mirror of
https://github.com/ghndrx/prowler.git
synced 2026-02-10 14:55:00 +00:00
feat(azure): Defender checks related to security contacts and notifications (#3344)
This commit is contained in:
Rubén De la Torre Vico
committed by
GitHub
GitHub
parent
c6e8a0b6d3
commit
c795d76fe9
@@ -0,0 +1,210 @@
|
||||
from unittest import mock
|
||||
from uuid import uuid4
|
||||
|
||||
from prowler.providers.azure.services.defender.defender_service import (
|
||||
Defender_Security_Contacts,
|
||||
)
|
||||
from tests.providers.azure.azure_fixtures import AZURE_SUSCRIPTION
|
||||
|
||||
|
||||
class Test_defender_additional_email_configured_with_a_security_contact:
|
||||
def test_defender_no_notify_emails(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.security_contacts = {}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_additional_email_configured_with_a_security_contact.defender_additional_email_configured_with_a_security_contact.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_additional_email_configured_with_a_security_contact.defender_additional_email_configured_with_a_security_contact import (
|
||||
defender_additional_email_configured_with_a_security_contact,
|
||||
)
|
||||
|
||||
check = defender_additional_email_configured_with_a_security_contact()
|
||||
result = check.execute()
|
||||
assert len(result) == 0
|
||||
|
||||
def test_defender_no_additional_emails(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.security_contacts = {
|
||||
AZURE_SUSCRIPTION: {
|
||||
"default": Defender_Security_Contacts(
|
||||
resource_id=resource_id,
|
||||
emails="",
|
||||
phone="",
|
||||
alert_notifications_minimal_severity="High",
|
||||
alert_notifications_state="On",
|
||||
notified_roles=["Contributor"],
|
||||
notified_roles_state="On",
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_additional_email_configured_with_a_security_contact.defender_additional_email_configured_with_a_security_contact.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_additional_email_configured_with_a_security_contact.defender_additional_email_configured_with_a_security_contact import (
|
||||
defender_additional_email_configured_with_a_security_contact,
|
||||
)
|
||||
|
||||
check = defender_additional_email_configured_with_a_security_contact()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"There is not another correct email configured for susbscription {AZURE_SUSCRIPTION}."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "default"
|
||||
assert result[0].resource_id == resource_id
|
||||
|
||||
def test_defender_additional_email_bad_format(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.security_contacts = {
|
||||
AZURE_SUSCRIPTION: {
|
||||
"default": Defender_Security_Contacts(
|
||||
resource_id=resource_id,
|
||||
emails="bad_email",
|
||||
phone="",
|
||||
alert_notifications_minimal_severity="High",
|
||||
alert_notifications_state="On",
|
||||
notified_roles=["Contributor"],
|
||||
notified_roles_state="On",
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_additional_email_configured_with_a_security_contact.defender_additional_email_configured_with_a_security_contact.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_additional_email_configured_with_a_security_contact.defender_additional_email_configured_with_a_security_contact import (
|
||||
defender_additional_email_configured_with_a_security_contact,
|
||||
)
|
||||
|
||||
check = defender_additional_email_configured_with_a_security_contact()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"There is not another correct email configured for susbscription {AZURE_SUSCRIPTION}."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "default"
|
||||
assert result[0].resource_id == resource_id
|
||||
|
||||
def test_defender_additional_email_bad_separator(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.security_contacts = {
|
||||
AZURE_SUSCRIPTION: {
|
||||
"default": Defender_Security_Contacts(
|
||||
resource_id=resource_id,
|
||||
emails="test@test.es, test@test.email.com",
|
||||
phone="",
|
||||
alert_notifications_minimal_severity="High",
|
||||
alert_notifications_state="On",
|
||||
notified_roles=["Contributor"],
|
||||
notified_roles_state="On",
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_additional_email_configured_with_a_security_contact.defender_additional_email_configured_with_a_security_contact.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_additional_email_configured_with_a_security_contact.defender_additional_email_configured_with_a_security_contact import (
|
||||
defender_additional_email_configured_with_a_security_contact,
|
||||
)
|
||||
|
||||
check = defender_additional_email_configured_with_a_security_contact()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"There is not another correct email configured for susbscription {AZURE_SUSCRIPTION}."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "default"
|
||||
assert result[0].resource_id == resource_id
|
||||
|
||||
def test_defender_additional_email_good_format(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.security_contacts = {
|
||||
AZURE_SUSCRIPTION: {
|
||||
"default": Defender_Security_Contacts(
|
||||
resource_id=resource_id,
|
||||
emails="test@test.com",
|
||||
phone="",
|
||||
alert_notifications_minimal_severity="High",
|
||||
alert_notifications_state="On",
|
||||
notified_roles=["Contributor"],
|
||||
notified_roles_state="On",
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_additional_email_configured_with_a_security_contact.defender_additional_email_configured_with_a_security_contact.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_additional_email_configured_with_a_security_contact.defender_additional_email_configured_with_a_security_contact import (
|
||||
defender_additional_email_configured_with_a_security_contact,
|
||||
)
|
||||
|
||||
check = defender_additional_email_configured_with_a_security_contact()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"There is another correct email configured for susbscription {AZURE_SUSCRIPTION}."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "default"
|
||||
assert result[0].resource_id == resource_id
|
||||
|
||||
def test_defender_additional_email_good_format_multiple_subdomains(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.security_contacts = {
|
||||
AZURE_SUSCRIPTION: {
|
||||
"default": Defender_Security_Contacts(
|
||||
resource_id=resource_id,
|
||||
emails="test@test.mail.es; bad_mail",
|
||||
phone="",
|
||||
alert_notifications_minimal_severity="High",
|
||||
alert_notifications_state="On",
|
||||
notified_roles=["Contributor"],
|
||||
notified_roles_state="On",
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_additional_email_configured_with_a_security_contact.defender_additional_email_configured_with_a_security_contact.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_additional_email_configured_with_a_security_contact.defender_additional_email_configured_with_a_security_contact import (
|
||||
defender_additional_email_configured_with_a_security_contact,
|
||||
)
|
||||
|
||||
check = defender_additional_email_configured_with_a_security_contact()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"There is another correct email configured for susbscription {AZURE_SUSCRIPTION}."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "default"
|
||||
assert result[0].resource_id == resource_id
|
||||
@@ -0,0 +1,99 @@
|
||||
from unittest import mock
|
||||
from uuid import uuid4
|
||||
|
||||
from prowler.providers.azure.services.defender.defender_service import (
|
||||
Defender_Security_Contacts,
|
||||
)
|
||||
from tests.providers.azure.azure_fixtures import AZURE_SUSCRIPTION
|
||||
|
||||
|
||||
class Test_defender_ensure_notify_alerts_severity_is_high:
|
||||
def test_defender_no_severity_alerts(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.security_contacts = {}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_ensure_notify_alerts_severity_is_high.defender_ensure_notify_alerts_severity_is_high.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_ensure_notify_alerts_severity_is_high.defender_ensure_notify_alerts_severity_is_high import (
|
||||
defender_ensure_notify_alerts_severity_is_high,
|
||||
)
|
||||
|
||||
check = defender_ensure_notify_alerts_severity_is_high()
|
||||
result = check.execute()
|
||||
assert len(result) == 0
|
||||
|
||||
def test_defender_severity_alerts_low(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.security_contacts = {
|
||||
AZURE_SUSCRIPTION: {
|
||||
"default": Defender_Security_Contacts(
|
||||
resource_id=resource_id,
|
||||
emails="",
|
||||
phone="",
|
||||
alert_notifications_minimal_severity="Low",
|
||||
alert_notifications_state="On",
|
||||
notified_roles=["Contributor"],
|
||||
notified_roles_state="On",
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_ensure_notify_alerts_severity_is_high.defender_ensure_notify_alerts_severity_is_high.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_ensure_notify_alerts_severity_is_high.defender_ensure_notify_alerts_severity_is_high import (
|
||||
defender_ensure_notify_alerts_severity_is_high,
|
||||
)
|
||||
|
||||
check = defender_ensure_notify_alerts_severity_is_high()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Notifiy alerts are not enabled for severity high in susbscription {AZURE_SUSCRIPTION}."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "default"
|
||||
assert result[0].resource_id == resource_id
|
||||
|
||||
def test_defender_severity_alerts_high(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.security_contacts = {
|
||||
AZURE_SUSCRIPTION: {
|
||||
"default": Defender_Security_Contacts(
|
||||
resource_id=resource_id,
|
||||
emails="",
|
||||
phone="",
|
||||
alert_notifications_minimal_severity="High",
|
||||
alert_notifications_state="On",
|
||||
notified_roles=["Contributor"],
|
||||
