chore(prowler): change all methods from services from format double underscore to single underscore (#4910)

This commit is contained in:
Rubén De la Torre Vico
2024-09-02 10:07:21 +02:00
committed by GitHub
parent 007c1febf7
commit 9797c11152
208 changed files with 1195 additions and 1215 deletions
+6 -6
View File
@@ -592,7 +592,7 @@ is following the actual format, add one function where the client is passed to b
`mock_api_<endpoint>_calls` (*endpoint* refers to the first attribute pointed after *client*).
In the example of BigQuery the function is called `mock_api_dataset_calls`. And inside of this function we found an assignation to
be used in the `__get_datasets__` method in BigQuery class:
be used in the `_get_datasets` method in BigQuery class:
```python
# Mocking datasets
@@ -765,7 +765,7 @@ from tests.providers.azure.azure_fixtures import (
set_mocked_azure_provider,
)
# Function to mock the service function __get_components__, this function task is to return a possible value that real function could returns
# Function to mock the service function _get_components, this function task is to return a possible value that real function could returns
def mock_appinsights_get_components(_):
return {
AZURE_SUBSCRIPTION_ID: {
@@ -779,12 +779,12 @@ def mock_appinsights_get_components(_):
# Patch decorator to use the mocked function instead the function with the real API call
@patch(
"prowler.providers.azure.services.appinsights.appinsights_service.AppInsights.__get_components__",
"prowler.providers.azure.services.appinsights.appinsights_service.AppInsights._get_components",
new=mock_appinsights_get_components,
)
class Test_AppInsights_Service:
# Mandatory test for every service, this method test the instance of the client is correct
def test__get_client__(self):
def test_get_client(self):
app_insights = AppInsights(set_mocked_azure_provider())
assert (
app_insights.clients[AZURE_SUBSCRIPTION_ID].__class__.__name__
@@ -794,8 +794,8 @@ class Test_AppInsights_Service:
def test__get_subscriptions__(self):
app_insights = AppInsights(set_mocked_azure_provider())
assert app_insights.subscriptions.__class__.__name__ == "dict"
# Test for the function __get_components__, inside this client is used the mocked function
def test__get_components__(self):
# Test for the function _get_components, inside this client is used the mocked function
def test_get_components(self):
appinsights = AppInsights(set_mocked_azure_provider())
assert len(appinsights.components) == 1
assert (
@@ -14,11 +14,11 @@ class AccessAnalyzer(AWSService):
# Call AWSService's __init__
super().__init__(__class__.__name__, provider)
self.analyzers = []
self.__threading_call__(self.__list_analyzers__)
self.__list_findings__()
self.__get_finding_status__()
self.__threading_call__(self._list_analyzers)
self._list_findings()
self._get_finding_status()
def __list_analyzers__(self, regional_client):
def _list_analyzers(self, regional_client):
logger.info("AccessAnalyzer - Listing Analyzers...")
try:
list_analyzers_paginator = regional_client.get_paginator("list_analyzers")
@@ -57,7 +57,7 @@ class AccessAnalyzer(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_finding_status__(self):
def _get_finding_status(self):
logger.info("AccessAnalyzer - Get Finding status...")
try:
for analyzer in self.analyzers:
@@ -87,7 +87,7 @@ class AccessAnalyzer(AWSService):
# TODO: We need to include ListFindingsV2
# https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/accessanalyzer/client/list_findings_v2.html
def __list_findings__(self):
def _list_findings(self):
logger.info("AccessAnalyzer - Listing Findings per Analyzer...")
try:
for analyzer in self.analyzers:
@@ -13,10 +13,10 @@ class Account(AWSService):
# Call AWSService's __init__
super().__init__(__class__.__name__, provider)
self.number_of_contacts = 4
self.contact_base = self.__get_contact_information__()
self.contacts_billing = self.__get_alternate_contact__("BILLING")
self.contacts_security = self.__get_alternate_contact__("SECURITY")
self.contacts_operations = self.__get_alternate_contact__("OPERATIONS")
self.contact_base = self._get_contact_information()
self.contacts_billing = self._get_alternate_contact("BILLING")
self.contacts_security = self._get_alternate_contact("SECURITY")
self.contacts_operations = self._get_alternate_contact("OPERATIONS")
if self.contact_base:
# Set of contact phone numbers
@@ -42,7 +42,7 @@ class Account(AWSService):
self.contacts_operations.email,
}
def __get_contact_information__(self):
def _get_contact_information(self):
try:
primary_account_contact = self.client.get_contact_information()[
"ContactInformation"
@@ -65,7 +65,7 @@ class Account(AWSService):
)
return Contact(type="PRIMARY")
def __get_alternate_contact__(self, contact_type: str):
def _get_alternate_contact(self, contact_type: str):
try:
account_contact = self.client.get_alternate_contact(
AlternateContactType=contact_type
@@ -14,13 +14,13 @@ class APIGateway(AWSService):
# Call AWSService's __init__
super().__init__(__class__.__name__, provider)
self.rest_apis = []
self.__threading_call__(self.__get_rest_apis__)
self.__get_authorizers__()
self.__get_rest_api__()
self.__get_stages__()
self.__get_resources__()
self.__threading_call__(self._get_rest_apis)
self._get_authorizers()
self._get_rest_api()
self._get_stages()
self._get_resources()
def __get_rest_apis__(self, regional_client):
def _get_rest_apis(self, regional_client):
logger.info("APIGateway - Getting Rest APIs...")
try:
get_rest_apis_paginator = regional_client.get_paginator("get_rest_apis")
@@ -44,7 +44,7 @@ class APIGateway(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_authorizers__(self):
def _get_authorizers(self):
logger.info("APIGateway - Getting Rest APIs authorizer...")
try:
for rest_api in self.rest_apis:
@@ -75,7 +75,7 @@ class APIGateway(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_rest_api__(self):
def _get_rest_api(self):
logger.info("APIGateway - Describing Rest API...")
try:
for rest_api in self.rest_apis:
@@ -103,7 +103,7 @@ class APIGateway(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_stages__(self):
def _get_stages(self):
logger.info("APIGateway - Getting stages for Rest APIs...")
try:
for rest_api in self.rest_apis:
@@ -151,7 +151,7 @@ class APIGateway(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_resources__(self):
def _get_resources(self):
logger.info("APIGateway - Getting API resources...")
try:
for rest_api in self.rest_apis:
@@ -13,11 +13,11 @@ class ApiGatewayV2(AWSService):
# Call AWSService's __init__
super().__init__(__class__.__name__, provider)
self.apis = []
self.__threading_call__(self.__get_apis__)
self.__get_authorizers__()
self.__get_stages__()
self.__threading_call__(self._get_apis)
self._get_authorizers()
self._get_stages()
def __get_apis__(self, regional_client):
def _get_apis(self, regional_client):
logger.info("APIGatewayv2 - Getting APIs...")
try:
get_apis_paginator = regional_client.get_paginator("get_apis")
@@ -41,7 +41,7 @@ class ApiGatewayV2(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_authorizers__(self):
def _get_authorizers(self):
logger.info("APIGatewayv2 - Getting APIs authorizer...")
try:
for api in self.apis:
@@ -54,7 +54,7 @@ class ApiGatewayV2(AWSService):
f"{error.__class__.__name__}:{error.__traceback__.tb_lineno} -- {error}"
)
def __get_stages__(self):
def _get_stages(self):
logger.info("APIGatewayv2 - Getting stages for APIs...")
try:
for api in self.apis:
@@ -13,10 +13,10 @@ class AppStream(AWSService):
# Call AWSService's __init__
super().__init__(__class__.__name__, provider)
self.fleets = []
self.__threading_call__(self.__describe_fleets__)
self.__list_tags_for_resource__()
self.__threading_call__(self._describe_fleets)
self._list_tags_for_resource()
def __describe_fleets__(self, regional_client):
def _describe_fleets(self, regional_client):
logger.info("AppStream - Describing Fleets...")
try:
describe_fleets_paginator = regional_client.get_paginator("describe_fleets")
@@ -50,7 +50,7 @@ class AppStream(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __list_tags_for_resource__(self):
def _list_tags_for_resource(self):
logger.info("AppStream - List Tags...")
try:
for fleet in self.fleets:
@@ -13,12 +13,12 @@ class Athena(AWSService):
# Call AWSService's __init__
super().__init__(__class__.__name__, provider)
self.workgroups = {}
self.__threading_call__(self.__list_workgroups__)
self.__get_workgroups__()
self.__list_query_executions__()
self.__list_tags_for_resource__()
self.__threading_call__(self._list_workgroups)
self._get_workgroups()
self._list_query_executions()
self._list_tags_for_resource()
def __list_workgroups__(self, regional_client):
def _list_workgroups(self, regional_client):
logger.info("Athena - Listing WorkGroups...")
try:
list_workgroups = regional_client.list_work_groups()
@@ -44,7 +44,7 @@ class Athena(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_workgroups__(self):
def _get_workgroups(self):
logger.info("Athena - Getting WorkGroups...")
try:
for workgroup in self.workgroups.values():
@@ -88,7 +88,7 @@ class Athena(AWSService):
f"{self.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __list_query_executions__(self):
def _list_query_executions(self):
logger.info("Athena - Listing Queries...")
try:
for workgroup in self.workgroups.values():
@@ -109,7 +109,7 @@ class Athena(AWSService):
f"{self.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __list_tags_for_resource__(self):
def _list_tags_for_resource(self):
logger.info("Athena - Listing Tags...")
try:
for workgroup in self.workgroups.values():
@@ -11,11 +11,11 @@ class AutoScaling(AWSService):
# Call AWSService's __init__
super().__init__(__class__.__name__, provider)
self.launch_configurations = []
self.__threading_call__(self.__describe_launch_configurations__)
self.__threading_call__(self._describe_launch_configurations)
self.groups = []
self.__threading_call__(self.__describe_auto_scaling_groups__)
self.__threading_call__(self._describe_auto_scaling_groups)
def __describe_launch_configurations__(self, regional_client):
def _describe_launch_configurations(self, regional_client):
logger.info("AutoScaling - Describing Launch Configurations...")
try:
describe_launch_configurations_paginator = regional_client.get_paginator(
@@ -44,7 +44,7 @@ class AutoScaling(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __describe_auto_scaling_groups__(self, regional_client):
def _describe_auto_scaling_groups(self, regional_client):
logger.info("AutoScaling - Describing AutoScaling Groups...")
try:
describe_auto_scaling_groups_paginator = regional_client.get_paginator(
@@ -12,7 +12,7 @@ class awslambda_function_no_secrets_in_code(Check):
def execute(self):
findings = []
if awslambda_client.functions:
for function, function_code in awslambda_client.__get_function_code__():
for function, function_code in awslambda_client._get_function_code():
if function_code:
report = Check_Report_AWS(self.metadata())
report.region = function.region
@@ -19,12 +19,12 @@ class Lambda(AWSService):
# Call AWSService's __init__
super().__init__(__class__.__name__, provider)
self.functions = {}
self.__threading_call__(self.__list_functions__)
self.__list_tags_for_resource__()
self.__threading_call__(self.__get_policy__)
self.__threading_call__(self.__get_function_url_config__)
self.__threading_call__(self._list_functions)
self._list_tags_for_resource()
self.__threading_call__(self._get_policy)
self.__threading_call__(self._get_function_url_config)
def __list_functions__(self, regional_client):
def _list_functions(self, regional_client):
logger.info("Lambda - Listing Functions...")
try:
list_functions_paginator = regional_client.get_paginator("list_functions")
@@ -61,12 +61,12 @@ class Lambda(AWSService):
f" {error}"
)
def __get_function_code__(self):
def _get_function_code(self):
logger.info("Lambda - Getting Function Code...")
# Use a thread pool handle the queueing and execution of the __fetch_function_code__ tasks, up to max_workers tasks concurrently.
# Use a thread pool handle the queueing and execution of the _fetch_function_code tasks, up to max_workers tasks concurrently.
lambda_functions_to_fetch = {
self.thread_pool.submit(
self.__fetch_function_code__, function.name, function.region
self._fetch_function_code, function.name, function.region
): function
for function in self.functions.values()
}
@@ -82,7 +82,7 @@ class Lambda(AWSService):
f"{function.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __fetch_function_code__(self, function_name, function_region):
def _fetch_function_code(self, function_name, function_region):
try:
regional_client = self.regional_clients[function_region]
function_information = regional_client.get_function(
@@ -101,7 +101,7 @@ class Lambda(AWSService):
)
raise
def __get_policy__(self, regional_client):
def _get_policy(self, regional_client):
logger.info("Lambda - Getting Policy...")
try:
for function in self.functions.values():
@@ -124,7 +124,7 @@ class Lambda(AWSService):
f" {error}"
)
def __get_function_url_config__(self, regional_client):
def _get_function_url_config(self, regional_client):
logger.info("Lambda - Getting Function URL Config...")
try:
for function in self.functions.values():
@@ -153,7 +153,7 @@ class Lambda(AWSService):
f" {error}"
)
def __list_tags_for_resource__(self):
def _list_tags_for_resource(self):
logger.info("Lambda - List Tags...")
try:
for function in self.functions.values():
@@ -18,13 +18,13 @@ class Backup(AWSService):
self.report_plan_arn_template = f"arn:{self.audited_partition}:backup:{self.region}:{self.audited_account}:report-plan"
self.backup_vault_arn_template = f"arn:{self.audited_partition}:backup:{self.region}:{self.audited_account}:backup-vault"
self.backup_vaults = []
self.__threading_call__(self.__list_backup_vaults__)
self.__threading_call__(self._list_backup_vaults)
self.backup_plans = []
self.__threading_call__(self.__list_backup_plans__)
self.__threading_call__(self._list_backup_plans)
self.backup_report_plans = []
self.__threading_call__(self.__list_backup_report_plans__)
self.__threading_call__(self._list_backup_report_plans)
def __list_backup_vaults__(self, regional_client):
def _list_backup_vaults(self, regional_client):
logger.info("Backup - Listing Backup Vaults...")
try:
list_backup_vaults_paginator = regional_client.get_paginator(
@@ -70,7 +70,7 @@ class Backup(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __list_backup_plans__(self, regional_client):
def _list_backup_plans(self, regional_client):
logger.info("Backup - Listing Backup Plans...")
try:
list_backup_plans_paginator = regional_client.get_paginator(
@@ -105,7 +105,7 @@ class Backup(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __list_backup_report_plans__(self, regional_client):
def _list_backup_report_plans(self, regional_client):
logger.info("Backup - Listing Backup Report Plans...")
try:
@@ -14,10 +14,10 @@ class CloudFormation(AWSService):
# Call AWSService's __init__
super().__init__(__class__.__name__, provider)
self.stacks = []
self.__threading_call__(self.__describe_stacks__)
self.__describe_stack__()
self.__threading_call__(self._describe_stacks)
self._describe_stack()
def __describe_stacks__(self, regional_client):
def _describe_stacks(self, regional_client):
"""Get ALL CloudFormation Stacks"""
logger.info("CloudFormation - Describing Stacks...")
try:
@@ -47,7 +47,7 @@ class CloudFormation(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __describe_stack__(self):
def _describe_stack(self):
"""Get Details for a CloudFormation Stack"""
logger.info("CloudFormation - Describing Stack to get specific details...")
for stack in self.stacks:
@@ -14,11 +14,11 @@ class CloudFront(AWSService):
# Call AWSService's __init__
super().__init__(__class__.__name__, provider, global_service=True)
self.distributions = {}
self.__list_distributions__(self.client, self.region)
self.__get_distribution_config__(self.client, self.distributions, self.region)
self.__list_tags_for_resource__(self.client, self.distributions, self.region)
self._list_distributions(self.client, self.region)
self._get_distribution_config(self.client, self.distributions, self.region)
self._list_tags_for_resource(self.client, self.distributions, self.region)
def __list_distributions__(self, client, region) -> dict:
def _list_distributions(self, client, region) -> dict:
logger.info("CloudFront - Listing Distributions...")
try:
list_ditributions_paginator = client.get_paginator("list_distributions")
@@ -44,7 +44,7 @@ class CloudFront(AWSService):
f"{region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_distribution_config__(self, client, distributions, region) -> dict:
def _get_distribution_config(self, client, distributions, region) -> dict:
logger.info("CloudFront - Getting Distributions...")
try:
for distribution_id in distributions.keys():
@@ -87,7 +87,7 @@ class CloudFront(AWSService):
f"{region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __list_tags_for_resource__(self, client, distributions, region):
def _list_tags_for_resource(self, client, distributions, region):
logger.info("CloudFront - List Tags...")
try:
for distribution in distributions.values():
@@ -32,7 +32,7 @@ class cloudtrail_multi_region_enabled(Check):
"No CloudTrail trails enabled with logging were found."
