ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 06:45:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(acm): adding more details on remaining expiration days (#3293)

Browse Source 
Co-authored-by: Esteban <mendoza@versprite.com>
Co-authored-by: Pepe Fagoaga <pepe@verica.io>
This commit is contained in:
Esteban Mendoza
2024-01-17 09:42:19 +01:00
committed by GitHub
parent 4a15625bf9
commit c617c10ffa
2 changed files with 51 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
prowler/providers/aws/services/acm/acm_certificates_expiration_check/acm_certificates_expiration_check.py
View File

@@ -19,7 +19,11 @@ class acm_certificates_expiration_check(Check):
report.resource_tags = certificate.tags
else:
report.status = "FAIL"
report.status_extended = f"ACM Certificate {certificate.id} for {certificate.name} is about to expire in {DAYS_TO_EXPIRE_THRESHOLD} days."
if certificate.expiration_days < 0:
report.status_extended = f"ACM Certificate {certificate.id} for {certificate.name} has expired ({abs(certificate.expiration_days)} days ago)."
else:
report.status_extended = f"ACM Certificate {certificate.id} for {certificate.name} is about to expire in {certificate.expiration_days} days."
report.resource_id = certificate.id
report.resource_details = certificate.name
report.resource_arn = certificate.arn

48
tests/providers/aws/services/acm/acm_certificates_expiration_check/acm_certificates_expiration_check_test.py
View File

@@ -32,6 +32,7 @@ class Test_acm_certificates_expiration_check:
certificate_arn = f"arn:aws:acm:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:certificate/{certificate_id}"
certificate_name = "test-certificate.com"
certificate_type = "AMAZON_ISSUED"
expiration_days = 5
acm_client = mock.MagicMock
acm_client.certificates = [
@@ -40,7 +41,7 @@ class Test_acm_certificates_expiration_check:
id=certificate_id,
name=certificate_name,
type=certificate_type,
expiration_days=5,
expiration_days=expiration_days,
transparency_logging=True,
region=AWS_REGION,
)
@@ -62,7 +63,50 @@ class Test_acm_certificates_expiration_check:
assert result[0].status == "FAIL"
assert (
result[0].status_extended
== f"ACM Certificate {certificate_id} for {certificate_name} is about to expire in {DAYS_TO_EXPIRE_THRESHOLD} days."
== f"ACM Certificate {certificate_id} for {certificate_name} is about to expire in {expiration_days} days."
)
assert result[0].resource_id == certificate_id
assert result[0].resource_arn == certificate_arn
assert result[0].region == AWS_REGION
assert result[0].resource_tags == []
def test_acm_certificate_expirated_long_time(self):
certificate_id = str(uuid.uuid4())
certificate_arn = f"arn:aws:acm:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:certificate/{certificate_id}"
certificate_name = "test-certificate.com"
certificate_type = "AMAZON_ISSUED"
expiration_days = -400
acm_client = mock.MagicMock
acm_client.certificates = [
Certificate(
arn=certificate_arn,
id=certificate_id,
name=certificate_name,
type=certificate_type,
expiration_days=expiration_days,
transparency_logging=True,
region=AWS_REGION,
)
]
with mock.patch(
"prowler.providers.aws.services.acm.acm_service.ACM",
new=acm_client,
):
# Test Check
from prowler.providers.aws.services.acm.acm_certificates_expiration_check.acm_certificates_expiration_check import (
acm_certificates_expiration_check,
)
check = acm_certificates_expiration_check()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert (
result[0].status_extended
== f"ACM Certificate {certificate_id} for {certificate_name} has expired ({abs(expiration_days)} days ago)."
)
assert result[0].resource_id == certificate_id
assert result[0].resource_arn == certificate_arn