ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(iam): Set user's region in findings (#1312)

Browse Source
This commit is contained in:
Pepe Fagoaga
2022-08-04 10:04:00 +02:00
committed by GitHub
parent de96894a4d
commit cbd375f5d0
11 changed files with 13 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
providers/aws/services/iam/iam_administrator_access_with_mfa/iam_administrator_access_with_mfa.py
View File

@@ -12,7 +12,7 @@ class iam_administrator_access_with_mfa(Check):
report = Check_Report(self.metadata)
report.resource_id = group.name
report.resource_arn = group.arn
report.region = "us-east-1"
report.region = iam_client.region
if group.attached_policies:
admin_policy = False
for group_policy in group.attached_policies:

2
providers/aws/services/iam/iam_avoid_root_usage/iam_avoid_root_usage.py
View File

@@ -15,7 +15,7 @@ class iam_avoid_root_usage(Check):
for user in response:
if user["user"] == "<root_account>":
report = Check_Report(self.metadata)
report.region = "us-east-1"
report.region = iam_client.region
report.resource_id = user["user"]
report.resource_arn = user["arn"]
if (

2
providers/aws/services/iam/iam_disable_30_days_credentials/iam_disable_30_days_credentials.py
View File

@@ -16,7 +16,7 @@ class iam_disable_30_days_credentials(Check):
report = Check_Report(self.metadata)
report.resource_id = user.name
report.resource_arn = user.arn
report.region = "us-east-1"
report.region = iam_client.region
if user.password_last_used and user.password_last_used != "":
try:
time_since_insertion = (

4
providers/aws/services/iam/iam_disable_90_days_credentials/iam_disable_90_days_credentials.py
View File

@@ -14,7 +14,7 @@ class iam_disable_90_days_credentials(Check):
if response:
for user in response:
report = Check_Report(self.metadata)
report.region = "us-east-1"
report.region = iam_client.region
report.resource_id = user.name
report.resource_arn = user.arn
if user.password_last_used and user.password_last_used != "":
@@ -46,7 +46,7 @@ class iam_disable_90_days_credentials(Check):
report = Check_Report(self.metadata)
report.status = "PASS"
report.status_extended = "There is no IAM users."
report.region = "us-east-1"
report.region = iam_client.region
findings.append(report)
return findings

2
providers/aws/services/iam/iam_no_root_access_key/iam_no_root_access_key.py
View File

@@ -10,7 +10,7 @@ class iam_no_root_access_key(Check):
for user in response:
if user["user"] == "<root_account>":
report = Check_Report(self.metadata)
report.region = "us-east-1"
report.region = iam_client.region
report.resource_id = user["user"]
report.resource_arn = user["arn"]
if (

2
providers/aws/services/iam/iam_root_hardware_mfa_enabled/iam_root_hardware_mfa_enabled.py
View File

@@ -7,7 +7,7 @@ class iam_root_hardware_mfa_enabled(Check):
findings = []
virtual_mfa = False
report = Check_Report(self.metadata)
report.region = "us-east-1"
report.region = iam_client.region
report.resource_id = "root"
report.resource_arn = f"arn:aws:iam::{iam_client.account}:root"

2
providers/aws/services/iam/iam_root_mfa_enabled/iam_root_mfa_enabled.py
View File

@@ -10,7 +10,7 @@ class iam_root_mfa_enabled(Check):
for user in iam_client.credential_report:
if user["user"] == "<root_account>":
report = Check_Report(self.metadata)
report.region = "us-east-1"
report.region = iam_client.region
report.resource_id = user["user"]
report.resource_arn = user["arn"]
if user["mfa_active"] == "false":

4
providers/aws/services/iam/iam_rotate_access_key_90_days/iam_rotate_access_key_90_days.py
View File

@@ -14,7 +14,7 @@ class iam_rotate_access_key_90_days(Check):
if response:
for user in response:
report = Check_Report(self.metadata)
report.region = "us-east-1"
report.region = iam_client.region
report.resource_id = user["user"]
report.resource_arn = user["arn"]
if (
@@ -57,7 +57,7 @@ class iam_rotate_access_key_90_days(Check):
report = Check_Report(self.metadata)
report.status = "PASS"
report.status_extended = "There is no IAM users."
report.region = "us-east-1"
report.region = iam_client.region
findings.append(report)
return findings

2
providers/aws/services/iam/iam_user_hardware_mfa_enabled/iam_user_hardware_mfa_enabled.py
View File

@@ -12,7 +12,7 @@ class iam_user_hardware_mfa_enabled(Check):
report = Check_Report(self.metadata)
report.resource_id = user.name
report.resource_arn = user.arn
report.region = "us-east-1"
report.region = iam_client.region
if user.mfa_devices:
for mfa_device in user.mfa_devices:
if mfa_device.type == "mfa" or mfa_device.type == "sms-mfa":

2
providers/aws/services/iam/iam_user_mfa_enabled_console_access/iam_user_mfa_enabled_console_access.py
View File

@@ -12,7 +12,7 @@ class iam_user_mfa_enabled_console_access(Check):
report = Check_Report(self.metadata)
report.resource_id = user["user"]
report.resource_arn = user["arn"]
report.region = "us-east-1"
report.region = iam_client.region
if user["password_enabled"] != "not_supported":
if user["mfa_active"] == "false":
report.status = "FAIL"

2
providers/aws/services/iam/iam_user_two_active_access_key/iam_user_two_active_access_key.py
View File

@@ -12,7 +12,7 @@ class iam_user_two_active_access_key(Check):
report = Check_Report(self.metadata)
report.resource_id = user["user"]
report.resource_arn = user["arn"]
report.region = "us-east-1"
report.region = iam_client.region
if (
user["access_key_1_active"] == "true"
and user["access_key_2_active"] == "true"