)
report.resource_arn = (
cloudtrail_client.__get_trail_arn_template__(region)
cloudtrail_client._get_trail_arn_template(region)
)
report.resource_id = cloudtrail_client.audited_account
# If there are no trails logging it is needed to store the FAIL once all the trails have been checked
@@ -14,9 +14,7 @@ class cloudtrail_multi_region_enabled_logging_management_events(Check):
report.status_extended = "No CloudTrail trails enabled and logging management events were found."
report.region = region
report.resource_id = cloudtrail_client.audited_account
report.resource_arn = cloudtrail_client.__get_trail_arn_template__(
region
)
report.resource_arn = cloudtrail_client._get_trail_arn_template(region)
trail_is_logging_management_events = False
for trail in cloudtrail_client.trails.values():
if trail.region == region or trail.is_multiregion:
@@ -16,21 +16,21 @@ class Cloudtrail(AWSService):
super().__init__(__class__.__name__, provider)
self.trail_arn_template = f"arn:{self.audited_partition}:cloudtrail:{self.region}:{self.audited_account}:trail"
self.trails = {}
self.__threading_call__(self.__get_trails__)
self.__threading_call__(self._get_trails)
if self.trails:
self.__get_trail_status__()
self.__get_insight_selectors__()
self.__get_event_selectors__()
self.__list_tags_for_resource__()
self._get_trail_status()
self._get_insight_selectors()
self._get_event_selectors()
self._list_tags_for_resource()
def __get_trail_arn_template__(self, region):
def _get_trail_arn_template(self, region):
return (
f"arn:{self.audited_partition}:cloudtrail:{region}:{self.audited_account}:trail"
if region
else f"arn:{self.audited_partition}:cloudtrail:{self.region}:{self.audited_account}:trail"
)
def __get_trails__(self, regional_client):
def _get_trails(self, regional_client):
logger.info("Cloudtrail - Getting trails...")
try:
describe_trails = regional_client.describe_trails()["trailList"]
@@ -70,7 +70,7 @@ class Cloudtrail(AWSService):
if trails_count == 0:
if self.trails is None:
self.trails = {}
self.trails[self.__get_trail_arn_template__(regional_client.region)] = (
self.trails[self._get_trail_arn_template(regional_client.region)] = (
Trail(
region=regional_client.region,
)
@@ -91,7 +91,7 @@ class Cloudtrail(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_trail_status__(self):
def _get_trail_status(self):
logger.info("Cloudtrail - Getting trail status")
try:
for trail in self.trails.values():
@@ -109,7 +109,7 @@ class Cloudtrail(AWSService):
f"{client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_event_selectors__(self):
def _get_event_selectors(self):
logger.info("Cloudtrail - Getting event selector")
try:
for trail in self.trails.values():
@@ -142,7 +142,7 @@ class Cloudtrail(AWSService):
f"{client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_insight_selectors__(self):
def _get_insight_selectors(self):
logger.info("Cloudtrail - Getting trail insight selectors...")
try:
@@ -192,7 +192,7 @@ class Cloudtrail(AWSService):
f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __lookup_events__(self, trail, event_name, minutes):
def _lookup_events(self, trail, event_name, minutes):
logger.info("CloudTrail - Lookup Events...")
try:
regional_client = self.regional_clients[trail.region]
@@ -208,7 +208,7 @@ class Cloudtrail(AWSService):
f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __list_tags_for_resource__(self):
def _list_tags_for_resource(self):
logger.info("CloudTrail - List Tags...")
try:
for trail in self.trails.values():
@@ -33,7 +33,7 @@ class cloudtrail_threat_detection_enumeration(Check):
)
for trail in trails_to_scan:
for event_name in enumeration_actions:
for event_log in cloudtrail_client.__lookup_events__(
for event_log in cloudtrail_client._lookup_events(
trail=trail,
event_name=event_name,
minutes=threat_detection_minutes,
@@ -52,7 +52,7 @@ class cloudtrail_threat_detection_enumeration(Check):
report = Check_Report_AWS(self.metadata())
report.region = cloudtrail_client.region
report.resource_id = cloudtrail_client.audited_account
report.resource_arn = cloudtrail_client.__get_trail_arn_template__(
report.resource_arn = cloudtrail_client._get_trail_arn_template(
cloudtrail_client.region
)
report.status = "FAIL"
@@ -62,7 +62,7 @@ class cloudtrail_threat_detection_enumeration(Check):
report = Check_Report_AWS(self.metadata())
report.region = cloudtrail_client.region
report.resource_id = cloudtrail_client.audited_account
report.resource_arn = cloudtrail_client.__get_trail_arn_template__(
report.resource_arn = cloudtrail_client._get_trail_arn_template(
cloudtrail_client.region
)
report.status = "PASS"
@@ -34,7 +34,7 @@ class cloudtrail_threat_detection_privilege_escalation(Check):
)
for trail in trails_to_scan:
for event_name in privilege_escalation_actions:
for event_log in cloudtrail_client.__lookup_events__(
for event_log in cloudtrail_client._lookup_events(
trail=trail,
event_name=event_name,
minutes=threat_detection_minutes,
@@ -58,7 +58,7 @@ class cloudtrail_threat_detection_privilege_escalation(Check):
report = Check_Report_AWS(self.metadata())
report.region = cloudtrail_client.region
report.resource_id = cloudtrail_client.audited_account
report.resource_arn = cloudtrail_client.__get_trail_arn_template__(
report.resource_arn = cloudtrail_client._get_trail_arn_template(
cloudtrail_client.region
)
report.status = "FAIL"
@@ -68,7 +68,7 @@ class cloudtrail_threat_detection_privilege_escalation(Check):
report = Check_Report_AWS(self.metadata())
report.region = cloudtrail_client.region
report.resource_id = cloudtrail_client.audited_account
report.resource_arn = cloudtrail_client.__get_trail_arn_template__(
report.resource_arn = cloudtrail_client._get_trail_arn_template(
cloudtrail_client.region
)
report.status = "PASS"
@@ -15,11 +15,11 @@ class CloudWatch(AWSService):
# Call AWSService's __init__
super().__init__(__class__.__name__, provider)
self.metric_alarms = []
self.__threading_call__(self.__describe_alarms__)
self.__threading_call__(self._describe_alarms)
if self.metric_alarms:
self.__list_tags_for_resource__()
self._list_tags_for_resource()
def __describe_alarms__(self, regional_client):
def _describe_alarms(self, regional_client):
logger.info("CloudWatch - Describing alarms...")
try:
describe_alarms_paginator = regional_client.get_paginator("describe_alarms")
@@ -61,7 +61,7 @@ class CloudWatch(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __list_tags_for_resource__(self):
def _list_tags_for_resource(self):
logger.info("CloudWatch - List Tags...")
try:
for metric_alarm in self.metric_alarms:
@@ -84,8 +84,8 @@ class Logs(AWSService):
self.log_group_arn_template = f"arn:{self.audited_partition}:logs:{self.region}:{self.audited_account}:log-group"
self.metric_filters = []
self.log_groups = []
self.__threading_call__(self.__describe_metric_filters__)
self.__threading_call__(self.__describe_log_groups__)
self.__threading_call__(self._describe_metric_filters)
self.__threading_call__(self._describe_log_groups)
if self.log_groups:
if (
"cloudwatch_log_group_no_secrets_in_logs"
@@ -94,10 +94,10 @@ class Logs(AWSService):
self.events_per_log_group_threshold = (
1000 # The threshold for number of events to return per log group.
)
self.__threading_call__(self.__get_log_events__)
self.__threading_call__(self.__list_tags_for_resource__, self.log_groups)
self.__threading_call__(self._get_log_events)
self.__threading_call__(self._list_tags_for_resource, self.log_groups)
def __describe_metric_filters__(self, regional_client):
def _describe_metric_filters(self, regional_client):
logger.info("CloudWatch Logs - Describing metric filters...")
try:
describe_metric_filters_paginator = regional_client.get_paginator(
@@ -137,7 +137,7 @@ class Logs(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __describe_log_groups__(self, regional_client):
def _describe_log_groups(self, regional_client):
logger.info("CloudWatch Logs - Describing log groups...")
try:
describe_log_groups_paginator = regional_client.get_paginator(
@@ -182,7 +182,7 @@ class Logs(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_log_events__(self, regional_client):
def _get_log_events(self, regional_client):
regional_log_groups = [
log_group
for log_group in self.log_groups
@@ -214,7 +214,7 @@ class Logs(AWSService):
f"CloudWatch Logs - Finished retrieving log events in {regional_client.region}..."
)
def __list_tags_for_resource__(self, log_group):
def _list_tags_for_resource(self, log_group):
logger.info(f"CloudWatch Logs - List Tags for Log Group {log_group.name}...")
try:
regional_client = self.regional_clients[log_group.region]
@@ -16,11 +16,11 @@ class CodeArtifact(AWSService):
super().__init__(__class__.__name__, provider)
# repositories is a dictionary containing all the codeartifact service information
self.repositories = {}
self.__threading_call__(self.__list_repositories__)
self.__threading_call__(self.__list_packages__)
self.__list_tags_for_resource__()
self.__threading_call__(self._list_repositories)
self.__threading_call__(self._list_packages)
self._list_tags_for_resource()
def __list_repositories__(self, regional_client):
def _list_repositories(self, regional_client):
logger.info("CodeArtifact - Listing Repositories...")
try:
list_repositories_paginator = regional_client.get_paginator(
@@ -52,7 +52,7 @@ class CodeArtifact(AWSService):
f" {error}"
)
def __list_packages__(self, regional_client):
def _list_packages(self, regional_client):
logger.info("CodeArtifact - Listing Packages and retrieving information...")
for repository in self.repositories:
try:
@@ -169,7 +169,7 @@ class CodeArtifact(AWSService):
f" {error}"
)
def __list_tags_for_resource__(self):
def _list_tags_for_resource(self):
logger.info("CodeArtifact - List Tags...")
try:
for repository in self.repositories.values():
@@ -14,14 +14,14 @@ class CognitoIDP(AWSService):
super().__init__("cognito-idp", provider)
self.user_pools = {}
self.__threading_call__(self.__list_user_pools__)
self.__describe_user_pools__()
self.__list_user_pool_clients__()
self.__describe_user_pool_clients__()
self.__get_user_pool_mfa_config__()
self.__get_user_pool_risk_configuration__()
self.__threading_call__(self._list_user_pools)
self._describe_user_pools()
self._list_user_pool_clients()
self._describe_user_pool_clients()
self._get_user_pool_mfa_config()
self._get_user_pool_risk_configuration()
def __list_user_pools__(self, regional_client):
def _list_user_pools(self, regional_client):
logger.info("Cognito - Listing User Pools...")
try:
user_pools_paginator = regional_client.get_paginator("list_user_pools")
@@ -51,7 +51,7 @@ class CognitoIDP(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __describe_user_pools__(self):
def _describe_user_pools(self):
logger.info("Cognito - Describing User Pools...")
try:
for user_pool in self.user_pools.values():
@@ -114,7 +114,7 @@ class CognitoIDP(AWSService):
f"{user_pool.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __list_user_pool_clients__(self):
def _list_user_pool_clients(self):
logger.info("Cognito - Listing User Pool Clients...")
try:
for user_pool in self.user_pools.values():
@@ -143,7 +143,7 @@ class CognitoIDP(AWSService):
f"{user_pool.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __describe_user_pool_clients__(self):
def _describe_user_pool_clients(self):
logger.info("Cognito - Describing User Pool Clients...")
try:
for user_pool in self.user_pools.values():
@@ -175,7 +175,7 @@ class CognitoIDP(AWSService):
f"{user_pool.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_user_pool_mfa_config__(self):
def _get_user_pool_mfa_config(self):
logger.info("Cognito - Getting User Pool MFA Configuration...")
try:
for user_pool in self.user_pools.values():
@@ -202,7 +202,7 @@ class CognitoIDP(AWSService):
f"{user_pool.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_user_pool_risk_configuration__(self):
def _get_user_pool_risk_configuration(self):
logger.info("Cognito - Getting User Pool Risk Configuration...")
try:
for user_pool in self.user_pools.values():
@@ -265,11 +265,11 @@ class CognitoIdentity(AWSService):
def __init__(self, provider):
super().__init__("cognito-identity", provider)
self.identity_pools = {}
self.__threading_call__(self.__list_identity_pools__)
self.__describe_identity_pools__()
self.__get_identity_pool_roles__()
self.__threading_call__(self._list_identity_pools)
self._describe_identity_pools()
self._get_identity_pool_roles()
def __list_identity_pools__(self, regional_client):
def _list_identity_pools(self, regional_client):
logger.info("Cognito - Listing Identity Pools...")
try:
identity_pools_paginator = regional_client.get_paginator(
@@ -297,7 +297,7 @@ class CognitoIdentity(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __describe_identity_pools__(self):
def _describe_identity_pools(self):
logger.info("Cognito - Describing Identity Pools...")
