mirror of
https://github.com/prowler-cloud/prowler.git
synced 2026-01-25 02:08:11 +00:00
chore(new api): bypass compute service
This commit is contained in:
n4ch04
163
poetry.lock
generated
163
poetry.lock
generated
@@ -985,6 +985,14 @@ files = [
|
||||
[package.dependencies]
|
||||
google-auth = ">=2.14.1,<3.0dev"
|
||||
googleapis-common-protos = ">=1.56.2,<2.0dev"
|
||||
grpcio = [
|
||||
{version = ">=1.33.2,<2.0dev", optional = true, markers = "python_version < \"3.11\" and extra == \"grpc\""},
|
||||
{version = ">=1.49.1,<2.0dev", optional = true, markers = "python_version >= \"3.11\" and extra == \"grpc\""},
|
||||
]
|
||||
grpcio-status = [
|
||||
{version = ">=1.33.2,<2.0dev", optional = true, markers = "python_version < \"3.11\" and extra == \"grpc\""},
|
||||
{version = ">=1.49.1,<2.0dev", optional = true, markers = "python_version >= \"3.11\" and extra == \"grpc\""},
|
||||
]
|
||||
protobuf = ">=3.19.5,<3.20.0 || >3.20.0,<3.20.1 || >3.20.1,<4.21.0 || >4.21.0,<4.21.1 || >4.21.1,<4.21.2 || >4.21.2,<4.21.3 || >4.21.3,<4.21.4 || >4.21.4,<4.21.5 || >4.21.5,<5.0.0dev"
|
||||
requests = ">=2.18.0,<3.0.0dev"
|
||||
|
||||
@@ -1050,6 +1058,57 @@ files = [
|
||||
google-auth = "*"
|
||||
httplib2 = ">=0.19.0"
|
||||
|
||||
[[package]]
|
||||
name = "google-cloud-compute"
|
||||
version = "1.14.1"
|
||||
description = "Google Cloud Compute API client library"
|
||||
optional = false
|
||||
python-versions = ">=3.7"
|
||||
files = [
|
||||
{file = "google-cloud-compute-1.14.1.tar.gz", hash = "sha256:acd987647d7c826aa97b4418141c740ead5e8811d3349315f2f89a30c01c7f4b"},
|
||||
{file = "google_cloud_compute-1.14.1-py2.py3-none-any.whl", hash = "sha256:b40d6aeeb2c5ce373675c869f1404a1bc19b9763b746ad8f2d91ed1148893d6f"},
|
||||
]
|
||||
|
||||
[package.dependencies]
|
||||
google-api-core = {version = ">=1.34.0,<2.0.dev0 || >=2.11.dev0,<3.0.0dev", extras = ["grpc"]}
|
||||
proto-plus = [
|
||||
{version = ">=1.22.0,<2.0.0dev", markers = "python_version < \"3.11\""},
|
||||
{version = ">=1.22.2,<2.0.0dev", markers = "python_version >= \"3.11\""},
|
||||
]
|
||||
protobuf = ">=3.19.5,<3.20.0 || >3.20.0,<3.20.1 || >3.20.1,<4.21.0 || >4.21.0,<4.21.1 || >4.21.1,<4.21.2 || >4.21.2,<4.21.3 || >4.21.3,<4.21.4 || >4.21.4,<4.21.5 || >4.21.5,<5.0.0dev"
|
||||
|
||||
[[package]]
|
||||
name = "google-cloud-core"
|
||||
version = "2.3.3"
|
||||
description = "Google Cloud API client core library"
|
||||
optional = false
|
||||
python-versions = ">=3.7"
|
||||
files = [
|
||||
{file = "google-cloud-core-2.3.3.tar.gz", hash = "sha256:37b80273c8d7eee1ae816b3a20ae43585ea50506cb0e60f3cf5be5f87f1373cb"},
|
||||
{file = "google_cloud_core-2.3.3-py2.py3-none-any.whl", hash = "sha256:fbd11cad3e98a7e5b0343dc07cb1039a5ffd7a5bb96e1f1e27cee4bda4a90863"},
|
||||
]
|
||||
|
||||
[package.dependencies]
|
||||
google-api-core = ">=1.31.6,<2.0.dev0 || >2.3.0,<3.0.0dev"
|
||||
google-auth = ">=1.25.0,<3.0dev"
|
||||
|
||||
[package.extras]
|
||||
grpc = ["grpcio (>=1.38.0,<2.0dev)"]
|
||||
|
||||
[[package]]
|
||||
name = "google-cloud-dns"
|
||||
version = "0.34.2"
|
||||
description = "Google Cloud DNS API client library"
|
||||
optional = false
|
||||
python-versions = ">=3.7"
|
||||
files = [
|
||||
{file = "google-cloud-dns-0.34.2.tar.gz", hash = "sha256:fc61bd8cf070e87aacb62762eb2a5af1550706c98881d7aeaebaeed11280afd3"},
|
||||
{file = "google_cloud_dns-0.34.2-py2.py3-none-any.whl", hash = "sha256:c943867f59dd3557a3304abdd2b083ff788f2eee7f83b45ca8a9d24179dfbb5c"},
|
||||
]
|
||||
|
||||
[package.dependencies]
|
||||
google-cloud-core = ">=1.4.4,<3.0dev"
|
||||
|
||||
[[package]]
|
||||
name = "googleapis-common-protos"
|
||||
version = "1.59.0"
|
||||
@@ -1091,6 +1150,88 @@ files = [
|
||||
{file = "graphql_core-3.2.3-py3-none-any.whl", hash = "sha256:5766780452bd5ec8ba133f8bf287dc92713e3868ddd83aee4faab9fc3e303dc3"},
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "grpcio"
|
||||
version = "1.59.3"
|
||||
