ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 06:45:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(APIGateway): Improve check naming (#2952)

Browse Source
This commit is contained in:
Sergio Garcia
2023-10-20 08:07:08 +02:00
committed by GitHub
parent 976d0da26e
commit f3b81edf67
42 changed files with 221 additions and 221 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
docs/tutorials/aws/v2_to_v3_checks_mapping.md
View File

@@ -12,11 +12,11 @@ checks_v3_to_v2_mapping = {
"account_security_questions_are_registered_in_the_aws_account": "check115",
"acm_certificates_expiration_check": "extra730",
"acm_certificates_transparency_logs_enabled": "extra724",
"apigateway_authorizers_enabled": "extra746",
"apigateway_client_certificate_enabled": "extra743",
"apigateway_endpoint_public": "extra745",
"apigateway_logging_enabled": "extra722",
"apigateway_waf_acl_attached": "extra744",
"apigateway_restapi_authorizers_enabled": "extra746",
"apigateway_restapi_client_certificate_enabled": "extra743",
"apigateway_restapi_public": "extra745",
"apigateway_restapi_logging_enabled": "extra722",
"apigateway_restapi_waf_acl_attached": "extra744",
"apigatewayv2_access_logging_enabled": "extra7156",
"apigatewayv2_authorizers_enabled": "extra7157",
"appstream_fleet_default_internet_access_disabled": "extra7193",

2
docs/tutorials/pentesting.md
View File

@@ -25,7 +25,7 @@ prowler <provider> --categories secrets
Several checks analyse resources that are exposed to the Internet, these are:
1. apigateway_endpoint_public
1. apigateway_restapi_public
- appstream_fleet_default_internet_access_disabled
- awslambda_function_not_publicly_accessible
- ec2_ami_public

6
prowler/compliance/aws/aws_foundational_security_best_practices_aws.json
View File

@@ -46,9 +46,9 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_client_certificate_enabled",
"apigateway_waf_acl_attached",
"apigateway_restapi_logging_enabled",
"apigateway_restapi_client_certificate_enabled",
"apigateway_restapi_waf_acl_attached",
"apigatewayv2_authorizers_enabled",
"apigatewayv2_access_logging_enabled"
]

2
prowler/compliance/aws/aws_well_architected_framework_reliability_pillar_aws.json
View File

@@ -44,7 +44,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"apigatewayv2_access_logging_enabled",
"awslambda_function_invoke_api_operations_cloudtrail_logging_enabled",
"cloudtrail_cloudwatch_logging_enabled",

12
prowler/compliance/aws/aws_well_architected_framework_security_pillar_aws.json
View File

@@ -477,7 +477,7 @@
"s3_bucket_policy_public_write_access",
"sagemaker_notebook_instance_without_direct_internet_access_configured",
"appstream_fleet_default_internet_access_disabled",
"apigateway_endpoint_public",
"apigateway_restapi_public",
"awslambda_function_url_cors_policy",
"awslambda_function_url_public",
"cloudtrail_logs_s3_bucket_is_not_publicly_accessible",
@@ -536,7 +536,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"opensearch_service_domains_audit_logging_enabled",
"cloudtrail_cloudwatch_logging_enabled",
"cloudtrail_s3_dataevents_read_enabled",
@@ -661,7 +661,7 @@
"Checks": [
"opensearch_service_domains_not_publicly_accessible",
"awslambda_function_not_publicly_accessible",
"apigateway_waf_acl_attached",
"apigateway_restapi_waf_acl_attached",
"cloudfront_distributions_using_waf",
"eks_control_plane_endpoint_access_restricted",
"sagemaker_models_network_isolation_enabled",
@@ -693,7 +693,7 @@
"ec2_ebs_public_snapshot",
"ec2_networkacl_allow_ingress_tcp_port_22",
"sagemaker_notebook_instance_without_direct_internet_access_configured",
"apigateway_authorizers_enabled",
"apigateway_restapi_authorizers_enabled",
"apigatewayv2_authorizers_enabled",
"s3_bucket_acl_prohibited",
"s3_bucket_no_mfa_delete"
@@ -770,7 +770,7 @@
"Checks": [
"guardduty_is_enabled",
"vpc_flow_logs_enabled",
"apigateway_authorizers_enabled"
"apigateway_restapi_authorizers_enabled"
]
},
{
@@ -1137,7 +1137,7 @@
"Checks": [
"opensearch_service_domains_node_to_node_encryption_enabled",
"opensearch_service_domains_https_communications_enforced",
"apigateway_client_certificate_enabled",
"apigateway_restapi_client_certificate_enabled",
"cloudfront_distributions_field_level_encryption_enabled",
"cloudfront_distributions_https_enabled",
"cloudfront_distributions_using_deprecated_ssl_protocols",

10
prowler/compliance/aws/cisa_aws.json
View File

@@ -51,9 +51,9 @@
}
],
"Checks": [
"apigateway_client_certificate_enabled",
"apigateway_logging_enabled",
"apigateway_waf_acl_attached",
"apigateway_restapi_client_certificate_enabled",
"apigateway_restapi_logging_enabled",
"apigateway_restapi_waf_acl_attached",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -250,8 +250,8 @@
],
"Checks": [
"acm_certificates_expiration_check",
"apigateway_client_certificate_enabled",
"apigateway_logging_enabled",
"apigateway_restapi_client_certificate_enabled",
"apigateway_restapi_logging_enabled",
"efs_have_backup_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",

2
prowler/compliance/aws/ens_rd2022_aws.json
View File

@@ -2622,7 +2622,7 @@
}
],
"Checks": [
"apigateway_waf_acl_attached"
"apigateway_restapi_waf_acl_attached"
]
},
{

6
prowler/compliance/aws/fedramp_low_revision_4_aws.json
View File

@@ -16,7 +16,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -125,7 +125,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -208,7 +208,7 @@
}
],
"Checks": [
"apigateway_waf_acl_attached",
"apigateway_restapi_waf_acl_attached",
"ec2_ebs_public_snapshot",
"ec2_instance_public_ip",
"ec2_instance_older_than_specific_days",

20
prowler/compliance/aws/fedramp_moderate_revision_4_aws.json
View File

@@ -121,7 +121,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -416,7 +416,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -442,7 +442,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -469,7 +469,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -571,7 +571,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -625,7 +625,7 @@
}
],
"Checks": [
"apigateway_waf_acl_attached",
"apigateway_restapi_waf_acl_attached",
"ec2_ebs_public_snapshot",
"ec2_instance_public_ip",
"ec2_instance_managed_by_ssm",
@@ -1123,7 +1123,7 @@
}
],
"Checks": [
"apigateway_client_certificate_enabled",
"apigateway_restapi_client_certificate_enabled",
"elbv2_insecure_ssl_ciphers",
"elb_ssl_listeners",
"opensearch_service_domains_node_to_node_encryption_enabled",
@@ -1142,7 +1142,7 @@
}
],
"Checks": [
"apigateway_client_certificate_enabled",
"apigateway_restapi_client_certificate_enabled",
"elbv2_insecure_ssl_ciphers",
"elb_ssl_listeners",
"opensearch_service_domains_node_to_node_encryption_enabled",
@@ -1194,7 +1194,7 @@
}
],
"Checks": [
"apigateway_client_certificate_enabled",
"apigateway_restapi_client_certificate_enabled",
"elb_ssl_listeners",
"opensearch_service_domains_node_to_node_encryption_enabled",
"s3_bucket_secure_transport_policy"
@@ -1377,7 +1377,7 @@
}
],
"Checks": [
"apigateway_waf_acl_attached",
"apigateway_restapi_waf_acl_attached",
"cloudtrail_cloudwatch_logging_enabled",
"cloudwatch_changes_to_network_acls_alarm_configured",
"cloudwatch_changes_to_network_gateways_alarm_configured",

22
prowler/compliance/aws/ffiec_aws.json
View File

@@ -88,7 +88,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -117,7 +117,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -267,7 +267,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -294,7 +294,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -339,7 +339,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -456,7 +456,7 @@
}
],
"Checks": [
"apigateway_client_certificate_enabled",
"apigateway_restapi_client_certificate_enabled",
"ec2_ebs_volume_encryption",
"ec2_ebs_default_encryption",
"efs_encryption_at_rest_enabled",
@@ -481,7 +481,7 @@
}
],
"Checks": [
"apigateway_client_certificate_enabled",
"apigateway_restapi_client_certificate_enabled",
"elbv2_insecure_ssl_ciphers",
"elb_ssl_listeners",
"s3_bucket_secure_transport_policy"
@@ -500,7 +500,7 @@
}
],
"Checks": [
"apigateway_client_certificate_enabled",
"apigateway_restapi_client_certificate_enabled",
"iam_root_hardware_mfa_enabled",
"iam_root_mfa_enabled",
"iam_user_mfa_enabled_console_access",
@@ -646,7 +646,7 @@
],
"Checks": [
"acm_certificates_expiration_check",
"apigateway_waf_acl_attached",
"apigateway_restapi_waf_acl_attached",
"ec2_ebs_public_snapshot",
"ec2_instance_public_ip",
"elbv2_waf_acl_attached",
@@ -680,7 +680,7 @@
}
],
"Checks": [
"apigateway_waf_acl_attached",
"apigateway_restapi_waf_acl_attached",
"elbv2_waf_acl_attached",
"ec2_securitygroup_default_restrict_traffic",
"ec2_networkacl_allow_ingress_any_port",
@@ -701,7 +701,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_cloudwatch_logging_enabled",
"elbv2_logging_enabled",

4
prowler/compliance/aws/gxp_21_cfr_part_11_aws.json
View File

@@ -123,7 +123,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -257,7 +257,7 @@
}
],
"Checks": [
"apigateway_client_certificate_enabled",
"apigateway_restapi_client_certificate_enabled",
"cloudtrail_kms_encryption_enabled",
"cloudtrail_log_file_validation_enabled",
"dynamodb_tables_kms_cmk_encryption_enabled",

8
prowler/compliance/aws/hipaa_aws.json
View File

@@ -85,7 +85,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -143,7 +143,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -383,7 +383,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -628,7 +628,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",

20
prowler/compliance/aws/nist_800_171_revision_2_aws.json
View File

@@ -207,7 +207,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -295,7 +295,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -323,7 +323,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -346,7 +346,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -635,7 +635,7 @@
}
],
"Checks": [
"apigateway_client_certificate_enabled",
"apigateway_restapi_client_certificate_enabled",
"ec2_ebs_volume_encryption",
"elbv2_insecure_ssl_ciphers",
"opensearch_service_domains_node_to_node_encryption_enabled",
@@ -655,7 +655,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_cloudwatch_logging_enabled",
"cloudwatch_changes_to_network_acls_alarm_configured",
@@ -683,7 +683,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_cloudwatch_logging_enabled",
"cloudwatch_changes_to_network_acls_alarm_configured",
@@ -769,7 +769,7 @@
],
"Checks": [
"acm_certificates_expiration_check",
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -1075,7 +1075,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -1101,7 +1101,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",

6
prowler/compliance/aws/nist_800_53_revision_4_aws.json
View File

@@ -324,7 +324,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -350,7 +350,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -484,7 +484,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",

108
prowler/compliance/aws/nist_800_53_revision_5_aws.json
View File

@@ -1022,7 +1022,7 @@
}
],
"Checks": [
"apigateway_client_certificate_enabled",
"apigateway_restapi_client_certificate_enabled",
"elb_ssl_listeners",
"opensearch_service_domains_node_to_node_encryption_enabled",
"s3_bucket_secure_transport_policy"
@@ -1041,7 +1041,7 @@
}
],
"Checks": [
"apigateway_waf_acl_attached",
"apigateway_restapi_waf_acl_attached",
"ec2_ebs_public_snapshot",
"ec2_instance_public_ip",
"elbv2_waf_acl_attached",
@@ -1074,7 +1074,7 @@
}
],
"Checks": [
"apigateway_client_certificate_enabled",
"apigateway_restapi_client_certificate_enabled",
"elb_ssl_listeners",
"opensearch_service_domains_node_to_node_encryption_enabled",
"s3_bucket_secure_transport_policy"
@@ -1093,7 +1093,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -1404,7 +1404,7 @@
}
],
"Checks": [
"apigateway_client_certificate_enabled",
"apigateway_restapi_client_certificate_enabled",
"elb_ssl_listeners",
"s3_bucket_secure_transport_policy"
]
@@ -1547,7 +1547,7 @@
}
],
"Checks": [
"apigateway_client_certificate_enabled",
"apigateway_restapi_client_certificate_enabled",
"elb_ssl_listeners",
"opensearch_service_domains_node_to_node_encryption_enabled",
"s3_bucket_secure_transport_policy"
@@ -1566,7 +1566,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -1610,7 +1610,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -1637,7 +1637,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -1664,7 +1664,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -1691,7 +1691,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -1718,7 +1718,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -1745,7 +1745,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -1809,7 +1809,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -1837,7 +1837,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -1887,7 +1887,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -1915,7 +1915,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -1959,7 +1959,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -2018,7 +2018,7 @@
}
],
"Checks": [
"apigateway_client_certificate_enabled",
"apigateway_restapi_client_certificate_enabled",
"cloudtrail_kms_encryption_enabled",
"dynamodb_tables_kms_cmk_encryption_enabled",
"ec2_ebs_volume_encryption",
@@ -2065,7 +2065,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -2124,7 +2124,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -2151,7 +2151,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -2178,7 +2178,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -2206,7 +2206,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -2234,7 +2234,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -2269,7 +2269,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -2296,7 +2296,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -2331,7 +2331,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -2366,7 +2366,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -2466,7 +2466,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -2519,7 +2519,7 @@
}
],
"Checks": [
"apigateway_client_certificate_enabled",
"apigateway_restapi_client_certificate_enabled",
"elb_ssl_listeners",
"opensearch_service_domains_node_to_node_encryption_enabled",
"s3_bucket_secure_transport_policy"
@@ -2725,7 +2725,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -3609,7 +3609,7 @@
],
"Checks": [
"cloudtrail_multi_region_enabled",
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_cloudwatch_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
@@ -3795,7 +3795,7 @@
}
],
"Checks": [
"apigateway_client_certificate_enabled",
"apigateway_restapi_client_certificate_enabled",
"elb_ssl_listeners",
"s3_bucket_secure_transport_policy"
]
@@ -3980,7 +3980,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -4093,7 +4093,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -4128,7 +4128,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -4178,7 +4178,7 @@
}
],
"Checks": [
"apigateway_client_certificate_enabled",
"apigateway_restapi_client_certificate_enabled",
"cloudtrail_log_file_validation_enabled",
"elb_ssl_listeners",
"opensearch_service_domains_node_to_node_encryption_enabled",
@@ -4214,7 +4214,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -4658,7 +4658,7 @@
}
],
"Checks": [
"apigateway_client_certificate_enabled",
"apigateway_restapi_client_certificate_enabled",
"elb_ssl_listeners",
"opensearch_service_domains_node_to_node_encryption_enabled",
"s3_bucket_secure_transport_policy"
@@ -4678,7 +4678,7 @@
}
],
"Checks": [
"apigateway_client_certificate_enabled",
"apigateway_restapi_client_certificate_enabled",
"elb_ssl_listeners",
"opensearch_service_domains_node_to_node_encryption_enabled",
"s3_bucket_secure_transport_policy"
@@ -4697,7 +4697,7 @@
}
],
"Checks": [
"apigateway_client_certificate_enabled",
"apigateway_restapi_client_certificate_enabled",
"elb_ssl_listeners",
"s3_bucket_secure_transport_policy",
"ec2_securitygroup_default_restrict_traffic",
@@ -4779,7 +4779,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -5205,7 +5205,7 @@
}
],
"Checks": [
"apigateway_client_certificate_enabled",
"apigateway_restapi_client_certificate_enabled",
"elb_ssl_listeners",
"opensearch_service_domains_node_to_node_encryption_enabled",
"s3_bucket_secure_transport_policy"
@@ -5224,7 +5224,7 @@
}
],
"Checks": [
"apigateway_client_certificate_enabled",
"apigateway_restapi_client_certificate_enabled",
"elbv2_insecure_ssl_ciphers",
"elb_ssl_listeners",
"opensearch_service_domains_node_to_node_encryption_enabled",
@@ -5244,7 +5244,7 @@
}
],
"Checks": [
"apigateway_client_certificate_enabled",
"apigateway_restapi_client_certificate_enabled",
"elb_ssl_listeners",
"opensearch_service_domains_node_to_node_encryption_enabled",
"s3_bucket_secure_transport_policy"
@@ -5263,7 +5263,7 @@
}
],
"Checks": [
"apigateway_client_certificate_enabled",
"apigateway_restapi_client_certificate_enabled",
"cloudtrail_kms_encryption_enabled",
"dynamodb_tables_kms_cmk_encryption_enabled",
"ec2_ebs_volume_encryption",
@@ -5296,7 +5296,7 @@
}
],
"Checks": [
"apigateway_client_certificate_enabled",
"apigateway_restapi_client_certificate_enabled",
"cloudtrail_kms_encryption_enabled",
"dynamodb_tables_kms_cmk_encryption_enabled",
"ec2_ebs_volume_encryption",
@@ -5329,7 +5329,7 @@
}
],
"Checks": [
"apigateway_client_certificate_enabled",
"apigateway_restapi_client_certificate_enabled",
"elb_ssl_listeners",
"opensearch_service_domains_node_to_node_encryption_enabled",
"s3_bucket_secure_transport_policy"
@@ -5395,7 +5395,7 @@
}
],
"Checks": [
"apigateway_client_certificate_enabled",
"apigateway_restapi_client_certificate_enabled",
"cloudtrail_kms_encryption_enabled",
"dynamodb_tables_kms_cmk_encryption_enabled",
"ec2_ebs_volume_encryption",
@@ -5463,7 +5463,7 @@
}
],
"Checks": [
"apigateway_client_certificate_enabled",
"apigateway_restapi_client_certificate_enabled",
"elb_ssl_listeners",
"opensearch_service_domains_node_to_node_encryption_enabled",
"s3_bucket_secure_transport_policy"
@@ -5656,7 +5656,7 @@
}
],
"Checks": [
"apigateway_client_certificate_enabled",
"apigateway_restapi_client_certificate_enabled",
"cloudtrail_log_file_validation_enabled",
"elb_ssl_listeners",
"opensearch_service_domains_node_to_node_encryption_enabled",
@@ -6103,7 +6103,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -6275,7 +6275,7 @@
],
"Checks": [
"cloudtrail_multi_region_enabled",
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_cloudwatch_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",

12
prowler/compliance/aws/nist_csf_1.1_aws.json
View File

@@ -17,7 +17,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_cloudwatch_logging_enabled",
@@ -62,7 +62,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -132,7 +132,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -279,7 +279,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",
@@ -380,7 +380,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_multi_region_enabled",
"elbv2_logging_enabled",
@@ -1058,7 +1058,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_cloudwatch_logging_enabled",

6
prowler/compliance/aws/rbi_cyber_security_framework_aws.json
View File

@@ -30,7 +30,7 @@
],
"Checks": [
"acm_certificates_expiration_check",
"apigateway_client_certificate_enabled",
"apigateway_restapi_client_certificate_enabled",
"cloudtrail_kms_encryption_enabled",
"dynamodb_tables_kms_cmk_encryption_enabled",
"ec2_ebs_volume_encryption",
@@ -76,7 +76,7 @@
}
],
"Checks": [
"apigateway_waf_acl_attached",
"apigateway_restapi_waf_acl_attached",
"elbv2_waf_acl_attached",
"ec2_securitygroup_default_restrict_traffic",
"ec2_networkacl_allow_ingress_any_port",
@@ -159,7 +159,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_s3_dataevents_read_enabled",
"cloudtrail_s3_dataevents_write_enabled",

6
prowler/compliance/aws/soc2_aws.json
View File

@@ -447,7 +447,7 @@
"vpc_flow_logs_enabled",
"ec2_instance_imdsv2_enabled",
"guardduty_is_enabled",
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22"
]
},
@@ -468,7 +468,7 @@
"cloudtrail_log_file_validation_enabled",
"cloudtrail_cloudwatch_logging_enabled",
"guardduty_is_enabled",
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"rds_instance_integration_cloudwatch_logs",
"securityhub_enabled",
"cloudwatch_changes_to_network_acls_alarm_configured",
@@ -599,7 +599,7 @@
}
],
"Checks": [
"apigateway_logging_enabled",
"apigateway_restapi_logging_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_multi_region_enabled",
"cloudtrail_cloudwatch_logging_enabled",

0
prowler/providers/aws/services/apigateway/apigateway_authorizers_enabled/__init__.py → prowler/providers/aws/services/apigateway/apigateway_restapi_authorizers_enabled/__init__.py
View File

2
prowler/providers/aws/services/apigateway/apigateway_authorizers_enabled/apigateway_authorizers_enabled.metadata.json → prowler/providers/aws/services/apigateway/apigateway_restapi_authorizers_enabled/apigateway_restapi_authorizers_enabled.metadata.json
View File

@@ -1,6 +1,6 @@
{
"Provider": "aws",
"CheckID": "apigateway_authorizers_enabled",
"CheckID": "apigateway_restapi_authorizers_enabled",
"CheckTitle": "Check if API Gateway has configured authorizers.",
"CheckType": [
"IAM"

2
prowler/providers/aws/services/apigateway/apigateway_authorizers_enabled/apigateway_authorizers_enabled.py → prowler/providers/aws/services/apigateway/apigateway_restapi_authorizers_enabled/apigateway_restapi_authorizers_enabled.py
View File

@@ -4,7 +4,7 @@ from prowler.providers.aws.services.apigateway.apigateway_client import (
)
class apigateway_authorizers_enabled(Check):
class apigateway_restapi_authorizers_enabled(Check):
def execute(self):
findings = []
for rest_api in apigateway_client.rest_apis:

0
prowler/providers/aws/services/apigateway/apigateway_client_certificate_enabled/__init__.py → prowler/providers/aws/services/apigateway/apigateway_restapi_client_certificate_enabled/__init__.py
View File

2
prowler/providers/aws/services/apigateway/apigateway_client_certificate_enabled/apigateway_client_certificate_enabled.metadata.json → prowler/providers/aws/services/apigateway/apigateway_restapi_client_certificate_enabled/apigateway_restapi_client_certificate_enabled.metadata.json
View File

@@ -1,6 +1,6 @@
{
"Provider": "aws",
"CheckID": "apigateway_client_certificate_enabled",
"CheckID": "apigateway_restapi_client_certificate_enabled",
"CheckTitle": "Check if API Gateway Stage has client certificate enabled to access your backend endpoint.",
"CheckType": [
"Data Protection"

2
prowler/providers/aws/services/apigateway/apigateway_client_certificate_enabled/apigateway_client_certificate_enabled.py → prowler/providers/aws/services/apigateway/apigateway_restapi_client_certificate_enabled/apigateway_restapi_client_certificate_enabled.py
View File

@@ -4,7 +4,7 @@ from prowler.providers.aws.services.apigateway.apigateway_client import (
)
class apigateway_client_certificate_enabled(Check):
class apigateway_restapi_client_certificate_enabled(Check):
def execute(self):
findings = []
for rest_api in apigateway_client.rest_apis:

0
prowler/providers/aws/services/apigateway/apigateway_endpoint_public/__init__.py → prowler/providers/aws/services/apigateway/apigateway_restapi_logging_enabled/__init__.py
View File

2
prowler/providers/aws/services/apigateway/apigateway_logging_enabled/apigateway_logging_enabled.metadata.json → prowler/providers/aws/services/apigateway/apigateway_restapi_logging_enabled/apigateway_restapi_logging_enabled.metadata.json
View File

@@ -1,6 +1,6 @@
{
"Provider": "aws",
"CheckID": "apigateway_logging_enabled",
"CheckID": "apigateway_restapi_logging_enabled",
"CheckTitle": "Check if API Gateway Stage has logging enabled.",
"CheckType": [
"Logging and Monitoring"

2
prowler/providers/aws/services/apigateway/apigateway_logging_enabled/apigateway_logging_enabled.py → prowler/providers/aws/services/apigateway/apigateway_restapi_logging_enabled/apigateway_restapi_logging_enabled.py
View File

@@ -4,7 +4,7 @@ from prowler.providers.aws.services.apigateway.apigateway_client import (
)
class apigateway_logging_enabled(Check):
class apigateway_restapi_logging_enabled(Check):
def execute(self):
findings = []
for rest_api in apigateway_client.rest_apis:

0
prowler/providers/aws/services/apigateway/apigateway_endpoint_public_without_authorizer/__init__.py → prowler/providers/aws/services/apigateway/apigateway_restapi_public/__init__.py
View File

2
prowler/providers/aws/services/apigateway/apigateway_endpoint_public/apigateway_endpoint_public.metadata.json → prowler/providers/aws/services/apigateway/apigateway_restapi_public/apigateway_restapi_public.metadata.json
View File

@@ -1,6 +1,6 @@
{
"Provider": "aws",
"CheckID": "apigateway_endpoint_public",
"CheckID": "apigateway_restapi_public",
"CheckTitle": "Check if API Gateway endpoint is public or private.",
"CheckType": [
"Infrastructure Security"

2
prowler/providers/aws/services/apigateway/apigateway_endpoint_public/apigateway_endpoint_public.py → prowler/providers/aws/services/apigateway/apigateway_restapi_public/apigateway_restapi_public.py
View File

@@ -4,7 +4,7 @@ from prowler.providers.aws.services.apigateway.apigateway_client import (
)
class apigateway_endpoint_public(Check):
class apigateway_restapi_public(Check):
def execute(self):
findings = []
for rest_api in apigateway_client.rest_apis:

0
prowler/providers/aws/services/apigateway/apigateway_logging_enabled/__init__.py → prowler/providers/aws/services/apigateway/apigateway_restapi_public_with_authorizer/__init__.py
View File

2
prowler/providers/aws/services/apigateway/apigateway_endpoint_public_without_authorizer/apigateway_endpoint_public_without_authorizer.metadata.json → prowler/providers/aws/services/apigateway/apigateway_restapi_public_with_authorizer/apigateway_restapi_public_with_authorizer.metadata.json
View File

@@ -1,6 +1,6 @@
{
"Provider": "aws",
"CheckID": "apigateway_endpoint_public_without_authorizer",
"CheckID": "apigateway_restapi_public_with_authorizer",
"CheckTitle": "Check if API Gateway public endpoint has an authorizer configured.",
"CheckType": [
"Infrastructure Security"

2
prowler/providers/aws/services/apigateway/apigateway_endpoint_public_without_authorizer/apigateway_endpoint_public_without_authorizer.py → prowler/providers/aws/services/apigateway/apigateway_restapi_public_with_authorizer/apigateway_restapi_public_with_authorizer.py
View File

@@ -4,7 +4,7 @@ from prowler.providers.aws.services.apigateway.apigateway_client import (
)
class apigateway_endpoint_public_without_authorizer(Check):
class apigateway_restapi_public_with_authorizer(Check):
def execute(self):
findings = []
for rest_api in apigateway_client.rest_apis:

0
prowler/providers/aws/services/apigateway/apigateway_waf_acl_attached/__init__.py → prowler/providers/aws/services/apigateway/apigateway_restapi_waf_acl_attached/__init__.py
View File

2
prowler/providers/aws/services/apigateway/apigateway_waf_acl_attached/apigateway_waf_acl_attached.metadata.json → prowler/providers/aws/services/apigateway/apigateway_restapi_waf_acl_attached/apigateway_restapi_waf_acl_attached.metadata.json
View File

@@ -1,6 +1,6 @@
{
"Provider": "aws",
"CheckID": "apigateway_waf_acl_attached",
"CheckID": "apigateway_restapi_waf_acl_attached",
"CheckTitle": "Check if API Gateway Stage has a WAF ACL attached.",
"CheckType": [
"Infrastructure Security"

2
prowler/providers/aws/services/apigateway/apigateway_waf_acl_attached/apigateway_waf_acl_attached.py → prowler/providers/aws/services/apigateway/apigateway_restapi_waf_acl_attached/apigateway_restapi_waf_acl_attached.py
View File

@@ -4,7 +4,7 @@ from prowler.providers.aws.services.apigateway.apigateway_client import (
)
class apigateway_waf_acl_attached(Check):
class apigateway_restapi_waf_acl_attached(Check):
def execute(self):
findings = []
for rest_api in apigateway_client.rest_apis:

26
tests/providers/aws/services/apigateway/apigateway_authorizers_enabled/apigateway_authorizers_enabled_test.py
View File

@@ -11,7 +11,7 @@ AWS_REGION = "us-east-1"
AWS_ACCOUNT_NUMBER = "123456789012"
class Test_apigateway_authorizers_enabled:
class Test_apigateway_restapi_authorizers_enabled:
def set_mocked_audit_info(self):
audit_info = AWS_Audit_Info(
session_config=None,
@@ -55,15 +55,15 @@ class Test_apigateway_authorizers_enabled:
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.apigateway.apigateway_authorizers_enabled.apigateway_authorizers_enabled.apigateway_client",
"prowler.providers.aws.services.apigateway.apigateway_restapi_authorizers_enabled.apigateway_restapi_authorizers_enabled.apigateway_client",
new=APIGateway(current_audit_info),
):
# Test Check
from prowler.providers.aws.services.apigateway.apigateway_authorizers_enabled.apigateway_authorizers_enabled import (
apigateway_authorizers_enabled,
from prowler.providers.aws.services.apigateway.apigateway_restapi_authorizers_enabled.apigateway_restapi_authorizers_enabled import (
apigateway_restapi_authorizers_enabled,
)
check = apigateway_authorizers_enabled()
check = apigateway_restapi_authorizers_enabled()
result = check.execute()
assert len(result) == 0
@@ -109,15 +109,15 @@ class Test_apigateway_authorizers_enabled:
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.apigateway.apigateway_authorizers_enabled.apigateway_authorizers_enabled.apigateway_client",
"prowler.providers.aws.services.apigateway.apigateway_restapi_authorizers_enabled.apigateway_restapi_authorizers_enabled.apigateway_client",
new=APIGateway(current_audit_info),
):
# Test Check
from prowler.providers.aws.services.apigateway.apigateway_authorizers_enabled.apigateway_authorizers_enabled import (
apigateway_authorizers_enabled,
from prowler.providers.aws.services.apigateway.apigateway_restapi_authorizers_enabled.apigateway_restapi_authorizers_enabled import (
apigateway_restapi_authorizers_enabled,
)
check = apigateway_authorizers_enabled()
check = apigateway_restapi_authorizers_enabled()
result = check.execute()
assert result[0].status == "PASS"
@@ -152,15 +152,15 @@ class Test_apigateway_authorizers_enabled:
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.apigateway.apigateway_authorizers_enabled.apigateway_authorizers_enabled.apigateway_client",
"prowler.providers.aws.services.apigateway.apigateway_restapi_authorizers_enabled.apigateway_restapi_authorizers_enabled.apigateway_client",
new=APIGateway(current_audit_info),
):
# Test Check
from prowler.providers.aws.services.apigateway.apigateway_authorizers_enabled.apigateway_authorizers_enabled import (
apigateway_authorizers_enabled,
from prowler.providers.aws.services.apigateway.apigateway_restapi_authorizers_enabled.apigateway_restapi_authorizers_enabled import (
apigateway_restapi_authorizers_enabled,
)
check = apigateway_authorizers_enabled()
check = apigateway_restapi_authorizers_enabled()
result = check.execute()
assert result[0].status == "FAIL"

26
tests/providers/aws/services/apigateway/apigateway_client_certificate_enabled/apigateway_client_certificate_enabled_test.py
View File

@@ -11,7 +11,7 @@ AWS_REGION = "us-east-1"
AWS_ACCOUNT_NUMBER = "123456789012"
class Test_apigateway_client_certificate_enabled:
class Test_apigateway_restapi_client_certificate_enabled:
def set_mocked_audit_info(self):
audit_info = AWS_Audit_Info(
session_config=None,
@@ -61,15 +61,15 @@ class Test_apigateway_client_certificate_enabled:
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.apigateway.apigateway_client_certificate_enabled.apigateway_client_certificate_enabled.apigateway_client",
"prowler.providers.aws.services.apigateway.apigateway_restapi_client_certificate_enabled.apigateway_restapi_client_certificate_enabled.apigateway_client",
new=APIGateway(current_audit_info),
):
# Test Check
from prowler.providers.aws.services.apigateway.apigateway_client_certificate_enabled.apigateway_client_certificate_enabled import (
apigateway_client_certificate_enabled,
from prowler.providers.aws.services.apigateway.apigateway_restapi_client_certificate_enabled.apigateway_restapi_client_certificate_enabled import (
apigateway_restapi_client_certificate_enabled,
)
check = apigateway_client_certificate_enabled()
check = apigateway_restapi_client_certificate_enabled()
result = check.execute()
assert len(result) == 0
@@ -119,15 +119,15 @@ class Test_apigateway_client_certificate_enabled:
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.apigateway.apigateway_client_certificate_enabled.apigateway_client_certificate_enabled.apigateway_client",
"prowler.providers.aws.services.apigateway.apigateway_restapi_client_certificate_enabled.apigateway_restapi_client_certificate_enabled.apigateway_client",
new=APIGateway(current_audit_info),
):
# Test Check
from prowler.providers.aws.services.apigateway.apigateway_client_certificate_enabled.apigateway_client_certificate_enabled import (
apigateway_client_certificate_enabled,
from prowler.providers.aws.services.apigateway.apigateway_restapi_client_certificate_enabled.apigateway_restapi_client_certificate_enabled import (
apigateway_restapi_client_certificate_enabled,
)
check = apigateway_client_certificate_enabled()
check = apigateway_restapi_client_certificate_enabled()
result = check.execute()
assert len(result) == 1
@@ -162,12 +162,12 @@ class Test_apigateway_client_certificate_enabled:
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.apigateway.apigateway_client_certificate_enabled.apigateway_client_certificate_enabled.apigateway_client",
"prowler.providers.aws.services.apigateway.apigateway_restapi_client_certificate_enabled.apigateway_restapi_client_certificate_enabled.apigateway_client",
new=APIGateway(current_audit_info),
) as service_client:
# Test Check
from prowler.providers.aws.services.apigateway.apigateway_client_certificate_enabled.apigateway_client_certificate_enabled import (
apigateway_client_certificate_enabled,
from prowler.providers.aws.services.apigateway.apigateway_restapi_client_certificate_enabled.apigateway_restapi_client_certificate_enabled import (
apigateway_restapi_client_certificate_enabled,
)
service_client.rest_apis[0].stages.append(
@@ -180,7 +180,7 @@ class Test_apigateway_client_certificate_enabled:
)
)
check = apigateway_client_certificate_enabled()
check = apigateway_restapi_client_certificate_enabled()
result = check.execute()
assert len(result) == 1

26
tests/providers/aws/services/apigateway/apigateway_endpoint_public/apigateway_endpoint_public_test.py
View File

@@ -10,7 +10,7 @@ AWS_REGION = "us-east-1"
AWS_ACCOUNT_NUMBER = "123456789012"
class Test_apigateway_endpoint_public:
class Test_apigateway_restapi_public:
def set_mocked_audit_info(self):
audit_info = AWS_Audit_Info(
session_config=None,
@@ -54,15 +54,15 @@ class Test_apigateway_endpoint_public:
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.apigateway.apigateway_endpoint_public.apigateway_endpoint_public.apigateway_client",
"prowler.providers.aws.services.apigateway.apigateway_restapi_public.apigateway_restapi_public.apigateway_client",
new=APIGateway(current_audit_info),
):
# Test Check
from prowler.providers.aws.services.apigateway.apigateway_endpoint_public.apigateway_endpoint_public import (
apigateway_endpoint_public,
from prowler.providers.aws.services.apigateway.apigateway_restapi_public.apigateway_restapi_public import (
apigateway_restapi_public,
)
check = apigateway_endpoint_public()
check = apigateway_restapi_public()
result = check.execute()
assert len(result) == 0
@@ -90,15 +90,15 @@ class Test_apigateway_endpoint_public:
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.apigateway.apigateway_endpoint_public.apigateway_endpoint_public.apigateway_client",
"prowler.providers.aws.services.apigateway.apigateway_restapi_public.apigateway_restapi_public.apigateway_client",
new=APIGateway(current_audit_info),
):
# Test Check
from prowler.providers.aws.services.apigateway.apigateway_endpoint_public.apigateway_endpoint_public import (
apigateway_endpoint_public,
from prowler.providers.aws.services.apigateway.apigateway_restapi_public.apigateway_restapi_public import (
apigateway_restapi_public,
)
check = apigateway_endpoint_public()
check = apigateway_restapi_public()
result = check.execute()
assert result[0].status == "PASS"
@@ -138,15 +138,15 @@ class Test_apigateway_endpoint_public:
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.apigateway.apigateway_endpoint_public.apigateway_endpoint_public.apigateway_client",
"prowler.providers.aws.services.apigateway.apigateway_restapi_public.apigateway_restapi_public.apigateway_client",
new=APIGateway(current_audit_info),
):
# Test Check
from prowler.providers.aws.services.apigateway.apigateway_endpoint_public.apigateway_endpoint_public import (
apigateway_endpoint_public,
from prowler.providers.aws.services.apigateway.apigateway_restapi_public.apigateway_restapi_public import (
apigateway_restapi_public,
)
check = apigateway_endpoint_public()
check = apigateway_restapi_public()
result = check.execute()
assert result[0].status == "FAIL"

26
tests/providers/aws/services/apigateway/apigateway_endpoint_public_without_authorizer/apigateway_endpoint_public_without_authorizer_test.py
View File

@@ -12,7 +12,7 @@ AWS_ACCOUNT_NUMBER = "123456789012"
API_GW_NAME = "test-rest-api"
class Test_apigateway_endpoint_public_without_authorizer:
class Test_apigateway_restapi_public_with_authorizer:
def set_mocked_audit_info(self):
audit_info = AWS_Audit_Info(
session_config=None,
@@ -56,15 +56,15 @@ class Test_apigateway_endpoint_public_without_authorizer:
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.apigateway.apigateway_endpoint_public_without_authorizer.apigateway_endpoint_public_without_authorizer.apigateway_client",
"prowler.providers.aws.services.apigateway.apigateway_restapi_public_with_authorizer.apigateway_restapi_public_with_authorizer.apigateway_client",
new=APIGateway(current_audit_info),
):
# Test Check
from prowler.providers.aws.services.apigateway.apigateway_endpoint_public_without_authorizer.apigateway_endpoint_public_without_authorizer import (
apigateway_endpoint_public_without_authorizer,
from prowler.providers.aws.services.apigateway.apigateway_restapi_public_with_authorizer.apigateway_restapi_public_with_authorizer import (
apigateway_restapi_public_with_authorizer,
)
check = apigateway_endpoint_public_without_authorizer()
check = apigateway_restapi_public_with_authorizer()
result = check.execute()
assert len(result) == 0
@@ -92,15 +92,15 @@ class Test_apigateway_endpoint_public_without_authorizer:
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.apigateway.apigateway_endpoint_public_without_authorizer.apigateway_endpoint_public_without_authorizer.apigateway_client",
"prowler.providers.aws.services.apigateway.apigateway_restapi_public_with_authorizer.apigateway_restapi_public_with_authorizer.apigateway_client",
new=APIGateway(current_audit_info),
):
# Test Check
from prowler.providers.aws.services.apigateway.apigateway_endpoint_public_without_authorizer.apigateway_endpoint_public_without_authorizer import (
apigateway_endpoint_public_without_authorizer,
from prowler.providers.aws.services.apigateway.apigateway_restapi_public_with_authorizer.apigateway_restapi_public_with_authorizer import (
apigateway_restapi_public_with_authorizer,
)
check = apigateway_endpoint_public_without_authorizer()
check = apigateway_restapi_public_with_authorizer()
result = check.execute()
assert len(result) == 1
@@ -143,15 +143,15 @@ class Test_apigateway_endpoint_public_without_authorizer:
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.apigateway.apigateway_endpoint_public_without_authorizer.apigateway_endpoint_public_without_authorizer.apigateway_client",
"prowler.providers.aws.services.apigateway.apigateway_restapi_public_with_authorizer.apigateway_restapi_public_with_authorizer.apigateway_client",
new=APIGateway(current_audit_info),
):
# Test Check
from prowler.providers.aws.services.apigateway.apigateway_endpoint_public_without_authorizer.apigateway_endpoint_public_without_authorizer import (
apigateway_endpoint_public_without_authorizer,
from prowler.providers.aws.services.apigateway.apigateway_restapi_public_with_authorizer.apigateway_restapi_public_with_authorizer import (
apigateway_restapi_public_with_authorizer,
)
check = apigateway_endpoint_public_without_authorizer()
check = apigateway_restapi_public_with_authorizer()
result = check.execute()
assert result[0].status == "PASS"

26
tests/providers/aws/services/apigateway/apigateway_logging_enabled/apigateway_logging_enabled_test.py
View File

@@ -10,7 +10,7 @@ AWS_REGION = "us-east-1"
AWS_ACCOUNT_NUMBER = "123456789012"
class Test_apigateway_logging_enabled:
class Test_apigateway_restapi_logging_enabled:
def set_mocked_audit_info(self):
audit_info = AWS_Audit_Info(
session_config=None,
@@ -54,15 +54,15 @@ class Test_apigateway_logging_enabled:
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.apigateway.apigateway_logging_enabled.apigateway_logging_enabled.apigateway_client",
"prowler.providers.aws.services.apigateway.apigateway_restapi_logging_enabled.apigateway_restapi_logging_enabled.apigateway_client",
new=APIGateway(current_audit_info),
):
# Test Check
from prowler.providers.aws.services.apigateway.apigateway_logging_enabled.apigateway_logging_enabled import (
apigateway_logging_enabled,
from prowler.providers.aws.services.apigateway.apigateway_restapi_logging_enabled.apigateway_restapi_logging_enabled import (
apigateway_restapi_logging_enabled,
)
check = apigateway_logging_enabled()
check = apigateway_restapi_logging_enabled()
result = check.execute()
assert len(result) == 0
@@ -122,15 +122,15 @@ class Test_apigateway_logging_enabled:
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.apigateway.apigateway_logging_enabled.apigateway_logging_enabled.apigateway_client",
"prowler.providers.aws.services.apigateway.apigateway_restapi_logging_enabled.apigateway_restapi_logging_enabled.apigateway_client",
new=APIGateway(current_audit_info),
):
# Test Check
from prowler.providers.aws.services.apigateway.apigateway_logging_enabled.apigateway_logging_enabled import (
apigateway_logging_enabled,
from prowler.providers.aws.services.apigateway.apigateway_restapi_logging_enabled.apigateway_restapi_logging_enabled import (
apigateway_restapi_logging_enabled,
)
check = apigateway_logging_enabled()
check = apigateway_restapi_logging_enabled()
result = check.execute()
assert result[0].status == "PASS"
@@ -193,15 +193,15 @@ class Test_apigateway_logging_enabled:
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.apigateway.apigateway_logging_enabled.apigateway_logging_enabled.apigateway_client",
"prowler.providers.aws.services.apigateway.apigateway_restapi_logging_enabled.apigateway_restapi_logging_enabled.apigateway_client",
new=APIGateway(current_audit_info),
):
# Test Check
from prowler.providers.aws.services.apigateway.apigateway_logging_enabled.apigateway_logging_enabled import (
apigateway_logging_enabled,
from prowler.providers.aws.services.apigateway.apigateway_restapi_logging_enabled.apigateway_restapi_logging_enabled import (
apigateway_restapi_logging_enabled,
)
check = apigateway_logging_enabled()
check = apigateway_restapi_logging_enabled()
result = check.execute()
assert result[0].status == "FAIL"

26
tests/providers/aws/services/apigateway/apigateway_waf_acl_attached/apigateway_waf_acl_attached_test.py
View File

@@ -10,7 +10,7 @@ AWS_REGION = "us-east-1"
AWS_ACCOUNT_NUMBER = "123456789012"
class Test_apigateway_waf_acl_attached:
class Test_apigateway_restapi_waf_acl_attached:
def set_mocked_audit_info(self):
audit_info = AWS_Audit_Info(
session_config=None,
@@ -54,15 +54,15 @@ class Test_apigateway_waf_acl_attached:
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.apigateway.apigateway_waf_acl_attached.apigateway_waf_acl_attached.apigateway_client",
"prowler.providers.aws.services.apigateway.apigateway_restapi_waf_acl_attached.apigateway_restapi_waf_acl_attached.apigateway_client",
new=APIGateway(current_audit_info),
):
# Test Check
from prowler.providers.aws.services.apigateway.apigateway_waf_acl_attached.apigateway_waf_acl_attached import (
apigateway_waf_acl_attached,
from prowler.providers.aws.services.apigateway.apigateway_restapi_waf_acl_attached.apigateway_restapi_waf_acl_attached import (
apigateway_restapi_waf_acl_attached,
)
check = apigateway_waf_acl_attached()
check = apigateway_restapi_waf_acl_attached()
result = check.execute()
assert len(result) == 0
@@ -128,15 +128,15 @@ class Test_apigateway_waf_acl_attached:
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.apigateway.apigateway_waf_acl_attached.apigateway_waf_acl_attached.apigateway_client",
"prowler.providers.aws.services.apigateway.apigateway_restapi_waf_acl_attached.apigateway_restapi_waf_acl_attached.apigateway_client",
new=APIGateway(current_audit_info),
):
# Test Check
from prowler.providers.aws.services.apigateway.apigateway_waf_acl_attached.apigateway_waf_acl_attached import (
apigateway_waf_acl_attached,
from prowler.providers.aws.services.apigateway.apigateway_restapi_waf_acl_attached.apigateway_restapi_waf_acl_attached import (
apigateway_restapi_waf_acl_attached,
)
check = apigateway_waf_acl_attached()
check = apigateway_restapi_waf_acl_attached()
result = check.execute()
assert result[0].status == "PASS"
@@ -199,15 +199,15 @@ class Test_apigateway_waf_acl_attached:
"prowler.providers.aws.lib.audit_info.audit_info.current_audit_info",
new=current_audit_info,
), mock.patch(
"prowler.providers.aws.services.apigateway.apigateway_waf_acl_attached.apigateway_waf_acl_attached.apigateway_client",
"prowler.providers.aws.services.apigateway.apigateway_restapi_waf_acl_attached.apigateway_restapi_waf_acl_attached.apigateway_client",
new=APIGateway(current_audit_info),
):
# Test Check
from prowler.providers.aws.services.apigateway.apigateway_waf_acl_attached.apigateway_waf_acl_attached import (
apigateway_waf_acl_attached,
from prowler.providers.aws.services.apigateway.apigateway_restapi_waf_acl_attached.apigateway_restapi_waf_acl_attached import (
apigateway_restapi_waf_acl_attached,
)
check = apigateway_waf_acl_attached()
check = apigateway_restapi_waf_acl_attached()
result = check.execute()
assert result[0].status == "FAIL"