fix(cloudtrail_multi_region_enabled): reformat check (#1880)

2026-02-10 23:05:05 +00:00 · 2023-02-10 12:34:53 +01:00
parent d88640fd20
commit d22d4c4c83
2 changed files with 108 additions and 25 deletions
--- a/prowler/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled/cloudtrail_multi_region_enabled.py
+++ b/prowler/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled/cloudtrail_multi_region_enabled.py
@@ -7,44 +7,33 @@ from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
 class cloudtrail_multi_region_enabled(Check):
    def execute(self):
        findings = []
-        actual_region = None
-        for trail in cloudtrail_client.trails:
+        for region in cloudtrail_client.regional_clients.keys():
            report = Check_Report_AWS(self.metadata())
-            report.region = trail.region
-            if trail.name:  # Check if there are trails in region
-                # Check if region has changed and add report of previous region
-                if actual_region != trail.region:
-                    if report:  # Check if it not the beginning
-                        findings.append(report)
-                trail_in_region = False
-                if not trail_in_region:
+            report.region = region
+            for trail in cloudtrail_client.trails:
+                if trail.region == region:
                    if trail.is_logging:
                        report.status = "PASS"
+                        report.resource_id = trail.name
+                        report.resource_arn = trail.arn
                        if trail.is_multiregion:
                            report.status_extended = (
                                f"Trail {trail.name} is multiregion and it is logging"
                            )
                        else:
                            report.status_extended = f"Trail {trail.name} is not multiregion and it is logging"
-                        report.resource_id = trail.name
-                        report.resource_arn = trail.arn
-                        trail_in_region = True  # Trail enabled in region
+                        # Since there exists a logging trail in that region there is no point in checking the reamaining trails
+                        # Store the finding and exit the loop
+                        findings.append(report)
+                        break
                    else:
                        report.status = "FAIL"
                        report.status_extended = (
                            "No CloudTrail trails enabled and logging were found"
                        )
-                        report.region = cloudtrail_client.region
                        report.resource_arn = "No trails"
                        report.resource_id = "No trails"
-                actual_region = trail.region
-            else:
-                report.status = "FAIL"
-                report.status_extended = (
-                    "No CloudTrail trails enabled and logging were found"
-                )
-                report.resource_arn = "No trails"
-                report.resource_id = "No trails"
+            # If there are no trails logging it is needed to store the FAIL once all the trails have been checked
+            if report.status == "FAIL":
                findings.append(report)
-
        return findings
--- a/tests/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled/cloudtrail_multi_region_enabled_test.py
+++ b/tests/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled/cloudtrail_multi_region_enabled_test.py
@@ -5,6 +5,7 @@ from boto3 import client, session
 from moto import mock_cloudtrail, mock_s3

 from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
+from prowler.providers.aws.services.cloudtrail.cloudtrail_service import Trail

