ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(aws): New AWSService class as parent (#2638)

Browse Source
This commit is contained in:
Pepe Fagoaga
2023-07-31 11:18:54 +02:00
committed by GitHub
parent 386f558eae
commit e3d4e38a59
274 changed files with 2041 additions and 1350 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
prowler/providers/aws/lib/service/__init__.py Normal file
View File

55
prowler/providers/aws/lib/service/service.py Normal file
View File

@@ -0,0 +1,55 @@
import threading
from prowler.providers.aws.aws_provider import (
generate_regional_clients,
get_default_region,
)
class AWSService:
"""The AWSService class offers a parent class for each AWS Service to generate:
- AWS Regional Clients
- Shared information like the account ID and ARN, the the AWS partition and the checks audited
- AWS Session
- Also handles if the AWS Service is Global
"""
def __init__(self, service, audit_info, global_service=False):
# Audit Information
self.audit_info = audit_info
self.audited_account = audit_info.audited_account
self.audited_account_arn = audit_info.audited_account_arn
self.audited_partition = audit_info.audited_partition
self.audit_resources = audit_info.audit_resources
self.audited_checks = audit_info.audit_metadata.expected_checks
# AWS Session
self.session = audit_info.audit_session
# We receive the service using __class__.__name__ or the service name in lowercase
# e.g.: AccessAnalyzer --> we need a lowercase string, so service.lower()
self.service = service.lower() if not service.islower() else service
# Generate Regional Clients
if not global_service:
self.regional_clients = generate_regional_clients(
self.service, audit_info, global_service
)
# Get a single region and client if the service needs it (e.g. AWS Global Service)
# We cannot include this within an else because some services needs both the regional_clients
# and a single client like S3
self.region = get_default_region(self.service, audit_info)
self.client = self.session.client(self.service, self.region)
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()

24
prowler/providers/aws/services/accessanalyzer/accessanalyzer_service.py
View File

@@ -1,4 +1,3 @@
import threading
from typing import Optional
from botocore.exceptions import ClientError
@@ -6,34 +5,19 @@ from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
from prowler.providers.aws.lib.service.service import AWSService
################## AccessAnalyzer
class AccessAnalyzer:
class AccessAnalyzer(AWSService):
def __init__(self, audit_info):
self.service = "accessanalyzer"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info)
self.analyzers = []
self.__threading_call__(self.__list_analyzers__)
self.__list_findings__()
self.__get_finding_status__()
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __list_analyzers__(self, regional_client):
logger.info("AccessAnalyzer - Listing Analyzers...")
try:

23
prowler/providers/aws/services/account/account_service.py
View File

@@ -1,22 +1,11 @@
from prowler.providers.aws.aws_provider import (
generate_regional_clients,
get_default_region,
)
################## Account
class Account:
def __init__(self, audit_info):
self.service = "account"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audited_partition = audit_info.audited_partition
self.audited_account_arn = audit_info.audited_account_arn
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.region = get_default_region(self.service, audit_info)
from prowler.providers.aws.lib.service.service import AWSService
def __get_session__(self):
return self.session
class Account(AWSService):
def __init__(self, audit_info):
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info)
### This service don't need boto3 calls

24
prowler/providers/aws/services/acm/acm_service.py
View File

@@ -1,4 +1,3 @@
import threading
from datetime import datetime
from typing import Optional
@@ -6,34 +5,19 @@ from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
from prowler.providers.aws.lib.service.service import AWSService
################## ACM
class ACM:
class ACM(AWSService):
def __init__(self, audit_info):
self.service = "acm"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info)
self.certificates = []
self.__threading_call__(self.__list_certificates__)
self.__describe_certificates__()
self.__list_tags_for_certificate__()
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __list_certificates__(self, regional_client):
logger.info("ACM - Listing Certificates...")
try:

25
prowler/providers/aws/services/apigateway/apigateway_service.py
View File

@@ -1,40 +1,23 @@
import threading
from typing import Optional
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
from prowler.providers.aws.lib.service.service import AWSService
################## APIGateway
class APIGateway:
class APIGateway(AWSService):
def __init__(self, audit_info):
self.service = "apigateway"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.audited_partition = audit_info.audited_partition
self.regional_clients = generate_regional_clients(self.service, audit_info)
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info)
self.rest_apis = []
self.__threading_call__(self.__get_rest_apis__)
self.__get_authorizers__()
self.__get_rest_api__()
self.__get_stages__()
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __get_rest_apis__(self, regional_client):
logger.info("APIGateway - Getting Rest APIs...")
try:

25
prowler/providers/aws/services/apigatewayv2/apigatewayv2_service.py
View File

@@ -1,39 +1,22 @@
import threading
from typing import Optional
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
from prowler.providers.aws.lib.service.service import AWSService
################## ApiGatewayV2
class ApiGatewayV2:
class ApiGatewayV2(AWSService):
def __init__(self, audit_info):
self.service = "apigatewayv2"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audited_partition = audit_info.audited_partition
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info)
self.apis = []
self.__threading_call__(self.__get_apis__)
self.__get_authorizers__()
self.__get_stages__()
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __get_apis__(self, regional_client):
logger.info("APIGatewayv2 - Getting APIs...")
try:

24
prowler/providers/aws/services/appstream/appstream_service.py
View File

@@ -1,37 +1,21 @@
import threading
from typing import Optional
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
from prowler.providers.aws.lib.service.service import AWSService
################## AppStream
class AppStream:
class AppStream(AWSService):
def __init__(self, audit_info):
self.service = "appstream"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info)
self.fleets = []
self.__threading_call__(self.__describe_fleets__)
self.__list_tags_for_resource__()
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __describe_fleets__(self, regional_client):
logger.info("AppStream - Describing Fleets...")
try:

25
prowler/providers/aws/services/autoscaling/autoscaling_service.py
View File

@@ -1,37 +1,20 @@
import threading
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
from prowler.providers.aws.lib.service.service import AWSService
################## AutoScaling
class AutoScaling:
class AutoScaling(AWSService):
def __init__(self, audit_info):
self.service = "autoscaling"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info)
self.launch_configurations = []
self.__threading_call__(self.__describe_launch_configurations__)
self.groups = []
self.__threading_call__(self.__describe_auto_scaling_groups__)
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __describe_launch_configurations__(self, regional_client):
logger.info("AutoScaling - Describing Launch Configurations...")
try:

24
prowler/providers/aws/services/awslambda/awslambda_service.py
View File

@@ -1,6 +1,5 @@
import io
import json
import threading
import zipfile
from enum import Enum
from typing import Any, Optional
@@ -11,17 +10,14 @@ from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
from prowler.providers.aws.lib.service.service import AWSService
################## Lambda
class Lambda:
class Lambda(AWSService):
def __init__(self, audit_info):
self.service = "lambda"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info)
self.functions = {}
self.__threading_call__(self.__list_functions__)
self.__list_tags_for_resource__()
@@ -37,18 +33,6 @@ class Lambda:
self.__threading_call__(self.__get_policy__)
self.__threading_call__(self.__get_function_url_config__)
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __list_functions__(self, regional_client):
logger.info("Lambda - Listing Functions...")
try:

27
prowler/providers/aws/services/backup/backup_service.py
View File

@@ -1,4 +1,3 @@
import threading
from datetime import datetime
from typing import Optional
@@ -6,23 +5,14 @@ from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import (
generate_regional_clients,
get_default_region,
)
from prowler.providers.aws.lib.service.service import AWSService
################## Backup
class Backup:
class Backup(AWSService):
def __init__(self, audit_info):
self.service = "backup"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audited_partition = audit_info.audited_partition
self.audited_account_arn = audit_info.audited_account_arn
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.region = get_default_region(self.service, audit_info)
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info)
self.backup_vaults = []
self.__threading_call__(self.__list_backup_vaults__)
self.backup_plans = []
@@ -30,15 +20,6 @@ class Backup:
self.backup_report_plans = []
self.__threading_call__(self.__list_backup_report_plans__)
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __list_backup_vaults__(self, regional_client):
logger.info("Backup - Listing Backup Vaults...")
try:

24
prowler/providers/aws/services/cloudformation/cloudformation_service.py
View File

@@ -1,4 +1,3 @@
import threading
from typing import Optional
from botocore.client import ClientError
@@ -6,33 +5,18 @@ from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
from prowler.providers.aws.lib.service.service import AWSService
################## CloudFormation
class CloudFormation:
class CloudFormation(AWSService):
def __init__(self, audit_info):
self.service = "cloudformation"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info)
self.stacks = []
self.__threading_call__(self.__describe_stacks__)
self.__describe_stack__()
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __describe_stacks__(self, regional_client):
"""Get ALL CloudFormation Stacks"""
logger.info("CloudFormation - Describing Stacks...")

29
prowler/providers/aws/services/cloudfront/cloudfront_service.py
View File

@@ -5,33 +5,18 @@ from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
from prowler.providers.aws.lib.service.service import AWSService
################## CloudFront
class CloudFront:
class CloudFront(AWSService):
def __init__(self, audit_info):
self.service = "cloudfront"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
global_client = generate_regional_clients(
self.service, audit_info, global_service=True
)
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info, global_service=True)
self.distributions = {}
if global_client:
self.client = list(global_client.values())[0]
self.region = self.client.region
self.__list_distributions__(self.client, self.region)
self.__get_distribution_config__(
self.client, self.distributions, self.region
)
self.__list_tags_for_resource__(
self.client, self.distributions, self.region
)
def __get_session__(self):
return self.session
self.__list_distributions__(self.client, self.region)
self.__get_distribution_config__(self.client, self.distributions, self.region)
self.__list_tags_for_resource__(self.client, self.distributions, self.region)
def __list_distributions__(self, client, region) -> dict:
logger.info("CloudFront - Listing Distributions...")