try:
for identity_pool in self.identity_pools.values():
@@ -325,7 +325,7 @@ class CognitoIdentity(AWSService):
f"{identity_pool.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_identity_pool_roles__(self):
def _get_identity_pool_roles(self):
logger.info("Cognito - Getting Identity Pool Roles...")
try:
for identity_pool in self.identity_pools.values():
@@ -8,7 +8,7 @@ class config_recorder_all_regions_enabled(Check):
for recorder in config_client.recorders:
report = Check_Report_AWS(self.metadata())
report.region = recorder.region
report.resource_arn = config_client.__get_recorder_arn_template__(
report.resource_arn = config_client._get_recorder_arn_template(
recorder.region
)
report.resource_id = (
@@ -13,12 +13,12 @@ class Config(AWSService):
# Call AWSService's __init__
super().__init__(__class__.__name__, provider)
self.recorders = []
self.__threading_call__(self.__describe_configuration_recorder_status__)
self.__threading_call__(self._describe_configuration_recorder_status)
def __get_recorder_arn_template__(self, region):
def _get_recorder_arn_template(self, region):
return f"arn:{self.audited_partition}:config:{region}:{self.audited_account}:recorder"
def __describe_configuration_recorder_status__(self, regional_client):
def _describe_configuration_recorder_status(self, regional_client):
logger.info("Config - Listing Recorders...")
try:
recorders = regional_client.describe_configuration_recorder_status()[
@@ -16,14 +16,14 @@ class DirectoryService(AWSService):
# Call AWSService's __init__
super().__init__("ds", provider)
self.directories = {}
self.__threading_call__(self.__describe_directories__)
self.__threading_call__(self.__list_log_subscriptions__)
self.__threading_call__(self.__describe_event_topics__)
self.__threading_call__(self.__list_certificates__)
self.__threading_call__(self.__get_snapshot_limits__)
self.__list_tags_for_resource__()
self.__threading_call__(self._describe_directories)
self.__threading_call__(self._list_log_subscriptions)
self.__threading_call__(self._describe_event_topics)
self.__threading_call__(self._list_certificates)
self.__threading_call__(self._get_snapshot_limits)
self._list_tags_for_resource()
def __describe_directories__(self, regional_client):
def _describe_directories(self, regional_client):
logger.info("DirectoryService - Describing Directories...")
try:
describe_fleets_paginator = regional_client.get_paginator(
@@ -71,7 +71,7 @@ class DirectoryService(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __list_log_subscriptions__(self, regional_client):
def _list_log_subscriptions(self, regional_client):
logger.info("DirectoryService - Listing Log Subscriptions...")
try:
for directory in self.directories.values():
@@ -101,7 +101,7 @@ class DirectoryService(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __describe_event_topics__(self, regional_client):
def _describe_event_topics(self, regional_client):
logger.info("DirectoryService - Describing Event Topics...")
try:
for directory in self.directories.values():
@@ -128,7 +128,7 @@ class DirectoryService(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __list_certificates__(self, regional_client):
def _list_certificates(self, regional_client):
logger.info("DirectoryService - Listing Certificates...")
try:
for directory in self.directories.values():
@@ -178,7 +178,7 @@ class DirectoryService(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_snapshot_limits__(self, regional_client):
def _get_snapshot_limits(self, regional_client):
logger.info("DirectoryService - Getting Snapshot Limits...")
try:
for directory in self.directories.values():
@@ -213,7 +213,7 @@ class DirectoryService(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __list_tags_for_resource__(self):
def _list_tags_for_resource(self):
logger.info("Directory Service - List Tags...")
try:
for directory in self.directories.values():
@@ -16,7 +16,7 @@ class dlm_ebs_snapshot_lifecycle_policy_exists(Check):
report.status_extended = "No EBS Snapshot lifecycle policies found."
report.region = region
report.resource_id = dlm_client.audited_account
report.resource_arn = dlm_client.__get_lifecycle_policy_arn_template__(
report.resource_arn = dlm_client._get_lifecycle_policy_arn_template(
region
)
if dlm_client.lifecycle_policies[region]:
@@ -10,14 +10,14 @@ class DLM(AWSService):
# Call AWSService's __init__
super().__init__(__class__.__name__, provider)
self.lifecycle_policies = {}
self.__threading_call__(self.__get_lifecycle_policies__)
self.__threading_call__(self._get_lifecycle_policies)
def __get_lifecycle_policy_arn_template__(self, region):
def _get_lifecycle_policy_arn_template(self, region):
return (
f"arn:{self.audited_partition}:dlm:{region}:{self.audited_account}:policy"
)
def __get_lifecycle_policies__(self, regional_client):
def _get_lifecycle_policies(self, regional_client):
logger.info("DLM - Getting EBS Snapshots Lifecycle Policies...")
try:
lifecycle_policies = regional_client.get_lifecycle_policies()
@@ -11,9 +11,9 @@ class DMS(AWSService):
# Call AWSService's __init__
super().__init__(__class__.__name__, provider)
self.instances = []
self.__threading_call__(self.__describe_replication_instances__)
self.__threading_call__(self._describe_replication_instances)
def __describe_replication_instances__(self, regional_client):
def _describe_replication_instances(self, regional_client):
logger.info("DMS - Describing DMS Replication Instances...")
try:
describe_replication_instances_paginator = regional_client.get_paginator(
@@ -11,9 +11,7 @@ class drs_job_exist(Check):
report.status_extended = "DRS is not enabled for this region."
report.region = drs.region
report.resource_tags = []
report.resource_arn = drs_client.__get_recovery_job_arn_template__(
drs.region
)
report.resource_arn = drs_client._get_recovery_job_arn_template(drs.region)
report.resource_id = drs_client.audited_account
if drs.status == "ENABLED":
report.status_extended = "DRS is enabled for this region without jobs."
@@ -12,12 +12,12 @@ class DRS(AWSService):
# Call AWSService's __init__
super().__init__(__class__.__name__, provider)
self.drs_services = []
self.__threading_call__(self.__describe_jobs__)
self.__threading_call__(self._describe_jobs)
def __get_recovery_job_arn_template__(self, region):
def _get_recovery_job_arn_template(self, region):
return f"arn:{self.audited_partition}:drs:{region}:{self.audited_account}:recovery-job"
def __describe_jobs__(self, regional_client):
def _describe_jobs(self, regional_client):
logger.info("DRS - Describe Jobs...")
try:
try:
@@ -15,13 +15,13 @@ class DynamoDB(AWSService):
# Call AWSService's __init__
super().__init__(__class__.__name__, provider)
self.tables = []
self.__threading_call__(self.__list_tables__)
self.__describe_table__()
self.__describe_continuous_backups__()
self.__get_resource_policy__()
self.__list_tags_for_resource__()
self.__threading_call__(self._list_tables)
self._describe_table()
self._describe_continuous_backups()
self._get_resource_policy()
self._list_tags_for_resource()
def __list_tables__(self, regional_client):
def _list_tables(self, regional_client):
logger.info("DynamoDB - Listing tables...")
try:
list_tables_paginator = regional_client.get_paginator("list_tables")
@@ -45,7 +45,7 @@ class DynamoDB(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __describe_table__(self):
def _describe_table(self):
logger.info("DynamoDB - Describing Table...")
try:
for table in self.tables:
@@ -63,7 +63,7 @@ class DynamoDB(AWSService):
f"{error.__class__.__name__}:{error.__traceback__.tb_lineno} -- {error}"
)
def __describe_continuous_backups__(self):
def _describe_continuous_backups(self):
logger.info("DynamoDB - Describing Continuous Backups...")
try:
for table in self.tables:
@@ -95,7 +95,7 @@ class DynamoDB(AWSService):
f"{error.__class__.__name__}:{error.__traceback__.tb_lineno} -- {error}"
)
def __get_resource_policy__(self):
def _get_resource_policy(self):
logger.info("DynamoDB - Get Resource Policy...")
try:
for table in self.tables:
@@ -124,7 +124,7 @@ class DynamoDB(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __list_tags_for_resource__(self):
def _list_tags_for_resource(self):
logger.info("DynamoDB - List Tags...")
try:
for table in self.tables:
@@ -156,10 +156,10 @@ class DAX(AWSService):
# Call AWSService's __init__
super().__init__(__class__.__name__, provider)
self.clusters = []
self.__threading_call__(self.__describe_clusters__)
self.__list_tags_for_resource__()
self.__threading_call__(self._describe_clusters)
self._list_tags_for_resource()
def __describe_clusters__(self, regional_client):
def _describe_clusters(self, regional_client):
logger.info("DynamoDB DAX - Describing clusters...")
try:
describe_clusters_paginator = regional_client.get_paginator(
@@ -189,7 +189,7 @@ class DAX(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __list_tags_for_resource__(self):
def _list_tags_for_resource(self):
logger.info("DAX - List Tags...")
for cluster in self.clusters:
try:
@@ -9,7 +9,7 @@ class ec2_ebs_default_encryption(Check):
if ebs_encryption.volumes or ec2_client.provider.scan_unused_services:
report = Check_Report_AWS(self.metadata())
report.region = ebs_encryption.region
report.resource_arn = ec2_client.__get_volume_arn_template__(
report.resource_arn = ec2_client._get_volume_arn_template(
ebs_encryption.region
)
report.resource_id = ec2_client.audited_account
@@ -16,50 +16,50 @@ class EC2(AWSService):
super().__init__(__class__.__name__, provider)
self.account_arn_template = f"arn:{self.audited_partition}:ec2:{self.region}:{self.audited_account}:account"
self.instances = []
self.__threading_call__(self.__describe_instances__)
self.__threading_call__(self.__get_instance_user_data__, self.instances)
self.__threading_call__(self._describe_instances)
self.__threading_call__(self._get_instance_user_data, self.instances)
self.security_groups = {}
self.regions_with_sgs = []
self.__threading_call__(self.__describe_security_groups__)
self.__threading_call__(self._describe_security_groups)
self.network_acls = []
self.__threading_call__(self.__describe_network_acls__)
self.__threading_call__(self._describe_network_acls)
self.snapshots = []
self.volumes_with_snapshots = {}
self.regions_with_snapshots = {}
self.__threading_call__(self.__describe_snapshots__)
self.__threading_call__(self.__determine_public_snapshots__, self.snapshots)
self.__threading_call__(self._describe_snapshots)
self.__threading_call__(self._determine_public_snapshots, self.snapshots)
self.network_interfaces = []
self.__threading_call__(self.__describe_network_interfaces__)
self.__threading_call__(self._describe_network_interfaces)
self.images = []
self.__threading_call__(self.__describe_images__)
self.__threading_call__(self._describe_images)
self.volumes = []
self.__threading_call__(self.__describe_volumes__)
self.__threading_call__(self._describe_volumes)
self.attributes_for_regions = {}
self.__threading_call__(self.__get_resources_for_regions__)
self.__threading_call__(self._get_resources_for_regions)
self.ebs_encryption_by_default = []
self.__threading_call__(self.__get_ebs_encryption_settings__)
self.__threading_call__(self._get_ebs_encryption_settings)
self.elastic_ips = []
self.__threading_call__(self.__describe_ec2_addresses__)
self.__threading_call__(self._describe_ec2_addresses)
self.ebs_block_public_access_snapshots_states = []
self.__threading_call__(self.__get_snapshot_block_public_access_state__)
self.__threading_call__(self._get_snapshot_block_public_access_state)
self.instance_metadata_defaults = []
self.__threading_call__(self.__get_instance_metadata_defaults__)
self.__threading_call__(self._get_instance_metadata_defaults)
self.launch_templates = []
self.__threading_call__(self.__describe_launch_templates)
self.__threading_call__(self._describe_launch_templates)
self.__threading_call__(
self.__get_launch_template_versions__, self.launch_templates
self._get_launch_template_versions, self.launch_templates
)
self.vpn_endpoints = {}
self.__threading_call__(self._describe_vpn_endpoints)
self.transit_gateways = {}
self.__threading_call__(self._describe_transit_gateways)
def __get_volume_arn_template__(self, region):
def _get_volume_arn_template(self, region):
return (
f"arn:{self.audited_partition}:ec2:{region}:{self.audited_account}:volume"
)
def __describe_instances__(self, regional_client):
def _describe_instances(self, regional_client):
try:
describe_instances_paginator = regional_client.get_paginator(
"describe_instances"
@@ -107,7 +107,7 @@ class EC2(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __describe_security_groups__(self, regional_client):
def _describe_security_groups(self, regional_client):
try:
describe_security_groups_paginator = regional_client.get_paginator(
"describe_security_groups"
@@ -141,7 +141,7 @@ class EC2(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __describe_network_acls__(self, regional_client):
def _describe_network_acls(self, regional_client):
try:
describe_network_acls_paginator = regional_client.get_paginator(
"describe_network_acls"
@@ -171,7 +171,7 @@ class EC2(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __describe_snapshots__(self, regional_client):
def _describe_snapshots(self, regional_client):
try:
snapshots_in_region = False
describe_snapshots_paginator = regional_client.get_paginator(
@@ -204,7 +204,7 @@ class EC2(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __determine_public_snapshots__(self, snapshot):
def _determine_public_snapshots(self, snapshot):
try:
regional_client = self.regional_clients[snapshot.region]
snapshot_public = regional_client.describe_snapshot_attribute(
@@ -227,7 +227,7 @@ class EC2(AWSService):
f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __describe_network_interfaces__(self, regional_client):
def _describe_network_interfaces(self, regional_client):
try:
# Get Network Interfaces with Public IPs
describe_network_interfaces_paginator = regional_client.get_paginator(
@@ -254,7 +254,7 @@ class EC2(AWSService):
# 'GroupName': 'default',
# },
# ],
self.__add_network_interfaces_to_security_groups__(
self._add_network_interfaces_to_security_groups(
eni, interface.get("Groups", [])
)
@@ -263,7 +263,7 @@ class EC2(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __add_network_interfaces_to_security_groups__(
def _add_network_interfaces_to_security_groups(
self, interface, interface_security_groups
):
try:
@@ -276,7 +276,7 @@ class EC2(AWSService):
f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_instance_user_data__(self, instance):
def _get_instance_user_data(self, instance):
try:
regional_client = self.regional_clients[instance.region]
user_data = regional_client.describe_instance_attribute(
@@ -294,7 +294,7 @@ class EC2(AWSService):
f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __describe_images__(self, regional_client):
def _describe_images(self, regional_client):
try:
for image in regional_client.describe_images(Owners=["self"])["Images"]:
arn = f"arn:{self.audited_partition}:ec2:{regional_client.region}:{self.audited_account}:image/{image['ImageId']}"
@@ -316,7 +316,7 @@ class EC2(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __describe_volumes__(self, regional_client):
def _describe_volumes(self, regional_client):
try:
describe_volumes_paginator = regional_client.get_paginator(
"describe_volumes"
@@ -341,7 +341,7 @@ class EC2(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __describe_ec2_addresses__(self, regional_client):
def _describe_ec2_addresses(self, regional_client):
try:
for address in regional_client.describe_addresses()["Addresses"]:
public_ip = None
@@ -372,7 +372,7 @@ class EC2(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_ebs_encryption_settings__(self, regional_client):
def _get_ebs_encryption_settings(self, regional_client):
try:
volumes_in_region = self.attributes_for_regions.get(
regional_client.region, []
@@ -392,7 +392,7 @@ class EC2(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_snapshot_block_public_access_state__(self, regional_client):
def _get_snapshot_block_public_access_state(self, regional_client):
try:
snapshots_in_region = self.attributes_for_regions.get(
regional_client.region, []
@@ -412,7 +412,7 @@ class EC2(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_instance_metadata_defaults__(self, regional_client):
def _get_instance_metadata_defaults(self, regional_client):
try:
instances_in_region = self.attributes_for_regions.get(
regional_client.region, []
@@ -432,7 +432,7 @@ class EC2(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_resources_for_regions__(self, regional_client):
def _get_resources_for_regions(self, regional_client):
try:
has_instances = False
for instance in self.instances:
@@ -459,7 +459,7 @@ class EC2(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __describe_launch_templates(self, regional_client):
def _describe_launch_templates(self, regional_client):
try:
describe_launch_templates_paginator = regional_client.get_paginator(
"describe_launch_templates"
@@ -486,7 +486,7 @@ class EC2(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_launch_template_versions__(self, launch_template):
def _get_launch_template_versions(self, launch_template):
try:
regional_client = self.regional_clients[launch_template.region]
describe_launch_template_versions_paginator = regional_client.get_paginator(
@@ -14,10 +14,10 @@ class ECS(AWSService):
# Call AWSService's __init__
super().__init__(__class__.__name__, provider)
self.task_definitions = []
self.__threading_call__(self.__list_task_definitions__)
self.__describe_task_definition__()
self.__threading_call__(self._list_task_definitions)
self._describe_task_definition()
def __list_task_definitions__(self, regional_client):
def _list_task_definitions(self, regional_client):
logger.info("ECS - Listing Task Definitions...")
