network_access_rule_is_denied_test.py b/tests/providers/azure/services/storage/storage_default_network_access_rule_is_denied/storage_default_network_access_rule_is_denied_test.py index c6312d7e..57f5e252 100644 --- a/tests/providers/azure/services/storage/storage_default_network_access_rule_is_denied/storage_default_network_access_rule_is_denied_test.py +++ b/tests/providers/azure/services/storage/storage_default_network_access_rule_is_denied/storage_default_network_access_rule_is_denied_test.py @@ -4,8 +4,7 @@ from uuid import uuid4 from azure.mgmt.storage.v2022_09_01.models import NetworkRuleSet from prowler.providers.azure.services.storage.storage_service import Account - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION class Test_storage_default_network_access_rule_is_denied: diff --git a/tests/providers/azure/services/storage/storage_ensure_azure_services_are_trusted_to_access_is_enabled/storage_ensure_azure_services_are_trusted_to_access_is_enabled_test.py b/tests/providers/azure/services/storage/storage_ensure_azure_services_are_trusted_to_access_is_enabled/storage_ensure_azure_services_are_trusted_to_access_is_enabled_test.py index 07e35e0e..6ba9b248 100644 --- a/tests/providers/azure/services/storage/storage_ensure_azure_services_are_trusted_to_access_is_enabled/storage_ensure_azure_services_are_trusted_to_access_is_enabled_test.py +++ b/tests/providers/azure/services/storage/storage_ensure_azure_services_are_trusted_to_access_is_enabled/storage_ensure_azure_services_are_trusted_to_access_is_enabled_test.py @@ -4,8 +4,7 @@ from uuid import uuid4 from azure.mgmt.storage.v2022_09_01.models import NetworkRuleSet from prowler.providers.azure.services.storage.storage_service import Account - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION class Test_storage_ensure_azure_services_are_trusted_to_access_is_enabled: diff --git a/tests/providers/azure/services/storage/storage_ensure_encryption_with_customer_managed_keys/storage_ensure_encryption_with_customer_managed_keys_test.py b/tests/providers/azure/services/storage/storage_ensure_encryption_with_customer_managed_keys/storage_ensure_encryption_with_customer_managed_keys_test.py index 741ef08e..550ed3d6 100644 --- a/tests/providers/azure/services/storage/storage_ensure_encryption_with_customer_managed_keys/storage_ensure_encryption_with_customer_managed_keys_test.py +++ b/tests/providers/azure/services/storage/storage_ensure_encryption_with_customer_managed_keys/storage_ensure_encryption_with_customer_managed_keys_test.py @@ -2,8 +2,7 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.storage.storage_service import Account - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION class Test_storage_ensure_encryption_with_customer_managed_keys: diff --git a/tests/providers/azure/services/storage/storage_ensure_minimum_tls_version_12/storage_ensure_minimum_tls_version_12_test.py b/tests/providers/azure/services/storage/storage_ensure_minimum_tls_version_12/storage_ensure_minimum_tls_version_12_test.py index 685100c9..b0174c09 100644 --- a/tests/providers/azure/services/storage/storage_ensure_minimum_tls_version_12/storage_ensure_minimum_tls_version_12_test.py +++ b/tests/providers/azure/services/storage/storage_ensure_minimum_tls_version_12/storage_ensure_minimum_tls_version_12_test.py @@ -2,8 +2,7 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.storage.storage_service import Account - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION class Test_storage_ensure_minimum_tls_version_12: diff --git a/tests/providers/azure/services/storage/storage_ensure_private_endpoints_in_storage_accounts/storage_ensure_private_endpoints_in_storage_accounts_test.py b/tests/providers/azure/services/storage/storage_ensure_private_endpoints_in_storage_accounts/storage_ensure_private_endpoints_in_storage_accounts_test.py index 1fc36d58..5ba451a5 