ben.carrasco/prowler
1
0
Fork 0
mirror of https://github.com/prowler-cloud/prowler.git synced 2026-01-25 02:08:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: enhance zone_challenge_passage_configured check

Browse Source
This commit is contained in:
HugoPBrito
2026-01-14 14:18:43 +01:00
parent b014fdbde3
commit 3d1a0b1270
2 changed files with 80 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
prowler/providers/cloudflare/services/zone/zone_service.py
View File

@@ -168,7 +168,7 @@ class Zone(CloudflareService):
waf=settings.get("waf"),
security_level=settings.get("security_level"),
browser_check=settings.get("browser_check"),
challenge_ttl=settings.get("challenge_ttl"),
challenge_ttl=settings.get("challenge_ttl" or 0),
ip_geolocation=settings.get("ip_geolocation"),
email_obfuscation=settings.get("email_obfuscation"),
server_side_exclude=settings.get("server_side_exclude"),

89
tests/providers/cloudflare/services/zone/zone_challenge_passage_configured/zone_challenge_passage_configured_test.py
View File

@@ -34,7 +34,7 @@ class Test_zone_challenge_passage_configured:
result = check.execute()
assert len(result) == 0
def test_zone_challenge_passage_correct(self):
def test_zone_challenge_passage_at_min(self):
zone_client = mock.MagicMock
zone_client.zones = {
ZONE_ID: CloudflareZone(
@@ -43,7 +43,7 @@ class Test_zone_challenge_passage_configured:
status="active",
paused=False,
settings=CloudflareZoneSettings(
challenge_ttl=3600, # Recommended value
challenge_ttl=900, # 15 minutes - minimum recommended
),
)
}
@@ -68,9 +68,9 @@ class Test_zone_challenge_passage_configured:
assert result[0].resource_id == ZONE_ID
assert result[0].resource_name == ZONE_NAME
assert result[0].status == "PASS"
assert "3600" in result[0].status_extended
assert "15 minutes" in result[0].status_extended
def test_zone_challenge_passage_too_long(self):
def test_zone_challenge_passage_at_max(self):
zone_client = mock.MagicMock
zone_client.zones = {
ZONE_ID: CloudflareZone(
@@ -79,7 +79,7 @@ class Test_zone_challenge_passage_configured:
status="active",
paused=False,
settings=CloudflareZoneSettings(
challenge_ttl=86400, # Too long (24 hours)
challenge_ttl=2700, # 45 minutes - maximum recommended
),
)
}
@@ -101,9 +101,42 @@ class Test_zone_challenge_passage_configured:
check = zone_challenge_passage_configured()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert "86400" in result[0].status_extended
assert "recommended" in result[0].status_extended
assert result[0].status == "PASS"
assert "45 minutes" in result[0].status_extended
def test_zone_challenge_passage_default(self):
zone_client = mock.MagicMock
zone_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
challenge_ttl=1800, # 30 minutes - default and secure
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zone.zone_challenge_passage_configured.zone_challenge_passage_configured.zone_client",
new=zone_client,
),
):
from prowler.providers.cloudflare.services.zone.zone_challenge_passage_configured.zone_challenge_passage_configured import (
zone_challenge_passage_configured,
)
check = zone_challenge_passage_configured()
result = check.execute()
assert len(result) == 1
assert result[0].status == "PASS"
assert "30 minutes" in result[0].status_extended
def test_zone_challenge_passage_too_short(self):
zone_client = mock.MagicMock
@@ -114,7 +147,7 @@ class Test_zone_challenge_passage_configured:
status="active",
paused=False,
settings=CloudflareZoneSettings(
challenge_ttl=300, # Too short (5 minutes)
challenge_ttl=300, # 5 minutes - too short
),
)
}
@@ -137,7 +170,43 @@ class Test_zone_challenge_passage_configured:
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert "300" in result[0].status_extended
assert "5 minutes" in result[0].status_extended
assert "recommended" in result[0].status_extended
def test_zone_challenge_passage_too_long(self):
zone_client = mock.MagicMock
zone_client.zones = {
ZONE_ID: CloudflareZone(
id=ZONE_ID,
name=ZONE_NAME,
status="active",
paused=False,
settings=CloudflareZoneSettings(
challenge_ttl=3600, # 60 minutes - exceeds recommended
),
)
}
with (
mock.patch(
"prowler.providers.common.provider.Provider.get_global_provider",
return_value=set_mocked_cloudflare_provider(),
),
mock.patch(
"prowler.providers.cloudflare.services.zone.zone_challenge_passage_configured.zone_challenge_passage_configured.zone_client",
new=zone_client,
),
):
from prowler.providers.cloudflare.services.zone.zone_challenge_passage_configured.zone_challenge_passage_configured import (
zone_challenge_passage_configured,
)
check = zone_challenge_passage_configured()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert "60 minutes" in result[0].status_extended
assert "recommended" in result[0].status_extended
def test_zone_challenge_passage_none(self):
zone_client = mock.MagicMock