try:
list_ecs_paginator = regional_client.get_paginator("list_task_definitions")
@@ -41,7 +41,7 @@ class ECS(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __describe_task_definition__(self):
def _describe_task_definition(self):
logger.info("ECS - Describing Task Definitions...")
try:
for task_definition in self.task_definitions:
@@ -15,10 +15,10 @@ class EFS(AWSService):
# Call AWSService's __init__
super().__init__(__class__.__name__, provider)
self.filesystems = []
self.__threading_call__(self.__describe_file_systems__)
self.__describe_file_system_policies__()
self.__threading_call__(self._describe_file_systems)
self._describe_file_system_policies()
def __describe_file_systems__(self, regional_client):
def _describe_file_systems(self, regional_client):
logger.info("EFS - Describing file systems...")
try:
describe_efs_paginator = regional_client.get_paginator(
@@ -47,7 +47,7 @@ class EFS(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __describe_file_system_policies__(self):
def _describe_file_system_policies(self):
logger.info("EFS - Describing file system policies...")
try:
for filesystem in self.filesystems:
@@ -13,10 +13,10 @@ class EKS(AWSService):
# Call AWSService's __init__
super().__init__(__class__.__name__, provider)
self.clusters = []
self.__threading_call__(self.__list_clusters__)
self.__describe_cluster__(self.regional_clients)
self.__threading_call__(self._list_clusters)
self._describe_cluster(self.regional_clients)
def __list_clusters__(self, regional_client):
def _list_clusters(self, regional_client):
logger.info("EKS listing clusters...")
try:
list_clusters_paginator = regional_client.get_paginator("list_clusters")
@@ -39,7 +39,7 @@ class EKS(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __describe_cluster__(self, regional_clients):
def _describe_cluster(self, regional_clients):
logger.info("EKS listing clusters...")
try:
for cluster in self.clusters:
@@ -9,7 +9,7 @@ class emr_cluster_account_public_block_enabled(Check):
report = Check_Report_AWS(self.metadata())
report.region = region
report.resource_id = emr_client.audited_account
report.resource_arn = emr_client.__get_cluster_arn_template__(region)
report.resource_arn = emr_client._get_cluster_arn_template(region)
if emr_client.block_public_access_configuration[
region
].block_public_security_group_rules:
@@ -16,14 +16,14 @@ class EMR(AWSService):
super().__init__(__class__.__name__, provider)
self.clusters = {}
self.block_public_access_configuration = {}
self.__threading_call__(self.__list_clusters__)
self.__threading_call__(self.__describe_cluster__)
self.__threading_call__(self.__get_block_public_access_configuration__)
self.__threading_call__(self._list_clusters)
self.__threading_call__(self._describe_cluster)
self.__threading_call__(self._get_block_public_access_configuration)
def __get_cluster_arn_template__(self, region):
def _get_cluster_arn_template(self, region):
return f"arn:{self.audited_partition}:elasticmapreduce:{region}:{self.audited_account}:cluster"
def __list_clusters__(self, regional_client):
def _list_clusters(self, regional_client):
logger.info("EMR - Listing Clusters...")
try:
list_clusters_paginator = regional_client.get_paginator("list_clusters")
@@ -54,7 +54,7 @@ class EMR(AWSService):
f" {error}"
)
def __describe_cluster__(self, regional_client):
def _describe_cluster(self, regional_client):
logger.info("EMR - Describing Clusters...")
try:
for cluster in self.clusters.values():
@@ -131,7 +131,7 @@ class EMR(AWSService):
f" {error}"
)
def __get_block_public_access_configuration__(self, regional_client):
def _get_block_public_access_configuration(self, regional_client):
"""Returns the Amazon EMR block public access configuration for your Amazon Web Services account in the current Region."""
logger.info("EMR - Getting Block Public Access Configuration...")
try:
@@ -15,11 +15,11 @@ class EventBridge(AWSService):
# Call AWSService's __init__
super().__init__("events", provider)
self.buses = {}
self.__threading_call__(self.__list_event_buses__)
self.__threading_call__(self.__describe_event_bus__)
self.__list_tags_for_resource__()
self.__threading_call__(self._list_event_buses)
self.__threading_call__(self._describe_event_bus)
self._list_tags_for_resource()
def __list_event_buses__(self, regional_client):
def _list_event_buses(self, regional_client):
logger.info("EventBridge - Listing Event Buses...")
try:
for bus in regional_client.list_event_buses()["EventBuses"]:
@@ -37,7 +37,7 @@ class EventBridge(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __describe_event_bus__(self, regional_client):
def _describe_event_bus(self, regional_client):
logger.info("EventBridge - Describing Event Buses...")
try:
for bus in self.buses.values():
@@ -55,7 +55,7 @@ class EventBridge(AWSService):
f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __list_tags_for_resource__(self):
def _list_tags_for_resource(self):
logger.info("EventBridge - Listing Tags...")
try:
for bus in self.buses.values():
@@ -98,10 +98,10 @@ class Schema(AWSService):
# Call AWSService's __init__
super().__init__("schemas", provider)
self.registries = {}
self.__threading_call__(self.__list_registries__)
self.__threading_call__(self.__get_resource_policy__)
self.__threading_call__(self._list_registries)
self.__threading_call__(self._get_resource_policy)
def __list_registries__(self, regional_client):
def _list_registries(self, regional_client):
logger.info("EventBridge - Listing Schema Registries...")
try:
for registry in regional_client.list_registries()["Registries"]:
@@ -123,7 +123,7 @@ class Schema(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_resource_policy__(self, regional_client):
def _get_resource_policy(self, regional_client):
logger.info("EventBridge - Getting Registry Resource Policy...")
try:
for registry in self.registries.values():
@@ -14,10 +14,10 @@ class FMS(AWSService):
self.policy_arn_template = f"arn:{self.audited_partition}:fms:{self.region}:{self.audited_account}:policy"
self.fms_admin_account = True
self.fms_policies = []
self.__list_policies__()
self.__list_compliance_status__()
self._list_policies()
self._list_compliance_status()
def __list_policies__(self):
def _list_policies(self):
logger.info("FMS - Listing Policies...")
try:
list_policies_paginator = self.client.get_paginator("list_policies")
@@ -64,7 +64,7 @@ class FMS(AWSService):
f"{error.__class__.__name__}:{error.__traceback__.tb_lineno} -- {error}"
)
def __list_compliance_status__(self):
def _list_compliance_status(self):
logger.info("FMS - Listing Policies...")
try:
for fms_policy in self.fms_policies:
@@ -15,11 +15,11 @@ class Glacier(AWSService):
# Call AWSService's __init__
super().__init__(__class__.__name__, provider)
self.vaults = {}
self.__threading_call__(self.__list_vaults__)
self.__threading_call__(self.__get_vault_access_policy__)
self.__list_tags_for_vault__()
self.__threading_call__(self._list_vaults)
self.__threading_call__(self._get_vault_access_policy)
self._list_tags_for_vault()
def __list_vaults__(self, regional_client):
def _list_vaults(self, regional_client):
logger.info("Glacier - Listing Vaults...")
try:
list_vaults_paginator = regional_client.get_paginator("list_vaults")
@@ -44,7 +44,7 @@ class Glacier(AWSService):
f" {error}"
)
def __get_vault_access_policy__(self, regional_client):
def _get_vault_access_policy(self, regional_client):
logger.info("Glacier - Getting Vault Access Policy...")
try:
for vault in self.vaults.values():
@@ -66,7 +66,7 @@ class Glacier(AWSService):
f" {error}"
)
def __list_tags_for_vault__(self):
def _list_tags_for_vault(self):
logger.info("Glacier - List Tags...")
try:
for vault in self.vaults.values():
@@ -17,9 +17,9 @@ class GlobalAccelerator(AWSService):
# That is, for example, specify --region us-west-2 on AWS CLI commands.
self.region = "us-west-2"
self.client = self.session.client(self.service, self.region)
self.__list_accelerators__()
self._list_accelerators()
def __list_accelerators__(self):
def _list_accelerators(self):
logger.info("GlobalAccelerator - Listing Accelerators...")
try:
list_accelerators_paginator = self.client.get_paginator("list_accelerators")
@@ -10,7 +10,7 @@ class glue_data_catalogs_connection_passwords_encryption_enabled(Check):
if encryption.tables or glue_client.provider.scan_unused_services:
report = Check_Report_AWS(self.metadata())
report.resource_id = glue_client.audited_account
report.resource_arn = glue_client.__get_data_catalog_arn_template__(
report.resource_arn = glue_client._get_data_catalog_arn_template(
encryption.region
)
report.region = encryption.region
@@ -10,7 +10,7 @@ class glue_data_catalogs_metadata_encryption_enabled(Check):
if encryption.tables or glue_client.provider.scan_unused_services:
report = Check_Report_AWS(self.metadata())
report.resource_id = glue_client.audited_account
report.resource_arn = glue_client.__get_data_catalog_arn_template__(
report.resource_arn = glue_client._get_data_catalog_arn_template(
encryption.region
)
report.region = encryption.region
@@ -14,22 +14,22 @@ class Glue(AWSService):
# Call AWSService's __init__
super().__init__(__class__.__name__, provider)
self.connections = []
self.__threading_call__(self.__get_connections__)
self.__threading_call__(self._get_connections)
self.tables = []
self.__threading_call__(self.__search_tables__)
self.__threading_call__(self._search_tables)
self.catalog_encryption_settings = []
self.__threading_call__(self.__get_data_catalog_encryption_settings__)
self.__threading_call__(self._get_data_catalog_encryption_settings)
self.dev_endpoints = []
self.__threading_call__(self.__get_dev_endpoints__)
self.__threading_call__(self._get_dev_endpoints)
self.security_configs = []
self.__threading_call__(self.__get_security_configurations__)
self.__threading_call__(self._get_security_configurations)
self.jobs = []
self.__threading_call__(self.__get_jobs__)
self.__threading_call__(self._get_jobs)
def __get_data_catalog_arn_template__(self, region):
def _get_data_catalog_arn_template(self, region):
return f"arn:{self.audited_partition}:glue:{region}:{self.audited_account}:data-catalog"
def __get_connections__(self, regional_client):
def _get_connections(self, regional_client):
logger.info("Glue - Getting connections...")
try:
get_connections_paginator = regional_client.get_paginator("get_connections")
@@ -53,7 +53,7 @@ class Glue(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_dev_endpoints__(self, regional_client):
def _get_dev_endpoints(self, regional_client):
logger.info("Glue - Getting dev endpoints...")
try:
get_dev_endpoints_paginator = regional_client.get_paginator(
@@ -90,7 +90,7 @@ class Glue(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_jobs__(self, regional_client):
def _get_jobs(self, regional_client):
logger.info("Glue - Getting jobs...")
try:
get_jobs_paginator = regional_client.get_paginator("get_jobs")
@@ -114,7 +114,7 @@ class Glue(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_security_configurations__(self, regional_client):
def _get_security_configurations(self, regional_client):
logger.info("Glue - Getting security configs...")
try:
get_security_configurations_paginator = regional_client.get_paginator(
@@ -154,7 +154,7 @@ class Glue(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __search_tables__(self, regional_client):
def _search_tables(self, regional_client):
logger.info("Glue - Search Tables...")
try:
for table in regional_client.search_tables()["TableList"]:
@@ -176,7 +176,7 @@ class Glue(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_data_catalog_encryption_settings__(self, regional_client):
def _get_data_catalog_encryption_settings(self, regional_client):
logger.info("Glue - Catalog Encryption Settings...")
try:
settings = regional_client.get_data_catalog_encryption_settings()[
@@ -13,14 +13,14 @@ class GuardDuty(AWSService):
# Call AWSService's __init__
super().__init__(__class__.__name__, provider)
self.detectors = []
self.__threading_call__(self.__list_detectors__)
self.__get_detector__()
self.__list_findings__()
self.__list_members__()
self.__get_administrator_account__()
self.__list_tags_for_resource__()
self.__threading_call__(self._list_detectors)
self._get_detector()
self._list_findings()
self._list_members()
self._get_administrator_account()
self._list_tags_for_resource()
def __list_detectors__(self, regional_client):
def _list_detectors(self, regional_client):
logger.info("GuardDuty - listing detectors...")
try:
detectors = False
@@ -51,7 +51,7 @@ class GuardDuty(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_detector__(self):
def _get_detector(self):
logger.info("GuardDuty - getting detector info...")
try:
for detector in self.detectors:
@@ -75,7 +75,7 @@ class GuardDuty(AWSService):
f"{error.__class__.__name__}:{error.__traceback__.tb_lineno} -- {error}"
)
def __get_administrator_account__(self):
def _get_administrator_account(self):
logger.info("GuardDuty - getting administrator account...")
try:
for detector in self.detectors:
@@ -105,7 +105,7 @@ class GuardDuty(AWSService):
f"{error.__class__.__name__}:{error.__traceback__.tb_lineno} -- {error}"
)
def __list_members__(self):
def _list_members(self):
logger.info("GuardDuty - listing members...")
try:
for detector in self.detectors:
@@ -130,7 +130,7 @@ class GuardDuty(AWSService):
f"{error.__class__.__name__}:{error.__traceback__.tb_lineno} -- {error}"
)
def __list_findings__(self):
def _list_findings(self):
logger.info("GuardDuty - listing findings...")
try:
for detector in self.detectors:
@@ -164,7 +164,7 @@ class GuardDuty(AWSService):
f"{error.__class__.__name__}:{error.__traceback__.tb_lineno} -- {error}"
)
def __list_tags_for_resource__(self):
def _list_tags_for_resource(self):
logger.info("Guardduty - List Tags...")
try:
for detector in self.detectors:
@@ -57,50 +57,50 @@ class IAM(AWSService):
self.mfa_arn_template = (
f"arn:{self.audited_partition}:iam:{self.region}:{self.audited_account}:mfa"
)
self.users = self.__get_users__()
self.roles = self.__get_roles__()
self.account_summary = self.__get_account_summary__()
self.virtual_mfa_devices = self.__list_virtual_mfa_devices__()
self.credential_report = self.__get_credential_report__()
self.groups = self.__get_groups__()
self.__get_group_users__()
self.__list_attached_group_policies__()
self.__list_attached_user_policies__()
self.__list_attached_role_policies__()
self.__list_mfa_devices__()
self.password_policy = self.__get_password_policy__()
self.users = self._get_users()
self.roles = self._get_roles()
self.account_summary = self._get_account_summary()
self.virtual_mfa_devices = self._list_virtual_mfa_devices()
self.credential_report = self._get_credential_report()
self.groups = self._get_groups()
self._get_group_users()
self._list_attached_group_policies()
self._list_attached_user_policies()
self._list_attached_role_policies()
self._list_mfa_devices()
self.password_policy = self._get_password_policy()
support_policy_arn = (
"arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy"
)
self.entities_role_attached_to_support_policy = (
self.__list_entities_role_for_policy__(support_policy_arn)
self._list_entities_role_for_policy(support_policy_arn)
)
securityaudit_policy_arn = "arn:aws:iam::aws:policy/SecurityAudit"
self.entities_role_attached_to_securityaudit_policy = (
self.__list_entities_role_for_policy__(securityaudit_policy_arn)
self._list_entities_role_for_policy(securityaudit_policy_arn)
)
# List both Customer (attached and unattached) and AWS Managed (only attached) policies
self.policies = []
self.policies.extend(self.__list_policies__("AWS"))
self.policies.extend(self.__list_policies__("Local"))
self.__list_policies_version__(self.policies)
self.__list_inline_user_policies__()
self.__list_inline_group_policies__()
self.__list_inline_role_policies__()
self.saml_providers = self.__list_saml_providers__()
self.server_certificates = self.__list_server_certificates__()
self.__list_tags_for_resource__()
self.policies.extend(self._list_policies("AWS"))
self.policies.extend(self._list_policies("Local"))
self._list_policies_version(self.policies)
self._list_inline_user_policies()
self._list_inline_group_policies()
self._list_inline_role_policies()
self.saml_providers = self._list_saml_providers()
self.server_certificates = self._list_server_certificates()
self._list_tags_for_resource()
self.access_keys_metadata = {}
self.__get_access_keys_metadata__()
self._get_access_keys_metadata()
self.last_accessed_services = {}
self.__get_last_accessed_services__()
self._get_last_accessed_services()
self.user_temporary_credentials_usage = {}
self.__get_user_temporary_credentials_usage__()
self._get_user_temporary_credentials_usage()
def __get_client__(self):
def _get_client(self):
return self.client
def __get_roles__(self):
def _get_roles(self):
logger.info("IAM - List Roles...")
try:
roles = []
@@ -135,7 +135,7 @@ class IAM(AWSService):
finally:
return roles
def __get_credential_report__(self):
def _get_credential_report(self):
logger.info("IAM - Get Credential Report...")
report_is_completed = False
credential_list = []
@@ -168,7 +168,7 @@ class IAM(AWSService):
finally:
return credential_list
def __get_groups__(self):
def _get_groups(self):
logger.info("IAM - Get Groups...")
try:
groups = []
@@ -187,7 +187,7 @@ class IAM(AWSService):
finally:
return groups
def __get_account_summary__(self):
def _get_account_summary(self):
logger.info("IAM - Get Account Summary...")
try:
account_summary = self.client.get_account_summary()
@@ -199,7 +199,7 @@ class IAM(AWSService):
finally:
return account_summary
def __get_password_policy__(self):
def _get_password_policy(self):
logger.info("IAM - Get Password Policy...")
try:
stored_password_policy = None
@@ -267,7 +267,7 @@ class IAM(AWSService):
finally:
return stored_password_policy
def __get_users__(self):
def _get_users(self):
logger.info("IAM - List Users...")
try:
get_users_paginator = self.client.get_paginator("list_users")
@@ -304,7 +304,7 @@ class IAM(AWSService):
finally:
return users
def __list_virtual_mfa_devices__(self):
def _list_virtual_mfa_devices(self):
logger.info("IAM - List Virtual MFA Devices...")
try:
mfa_devices = []
@@ -322,7 +322,7 @@ class IAM(AWSService):
finally:
return mfa_devices
def __list_attached_group_policies__(self):
def _list_attached_group_policies(self):
logger.info("IAM - List Attached Group Policies...")
try:
for group in self.groups:
@@ -347,7 +347,7 @@ class IAM(AWSService):
f"{self.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_group_users__(self):
def _get_group_users(self):
logger.info("IAM - Get Group Users...")
try:
for group in self.groups:
@@ -373,7 +373,7 @@ class IAM(AWSService):
f"{self.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __list_mfa_devices__(self):
def _list_mfa_devices(self):
logger.info("IAM - List MFA Devices...")
try:
for user in self.users:
@@ -397,7 +397,7 @@ class IAM(AWSService):
f"{self.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __list_attached_user_policies__(self):
def _list_attached_user_policies(self):
logger.info("IAM - List Attached User Policies...")
try:
for user in self.users:
@@ -433,7 +433,7 @@ class IAM(AWSService):
f"{self.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __list_attached_role_policies__(self):
def _list_attached_role_policies(self):
logger.info("IAM - List Attached User Policies...")
try:
if self.roles:
@@ -470,7 +470,7 @@ class IAM(AWSService):
f"{self.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __list_inline_user_policies__(self):
def _list_inline_user_policies(self):
logger.info("IAM - List Inline User Policies...")
for user in self.users:
try:
@@ -528,7 +528,7 @@ class IAM(AWSService):
f"{self.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __list_inline_group_policies__(self):
def _list_inline_group_policies(self):
logger.info("IAM - List Inline Group Policies...")
for group in self.groups:
try:
@@ -588,7 +588,7 @@ class IAM(AWSService):
f"{self.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __list_inline_role_policies__(self):
def _list_inline_role_policies(self):
logger.info("IAM - List Inline Role Policies...")
if self.roles:
for role in self.roles:
@@ -651,7 +651,7 @@ class IAM(AWSService):
f"{self.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __list_entities_role_for_policy__(self, policy_arn):
def _list_entities_role_for_policy(self, policy_arn):
logger.info("IAM - List Entities Role For Policy...")
try:
roles = []
@@ -676,7 +676,7 @@ class IAM(AWSService):
finally:
return roles
def __list_policies__(self, scope):
def _list_policies(self, scope):
logger.info("IAM - List Policies...")
try:
policies = []
@@ -707,7 +707,7 @@ class IAM(AWSService):
finally:
return policies
def __list_policies_version__(self, policies):
def _list_policies_version(self, policies):
logger.info("IAM - List Policies Version...")
try:
for policy in policies:
@@ -731,7 +731,7 @@ class IAM(AWSService):
f"{self.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __list_saml_providers__(self):
def _list_saml_providers(self):
logger.info("IAM - List SAML Providers...")
try:
saml_providers = self.client.list_saml_providers()["SAMLProviderList"]
@@ -743,7 +743,7 @@ class IAM(AWSService):
finally:
return saml_providers
def __list_server_certificates__(self):
def _list_server_certificates(self):
logger.info("IAM - List Server Certificates...")
try:
server_certificates = []
@@ -768,7 +768,7 @@ class IAM(AWSService):
finally:
return server_certificates
def __list_tags_for_resource__(self):
def _list_tags_for_resource(self):
logger.info("IAM - List Tags...")
try:
if self.roles:
@@ -838,7 +838,7 @@ class IAM(AWSService):
f"{self.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_last_accessed_services__(self):
def _get_last_accessed_services(self):
logger.info("IAM - Getting Last Accessed Services ...")
try:
for user in self.users:
@@ -876,7 +876,7 @@ class IAM(AWSService):
f"{self.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_access_keys_metadata__(self):
def _get_access_keys_metadata(self):
logger.info("IAM - Getting Access Keys Metadata ...")
try:
for user in self.users:
@@ -905,7 +905,7 @@ class IAM(AWSService):
f"{self.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_user_temporary_credentials_usage__(self):
def _get_user_temporary_credentials_usage(self):
logger.info("IAM - Getting User Temporary Credentials Usage ...")
try:
temporary_credentials_usage = False
@@ -10,10 +10,10 @@ class Inspector2(AWSService):
# Call AWSService's __init__
super().__init__(__class__.__name__, provider)
self.inspectors = []
self.__threading_call__(self.__batch_get_account_status__)
self.__threading_call__(self.__list_active_findings__, self.inspectors)
self.__threading_call__(self._batch_get_account_status)
self.__threading_call__(self._list_active_findings, self.inspectors)
def __batch_get_account_status__(self, regional_client):
def _batch_get_account_status(self, regional_client):
# We use this function to check if inspector2 is enabled
logger.info("Inspector2 - Getting account status...")
try:
@@ -33,7 +33,7 @@ class Inspector2(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __list_active_findings__(self, inspector):
def _list_active_findings(self, inspector):
logger.info("Inspector2 - Listing active findings...")
try:
regional_client = self.regional_clients[inspector.region]
@@ -10,11 +10,11 @@ class Kafka(AWSService):
super().__init__(__class__.__name__, provider)
self.account_arn_template = f"arn:{self.audited_partition}:kafka:{self.region}:{self.audited_account}:cluster"
self.clusters = {}
self.__threading_call__(self.__list_clusters__)
self.__threading_call__(self._list_clusters)
self.kafka_versions = []
self.__threading_call__(self.__list_kafka_versions__)
self.__threading_call__(self._list_kafka_versions)
def __list_clusters__(self, regional_client):
def _list_clusters(self, regional_client):
try:
cluster_paginator = regional_client.get_paginator("list_clusters")
@@ -70,7 +70,7 @@ class Kafka(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __list_kafka_versions__(self, regional_client):
def _list_kafka_versions(self, regional_client):
try:
kafka_versions_paginator = regional_client.get_paginator(
"list_kafka_versions"
@@ -14,14 +14,14 @@ class KMS(AWSService):
# Call AWSService's __init__
super().__init__(__class__.__name__, provider)
self.keys = []
self.__threading_call__(self.__list_keys__)
self.__threading_call__(self._list_keys)
if self.keys:
self.__describe_key__()
self.__get_key_rotation_status__()
self.__get_key_policy__()
self.__list_resource_tags__()
self._describe_key()
self._get_key_rotation_status()
self._get_key_policy()
self._list_resource_tags()
def __list_keys__(self, regional_client):
def _list_keys(self, regional_client):
logger.info("KMS - Listing Keys...")
try:
list_keys_paginator = regional_client.get_paginator("list_keys")
@@ -42,7 +42,7 @@ class KMS(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}:{error.__traceback__.tb_lineno} -- {error}"
)
def __describe_key__(self):
def _describe_key(self):
logger.info("KMS - Describing Key...")
try:
for key in self.keys:
@@ -57,7 +57,7 @@ class KMS(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}:{error.__traceback__.tb_lineno} -- {error}"
)
def __get_key_rotation_status__(self):
def _get_key_rotation_status(self):
logger.info("KMS - Get Key Rotation Status...")
try:
for key in self.keys:
@@ -76,7 +76,7 @@ class KMS(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}:{error.__traceback__.tb_lineno} -- {error}"
)
def __get_key_policy__(self):
def _get_key_policy(self):
logger.info("KMS - Get Key Policy...")
try:
for key in self.keys:
@@ -94,7 +94,7 @@ class KMS(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}:{error.__traceback__.tb_lineno} -- {error}"
)
def __list_resource_tags__(self):
def _list_resource_tags(self):
logger.info("KMS - List Tags...")
for key in self.keys:
if (
@@ -11,13 +11,13 @@ class Lightsail(AWSService):
def __init__(self, provider):
super().__init__(__class__.__name__, provider)
self.instances = {}
self.__threading_call__(self.__get_instances__)
self.__threading_call__(self._get_instances)
self.databases = {}
self.__threading_call__(self.__get_databases__)
self.__threading_call__(self._get_databases)
self.static_ips = {}
self.__threading_call__(self.__get_static_ips__)
self.__threading_call__(self._get_static_ips)
def __get_instances__(self, regional_client):
def _get_instances(self, regional_client):
logger.info("Lightsail - Getting instances...")
try:
instance_paginator = regional_client.get_paginator("get_instances")
@@ -87,7 +87,7 @@ class Lightsail(AWSService):
f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_databases__(self, regional_client):
def _get_databases(self, regional_client):
logger.info("Lightsail - Getting databases...")
try:
databases_paginator = regional_client.get_paginator(
@@ -125,7 +125,7 @@ class Lightsail(AWSService):
f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_static_ips__(self, regional_client):
def _get_static_ips(self, regional_client):
logger.info("Lightsail - Getting static IPs...")
try:
static_ips_paginator = regional_client.get_paginator("get_static_ips")
@@ -9,9 +9,7 @@ class macie_is_enabled(Check):
for session in macie_client.sessions:
report = Check_Report_AWS(self.metadata())
report.region = session.region
report.resource_arn = macie_client.__get_session_arn_template__(
session.region
)
report.resource_arn = macie_client._get_session_arn_template(session.region)
report.resource_id = macie_client.audited_account
if session.status == "ENABLED":
report.status = "PASS"
@@ -10,12 +10,12 @@ class Macie(AWSService):
# Call AWSService's __init__
super().__init__("macie2", provider)
self.sessions = []
self.__threading_call__(self.__get_macie_session__)
self.__threading_call__(self._get_macie_session)
def __get_session_arn_template__(self, region):
def _get_session_arn_template(self, region):
return f"arn:{self.audited_partition}:macie:{region}:{self.audited_account}:session"
def __get_macie_session__(self, regional_client):
def _get_macie_session(self, regional_client):
logger.info("Macie - Get Macie Session...")
