ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 23:05:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(s3): Add S3 ResourceArn (#1666)

Browse Source 
Co-authored-by: sergargar <sergio@verica.io>
This commit is contained in:
Gabriel Soltz
2023-01-09 11:04:09 +01:00
committed by GitHub
parent 0cd5ce8c29
commit d5edbaa3a9
18 changed files with 132 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
tests/providers/aws/services/s3/s3_bucket_acl_prohibited/s3_bucket_acl_prohibited_test.py
View File

@@ -36,6 +36,10 @@ class Test_s3_bucket_acl_prohibited:
result[0].status_extended,
)
assert result[0].resource_id == bucket_name_us
assert (
result[0].resource_arn
== f"arn:{current_audit_info.audited_partition}:s3:::{bucket_name_us}"
)
assert result[0].region == "us-east-1"
@mock_s3
@@ -68,6 +72,10 @@ class Test_s3_bucket_acl_prohibited:
result[0].status_extended,
)
assert result[0].resource_id == bucket_name_us
assert (
result[0].resource_arn
== f"arn:{current_audit_info.audited_partition}:s3:::{bucket_name_us}"
)
assert result[0].region == "us-east-1"
@mock_s3
@@ -102,4 +110,8 @@ class Test_s3_bucket_acl_prohibited:
result[0].status_extended,
)
assert result[0].resource_id == bucket_name_us
assert (
result[0].resource_arn
== f"arn:{current_audit_info.audited_partition}:s3:::{bucket_name_us}"
)
assert result[0].region == "us-east-1"

8
tests/providers/aws/services/s3/s3_bucket_default_encryption/s3_bucket_default_encryption_test.py
View File

@@ -36,6 +36,10 @@ class Test_s3_bucket_default_encryption:
result[0].status_extended,
)
assert result[0].resource_id == bucket_name_us
assert (
result[0].resource_arn
== f"arn:{current_audit_info.audited_partition}:s3:::{bucket_name_us}"
)
assert result[0].region == "us-east-1"
@mock_s3
@@ -83,4 +87,8 @@ class Test_s3_bucket_default_encryption:
result[0].status_extended,
)
assert result[0].resource_id == bucket_name_us
assert (
result[0].resource_arn
== f"arn:{current_audit_info.audited_partition}:s3:::{bucket_name_us}"
)
assert result[0].region == "us-east-1"

8
tests/providers/aws/services/s3/s3_bucket_no_mfa_delete/s3_bucket_no_mfa_delete_test.py
View File

@@ -60,6 +60,10 @@ class Test_s3_bucket_no_mfa_delete:
result[0].status_extended,
)
assert result[0].resource_id == bucket_name_us
assert (
result[0].resource_arn
== f"arn:{current_audit_info.audited_partition}:s3:::{bucket_name_us}"
)
@mock_s3
def test_bucket_with_mfa(self):
@@ -95,3 +99,7 @@ class Test_s3_bucket_no_mfa_delete:
result[0].status_extended,
)
assert result[0].resource_id == bucket_name_us
assert (
result[0].resource_arn
== f"arn:{current_audit_info.audited_partition}:s3:::{bucket_name_us}"
)

8
tests/providers/aws/services/s3/s3_bucket_object_versioning/s3_bucket_object_versioning_test.py
View File

@@ -36,6 +36,10 @@ class Test_s3_bucket_object_versioning:
result[0].status_extended,
)
assert result[0].resource_id == bucket_name_us
assert (
result[0].resource_arn
== f"arn:{current_audit_info.audited_partition}:s3:::{bucket_name_us}"
)
assert result[0].region == "us-east-1"
@mock_s3
@@ -73,4 +77,8 @@ class Test_s3_bucket_object_versioning:
result[0].status_extended,
)
assert result[0].resource_id == bucket_name_us
assert (
result[0].resource_arn
== f"arn:{current_audit_info.audited_partition}:s3:::{bucket_name_us}"
)
assert result[0].region == "us-east-1"

12
tests/providers/aws/services/s3/s3_bucket_policy_public_write_access/s3_bucket_policy_public_write_access_test.py
View File