description = "HTTP/2-based RPC framework"
|
||||
optional = false
|
||||
python-versions = ">=3.7"
|
||||
files = [
|
||||
{file = "grpcio-1.59.3-cp310-cp310-linux_armv7l.whl", hash = "sha256:aca028a6c7806e5b61e5f9f4232432c52856f7fcb98e330b20b6bc95d657bdcc"},
|
||||
{file = "grpcio-1.59.3-cp310-cp310-macosx_12_0_universal2.whl", hash = "sha256:19ad26a7967f7999c8960d2b9fe382dae74c55b0c508c613a6c2ba21cddf2354"},
|
||||
{file = "grpcio-1.59.3-cp310-cp310-manylinux_2_17_aarch64.whl", hash = "sha256:72b71dad2a3d1650e69ad42a5c4edbc59ee017f08c32c95694172bc501def23c"},
|
||||
{file = "grpcio-1.59.3-cp310-cp310-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:c0f0a11d82d0253656cc42e04b6a149521e02e755fe2e4edd21123de610fd1d4"},
|
||||
{file = "grpcio-1.59.3-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:60cddafb70f9a2c81ba251b53b4007e07cca7389e704f86266e22c4bffd8bf1d"},
|
||||
{file = "grpcio-1.59.3-cp310-cp310-musllinux_1_1_i686.whl", hash = "sha256:6c75a1fa0e677c1d2b6d4196ad395a5c381dfb8385f07ed034ef667cdcdbcc25"},
|
||||
{file = "grpcio-1.59.3-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:e1d8e01438d5964a11167eec1edb5f85ed8e475648f36c834ed5db4ffba24ac8"},
|
||||
{file = "grpcio-1.59.3-cp310-cp310-win32.whl", hash = "sha256:c4b0076f0bf29ee62335b055a9599f52000b7941f577daa001c7ef961a1fbeab"},
|
||||
{file = "grpcio-1.59.3-cp310-cp310-win_amd64.whl", hash = "sha256:b1f00a3e6e0c3dccccffb5579fc76ebfe4eb40405ba308505b41ef92f747746a"},
|
||||
{file = "grpcio-1.59.3-cp311-cp311-linux_armv7l.whl", hash = "sha256:3996aaa21231451161dc29df6a43fcaa8b332042b6150482c119a678d007dd86"},
|
||||
{file = "grpcio-1.59.3-cp311-cp311-macosx_10_10_universal2.whl", hash = "sha256:cb4e9cbd9b7388fcb06412da9f188c7803742d06d6f626304eb838d1707ec7e3"},
|
||||
{file = "grpcio-1.59.3-cp311-cp311-manylinux_2_17_aarch64.whl", hash = "sha256:8022ca303d6c694a0d7acfb2b472add920217618d3a99eb4b14edc7c6a7e8fcf"},
|
||||
{file = "grpcio-1.59.3-cp311-cp311-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:b36683fad5664283755a7f4e2e804e243633634e93cd798a46247b8e54e3cb0d"},
|
||||
{file = "grpcio-1.59.3-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:8239b853226e4824e769517e1b5232e7c4dda3815b200534500338960fcc6118"},
|
||||
{file = "grpcio-1.59.3-cp311-cp311-musllinux_1_1_i686.whl", hash = "sha256:0511af8653fbda489ff11d542a08505d56023e63cafbda60e6e00d4e0bae86ea"},
|
||||
{file = "grpcio-1.59.3-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:e78dc982bda74cef2ddfce1c91d29b96864c4c680c634e279ed204d51e227473"},
|
||||
{file = "grpcio-1.59.3-cp311-cp311-win32.whl", hash = "sha256:6a5c3a96405966c023e139c3bcccb2c7c776a6f256ac6d70f8558c9041bdccc3"},
|
||||
{file = "grpcio-1.59.3-cp311-cp311-win_amd64.whl", hash = "sha256:ed26826ee423b11477297b187371cdf4fa1eca874eb1156422ef3c9a60590dd9"},
|
||||
{file = "grpcio-1.59.3-cp312-cp312-linux_armv7l.whl", hash = "sha256:45dddc5cb5227d30fa43652d8872dc87f086d81ab4b500be99413bad0ae198d7"},
|
||||
{file = "grpcio-1.59.3-cp312-cp312-macosx_10_10_universal2.whl", hash = "sha256:1736496d74682e53dd0907fd515f2694d8e6a96c9a359b4080b2504bf2b2d91b"},
|
||||
{file = "grpcio-1.59.3-cp312-cp312-manylinux_2_17_aarch64.whl", hash = "sha256:ddbd1a16138e52e66229047624de364f88a948a4d92ba20e4e25ad7d22eef025"},
|
||||
{file = "grpcio-1.59.3-cp312-cp312-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:fcfa56f8d031ffda902c258c84c4b88707f3a4be4827b4e3ab8ec7c24676320d"},
|
||||
{file = "grpcio-1.59.3-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:f2eb8f0c7c0c62f7a547ad7a91ba627a5aa32a5ae8d930783f7ee61680d7eb8d"},
|
||||
{file = "grpcio-1.59.3-cp312-cp312-musllinux_1_1_i686.whl", hash = "sha256:8d993399cc65e3a34f8fd48dd9ad7a376734564b822e0160dd18b3d00c1a33f9"},
|
||||
{file = "grpcio-1.59.3-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:c0bd141f4f41907eb90bda74d969c3cb21c1c62779419782a5b3f5e4b5835718"},
|
||||
{file = "grpcio-1.59.3-cp312-cp312-win32.whl", hash = "sha256:33b8fd65d4e97efa62baec6171ce51f9cf68f3a8ba9f866f4abc9d62b5c97b79"},