try:
self.sessions.append(
@@ -11,10 +11,10 @@ class NetworkFirewall(AWSService):
# Call AWSService's __init__
super().__init__("network-firewall", provider)
self.network_firewalls = []
self.__threading_call__(self.__list_firewalls__)
self.__describe_firewall__()
self.__threading_call__(self._list_firewalls)
self._describe_firewall()
def __list_firewalls__(self, regional_client):
def _list_firewalls(self, regional_client):
logger.info("Network Firewall - Listing Network Firewalls...")
try:
list_network_firewalls_paginator = regional_client.get_paginator(
@@ -39,7 +39,7 @@ class NetworkFirewall(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __describe_firewall__(self):
def _describe_firewall(self):
logger.info("Network Firewall - Describe Network Firewalls...")
try:
for network_firewall in self.network_firewalls:
@@ -14,12 +14,12 @@ class OpenSearchService(AWSService):
# Call AWSService's __init__
super().__init__("opensearch", provider)
self.opensearch_domains = []
self.__threading_call__(self.__list_domain_names__)
self.__describe_domain_config__(self.regional_clients)
self.__describe_domain__(self.regional_clients)
self.__list_tags__()
self.__threading_call__(self._list_domain_names)
self._describe_domain_config(self.regional_clients)
self._describe_domain(self.regional_clients)
self._list_tags()
def __list_domain_names__(self, regional_client):
def _list_domain_names(self, regional_client):
logger.info("OpenSearch - listing domain names...")
try:
domains = regional_client.list_domain_names()
@@ -40,7 +40,7 @@ class OpenSearchService(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __describe_domain_config__(self, regional_clients):
def _describe_domain_config(self, regional_clients):
logger.info("OpenSearch - describing domain configurations...")
try:
for domain in self.opensearch_domains:
@@ -79,7 +79,7 @@ class OpenSearchService(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __describe_domain__(self, regional_clients):
def _describe_domain(self, regional_clients):
logger.info("OpenSearch - describing domain configurations...")
try:
for domain in self.opensearch_domains:
@@ -132,7 +132,7 @@ class OpenSearchService(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __list_tags__(self):
def _list_tags(self):
logger.info("OpenSearch - List Tags...")
for domain in self.opensearch_domains:
try:
@@ -24,9 +24,9 @@ class Organizations(AWSService):
self.organizations = []
self.policies = []
self.delegated_administrators = []
self.__describe_organization__()
self._describe_organization()
def __describe_organization__(self):
def _describe_organization(self):
logger.info("Organizations - Describe Organization...")
try:
@@ -37,10 +37,10 @@ class Organizations(AWSService):
organization_id = organization_desc.get("Id")
organization_master_id = organization_desc.get("MasterAccountId")
# Fetch policies for organization:
organization_policies = self.__list_policies__()
organization_policies = self._list_policies()
# Fetch delegated administrators for organization:
organization_delegated_administrator = (
self.__list_delegated_administrators__()
self._list_delegated_administrators()
)
except ClientError as error:
if (
@@ -90,7 +90,7 @@ class Organizations(AWSService):
)
# I'm using list_policies instead of list_policies_for_target, because the last one only returns "Attached directly" policies but not "Inherited from..." policies.
def __list_policies__(self):
def _list_policies(self):
logger.info("Organizations - List policies...")
try:
@@ -103,8 +103,8 @@ class Organizations(AWSService):
for page in list_policies_paginator.paginate(Filter=policy_type):
for policy in page["Policies"]:
policy_id = policy.get("Id")
policy_content = self.__describe_policy__(policy_id)
policy_targets = self.__list_targets_for_policy__(policy_id)
policy_content = self._describe_policy(policy_id)
policy_targets = self._list_targets_for_policy(policy_id)
self.policies.append(
Policy(
arn=policy.get("Arn"),
@@ -128,7 +128,7 @@ class Organizations(AWSService):
finally:
return self.policies
def __describe_policy__(self, policy_id) -> dict:
def _describe_policy(self, policy_id) -> dict:
logger.info("Organizations - Describe policy: %s ...", policy_id)
# This operation can be called only from the organizations management account or by a member account that is a delegated administrator for an Amazon Web Services service.
@@ -151,7 +151,7 @@ class Organizations(AWSService):
)
return {}
def __list_targets_for_policy__(self, policy_id) -> list:
def _list_targets_for_policy(self, policy_id) -> list:
logger.info("Organizations - List Targets for policy: %s ...", policy_id)
try:
@@ -169,7 +169,7 @@ class Organizations(AWSService):
)
return []
def __list_delegated_administrators__(self):
def _list_delegated_administrators(self):
logger.info("Organizations - List Delegated Administrators")
try:
@@ -11,9 +11,7 @@ class rds_instance_event_subscription_security_groups(Check):
report.status = "FAIL"
report.status_extended = "RDS security group event categories of configuration change and failure are not subscribed."
report.resource_id = rds_client.audited_account
report.resource_arn = rds_client.__get_rds_arn_template__(
db_event.region
)
report.resource_arn = rds_client._get_rds_arn_template(db_event.region)
report.region = db_event.region
if db_event.source_type == "db-security-group" and db_event.enabled:
if db_event.event_list == []:
@@ -21,26 +21,26 @@ class RDS(AWSService):
self.db_cluster_parameters = {}
self.db_cluster_snapshots = []
self.db_event_subscriptions = []
self.__threading_call__(self.__describe_db_instances__)
self.__threading_call__(self.__describe_db_certificate__)
self.__threading_call__(self.__describe_db_parameters__)
self.__threading_call__(self.__describe_db_snapshots__)
self.__threading_call__(self.__describe_db_snapshot_attributes__)
self.__threading_call__(self.__describe_db_clusters__)
self.__threading_call__(self.__describe_db_cluster_parameters__)
self.__threading_call__(self.__describe_db_cluster_snapshots__)
self.__threading_call__(self.__describe_db_cluster_snapshot_attributes__)
self.__threading_call__(self.__describe_db_engine_versions__)
self.__threading_call__(self.__describe_db_event_subscriptions__)
self.__threading_call__(self._describe_db_instances)
self.__threading_call__(self._describe_db_certificate)
self.__threading_call__(self._describe_db_parameters)
self.__threading_call__(self._describe_db_snapshots)
self.__threading_call__(self._describe_db_snapshot_attributes)
self.__threading_call__(self._describe_db_clusters)
self.__threading_call__(self._describe_db_cluster_parameters)
self.__threading_call__(self._describe_db_cluster_snapshots)
self.__threading_call__(self._describe_db_cluster_snapshot_attributes)
self.__threading_call__(self._describe_db_engine_versions)
self.__threading_call__(self._describe_db_event_subscriptions)
def __get_rds_arn_template__(self, region):
def _get_rds_arn_template(self, region):
return (
f"arn:{self.audited_partition}:rds:{region}:{self.audited_account}:account"
if region
else f"arn:{self.audited_partition}:rds:{self.region}:{self.audited_account}:account"
)
def __describe_db_instances__(self, regional_client):
def _describe_db_instances(self, regional_client):
logger.info("RDS - Describe Instances...")
try:
describe_db_instances_paginator = regional_client.get_paginator(
@@ -106,7 +106,7 @@ class RDS(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __describe_db_parameters__(self, regional_client):
def _describe_db_parameters(self, regional_client):
logger.info("RDS - Describe DB Parameters...")
try:
for (
@@ -129,7 +129,7 @@ class RDS(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __describe_db_certificate__(self, regional_client):
def _describe_db_certificate(self, regional_client):
logger.info("RDS - Describe DB Certificate...")
try:
for instance in self.db_instances.values():
@@ -160,7 +160,7 @@ class RDS(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __describe_db_snapshots__(self, regional_client):
def _describe_db_snapshots(self, regional_client):
logger.info("RDS - Describe Snapshots...")
try:
describe_db_snapshots_paginator = regional_client.get_paginator(
@@ -188,7 +188,7 @@ class RDS(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __describe_db_snapshot_attributes__(self, regional_client):
def _describe_db_snapshot_attributes(self, regional_client):
logger.info("RDS - Describe Snapshot Attributes...")
for snapshot in self.db_snapshots:
try:
@@ -210,7 +210,7 @@ class RDS(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __describe_db_clusters__(self, regional_client):
def _describe_db_clusters(self, regional_client):
logger.info("RDS - Describe Clusters...")
try:
describe_db_clusters_paginator = regional_client.get_paginator(
@@ -277,7 +277,7 @@ class RDS(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __describe_db_cluster_parameters__(self, regional_client):
def _describe_db_cluster_parameters(self, regional_client):
logger.info("RDS - Describe DB Cluster Parameters...")
try:
for cluster in self.db_clusters.values():
@@ -326,7 +326,7 @@ class RDS(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __describe_db_cluster_snapshots__(self, regional_client):
def _describe_db_cluster_snapshots(self, regional_client):
logger.info("RDS - Describe Cluster Snapshots...")
try:
describe_db_snapshots_paginator = regional_client.get_paginator(
@@ -357,7 +357,7 @@ class RDS(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __describe_db_cluster_snapshot_attributes__(self, regional_client):
def _describe_db_cluster_snapshot_attributes(self, regional_client):
logger.info("RDS - Describe Cluster Snapshot Attributes...")
try:
for snapshot in self.db_cluster_snapshots:
@@ -382,7 +382,7 @@ class RDS(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __describe_db_engine_versions__(self, regional_client):
def _describe_db_engine_versions(self, regional_client):
logger.info("RDS - Describe Engine Versions...")
try:
describe_db_engine_versions_paginator = regional_client.get_paginator(
@@ -412,7 +412,7 @@ class RDS(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __describe_db_event_subscriptions__(self, regional_client):
def _describe_db_event_subscriptions(self, regional_client):
logger.info("RDS - Describe Event Subscriptions...")
try:
describe_event_subscriptions_paginator = regional_client.get_paginator(
@@ -13,11 +13,11 @@ class Redshift(AWSService):
# Call AWSService's __init__
super().__init__(__class__.__name__, provider)
self.clusters = []
self.__threading_call__(self.__describe_clusters__)
self.__describe_logging_status__(self.regional_clients)
self.__describe_cluster_snapshots__(self.regional_clients)
self.__threading_call__(self._describe_clusters)
self._describe_logging_status(self.regional_clients)
self._describe_cluster_snapshots(self.regional_clients)
def __describe_clusters__(self, regional_client):
def _describe_clusters(self, regional_client):
logger.info("Redshift - describing clusters...")
try:
list_clusters_paginator = regional_client.get_paginator("describe_clusters")
@@ -53,7 +53,7 @@ class Redshift(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __describe_logging_status__(self, regional_clients):
def _describe_logging_status(self, regional_clients):
logger.info("Redshift - describing logging status...")
try:
for cluster in self.clusters:
@@ -74,7 +74,7 @@ class Redshift(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __describe_cluster_snapshots__(self, regional_clients):
def _describe_cluster_snapshots(self, regional_clients):
logger.info("Redshift - describing logging status...")
try:
for cluster in self.clusters:
@@ -13,9 +13,9 @@ class ResourceExplorer2(AWSService):
super().__init__("resource-explorer-2", provider)
self.index_arn_template = f"arn:{self.audited_partition}:resource-explorer:{self.region}:{self.audited_account}:index"
self.indexes = []
self.__threading_call__(self.__list_indexes__)
self.__threading_call__(self._list_indexes)
def __list_indexes__(self, regional_client):
def _list_indexes(self, regional_client):
logger.info("ResourceExplorer - list indexes...")
try:
list_indexes_paginator = regional_client.get_paginator("list_indexes")
@@ -14,12 +14,12 @@ class Route53(AWSService):
super().__init__(__class__.__name__, provider, global_service=True)
self.hosted_zones = {}
self.record_sets = []
self.__list_hosted_zones__()
self.__list_query_logging_configs__()
self.__list_tags_for_resource__()
self.__list_resource_record_sets__()
self._list_hosted_zones()
self._list_query_logging_configs()
self._list_tags_for_resource()
self._list_resource_record_sets()
def __list_hosted_zones__(self):
def _list_hosted_zones(self):
logger.info("Route53 - Listing Hosting Zones...")
try:
list_hosted_zones_paginator = self.client.get_paginator("list_hosted_zones")
@@ -46,7 +46,7 @@ class Route53(AWSService):
f"{self.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __list_resource_record_sets__(self):
def _list_resource_record_sets(self):
logger.info("Route53 - Listing Hosting Zones...")
try:
list_resource_record_sets_paginator = self.client.get_paginator(
@@ -78,7 +78,7 @@ class Route53(AWSService):
f"{self.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __list_query_logging_configs__(self):
def _list_query_logging_configs(self):
logger.info("Route53 - Listing Query Logging Configs...")
try:
for hosted_zone in self.hosted_zones.values():
@@ -100,7 +100,7 @@ class Route53(AWSService):
f"{self.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __list_tags_for_resource__(self):
def _list_tags_for_resource(self):
logger.info("Route53Domains - List Tags...")
for hosted_zone in self.hosted_zones.values():
try:
@@ -148,11 +148,11 @@ class Route53Domains(AWSService):
# but you must specify the US East (N. Virginia) Region to create, update, or otherwise work with domains.
self.region = "us-east-1"
self.client = self.session.client(self.service, self.region)
self.__list_domains__()
self.__get_domain_detail__()
self.__list_tags_for_domain__()
self._list_domains()
self._get_domain_detail()
self._list_tags_for_domain()
def __list_domains__(self):
def _list_domains(self):
logger.info("Route53Domains - Listing Domains...")
try:
list_domains_zones_paginator = self.client.get_paginator("list_domains")
@@ -169,7 +169,7 @@ class Route53Domains(AWSService):
f"{self.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_domain_detail__(self):
def _get_domain_detail(self):
logger.info("Route53Domains - Getting Domain Detail...")
try:
for domain in self.domains.values():
@@ -182,7 +182,7 @@ class Route53Domains(AWSService):
f"{self.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __list_tags_for_domain__(self):
def _list_tags_for_domain(self):
logger.info("Route53Domains - List Tags...")
for domain in self.domains.values():
try:
@@ -16,15 +16,15 @@ class SageMaker(AWSService):
self.sagemaker_notebook_instances = []
self.sagemaker_models = []
self.sagemaker_training_jobs = []
self.__threading_call__(self.__list_notebook_instances__)
self.__threading_call__(self.__list_models__)
self.__threading_call__(self.__list_training_jobs__)
self.__describe_model__(self.regional_clients)
self.__describe_notebook_instance__(self.regional_clients)
self.__describe_training_job__(self.regional_clients)
self.__list_tags_for_resource__()
self.__threading_call__(self._list_notebook_instances)
self.__threading_call__(self._list_models)
self.__threading_call__(self._list_training_jobs)
self._describe_model(self.regional_clients)
self._describe_notebook_instance(self.regional_clients)
self._describe_training_job(self.regional_clients)
self._list_tags_for_resource()
def __list_notebook_instances__(self, regional_client):
def _list_notebook_instances(self, regional_client):
logger.info("SageMaker - listing notebook instances...")
