Merge branch 'PROWLER-386-add-cloudflare-provider-to-cli' into cloudflare-pr2-tls-email-checks

2026-04-06 02:58:15 +00:00 · 2026-01-09 13:48:37 +01:00
parent b3b1ee3252 9a22b1238a
commit 773e4b23b5
2 changed files with 3 additions and 23 deletions
--- a/prowler/config/config.yaml
+++ b/prowler/config/config.yaml
@@ -598,22 +598,3 @@ cloudflare:
  # Maximum number of retries for API requests (default is 2)
  # Set to 0 to disable retries
  max_retries: 3
-
-  # cloudflare.zones_min_tls_version_secure
-  # Minimum TLS version considered secure
-  min_tls_version: "1.2"
-
-  # cloudflare.zones_ssl_strict
-  # Recommended SSL modes for zones
-  recommended_ssl_modes:
-    [
-      "full",
-    ]
-
-  # cloudflare.zones_security_level (future check)
-  # Recommended security levels for zones
-  recommended_security_levels:
-    [
-      "high",
-      "under_attack",
-    ]
--- a/prowler/providers/cloudflare/services/zones/zones_min_tls_version_secure/zones_min_tls_version_secure.py
+++ b/prowler/providers/cloudflare/services/zones/zones_min_tls_version_secure/zones_min_tls_version_secure.py
@@ -5,8 +5,6 @@ from prowler.providers.cloudflare.services.zones.zones_client import zones_clien
 class zones_min_tls_version_secure(Check):
    def execute(self) -> list[CheckReportCloudflare]:
        findings = []
-        min_tls_version = zones_client.audit_config.get("min_tls_version", "1.2")
-        required_version = float(min_tls_version)

        for zone in zones_client.zones.values():
            report = CheckReportCloudflare(
@@ -18,11 +16,12 @@ class zones_min_tls_version_secure(Check):
                current = float(current_version)
            except ValueError:
                current = 0
-            if current >= required_version:
+
+            if current >= 1.2:
                report.status = "PASS"
                report.status_extended = f"Minimum TLS version for zone {zone.name} is set to {current_version}."
            else:
                report.status = "FAIL"
-                report.status_extended = f"Minimum TLS version for zone {zone.name} is {current_version}, below the recommended {min_tls_version}."
+                report.status_extended = f"Minimum TLS version for zone {zone.name} is {current_version}, below the recommended 1.2."
            findings.append(report)
        return findings