From fdbdb3ad86d5ff12cc80f5fa2eafebdc7d8b4193 Mon Sep 17 00:00:00 2001
From: Pepe Fagoaga <pepe@verica.io>
Date: Wed, 26 Apr 2023 12:51:51 +0200
Subject: [PATCH] fix(sns_topics_not_publicly_accessible): Change PASS
 behaviour (#2282)

---
 .../sns_topics_not_publicly_accessible.py     |  8 ++--
 ...sns_topics_not_publicly_accessible_test.py | 39 ++++++++++++++-----
 2 files changed, 33 insertions(+), 14 deletions(-)

diff --git a/prowler/providers/aws/services/sns/sns_topics_not_publicly_accessible/sns_topics_not_publicly_accessible.py b/prowler/providers/aws/services/sns/sns_topics_not_publicly_accessible/sns_topics_not_publicly_accessible.py
index 39cb41b7..e93a4be6 100644
--- a/prowler/providers/aws/services/sns/sns_topics_not_publicly_accessible/sns_topics_not_publicly_accessible.py
+++ b/prowler/providers/aws/services/sns/sns_topics_not_publicly_accessible/sns_topics_not_publicly_accessible.py
@@ -12,7 +12,7 @@ class sns_topics_not_publicly_accessible(Check):
             report.resource_arn = topic.arn
             report.resource_tags = topic.tags
             report.status = "PASS"
-            report.status_extended = f"SNS topic {topic.name} without public access"
+            report.status_extended = f"SNS topic {topic.name} is not publicly accesible"
             if topic.policy:
                 for statement in topic.policy["Statement"]:
                     # Only check allow statements
@@ -31,11 +31,11 @@ class sns_topics_not_publicly_accessible(Check):
                             if "Condition" not in statement:
                                 report.status = "FAIL"
                                 report.status_extended = (
-                                    f"SNS topic {topic.name} policy with public access"
+                                    f"SNS topic {topic.name} is publicly accesible"
                                 )
                             else:
-                                report.status = "FAIL"
-                                report.status_extended = f"SNS topic {topic.name} policy with public access but has a Condition"
+                                report.status = "PASS"
+                                report.status_extended = f"SNS topic {topic.name} is publicly accesible but has a Condition that could filter it"
 
             findings.append(report)
 
diff --git a/tests/providers/aws/services/sns/sns_topics_not_publicly_accessible/sns_topics_not_publicly_accessible_test.py b/tests/providers/aws/services/sns/sns_topics_not_publicly_accessible/sns_topics_not_publicly_accessible_test.py
index 951df40d..afdc2441 100644
--- a/tests/providers/aws/services/sns/sns_topics_not_publicly_accessible/sns_topics_not_publicly_accessible_test.py
+++ b/tests/providers/aws/services/sns/sns_topics_not_publicly_accessible/sns_topics_not_publicly_accessible_test.py
@@ -1,4 +1,3 @@
-from re import search
 from unittest import mock
 from uuid import uuid4
 
@@ -61,7 +60,7 @@ class Test_sns_topics_not_publicly_accessible:
             result = check.execute()
             assert len(result) == 0
 
-    def test_topics_not_public(self):
+    def test_topic_not_public(self):
         sns_client = mock.MagicMock
         sns_client.topics = []
         sns_client.topics.append(
@@ -84,11 +83,16 @@ class Test_sns_topics_not_publicly_accessible:
             result = check.execute()
             assert len(result) == 1
             assert result[0].status == "PASS"
-            assert search("without public access", result[0].status_extended)
+            assert (
+                result[0].status_extended
+                == f"SNS topic {topic_name} is not publicly accesible"
+            )
             assert result[0].resource_id == topic_name
             assert result[0].resource_arn == topic_arn
+            assert result[0].region == AWS_REGION
+            assert result[0].resource_tags == []
 
-    def test_topics_no_policy(self):
+    def test_topic_no_policy(self):
         sns_client = mock.MagicMock
         sns_client.topics = []
         sns_client.topics.append(
@@ -106,11 +110,16 @@ class Test_sns_topics_not_publicly_accessible:
             result = check.execute()
             assert len(result) == 1
             assert result[0].status == "PASS"
-            assert search("without public access", result[0].status_extended)
+            assert (
+                result[0].status_extended
+                == f"SNS topic {topic_name} is not publicly accesible"
+            )
             assert result[0].resource_id == topic_name
             assert result[0].resource_arn == topic_arn
+            assert result[0].region == AWS_REGION
+            assert result[0].resource_tags == []
 
-    def test_topics_public_with_condition(self):
+    def test_topic_public_with_condition(self):
         sns_client = mock.MagicMock
         sns_client.topics = []
         sns_client.topics.append(
@@ -132,12 +141,17 @@ class Test_sns_topics_not_publicly_accessible:
             check = sns_topics_not_publicly_accessible()
             result = check.execute()
             assert len(result) == 1
-            assert result[0].status == "FAIL"
-            assert search("but has a Condition", result[0].status_extended)
+            assert result[0].status == "PASS"
+            assert (
+                result[0].status_extended
+                == f"SNS topic {topic_name} is publicly accesible but has a Condition that could filter it"
+            )
             assert result[0].resource_id == topic_name
             assert result[0].resource_arn == topic_arn
+            assert result[0].region == AWS_REGION
+            assert result[0].resource_tags == []
 
-    def test_topics_no_key(self):
+    def test_topic_public(self):
         sns_client = mock.MagicMock
         sns_client.topics = []
         sns_client.topics.append(
@@ -160,6 +174,11 @@ class Test_sns_topics_not_publicly_accessible:
             result = check.execute()
             assert len(result) == 1
             assert result[0].status == "FAIL"
-            assert search("with public access", result[0].status_extended)
+            assert (
+                result[0].status_extended
+                == f"SNS topic {topic_name} is publicly accesible"
+            )
             assert result[0].resource_id == topic_name
             assert result[0].resource_arn == topic_arn
+            assert result[0].region == AWS_REGION
+            assert result[0].resource_tags == []