fix(sns_topics_not_publicly_accessible): Change PASS behaviour (#2282)

2026-02-11 07:15:15 +00:00 · 2023-04-26 12:51:51 +02:00
parent 7adcf5ca46
commit fdbdb3ad86
2 changed files with 33 additions and 14 deletions
--- a/prowler/providers/aws/services/sns/sns_topics_not_publicly_accessible/sns_topics_not_publicly_accessible.py
+++ b/prowler/providers/aws/services/sns/sns_topics_not_publicly_accessible/sns_topics_not_publicly_accessible.py
@@ -12,7 +12,7 @@ class sns_topics_not_publicly_accessible(Check):
            report.resource_arn = topic.arn
            report.resource_tags = topic.tags
            report.status = "PASS"
-            report.status_extended = f"SNS topic {topic.name} without public access"
+            report.status_extended = f"SNS topic {topic.name} is not publicly accesible"
            if topic.policy:
                for statement in topic.policy["Statement"]:
                    # Only check allow statements
@@ -31,11 +31,11 @@ class sns_topics_not_publicly_accessible(Check):
                            if "Condition" not in statement:
                                report.status = "FAIL"
                                report.status_extended = (
-                                    f"SNS topic {topic.name} policy with public access"
+                                    f"SNS topic {topic.name} is publicly accesible"
                                )
                            else:
-                                report.status = "FAIL"
-                                report.status_extended = f"SNS topic {topic.name} policy with public access but has a Condition"
+                                report.status = "PASS"
+                                report.status_extended = f"SNS topic {topic.name} is publicly accesible but has a Condition that could filter it"

            findings.append(report)