30
prowler/providers/aws/services/cloudtrail/cloudtrail_service.py
View File

@@ -1,4 +1,3 @@
import threading
from datetime import datetime
from typing import Optional
@@ -7,23 +6,14 @@ from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import (
generate_regional_clients,
get_default_region,
)
from prowler.providers.aws.lib.service.service import AWSService
################### CLOUDTRAIL
class Cloudtrail:
class Cloudtrail(AWSService):
def __init__(self, audit_info):
self.service = "cloudtrail"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audited_partition = audit_info.audited_partition
self.audited_account_arn = audit_info.audited_account_arn
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.region = get_default_region(self.service, audit_info)
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info)
self.trails = []
self.__threading_call__(self.__get_trails__)
self.__get_trail_status__()
@@ -31,18 +21,6 @@ class Cloudtrail:
self.__get_event_selectors__()
self.__list_tags_for_resource__()
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __get_trails__(self, regional_client):
logger.info("Cloudtrail - Getting trails...")
try:

4
prowler/providers/aws/services/cloudwatch/cloudwatch_cross_account_sharing_disabled/cloudwatch_cross_account_sharing_disabled.py
View File

@@ -8,8 +8,8 @@ class cloudwatch_cross_account_sharing_disabled(Check):
report = Check_Report_AWS(self.metadata())
report.status = "PASS"
report.status_extended = "CloudWatch doesn't allow cross-account sharing"
report.resource_arn = iam_client.account_arn
report.resource_id = iam_client.account
report.resource_arn = iam_client.audited_account_arn
report.resource_id = iam_client.audited_account
report.region = iam_client.region
for role in iam_client.roles:
if role.name == "CloudWatch-CrossAccountSharingRole":

52
prowler/providers/aws/services/cloudwatch/cloudwatch_service.py
View File

@@ -1,4 +1,3 @@
import threading
from datetime import datetime, timezone
from typing import Optional
@@ -7,39 +6,18 @@ from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
from prowler.providers.aws.lib.service.service import AWSService
################## CloudWatch
class CloudWatch:
class CloudWatch(AWSService):
def __init__(self, audit_info):
self.service = "cloudwatch"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.audited_partition = audit_info.audited_partition
self.region = list(
generate_regional_clients(
self.service, audit_info, global_service=True
).keys()
)[0]
self.regional_clients = generate_regional_clients(self.service, audit_info)
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info)
self.metric_alarms = []
self.__threading_call__(self.__describe_alarms__)
self.__list_tags_for_resource__()
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __describe_alarms__(self, regional_client):
logger.info("CloudWatch - Describing alarms...")
try:
@@ -85,14 +63,10 @@ class CloudWatch:
################## CloudWatch Logs
class Logs:
class Logs(AWSService):
def __init__(self, audit_info):
self.service = "logs"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audited_partition = audit_info.audited_partition
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info)
self.metric_filters = []
self.log_groups = []
self.__threading_call__(self.__describe_metric_filters__)
@@ -107,18 +81,6 @@ class Logs:
self.__threading_call__(self.__get_log_events__)
self.__list_tags_for_resource__()
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __describe_metric_filters__(self, regional_client):
logger.info("CloudWatch Logs - Describing metric filters...")
try:

24
prowler/providers/aws/services/codeartifact/codeartifact_service.py
View File

@@ -1,4 +1,3 @@
import threading
from enum import Enum
from typing import Optional
@@ -7,35 +6,20 @@ from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
from prowler.providers.aws.lib.service.service import AWSService
################## CodeArtifact
class CodeArtifact:
class CodeArtifact(AWSService):
def __init__(self, audit_info):
self.service = "codeartifact"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info)
# repositories is a dictionary containing all the codeartifact service information
self.repositories = {}
self.__threading_call__(self.__list_repositories__)
self.__threading_call__(self.__list_packages__)
self.__list_tags_for_resource__()
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __list_repositories__(self, regional_client):
logger.info("CodeArtifact - Listing Repositories...")
try:

25
prowler/providers/aws/services/codebuild/codebuild_service.py
View File

@@ -1,38 +1,21 @@
import datetime
import threading
from dataclasses import dataclass
from typing import Optional
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
from prowler.providers.aws.lib.service.service import AWSService
################### Codebuild
class Codebuild:
class Codebuild(AWSService):
def __init__(self, audit_info):
self.service = "codebuild"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audited_partition = audit_info.audited_partition
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info)
self.projects = []
self.__threading_call__(self.__list_projects__)
self.__list_builds_for_project__()
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __list_projects__(self, regional_client):
logger.info("Codebuild - listing projects")
try:

26
prowler/providers/aws/services/config/config_service.py
View File

@@ -1,38 +1,20 @@
import threading
from typing import Optional
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
from prowler.providers.aws.lib.service.service import AWSService
################## Config
class Config:
class Config(AWSService):
def __init__(self, audit_info):
self.service = "config"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audited_partition = audit_info.audited_partition
self.audited_account_arn = audit_info.audited_account_arn
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info)
self.recorders = []
self.__threading_call__(self.__describe_configuration_recorder_status__)
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __describe_configuration_recorder_status__(self, regional_client):
logger.info("Config - Listing Recorders...")
try:

24
prowler/providers/aws/services/directoryservice/directoryservice_service.py
View File

@@ -1,4 +1,3 @@
import threading
from datetime import datetime
from enum import Enum
from typing import Optional, Union
@@ -8,17 +7,14 @@ from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
from prowler.providers.aws.lib.service.service import AWSService
################## DirectoryService
class DirectoryService:
class DirectoryService(AWSService):
def __init__(self, audit_info):
self.service = "ds"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
# Call AWSService's __init__
super().__init__("ds", audit_info)
self.directories = {}
self.__threading_call__(self.__describe_directories__)
self.__threading_call__(self.__list_log_subscriptions__)
@@ -27,18 +23,6 @@ class DirectoryService:
self.__threading_call__(self.__get_snapshot_limits__)
self.__list_tags_for_resource__()
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __describe_directories__(self, regional_client):
logger.info("DirectoryService - Describing Directories...")
try:

34
prowler/providers/aws/services/drs/drs_service.py
View File

@@ -1,43 +1,19 @@
import threading
from botocore.client import ClientError
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import (
generate_regional_clients,
get_default_region,
)
from prowler.providers.aws.lib.service.service import AWSService
################## DRS (Elastic Disaster Recovery Service)
class DRS:
class DRS(AWSService):
def __init__(self, audit_info):
self.service = "drs"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audited_partition = audit_info.audited_partition
self.audited_account_arn = audit_info.audited_account_arn
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.region = get_default_region(self.service, audit_info)
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info)
self.drs_services = []
self.__threading_call__(self.__describe_jobs__)
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __describe_jobs__(self, regional_client):
logger.info("DRS - Describe Jobs...")
try:

46
prowler/providers/aws/services/dynamodb/dynamodb_service.py
View File

@@ -1,4 +1,3 @@
import threading
from typing import Optional
from botocore.client import ClientError
@@ -6,36 +5,20 @@ from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
from prowler.providers.aws.lib.service.service import AWSService
################## DynamoDB
class DynamoDB:
class DynamoDB(AWSService):
def __init__(self, audit_info):
self.service = "dynamodb"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.audited_partition = audit_info.audited_partition
self.regional_clients = generate_regional_clients(self.service, audit_info)
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info)
self.tables = []
self.__threading_call__(self.__list_tables__)
self.__describe_table__()
self.__describe_continuous_backups__()
self.__list_tags_for_resource__()
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __list_tables__(self, regional_client):
logger.info("DynamoDB - Listing tables...")
try:
@@ -126,29 +109,14 @@ class DynamoDB:
################## DynamoDB DAX
class DAX:
class DAX(AWSService):
def __init__(self, audit_info):
self.service = "dax"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info)
self.clusters = []
self.__threading_call__(self.__describe_clusters__)
self.__list_tags_for_resource__()
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __describe_clusters__(self, regional_client):
logger.info("DynamoDB DAX - Describing clusters...")
try:

27
prowler/providers/aws/services/ec2/ec2_service.py
View File

@@ -1,4 +1,3 @@
import threading
from datetime import datetime
from typing import Optional
@@ -7,21 +6,15 @@ from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
from prowler.providers.aws.lib.service.service import AWSService
from prowler.providers.aws.services.ec2.lib.security_groups import check_security_group
################## EC2
class EC2:
class EC2(AWSService):
def __init__(self, audit_info):
self.service = "ec2"
self.session = audit_info.audit_session
self.audited_partition = audit_info.audited_partition
self.audited_account = audit_info.audited_account
self.audited_account_arn = audit_info.audited_account_arn
self.audit_resources = audit_info.audit_resources
self.audited_checks = audit_info.audit_metadata.expected_checks
self.regional_clients = generate_regional_clients(self.service, audit_info)
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info)
self.instances = []
self.__threading_call__(self.__describe_instances__)
self.__get_instance_user_data__()
@@ -44,18 +37,6 @@ class EC2:
self.elastic_ips = []
self.__threading_call__(self.__describe_addresses__)
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __describe_instances__(self, regional_client):
logger.info("EC2 - Describing EC2 Instances...")
try:

23
prowler/providers/aws/services/ecr/ecr_service.py
View File

@@ -1,4 +1,3 @@
import threading
from datetime import datetime
from json import loads
from typing import Optional
@@ -8,16 +7,14 @@ from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
from prowler.providers.aws.lib.service.service import AWSService
################################ ECR
class ECR:
class ECR(AWSService):
def __init__(self, audit_info):
self.service = "ecr"
self.session = audit_info.audit_session
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info)
self.registry_id = audit_info.audited_account
self.registries = {}
self.__threading_call__(self.__describe_registries_and_repositories__)
@@ -27,18 +24,6 @@ class ECR:
self.__threading_call__(self.__get_registry_scanning_configuration__)
self.__threading_call__(self.__list_tags_for_resource__)
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __describe_registries_and_repositories__(self, regional_client):
logger.info("ECR - Describing registries and repositories...")
regional_registry_repositories = []

23
prowler/providers/aws/services/ecs/ecs_service.py
View File

@@ -1,4 +1,3 @@
import threading
from re import sub
from typing import Optional
@@ -6,32 +5,18 @@ from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
from prowler.providers.aws.lib.service.service import AWSService
################################ ECS
class ECS:
class ECS(AWSService):
def __init__(self, audit_info):
self.service = "ecs"
self.session = audit_info.audit_session
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info)
self.task_definitions = []
self.__threading_call__(self.__list_task_definitions__)
self.__describe_task_definition__()
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __list_task_definitions__(self, regional_client):
logger.info("ECS - Listing Task Definitions...")
try:

25
prowler/providers/aws/services/efs/efs_service.py
View File

@@ -1,5 +1,4 @@
import json
import threading
from typing import Optional
from botocore.client import ClientError
@@ -7,34 +6,18 @@ from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
from prowler.providers.aws.lib.service.service import AWSService
################### EFS
class EFS:
class EFS(AWSService):
def __init__(self, audit_info):
self.service = "efs"
self.session = audit_info.audit_session
self.audit_resources = audit_info.audit_resources
self.audited_account = audit_info.audited_account
self.audited_partition = audit_info.audited_partition
self.regional_clients = generate_regional_clients(self.service, audit_info)
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info)
self.filesystems = []
self.__threading_call__(self.__describe_file_systems__)
self.__describe_file_system_policies__()
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __describe_file_systems__(self, regional_client):
logger.info("EFS - Describing file systems...")
try:

23
prowler/providers/aws/services/eks/eks_service.py
View File

@@ -1,4 +1,3 @@
import threading
from typing import Optional
from pydantic import BaseModel
@@ -6,33 +5,19 @@ from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
from prowler.providers.aws.lib.service.service import AWSService
################################ EKS
class EKS:
class EKS(AWSService):
def __init__(self, audit_info):
self.service = "eks"
self.session = audit_info.audit_session
self.audit_resources = audit_info.audit_resources
self.audited_partition = audit_info.audited_partition
self.audited_account = audit_info.audited_account
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info)
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.clusters = []
self.__threading_call__(self.__list_clusters__)
self.__describe_cluster__(self.regional_clients)
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __list_clusters__(self, regional_client):
logger.info("EKS listing clusters...")
try:

25
prowler/providers/aws/services/elb/elb_service.py
View File

@@ -1,39 +1,22 @@
import threading
from typing import Optional
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
from prowler.providers.aws.lib.service.service import AWSService
################### ELB
class ELB:
class ELB(AWSService):
def __init__(self, audit_info):
self.service = "elb"
self.session = audit_info.audit_session
self.audited_partition = audit_info.audited_partition
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info)
self.loadbalancers = []
self.__threading_call__(self.__describe_load_balancers__)
self.__threading_call__(self.__describe_load_balancer_attributes__)
self.__describe_tags__()
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __describe_load_balancers__(self, regional_client):
logger.info("ELB - Describing load balancers...")
try:

23
prowler/providers/aws/services/elbv2/elbv2_service.py
View File

@@ -1,4 +1,3 @@
import threading
from typing import Optional
from botocore.client import ClientError
@@ -6,16 +5,14 @@ from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
from prowler.providers.aws.lib.service.service import AWSService
################### ELBv2
class ELBv2:
class ELBv2(AWSService):
def __init__(self, audit_info):
self.service = "elbv2"
self.session = audit_info.audit_session
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info)
self.loadbalancersv2 = []
self.__threading_call__(self.__describe_load_balancers__)
self.listeners = []
@@ -24,18 +21,6 @@ class ELBv2:
self.__threading_call__(self.__describe_rules__)
self.__describe_tags__()
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __describe_load_balancers__(self, regional_client):
logger.info("ELBv2 - Describing load balancers...")
try:

26
prowler/providers/aws/services/emr/emr_service.py
View File

@@ -1,4 +1,3 @@
import threading
from enum import Enum
from typing import Optional
@@ -7,37 +6,20 @@ from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
from prowler.providers.aws.lib.service.service import AWSService
################## EMR
class EMR:
class EMR(AWSService):
def __init__(self, audit_info):
self.service = "emr"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audited_partition = audit_info.audited_partition
self.audited_account_arn = audit_info.audited_account_arn
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info)
self.clusters = {}
self.block_public_access_configuration = {}
self.__threading_call__(self.__list_clusters__)
self.__threading_call__(self.__describe_cluster__)
self.__threading_call__(self.__get_block_public_access_configuration__)
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __list_clusters__(self, regional_client):
logger.info("EMR - Listing Clusters...")
try:

19
prowler/providers/aws/services/fms/fms_service.py
View File

@@ -3,23 +3,16 @@ from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
from prowler.providers.aws.lib.service.service import AWSService
# from prowler.providers.aws.aws_provider import generate_regional_clients
################## FMS
class FMS:
class FMS(AWSService):
def __init__(self, audit_info):
self.service = "fms"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audited_partition = audit_info.audited_partition
self.audited_account_arn = audit_info.audited_account_arn
self.audit_resources = audit_info.audit_resources
global_client = generate_regional_clients(
self.service, audit_info, global_service=True
)
self.client = list(global_client.values())[0]
self.region = self.client.region
# # Call AWSService's __init__
super().__init__(__class__.__name__, audit_info, global_service=True)
self.fms_admin_account = True
self.fms_policies = []
self.__list_policies__()

24
prowler/providers/aws/services/glacier/glacier_service.py
View File

@@ -1,5 +1,4 @@
import json
import threading
from typing import Optional
from botocore.client import ClientError
@@ -7,34 +6,19 @@ from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
from prowler.providers.aws.lib.service.service import AWSService
################## Glacier
class Glacier:
class Glacier(AWSService):
def __init__(self, audit_info):
self.service = "glacier"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info)
self.vaults = {}
self.__threading_call__(self.__list_vaults__)
self.__threading_call__(self.__get_vault_access_policy__)
self.__list_tags_for_vault__()
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __list_vaults__(self, regional_client):
logger.info("Glacier - Listing Vaults...")
try:

12
prowler/providers/aws/services/globalaccelerator/globalaccelerator_service.py
View File

@@ -2,15 +2,14 @@ from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.lib.service.service import AWSService
################### GlobalAccelerator
class GlobalAccelerator:
class GlobalAccelerator(AWSService):
def __init__(self, audit_info):
self.service = "globalaccelerator"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info)
self.accelerators = {}
if audit_info.audited_partition == "aws":
# Global Accelerator is a global service that supports endpoints in multiple AWS Regions
@@ -20,9 +19,6 @@ class GlobalAccelerator:
self.client = self.session.client(self.service, self.region)
self.__list_accelerators__()
def __get_session__(self):
return self.session
def __list_accelerators__(self):
logger.info("GlobalAccelerator - Listing Accelerators...")
try:

26
prowler/providers/aws/services/glue/glue_service.py
View File

@@ -1,23 +1,17 @@
import threading
from typing import Optional
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
from prowler.providers.aws.lib.service.service import AWSService
################## Glue
class Glue:
class Glue(AWSService):
def __init__(self, audit_info):
self.service = "glue"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.audited_partition = audit_info.audited_partition
self.audited_account_arn = audit_info.audited_account_arn
self.regional_clients = generate_regional_clients(self.service, audit_info)
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info)
self.connections = []
self.__threading_call__(self.__get_connections__)
self.tables = []
@@ -31,18 +25,6 @@ class Glue:
self.jobs = []
self.__threading_call__(self.__get_jobs__)
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __get_connections__(self, regional_client):
logger.info("Glue - Getting connections...")
try:

25
prowler/providers/aws/services/guardduty/guardduty_service.py
View File

@@ -1,22 +1,17 @@
import threading
from typing import Optional
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
from prowler.providers.aws.lib.service.service import AWSService
################################ GuardDuty
class GuardDuty:
class GuardDuty(AWSService):
def __init__(self, audit_info):
self.service = "guardduty"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.audited_partition = audit_info.audited_partition
self.regional_clients = generate_regional_clients(self.service, audit_info)
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info)
self.detectors = []
self.__threading_call__(self.__list_detectors__)
self.__get_detector__()
@@ -25,18 +20,6 @@ class GuardDuty:
self.__get_administrator_account__()
self.__list_tags_for_resource__()
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __list_detectors__(self, regional_client):
logger.info("GuardDuty - listing detectors...")
try:

4
prowler/providers/aws/services/iam/iam_password_policy_expires_passwords_within_90_days_or_less/iam_password_policy_expires_passwords_within_90_days_or_less.py
View File

@@ -7,8 +7,8 @@ class iam_password_policy_expires_passwords_within_90_days_or_less(Check):
findings = []
report = Check_Report_AWS(self.metadata())
report.region = iam_client.region
report.resource_arn = iam_client.account_arn
report.resource_id = iam_client.account
report.resource_arn = iam_client.audited_account_arn
report.resource_id = iam_client.audited_account
# Check if password policy exists
if iam_client.password_policy:
# Check if password policy expiration exists

4
prowler/providers/aws/services/iam/iam_password_policy_lowercase/iam_password_policy_lowercase.py
View File

@@ -7,8 +7,8 @@ class iam_password_policy_lowercase(Check):
findings = []
report = Check_Report_AWS(self.metadata())
report.region = iam_client.region
report.resource_arn = iam_client.account_arn
report.resource_id = iam_client.account
report.resource_arn = iam_client.audited_account_arn
report.resource_id = iam_client.audited_account
# Check if password policy exists
if iam_client.password_policy:
# Check if lowercase flag is set

4
prowler/providers/aws/services/iam/iam_password_policy_minimum_length_14/iam_password_policy_minimum_length_14.py
View File

@@ -7,8 +7,8 @@ class iam_password_policy_minimum_length_14(Check):
findings = []
report = Check_Report_AWS(self.metadata())
report.region = iam_client.region
report.resource_arn = iam_client.account_arn
report.resource_id = iam_client.account
report.resource_arn = iam_client.audited_account_arn
report.resource_id = iam_client.audited_account
# Check if password policy exists
if iam_client.password_policy:
# Check password policy length

4
prowler/providers/aws/services/iam/iam_password_policy_number/iam_password_policy_number.py
View File

@@ -7,8 +7,8 @@ class iam_password_policy_number(Check):
findings = []
report = Check_Report_AWS(self.metadata())
report.region = iam_client.region
report.resource_arn = iam_client.account_arn
report.resource_id = iam_client.account
report.resource_arn = iam_client.audited_account_arn
report.resource_id = iam_client.audited_account
# Check if password policy exists
if iam_client.password_policy:
# Check if number flag is set

4
prowler/providers/aws/services/iam/iam_password_policy_reuse_24/iam_password_policy_reuse_24.py
View File

@@ -7,8 +7,8 @@ class iam_password_policy_reuse_24(Check):
findings = []
report = Check_Report_AWS(self.metadata())
report.region = iam_client.region
report.resource_arn = iam_client.account_arn
report.resource_id = iam_client.account
report.resource_arn = iam_client.audited_account_arn
report.resource_id = iam_client.audited_account
# Check if password policy exists
if iam_client.password_policy:
# Check if reuse prevention flag is set

4
prowler/providers/aws/services/iam/iam_password_policy_symbol/iam_password_policy_symbol.py
View File

@@ -7,8 +7,8 @@ class iam_password_policy_symbol(Check):
findings = []
report = Check_Report_AWS(self.metadata())
report.region = iam_client.region
report.resource_arn = iam_client.account_arn
report.resource_id = iam_client.account
report.resource_arn = iam_client.audited_account_arn
report.resource_id = iam_client.audited_account
# Check if password policy exists
if iam_client.password_policy:
# Check if symbol flag is set

4
prowler/providers/aws/services/iam/iam_password_policy_uppercase/iam_password_policy_uppercase.py
View File