notified_roles_state="On",
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_ensure_notify_alerts_severity_is_high.defender_ensure_notify_alerts_severity_is_high.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_ensure_notify_alerts_severity_is_high.defender_ensure_notify_alerts_severity_is_high import (
|
||||
defender_ensure_notify_alerts_severity_is_high,
|
||||
)
|
||||
|
||||
check = defender_ensure_notify_alerts_severity_is_high()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Notifiy alerts are enabled for severity high in susbscription {AZURE_SUSCRIPTION}."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "default"
|
||||
assert result[0].resource_id == resource_id
|
||||
@@ -0,0 +1,136 @@
|
||||
from unittest import mock
|
||||
from uuid import uuid4
|
||||
|
||||
from prowler.providers.azure.services.defender.defender_service import (
|
||||
Defender_Security_Contacts,
|
||||
)
|
||||
from tests.providers.azure.azure_fixtures import AZURE_SUSCRIPTION
|
||||
|
||||
|
||||
class Test_defender_ensure_notify_emails_to_owners:
|
||||
def test_defender_no_notify_emails(self):
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.security_contacts = {}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_ensure_notify_emails_to_owners.defender_ensure_notify_emails_to_owners.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_ensure_notify_emails_to_owners.defender_ensure_notify_emails_to_owners import (
|
||||
defender_ensure_notify_emails_to_owners,
|
||||
)
|
||||
|
||||
check = defender_ensure_notify_emails_to_owners()
|
||||
result = check.execute()
|
||||
assert len(result) == 0
|
||||
|
||||
def test_defender_no_notify_emails_to_owners(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.security_contacts = {
|
||||
AZURE_SUSCRIPTION: {
|
||||
"default": Defender_Security_Contacts(
|
||||
resource_id=resource_id,
|
||||
emails="",
|
||||
phone="",
|
||||
alert_notifications_minimal_severity="High",
|
||||
alert_notifications_state="On",
|
||||
notified_roles=["Contributor"],
|
||||
notified_roles_state="On",
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_ensure_notify_emails_to_owners.defender_ensure_notify_emails_to_owners.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_ensure_notify_emails_to_owners.defender_ensure_notify_emails_to_owners import (
|
||||
defender_ensure_notify_emails_to_owners,
|
||||
)
|
||||
|
||||
check = defender_ensure_notify_emails_to_owners()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"The Owner role is not notified for subscription {AZURE_SUSCRIPTION}."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "default"
|
||||
assert result[0].resource_id == resource_id
|
||||
|
||||
def test_defender_notify_emails_to_owners_off(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.security_contacts = {
|
||||
AZURE_SUSCRIPTION: {
|
||||
"default": Defender_Security_Contacts(
|
||||
resource_id=resource_id,
|
||||
emails="",
|
||||
phone="",
|
||||
alert_notifications_minimal_severity="High",
|
||||
alert_notifications_state="On",
|
||||
notified_roles=["Owner", "Contributor"],
|
||||
notified_roles_state="Off",
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_ensure_notify_emails_to_owners.defender_ensure_notify_emails_to_owners.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_ensure_notify_emails_to_owners.defender_ensure_notify_emails_to_owners import (
|
||||
defender_ensure_notify_emails_to_owners,
|
||||
)
|
||||
|
||||
check = defender_ensure_notify_emails_to_owners()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"The Owner role is not notified for subscription {AZURE_SUSCRIPTION}."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "default"
|
||||
assert result[0].resource_id == resource_id
|
||||
|
||||
def test_defender_notify_emails_to_owners(self):
|
||||
resource_id = str(uuid4())
|
||||
defender_client = mock.MagicMock
|
||||
defender_client.security_contacts = {
|
||||
AZURE_SUSCRIPTION: {
|
||||
"default": Defender_Security_Contacts(
|
||||
resource_id=resource_id,
|
||||
emails="test@test.es",
|
||||
phone="",
|
||||
alert_notifications_minimal_severity="High",
|
||||
alert_notifications_state="On",
|
||||
notified_roles=["Owner", "Contributor"],
|
||||
notified_roles_state="On",
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
with mock.patch(
|
||||
"prowler.providers.azure.services.defender.defender_ensure_notify_emails_to_owners.defender_ensure_notify_emails_to_owners.defender_client",
|
||||
new=defender_client,
|
||||
):
|
||||
from prowler.providers.azure.services.defender.defender_ensure_notify_emails_to_owners.defender_ensure_notify_emails_to_owners import (
|
||||
defender_ensure_notify_emails_to_owners,
|
||||
)
|
||||
|
||||
check = defender_ensure_notify_emails_to_owners()
|
||||
result = check.execute()
|
||||
assert len(result) == 1
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"The Owner role is notified for subscription {AZURE_SUSCRIPTION}."
