ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
3,627 Commits 1 Branch 0 Tags
master
Commit Graph

352 Commits

Author SHA1 Message Date
Nacho Rivera
46f85e6395 fix(ec2 tests): add tags and region non sg checks (#2781) 2023-08-30 16:10:27 +02:00
Nacho Rivera
276f6f9fb1 fix(ec2_securitygroup_default_restrict_traffic): fix check only allow empty rules (#2777) 2023-08-25 12:42:26 +02:00
Pepe Fagoaga
21c52db66b test(vpc_endpoint_services_allowed_principals_trust_boundaries) (#2768) 2023-08-25 10:56:47 +02:00
Pepe Fagoaga
13cfa02f80 fix(test): Update moto to 4.1.15 and update tests (#2769) 2023-08-25 10:56:39 +02:00
Pepe Fagoaga
eedfbe3e7a fix(iam_policy_allows_privilege_escalation): Not use search for checking API actions (#2772) 2023-08-25 10:56:28 +02:00
Pepe Fagoaga
cb76e5a23c chore(s3): Move lib to the AWS provider and include tests (#2664) 2023-08-23 16:12:48 +02:00
Pepe Fagoaga
06a0b12efb fix(iam_policy_allows_privilege_escalation): Handle admin permission so * (#2763) 2023-08-23 10:40:06 +02:00
gerardocampo
e5d2c0c700 feat(iam): Check inline policies in IAM Users, Groups & Roles for admin priv's (#2750) 
Co-authored-by: Gerard Ocampo <gerard.ocampo@zelis.com>
Co-authored-by: Pepe Fagoaga <pepe@verica.io>
 2023-08-23 08:29:13 +02:00
Pepe Fagoaga
590a5669d6 fix(nacls): Tests (#2760) 2023-08-22 22:26:19 +02:00
Geoff Singer
cb2ef23a29 feat(s3): Add S3 KMS encryption check (#2757) 
Co-authored-by: Pepe Fagoaga <pepe@verica.io>
 2023-08-22 08:28:17 +02:00
Pepe Fagoaga
7c45cb45ae feat(ecr_repositories_scan_vulnerabilities_in_latest_image): Minimum severity is configurable (#2736) 2023-08-18 09:17:02 +02:00
Pepe Fagoaga
ac11c6729b chore(tests): Replace sure with standard assert (#2738) 2023-08-17 11:36:45 +02:00
Pepe Fagoaga
bc5a7a961b tests(check_security_group) (#2740) 2023-08-17 11:36:17 +02:00
vysakh-devopspace
54a9f412e8 feat(ec2): New check ec2_instance_detailed_monitoring_enabled (#2735) 
Co-authored-by: Vysakh <venugopal.vysakh@gmail.com>
Co-authored-by: Pepe Fagoaga <pepe@verica.io>
 2023-08-16 14:31:06 +02:00
Pepe Fagoaga
8cdc7b18c7 fix(test-vpc): use the right import paths (#2732) 2023-08-16 09:17:18 +02:00
christiandavilakoobin
9f2e87e9fb fix(is_account_only_allowed_in_condition): Context name on conditions are case-insensitive (#2726) 2023-08-16 08:27:24 +02:00
Pepe Fagoaga
fc53b28997 test(s3): Mock S3Control when used (#2722) 2023-08-14 21:48:05 +02:00
Pepe Fagoaga
54137be92b test(python): 3.9, 3.10, 3.11 (#2718) 2023-08-14 21:08:29 +02:00
Pepe Fagoaga
4454d9115e chore(aws): 2nd round - Improve tests and include dot in status extended (#2714) 2023-08-12 01:41:35 +02:00
Pepe Fagoaga
0313dba7b4 chore(aws): Improve tests and status from accessanalyzer to cloudwatch (#2711) 2023-08-11 11:04:04 +02:00
christiandavilakoobin
ade511df28 fix(sns): allow default SNS policy with SourceOwner (#2698) 
Co-authored-by: Azure Pipeplines CI <monitor@koobin.com>
Co-authored-by: Sergio Garcia <sergargar1@gmail.com>
Co-authored-by: Pepe Fagoaga <pepe@verica.io>
 2023-08-10 12:13:57 +02:00
Pepe Fagoaga
f4308032c3 fix(cloudfront): fix ViewerProtocolPolicy and GeoRestrictionType (#2701) 2023-08-10 12:02:49 +02:00
Pepe Fagoaga
d41b0332ac feat(athena): New AWS Athena service + 2 workgroup checks (#2696) 2023-08-10 10:23:17 +02:00
Sergio Garcia
36e095c830 fix(iam_role_cross_service_confused_deputy_prevention): add ResourceAccount and PrincipalAccount conditions (#2689) 2023-08-09 10:41:48 +02:00
Pepe Fagoaga
13059e0568 fix(ec2-securitygroups): Handle IPv6 public (#2690) 2023-08-09 10:08:30 +02:00
Pepe Fagoaga
9e8023d716 fix(config): Pass a configuration file using --config-file config.yaml (#2679) 2023-08-09 09:52:45 +02:00
Pepe Fagoaga
efa75a62e3 fix(iam_policy_allows_privilege_escalation): Handle permissions in groups (#2655) 2023-08-03 10:40:51 +02:00
Pepe Fagoaga
5763bca317 refactor(vpc_endpoint_connections_trust_boundaries) (#2667) 2023-08-03 09:56:09 +02:00
Pepe Fagoaga
c335334402 fix(test_only_aws_service_linked_roles): Flaky test (#2666) 2023-08-03 09:18:06 +02:00
Pepe Fagoaga
5bf3f70717 fix(vpc_endpoint_connections_trust_boundaries): Handle AWS Account ID as Principal (#2611) 2023-08-03 09:16:58 +02:00
Sergio Garcia
aced44f051 fix(sns): handle topic policy conditions (#2660) 2023-08-02 11:45:27 +02:00
Sergio Garcia
78f0b823a9 fix(s3_bucket_level_public_access_block): check s3 public access block at account level (#2653) 2023-08-01 11:24:58 +02:00
Pepe Fagoaga
7bdca0420e fix(cloudtrail): Set status to INFO when trail is outside the audited account (#2643) 2023-07-31 17:50:21 +02:00
Pepe Fagoaga
b4e78d28f8 fix(test): mock VPC client (#2640) 2023-07-31 11:19:15 +02:00
Pepe Fagoaga
e3d4e38a59 feat(aws): New AWSService class as parent (#2638) 2023-07-31 11:18:54 +02:00
Pepe Fagoaga
386f558eae fix(ec2_instance_secrets_user_data): Include line numbers in status (#2639) 2023-07-31 10:33:34 +02:00
Chris Farris
03ad403e7a feat(s3): Add checks for publicly listable Buckets or writable buckets by ACL (#2628) 
Co-authored-by: Pepe Fagoaga <pepe@verica.io>
 2023-07-31 08:35:18 +02:00
Gabriel Pragin
965327e801 chore(typos): Update check's status (#2629) 
Co-authored-by: Pepe Fagoaga <pepe@verica.io>
 2023-07-27 11:44:09 +02:00
Pepe Fagoaga
a5c63845b4 test: security groups (#2627) 2023-07-26 16:29:27 +02:00
Sergio Garcia
6328ef4444 fix(guardduty): handle disabled detectors in guardduty_is_enabled (#2616) 2023-07-25 12:26:37 +02:00
dependabot[bot]
18f02fac68 build(deps-dev): bump moto from 4.1.12 to 4.1.13 (#2598) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Sergio Garcia <sergargar1@gmail.com>
 2023-07-18 10:37:34 +02:00
Pepe Fagoaga
28ea37f367 test(aws_provider): Role and User MFA (#2486) 2023-07-18 09:36:37 +02:00
Gabriel Pragin
65a737bb58 chore(metadata): Typos (#2595) 
Co-authored-by: Pepe Fagoaga <pepe@verica.io>
 2023-07-18 09:27:58 +02:00
Pepe Fagoaga
02519a4429 fix(assume_role): Set the AWS STS endpoint region (#2587) 2023-07-17 10:09:48 +02:00
Nacho Rivera
8f015d0672 fix(allowlist): single account checks handling (#2585) 
Co-authored-by: thomscode <thomscode@gmail.com>
 2023-07-14 09:55:27 +02:00
Nacho Rivera
d1c91093e2 feat(cond parser): add policy cond parser & apply in sqs public check (#2575) 2023-07-12 15:39:01 +02:00
Nacho Rivera
66fe101ccd fix(allowlist): handle wildcard in account field (#2577) 2023-07-12 14:22:42 +02:00
Nacho Rivera
b1968f3f8b fix(allowlist): reformat allowlist logic (#2555) 
Co-authored-by: Sergio Garcia <sergargar1@gmail.com>
 2023-07-06 15:33:32 +02:00
Nacho Rivera
7097ca401d feat(lambda allowlist): mapping lambda/awslambda in allowlist (#2554) 2023-07-05 11:49:42 +02:00
Nacho Rivera
6403feaff9 fix(cloudwatch secrets): fix nonetype error handling (#2543) 2023-07-03 12:52:46 +02:00