try:
list_notebook_instances_paginator = regional_client.get_paginator(
@@ -50,7 +50,7 @@ class SageMaker(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __list_models__(self, regional_client):
def _list_models(self, regional_client):
logger.info("SageMaker - listing models...")
try:
list_models_paginator = regional_client.get_paginator("list_models")
@@ -71,7 +71,7 @@ class SageMaker(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __list_training_jobs__(self, regional_client):
def _list_training_jobs(self, regional_client):
logger.info("SageMaker - listing training jobs...")
try:
list_training_jobs_paginator = regional_client.get_paginator(
@@ -96,7 +96,7 @@ class SageMaker(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __describe_notebook_instance__(self, regional_clients):
def _describe_notebook_instance(self, regional_clients):
logger.info("SageMaker - describing notebook instances...")
try:
for notebook_instance in self.sagemaker_notebook_instances:
@@ -135,7 +135,7 @@ class SageMaker(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __describe_model__(self, regional_clients):
def _describe_model(self, regional_clients):
logger.info("SageMaker - describing models...")
try:
for model in self.sagemaker_models:
@@ -153,7 +153,7 @@ class SageMaker(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __describe_training_job__(self, regional_clients):
def _describe_training_job(self, regional_clients):
logger.info("SageMaker - describing training jobs...")
try:
for training_job in self.sagemaker_training_jobs:
@@ -188,7 +188,7 @@ class SageMaker(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __list_tags_for_resource__(self):
def _list_tags_for_resource(self):
logger.info("SageMaker - List Tags...")
try:
for model in self.sagemaker_models:
@@ -13,9 +13,9 @@ class SecretsManager(AWSService):
# Call AWSService's __init__
super().__init__(__class__.__name__, provider)
self.secrets = {}
self.__threading_call__(self.__list_secrets__)
self.__threading_call__(self._list_secrets)
def __list_secrets__(self, regional_client):
def _list_secrets(self, regional_client):
logger.info("SecretsManager - Listing Secrets...")
try:
list_secrets_paginator = regional_client.get_paginator("list_secrets")
@@ -12,9 +12,9 @@ class SecurityHub(AWSService):
# Call AWSService's __init__
super().__init__(__class__.__name__, provider)
self.securityhubs = []
self.__threading_call__(self.__describe_hub__)
self.__threading_call__(self._describe_hub)
def __describe_hub__(self, regional_client):
def _describe_hub(self, regional_client):
logger.info("SecurityHub - Describing Hub...")
try:
# Check if SecurityHub is active
@@ -11,11 +11,11 @@ class Shield(AWSService):
super().__init__(__class__.__name__, provider, global_service=True)
self.protections = {}
self.enabled = False
self.enabled = self.__get_subscription_state__()
self.enabled = self._get_subscription_state()
if self.enabled:
self.__list_protections__()
self._list_protections()
def __get_subscription_state__(self):
def _get_subscription_state(self):
logger.info("Shield - Getting Subscription State...")
try:
return (
@@ -28,7 +28,7 @@ class Shield(AWSService):
f"{self.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __list_protections__(self):
def _list_protections(self):
logger.info("Shield - Listing Protections...")
try:
list_protections_paginator = self.client.get_paginator("list_protections")
@@ -14,12 +14,12 @@ class SNS(AWSService):
# Call AWSService's __init__
super().__init__(__class__.__name__, provider)
self.topics = []
self.__threading_call__(self.__list_topics__)
self.__get_topic_attributes__(self.regional_clients)
self.__list_tags_for_resource__()
self.__list_subscriptions_by_topic__()
self.__threading_call__(self._list_topics)
self._get_topic_attributes(self.regional_clients)
self._list_tags_for_resource()
self._list_subscriptions_by_topic()
def __list_topics__(self, regional_client):
def _list_topics(self, regional_client):
logger.info("SNS - listing topics...")
try:
list_topics_paginator = regional_client.get_paginator("list_topics")
@@ -42,7 +42,7 @@ class SNS(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_topic_attributes__(self, regional_clients):
def _get_topic_attributes(self, regional_clients):
logger.info("SNS - getting topic attributes...")
try:
for topic in self.topics:
@@ -61,7 +61,7 @@ class SNS(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __list_tags_for_resource__(self):
def _list_tags_for_resource(self):
logger.info("SNS - List Tags...")
try:
for topic in self.topics:
@@ -75,7 +75,7 @@ class SNS(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __list_subscriptions_by_topic__(self):
def _list_subscriptions_by_topic(self):
logger.info("SNS - Listing subscriptions by topic...")
try:
for topic in self.topics:
@@ -15,11 +15,11 @@ class SQS(AWSService):
# Call AWSService's __init__
super().__init__(__class__.__name__, provider)
self.queues = []
self.__threading_call__(self.__list_queues__)
self.__get_queue_attributes__()
self.__list_queue_tags__()
self.__threading_call__(self._list_queues)
self._get_queue_attributes()
self._list_queue_tags()
def __list_queues__(self, regional_client):
def _list_queues(self, regional_client):
logger.info("SQS - describing queues...")
try:
list_queues_paginator = regional_client.get_paginator("list_queues")
@@ -49,7 +49,7 @@ class SQS(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_queue_attributes__(self):
def _get_queue_attributes(self):
try:
logger.info("SQS - describing queue attributes...")
for queue in self.queues:
@@ -94,7 +94,7 @@ class SQS(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __list_queue_tags__(self):
def _list_queue_tags(self):
logger.info("SQS - List Tags...")
try:
for queue in self.queues:
@@ -19,13 +19,13 @@ class SSM(AWSService):
self.documents = {}
self.compliance_resources = {}
self.managed_instances = {}
self.__threading_call__(self.__list_documents__)
self.__threading_call__(self.__get_document__)
self.__threading_call__(self.__describe_document_permission__)
self.__threading_call__(self.__list_resource_compliance_summaries__)
self.__threading_call__(self.__describe_instance_information__)
self.__threading_call__(self._list_documents)
self.__threading_call__(self._get_document)
self.__threading_call__(self._describe_document_permission)
self.__threading_call__(self._list_resource_compliance_summaries)
self.__threading_call__(self._describe_instance_information)
def __list_documents__(self, regional_client):
def _list_documents(self, regional_client):
logger.info("SSM - Listing Documents...")
try:
# To retrieve only the documents owned by the account
@@ -62,7 +62,7 @@ class SSM(AWSService):
f" {error}"
)
def __get_document__(self, regional_client):
def _get_document(self, regional_client):
logger.info("SSM - Getting Document...")
for document in self.documents.values():
try:
@@ -88,7 +88,7 @@ class SSM(AWSService):
f" {error}"
)
def __describe_document_permission__(self, regional_client):
def _describe_document_permission(self, regional_client):
logger.info("SSM - Describing Document Permission...")
try:
for document in self.documents.values():
@@ -107,7 +107,7 @@ class SSM(AWSService):
f" {error}"
)
def __list_resource_compliance_summaries__(self, regional_client):
def _list_resource_compliance_summaries(self, regional_client):
logger.info("SSM - List Resources Compliance Summaries...")
try:
list_resource_compliance_summaries_paginator = (
@@ -136,7 +136,7 @@ class SSM(AWSService):
f" {error}"
)
def __describe_instance_information__(self, regional_client):
def _describe_instance_information(self, regional_client):
logger.info("SSM - Describing Instance Information...")
try:
describe_instance_information_paginator = regional_client.get_paginator(
@@ -19,13 +19,13 @@ class SSMIncidents(AWSService):
super().__init__("ssm-incidents", provider)
self.replication_set_arn_template = f"arn:{self.audited_partition}:ssm-incidents:{self.region}:{self.audited_account}:replication-set"
self.replication_set = []
self.__list_replication_sets__()
self.__get_replication_set__()
self._list_replication_sets()
self._get_replication_set()
self.response_plans = []
self.__threading_call__(self.__list_response_plans__)
self.__list_tags_for_resource__()
self.__threading_call__(self._list_response_plans)
self._list_tags_for_resource()
def __list_replication_sets__(self):
def _list_replication_sets(self):
logger.info("SSMIncidents - Listing Replication Sets...")
try:
if self.regional_clients:
@@ -61,7 +61,7 @@ class SSMIncidents(AWSService):
f"{error.__class__.__name__}:{error.__traceback__.tb_lineno} -- {error}"
)
def __get_replication_set__(self):
def _get_replication_set(self):
logger.info("SSMIncidents - Getting Replication Sets...")
try:
if not self.replication_set:
@@ -100,7 +100,7 @@ class SSMIncidents(AWSService):
f"{error.__class__.__name__}:{error.__traceback__.tb_lineno} -- {error}"
)
def __list_response_plans__(self, regional_client):
def _list_response_plans(self, regional_client):
logger.info("SSMIncidents - Listing Response Plans...")
try:
list_response_plans_paginator = regional_client.get_paginator(
@@ -120,7 +120,7 @@ class SSMIncidents(AWSService):
f"{error.__class__.__name__}:{error.__traceback__.tb_lineno} -- {error}"
)
def __list_tags_for_resource__(self):
def _list_tags_for_resource(self):
logger.info("SSMIncidents - List Tags...")
try:
for response_plan in self.response_plans:
@@ -13,11 +13,11 @@ class StorageGateway(AWSService):
# Call AWSService's __init__
super().__init__(__class__.__name__, provider)
self.fileshares = []
self.__threading_call__(self.__list_file_shares__)
self.__threading_call__(self.__describe_nfs_file_shares__)
self.__threading_call__(self.__describe_smb_file_shares__)
self.__threading_call__(self._list_file_shares)
self.__threading_call__(self._describe_nfs_file_shares)
self.__threading_call__(self._describe_smb_file_shares)
def __list_file_shares__(self, regional_client):
def _list_file_shares(self, regional_client):
try:
list_file_share_paginator = regional_client.get_paginator(
"list_file_shares"
@@ -45,7 +45,7 @@ class StorageGateway(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __describe_nfs_file_shares__(self, regional_client):
def _describe_nfs_file_shares(self, regional_client):
logger.info("StorageGateway - Describe NFS FileShares...")
try:
for fileshare in self.fileshares:
@@ -64,7 +64,7 @@ class StorageGateway(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __describe_smb_file_shares__(self, regional_client):
def _describe_smb_file_shares(self, regional_client):
logger.info("StorageGateway - Describe SMB FileShares...")
try:
for fileshare in self.fileshares:
@@ -24,12 +24,12 @@ class TrustedAdvisor(AWSService):
support_region = "us-gov-west-1"
self.client = self.session.client(self.service, region_name=support_region)
self.client.region = support_region
self.__describe_services__()
self._describe_services()
if getattr(self.premium_support, "enabled", False):
self.__describe_trusted_advisor_checks__()
self.__describe_trusted_advisor_check_result__()
self._describe_trusted_advisor_checks()
self._describe_trusted_advisor_check_result()
def __describe_trusted_advisor_checks__(self):
def _describe_trusted_advisor_checks(self):
logger.info("TrustedAdvisor - Describing Checks...")
try:
for check in self.client.describe_trusted_advisor_checks(language="en").get(
@@ -62,7 +62,7 @@ class TrustedAdvisor(AWSService):
f"{self.client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __describe_trusted_advisor_check_result__(self):
def _describe_trusted_advisor_check_result(self):
logger.info("TrustedAdvisor - Describing Check Result...")
try:
for check in self.checks:
@@ -86,7 +86,7 @@ class TrustedAdvisor(AWSService):
f"{self.client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __describe_services__(self):
def _describe_services(self):
logger.info("Support - Describing Services...")
try:
self.client.describe_services()
@@ -21,18 +21,18 @@ class VPC(AWSService):
self.vpc_peering_connections = []
self.vpc_endpoints = []
self.vpc_endpoint_services = []
self.__threading_call__(self.__describe_vpcs__)
self.__threading_call__(self.__describe_vpc_peering_connections__)
self.__threading_call__(self.__describe_vpc_endpoints__)
self.__threading_call__(self.__describe_vpc_endpoint_services__)
self.__describe_flow_logs__()
self.__describe_peering_route_tables__()
self.__describe_vpc_endpoint_service_permissions__()
self.__threading_call__(self._describe_vpcs)
self.__threading_call__(self._describe_vpc_peering_connections)
self.__threading_call__(self._describe_vpc_endpoints)
self.__threading_call__(self._describe_vpc_endpoint_services)
self._describe_flow_logs()
self._describe_peering_route_tables()
self._describe_vpc_endpoint_service_permissions()
self.vpc_subnets = {}
self.__threading_call__(self.__describe_vpc_subnets__)
self.__describe_network_interfaces__()
self.__threading_call__(self._describe_vpc_subnets)
self._describe_network_interfaces()
def __describe_vpcs__(self, regional_client):
def _describe_vpcs(self, regional_client):
logger.info("VPC - Describing VPCs...")
try:
describe_vpcs_paginator = regional_client.get_paginator("describe_vpcs")
@@ -65,7 +65,7 @@ class VPC(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __describe_vpc_peering_connections__(self, regional_client):
def _describe_vpc_peering_connections(self, regional_client):
logger.info("VPC - Describing VPC Peering Connections...")
try:
describe_vpc_peering_connections_paginator = regional_client.get_paginator(
@@ -104,7 +104,7 @@ class VPC(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __describe_peering_route_tables__(self):
def _describe_peering_route_tables(self):
logger.info("VPC - Describing Peering Route Tables...")
try:
for conn in self.vpc_peering_connections:
@@ -147,7 +147,7 @@ class VPC(AWSService):
f"{error.__class__.__name__}:{error.__traceback__.tb_lineno} -- {error}"
)
def __describe_flow_logs__(self):
def _describe_flow_logs(self):
logger.info("VPC - Describing flow logs...")
try:
for vpc in self.vpcs.values():
@@ -174,7 +174,7 @@ class VPC(AWSService):
f"{error.__class__.__name__}:{error.__traceback__.tb_lineno} -- {error}"
)
def __describe_network_interfaces__(self):
def _describe_network_interfaces(self):
logger.info("VPC - Describing flow logs...")
try:
for vpc in self.vpcs.values():
@@ -214,7 +214,7 @@ class VPC(AWSService):
f"{error.__class__.__name__}:{error.__traceback__.tb_lineno} -- {error}"
)
def __describe_vpc_endpoints__(self, regional_client):
def _describe_vpc_endpoints(self, regional_client):
logger.info("VPC - Describing VPC Endpoints...")
try:
describe_vpc_endpoints_paginator = regional_client.get_paginator(
@@ -252,7 +252,7 @@ class VPC(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __describe_vpc_endpoint_services__(self, regional_client):
def _describe_vpc_endpoint_services(self, regional_client):
logger.info("VPC - Describing VPC Endpoint Services...")