@@ -36,6 +36,10 @@ class Test_s3_bucket_policy_public_write_access:
result[0].status_extended,
)
assert result[0].resource_id == bucket_name_us
assert (
result[0].resource_arn
== f"arn:{current_audit_info.audited_partition}:s3:::{bucket_name_us}"
)
assert result[0].region == "us-east-1"
@mock_s3
@@ -75,6 +79,10 @@ class Test_s3_bucket_policy_public_write_access:
result[0].status_extended,
)
assert result[0].resource_id == bucket_name_us
assert (
result[0].resource_arn
== f"arn:{current_audit_info.audited_partition}:s3:::{bucket_name_us}"
)
assert result[0].region == "us-east-1"
@mock_s3
@@ -113,4 +121,8 @@ class Test_s3_bucket_policy_public_write_access:
result[0].status_extended,
)
assert result[0].resource_id == bucket_name_us
assert (
result[0].resource_arn
== f"arn:{current_audit_info.audited_partition}:s3:::{bucket_name_us}"
)
assert result[0].region == "us-east-1"

16
tests/providers/aws/services/s3/s3_bucket_public_access/s3_bucket_public_access_test.py
View File

@@ -216,6 +216,10 @@ class Test_s3_bucket_public_access:
result[0].status_extended,
)
assert result[0].resource_id == bucket_name_us
assert (
result[0].resource_arn
== f"arn:{audit_info.audited_partition}:s3:::{bucket_name_us}"
)
assert result[0].region == AWS_REGION
@mock_s3
@@ -291,6 +295,10 @@ class Test_s3_bucket_public_access:
result[0].status_extended,
)
assert result[0].resource_id == bucket_name_us
assert (
result[0].resource_arn
== f"arn:{audit_info.audited_partition}:s3:::{bucket_name_us}"
)
assert result[0].region == AWS_REGION
@mock_s3
@@ -355,6 +363,10 @@ class Test_s3_bucket_public_access:
result[0].status_extended,
)
assert result[0].resource_id == bucket_name_us
assert (
result[0].resource_arn
== f"arn:{audit_info.audited_partition}:s3:::{bucket_name_us}"
)
assert result[0].region == AWS_REGION
@mock_s3
@@ -403,4 +415,8 @@ class Test_s3_bucket_public_access:
result[0].status_extended,
)
assert result[0].resource_id == bucket_name_us
assert (
result[0].resource_arn
== f"arn:{audit_info.audited_partition}:s3:::{bucket_name_us}"
)
assert result[0].region == AWS_REGION

12
tests/providers/aws/services/s3/s3_bucket_secure_transport_policy/s3_bucket_secure_transport_policy_test.py
View File

@@ -36,6 +36,10 @@ class Test_s3_bucket_secure_transport_policy:
result[0].status_extended,
)
assert result[0].resource_id == bucket_name_us
assert (
result[0].resource_arn
== f"arn:{current_audit_info.audited_partition}:s3:::{bucket_name_us}"
)
assert result[0].region == "us-east-1"
@mock_s3
@@ -92,6 +96,10 @@ class Test_s3_bucket_secure_transport_policy:
result[0].status_extended,
)
assert result[0].resource_id == bucket_name_us
assert (
result[0].resource_arn
== f"arn:{current_audit_info.audited_partition}:s3:::{bucket_name_us}"
)
assert result[0].region == "us-east-1"
@mock_s3
@@ -148,4 +156,8 @@ class Test_s3_bucket_secure_transport_policy:
result[0].status_extended,
)
assert result[0].resource_id == bucket_name_us
assert (
result[0].resource_arn
== f"arn:{current_audit_info.audited_partition}:s3:::{bucket_name_us}"
)
assert result[0].region == "us-east-1"

8
tests/providers/aws/services/s3/s3_bucket_server_access_logging_enabled/s3_bucket_server_access_logging_enabled_test.py
View File

