ben.carrasco/prowler
1
0
Fork 0
mirror of https://github.com/prowler-cloud/prowler.git synced 2026-04-06 02:58:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: iteration and attribute read

Browse Source
This commit is contained in:
HugoPBrito
2025-12-16 13:03:16 +01:00
parent 22d1daf3c4
commit 8e2d2f00e6
12 changed files with 91 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
prowler/providers/cloudflare/services/firewall/__init__.py Normal file
View File

4
prowler/providers/cloudflare/services/firewall/firewall_client.py Normal file
View File

@@ -0,0 +1,4 @@
from prowler.providers.cloudflare.services.firewall.firewall_service import Firewall
from prowler.providers.common.provider import Provider
firewall_client = Firewall(Provider.get_global_provider())

77
prowler/providers/cloudflare/services/firewall/firewall_service.py Normal file
View File

@@ -0,0 +1,77 @@
from typing import Optional
from pydantic import BaseModel
from prowler.lib.logger import logger
from prowler.providers.cloudflare.lib.service.service import CloudflareService
from prowler.providers.cloudflare.services.zones.zones_client import zones_client
class Firewall(CloudflareService):
"""Retrieve Cloudflare firewall rules for all zones."""
def __init__(self, provider):
super().__init__(__class__.__name__, provider)
self.rules: list["CloudflareFirewallRule"] = []
self._list_rulesets()
def _list_rulesets(self) -> None:
"""List firewall rulesets for all zones."""
logger.info("Firewall - Listing firewall rulesets...")
try:
for zone in zones_client.zones.values():
try:
# Get all rulesets for the zone
rulesets = self.client.rulesets.list(zone_id=zone.id)
for ruleset in rulesets:
ruleset_id = getattr(ruleset, "id", None)
phase = getattr(ruleset, "phase", None)
if not ruleset_id:
continue
# Get rules within each ruleset
try:
ruleset_detail = self.client.rulesets.get(
ruleset_id=ruleset_id, zone_id=zone.id
)
rules = getattr(ruleset_detail, "rules", []) or []
for rule in rules:
self.rules.append(
CloudflareFirewallRule(
id=getattr(rule, "id", None),
zone_id=zone.id,
zone_name=zone.name,
ruleset_id=ruleset_id,
phase=phase,
action=getattr(rule, "action", None),
expression=getattr(rule, "expression", None),
description=getattr(rule, "description", None),
enabled=getattr(rule, "enabled", True),
)
)
except Exception as error:
logger.debug(
f"{zone.id} ruleset {ruleset_id} -- {error.__class__.__name__}: {error}"
)
except Exception as error:
logger.error(
f"{zone.id} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
except Exception as error:
logger.error(
f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
class CloudflareFirewallRule(BaseModel):
"""Cloudflare firewall rule representation."""
id: Optional[str] = None
zone_id: str
zone_name: str
ruleset_id: Optional[str] = None
phase: Optional[str] = None
action: Optional[str] = None
expression: Optional[str] = None
description: Optional[str] = None
enabled: bool = True

2
prowler/providers/cloudflare/services/zones/zones_always_online_disabled/zones_always_online_disabled.py
View File

@@ -5,7 +5,7 @@ from prowler.providers.cloudflare.services.zones.zones_client import zones_clien
class zones_always_online_disabled(Check):
def execute(self) -> list[CheckReportCloudflare]:
findings = []
for zone in zones_client.zones:
for zone in zones_client.zones.values():
report = CheckReportCloudflare(
metadata=self.metadata(),
resource=zone,

2
prowler/providers/cloudflare/services/zones/zones_bot_fight_mode_enabled/zones_bot_fight_mode_enabled.py
View File

@@ -5,7 +5,7 @@ from prowler.providers.cloudflare.services.zones.zones_client import zones_clien
class zones_bot_fight_mode_enabled(Check):
def execute(self) -> list[CheckReportCloudflare]:
findings = []
for zone in zones_client.zones:
for zone in zones_client.zones.values():
report = CheckReportCloudflare(
metadata=self.metadata(),
resource=zone,

