ben.carrasco/prowler
1
0
Fork 0
mirror of https://github.com/prowler-cloud/prowler.git synced 2026-03-21 18:58:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(api): upgrade Cartography to 0.132.0 to fix exposed_internet on ELB/ELBv2 nodes (#10272)

Browse Source 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
This commit is contained in:
Josema Camacho
2026-03-11 18:12:43 +01:00
committed by GitHub
parent 39385567fc
commit 57bcb74d0d
5 changed files with 32 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
api/CHANGELOG.md
View File

@@ -16,6 +16,7 @@ All notable changes to the **Prowler API** are documented in this file.
### 🐞 Fixed ### 🐞 Fixed
- Attack Paths: Add missing logging for query execution and exception details in scan error handling [(#10269)](https://github.com/prowler-cloud/prowler/pull/10269) - Attack Paths: Add missing logging for query execution and exception details in scan error handling [(#10269)](https://github.com/prowler-cloud/prowler/pull/10269)
- Attack Paths: Upgrade Cartography from 0.129.0 to 0.132.0, fixing `exposed_internet` not set on ELB/ELBv2 nodes [(#10272)](https://github.com/prowler-cloud/prowler/pull/10272)
--- ---

7
api/Dockerfile
View File

@@ -24,13 +24,6 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
python3-dev \ python3-dev \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/*
# Cartography depends on `dockerfile` which has no pre-built arm64 wheel and requires Go to compile
# hadolint ignore=DL3008
RUN if [ "$(uname -m)" = "aarch64" ]; then \
apt-get update && apt-get install -y --no-install-recommends golang-go \
&& rm -rf /var/lib/apt/lists/* ; \
fi
# Install PowerShell # Install PowerShell
RUN ARCH=$(uname -m) && \ RUN ARCH=$(uname -m) && \
if [ "$ARCH" = "x86_64" ]; then \ if [ "$ARCH" = "x86_64" ]; then \

25
api/poetry.lock generated
View File

@@ -1822,14 +1822,14 @@ crt = ["awscrt (==0.27.6)"]
[[package]] [[package]]
name = "cartography" name = "cartography"
version = "0.129.0" version = "0.132.0"
description = "Explore assets and their relationships across your technical infrastructure." description = "Explore assets and their relationships across your technical infrastructure."
optional = false optional = false
python-versions = ">=3.10" python-versions = ">=3.10"
groups = ["main"] groups = ["main"]
files = [ files = [
{file = "cartography-0.129.0-py3-none-any.whl", hash = "sha256:d42c840369be9e4d0ac4d024074e3732416e40bab3d9a3023b6a247918daed4c"}, {file = "cartography-0.132.0-py3-none-any.whl", hash = "sha256:c070aa51d0ab4479cb043cae70b35e7df49f2fb5f1fa95ccf10000bbeb952262"},
{file = "cartography-0.129.0.tar.gz", hash = "sha256:cb47d603e652554a4cbcc1a868c96014eb02b3d5cc1affea0428b2ed7fa61699"}, {file = "cartography-0.132.0.tar.gz", hash = "sha256:7c6332bc57fd2629d7b83aee7bd95a7b2edb0d51ef746efa0461399e0b66625c"},
] ]
[package.dependencies] [package.dependencies]
@@ -1864,8 +1864,8 @@ boto3 = ">=1.15.1"
botocore = ">=1.18.1" botocore = ">=1.18.1"
cloudflare = ">=4.1.0,<5.0.0" cloudflare = ">=4.1.0,<5.0.0"
crowdstrike-falconpy = ">=0.5.1" crowdstrike-falconpy = ">=0.5.1"
cryptography = "*"
dnspython = ">=1.15.0" dnspython = ">=1.15.0"
dockerfile = ">=3.0.0"
duo-client = "*" duo-client = "*"
google-api-python-client = ">=1.7.8" google-api-python-client = ">=1.7.8"
google-auth = ">=2.37.0" google-auth = ">=2.37.0"
@@ -3095,21 +3095,6 @@ docs = ["myst-parser (==0.18.0)", "sphinx (==5.1.1)"]
ssh = ["paramiko (>=2.4.3)"] ssh = ["paramiko (>=2.4.3)"]
websockets = ["websocket-client (>=1.3.0)"] websockets = ["websocket-client (>=1.3.0)"]
[[package]]
name = "dockerfile"
version = "3.4.0"
description = "Parse a dockerfile into a high-level representation using the official go parser."
optional = false
python-versions = ">=3.9"
groups = ["main"]
files = [
{file = "dockerfile-3.4.0-cp39-abi3-macosx_13_0_x86_64.whl", hash = "sha256:ed33446a76007cbb3f28c247f189cc06db34667d4f59a398a5c44912d7c13f36"},
{file = "dockerfile-3.4.0-cp39-abi3-macosx_14_0_arm64.whl", hash = "sha256:a4549d4f038483c25906d4fec56bb6ffe82ae26e0f80a15f2c0fedbb50712053"},
{file = "dockerfile-3.4.0-cp39-abi3-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:b95102bd82e6f67c836186b51c13114aa586a20e8cb6441bde24d4070542009d"},
{file = "dockerfile-3.4.0-cp39-abi3-win_amd64.whl", hash = "sha256:30202187f1885f99ac839fd41ca8150b2fd0a66fac12db0166361d0c4622e71a"},
{file = "dockerfile-3.4.0.tar.gz", hash = "sha256:238bb950985c55a525daef8bbfe994a0230aa0978c419f4caa4d9ce0a37343f1"},
]
[[package]] [[package]]
name = "dogpile-cache" name = "dogpile-cache"
version = "1.5.0" version = "1.5.0"
@@ -9397,4 +9382,4 @@ files = [
[metadata] [metadata]
lock-version = "2.1" lock-version = "2.1"
python-versions = ">=3.11,<3.13" python-versions = ">=3.11,<3.13"
content-hash = "42759b370c9e38da727e73f9d8ec0fa61bc6137eab18f11ccd7deff79a0dee69" content-hash = "6e38c38b1f8dc05b881f49703fa445eec299527e6697992b18e4613534fbcdb6"