 AWS_ACCOUNT_NUMBER = 123456789012

@@ -44,7 +45,6 @@ class Test_cloudtrail_multi_region_enabled:
            "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
            new=current_audit_info,
        ):
-
            with mock.patch(
                "prowler.providers.aws.services.cloudtrail.cloudtrail_multi_region_enabled.cloudtrail_multi_region_enabled.cloudtrail_client",
                new=Cloudtrail(current_audit_info),
@@ -99,7 +99,6 @@ class Test_cloudtrail_multi_region_enabled:
            "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
            new=current_audit_info,
        ):
-
            with mock.patch(
                "prowler.providers.aws.services.cloudtrail.cloudtrail_multi_region_enabled.cloudtrail_multi_region_enabled.cloudtrail_client",
                new=Cloudtrail(current_audit_info),
@@ -185,3 +184,98 @@ class Test_cloudtrail_multi_region_enabled:
                        )
                        assert report.resource_id == "No trails"
                        assert report.resource_arn == "No trails"
+
+    @mock_cloudtrail
+    @mock_s3
+    def test_trail_multiregion_logging_and_single_region_not_login(self):
+        cloudtrail_client_us_east_1 = client("cloudtrail", region_name="us-east-1")
+        s3_client_us_east_1 = client("s3", region_name="us-east-1")
+        cloudtrail_client_eu_west_1 = client("cloudtrail", region_name="eu-west-1")
+        s3_client_eu_west_1 = client("s3", region_name="eu-west-1")
+        trail_name_us = "trail_test_us"
+        bucket_name_us = "bucket_test_us"
+        trail_name_eu = "aaaaa"
+        bucket_name_eu = "bucket_test_eu"
+        s3_client_us_east_1.create_bucket(Bucket=bucket_name_us)
+        s3_client_eu_west_1.create_bucket(
+            Bucket=bucket_name_eu,
+            CreateBucketConfiguration={"LocationConstraint": "eu-west-1"},
+        )
+        trail_us = cloudtrail_client_us_east_1.create_trail(
+            Name=trail_name_us, S3BucketName=bucket_name_us, IsMultiRegionTrail=True
+        )
+        cloudtrail_client_eu_west_1.create_trail(
+            Name=trail_name_eu, S3BucketName=bucket_name_eu, IsMultiRegionTrail=False
+        )
+        _ = cloudtrail_client_us_east_1.start_logging(Name=trail_name_us)
+        _ = cloudtrail_client_us_east_1.get_trail_status(Name=trail_name_us)
+
+        from prowler.providers.aws.services.cloudtrail.cloudtrail_service import (
+            Cloudtrail,
+        )
+
+        current_audit_info = self.set_mocked_audit_info()
+
+        with mock.patch(
+            "prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
+            new=current_audit_info,
+        ):
+            with mock.patch(
+                "prowler.providers.aws.services.cloudtrail.cloudtrail_multi_region_enabled.cloudtrail_multi_region_enabled.cloudtrail_client",
+                new=Cloudtrail(current_audit_info),
+            ) as cloudtrail_client:
+                # Test Check
+                from prowler.providers.aws.services.cloudtrail.cloudtrail_multi_region_enabled.cloudtrail_multi_region_enabled import (
+                    cloudtrail_multi_region_enabled,
+                )
+
+                ##############################################################################################################
+                # Only until moto issue is solved (Right now is not getting shadow us-east-1 trail status in eu-west-1 region)
+                cloudtrail_client.trails = [
+                    Trail(
+                        name=trail_name_us,
+                        is_multiregion=True,
+                        home_region="us-east-1",
+                        arn=trail_us["TrailARN"],
+                        region="us-east-1",
+                        is_logging=True,
+                    ),
+                    Trail(
+                        name=trail_name_eu,
+                        is_multiregion=False,
+                        home_region="eu-west-1",
+                        arn="",
+                        region="eu-west-1",
+                        is_logging=False,
+                    ),
+                    Trail(
+                        name=trail_name_us,
+                        is_multiregion=True,
+                        home_region="us-east-1",
+                        arn=trail_us["TrailARN"],
+                        region="eu-west-1",
+                        is_logging=True,
+                    ),
+                ]
+                ##############################################################################################################
+
+                check = cloudtrail_multi_region_enabled()
+                result = check.execute()
+                assert len(result) == len(current_audit_info.audited_regions)
+                for report in result:
+                    if report.region == "us-east-1":
+                        assert report.status == "PASS"
+                        assert search(
+                            f"Trail {trail_name_us} is multiregion and it is logging",
+                            report.status_extended,
+                        )
+                        assert report.resource_id == trail_name_us
+                        assert report.resource_arn == trail_us["TrailARN"]
+                    elif report.region == "eu-west-1":
+                        assert report.status == "PASS"
+                        assert search(
+                            f"Trail {trail_name_us} is multiregion and it is logging",
+                            report.status_extended,
+                        )
+                        assert report.resource_id == trail_name_us
+                        assert report.resource_arn == trail_us["TrailARN"]