@@ -7,8 +7,8 @@ class iam_password_policy_uppercase(Check):
findings = []
report = Check_Report_AWS(self.metadata())
report.region = iam_client.region
report.resource_arn = iam_client.account_arn
report.resource_id = iam_client.account
report.resource_arn = iam_client.audited_account_arn
report.resource_id = iam_client.audited_account
# Check if password policy exists
if iam_client.password_policy:
# Check if uppercase flag is set

9
prowler/providers/aws/services/iam/iam_role_cross_account_readonlyaccess_policy/iam_role_cross_account_readonlyaccess_policy.py
View File

@@ -34,7 +34,7 @@ class iam_role_cross_account_readonlyaccess_policy(Check):
"AWS"
]:
if (
iam_client.account
iam_client.audited_account
not in aws_account
or "*" == aws_account
):
@@ -42,7 +42,7 @@ class iam_role_cross_account_readonlyaccess_policy(Check):
break
else:
if (
iam_client.account
iam_client.audited_account
not in statement["Principal"]["AWS"]
or "*" == statement["Principal"]["AWS"]
):
@@ -58,14 +58,15 @@ class iam_role_cross_account_readonlyaccess_policy(Check):
if type(statement["Principal"]["AWS"]) == list:
for aws_account in statement["Principal"]["AWS"]:
if (
iam_client.account not in aws_account
iam_client.audited_account
not in aws_account
or "*" == aws_account
):
cross_account_access = True
break
else:
if (
iam_client.account
iam_client.audited_account
not in statement["Principal"]["AWS"]
or "*" == statement["Principal"]["AWS"]
):

8
prowler/providers/aws/services/iam/iam_role_cross_service_confused_deputy_prevention/iam_role_cross_service_confused_deputy_prevention.py
View File

@@ -32,7 +32,7 @@ class iam_role_cross_service_confused_deputy_prevention(Check):
"StringEquals" in statement["Condition"]
and "aws:SourceAccount"
in statement["Condition"]["StringEquals"]
and iam_client.account
and iam_client.audited_account
in str(
statement["Condition"]["StringEquals"][
"aws:SourceAccount"
@@ -43,7 +43,7 @@ class iam_role_cross_service_confused_deputy_prevention(Check):
"StringLike" in statement["Condition"]
and "aws:SourceAccount"
in statement["Condition"]["StringLike"]
and iam_client.account
and iam_client.audited_account
in str(
statement["Condition"]["StringLike"][
"aws:SourceAccount"
@@ -54,7 +54,7 @@ class iam_role_cross_service_confused_deputy_prevention(Check):
"ArnEquals" in statement["Condition"]
and "aws:SourceArn"
in statement["Condition"]["ArnEquals"]
and iam_client.account
and iam_client.audited_account
in str(
statement["Condition"]["ArnEquals"]["aws:SourceArn"]
)
@@ -62,7 +62,7 @@ class iam_role_cross_service_confused_deputy_prevention(Check):
or (
"ArnLike" in statement["Condition"]
and "aws:SourceArn" in statement["Condition"]["ArnLike"]
and iam_client.account
and iam_client.audited_account
in str(
statement["Condition"]["ArnLike"]["aws:SourceArn"]
)

4
prowler/providers/aws/services/iam/iam_root_hardware_mfa_enabled/iam_root_hardware_mfa_enabled.py
View File

@@ -6,13 +6,13 @@ class iam_root_hardware_mfa_enabled(Check):
def execute(self) -> Check_Report_AWS:
findings = []
# This check is only avaible in Commercial Partition
if iam_client.partition == "aws":
if iam_client.audited_partition == "aws":
if iam_client.account_summary:
virtual_mfa = False
report = Check_Report_AWS(self.metadata())
report.region = iam_client.region
report.resource_id = "<root_account>"
report.resource_arn = iam_client.account_arn
report.resource_arn = iam_client.audited_account_arn
if iam_client.account_summary["SummaryMap"]["AccountMFAEnabled"] > 0:
virtual_mfas = iam_client.virtual_mfa_devices

21
prowler/providers/aws/services/iam/iam_service.py
View File

@@ -7,7 +7,7 @@ from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
from prowler.providers.aws.lib.service.service import AWSService
def is_service_role(role):
@@ -47,20 +47,10 @@ def is_service_role(role):
################## IAM
class IAM:
class IAM(AWSService):
def __init__(self, audit_info):
self.service = "iam"
self.session = audit_info.audit_session
self.account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.partition = audit_info.audited_partition
self.account_arn = audit_info.audited_account_arn
self.client = self.session.client(self.service)
global_client = generate_regional_clients(
self.service, audit_info, global_service=True
)
self.client = list(global_client.values())[0]
self.region = self.client.region
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info)
self.users = self.__get_users__()
self.roles = self.__get_roles__()
self.account_summary = self.__get_account_summary__()
@@ -96,9 +86,6 @@ class IAM:
def __get_client__(self):
return self.client
def __get_session__(self):
return self.session
def __get_roles__(self):
logger.info("IAM - List Roles...")
try:

31
prowler/providers/aws/services/inspector2/inspector2_service.py
View File

@@ -1,42 +1,19 @@
import threading
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import (
generate_regional_clients,
get_default_region,
)
from prowler.providers.aws.lib.service.service import AWSService
################################ Inspector2
class Inspector2:
class Inspector2(AWSService):
def __init__(self, audit_info):
self.service = "inspector2"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audited_partition = audit_info.audited_partition
self.audited_account_arn = audit_info.audited_account_arn
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.region = get_default_region(self.service, audit_info)
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info)
self.inspectors = []
self.__threading_call__(self.__batch_get_account_status__)
self.__list_findings__()
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __batch_get_account_status__(self, regional_client):
# We use this function to check if inspector2 is enabled
logger.info("Inspector2 - batch_get_account_status...")

24
prowler/providers/aws/services/kms/kms_service.py
View File

@@ -1,22 +1,18 @@
import json
import threading
from typing import Optional
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
from prowler.providers.aws.lib.service.service import AWSService
################## KMS
class KMS:
class KMS(AWSService):
def __init__(self, audit_info):
self.service = "kms"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info)
self.keys = []
self.__threading_call__(self.__list_keys__)
if self.keys:
@@ -25,18 +21,6 @@ class KMS:
self.__get_key_policy__()
self.__list_resource_tags__()
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __list_keys__(self, regional_client):
logger.info("KMS - Listing Keys...")
try:

26
prowler/providers/aws/services/macie/macie_service.py
View File

@@ -1,35 +1,17 @@
import threading
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.providers.aws.aws_provider import generate_regional_clients
from prowler.providers.aws.lib.service.service import AWSService
################## Macie
class Macie:
class Macie(AWSService):
def __init__(self, audit_info):
self.service = "macie2"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audited_partition = audit_info.audited_partition
self.audited_account_arn = audit_info.audited_account_arn
self.regional_clients = generate_regional_clients(self.service, audit_info)
# Call AWSService's __init__
super().__init__("macie2", audit_info)
self.sessions = []
self.__threading_call__(self.__get_macie_session__)
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __get_macie_session__(self, regional_client):
logger.info("Macie - Get Macie Session...")
try:

30
prowler/providers/aws/services/networkfirewall/networkfirewall_service.py
View File

@@ -1,41 +1,19 @@
import threading
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import (
generate_regional_clients,
get_default_region,
)
from prowler.providers.aws.lib.service.service import AWSService
################## NetworkFirewall
class NetworkFirewall:
class NetworkFirewall(AWSService):
def __init__(self, audit_info):
self.service = "network-firewall"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audited_partition = audit_info.audited_partition
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.region = get_default_region(self.service, audit_info)
# Call AWSService's __init__
super().__init__("network-firewall", audit_info)
self.network_firewalls = []
self.__threading_call__(self.__list_firewalls__)
self.__describe_firewall__()
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __list_firewalls__(self, regional_client):
logger.info("Network Firewall - Listing Network Firewalls...")
try:

25
prowler/providers/aws/services/opensearch/opensearch_service.py
View File

@@ -1,4 +1,3 @@
import threading
from json import JSONDecodeError, loads
from typing import Optional
@@ -6,36 +5,20 @@ from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
from prowler.providers.aws.lib.service.service import AWSService
################################ OpenSearch
class OpenSearchService:
class OpenSearchService(AWSService):
def __init__(self, audit_info):
self.service = "opensearch"
self.session = audit_info.audit_session
self.audit_resources = audit_info.audit_resources
self.audited_partition = audit_info.audited_partition
self.audited_account = audit_info.audited_account
self.regional_clients = generate_regional_clients(self.service, audit_info)
# Call AWSService's __init__
super().__init__("opensearch", audit_info)
self.opensearch_domains = []
self.__threading_call__(self.__list_domain_names__)
self.__describe_domain_config__(self.regional_clients)
self.__describe_domain__(self.regional_clients)
self.__list_tags__()
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __list_domain_names__(self, regional_client):
logger.info("OpenSearch - listing domain names...")
try:

15
prowler/providers/aws/services/organizations/organizations_service.py
View File

@@ -6,7 +6,7 @@ from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
from prowler.providers.aws.lib.service.service import AWSService
available_organizations_policies = [
"SERVICE_CONTROL_POLICY",
@@ -17,17 +17,10 @@ available_organizations_policies = [
################## Organizations
class Organizations:
class Organizations(AWSService):
def __init__(self, audit_info):
self.service = "organizations"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
global_client = generate_regional_clients(
self.service, audit_info, global_service=True
)
self.client = list(global_client.values())[0]
self.region = self.client.region
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info)
self.organizations = []
self.policies = []
self.delegated_administrators = []

25
prowler/providers/aws/services/rds/rds_service.py
View File

@@ -1,4 +1,3 @@
import threading
from typing import Optional
from botocore.client import ClientError
@@ -6,18 +5,14 @@ from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
from prowler.providers.aws.lib.service.service import AWSService
################## RDS
class RDS:
class RDS(AWSService):
def __init__(self, audit_info):
self.service = "rds"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audited_partition = audit_info.audited_partition
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info)
self.db_instances = []
self.db_clusters = {}
self.db_snapshots = []
@@ -32,18 +27,6 @@ class RDS:
self.__threading_call__(self.__describe_db_cluster_snapshot_attributes__)
self.__threading_call__(self.__describe_db_engine_versions__)
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __describe_db_instances__(self, regional_client):
logger.info("RDS - Describe Instances...")
try:

25
prowler/providers/aws/services/redshift/redshift_service.py
View File

@@ -1,39 +1,22 @@
import threading
from typing import Optional
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
from prowler.providers.aws.lib.service.service import AWSService
################################ Redshift
class Redshift:
class Redshift(AWSService):
def __init__(self, audit_info):
self.service = "redshift"
self.session = audit_info.audit_session
self.audit_resources = audit_info.audit_resources
self.audited_partition = audit_info.audited_partition
self.audited_account = audit_info.audited_account
self.regional_clients = generate_regional_clients(self.service, audit_info)
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info)
self.clusters = []
self.__threading_call__(self.__describe_clusters__)
self.__describe_logging_status__(self.regional_clients)
self.__describe_cluster_snapshots__(self.regional_clients)
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __describe_clusters__(self, regional_client):
logger.info("Redshift - describing clusters...")
try:

31
prowler/providers/aws/services/resourceexplorer2/resourceexplorer2_service.py
View File

@@ -1,41 +1,18 @@
import threading
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import (
generate_regional_clients,
get_default_region,
)
from prowler.providers.aws.lib.service.service import AWSService
################################ ResourceExplorer2
class ResourceExplorer2:
class ResourceExplorer2(AWSService):
def __init__(self, audit_info):
self.service = "resource-explorer-2"
self.session = audit_info.audit_session
self.audit_resources = audit_info.audit_resources
self.audited_account = audit_info.audited_account
self.audited_partition = audit_info.audited_partition
self.audited_account_arn = audit_info.audited_account_arn
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.region = get_default_region(self.service, audit_info)
# Call AWSService's __init__
super().__init__("resource-explorer-2", audit_info)
self.indexes = []
self.__threading_call__(self.__list_indexes__)
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __list_indexes__(self, regional_client):
logger.info("ResourceExplorer - list indexes...")
try:

37
prowler/providers/aws/services/route53/route53_service.py
View File

@@ -4,31 +4,20 @@ from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
from prowler.providers.aws.lib.service.service import AWSService
################## Route53
class Route53:
class Route53(AWSService):
def __init__(self, audit_info):
self.service = "route53"
self.session = audit_info.audit_session
self.audited_partition = audit_info.audited_partition
self.audit_resources = audit_info.audit_resources
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info, global_service=True)
self.hosted_zones = {}
self.record_sets = []
global_client = generate_regional_clients(
self.service, audit_info, global_service=True
)
if global_client:
self.client = list(global_client.values())[0]
self.region = self.client.region
self.__list_hosted_zones__()
self.__list_query_logging_configs__()
self.__list_tags_for_resource__()
self.__list_resource_record_sets__()
def __get_session__(self):
return self.session
self.__list_hosted_zones__()
self.__list_query_logging_configs__()
self.__list_tags_for_resource__()
self.__list_resource_record_sets__()
def __list_hosted_zones__(self):
logger.info("Route53 - Listing Hosting Zones...")
@@ -149,11 +138,10 @@ class RecordSet(BaseModel):
################## Route53Domains
class Route53Domains:
class Route53Domains(AWSService):
def __init__(self, audit_info):
self.service = "route53domains"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info)
self.domains = {}
if audit_info.audited_partition == "aws":
# Route53Domains is a global service that supports endpoints in multiple AWS Regions
@@ -164,9 +152,6 @@ class Route53Domains:
self.__get_domain_detail__()
self.__list_tags_for_domain__()
def __get_session__(self):
return self.session
def __list_domains__(self):
logger.info("Route53Domains - Listing Domains...")
try:

37
prowler/providers/aws/services/s3/s3_service.py
View File

@@ -7,20 +7,15 @@ from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
from prowler.providers.aws.lib.service.service import AWSService
################## S3
class S3:
class S3(AWSService):
def __init__(self, audit_info):
self.service = "s3"
self.session = audit_info.audit_session
self.client = self.session.client(self.service)
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.audited_partition = audit_info.audited_partition
self.audited_account_arn = audit_info.audited_account_arn
self.regional_clients = generate_regional_clients(self.service, audit_info)
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info)
self.buckets = self.__list_buckets__(audit_info)
self.__threading_call__(self.__get_bucket_versioning__)
self.__threading_call__(self.__get_bucket_logging__)
@@ -32,9 +27,7 @@ class S3:
self.__threading_call__(self.__get_object_lock_configuration__)
self.__threading_call__(self.__get_bucket_tagging__)
def __get_session__(self):
return self.session
# In the S3 service we override the "__threading_call__" method because we spawn a process per bucket instead of per region
def __threading_call__(self, call):
threads = []
for bucket in self.buckets:
@@ -345,21 +338,11 @@ class S3:
################## S3Control
class S3Control:
class S3Control(AWSService):
def __init__(self, audit_info):
self.service = "s3control"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
global_client = generate_regional_clients(
self.service, audit_info, global_service=True
)
if global_client:
self.client = list(global_client.values())[0]
self.region = self.client.region
self.account_public_access_block = self.__get_public_access_block__()
def __get_session__(self):
return self.session
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info, global_service=True)
self.account_public_access_block = self.__get_public_access_block__()
def __get_public_access_block__(self):
logger.info("S3 - Get account public access block...")

23
prowler/providers/aws/services/sagemaker/sagemaker_service.py
View File

@@ -1,4 +1,3 @@
import threading
from typing import Optional
from botocore.client import ClientError
@@ -6,16 +5,14 @@ from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
from prowler.providers.aws.lib.service.service import AWSService
################################ SageMaker
class SageMaker:
class SageMaker(AWSService):
def __init__(self, audit_info):
self.service = "sagemaker"
self.session = audit_info.audit_session
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info)
self.sagemaker_notebook_instances = []
self.sagemaker_models = []
self.sagemaker_training_jobs = []
@@ -27,18 +24,6 @@ class SageMaker:
self.__describe_training_job__(self.regional_clients)
self.__list_tags_for_resource__()
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __list_notebook_instances__(self, regional_client):
logger.info("SageMaker - listing notebook instances...")
try:

24
prowler/providers/aws/services/secretsmanager/secretsmanager_service.py
View File

@@ -1,36 +1,20 @@
import threading
from typing import Optional
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
from prowler.providers.aws.lib.service.service import AWSService
################## SecretsManager
class SecretsManager:
class SecretsManager(AWSService):
def __init__(self, audit_info):
self.service = "secretsmanager"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info)
self.secrets = {}
self.__threading_call__(self.__list_secrets__)
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __list_secrets__(self, regional_client):
logger.info("SecretsManager - Listing Secrets...")
try:

25
prowler/providers/aws/services/securityhub/securityhub_service.py
View File

@@ -1,36 +1,19 @@
import threading
from botocore.client import ClientError
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
from prowler.providers.aws.lib.service.service import AWSService
################## SecurityHub
class SecurityHub:
class SecurityHub(AWSService):
def __init__(self, audit_info):
self.service = "securityhub"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info)
self.securityhubs = []
self.__threading_call__(self.__describe_hub__)
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __describe_hub__(self, regional_client):
logger.info("SecurityHub - Describing Hub...")
try:

24
prowler/providers/aws/services/shield/shield_service.py
View File

@@ -1,29 +1,19 @@
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.providers.aws.aws_provider import generate_regional_clients
from prowler.providers.aws.lib.service.service import AWSService
################### Shield
class Shield:
class Shield(AWSService):
def __init__(self, audit_info):
self.service = "shield"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
global_client = generate_regional_clients(
self.service, audit_info, global_service=True
)
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info, global_service=True)
self.protections = {}
self.enabled = False
if global_client:
self.client = list(global_client.values())[0]
self.region = self.client.region
self.enabled = self.__get_subscription_state__()
if self.enabled:
self.__list_protections__()
def __get_session__(self):
return self.session
self.enabled = self.__get_subscription_state__()
if self.enabled:
self.__list_protections__()
def __get_subscription_state__(self):
logger.info("Shield - Getting Subscription State...")

23
prowler/providers/aws/services/sns/sns_service.py
View File

@@ -1,4 +1,3 @@
import threading
from json import loads
from typing import Optional
@@ -6,33 +5,19 @@ from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
from prowler.providers.aws.lib.service.service import AWSService
################################ SNS
class SNS:
class SNS(AWSService):
def __init__(self, audit_info):
self.service = "sns"
self.session = audit_info.audit_session
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info)
self.topics = []
self.__threading_call__(self.__list_topics__)
self.__get_topic_attributes__(self.regional_clients)
self.__list_tags_for_resource__()
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __list_topics__(self, regional_client):
logger.info("SNS - listing topics...")
try:

25
prowler/providers/aws/services/sqs/sqs_service.py
View File

@@ -1,4 +1,3 @@
import threading
from json import loads
from typing import Optional
@@ -6,35 +5,19 @@ from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
from prowler.providers.aws.lib.service.service import AWSService
################################ SQS
class SQS:
class SQS(AWSService):
def __init__(self, audit_info):
self.service = "sqs"
self.session = audit_info.audit_session
self.audit_resources = audit_info.audit_resources
self.audited_account = audit_info.audited_account
self.audited_partition = audit_info.audited_partition
self.regional_clients = generate_regional_clients(self.service, audit_info)
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info)
self.queues = []
self.__threading_call__(self.__list_queues__)
self.__get_queue_attributes__(self.regional_clients)
self.__list_queue_tags__()
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __list_queues__(self, regional_client):
logger.info("SQS - describing queues...")
try:

25
prowler/providers/aws/services/ssm/ssm_service.py
View File

@@ -1,5 +1,4 @@
import json
import threading
from enum import Enum
from typing import Optional
@@ -8,18 +7,14 @@ from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
from prowler.providers.aws.lib.service.service import AWSService
################## SSM
class SSM:
class SSM(AWSService):
def __init__(self, audit_info):
self.service = "ssm"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audited_partition = audit_info.audited_partition
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info)
self.documents = {}
self.compliance_resources = {}
self.managed_instances = {}
@@ -29,18 +24,6 @@ class SSM:
self.__threading_call__(self.__list_resource_compliance_summaries__)
self.__threading_call__(self.__describe_instance_information__)
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __list_documents__(self, regional_client):
logger.info("SSM - Listing Documents...")
try:

31
prowler/providers/aws/services/ssmincidents/ssmincidents_service.py
View File

@@ -1,14 +1,9 @@
import threading
from botocore.client import ClientError
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import (
generate_regional_clients,
get_default_region,
)
from prowler.providers.aws.lib.service.service import AWSService
# Note:
# This service is a bit special because it creates a resource (Replication Set) in one region, but you can list it in from any region using list_replication_sets
@@ -18,16 +13,10 @@ from prowler.providers.aws.aws_provider import (
################## SSMIncidents
class SSMIncidents:
class SSMIncidents(AWSService):
def __init__(self, audit_info):
self.service = "ssm-incidents"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audited_partition = audit_info.audited_partition
self.audited_account_arn = audit_info.audited_account_arn
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
self.region = get_default_region(self.service, audit_info)
# Call AWSService's __init__
super().__init__("ssm-incidents", audit_info)
self.replication_set = []
self.__list_replication_sets__()
self.__get_replication_set__()
@@ -35,18 +24,6 @@ class SSMIncidents:
self.__threading_call__(self.__list_response_plans__)
self.__list_tags_for_resource__()
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __list_replication_sets__(self):
logger.info("SSMIncidents - Listing Replication Sets...")
try:

3
prowler/providers/aws/services/trustedadvisor/trustedadvisor_errors_and_warnings/trustedadvisor_errors_and_warnings.py
View File

@@ -25,7 +25,8 @@ class trustedadvisor_errors_and_warnings(Check):
report = Check_Report_AWS(self.metadata())
report.status = "INFO"
report.status_extended = "Amazon Web Services Premium Support Subscription is required to use this service."
report.resource_id = trustedadvisor_client.account
report.resource_id = trustedadvisor_client.audited_account
report.resource_arn = trustedadvisor_client.audited_account_arn
report.region = trustedadvisor_client.region
findings.append(report)

14
prowler/providers/aws/services/trustedadvisor/trustedadvisor_service.py
View File

@@ -4,25 +4,24 @@ from botocore.client import ClientError
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.providers.aws.aws_provider import get_default_region
from prowler.providers.aws.lib.service.service import AWSService
################################ TrustedAdvisor
class TrustedAdvisor:
class TrustedAdvisor(AWSService):
def __init__(self, audit_info):
self.service = "support"
self.session = audit_info.audit_session
self.account = audit_info.audited_account
# Call AWSService's __init__
super().__init__("support", audit_info)
self.checks = []
self.enabled = True
# Support API is not available in China Partition
# But only in us-east-1 or us-gov-west-1 https://docs.aws.amazon.com/general/latest/gr/awssupport.html
if audit_info.audited_partition != "aws-cn":
if audit_info.audited_partition == "aws":
self.region = get_default_region(self.service, audit_info)
support_region = "us-east-1"
else:
support_region = "us-gov-west-1"
self.client = audit_info.audit_session.client(
self.service, region_name=support_region
)
@@ -30,9 +29,6 @@ class TrustedAdvisor:
self.__describe_trusted_advisor_checks__()
self.__describe_trusted_advisor_check_result__()
def __get_session__(self):
return self.session
def __describe_trusted_advisor_checks__(self):
logger.info("TrustedAdvisor - Describing Checks...")
try:

30
prowler/providers/aws/services/vpc/vpc_service.py
View File

@@ -1,5 +1,4 @@
import json
import threading
from typing import Optional
from botocore.client import ClientError
@@ -7,22 +6,14 @@ from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import (
generate_regional_clients,
get_default_region,
)
from prowler.providers.aws.lib.service.service import AWSService
################## VPC
class VPC:
class VPC(AWSService):
def __init__(self, audit_info):
self.service = "ec2"
self.session = audit_info.audit_session
self.audited_account = audit_info.audited_account
self.audit_resources = audit_info.audit_resources
self.audited_partition = audit_info.audited_partition
self.audited_account_arn = audit_info.audited_account_arn
self.regional_clients = generate_regional_clients(self.service, audit_info)
# Call AWSService's __init__
super().__init__("ec2", audit_info)
self.vpcs = {}
self.vpc_peering_connections = []
self.vpc_endpoints = []
@@ -36,19 +27,6 @@ class VPC:
self.__describe_vpc_endpoint_service_permissions__()
self.vpc_subnets = {}
self.__threading_call__(self.__describe_vpc_subnets__)
self.region = get_default_region(self.service, audit_info)
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __describe_vpcs__(self, regional_client):
logger.info("VPC - Describing VPCs...")

24
prowler/providers/aws/services/waf/waf_service.py
View File

@@ -1,35 +1,19 @@
import threading
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
from prowler.providers.aws.lib.service.service import AWSService
################### WAF
class WAF:
class WAF(AWSService):
def __init__(self, audit_info):
self.service = "waf-regional"
self.session = audit_info.audit_session
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
# Call AWSService's __init__
super().__init__("waf-regional", audit_info)
self.web_acls = []
self.__threading_call__(self.__list_web_acls__)
self.__threading_call__(self.__list_resources_for_web_acl__)
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __list_web_acls__(self, regional_client):
logger.info("WAF - Listing Regional Web ACLs...")
try:

24
prowler/providers/aws/services/wafv2/wafv2_service.py
View File

@@ -1,35 +1,19 @@
import threading
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
from prowler.providers.aws.lib.service.service import AWSService
################### WAFv2
class WAFv2:
class WAFv2(AWSService):
def __init__(self, audit_info):
self.service = "wafv2"
self.session = audit_info.audit_session
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info)
self.web_acls = []
self.__threading_call__(self.__list_web_acls__)
self.__threading_call__(self.__list_resources_for_web_acl__)
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __list_web_acls__(self, regional_client):
logger.info("WAFv2 - Listing Regional Web ACLs...")
try:

23
prowler/providers/aws/services/wellarchitected/wellarchitected_service.py
View File

@@ -1,36 +1,21 @@
import threading
from typing import Optional
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
from prowler.providers.aws.lib.service.service import AWSService
################################ WellArchitected
class WellArchitected:
class WellArchitected(AWSService):
def __init__(self, audit_info):
self.service = "wellarchitected"
self.session = audit_info.audit_session
self.audit_resources = audit_info.audit_resources
self.regional_clients = generate_regional_clients(self.service, audit_info)
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info)
self.workloads = []
self.__threading_call__(self.__list_workloads__)
self.__list_tags_for_resource__()
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __list_workloads__(self, regional_client):
logger.info("WellArchitected - Listing Workloads...")
try:

25
prowler/providers/aws/services/workspaces/workspaces_service.py
View File

@@ -1,38 +1,21 @@
import threading
from typing import Optional
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
from prowler.providers.aws.aws_provider import generate_regional_clients
from prowler.providers.aws.lib.service.service import AWSService
################################ WorkSpaces
class WorkSpaces:
class WorkSpaces(AWSService):
def __init__(self, audit_info):
self.service = "workspaces"
self.session = audit_info.audit_session
self.audit_resources = audit_info.audit_resources
self.audited_partition = audit_info.audited_partition
self.audited_account = audit_info.audited_account
self.regional_clients = generate_regional_clients(self.service, audit_info)
# Call AWSService's __init__
super().__init__(__class__.__name__, audit_info)
self.workspaces = []
self.__threading_call__(self.__describe_workspaces__)
self.__describe_tags__()
def __get_session__(self):
return self.session
def __threading_call__(self, call):
threads = []
for regional_client in self.regional_clients.values():
threads.append(threading.Thread(target=call, args=(regional_client,)))
for t in threads:
t.start()
for t in threads:
t.join()
def __describe_workspaces__(self, regional_client):
logger.info("WorkSpaces - describing workspaces...")
try:

7
tests/lib/check/check_test.py
View File

@@ -27,6 +27,7 @@ from prowler.providers.aws.aws_provider import (
get_regions_from_audit_resources,
)
from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
from prowler.providers.common.models import Audit_Metadata
AWS_ACCOUNT_NUMBER = "123456789012"
AWS_REGION = "us-east-1"
@@ -158,6 +159,12 @@ class Test_Check:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
return audit_info

61
tests/lib/outputs/outputs_test.py
View File

@@ -69,6 +69,7 @@ from prowler.lib.outputs.outputs import (
from prowler.lib.utils.utils import hash_sha512, open_file
from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
from prowler.providers.aws.lib.security_hub.security_hub import send_to_security_hub
from prowler.providers.common.models import Audit_Metadata
AWS_ACCOUNT_ID = "123456789012"
@@ -116,6 +117,12 @@ class Test_Outputs:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
test_output_modes = [
["csv"],
@@ -436,6 +443,12 @@ class Test_Outputs:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
finding = Check_Report(
load_check_metadata(
@@ -507,6 +520,12 @@ class Test_Outputs:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
finding = Check_Report(
load_check_metadata(
@@ -592,6 +611,12 @@ class Test_Outputs:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
finding = Check_Report(
load_check_metadata(
@@ -677,6 +702,12 @@ class Test_Outputs:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
with patch(
"prowler.lib.outputs.json.get_check_compliance",
@@ -953,6 +984,12 @@ class Test_Outputs:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
finding = Check_Report(
load_check_metadata(
@@ -1080,6 +1117,12 @@ class Test_Outputs:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
# Creat mock bucket
bucket_name = "test_bucket"
@@ -1131,6 +1174,12 @@ class Test_Outputs:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
# Creat mock bucket
bucket_name = "test_bucket"
@@ -1189,6 +1238,12 @@ class Test_Outputs:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
# Creat mock bucket
bucket_name = "test_bucket"
@@ -1298,6 +1353,12 @@ class Test_Outputs:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
finding = Check_Report(
load_check_metadata(

7
tests/lib/outputs/slack_test.py
View File

@@ -12,6 +12,7 @@ from prowler.providers.azure.lib.audit_info.models import (
Azure_Audit_Info,
Azure_Identity_Info,
)
from prowler.providers.common.models import Audit_Metadata
from prowler.providers.gcp.lib.audit_info.models import GCP_Audit_Info
AWS_ACCOUNT_ID = "123456789012"
@@ -44,6 +45,12 @@ class Test_Slack_Integration:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
gcp_audit_info = GCP_Audit_Info(
credentials=None,

103
tests/providers/aws/aws_provider_test.py
View File

@@ -12,6 +12,7 @@ from prowler.providers.aws.aws_provider import (
get_global_region,
)
from prowler.providers.aws.lib.audit_info.models import AWS_Assume_Role, AWS_Audit_Info
from prowler.providers.common.models import Audit_Metadata
ACCOUNT_ID = 123456789012
AWS_REGION = "us-east-1"
@@ -62,6 +63,12 @@ class Test_AWS_Provider:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
# Call assume_role
@@ -185,6 +192,12 @@ class Test_AWS_Provider:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
# Call assume_role
@@ -271,6 +284,12 @@ class Test_AWS_Provider:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
# Call assume_role
@@ -354,6 +373,12 @@ class Test_AWS_Provider:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
# Call assume_role
@@ -411,6 +436,12 @@ class Test_AWS_Provider:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
generate_regional_clients_response = generate_regional_clients(
"ec2", audit_info
@@ -443,6 +474,12 @@ class Test_AWS_Provider:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
generate_regional_clients_response = generate_regional_clients(
"route53", audit_info, global_service=True
@@ -474,6 +511,12 @@ class Test_AWS_Provider:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
generate_regional_clients_response = generate_regional_clients(
"shield", audit_info, global_service=True
@@ -502,6 +545,12 @@ class Test_AWS_Provider:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
assert get_default_region("ec2", audit_info) == "eu-west-1"
@@ -525,6 +574,12 @@ class Test_AWS_Provider:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
assert get_default_region("ec2", audit_info) == "eu-west-1"
@@ -548,6 +603,12 @@ class Test_AWS_Provider:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
assert get_default_region("ec2", audit_info) == "eu-west-1"
@@ -571,6 +632,12 @@ class Test_AWS_Provider:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
assert get_default_region("ec2", audit_info) == "us-east-1"
@@ -592,6 +659,12 @@ class Test_AWS_Provider:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
assert get_default_region("ec2", audit_info) == "us-east-1"
@@ -613,6 +686,12 @@ class Test_AWS_Provider:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
assert get_global_region(audit_info) == "us-gov-east-1"
@@ -634,6 +713,12 @@ class Test_AWS_Provider:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
assert get_global_region(audit_info) == "cn-north-1"
@@ -655,6 +740,12 @@ class Test_AWS_Provider:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
assert get_global_region(audit_info) == "aws-iso-global"
@@ -677,6 +768,12 @@ class Test_AWS_Provider:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
with patch(
"prowler.providers.aws.aws_provider.parse_json_file",
@@ -728,6 +825,12 @@ class Test_AWS_Provider:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
with patch(
"prowler.providers.aws.aws_provider.parse_json_file",

7
tests/providers/aws/lib/allowlist/allowlist_test.py
View File

@@ -11,6 +11,7 @@ from prowler.providers.aws.lib.allowlist.allowlist import (
parse_allowlist_file,
)
from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
from prowler.providers.common.models import Audit_Metadata
AWS_ACCOUNT_NUMBER = "123456789012"
AWS_REGION = "us-east-1"
@@ -39,6 +40,12 @@ class Test_Allowlist:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
return audit_info

71
tests/providers/aws/lib/service/service_test.py Normal file
View File

@@ -0,0 +1,71 @@
from boto3 import session
from mock import patch
from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
from prowler.providers.aws.lib.service.service import AWSService
from prowler.providers.common.models import Audit_Metadata
AWS_ACCOUNT_NUMBER = "123456789012"
AWS_ACCOUNT_ARN = f"arn:aws:iam::{AWS_ACCOUNT_NUMBER}:root"
AWS_PARTITION = "aws"
AWS_REGION = "us-east-1"
def mock_generate_regional_clients(service, audit_info, _):
regional_client = audit_info.audit_session.client(service, region_name=AWS_REGION)
regional_client.region = AWS_REGION
return {AWS_REGION: regional_client}
@patch(
"prowler.providers.aws.lib.service.service.generate_regional_clients",
new=mock_generate_regional_clients,
)
class Test_AWSService:
# Mocked Audit Info
def set_mocked_audit_info(self):
audit_info = AWS_Audit_Info(
session_config=None,
original_session=None,
audit_session=session.Session(
profile_name=None,
botocore_session=None,
),
audited_account=AWS_ACCOUNT_NUMBER,
audited_account_arn=AWS_ACCOUNT_ARN,
audited_user_id=None,
audited_partition=AWS_PARTITION,
audited_identity_arn=None,
profile=None,
profile_region=None,
credentials=None,
assumed_role_info=None,
audited_regions=None,
organizations_metadata=None,
audit_resources=[],
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
return audit_info
def test_AWSService_init(self):
audit_info = self.set_mocked_audit_info()
service = AWSService("s3", audit_info)
assert service.audit_info == audit_info
assert service.audited_account == AWS_ACCOUNT_NUMBER
assert service.audited_account_arn == AWS_ACCOUNT_ARN
assert service.audited_partition == AWS_PARTITION
assert service.audit_resources == []
assert service.audited_checks == []
assert service.session == audit_info.audit_session
assert service.service == "s3"
assert len(service.regional_clients) == 1
assert service.regional_clients[AWS_REGION].__class__.__name__ == "S3"
assert service.region == AWS_REGION
assert service.client.__class__.__name__ == "S3"

11
tests/providers/aws/services/accessanalyzer/accessanalyzer_service_test.py
View File

@@ -7,6 +7,7 @@ from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
from prowler.providers.aws.services.accessanalyzer.accessanalyzer_service import (
AccessAnalyzer,
)
from prowler.providers.common.models import Audit_Metadata
# Mock Test Region
AWS_REGION = "eu-west-1"
@@ -57,7 +58,7 @@ def mock_make_api_call(self, operation_name, kwarg):
return make_api_call(self, operation_name, kwarg)
def mock_generate_regional_clients(service, audit_info):
def mock_generate_regional_clients(service, audit_info, _):
regional_client = audit_info.audit_session.client(service, region_name=AWS_REGION)
regional_client.region = AWS_REGION
return {AWS_REGION: regional_client}
@@ -66,7 +67,7 @@ def mock_generate_regional_clients(service, audit_info):
# Patch every AWS call using Boto3 and generate_regional_clients to have 1 client
@patch("botocore.client.BaseClient._make_api_call", new=mock_make_api_call)
@patch(
"prowler.providers.aws.services.accessanalyzer.accessanalyzer_service.generate_regional_clients",
"prowler.providers.aws.lib.service.service.generate_regional_clients",
new=mock_generate_regional_clients,
)
class Test_AccessAnalyzer_Service:
@@ -91,6 +92,12 @@ class Test_AccessAnalyzer_Service:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
return audit_info

11
tests/providers/aws/services/acm/acm_service_test.py
View File

@@ -8,6 +8,7 @@ from mock import patch
from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
from prowler.providers.aws.services.acm.acm_service import ACM
from prowler.providers.common.models import Audit_Metadata
# from moto import mock_acm
@@ -79,7 +80,7 @@ def mock_make_api_call(self, operation_name, kwargs):
# Mock generate_regional_clients()
def mock_generate_regional_clients(service, audit_info):
def mock_generate_regional_clients(service, audit_info, _):
regional_client = audit_info.audit_session.client(service, region_name=AWS_REGION)
regional_client.region = AWS_REGION
return {AWS_REGION: regional_client}
@@ -87,7 +88,7 @@ def mock_generate_regional_clients(service, audit_info):
# Patch every AWS call using Boto3 and generate_regional_clients to have 1 client
@patch(
"prowler.providers.aws.services.acm.acm_service.generate_regional_clients",
"prowler.providers.aws.lib.service.service.generate_regional_clients",
new=mock_generate_regional_clients,
)
@patch("botocore.client.BaseClient._make_api_call", new=mock_make_api_call)
@@ -117,6 +118,12 @@ class Test_ACM_Service:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
return audit_info

7
tests/providers/aws/services/apigateway/apigateway_authorizers_enabled/apigateway_authorizers_enabled_test.py
View File

@@ -5,6 +5,7 @@ from moto import mock_apigateway, mock_iam, mock_lambda
from moto.core import DEFAULT_ACCOUNT_ID as ACCOUNT_ID
from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
from prowler.providers.common.models import Audit_Metadata
AWS_REGION = "us-east-1"
AWS_ACCOUNT_NUMBER = "123456789012"
@@ -32,6 +33,12 @@ class Test_apigateway_authorizers_enabled:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
return audit_info

7
tests/providers/aws/services/apigateway/apigateway_client_certificate_enabled/apigateway_client_certificate_enabled_test.py
View File

@@ -5,6 +5,7 @@ from moto import mock_apigateway
from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
from prowler.providers.aws.services.apigateway.apigateway_service import Stage
from prowler.providers.common.models import Audit_Metadata
AWS_REGION = "us-east-1"
AWS_ACCOUNT_NUMBER = "123456789012"
@@ -32,6 +33,12 @@ class Test_apigateway_client_certificate_enabled:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
return audit_info

7
tests/providers/aws/services/apigateway/apigateway_endpoint_public/apigateway_endpoint_public_test.py
View File

@@ -4,6 +4,7 @@ from boto3 import client, session
from moto import mock_apigateway
from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
from prowler.providers.common.models import Audit_Metadata
AWS_REGION = "us-east-1"
AWS_ACCOUNT_NUMBER = "123456789012"
@@ -31,6 +32,12 @@ class Test_apigateway_endpoint_public:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
return audit_info

7
tests/providers/aws/services/apigateway/apigateway_logging_enabled/apigateway_logging_enabled_test.py
View File

@@ -4,6 +4,7 @@ from boto3 import client, session
from moto import mock_apigateway
from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
from prowler.providers.common.models import Audit_Metadata
AWS_REGION = "us-east-1"
AWS_ACCOUNT_NUMBER = "123456789012"
@@ -31,6 +32,12 @@ class Test_apigateway_logging_enabled:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
return audit_info

7
tests/providers/aws/services/apigateway/apigateway_service_test.py
View File

@@ -3,6 +3,7 @@ from moto import mock_apigateway
from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
from prowler.providers.aws.services.apigateway.apigateway_service import APIGateway
from prowler.providers.common.models import Audit_Metadata
AWS_ACCOUNT_NUMBER = "123456789012"
AWS_REGION = "us-east-1"
@@ -31,6 +32,12 @@ class Test_APIGateway_Service:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
return audit_info

7
tests/providers/aws/services/apigateway/apigateway_waf_acl_attached/apigateway_waf_acl_attached_test.py
View File

@@ -4,6 +4,7 @@ from boto3 import client, session
from moto import mock_apigateway, mock_wafv2
from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
from prowler.providers.common.models import Audit_Metadata
AWS_REGION = "us-east-1"
AWS_ACCOUNT_NUMBER = "123456789012"
@@ -31,6 +32,12 @@ class Test_apigateway_waf_acl_attached:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
return audit_info

7
tests/providers/aws/services/apigatewayv2/apigatewayv2_access_logging_enabled/apigatewayv2_access_logging_enabled_test.py
View File

@@ -6,6 +6,7 @@ from mock import patch
from moto import mock_apigatewayv2
from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
from prowler.providers.common.models import Audit_Metadata
AWS_REGION = "us-east-1"
AWS_ACCOUNT_NUMBER = "123456789012"
@@ -60,6 +61,12 @@ class Test_apigatewayv2_access_logging_enabled:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
return audit_info

7
tests/providers/aws/services/apigatewayv2/apigatewayv2_authorizers_enabled/apigatewayv2_authorizers_enabled_test.py
View File