|
||||
{file = "grpcio-1.59.3-cp312-cp312-win_amd64.whl", hash = "sha256:0e735ed002f50d4f3cb9ecfe8ac82403f5d842d274c92d99db64cfc998515e07"},
|
||||
{file = "grpcio-1.59.3-cp37-cp37m-linux_armv7l.whl", hash = "sha256:ea40ce4404e7cca0724c91a7404da410f0144148fdd58402a5942971e3469b94"},
|
||||
{file = "grpcio-1.59.3-cp37-cp37m-macosx_10_10_universal2.whl", hash = "sha256:83113bcc393477b6f7342b9f48e8a054330c895205517edc66789ceea0796b53"},
|
||||
{file = "grpcio-1.59.3-cp37-cp37m-manylinux_2_17_aarch64.whl", hash = "sha256:73afbac602b8f1212a50088193601f869b5073efa9855b3e51aaaec97848fc8a"},
|
||||
{file = "grpcio-1.59.3-cp37-cp37m-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:575d61de1950b0b0699917b686b1ca108690702fcc2df127b8c9c9320f93e069"},
|
||||
{file = "grpcio-1.59.3-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:8cd76057b5c9a4d68814610ef9226925f94c1231bbe533fdf96f6181f7d2ff9e"},
|
||||
{file = "grpcio-1.59.3-cp37-cp37m-musllinux_1_1_i686.whl", hash = "sha256:95d6fd804c81efe4879e38bfd84d2b26e339a0a9b797e7615e884ef4686eb47b"},
|
||||
{file = "grpcio-1.59.3-cp37-cp37m-musllinux_1_1_x86_64.whl", hash = "sha256:0d42048b8a3286ea4134faddf1f9a59cf98192b94aaa10d910a25613c5eb5bfb"},
|
||||
{file = "grpcio-1.59.3-cp37-cp37m-win_amd64.whl", hash = "sha256:4619fea15c64bcdd9d447cdbdde40e3d5f1da3a2e8ae84103d94a9c1df210d7e"},
|
||||
{file = "grpcio-1.59.3-cp38-cp38-linux_armv7l.whl", hash = "sha256:95b5506e70284ac03b2005dd9ffcb6708c9ae660669376f0192a710687a22556"},
|
||||
{file = "grpcio-1.59.3-cp38-cp38-macosx_10_10_universal2.whl", hash = "sha256:9e17660947660ccfce56c7869032910c179a5328a77b73b37305cd1ee9301c2e"},
|
||||
{file = "grpcio-1.59.3-cp38-cp38-manylinux_2_17_aarch64.whl", hash = "sha256:00912ce19914d038851be5cd380d94a03f9d195643c28e3ad03d355cc02ce7e8"},
|
||||
{file = "grpcio-1.59.3-cp38-cp38-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:e58b3cadaa3c90f1efca26ba33e0d408b35b497307027d3d707e4bcd8de862a6"},
|
||||
{file = "grpcio-1.59.3-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:d787ecadea865bdf78f6679f6f5bf4b984f18f659257ba612979df97a298b3c3"},
|
||||
{file = "grpcio-1.59.3-cp38-cp38-musllinux_1_1_i686.whl", hash = "sha256:0814942ba1bba269db4e760a34388640c601dece525c6a01f3b4ff030cc0db69"},
|
||||
{file = "grpcio-1.59.3-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:fb111aa99d3180c361a35b5ae1e2c63750220c584a1344229abc139d5c891881"},
|
||||
{file = "grpcio-1.59.3-cp38-cp38-win32.whl", hash = "sha256:eb8ba504c726befe40a356ecbe63c6c3c64c9a439b3164f5a718ec53c9874da0"},
|
||||
{file = "grpcio-1.59.3-cp38-cp38-win_amd64.whl", hash = "sha256:cdbc6b32fadab9bebc6f49d3e7ec4c70983c71e965497adab7f87de218e84391"},
|
||||
{file = "grpcio-1.59.3-cp39-cp39-linux_armv7l.whl", hash = "sha256:c82ca1e4be24a98a253d6dbaa216542e4163f33f38163fc77964b0f0d255b552"},
|
||||
{file = "grpcio-1.59.3-cp39-cp39-macosx_10_10_universal2.whl", hash = "sha256:36636babfda14f9e9687f28d5b66d349cf88c1301154dc71c6513de2b6c88c59"},
|
||||
{file = "grpcio-1.59.3-cp39-cp39-manylinux_2_17_aarch64.whl", hash = "sha256:5f9b2e591da751ac7fdd316cc25afafb7a626dededa9b414f90faad7f3ccebdb"},
|
||||
{file = "grpcio-1.59.3-cp39-cp39-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:a93a82876a4926bf451db82ceb725bd87f42292bacc94586045261f501a86994"},
|
||||
{file = "grpcio-1.59.3-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:ce31fa0bfdd1f2bb15b657c16105c8652186eab304eb512e6ae3b99b2fdd7d13"},
|
||||
{file = "grpcio-1.59.3-cp39-cp39-musllinux_1_1_i686.whl", hash = "sha256:16da0e40573962dab6cba16bec31f25a4f468e6d05b658e589090fe103b03e3d"},
|
||||
{file = "grpcio-1.59.3-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:d1d1a17372fd425addd5812049fa7374008ffe689585f27f802d0935522cf4b7"},
|
||||
{file = "grpcio-1.59.3-cp39-cp39-win32.whl", hash = "sha256:52cc38a7241b5f7b4a91aaf9000fdd38e26bb00d5e8a71665ce40cfcee716281"},
|
||||
{file = "grpcio-1.59.3-cp39-cp39-win_amd64.whl", hash = "sha256:b491e5bbcad3020a96842040421e508780cade35baba30f402df9d321d1c423e"},
|
||||
{file = "grpcio-1.59.3.tar.gz", hash = "sha256:7800f99568a74a06ebdccd419dd1b6e639b477dcaf6da77ea702f8fb14ce5f80"},
|
||||
]
|
||||
|
||||
[package.extras]
|
||||
protobuf = ["grpcio-tools (>=1.59.3)"]
|
||||
|
||||
[[package]]
|
||||
name = "grpcio-status"
|
||||
version = "1.59.3"
|
||||
description = "Status proto mapping for gRPC"
|
||||
optional = false
|
||||
python-versions = ">=3.6"
|
||||
files = [
|
||||
{file = "grpcio-status-1.59.3.tar.gz", hash = "sha256:65c394ba43380d6bdf8c04c61efc493104b5535552aed35817a1b4dc66598a1f"},
|
||||
{file = "grpcio_status-1.59.3-py3-none-any.whl", hash = "sha256:2fd2eb39ca4e9afb3c874c0878ff75b258db0b7dcc25570fc521f16ae0ab942a"},
|
||||
]
|
||||
|
||||
[package.dependencies]
|
||||
googleapis-common-protos = ">=1.5.5"
|
||||
grpcio = ">=1.59.3"
|
||||
protobuf = ">=4.21.6"
|
||||
|
||||
[[package]]
|
||||
name = "httplib2"
|
||||
version = "0.22.0"
|
||||
@@ -1965,6 +2106,23 @@ docs = ["sphinx (>=1.7.1)"]
|
||||
redis = ["redis"]
|
||||
tests = ["pytest (>=5.4.1)", "pytest-cov (>=2.8.1)", "pytest-mypy (>=0.8.0)", "pytest-timeout (>=2.1.0)", "redis", "sphinx (>=6.0.0)"]
|
||||
|
||||
[[package]]
|
||||
name = "proto-plus"
|
||||
version = "1.22.3"
|
||||
description = "Beautiful, Pythonic protocol buffers."
|
||||
optional = false
|
||||
python-versions = ">=3.6"
|
||||
files = [
|
||||
{file = "proto-plus-1.22.3.tar.gz", hash = "sha256:fdcd09713cbd42480740d2fe29c990f7fbd885a67efc328aa8be6ee3e9f76a6b"},
|
||||
{file = "proto_plus-1.22.3-py3-none-any.whl", hash = "sha256:a49cd903bc0b6ab41f76bf65510439d56ca76f868adf0274e738bfdd096894df"},
|
||||
]
|
||||
|
||||
[package.dependencies]
|
||||
protobuf = ">=3.19.0,<5.0.0dev"
|
||||
|
||||
[package.extras]
|
||||
testing = ["google-api-core[grpc] (>=1.31.5)"]
|
||||
|
||||
[[package]]
|
||||
name = "protobuf"
|
||||
version = "4.23.0"
|
||||
@@ -2773,8 +2931,7 @@ files = [
|
||||
{file = "ruamel.yaml.clib-0.2.7-cp310-cp310-win32.whl", hash = "sha256:763d65baa3b952479c4e972669f679fe490eee058d5aa85da483ebae2009d231"},
|
||||
{file = "ruamel.yaml.clib-0.2.7-cp310-cp310-win_amd64.whl", hash = "sha256:d000f258cf42fec2b1bbf2863c61d7b8918d31ffee905da62dede869254d3b8a"},
|
||||
{file = "ruamel.yaml.clib-0.2.7-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:045e0626baf1c52e5527bd5db361bc83180faaba2ff586e763d3d5982a876a9e"},
|
||||
{file = "ruamel.yaml.clib-0.2.7-cp311-cp311-macosx_13_0_arm64.whl", hash = "sha256:1a6391a7cabb7641c32517539ca42cf84b87b667bad38b78d4d42dd23e957c81"},
|
||||
{file = "ruamel.yaml.clib-0.2.7-cp311-cp311-manylinux2014_aarch64.whl", hash = "sha256:9c7617df90c1365638916b98cdd9be833d31d337dbcd722485597b43c4a215bf"},
|
||||
{file = "ruamel.yaml.clib-0.2.7-cp311-cp311-macosx_12_6_arm64.whl", hash = "sha256:721bc4ba4525f53f6a611ec0967bdcee61b31df5a56801281027a3a6d1c2daf5"},
|
||||
{file = "ruamel.yaml.clib-0.2.7-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl", hash = "sha256:41d0f1fa4c6830176eef5b276af04c89320ea616655d01327d5ce65e50575c94"},
|
||||
{file = "ruamel.yaml.clib-0.2.7-cp311-cp311-win32.whl", hash = "sha256:f6d3d39611ac2e4f62c3128a9eed45f19a6608670c5a2f4f07f24e8de3441d38"},
|
||||
{file = "ruamel.yaml.clib-0.2.7-cp311-cp311-win_amd64.whl", hash = "sha256:da538167284de58a52109a9b89b8f6a53ff8437dd6dc26d33b57bf6699153122"},
|
||||
@@ -3312,4 +3469,4 @@ docs = ["mkdocs", "mkdocs-material"]
|
||||
[metadata]
|
||||
lock-version = "2.0"
|
||||
python-versions = ">=3.9,<3.12"
|
||||
content-hash = "7e28daf704e53d057e66bc8fb71558361ab36a7cca85c7498a963f6406f54ef4"
|
||||
content-hash = "6f6eb5d718df82bb65a9f1c1c4001cb6a42b4988fb56480eda00eaa8d681fed5"
|
||||
|
||||
@@ -15,15 +15,15 @@ class compute_firewall_rdp_access_from_the_internet_allowed(Check):
|
||||
report.status_extended = f"Firewall {firewall.name} does not expose port 3389 (RDP) to the internet."