100644 --- a/tests/providers/azure/services/storage/storage_ensure_private_endpoints_in_storage_accounts/storage_ensure_private_endpoints_in_storage_accounts_test.py +++ b/tests/providers/azure/services/storage/storage_ensure_private_endpoints_in_storage_accounts/storage_ensure_private_endpoints_in_storage_accounts_test.py @@ -4,8 +4,7 @@ from uuid import uuid4 from azure.mgmt.storage.v2023_01_01.models import PrivateEndpointConnection from prowler.providers.azure.services.storage.storage_service import Account - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION class Test_storage_ensure_private_endpoints_in_storage_accounts: diff --git a/tests/providers/azure/services/storage/storage_ensure_soft_delete_is_enabled/storage_ensure_soft_delete_is_enabled_test.py b/tests/providers/azure/services/storage/storage_ensure_soft_delete_is_enabled/storage_ensure_soft_delete_is_enabled_test.py index 9b98aa9d..c7d1d624 100644 --- a/tests/providers/azure/services/storage/storage_ensure_soft_delete_is_enabled/storage_ensure_soft_delete_is_enabled_test.py +++ b/tests/providers/azure/services/storage/storage_ensure_soft_delete_is_enabled/storage_ensure_soft_delete_is_enabled_test.py @@ -7,8 +7,7 @@ from prowler.providers.azure.services.storage.storage_service import ( Account, BlobProperties, ) - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION class Test_storage_ensure_soft_delete_is_enabled: diff --git a/tests/providers/azure/services/storage/storage_infrastructure_encryption_is_enabled/storage_infrastructure_encryption_is_enabled_test.py b/tests/providers/azure/services/storage/storage_infrastructure_encryption_is_enabled/storage_infrastructure_encryption_is_enabled_test.py index ce504c8c..5815229f 100644 --- a/tests/providers/azure/services/storage/storage_infrastructure_encryption_is_enabled/storage_infrastructure_encryption_is_enabled_test.py +++ b/tests/providers/azure/services/storage/storage_infrastructure_encryption_is_enabled/storage_infrastructure_encryption_is_enabled_test.py @@ -2,8 +2,7 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.storage.storage_service import Account - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION class Test_storage_infrastructure_encryption_is_enabled: diff --git a/tests/providers/azure/services/storage/storage_secure_transfer_required_is_enabled/storage_secure_transfer_required_is_enabled_test.py b/tests/providers/azure/services/storage/storage_secure_transfer_required_is_enabled/storage_secure_transfer_required_is_enabled_test.py index e5371885..4ada6b29 100644 --- a/tests/providers/azure/services/storage/storage_secure_transfer_required_is_enabled/storage_secure_transfer_required_is_enabled_test.py +++ b/tests/providers/azure/services/storage/storage_secure_transfer_required_is_enabled/storage_secure_transfer_required_is_enabled_test.py @@ -2,8 +2,7 @@ from unittest import mock from uuid import uuid4 from prowler.providers.azure.services.storage.storage_service import Account - -AZURE_SUBSCRIPTION = str(uuid4()) +from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION class Test_storage_secure_transfer_required_is_enabled: diff --git a/tests/providers/common/common_outputs_test.py b/tests/providers/common/common_outputs_test.py index 066f114e..694d2c5d 100644 --- a/tests/providers/common/common_outputs_test.py +++ b/tests/providers/common/common_outputs_test.py @@ -201,6 +201,7 @@ class Test_Common_Output_Options: arguments.verbose = True arguments.only_logs = False arguments.unix_timestamp = False + arguments.shodan = "test-api-key" # Mock Azure Audit Info audit_info = self.set_mocked_azure_audit_info() @@ -241,6 +242,7 @@ class Test_Common_Output_Options: arguments.verbose = True arguments.only_logs = False arguments.unix_timestamp = False + arguments.shodan = "test-api-key" # Mock Azure Audit Info audit_info = self.set_mocked_azure_audit_info()