diff --git a/prowler/CHANGELOG.md b/prowler/CHANGELOG.md index b040b32a78..d9e512672c 100644 --- a/prowler/CHANGELOG.md +++ b/prowler/CHANGELOG.md @@ -2,6 +2,14 @@ All notable changes to the **Prowler SDK** are documented in this file. +## [5.31.1] (Prowler UNRELEASED) + +### 🐞 Fixed + +- Alibaba Cloud `ram_password_policy_number` and `cs_kubernetes_cluster_check_weekly` checks not being loaded due to missing implementation and package files [(#11683)](https://github.com/prowler-cloud/prowler/pull/11683) + +--- + ## [5.31.0] (Prowler v5.31.0) ### 🚀 Added diff --git a/prowler/providers/alibabacloud/services/cs/cs_kubernetes_cluster_check_weekly/__init__.py b/prowler/providers/alibabacloud/services/cs/cs_kubernetes_cluster_check_weekly/__init__.py new file mode 100644 index 0000000000..e69de29bb2 diff --git a/prowler/providers/alibabacloud/services/ram/ram_password_policy_number/ram_password_policy_number.py b/prowler/providers/alibabacloud/services/ram/ram_password_policy_number/ram_password_policy_number.py new file mode 100644 index 0000000000..305570289c --- /dev/null +++ b/prowler/providers/alibabacloud/services/ram/ram_password_policy_number/ram_password_policy_number.py @@ -0,0 +1,34 @@ +from prowler.lib.check.models import Check, CheckReportAlibabaCloud +from prowler.providers.alibabacloud.services.ram.ram_client import ram_client + + +class ram_password_policy_number(Check): + """Check if RAM password policy requires at least one number.""" + + def execute(self) -> list[CheckReportAlibabaCloud]: + findings = [] + + if ram_client.password_policy: + report = CheckReportAlibabaCloud( + metadata=self.metadata(), resource=ram_client.password_policy + ) + report.region = ram_client.region + report.resource_id = f"{ram_client.audited_account}-password-policy" + report.resource_arn = ( + f"acs:ram::{ram_client.audited_account}:password-policy" + ) + + if ram_client.password_policy.require_numbers: + report.status = "PASS" + report.status_extended = ( + "RAM password policy requires at least one number." + ) + else: + report.status = "FAIL" + report.status_extended = ( + "RAM password policy does not require at least one number." + ) + + findings.append(report) + + return findings diff --git a/tests/providers/alibabacloud/services/ram/ram_password_policy_number/ram_password_policy_number_test.py b/tests/providers/alibabacloud/services/ram/ram_password_policy_number/ram_password_policy_number_test.py new file mode 100644 index 0000000000..cc9b9ab35e --- /dev/null +++ b/tests/providers/alibabacloud/services/ram/ram_password_policy_number/ram_password_policy_number_test.py @@ -0,0 +1,67 @@ +from unittest import mock + +from tests.providers.alibabacloud.alibabacloud_fixtures import ( + set_mocked_alibabacloud_provider, +) + + +class TestRamPasswordPolicyNumber: + def test_numbers_not_required_fails(self): + ram_client = mock.MagicMock() + ram_client.audited_account = "1234567890" + ram_client.region = "cn-hangzhou" + + with ( + mock.patch( + "prowler.providers.common.provider.Provider.get_global_provider", + return_value=set_mocked_alibabacloud_provider(), + ), + mock.patch( + "prowler.providers.alibabacloud.services.ram.ram_password_policy_number.ram_password_policy_number.ram_client", + new=ram_client, + ), + ): + from prowler.providers.alibabacloud.services.ram.ram_password_policy_number.ram_password_policy_number import ( + ram_password_policy_number, + ) + from prowler.providers.alibabacloud.services.ram.ram_service import ( + PasswordPolicy, + ) + + ram_client.password_policy = PasswordPolicy(require_numbers=False) + + check = ram_password_policy_number() + result = check.execute() + + assert len(result) == 1 + assert result[0].status == "FAIL" + + def test_numbers_required_passes(self): + ram_client = mock.MagicMock() + ram_client.audited_account = "1234567890" + ram_client.region = "cn-hangzhou" + + with ( + mock.patch( + "prowler.providers.common.provider.Provider.get_global_provider", + return_value=set_mocked_alibabacloud_provider(), + ), + mock.patch( + "prowler.providers.alibabacloud.services.ram.ram_password_policy_number.ram_password_policy_number.ram_client", + new=ram_client, + ), + ): + from prowler.providers.alibabacloud.services.ram.ram_password_policy_number.ram_password_policy_number import ( + ram_password_policy_number, + ) + from prowler.providers.alibabacloud.services.ram.ram_service import ( + PasswordPolicy, + ) + + ram_client.password_policy = PasswordPolicy(require_numbers=True) + + check = ram_password_policy_number() + result = check.execute() + + assert len(result) == 1 + assert result[0].status == "PASS"