2
api/pyproject.toml
View File

@@ -37,7 +37,7 @@ dependencies = [
"matplotlib (>=3.10.6,<4.0.0)", "matplotlib (>=3.10.6,<4.0.0)",
"reportlab (>=4.4.4,<5.0.0)", "reportlab (>=4.4.4,<5.0.0)",
"neo4j (>=6.0.0,<7.0.0)", "neo4j (>=6.0.0,<7.0.0)",
"cartography (==0.129.0)", "cartography (==0.132.0)",
"gevent (>=25.9.1,<26.0.0)", "gevent (>=25.9.1,<26.0.0)",
"werkzeug (>=3.1.4)", "werkzeug (>=3.1.4)",
"sqlparse (>=0.5.4)", "sqlparse (>=0.5.4)",

25
api/src/backend/tasks/jobs/attack_paths/aws.py
View File

@@ -43,6 +43,7 @@ def start_aws_ingestion(
"aws_guardduty_severity_threshold": cartography_config.aws_guardduty_severity_threshold, "aws_guardduty_severity_threshold": cartography_config.aws_guardduty_severity_threshold,
"aws_cloudtrail_management_events_lookback_hours": cartography_config.aws_cloudtrail_management_events_lookback_hours, "aws_cloudtrail_management_events_lookback_hours": cartography_config.aws_cloudtrail_management_events_lookback_hours,
"experimental_aws_inspector_batch": cartography_config.experimental_aws_inspector_batch, "experimental_aws_inspector_batch": cartography_config.experimental_aws_inspector_batch,
"aws_tagging_api_cleanup_batch": cartography_config.aws_tagging_api_cleanup_batch,
} }
boto3_session = get_boto3_session(prowler_api_provider, prowler_sdk_provider) boto3_session = get_boto3_session(prowler_api_provider, prowler_sdk_provider)
@@ -116,6 +117,30 @@ def start_aws_ingestion(
neo4j_session, neo4j_session,
common_job_parameters, common_job_parameters,
) )
if all(
s in requested_syncs
for s in ["ecs", "ec2:load_balancer_v2", "ec2:load_balancer_v2:expose"]
):
logger.info(
f"Syncing lb_container_exposure scoped analysis for AWS account {prowler_api_provider.uid}"
)
cartography_aws.run_scoped_analysis_job(
"aws_lb_container_exposure.json",
neo4j_session,
common_job_parameters,
)
if all(s in requested_syncs for s in ["ec2:network_acls", "ec2:load_balancer_v2"]):
logger.info(
f"Syncing lb_nacl_direct scoped analysis for AWS account {prowler_api_provider.uid}"
)
cartography_aws.run_scoped_analysis_job(
"aws_lb_nacl_direct.json",
neo4j_session,
common_job_parameters,
)
db_utils.update_attack_paths_scan_progress(attack_paths_scan, 91) db_utils.update_attack_paths_scan_progress(attack_paths_scan, 91)
logger.info(f"Syncing metadata for AWS account {prowler_api_provider.uid}") logger.info(f"Syncing metadata for AWS account {prowler_api_provider.uid}")