@@ -38,6 +38,10 @@ class Test_s3_bucket_server_access_logging_enabled:
result[0].status_extended,
)
assert result[0].resource_id == bucket_name_us
assert (
result[0].resource_arn
== f"arn:{current_audit_info.audited_partition}:s3:::{bucket_name_us}"
)
@mock_s3
def test_bucket_with_logging(self):
@@ -123,3 +127,7 @@ class Test_s3_bucket_server_access_logging_enabled:
result[0].status_extended,
)
assert result[0].resource_id == bucket_name_us
assert (
result[0].resource_arn
== f"arn:{current_audit_info.audited_partition}:s3:::{bucket_name_us}"
)

32
tests/providers/aws/services/s3/s3_service_test.py
View File

@@ -80,6 +80,10 @@ class Test_S3_Service:
assert len(s3.buckets) == 1
assert s3.buckets[0].name == bucket_name
assert (
s3.buckets[0].arn
== f"arn:{audit_info.audited_partition}:s3:::{bucket_name}"
)
# Test S3 Get Bucket Versioning
@mock_s3
@@ -99,6 +103,10 @@ class Test_S3_Service:
s3 = S3(audit_info)
assert len(s3.buckets) == 1
assert s3.buckets[0].name == bucket_name
assert (
s3.buckets[0].arn
== f"arn:{audit_info.audited_partition}:s3:::{bucket_name}"
)
assert s3.buckets[0].versioning is True
# Test S3 Get Bucket ACL
@@ -128,6 +136,10 @@ class Test_S3_Service:
s3 = S3(audit_info)
assert len(s3.buckets) == 1
assert s3.buckets[0].name == bucket_name
assert (
s3.buckets[0].arn
== f"arn:{audit_info.audited_partition}:s3:::{bucket_name}"
)
assert s3.buckets[0].acl_grantees[0].display_name == "test"
assert s3.buckets[0].acl_grantees[0].ID == "test_ID"
assert s3.buckets[0].acl_grantees[0].type == "Group"
@@ -204,6 +216,10 @@ class Test_S3_Service:
s3 = S3(audit_info)
assert len(s3.buckets) == 1
assert s3.buckets[0].name == bucket_name
assert (
s3.buckets[0].arn
== f"arn:{audit_info.audited_partition}:s3:::{bucket_name}"
)
assert s3.buckets[0].logging is True
# Test S3 Get Bucket Policy
@@ -221,6 +237,10 @@ class Test_S3_Service:
s3 = S3(audit_info)
assert len(s3.buckets) == 1
assert s3.buckets[0].name == bucket_name
assert (
s3.buckets[0].arn
== f"arn:{audit_info.audited_partition}:s3:::{bucket_name}"
)
assert s3.buckets[0].policy == json.loads(ssl_policy)
# Test S3 Get Bucket Encryption
@@ -250,6 +270,10 @@ class Test_S3_Service:
s3 = S3(audit_info)
assert len(s3.buckets) == 1
assert s3.buckets[0].name == bucket_name
assert (
s3.buckets[0].arn
== f"arn:{audit_info.audited_partition}:s3:::{bucket_name}"
)
assert s3.buckets[0].encryption == "aws:kms"
# Test S3 Get Bucket Ownership Controls
@@ -268,6 +292,10 @@ class Test_S3_Service:
s3 = S3(audit_info)
assert len(s3.buckets) == 1
assert s3.buckets[0].name == bucket_name
assert (
s3.buckets[0].arn
== f"arn:{audit_info.audited_partition}:s3:::{bucket_name}"
)
assert s3.buckets[0].ownership == "BucketOwnerEnforced"
# Test S3 Get Public Access Block
@@ -294,6 +322,10 @@ class Test_S3_Service:
s3 = S3(audit_info)
assert len(s3.buckets) == 1
assert s3.buckets[0].name == bucket_name
assert (
s3.buckets[0].arn
== f"arn:{audit_info.audited_partition}:s3:::{bucket_name}"
)
assert s3.buckets[0].public_access_block.block_public_acls
assert s3.buckets[0].public_access_block.ignore_public_acls
assert s3.buckets[0].public_access_block.block_public_policy