From 3b56166c348b9658fc2dd6ccb171062d1749add0 Mon Sep 17 00:00:00 2001 From: bota4go <108249054+bota4go@users.noreply.github.com> Date: Fri, 12 Dec 2025 23:44:37 +1100 Subject: [PATCH] fix(apigateway): retrieve correct `logingLevel` status (#9304) Co-authored-by: HugoPBrito --- prowler/CHANGELOG.md | 6 ++++++ .../providers/aws/services/apigateway/apigateway_service.py | 5 ++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/prowler/CHANGELOG.md b/prowler/CHANGELOG.md index 2fd48e8630..f61a55b426 100644 --- a/prowler/CHANGELOG.md +++ b/prowler/CHANGELOG.md @@ -2,6 +2,12 @@ All notable changes to the **Prowler SDK** are documented in this file. +## [5.15.1] (Prowler UNRELEASED) + +### Fixed +- Fix false negative in AWS `apigateway_restapi_logging_enabled` check by refining stage logging evaluation to ensure logging level is not set to "OFF" [(#9304)](https://github.com/prowler-cloud/prowler/pull/9304) +--- + ## [5.15.0] (Prowler v5.15.0) ### Added diff --git a/prowler/providers/aws/services/apigateway/apigateway_service.py b/prowler/providers/aws/services/apigateway/apigateway_service.py index f61a502791..4f887a2da8 100644 --- a/prowler/providers/aws/services/apigateway/apigateway_service.py +++ b/prowler/providers/aws/services/apigateway/apigateway_service.py @@ -123,7 +123,10 @@ class APIGateway(AWSService): waf = stage["webAclArn"] if "methodSettings" in stage: for settings in stage["methodSettings"].values(): - if settings.get("loggingLevel"): + if ( + settings.get("loggingLevel") + and settings.get("loggingLevel", "") != "OFF" + ): logging = True if settings.get("cachingEnabled"): cache_enabled = True