|
||||
)
|
||||
assert result[0].subscription == AZURE_SUSCRIPTION
|
||||
assert result[0].resource_name == "default"
|
||||
assert result[0].resource_id == resource_id
|
||||
@@ -6,6 +6,7 @@ from prowler.providers.azure.services.defender.defender_service import (
|
||||
Defender,
|
||||
Defender_Assessments,
|
||||
Defender_Pricing,
|
||||
Defender_Security_Contacts,
|
||||
)
|
||||
from tests.providers.azure.azure_fixtures import (
|
||||
AZURE_SUSCRIPTION,
|
||||
@@ -50,6 +51,22 @@ def mock_defender_get_assessments(_):
|
||||
}
|
||||
|
||||
|
||||
def mock_defender_get_security_contacts(_):
|
||||
return {
|
||||
AZURE_SUSCRIPTION: {
|
||||
"default": Defender_Security_Contacts(
|
||||
resource_id="/subscriptions/resource_id",
|
||||
emails="user@user.com, test@test.es",
|
||||
phone="666666666",
|
||||
alert_notifications_minimal_severity="High",
|
||||
alert_notifications_state="On",
|
||||
notified_roles=["Owner", "Contributor"],
|
||||
notified_roles_state="On",
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@patch(
|
||||
"prowler.providers.azure.services.defender.defender_service.Defender.__get_pricings__",
|
||||
new=mock_defender_get_pricings,
|
||||
@@ -62,6 +79,10 @@ def mock_defender_get_assessments(_):
|
||||
"prowler.providers.azure.services.defender.defender_service.Defender.__get_assessments__",
|
||||
new=mock_defender_get_assessments,
|
||||
)
|
||||
@patch(
|
||||
"prowler.providers.azure.services.defender.defender_service.Defender.__get_security_contacts__",
|
||||
new=mock_defender_get_security_contacts,
|
||||
)
|
||||
class Test_Defender_Service:
|
||||
def test__get_client__(self):
|
||||
defender = Defender(set_mocked_azure_audit_info())
|
||||
@@ -129,3 +150,40 @@ class Test_Defender_Service:
|
||||
== "default"
|
||||
)
|
||||
assert defender.assessments[AZURE_SUSCRIPTION]["default"].status == "Healthy"
|
||||
|
||||
def test__get_security_contacts__(self):
|
||||
defender = Defender(set_mocked_azure_audit_info())
|
||||
assert len(defender.security_contacts) == 1
|
||||
assert (
|
||||
defender.security_contacts[AZURE_SUSCRIPTION]["default"].resource_id
|
||||
== "/subscriptions/resource_id"
|
||||
)
|
||||
assert (
|
||||
defender.security_contacts[AZURE_SUSCRIPTION]["default"].emails
|
||||
== "user@user.com, test@test.es"
|
||||
)
|
||||
assert (
|
||||
defender.security_contacts[AZURE_SUSCRIPTION]["default"].phone
|
||||
== "666666666"
|
||||
)
|
||||
assert (
|
||||
defender.security_contacts[AZURE_SUSCRIPTION][
|
||||
"default"
|
||||
].alert_notifications_minimal_severity
|
||||
== "High"
|
||||
)
|
||||
assert (
|
||||
defender.security_contacts[AZURE_SUSCRIPTION][
|
||||
"default"
|
||||
].alert_notifications_state
|
||||
== "On"
|
||||
)
|
||||
assert defender.security_contacts[AZURE_SUSCRIPTION][
|
||||
"default"
|
||||
].notified_roles == ["Owner", "Contributor"]
|
||||
assert (
|
||||
defender.security_contacts[AZURE_SUSCRIPTION][
|
||||
"default"
|
||||
].notified_roles_state
|
||||
== "On"
|
||||
)
|
||||
|
||||
Reference in New Issue
Block a user