feat(parse_regions): Add AWS regions parser && Dockerfile (#1537)

2026-01-25 02:08:11 +00:00 · 2022-12-13 19:00:43 +01:00
parent bb09267f2a
commit 388c0b2b9f
10 changed files with 5984 additions and 2 deletions
--- a/.github/workflows/pull-request.yml
+++ b/.github/workflows/pull-request.yml
@@ -27,6 +27,11 @@ jobs:
          pip install pipenv
          pipenv install --dev
          pipenv run pip list
+          VERSION=$(curl --silent "https://api.github.com/repos/hadolint/hadolint/releases/latest" | \
+            grep '"tag_name":' | \
+            sed -E 's/.*"v([^"]+)".*/\1/' \
+            ) && curl -L -o /tmp/hadolint https://github.com/hadolint/hadolint/releases/download/v${VERSION}/hadolint-Linux-x86_64 \
+            && chmod +x /tmp/hadolint
      - name: Lint with flake8
        run: |
          pipenv run flake8 . --ignore=E266,W503,E203,E501,W605,E128 --exclude contrib
@@ -45,6 +50,9 @@ jobs:
      - name: Vulture
        run: |
          pipenv run vulture --exclude "contrib" --min-confidence 100 .
+      - name: Hadolint
+        run: |
+          /tmp/hadolint Dockerfile --ignore=DL3013
      - name: Test with pytest
        run: |
          pipenv run pytest tests -n auto
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -53,6 +53,12 @@ repos:
    hooks:
      - id: check-pipfile-lock

+  - repo: https://github.com/hadolint/hadolint
+    rev: v2.12.0
+    hooks:
+      - id: hadolint
+        args: ["--ignore=DL3013"]
+
  - repo: local
    hooks:
      - id: pylint
--- a/20
+++ b/20
@@ -0,0 +1,20 @@
+FROM python:3.9-alpine
+
+# Update system dependencies
+RUN apk --no-cache update && apk --no-cache upgrade
+
+# Install dependencies
+ENV PATH="$HOME/.local/bin:$PATH"
+RUN pip install --no-cache-dir --upgrade pip && \
+    pip install --no-cache-dir prowler-cloud
+
+# Create nonroot user
+RUN mkdir -p /home/prowler && \ 
+    echo 'prowler:x:1000:1000:prowler:/home/prowler:' > /etc/passwd && \
+    echo 'prowler:x:1000:' > /etc/group && \
+    chown -R prowler:prowler /home/prowler
+
+USER prowler
+WORKDIR /home/prowler
+
+ENTRYPOINT ["prowler"]
--- a/docs/index.md
+++ b/docs/index.md
@@ -6,13 +6,13 @@
 # Prowler Documentation

 Welcome to [Prowler Open Source v3](https://github.com/prowler-cloud/prowler/) Documentation! 📄
+> For **Prowler v2**, you can access [here](https://github.com/prowler-cloud/prowler/tree/2.12.0) to the branch and README.

 - You are currently in the **Getting Started** section where you can find general information and requirements to help you start with the tool.
 - In the [Tutorials](tutorials/overview) section you will see how to take advantage of all the features in Prowler.
 - In the [Contact Us](contact) section you can find how to reach us out in case of technical issues.
 - In the [About](about) section you will find more information about the Prowler team and license.

-> For Prowler v2, you can access [here](https://github.com/prowler-cloud/prowler/tree/2.12.0) to the branch and README.
 ## About Prowler

 **Prowler** is an Open Source security tool to perform AWS and Azure security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness.
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -7,7 +7,7 @@ site_description: >-
 # Theme Configuration
 theme:
  language: en
-  logo: img/ProwlerPro-icon.svg
+  logo: img/prowler-logo.png
  name: material
  favicon: img/ProwlerPro-icon.svg
  features:
--- a/prowler/main.py
+++ b/prowler/main.py
@@ -9,6 +9,7 @@ from os.path import isdir
 from prowler.config.config import (
    change_config_var,
    default_output_directory,
+    get_aws_available_regions,
    output_file_timestamp,
 )
 from prowler.lib.banner import print_banner, print_version
@@ -171,6 +172,7 @@ def prowler():
        "--filter-region",
        nargs="+",
        help="AWS region names to run Prowler against",
+        choices=get_aws_available_regions(),
    )
    parser.add_argument(
        "-M",
--- a/prowler/config/config.py
+++ b/prowler/config/config.py
@@ -1,9 +1,11 @@
+import os
 from datetime import datetime, timezone
 from os import getcwd

 import yaml

 from prowler.lib.logger import logger
+from prowler.lib.utils.utils import open_file, parse_json_file

 timestamp = datetime.today()
 timestamp_utc = datetime.now(timezone.utc).replace(tzinfo=timezone.utc)
@@ -55,3 +57,22 @@ def get_config_var(variable):
    except Exception as error:
        logger.error(f"{error.__class__.__name__}: {error}")
        return ""
+
+
+def get_aws_available_regions():
+    try:
+        actual_directory = ("/").join(
+            os.path.dirname(os.path.realpath(__file__)).split("/")[:-1]
+        )
+        f = open_file(f"{actual_directory}/providers/aws/{aws_services_json_file}")
+        data = parse_json_file(f)
+
+        regions = set()
+        for service in data["services"].values():
+            for partition in service["regions"]:
+                for item in service["regions"][partition]:
+                    regions.add(item)
+        return list(regions)
+    except Exception as error:
+        logger.error(f"{error.__class__.__name__}: {error}")
+        return []
--- a/tests/config/init.py
+++ b/tests/config/init.py
--- a/tests/config/config_test.py
+++ b/tests/config/config_test.py
@@ -0,0 +1,6 @@
+from prowler.config.config import get_aws_available_regions
+
+
+class Test_Config:
+    def test_get_aws_available_regions(self):
+        assert len(get_aws_available_regions()) == 29
--- a/tests/providers/aws/aws_regions_by_service.json
+++ b/tests/providers/aws/aws_regions_by_service.json