ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 06:45:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(alias): add check alias functionality (#2971)

Browse Source
This commit is contained in:
Sergio Garcia
2023-10-31 11:25:54 +01:00
committed by GitHub
parent 57c3183b15
commit fa7968cb1b
13 changed files with 73 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
docs/tutorials/check-aliases.md Normal file
View File

@@ -0,0 +1,20 @@
# Check Aliases
Prowler allows you to use aliases for the checks. You only have to add the `CheckAliases` key to the check's metadata with a list of the aliases:
"Provider": "<provider>",
"CheckID": "<check_id>",
"CheckTitle": "<check_title>",
"CheckAliases": [
"<check_alias_1>"
"<check_alias_2>",
...
],
...
Then, you can execute the check either with its check ID or with one of the previous aliases:
```console
prowler <provider> -c/--checks <check_alias_1>
Using alias <check_alias_1> for check <check_id>...
```

1
mkdocs.yml
View File

@@ -37,6 +37,7 @@ nav:
- Configuration File: tutorials/configuration_file.md
- Logging: tutorials/logging.md
- Allowlist: tutorials/allowlist.md
- Check Aliases: tutorials/check-aliases.md
- Ignore Unused Services: tutorials/ignore-unused-services.md
- Pentesting: tutorials/pentesting.md
- Developer Guide: developer-guide/introduction.md

16
prowler/lib/check/check.py
View File

@@ -289,10 +289,9 @@ def print_checks(
f"[{bulk_checks_metadata[check].CheckID}] {bulk_checks_metadata[check].CheckTitle} - {Fore.MAGENTA}{bulk_checks_metadata[check].ServiceName} {Fore.YELLOW}[{bulk_checks_metadata[check].Severity}]{Style.RESET_ALL}"
)
except KeyError as error:
logger.critical(
logger.error(
f"Check {error} was not found for the {provider.upper()} provider"
)
sys.exit(1)
checks_num = len(check_list)
plural_string = (
@@ -365,7 +364,7 @@ def list_compliance_modules():
"""
list_compliance_modules returns the available compliance frameworks and returns their path
"""
# This module path requires the full path includig "prowler."
# This module path requires the full path including "prowler."
module_path = "prowler.compliance"
return walk_packages(
importlib.import_module(module_path).__path__,
@@ -375,7 +374,7 @@ def list_compliance_modules():
# List all available modules in the selected provider and service
def list_modules(provider: str, service: str):
# This module path requires the full path includig "prowler."
# This module path requires the full path including "prowler."
module_path = f"prowler.providers.{provider}.services"
if service:
module_path += f".{service}"
@@ -467,10 +466,9 @@ def execute_checks(
# If check does not exists in the provider or is from another provider
except ModuleNotFoundError:
logger.critical(
logger.error(
f"Check '{check_name}' was not found for the {provider.upper()} provider"
)
sys.exit(1)
except Exception as error:
logger.error(
f"{check_name} - {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
@@ -510,19 +508,17 @@ def execute_checks(
checks_executed,
)
all_findings.extend(check_findings)
bar()
# If check does not exists in the provider or is from another provider
except ModuleNotFoundError:
logger.critical(
logger.error(
f"Check '{check_name}' was not found for the {provider.upper()} provider"
)
bar.title = f"-> {Fore.RED}Scan was aborted!{Style.RESET_ALL}"
sys.exit(1)
except Exception as error:
logger.error(
f"{check_name} - {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
bar()
bar.title = f"-> {Fore.GREEN}Scan completed!{Style.RESET_ALL}"
return all_findings

21
prowler/lib/check/checks_loader.py
View File

@@ -1,3 +1,5 @@
from colorama import Fore, Style
from prowler.lib.check.check import (
parse_checks_from_compliance_framework,
parse_checks_from_file,
@@ -77,4 +79,23 @@ def load_checks_to_execute(
check_name = check_info[0]
checks_to_execute.add(check_name)
# Get Check Aliases mapping
check_aliases = {}
for check, metadata in bulk_checks_metadata.items():
for alias in metadata.CheckAliases:
check_aliases[alias] = check
# Verify if any input check is an alias of another check
for input_check in checks_to_execute:
if (
input_check in check_aliases
and check_aliases[input_check] not in checks_to_execute
):
# Remove input check name and add the real one
checks_to_execute.remove(input_check)
checks_to_execute.add(check_aliases[input_check])
print(
f"\nUsing alias {Fore.YELLOW}{input_check}{Style.RESET_ALL} for check {Fore.YELLOW}{check_aliases[input_check]}{Style.RESET_ALL}...\n"
)
return checks_to_execute