|
||||
opened_port = False
|
||||
for rule in firewall.allowed_rules:
|
||||
if rule["IPProtocol"] == "all":
|
||||
if rule.I_p_protocol == "all":
|
||||
opened_port = True
|
||||
break
|
||||
elif rule["IPProtocol"] == "tcp":
|
||||
if rule.get("ports") is None:
|
||||
elif rule.I_p_protocol == "tcp":
|
||||
if not hasattr(rule, "ports"):
|
||||
opened_port = True
|
||||
break
|
||||
else:
|
||||
for port in rule["ports"]:
|
||||
for port in rule.ports:
|
||||
if port.find("-") != -1:
|
||||
lower, higher = port.split("-")
|
||||
if int(lower) <= 3389 and int(higher) >= 3389:
|
||||
|
||||
@@ -15,15 +15,15 @@ class compute_firewall_ssh_access_from_the_internet_allowed(Check):
|
||||
report.status_extended = f"Firewall {firewall.name} does not expose port 22 (SSH) to the internet."
|
||||
opened_port = False
|
||||
for rule in firewall.allowed_rules:
|
||||
if rule["IPProtocol"] == "all":
|
||||
if rule.I_p_protocol == "all":
|
||||
opened_port = True
|
||||
break
|
||||
elif rule["IPProtocol"] == "tcp":
|
||||
if rule.get("ports") is None:
|
||||
elif rule.I_p_protocol == "tcp":
|
||||
if not hasattr(rule, "ports"):
|
||||
opened_port = True
|
||||
break
|
||||
else:
|
||||
for port in rule["ports"]:
|
||||
for port in rule.ports:
|
||||
if port.find("-") != -1:
|
||||
lower, higher = port.split("-")
|
||||
if int(lower) <= 22 and int(higher) >= 22:
|
||||
|
||||
@@ -2,6 +2,7 @@ from pydantic import BaseModel
|
||||
|
||||
from prowler.lib.logger import logger
|
||||
from prowler.providers.gcp.lib.service.service import GCPService
|
||||
from google.cloud import compute_v1
|
||||
|
||||
|
||||
################## Compute
|
||||
@@ -29,16 +30,23 @@ class Compute(GCPService):
|
||||
def __get_regions__(self):
|
||||
for project_id in self.project_ids:
|
||||
try:
|
||||
request = self.client.regions().list(project=project_id)
|
||||
while request is not None:
|
||||
response = request.execute()
|
||||
|
||||
for region in response.get("items", []):
|
||||
self.regions.add(region["name"])
|
||||
|
||||
request = self.client.regions().list_next(
|
||||
previous_request=request, previous_response=response
|
||||
regions_client = compute_v1.RegionsClient()
|
||||
request = compute_v1.ListRegionsRequest(
|
||||
project=project_id,
|
||||
)
|
||||
page_result = regions_client.list(request=request)
|
||||
for region in page_result:
|
||||
self.regions.add(region.name)
|
||||
# request = self.client.regions().list(project=project_id)
|
||||
# while request is not None:
|
||||
# response = request.execute()
|
||||
|
||||
# for region in response.get("items", []):
|
||||
# self.regions.add(region["name"])
|
||||
|
||||
# request = self.client.regions().list_next(
|
||||
# previous_request=request, previous_response=response
|
||||
# )
|
||||
except Exception as error:
|
||||
logger.error(
|
||||
f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
|
||||
@@ -47,16 +55,23 @@ class Compute(GCPService):
|
||||
def __get_zones__(self):
|
||||
for project_id in self.project_ids:
|
||||
try:
|
||||
request = self.client.zones().list(project=project_id)
|
||||
while request is not None:
|
||||
response = request.execute()
|
||||
|
||||
for zone in response.get("items", []):
|
||||
self.zones.add(zone["name"])
|
||||
|
||||
request = self.client.zones().list_next(
|
||||
previous_request=request, previous_response=response
|
||||
zones_client = compute_v1.ZonesClient()
|
||||
request = compute_v1.ListZonesRequest(
|
||||
project=project_id,
|
||||
)
|
||||
page_result = zones_client.list(request=request)
|
||||
for zone in page_result:
|
||||
self.zones.add(zone.name)
|
||||
# request = self.client.zones().list(project=project_id)
|
||||
# while request is not None:
|
||||
# response = request.execute()
|
||||
|
||||
# for zone in response.get("items", []):
|
||||
# self.zones.add(zone["name"])
|
||||
|
||||
# request = self.client.zones().list_next(
|
||||
# previous_request=request, previous_response=response
|
||||
# )
|
||||
except Exception as error:
|
||||
logger.error(
|
||||
f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
|
||||
@@ -66,10 +81,17 @@ class Compute(GCPService):
|
||||
for project_id in self.project_ids:
|
||||
try:
|
||||
enable_oslogin = False
|
||||
response = self.client.projects().get(project=project_id).execute()
|
||||
for item in response["commonInstanceMetadata"].get("items", []):
|
||||
project_client = compute_v1.ProjectsClient()
|
||||
request = compute_v1.GetProjectRequest(project=project_id)
|
||||
response = project_client.get(request=request)
|
||||
for item in response.common_instance_metadata.items:
|
||||
if item["key"] == "enable-oslogin" and item["value"] == "TRUE":
|
||||
enable_oslogin = True
|
