From 964548a6776d8b2b6bdbd52c3b9f059451ca2b42 Mon Sep 17 00:00:00 2001 From: lydiavilchez <114735608+lydiavilchez@users.noreply.github.com> Date: Mon, 18 May 2026 12:57:22 +0200 Subject: [PATCH] fix(googleworkspace): add API filter to Drive and Calendar services to prevent rate limiting (#11195) --- prowler/CHANGELOG.md | 1 + .../googleworkspace/services/calendar/calendar_service.py | 5 ++++- .../googleworkspace/services/drive/drive_service.py | 5 ++++- 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/prowler/CHANGELOG.md b/prowler/CHANGELOG.md index 26fe7f4a68..1d8d462738 100644 --- a/prowler/CHANGELOG.md +++ b/prowler/CHANGELOG.md @@ -24,6 +24,7 @@ All notable changes to the **Prowler SDK** are documented in this file. - Google Workspace Calendar and Drive services sharing a single resource row, causing the service field to be overwritten by the last check executed [(#11161)](https://github.com/prowler-cloud/prowler/pull/11161) - `zone_waf_enabled` check for Cloudflare provider now appends a plan-aware hint to the FAIL `status_extended`: a possible-false-positive note on paid plans (Pro, Business, Enterprise) where the legacy `waf` zone setting can read `off` even though WAF managed rulesets are deployed via the dashboard, and a "not available on the Cloudflare Free plan" note on Free zones [(#9896)](https://github.com/prowler-cloud/prowler/pull/9896) - Google Workspace Gmail checks sharing a single resource row, causing the service field to be overwritten by the last check executed [(#11169)](https://github.com/prowler-cloud/prowler/pull/11169) +- Google Workspace Drive and Calendar services missing server-side policy filters [(#11195)](https://github.com/prowler-cloud/prowler/pull/11195) --- diff --git a/prowler/providers/googleworkspace/services/calendar/calendar_service.py b/prowler/providers/googleworkspace/services/calendar/calendar_service.py index f976b654c0..aa822d4218 100644 --- a/prowler/providers/googleworkspace/services/calendar/calendar_service.py +++ b/prowler/providers/googleworkspace/services/calendar/calendar_service.py @@ -30,7 +30,10 @@ class Calendar(GoogleWorkspaceService): logger.error("Failed to build Cloud Identity service") return - request = service.policies().list(pageSize=100) + request = service.policies().list( + pageSize=100, + filter='setting.type.matches("calendar.*")', + ) fetch_succeeded = True while request is not None: diff --git a/prowler/providers/googleworkspace/services/drive/drive_service.py b/prowler/providers/googleworkspace/services/drive/drive_service.py index e7d89f8473..68c4b48453 100644 --- a/prowler/providers/googleworkspace/services/drive/drive_service.py +++ b/prowler/providers/googleworkspace/services/drive/drive_service.py @@ -31,7 +31,10 @@ class Drive(GoogleWorkspaceService): logger.error("Failed to build Cloud Identity service") return - request = service.policies().list(pageSize=100) + request = service.policies().list( + pageSize=100, + filter='setting.type.matches("drive_and_docs.*")', + ) fetch_succeeded = True while request is not None: