ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(check): change cloudformation_outputs_find_secrets name (#2027)

Browse Source
This commit is contained in:
Sergio Garcia
2023-03-06 12:11:58 +01:00
committed by GitHub
parent 0dde3fe483
commit f45ea1ab53
5 changed files with 26 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
prowler/lib/check/check.py
View File

@@ -517,10 +517,8 @@ def get_checks_from_input_arn(audit_resources: list, provider: str) -> set:
for resource in audit_resources: for resource in audit_resources:
service = resource.split(":")[2] service = resource.split(":")[2]
sub_service = resource.split(":")[5].split("/")[0].replace("-", "_") sub_service = resource.split(":")[5].split("/")[0].replace("-", "_")
# WAF Services does not have checks
if ( if service != "wafv2" and service != "waf":
service != "wafv2" and service != "waf"
): # WAF Services does not have checks
# Parse services when they are different in the ARNs # Parse services when they are different in the ARNs
if service == "lambda": if service == "lambda":
service = "awslambda" service = "awslambda"
@@ -528,7 +526,14 @@ def get_checks_from_input_arn(audit_resources: list, provider: str) -> set:
service = "elb" service = "elb"
elif service == "logs": elif service == "logs":
service = "cloudwatch" service = "cloudwatch"
service_list.add(service) # Check if Prowler has checks in service
try:
list_modules(provider, service)
except ModuleNotFoundError:
# Service is not supported
pass
else:
service_list.add(service)
# Get subservices to execute only applicable checks # Get subservices to execute only applicable checks
if service not in services_without_subservices: if service not in services_without_subservices:

0
prowler/providers/aws/services/cloudformation/cloudformation_outputs_find_secrets/__init__.py → prowler/providers/aws/services/cloudformation/cloudformation_stack_outputs_find_secrets/__init__.py
View File

2
prowler/providers/aws/services/cloudformation/cloudformation_outputs_find_secrets/cloudformation_outputs_find_secrets.metadata.json → prowler/providers/aws/services/cloudformation/cloudformation_stack_outputs_find_secrets/cloudformation_stack_outputs_find_secrets.metadata.json
View File

@@ -1,6 +1,6 @@
{ {
"Provider": "aws", "Provider": "aws",
"CheckID": "cloudformation_outputs_find_secrets", "CheckID": "cloudformation_stack_outputs_find_secrets",
"CheckTitle": "Find secrets in CloudFormation outputs", "CheckTitle": "Find secrets in CloudFormation outputs",
"CheckType": [], "CheckType": [],
"ServiceName": "cloudformation", "ServiceName": "cloudformation",

4
prowler/providers/aws/services/cloudformation/cloudformation_outputs_find_secrets/cloudformation_outputs_find_secrets.py → prowler/providers/aws/services/cloudformation/cloudformation_stack_outputs_find_secrets/cloudformation_stack_outputs_find_secrets.py
View File

@@ -10,11 +10,11 @@ from prowler.providers.aws.services.cloudformation.cloudformation_client import
) )
class cloudformation_outputs_find_secrets(Check): class cloudformation_stack_outputs_find_secrets(Check):
"""Check if a CloudFormation Stack has secrets in their Outputs""" """Check if a CloudFormation Stack has secrets in their Outputs"""
def execute(self): def execute(self):
"""Execute the cloudformation_outputs_find_secrets check""" """Execute the cloudformation_stack_outputs_find_secrets check"""
findings = [] findings = []
for stack in cloudformation_client.stacks: for stack in cloudformation_client.stacks:
report = Check_Report_AWS(self.metadata()) report = Check_Report_AWS(self.metadata())

26
tests/providers/aws/services/cloudformation/cloudformation_outputs_find_secrets/cloudformation_outputs_find_secrets_test.py
View File

@@ -6,7 +6,7 @@ from prowler.providers.aws.services.cloudformation.cloudformation_service import
AWS_REGION = "eu-west-1" AWS_REGION = "eu-west-1"
class Test_cloudformation_outputs_find_secrets: class Test_cloudformation_stack_outputs_find_secrets:
def test_no_stacks(self): def test_no_stacks(self):
cloudformation_client = mock.MagicMock cloudformation_client = mock.MagicMock
cloudformation_client.stacks = [] cloudformation_client.stacks = []
@@ -15,11 +15,11 @@ class Test_cloudformation_outputs_find_secrets:
new=cloudformation_client, new=cloudformation_client,
): ):
# Test Check # Test Check
from prowler.providers.aws.services.cloudformation.cloudformation_outputs_find_secrets.cloudformation_outputs_find_secrets import ( from prowler.providers.aws.services.cloudformation.cloudformation_stack_outputs_find_secrets.cloudformation_stack_outputs_find_secrets import (
cloudformation_outputs_find_secrets, cloudformation_stack_outputs_find_secrets,
) )
check = cloudformation_outputs_find_secrets() check = cloudformation_stack_outputs_find_secrets()
result = check.execute() result = check.execute()
assert len(result) == 0 assert len(result) == 0
@@ -40,11 +40,11 @@ class Test_cloudformation_outputs_find_secrets:
"prowler.providers.aws.services.cloudformation.cloudformation_service.CloudFormation", "prowler.providers.aws.services.cloudformation.cloudformation_service.CloudFormation",
cloudformation_client, cloudformation_client,
): ):
from prowler.providers.aws.services.cloudformation.cloudformation_outputs_find_secrets.cloudformation_outputs_find_secrets import ( from prowler.providers.aws.services.cloudformation.cloudformation_stack_outputs_find_secrets.cloudformation_stack_outputs_find_secrets import (
cloudformation_outputs_find_secrets, cloudformation_stack_outputs_find_secrets,
) )
check = cloudformation_outputs_find_secrets() check = cloudformation_stack_outputs_find_secrets()
result = check.execute() result = check.execute()
assert len(result) == 1 assert len(result) == 1
@@ -76,11 +76,11 @@ class Test_cloudformation_outputs_find_secrets:
"prowler.providers.aws.services.cloudformation.cloudformation_service.CloudFormation", "prowler.providers.aws.services.cloudformation.cloudformation_service.CloudFormation",
cloudformation_client, cloudformation_client,
): ):
from prowler.providers.aws.services.cloudformation.cloudformation_outputs_find_secrets.cloudformation_outputs_find_secrets import ( from prowler.providers.aws.services.cloudformation.cloudformation_stack_outputs_find_secrets.cloudformation_stack_outputs_find_secrets import (
cloudformation_outputs_find_secrets, cloudformation_stack_outputs_find_secrets,
) )
check = cloudformation_outputs_find_secrets() check = cloudformation_stack_outputs_find_secrets()
result = check.execute() result = check.execute()
assert len(result) == 1 assert len(result) == 1
@@ -112,11 +112,11 @@ class Test_cloudformation_outputs_find_secrets:
"prowler.providers.aws.services.cloudformation.cloudformation_service.CloudFormation", "prowler.providers.aws.services.cloudformation.cloudformation_service.CloudFormation",
cloudformation_client, cloudformation_client,
): ):
from prowler.providers.aws.services.cloudformation.cloudformation_outputs_find_secrets.cloudformation_outputs_find_secrets import ( from prowler.providers.aws.services.cloudformation.cloudformation_stack_outputs_find_secrets.cloudformation_stack_outputs_find_secrets import (
cloudformation_outputs_find_secrets, cloudformation_stack_outputs_find_secrets,
) )
check = cloudformation_outputs_find_secrets() check = cloudformation_stack_outputs_find_secrets()
result = check.execute() result = check.execute()
assert len(result) == 1 assert len(result) == 1