ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-11 07:15:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(codeartifact): solve dependency confusion check (#2999)

Browse Source 
Co-authored-by: Sergio Garcia <sergargar1@gmail.com>
This commit is contained in:
Ignacio Dominguez
2023-11-20 14:48:46 +01:00
committed by GitHub
parent db9c1c24d3
commit e212645cf0
3 changed files with 40 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
prowler/providers/aws/services/codeartifact/codeartifact_packages_external_public_publishing_disabled/codeartifact_packages_external_public_publishing_disabled.py
View File

@@ -16,7 +16,7 @@ class codeartifact_packages_external_public_publishing_disabled(Check):
report = Check_Report_AWS(self.metadata())
report.region = repository.region
report.resource_id = package.name
report.resource_arn = repository.arn
report.resource_arn = f"{repository.arn}/{package.namespace + ':' if package.namespace else ''}{package.name}"
report.resource_tags = repository.tags
if package.latest_version.origin.origin_type in (

43
prowler/providers/aws/services/codeartifact/codeartifact_service.py
View File

@@ -63,7 +63,7 @@ class CodeArtifact(AWSService):
list_packages_parameters = {
"domain": self.repositories[repository].domain_name,
"domainOwner": self.repositories[repository].domain_owner,
"repository": repository,
"repository": self.repositories[repository].name,
}
packages = []
for page in list_packages_paginator.paginate(
@@ -83,18 +83,37 @@ class CodeArtifact(AWSService):
]
)
# Get Latest Package Version
latest_version_information = (
regional_client.list_package_versions(
domain=self.repositories[repository].domain_name,
domainOwner=self.repositories[
repository
].domain_owner,
repository=repository,
format=package_format,
package=package_name,
sortBy="PUBLISHED_TIME",
if package_namespace:
latest_version_information = (
regional_client.list_package_versions(
domain=self.repositories[
repository
].domain_name,
domainOwner=self.repositories[
repository
].domain_owner,
repository=self.repositories[repository].name,
format=package_format,
namespace=package_namespace,
package=package_name,
sortBy="PUBLISHED_TIME",
)
)
else:
latest_version_information = (
regional_client.list_package_versions(
domain=self.repositories[
repository
].domain_name,
domainOwner=self.repositories[
repository
].domain_owner,
repository=self.repositories[repository].name,
format=package_format,
package=package_name,
sortBy="PUBLISHED_TIME",
)
)
)
latest_version = ""
latest_origin_type = "UNKNOWN"
latest_status = "Published"

10
tests/providers/aws/services/codeartifact/codeartifact_packages_external_public_publishing_disabled/codeartifact_packages_external_public_publishing_disabled_test.py
View File

@@ -110,7 +110,10 @@ class Test_codeartifact_packages_external_public_publishing_disabled:
assert len(result) == 1
assert result[0].region == AWS_REGION
assert result[0].resource_id == "test-package"
assert result[0].resource_arn == repository_arn
assert (
result[0].resource_arn
== repository_arn + "/" + package_namespace + ":" + package_name
)
assert result[0].resource_tags == []
assert result[0].status == "FAIL"
assert (
@@ -167,7 +170,10 @@ class Test_codeartifact_packages_external_public_publishing_disabled:
assert len(result) == 1
assert result[0].region == AWS_REGION
assert result[0].resource_id == "test-package"
assert result[0].resource_arn == repository_arn
assert (
result[0].resource_arn
== repository_arn + "/" + package_namespace + ":" + package_name
)
assert result[0].resource_tags == []
assert result[0].status == "PASS"
assert (