||||
# enable_oslogin = False
|
||||
# response = self.client.projects().get(project=project_id).execute()
|
||||
# for item in response["commonInstanceMetadata"].get("items", []):
|
||||
# if item["key"] == "enable-oslogin" and item["value"] == "TRUE":
|
||||
# enable_oslogin = True
|
||||
self.projects.append(
|
||||
Project(id=project_id, enable_oslogin=enable_oslogin)
|
||||
)
|
||||
@@ -81,54 +103,91 @@ class Compute(GCPService):
|
||||
def __get_instances__(self, zone):
|
||||
for project_id in self.project_ids:
|
||||
try:
|
||||
request = self.client.instances().list(project=project_id, zone=zone)
|
||||
while request is not None:
|
||||
response = request.execute(
|
||||
http=self.__get_AuthorizedHttp_client__()
|
||||
instances_client = compute_v1.InstancesClient()
|
||||
request = compute_v1.ListInstancesRequest(
|
||||
project=project_id,
|
||||
zone=zone,
|
||||
)
|
||||
|
||||
for instance in response.get("items", []):
|
||||
page_result = instances_client.list(request=request)
|
||||
for instance in page_result:
|
||||
public_ip = False
|
||||
for interface in instance["networkInterfaces"]:
|
||||
for config in interface.get("accessConfigs", []):
|
||||
if "natIP" in config:
|
||||
for interface in instance.network_interfaces:
|
||||
for config in interface.access_configs:
|
||||
if hasattr(config, "nat_i_p"):
|
||||
public_ip = True
|
||||
self.instances.append(
|
||||
Instance(
|
||||
name=instance["name"],
|
||||
id=instance["id"],
|
||||
name=instance.name,
|
||||
id=instance.id,
|
||||
zone=zone,
|
||||
public_ip=public_ip,
|
||||
metadata=instance["metadata"],
|
||||
shielded_enabled_vtpm=instance[
|
||||
"shieldedInstanceConfig"
|
||||
]["enableVtpm"],
|
||||
shielded_enabled_integrity_monitoring=instance[
|
||||
"shieldedInstanceConfig"
|
||||
]["enableIntegrityMonitoring"],
|
||||
confidential_computing=instance.get(
|
||||
"confidentialInstanceConfig", {}
|
||||
).get("enableConfidentialCompute", False),
|
||||
service_accounts=instance.get("serviceAccounts", []),
|
||||
ip_forward=instance.get("canIpForward", False),
|
||||
metadata=instance.metadata,
|
||||
shielded_enabled_vtpm=instance.shielded_instance_config.enable_vtpm,
|
||||
shielded_enabled_integrity_monitoring=instance.shielded_instance_config.enable_integrity_monitoring,
|
||||
confidential_computing=getattr(getattr(instance, "confidential_instance_config", None), "enable_confidential_compute", False),
|
||||
service_accounts=getattr(instance, "service_accounts", []),
|
||||
ip_forward=getattr(instance, "can_ip_forward", False),
|
||||
disks_encryption=[
|
||||
(
|
||||
disk["deviceName"],
|
||||
disk.device_name,
|
||||
True
|
||||
if disk.get("diskEncryptionKey", {}).get(
|
||||
"sha256"
|
||||
)
|
||||
if getattr(getattr(disk, "disk_encryption_key", None), "sha256")
|
||||
else False,
|
||||
)
|
||||
for disk in instance["disks"]
|
||||
for disk in instance.disks
|
||||
],
|
||||
project_id=project_id,
|
||||
)
|
||||
)
|
||||
|
||||
request = self.client.instances().list_next(
|
||||
previous_request=request, previous_response=response
|
||||
)
|
||||
# request = self.client.instances().list(project=project_id, zone=zone)
|
||||
# while request is not None:
|
||||
# response = request.execute(
|
||||
# http=self.__get_AuthorizedHttp_client__()
|
||||
# )
|
||||
|
||||
# for instance in response.get("items", []):
|
||||
# public_ip = False
|
||||
# for interface in instance["networkInterfaces"]:
|
||||
# for config in interface.get("accessConfigs", []):
|
||||
# if "natIP" in config:
|
||||
# public_ip = True
|
||||
# self.instances.append(
|
||||
# Instance(
|
||||
# name=instance["name"],
|
||||
# id=instance["id"],
|
||||
# zone=zone,
|
||||
# public_ip=public_ip,
|
||||
# metadata=instance["metadata"],
|
||||
# shielded_enabled_vtpm=instance[
|
||||
# "shieldedInstanceConfig"
|
||||
# ]["enableVtpm"],
|
||||
# shielded_enabled_integrity_monitoring=instance[
|
||||
# "shieldedInstanceConfig"
|
||||
# ]["enableIntegrityMonitoring"],
|
||||
# confidential_computing=instance.get(
|
||||
# "confidentialInstanceConfig", {}
|
||||
# ).get("enableConfidentialCompute", False),
|
||||
# service_accounts=instance.get("serviceAccounts", []),
|
||||
# ip_forward=instance.get("canIpForward", False),
|
||||
# disks_encryption=[
|
||||
# (
|
||||
# disk["deviceName"],
|
||||
# True
|
||||
# if disk.get("diskEncryptionKey", {}).get(
|
||||
# "sha256"
|
||||
# )
|
||||
# else False,
|
||||
# )
|
||||
# for disk in instance["disks"]
|
||||
# ],
|
||||
# project_id=project_id,
|
||||
# )
|
||||
# )
|
||||
|
||||
# request = self.client.instances().list_next(
|
||||
# previous_request=request, previous_response=response
|
||||
# )
|
||||
except Exception as error:
|
||||
logger.error(
|
||||
f"{zone} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
|
||||
@@ -137,29 +196,50 @@ class Compute(GCPService):
|
||||
def __get_networks__(self):
|
||||
for project_id in self.project_ids:
|
||||
try:
|
||||
request = self.client.networks().list(project=project_id)
|
||||
while request is not None:
|
||||
response = request.execute()
|
||||
for network in response.get("items", []):
|
||||
networks_client = compute_v1.NetworksClient()
|
||||
request = compute_v1.ListNetworksRequest(
|
||||
project=project_id,
|
||||
)
|
||||
page_result = networks_client.list(request=request)
|
||||
for network in page_result:
|
||||
subnet_mode = (
|
||||
"legacy"
|
||||
if "autoCreateSubnetworks" not in network
|
||||
if not hasattr(network, "auto_create_subnetworks")
|
||||
else "auto"
|
||||
if network["autoCreateSubnetworks"]
|
||||
if hasattr(network, "auto_create_subnetworks")
|
||||
else "custom"
|
||||
)
|
||||
self.networks.append(
|
||||
Network(
|
||||
name=network["name"],
|
||||
id=network["id"],
|
||||
name=network.name,
|
||||
id=network.id,
|
||||
subnet_mode=subnet_mode,
|
||||
project_id=project_id,
|
||||
)
|
||||
)
|
||||
# request = self.client.networks().list(project=project_id)
|
||||
# while request is not None:
|
||||
# response = request.execute()
|
||||
# for network in response.get("items", []):
|
||||
# subnet_mode = (
|
||||
# "legacy"
|
||||
# if "autoCreateSubnetworks" not in network
|
||||
# else "auto"
|
||||
# if network["autoCreateSubnetworks"]
|
||||
# else "custom"
|
||||
# )
|
||||
# self.networks.append(
|
||||
# Network(
|
||||
# name=network["name"],
|
||||
# id=network["id"],
|
||||
# subnet_mode=subnet_mode,
|
||||
# project_id=project_id,
|
||||
# )
|
||||
# )
|
||||
|
||||
request = self.client.networks().list_next(
|
||||
previous_request=request, previous_response=response
|
||||
)
|
||||
# request = self.client.networks().list_next(
|
||||
# previous_request=request, previous_response=response
|
||||
# )
|
||||
except Exception as error:
|
||||
logger.error(
|
||||
f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
|
||||
@@ -168,28 +248,46 @@ class Compute(GCPService):
|
||||
def __get_subnetworks__(self, region):
|
||||
for project_id in self.project_ids:
|
||||
try:
|
||||
request = self.client.subnetworks().list(
|
||||
project=project_id, region=region
|
||||
subnet_client = compute_v1.SubnetworksClient()
|
||||
request = compute_v1.ListSubnetworksRequest(
|
||||
project=project_id,
|
||||
region=region,
|
||||
)
|
||||
while request is not None:
|
||||
response = request.execute(
|
||||
http=self.__get_AuthorizedHttp_client__()
|
||||
)
|
||||
for subnet in response.get("items", []):
|
||||
page_result = subnet_client.list(request=request)
|
||||
for subnet in page_result:
|
||||
self.subnets.append(
|
||||
Subnet(
|
||||
name=subnet["name"],
|
||||
id=subnet["id"],
|
||||
name=subnet.name,
|
||||
id=subnet.id,
|
||||
project_id=project_id,
|
||||
flow_logs=subnet.get("enableFlowLogs", False),
|
||||
network=subnet["network"].split("/")[-1],
|
||||
flow_logs=getattr(subnet,"enable_flow_logs", False),
|
||||
network=subnet.network.split("/")[-1],
|
||||
region=region,
|
||||
)
|
||||
)
|
||||
|
||||
request = self.client.subnetworks().list_next(
|
||||
previous_request=request, previous_response=response
|
||||
)
|
||||
# request = self.client.subnetworks().list(
|
||||
# project=project_id, region=region
|
||||
# )
|
||||
# while request is not None:
|
||||
# response = request.execute(
|
||||
# http=self.__get_AuthorizedHttp_client__()
|
||||
# )
|
||||
# for subnet in response.get("items", []):
|
||||
# self.subnets.append(
|
||||
# Subnet(
|
||||
# name=subnet["name"],
|
||||
# id=subnet["id"],
|
||||
# project_id=project_id,
|
||||
# flow_logs=subnet.get("enableFlowLogs", False),
|
||||
# network=subnet["network"].split("/")[-1],
|
||||
# #region=region,
|
||||
# )
|
||||
# )
|
||||
|
||||
# request = self.client.subnetworks().list_next(
|
||||
# previous_request=request, previous_response=response
|
||||
# )
|
||||
except Exception as error:
|
||||
logger.error(
|
||||
f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
|
||||
@@ -198,25 +296,43 @@ class Compute(GCPService):
|
||||
def __get_firewalls__(self):
|
||||
for project_id in self.project_ids:
|
||||
try:
|
||||
request = self.client.firewalls().list(project=project_id)
|
||||
while request is not None:
|
||||
response = request.execute()
|
||||
|
||||
for firewall in response.get("items", []):
|
||||
firewall_client = compute_v1.FirewallsClient()
|
||||
request = compute_v1.ListFirewallsRequest(
|
||||
project=project_id,
|
||||
)
|
||||
page_result = firewall_client.list(request=request)
