From 2f50aaa9c142aba2c950cd271043731b23fff64b Mon Sep 17 00:00:00 2001 From: Sergio Garcia Date: Tue, 16 Jan 2024 11:16:11 +0100 Subject: [PATCH] resolve conflicts --- prowler/__main__.py | 2 +- prowler/lib/check/managers.py | 104 ++++++++++-------- prowler/lib/ui/live_display.py | 4 +- .../policy_condition_parser.py | 2 +- ...onfig_recorder_all_regions_enabled_test.py | 2 +- 5 files changed, 65 insertions(+), 49 deletions(-) diff --git a/prowler/__main__.py b/prowler/__main__.py index 5ef7c64bb0..9f48dd5656 100644 --- a/prowler/__main__.py +++ b/prowler/__main__.py @@ -6,6 +6,7 @@ import sys from colorama import Fore, Style +from prowler.config.config import get_available_compliance_frameworks from prowler.lib.check.check import ( bulk_load_checks_metadata, bulk_load_compliance_frameworks, @@ -38,7 +39,6 @@ from prowler.lib.outputs.outputs import extract_findings_statistics from prowler.lib.outputs.slack import send_slack_message from prowler.lib.outputs.summary_table import display_summary_table from prowler.lib.ui.live_display import live_display -from prowler.providers.aws.aws_provider import get_available_aws_service_regions from prowler.providers.aws.lib.s3.s3 import send_to_s3_bucket from prowler.providers.aws.lib.security_hub.security_hub import ( batch_send_to_security_hub, diff --git a/prowler/lib/check/managers.py b/prowler/lib/check/managers.py index 00ee8ca468..eaf42e7fb2 100644 --- a/prowler/lib/check/managers.py +++ b/prowler/lib/check/managers.py @@ -13,7 +13,8 @@ from prowler.lib.check.models import Check from prowler.lib.logger import logger from prowler.lib.outputs.outputs import report from prowler.lib.ui.live_display import live_display -from prowler.providers.aws.lib.allowlist.allowlist import allowlist_findings +from prowler.providers.aws.lib.mutelist.mutelist import mutelist_findings +from prowler.providers.common.common import get_global_provider from prowler.providers.common.models import Audit_Metadata from prowler.providers.common.outputs import Provider_Output_Options @@ -185,7 +186,17 @@ class ExecutionManager: def execute_checks(self) -> list: # List to store all the check's findings all_findings = [] + # Services and checks executed for the Audit Status + global_provider = get_global_provider() + + # Initialize the Audit Metadata + global_provider.audit_metadata = Audit_Metadata( + services_scanned=0, + expected_checks=self.checks_to_execute, + completed_checks=0, + audit_progress=0, + ) if os.name != "nt": try: from resource import RLIMIT_NOFILE, getrlimit @@ -263,51 +274,56 @@ class ExecutionManager: service: str, check_name: str, ): - # Import check module - check_module_path = f"prowler.providers.{self.provider}.services.{service}.{check_name}.{check_name}" - lib = self.import_check(check_module_path) - # Recover functions from check - check_to_execute = getattr(lib, check_name) - c = check_to_execute() + try: + # Import check module + check_module_path = f"prowler.providers.{self.provider}.services.{service}.{check_name}.{check_name}" + lib = self.import_check(check_module_path) + # Recover functions from check + check_to_execute = getattr(lib, check_name) + c = check_to_execute() - # Update check metadata to reflect that in the outputs - if self.custom_checks_metadata and self.custom_checks_metadata["Checks"].get( - c.CheckID - ): - c = update_check_metadata( - c, self.custom_checks_metadata["Checks"][c.CheckID] - ) - - # Run check - check_findings = self.run_check(c, self.audit_output_options) - - # Update Audit Status - self.update_tracking(service, check_name) - self.update_audit_metadata() - - # Allowlist findings - if self.audit_output_options.allowlist_file: - check_findings = allowlist_findings( - self.audit_output_options.allowlist_file, - self.audit_info.audited_account, - check_findings, - ) - - # Report the check's findings - report(check_findings, self.audit_output_options, self.audit_info) - - if os.environ.get("PROWLER_REPORT_LIB_PATH"): - try: - logger.info("Using custom report interface ...") - lib = os.environ["PROWLER_REPORT_LIB_PATH"] - outputs_module = importlib.import_module(lib) - custom_report_interface = getattr(outputs_module, "report") - - custom_report_interface( - check_findings, self.audit_output_options, self.audit_info + # Update check metadata to reflect that in the outputs + if self.custom_checks_metadata and self.custom_checks_metadata[ + "Checks" + ].get(c.CheckID): + c = update_check_metadata( + c, self.custom_checks_metadata["Checks"][c.CheckID] ) - except Exception: - sys.exit(1) + + # Run check + check_findings = self.run_check(c, self.audit_output_options) + + # Update Audit Status + self.update_tracking(service, check_name) + self.update_audit_metadata() + + # Mutelist findings + if self.audit_output_options.mutelist_file: + check_findings = mutelist_findings( + self.audit_output_options.mutelist_file, + self.audit_info.audited_account, + check_findings, + ) + + # Report the check's findings + report(check_findings, self.audit_output_options, self.audit_info) + + if os.environ.get("PROWLER_REPORT_LIB_PATH"): + try: + logger.info("Using custom report interface ...") + lib = os.environ["PROWLER_REPORT_LIB_PATH"] + outputs_module = importlib.import_module(lib) + custom_report_interface = getattr(outputs_module, "report") + + custom_report_interface( + check_findings, self.audit_output_options, self.audit_info + ) + except Exception: + sys.exit(1) + except Exception as error: + logger.error( + f"{check_name} - {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + ) return check_findings diff --git a/prowler/lib/ui/live_display.py b/prowler/lib/ui/live_display.py index 12a9c8064f..ea8f72f4b7 100644 --- a/prowler/lib/ui/live_display.py +++ b/prowler/lib/ui/live_display.py @@ -276,12 +276,12 @@ class IntroSection: [info]Date: {timestamp.strftime('%Y-%m-%d %H:%M:%S')}[/info] """ - if args.verbose or args.quiet or True: + if args.verbose: banner_text += """ Color code for results: - [info]INFO (Information)[/info] - [pass]PASS (Recommended value)[/pass] -- [orange_color]WARNING (Ignored by allowlist)[/orange_color] +- [orange_color]WARNING (Ignored by mutelist)[/orange_color] - [fail]FAIL (Fix required)[/fail] """ self.renderables.append(banner_text) diff --git a/prowler/providers/aws/lib/policy_condition_parser/policy_condition_parser.py b/prowler/providers/aws/lib/policy_condition_parser/policy_condition_parser.py index d88d63bce7..ac9139d18b 100644 --- a/prowler/providers/aws/lib/policy_condition_parser/policy_condition_parser.py +++ b/prowler/providers/aws/lib/policy_condition_parser/policy_condition_parser.py @@ -4,7 +4,7 @@ def is_condition_block_restrictive( """ is_condition_block_restrictive parses the IAM Condition policy block and, by default, returns True if the source_account passed as argument is within, False if not. - If argument is_cross_account_allowed is True it tests if the Condition block includes any of the operators allowlisted returning True if does, False if not. + If argument is_cross_account_allowed is True it tests if the Condition block includes any of the operators mutelisted returning True if does, False if not. @param condition_statement: dict with an IAM Condition block, e.g.: diff --git a/tests/providers/aws/services/config/config_recorder_all_regions_enabled/config_recorder_all_regions_enabled_test.py b/tests/providers/aws/services/config/config_recorder_all_regions_enabled/config_recorder_all_regions_enabled_test.py index 958b948abb..5fe1b6b498 100644 --- a/tests/providers/aws/services/config/config_recorder_all_regions_enabled/config_recorder_all_regions_enabled_test.py +++ b/tests/providers/aws/services/config/config_recorder_all_regions_enabled/config_recorder_all_regions_enabled_test.py @@ -144,7 +144,7 @@ class Test_config_recorder_all_regions_enabled: current_audit_info = set_mocked_aws_audit_info( audited_regions=[AWS_REGION_EU_SOUTH_2, AWS_REGION_US_EAST_1], profile_region=AWS_REGION_EU_SOUTH_2, - audit_config={"allowlist_non_default_regions": True}, + audit_config={"mutelist_non_default_regions": True}, ) with mock.patch(