1
prowler/lib/check/models.py
View File

@@ -38,6 +38,7 @@ class Check_Metadata_Model(BaseModel):
CheckID: str
CheckTitle: str
CheckType: list[str]
CheckAliases: list[str] = []
ServiceName: str
SubServiceName: str
ResourceIdTemplate: str

3
prowler/providers/aws/services/apigateway/apigateway_restapi_authorizers_enabled/apigateway_restapi_authorizers_enabled.metadata.json
View File

@@ -2,6 +2,9 @@
"Provider": "aws",
"CheckID": "apigateway_restapi_authorizers_enabled",
"CheckTitle": "Check if API Gateway has configured authorizers.",
"CheckAliases": [
"apigateway_authorizers_enabled"
],
"CheckType": [
"IAM"
],

3
prowler/providers/aws/services/apigateway/apigateway_restapi_client_certificate_enabled/apigateway_restapi_client_certificate_enabled.metadata.json
View File

@@ -2,6 +2,9 @@
"Provider": "aws",
"CheckID": "apigateway_restapi_client_certificate_enabled",
"CheckTitle": "Check if API Gateway Stage has client certificate enabled to access your backend endpoint.",
"CheckAliases": [
"apigateway_client_certificate_enabled"
],
"CheckType": [
"Data Protection"
],

3
prowler/providers/aws/services/apigateway/apigateway_restapi_logging_enabled/apigateway_restapi_logging_enabled.metadata.json
View File

@@ -2,6 +2,9 @@
"Provider": "aws",
"CheckID": "apigateway_restapi_logging_enabled",
"CheckTitle": "Check if API Gateway Stage has logging enabled.",
"CheckAliases": [
"apigateway_logging_enabled"
],
"CheckType": [
"Logging and Monitoring"
],

3
prowler/providers/aws/services/apigateway/apigateway_restapi_public/apigateway_restapi_public.metadata.json
View File

@@ -2,6 +2,9 @@
"Provider": "aws",
"CheckID": "apigateway_restapi_public",
"CheckTitle": "Check if API Gateway endpoint is public or private.",
"CheckAliases": [
"apigateway_public"
],
"CheckType": [
"Infrastructure Security"
],

3
prowler/providers/aws/services/apigateway/apigateway_restapi_public_with_authorizer/apigateway_restapi_public_with_authorizer.metadata.json
View File

@@ -2,6 +2,9 @@
"Provider": "aws",
"CheckID": "apigateway_restapi_public_with_authorizer",
"CheckTitle": "Check if API Gateway public endpoint has an authorizer configured.",
"CheckAliases": [
"apigateway_public_with_authorizer"
],
"CheckType": [
"Infrastructure Security"
],

3
prowler/providers/aws/services/apigateway/apigateway_restapi_waf_acl_attached/apigateway_restapi_waf_acl_attached.metadata.json
View File

@@ -2,6 +2,9 @@
"Provider": "aws",
"CheckID": "apigateway_restapi_waf_acl_attached",
"CheckTitle": "Check if API Gateway Stage has a WAF ACL attached.",
"CheckAliases": [
"apigateway_waf_acl_attached"
],
"CheckType": [
"Infrastructure Security"
],

3
prowler/providers/aws/services/apigatewayv2/apigatewayv2_api_access_logging_enabled/apigatewayv2_api_access_logging_enabled.metadata.json
View File

@@ -2,6 +2,9 @@
"Provider": "aws",
"CheckID": "apigatewayv2_api_access_logging_enabled",
"CheckTitle": "Ensure API Gateway V2 has Access Logging enabled.",
"CheckAliases": [
"apigatewayv2_access_logging_enabled"
],
"CheckType": [
"IAM"
],

3
prowler/providers/aws/services/apigatewayv2/apigatewayv2_api_authorizers_enabled/apigatewayv2_api_authorizers_enabled.metadata.json
View File

@@ -2,6 +2,9 @@
"Provider": "aws",
"CheckID": "apigatewayv2_api_authorizers_enabled",
"CheckTitle": "Checks if API Gateway V2 has configured authorizers.",
"CheckAliases": [
"apigatewayv2_authorizers_enabled"
],
"CheckType": [
"Logging and Monitoring"
],