|
||||
for firewall in page_result:
|
||||
self.firewalls.append(
|
||||
Firewall(
|
||||
name=firewall["name"],
|
||||
id=firewall["id"],
|
||||
source_ranges=firewall.get("sourceRanges", []),
|
||||
direction=firewall["direction"],
|
||||
allowed_rules=firewall.get("allowed", []),
|
||||
name=firewall.name,
|
||||
id=firewall.id,
|
||||
source_ranges=list(getattr(firewall, "source_ranges", [])),
|
||||
direction=firewall.direction,
|
||||
allowed_rules=list(getattr(firewall, "allowed", [])),
|
||||
project_id=project_id,
|
||||
)
|
||||
)
|
||||
|
||||
request = self.client.firewalls().list_next(
|
||||
previous_request=request, previous_response=response
|
||||
)
|
||||
|
||||
# request = self.client.firewalls().list(project=project_id)
|
||||
# while request is not None:
|
||||
# response = request.execute()
|
||||
|
||||
# for firewall in response.get("items", []):
|
||||
# self.firewalls.append(
|
||||
# Firewall(
|
||||
# name=firewall["name"],
|
||||
# id=firewall["id"],
|
||||
# source_ranges=firewall.get("sourceRanges", []),
|
||||
# direction=firewall["direction"],
|
||||
# allowed_rules=firewall.get("allowed", []),
|
||||
# project_id=project_id,
|
||||
# )
|
||||
# )
|
||||
|
||||
# request = self.client.firewalls().list_next(
|
||||
# previous_request=request, previous_response=response
|
||||
# )
|
||||
except Exception as error:
|
||||
logger.error(
|
||||
f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
|
||||
@@ -225,22 +341,39 @@ class Compute(GCPService):
|
||||
def __get_url_maps__(self):
|
||||
for project_id in self.project_ids:
|
||||
try:
|
||||
request = self.client.urlMaps().list(project=project_id)
|
||||
while request is not None:
|
||||
response = request.execute()
|
||||
for urlmap in response.get("items", []):
|
||||
# Create a client
|
||||
url_maps_client = compute_v1.UrlMapsClient()
|
||||
request = compute_v1.ListUrlMapsRequest(
|
||||
project=project_id,
|
||||
)
|
||||
page_result = url_maps_client.list(request=request)
|
||||
for urlmap in page_result:
|
||||
self.load_balancers.append(
|
||||
LoadBalancer(
|
||||
name=urlmap["name"],
|
||||
id=urlmap["id"],
|
||||
service=urlmap.get("defaultService", ""),
|
||||
name=urlmap.name,
|
||||
id=urlmap.id,
|
||||
service=getattr(urlmap, "default_service", ""),
|
||||
project_id=project_id,
|
||||
)
|
||||
)
|
||||
|
||||
request = self.client.urlMaps().list_next(
|
||||
previous_request=request, previous_response=response
|
||||
)
|
||||
|
||||
# request = self.client.urlMaps().list(project=project_id)
|
||||
# while request is not None:
|
||||
# response = request.execute()
|
||||
# for urlmap in response.get("items", []):
|
||||
# self.load_balancers.append(
|
||||
# LoadBalancer(
|
||||
# name=urlmap["name"],
|
||||
# id=urlmap["id"],
|
||||
# service=urlmap.get("defaultService", ""),
|
||||
# project_id=project_id,
|
||||
# )
|
||||
# )
|
||||
|
||||
# request = self.client.urlMaps().list_next(
|
||||
# previous_request=request, previous_response=response
|
||||
# )
|
||||
except Exception as error:
|
||||
logger.error(
|
||||
f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
|
||||
@@ -249,15 +382,22 @@ class Compute(GCPService):
|
||||
def __describe_backend_service__(self):
|
||||
for balancer in self.load_balancers:
|
||||
try:
|
||||
response = (
|
||||
self.client.backendServices()
|
||||
.get(
|
||||
client = compute_v1.BackendServicesClient()
|
||||
request = compute_v1.GetBackendServiceRequest(
|
||||
backend_service=balancer.service.split("/")[-1],
|
||||
project=balancer.project_id,
|
||||
backendService=balancer.service.split("/")[-1],
|
||||
)
|
||||
.execute()
|
||||
)
|
||||
balancer.logging = response.get("logConfig", {}).get("enable", False)
|
||||
response = client.get(request=request)
|
||||
balancer.logging = getattr(getattr(response, "log_config", None), "enable", False)
|
||||
# response = (
|
||||
# self.client.backendServices()
|
||||
# .get(
|
||||
# project=balancer.project_id,
|
||||
# backendService=balancer.service.split("/")[-1],
|
||||
# )
|
||||
# .execute()
|
||||
# )
|
||||
# balancer.logging = response.get("logConfig", {}).get("enable", False)
|
||||
except Exception as error:
|
||||
logger.error(
|
||||
f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
|
||||
|
||||
@@ -40,6 +40,8 @@ colorama = "0.4.6"
|
||||
detect-secrets = "1.4.0"
|
||||
google-api-python-client = "2.108.0"
|
||||
google-auth-httplib2 = "^0.1.0"
|
||||
google-cloud-compute = "^1.14.1"
|
||||
google-cloud-dns = "^0.34.2"
|
||||
jsonschema = "4.18.0"
|
||||
mkdocs = {version = "1.5.3", optional = true}
|
||||
mkdocs-material = {version = "9.4.14", optional = true}
|
||||
|
||||
Reference in New Issue
Block a user