@@ -6,6 +6,7 @@ from mock import patch
from moto import mock_apigatewayv2
from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
from prowler.providers.common.models import Audit_Metadata
AWS_REGION = "us-east-1"
AWS_ACCOUNT_NUMBER = "123456789012"
@@ -60,6 +61,12 @@ class Test_apigatewayv2_authorizers_enabled:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
return audit_info

7
tests/providers/aws/services/apigatewayv2/apigatewayv2_service_test.py
View File

@@ -7,6 +7,7 @@ from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
from prowler.providers.aws.services.apigatewayv2.apigatewayv2_service import (
ApiGatewayV2,
)
from prowler.providers.common.models import Audit_Metadata
AWS_ACCOUNT_NUMBER = "123456789012"
AWS_REGION = "us-east-1"
@@ -62,6 +63,12 @@ class Test_ApiGatewayV2_Service:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
return audit_info

11
tests/providers/aws/services/appstream/appstream_service_test.py
View File

@@ -6,6 +6,7 @@ from moto.core import DEFAULT_ACCOUNT_ID
from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
from prowler.providers.aws.services.appstream.appstream_service import AppStream
from prowler.providers.common.models import Audit_Metadata
# Mock Test Region
AWS_REGION = "eu-west-1"
@@ -50,7 +51,7 @@ def mock_make_api_call(self, operation_name, kwarg):
# Mock generate_regional_clients()
def mock_generate_regional_clients(service, audit_info):
def mock_generate_regional_clients(service, audit_info, _):
regional_client = audit_info.audit_session.client(service, region_name=AWS_REGION)
regional_client.region = AWS_REGION
return {AWS_REGION: regional_client}
@@ -59,7 +60,7 @@ def mock_generate_regional_clients(service, audit_info):
# Patch every AWS call using Boto3 and generate_regional_clients to have 1 client
@patch("botocore.client.BaseClient._make_api_call", new=mock_make_api_call)
@patch(
"prowler.providers.aws.services.appstream.appstream_service.generate_regional_clients",
"prowler.providers.aws.lib.service.service.generate_regional_clients",
new=mock_generate_regional_clients,
)
class Test_AppStream_Service:
@@ -84,6 +85,12 @@ class Test_AppStream_Service:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
return audit_info

7
tests/providers/aws/services/autoscaling/autoscaling_find_secrets_ec2_launch_configuration/autoscaling_find_secrets_ec2_launch_configuration_test.py
View File

@@ -4,6 +4,7 @@ from boto3 import client, session
from moto import mock_autoscaling
from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
from prowler.providers.common.models import Audit_Metadata
AWS_REGION = "us-east-1"
AWS_ACCOUNT_NUMBER = "123456789012"
@@ -31,6 +32,12 @@ class Test_autoscaling_find_secrets_ec2_launch_configuration:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
return audit_info

7
tests/providers/aws/services/autoscaling/autoscaling_group_multiple_az/autoscaling_group_multiple_az_test.py
View File

@@ -4,6 +4,7 @@ from boto3 import client, session
from moto import mock_autoscaling
from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
from prowler.providers.common.models import Audit_Metadata
AWS_REGION = "us-east-1"
AWS_ACCOUNT_NUMBER = "123456789012"
@@ -31,6 +32,12 @@ class Test_autoscaling_group_multiple_az:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
return audit_info

7
tests/providers/aws/services/autoscaling/autoscaling_service_test.py
View File

@@ -5,6 +5,7 @@ from moto import mock_autoscaling
from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
from prowler.providers.aws.services.autoscaling.autoscaling_service import AutoScaling
from prowler.providers.common.models import Audit_Metadata
AWS_ACCOUNT_NUMBER = "123456789012"
AWS_REGION = "us-east-1"
@@ -33,6 +34,12 @@ class Test_AutoScaling_Service:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
return audit_info

11
tests/providers/aws/services/awslambda/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled_test.py
View File

@@ -7,12 +7,13 @@ from moto.core import DEFAULT_ACCOUNT_ID
from prowler.providers.aws.lib.audit_info.audit_info import AWS_Audit_Info
from prowler.providers.aws.services.awslambda.awslambda_service import Function
from prowler.providers.common.models import Audit_Metadata
AWS_REGION = "us-east-1"
# Mock generate_regional_clients()
def mock_generate_regional_clients(service, audit_info):
def mock_generate_regional_clients(service, audit_info, _):
regional_client = audit_info.audit_session.client(service, region_name=AWS_REGION)
regional_client.region = AWS_REGION
return {AWS_REGION: regional_client}
@@ -20,7 +21,7 @@ def mock_generate_regional_clients(service, audit_info):
# Patch every AWS call using Boto3 and generate_regional_clients to have 1 client
@patch(
"prowler.providers.aws.services.accessanalyzer.accessanalyzer_service.generate_regional_clients",
"prowler.providers.aws.lib.service.service.generate_regional_clients",
new=mock_generate_regional_clients,
)
class Test_awslambda_function_invoke_api_operations_cloudtrail_logging_enabled:
@@ -46,6 +47,12 @@ class Test_awslambda_function_invoke_api_operations_cloudtrail_logging_enabled:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
return audit_info

4
tests/providers/aws/services/awslambda/awslambda_service_test.py
View File

@@ -47,7 +47,7 @@ def mock_request_get(_):
# Mock generate_regional_clients()
def mock_generate_regional_clients(service, audit_info):
def mock_generate_regional_clients(service, audit_info, _):
regional_client_eu_west_1 = audit_info.audit_session.client(
service, region_name=AWS_REGION
)
@@ -63,7 +63,7 @@ def mock_generate_regional_clients(service, audit_info):
@patch(
"prowler.providers.aws.services.awslambda.awslambda_service.generate_regional_clients",
"prowler.providers.aws.lib.service.service.generate_regional_clients",
new=mock_generate_regional_clients,
)
class Test_Lambda_Service:

11
tests/providers/aws/services/backup/backup_service_test.py
View File

@@ -6,6 +6,7 @@ from boto3 import session
from prowler.providers.aws.lib.audit_info.audit_info import AWS_Audit_Info
from prowler.providers.aws.services.backup.backup_service import Backup
from prowler.providers.common.models import Audit_Metadata
# Mock Test Region
AWS_REGION = "eu-west-1"
@@ -59,7 +60,7 @@ def mock_make_api_call(self, operation_name, kwarg):
return make_api_call(self, operation_name, kwarg)
def mock_generate_regional_clients(service, audit_info):
def mock_generate_regional_clients(service, audit_info, _):
regional_client = audit_info.audit_session.client(service, region_name=AWS_REGION)
regional_client.region = AWS_REGION
return {AWS_REGION: regional_client}
@@ -68,7 +69,7 @@ def mock_generate_regional_clients(service, audit_info):
# Patch every AWS call using Boto3 and generate_regional_clients to have 1 client
@patch("botocore.client.BaseClient._make_api_call", new=mock_make_api_call)
@patch(
"prowler.providers.aws.services.backup.backup_service.generate_regional_clients",
"prowler.providers.aws.lib.service.service.generate_regional_clients",
new=mock_generate_regional_clients,
)
class Test_Backup_Service:
@@ -94,6 +95,12 @@ class Test_Backup_Service:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
return audit_info

13
tests/providers/aws/services/cloudformation/cloudformation_service_test.py
View File

@@ -13,6 +13,7 @@ from prowler.providers.aws.lib.audit_info.audit_info import AWS_Audit_Info
from prowler.providers.aws.services.cloudformation.cloudformation_service import (
CloudFormation,
)
from prowler.providers.common.models import Audit_Metadata
# Mock Test Region
AWS_REGION = "eu-west-1"
@@ -120,7 +121,7 @@ def mock_make_api_call(self, operation_name, kwarg):
# Mock generate_regional_clients()
def mock_generate_regional_clients(service, audit_info):
def mock_generate_regional_clients(service, audit_info, _):
regional_client = audit_info.audit_session.client(service, region_name=AWS_REGION)
regional_client.region = AWS_REGION
return {AWS_REGION: regional_client}
@@ -129,7 +130,7 @@ def mock_generate_regional_clients(service, audit_info):
# Patch every AWS call using Boto3 and generate_regional_clients to have 1 client
@patch("botocore.client.BaseClient._make_api_call", new=mock_make_api_call)
@patch(
"prowler.providers.aws.services.cloudformation.cloudformation_service.generate_regional_clients",
"prowler.providers.aws.lib.service.service.generate_regional_clients",
new=mock_generate_regional_clients,
)
class Test_CloudFormation_Service:
@@ -145,7 +146,7 @@ class Test_CloudFormation_Service:
audited_account=None,
audited_account_arn=None,
audited_user_id=None,
audited_partition=None,
audited_partition="aws",
audited_identity_arn=None,
profile=None,
profile_region=None,
@@ -155,6 +156,12 @@ class Test_CloudFormation_Service:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
return audit_info

7
tests/providers/aws/services/cloudfront/cloudfront_service_test.py
View File

@@ -10,6 +10,7 @@ from prowler.providers.aws.services.cloudfront.cloudfront_service import (
CloudFront,
ViewerProtocolPolicy,
)
from prowler.providers.common.models import Audit_Metadata
# Mock Test Region
AWS_REGION = "eu-west-1"
@@ -176,6 +177,12 @@ class Test_CloudFront_Service:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
return audit_info

7
tests/providers/aws/services/cloudtrail/cloudtrail_bucket_requires_mfa_delete/cloudtrail_bucket_requires_mfa_delete_test.py
View File

@@ -8,6 +8,7 @@ from moto import mock_cloudtrail, mock_iam, mock_s3
from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
from prowler.providers.aws.services.cloudtrail.cloudtrail_service import Cloudtrail
from prowler.providers.aws.services.s3.s3_service import S3
from prowler.providers.common.models import Audit_Metadata
AWS_ACCOUNT_NUMBER = "123456789012"
@@ -37,6 +38,12 @@ class Test_cloudtrail_bucket_requires_mfa_delete:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
return audit_info

7
tests/providers/aws/services/cloudtrail/cloudtrail_cloudwatch_logging_enabled/cloudtrail_cloudwatch_logging_enabled_test.py
View File

@@ -6,6 +6,7 @@ from boto3 import client, session
from moto import mock_cloudtrail, mock_s3
from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
from prowler.providers.common.models import Audit_Metadata
AWS_ACCOUNT_NUMBER = "123456789012"
@@ -32,6 +33,12 @@ class Test_cloudtrail_cloudwatch_logging_enabled:
organizations_metadata=None,
audit_resources=None,
mfa_enabled=False,
audit_metadata=Audit_Metadata(
services_scanned=0,
expected_checks=[],
completed_checks=0,
audit_progress=0,
),
)
return audit_info

Some files were not shown because too many files have changed in this diff Show More