ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(checks): dump all checks as a json file (#2683)

Browse Source 
Co-authored-by: Pepe Fagoaga <pepe@verica.io>
This commit is contained in:
Chris Farris
2023-08-21 11:35:31 -04:00
committed by GitHub
parent 4d817c48a8
commit d186c69473
5 changed files with 46 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
prowler/__main__.py
View File

@@ -12,6 +12,7 @@ from prowler.lib.check.check import (
exclude_services_to_run,
execute_checks,
list_categories,
list_checks_json,
list_services,
parse_checks_from_folder,
print_categories,
@@ -113,6 +114,11 @@ def prowler():
provider,
)
# if --list-checks-json, dump a json file and exit
if args.list_checks_json:
print(list_checks_json(provider, sorted(checks_to_execute)))
sys.exit()
# If -l/--list-checks passed as argument, print checks to execute and quit
if args.list_checks:
print_checks(provider, sorted(checks_to_execute), bulk_checks_metadata)

10
prowler/lib/check/check.py
View File

@@ -1,5 +1,6 @@
import functools
import importlib
import json
import os
import re
import shutil
@@ -270,6 +271,15 @@ def print_compliance_requirements(
)
def list_checks_json(provider: str, check_list: set):
try:
output = {provider: check_list}
return json.dumps(output, indent=2, default=str)
except Exception as e:
logger.critical(f"{e.__class__.__name__}[{e.__traceback__.tb_lineno}]: {e}")
sys.exit(1)
def print_checks(
provider: str,
check_list: set,

7
prowler/lib/cli/parser.py
View File

@@ -90,7 +90,7 @@ Detailed documentation at https://docs.prowler.cloud
)
# Only Logging Configuration
if args.only_logs:
if args.only_logs or args.list_checks_json:
args.no_banner = True
return args
@@ -244,6 +244,11 @@ Detailed documentation at https://docs.prowler.cloud
list_group.add_argument(
"-l", "--list-checks", action="store_true", help="List checks"
)
list_group.add_argument(
"--list-checks-json",
action="store_true",
help="Output a list of checks in json for use with --checks-file",
)
list_group.add_argument(
"--list-services", action="store_true", help="List services"
)

18
tests/lib/check/check_test.py
View File

@@ -12,6 +12,7 @@ from prowler.lib.check.check import (
exclude_checks_to_run,
exclude_services_to_run,
list_categories,
list_checks_json,
list_modules,
list_services,
parse_checks_from_file,
@@ -595,3 +596,20 @@ class Test_Check:
assert audit_metadata.services_scanned == 1
assert audit_metadata.expected_checks == expected_checks
assert audit_metadata.completed_checks == 1
def test_list_checks_json_aws_lambda_and_s3(self):
provider = "aws"
check_list = {
"awslambda_function_invoke_api_operations_cloudtrail_logging_enabled",
"awslambda_function_no_secrets_in_code",
"awslambda_function_no_secrets_in_variables",
"awslambda_function_not_publicly_accessible",
"awslambda_function_url_cors_policy",
"awslambda_function_url_public",
"awslambda_function_using_supported_runtimes",
}
checks_json = list_checks_json(provider, sorted(check_list))
assert (
checks_json
== '{\n "aws": [\n "awslambda_function_invoke_api_operations_cloudtrail_logging_enabled",\n "awslambda_function_no_secrets_in_code",\n "awslambda_function_no_secrets_in_variables",\n "awslambda_function_not_publicly_accessible",\n "awslambda_function_url_cors_policy",\n "awslambda_function_url_public",\n "awslambda_function_using_supported_runtimes"\n ]\n}'
)

6
tests/lib/cli/parser_test.py
View File

@@ -592,6 +592,12 @@ class Test_Parser:
parsed = self.parser.parse(command)
assert parsed.list_checks
def test_list_checks_parser_list_checks_json(self):
argument = "--list-checks-json"
command = [prowler_command, argument]
parsed = self.parser.parse(command)
assert parsed.list_checks_json
def test_list_checks_parser_list_services(self):
argument = "--list-services"
command = [prowler_command, argument]