2
prowler/providers/cloudflare/services/zones/zones_challenge_passage_configured/zones_challenge_passage_configured.py
View File

@@ -8,7 +8,7 @@ class zones_challenge_passage_configured(Check):
# Recommended challenge TTL is 1 hour (3600 seconds)
recommended_ttl = 3600
for zone in zones_client.zones:
for zone in zones_client.zones.values():
report = CheckReportCloudflare(
metadata=self.metadata(),
resource=zone,

2
prowler/providers/cloudflare/services/zones/zones_development_mode_disabled/zones_development_mode_disabled.py
View File

@@ -5,7 +5,7 @@ from prowler.providers.cloudflare.services.zones.zones_client import zones_clien
class zones_development_mode_disabled(Check):
def execute(self) -> list[CheckReportCloudflare]:
findings = []
for zone in zones_client.zones:
for zone in zones_client.zones.values():
report = CheckReportCloudflare(
metadata=self.metadata(),
resource=zone,

2
prowler/providers/cloudflare/services/zones/zones_hotlink_protection_enabled/zones_hotlink_protection_enabled.py
View File

@@ -5,7 +5,7 @@ from prowler.providers.cloudflare.services.zones.zones_client import zones_clien
class zones_hotlink_protection_enabled(Check):
def execute(self) -> list[CheckReportCloudflare]:
findings = []
for zone in zones_client.zones:
for zone in zones_client.zones.values():
report = CheckReportCloudflare(
metadata=self.metadata(),
resource=zone,

2
prowler/providers/cloudflare/services/zones/zones_ip_geolocation_enabled/zones_ip_geolocation_enabled.py
View File

@@ -5,7 +5,7 @@ from prowler.providers.cloudflare.services.zones.zones_client import zones_clien
class zones_ip_geolocation_enabled(Check):
def execute(self) -> list[CheckReportCloudflare]:
findings = []
for zone in zones_client.zones:
for zone in zones_client.zones.values():
report = CheckReportCloudflare(
metadata=self.metadata(),
resource=zone,

4
prowler/providers/cloudflare/services/zones/zones_rate_limiting_enabled/zones_rate_limiting_enabled.py
View File

@@ -9,7 +9,7 @@ class zones_rate_limiting_enabled(Check):
def execute(self) -> list[CheckReportCloudflare]:
findings = []
for zone in zones_client.zones:
for zone in zones_client.zones.values():
report = CheckReportCloudflare(
metadata=self.metadata(),
resource=zone,
@@ -19,7 +19,7 @@ class zones_rate_limiting_enabled(Check):
rate_limit_rules = [
rule
for rule in firewall_client.rules
if rule.zone.id == zone.id
if rule.zone_id == zone.id
and rule.phase == "http_ratelimit"
and rule.enabled
]

2
prowler/providers/cloudflare/services/zones/zones_server_side_excludes_enabled/zones_server_side_excludes_enabled.py
View File

@@ -5,7 +5,7 @@ from prowler.providers.cloudflare.services.zones.zones_client import zones_clien
class zones_server_side_excludes_enabled(Check):
def execute(self) -> list[CheckReportCloudflare]:
findings = []
for zone in zones_client.zones:
for zone in zones_client.zones.values():
report = CheckReportCloudflare(
metadata=self.metadata(),
resource=zone,

2
prowler/providers/cloudflare/services/zones/zones_waf_enabled/zones_waf_enabled.py
View File

@@ -5,7 +5,7 @@ from prowler.providers.cloudflare.services.zones.zones_client import zones_clien
class zones_waf_enabled(Check):
def execute(self) -> list[CheckReportCloudflare]:
findings = []
for zone in zones_client.zones:
for zone in zones_client.zones.values():
report = CheckReportCloudflare(
metadata=self.metadata(),
resource=zone,