ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 23:05:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(check32): filterName base64encoded to avoid space problems in filter names (#1020)

Browse Source 
* fix(check32): filterName base64encoded to avoid space problems in filter names

* fix(check32): base64 decoding atomic expression

* fix(check32): Variable enclosing

Co-authored-by: Nacho Rivera <nachor1992@gmail>
This commit is contained in:
n4ch04
2022-02-02 17:09:38 +01:00
committed by GitHub
parent 3d0ab4684f
commit d9561d5d22
1 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
include/check3x
View File

@@ -39,11 +39,12 @@ check3x(){
if [ "$CLOUDWATCH_LOGGROUP_ACCOUNT" == "$CURRENT_ACCOUNT_ID" ];then
# Filter control and whitespace from .metricFilters[*].filterPattern for easier matching later
METRICFILTER_CACHE=$($AWSCLI logs describe-metric-filters --log-group-name "$CLOUDWATCH_LOGGROUP_NAME" $PROFILE_OPT --region "$CLOUDWATCH_LOGGROUP_REGION"|jq '.metricFilters|=map(.filterPattern|=gsub("[[:space:]]+"; " "))')
METRICFILTER_SET=$(echo $METRICFILTER_CACHE | jq -r --arg re "$grep_filter" '.metricFilters[]|select(.filterPattern|test($re))|.filterName')
METRICFILTER_SET=$(echo "${METRICFILTER_CACHE}" | jq -r --arg re "${grep_filter}" '.metricFilters[]|select(.filterPattern|test($re))|.filterName|@base64')
fi
if [[ $METRICFILTER_SET ]];then
for metric in $METRICFILTER_SET; do
metric_name=$(echo $METRICFILTER_CACHE | jq -r --arg name $metric '.metricFilters[]|select(.filterName==$name)|.metricTransformations[0].metricName')
metric_decode=$(base64 -d <<< "${metric}")
metric_name=$(echo "${METRICFILTER_CACHE}" | jq -r --arg name "${metric_decode}" '.metricFilters[]|select(.filterName==$name)|.metricTransformations[0].metricName')
HAS_ALARM_ASSOCIATED=$($AWSCLI cloudwatch describe-alarms $PROFILE_OPT --region "$CLOUDWATCH_LOGGROUP_REGION" --query 'MetricAlarms[?MetricName==`'"$metric_name"'`]' --output text)
if [[ $HAS_ALARM_ASSOCIATED ]];then
CHECK_OK="$CHECK_OK $CLOUDWATCH_LOGGROUP_NAME:$metric"
@@ -61,7 +62,7 @@ check3x(){
if [[ $CHECK_OK ]]; then
for group in $CHECK_OK; do
metric=${group#*:}
metric=$(base64 -d <<< "${group#*:}")
group=${group%:*}
textPass "$REGION: CloudWatch group $group found with metric filter $metric and alarms set" "$REGION" "$group"
done
@@ -69,7 +70,7 @@ check3x(){
if [[ $CHECK_WARN ]]; then
for group in $CHECK_WARN; do
case $group in
*:*) metric=${group#*:}
*:*) metric=$(base64 -d <<< "${group#*:}")
group=${group%:*}
if [[ $pass_count == 0 ]]; then
textFail "$REGION: CloudWatch group $group found with metric filter $metric but no alarms associated" "$REGION" "$group"