try:
describe_vpc_endpoint_services_paginator = regional_client.get_paginator(
@@ -285,7 +285,7 @@ class VPC(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __describe_vpc_endpoint_service_permissions__(self):
def _describe_vpc_endpoint_service_permissions(self):
logger.info("VPC - Describing VPC Endpoint service permissions...")
try:
for service in self.vpc_endpoint_services:
@@ -312,7 +312,7 @@ class VPC(AWSService):
f"{error.__class__.__name__}:{error.__traceback__.tb_lineno} -- {error}"
)
def __describe_vpc_subnets__(self, regional_client):
def _describe_vpc_subnets(self, regional_client):
logger.info("VPC - Describing VPC subnets...")
try:
describe_subnets_paginator = regional_client.get_paginator(
@@ -11,10 +11,10 @@ class WAF(AWSService):
# Call AWSService's __init__
super().__init__("waf-regional", provider)
self.web_acls = []
self.__threading_call__(self.__list_web_acls__)
self.__threading_call__(self.__list_resources_for_web_acl__)
self.__threading_call__(self._list_web_acls)
self.__threading_call__(self._list_resources_for_web_acl)
def __list_web_acls__(self, regional_client):
def _list_web_acls(self, regional_client):
logger.info("WAF - Listing Regional Web ACLs...")
try:
for waf in regional_client.list_web_acls()["WebACLs"]:
@@ -34,7 +34,7 @@ class WAF(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __list_resources_for_web_acl__(self, regional_client):
def _list_resources_for_web_acl(self, regional_client):
logger.info("WAF - Describing resources...")
try:
for acl in self.web_acls:
@@ -12,11 +12,11 @@ class WAFv2(AWSService):
# Call AWSService's __init__
super().__init__(__class__.__name__, provider)
self.web_acls = []
self.__threading_call__(self.__list_web_acls__)
self.__threading_call__(self.__list_resources_for_web_acl__)
self.__threading_call__(self.__get_logging_configuration__)
self.__threading_call__(self._list_web_acls)
self.__threading_call__(self._list_resources_for_web_acl)
self.__threading_call__(self._get_logging_configuration)
def __list_web_acls__(self, regional_client):
def _list_web_acls(self, regional_client):
logger.info("WAFv2 - Listing Regional Web ACLs...")
try:
for wafv2 in regional_client.list_web_acls(Scope="REGIONAL")["WebACLs"]:
@@ -38,7 +38,7 @@ class WAFv2(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_logging_configuration__(self, regional_client):
def _get_logging_configuration(self, regional_client):
logger.info("WAFv2 - Get Logging Configuration...")
for acl in self.web_acls:
if acl.region == regional_client.region:
@@ -64,7 +64,7 @@ class WAFv2(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __list_resources_for_web_acl__(self, regional_client):
def _list_resources_for_web_acl(self, regional_client):
logger.info("WAFv2 - Describing resources...")
for acl in self.web_acls:
if acl.region == regional_client.region:
@@ -14,10 +14,10 @@ class WellArchitected(AWSService):
# Call AWSService's __init__
super().__init__(__class__.__name__, provider)
self.workloads = []
self.__threading_call__(self.__list_workloads__)
self.__list_tags_for_resource__()
self.__threading_call__(self._list_workloads)
self._list_tags_for_resource()
def __list_workloads__(self, regional_client):
def _list_workloads(self, regional_client):
logger.info("WellArchitected - Listing Workloads...")
try:
for workload in regional_client.list_workloads()["WorkloadSummaries"]:
@@ -41,7 +41,7 @@ class WellArchitected(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __list_tags_for_resource__(self):
def _list_tags_for_resource(self):
logger.info("WellArchitected - Listing Tags...")
try:
for workload in self.workloads:
@@ -13,10 +13,10 @@ class WorkSpaces(AWSService):
# Call AWSService's __init__
super().__init__(__class__.__name__, provider)
self.workspaces = []
self.__threading_call__(self.__describe_workspaces__)
self.__describe_tags__()
self.__threading_call__(self._describe_workspaces)
self._describe_tags()
def __describe_workspaces__(self, regional_client):
def _describe_workspaces(self, regional_client):
logger.info("WorkSpaces - describing workspaces...")
try:
describe_workspaces_paginator = regional_client.get_paginator(
@@ -51,7 +51,7 @@ class WorkSpaces(AWSService):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __describe_tags__(self):
def _describe_tags(self):
logger.info("Workspaces - List Tags...")
try:
for workspace in self.workspaces:
@@ -12,9 +12,9 @@ from prowler.providers.azure.lib.service.service import AzureService
class AKS(AzureService):
def __init__(self, provider: AzureProvider):
super().__init__(ContainerServiceClient, provider)
self.clusters = self.__get_clusters__()
self.clusters = self._get_clusters()
def __get_clusters__(self):
def _get_clusters(self):
logger.info("AKS - Getting clusters...")
clusters = {}
@@ -14,10 +14,10 @@ from prowler.providers.azure.services.monitor.monitor_service import DiagnosticS
class App(AzureService):
def __init__(self, provider: AzureProvider):
super().__init__(WebSiteManagementClient, provider)
self.apps = self.__get_apps__()
self.functions = self.__get_functions__()
self.apps = self._get_apps()
self.functions = self._get_functions()
def __get_apps__(self):
def _get_apps(self):
logger.info("App - Getting apps...")
apps = {}
@@ -50,11 +50,11 @@ class App(AzureService):
resource_group_name=app.resource_group,
name=app.name,
),
client_cert_mode=self.__get_client_cert_mode__(
client_cert_mode=self._get_client_cert_mode(
getattr(app, "client_cert_enabled", False),
getattr(app, "client_cert_mode", "Ignore"),
),
monitor_diagnostic_settings=self.__get_app_monitor_settings__(
monitor_diagnostic_settings=self._get_app_monitor_settings(
app.name, app.resource_group, subscription_name
),
https_only=getattr(app, "https_only", False),
@@ -71,7 +71,7 @@ class App(AzureService):
return apps
def __get_functions__(self):
def _get_functions(self):
logger.info("Function - Getting functions...")
functions = {}
@@ -138,9 +138,7 @@ class App(AzureService):
return functions
def __get_client_cert_mode__(
self, client_cert_enabled: bool, client_cert_mode: str
):
def _get_client_cert_mode(self, client_cert_enabled: bool, client_cert_mode: str):
cert_mode = "Ignore"
if not client_cert_enabled and client_cert_mode == "OptionalInteractiveUser":
cert_mode = "Ignore"
@@ -155,7 +153,7 @@ class App(AzureService):
return cert_mode
def __get_app_monitor_settings__(self, app_name, resource_group, subscription):
def _get_app_monitor_settings(self, app_name, resource_group, subscription):
logger.info(f"App - Getting monitor diagnostics settings for {app_name}...")
monitor_diagnostics_settings = []
try:
@@ -10,9 +10,9 @@ from prowler.providers.azure.lib.service.service import AzureService
class AppInsights(AzureService):
def __init__(self, provider: AzureProvider):
super().__init__(ApplicationInsightsManagementClient, provider)
self.components = self.__get_components__()
self.components = self._get_components()
def __get_components__(self):
def _get_components(self):
logger.info("AppInsights - Getting components...")
components = {}
@@ -11,9 +11,9 @@ from prowler.providers.azure.lib.service.service import AzureService
class CosmosDB(AzureService):
def __init__(self, provider: AzureProvider):
super().__init__(CosmosDBManagementClient, provider)
self.accounts = self.__get_accounts__()
self.accounts = self._get_accounts()
def __get_accounts__(self):
def _get_accounts(self):
logger.info("CosmosDB - Getting accounts...")
accounts = {}
for subscription, client in self.clients.items():
@@ -19,14 +19,14 @@ class Defender(AzureService):
def __init__(self, provider: AzureProvider):
super().__init__(SecurityCenter, provider)
self.pricings = self.__get_pricings__()
self.auto_provisioning_settings = self.__get_auto_provisioning_settings__()
self.assessments = self.__get_assessments__()
self.settings = self.__get_settings__()
self.security_contacts = self.__get_security_contacts__()
self.iot_security_solutions = self.__get_iot_security_solutions__()
self.pricings = self._get_pricings()
self.auto_provisioning_settings = self._get_auto_provisioning_settings()
self.assessments = self._get_assessments()
self.settings = self._get_settings()
self.security_contacts = self._get_security_contacts()
self.iot_security_solutions = self._get_iot_security_solutions()
def __get_pricings__(self):
def _get_pricings(self):
logger.info("Defender - Getting pricings...")
pricings = {}
for subscription_name, client in self.clients.items():
@@ -66,7 +66,7 @@ class Defender(AzureService):
)
return pricings
def __get_auto_provisioning_settings__(self):
def _get_auto_provisioning_settings(self):
logger.info("Defender - Getting auto provisioning settings...")
auto_provisioning = {}
for subscription_name, client in self.clients.items():
@@ -95,7 +95,7 @@ class Defender(AzureService):
)
return auto_provisioning
def __get_assessments__(self):
def _get_assessments(self):
logger.info("Defender - Getting assessments...")
assessments = {}
for subscription_name, client in self.clients.items():
@@ -120,7 +120,7 @@ class Defender(AzureService):
)
return assessments
def __get_settings__(self):
def _get_settings(self):
logger.info("Defender - Getting settings...")
settings = {}
for subscription_name, client in self.clients.items():
@@ -149,7 +149,7 @@ class Defender(AzureService):
)
return settings
def __get_security_contacts__(self):
def _get_security_contacts(self):
logger.info("Defender - Getting security contacts...")
security_contacts = {}
for subscription_name, client in self.clients.items():
@@ -195,7 +195,7 @@ class Defender(AzureService):
)
return security_contacts
def __get_iot_security_solutions__(self):
def _get_iot_security_solutions(self):
logger.info("Defender - Getting IoT Security Solutions...")
iot_security_solutions = {}
for subscription_name, client in self.clients.items():
@@ -23,16 +23,16 @@ class Entra(AzureService):
loop = get_event_loop()
# Get users first alone because it is a dependency for other attributes
self.users = loop.run_until_complete(self.__get_users__())
self.users = loop.run_until_complete(self._get_users())
attributes = loop.run_until_complete(
gather(
self.__get_authorization_policy__(),
self.__get_group_settings__(),
self.__get_security_default__(),
self.__get_named_locations__(),
self.__get_directory_roles__(),
self.__get_conditional_access_policy__(),
self._get_authorization_policy(),
self._get_group_settings(),
self._get_security_default(),
self._get_named_locations(),
self._get_directory_roles(),
self._get_conditional_access_policy(),
)
)
@@ -43,7 +43,7 @@ class Entra(AzureService):
self.directory_roles = attributes[4]
self.conditional_access_policy = attributes[5]
async def __get_users__(self):
async def _get_users(self):
logger.info("Entra - Getting users...")
users = {}
try:
@@ -79,7 +79,7 @@ class Entra(AzureService):
return users
async def __get_authorization_policy__(self):
async def _get_authorization_policy(self):
logger.info("Entra - Getting authorization policy...")
authorization_policy = {}
@@ -115,7 +115,7 @@ class Entra(AzureService):
return authorization_policy
async def __get_group_settings__(self):
async def _get_group_settings(self):
logger.info("Entra - Getting group settings...")
group_settings = {}
try:
@@ -139,7 +139,7 @@ class Entra(AzureService):
return group_settings
async def __get_security_default__(self):
async def _get_security_default(self):
logger.info("Entra - Getting security default...")
try:
security_defaults = {}
@@ -163,7 +163,7 @@ class Entra(AzureService):
return security_defaults
async def __get_named_locations__(self):
async def _get_named_locations(self):
logger.info("Entra - Getting named locations...")
named_locations = {}
try:
@@ -194,7 +194,7 @@ class Entra(AzureService):
return named_locations
async def __get_directory_roles__(self):
async def _get_directory_roles(self):
logger.info("Entra - Getting directory roles...")
directory_roles_with_members = {}
try:
@@ -228,7 +228,7 @@ class Entra(AzureService):
)
return directory_roles_with_members
async def __get_conditional_access_policy__(self):
async def _get_conditional_access_policy(self):
logger.info("Entra - Getting conditional access policy...")
conditional_access_policy = {}
try:
@@ -12,10 +12,10 @@ from prowler.providers.azure.lib.service.service import AzureService
class IAM(AzureService):
def __init__(self, provider: AzureProvider):
super().__init__(AuthorizationManagementClient, provider)
self.roles, self.custom_roles = self.__get_roles__()
self.role_assignments = self.__get_role_assignments__()
self.roles, self.custom_roles = self._get_roles()
self.role_assignments = self._get_role_assignments()
def __get_roles__(self):
def _get_roles(self):
logger.info("IAM - Getting roles...")
builtin_roles = {}
custom_roles = {}
@@ -54,7 +54,7 @@ class IAM(AzureService):
)
return builtin_roles, custom_roles
def __get_role_assignments__(self):
def _get_role_assignments(self):
logger.info("IAM - Getting role assignments...")
role_assignments = {}
for subscription, client in self.clients.items():
@@ -21,9 +21,9 @@ class KeyVault(AzureService):
def __init__(self, provider: AzureProvider):
super().__init__(KeyVaultManagementClient, provider)
# TODO: review this credentials assignment
self.key_vaults = self.__get_key_vaults__(provider)
self.key_vaults = self._get_key_vaults(provider)
def __get_key_vaults__(self, provider):
def _get_key_vaults(self, provider):
logger.info("KeyVault - Getting key_vaults...")
key_vaults = {}
for subscription, client in self.clients.items():
@@ -36,10 +36,10 @@ class KeyVault(AzureService):
keyvault_properties = client.vaults.get(
resource_group, keyvault_name
).properties
keys = self.__get_keys__(
keys = self._get_keys(
subscription, resource_group, keyvault_name, provider
)
secrets = self.__get_secrets__(
secrets = self._get_secrets(
subscription, resource_group, keyvault_name
)
key_vaults[subscription].append(
@@ -51,7 +51,7 @@ class KeyVault(AzureService):
properties=keyvault_properties,
keys=keys,
secrets=secrets,
monitor_diagnostic_settings=self.__get_vault_monitor_settings__(
monitor_diagnostic_settings=self._get_vault_monitor_settings(
keyvault_name, resource_group, subscription
),
)
@@ -62,7 +62,7 @@ class KeyVault(AzureService):
)
return key_vaults
def __get_keys__(self, subscription, resource_group, keyvault_name, provider):
def _get_keys(self, subscription, resource_group, keyvault_name, provider):
logger.info(f"KeyVault - Getting keys for {keyvault_name}...")
keys = []
try:
@@ -103,7 +103,7 @@ class KeyVault(AzureService):
)
return keys
def __get_secrets__(self, subscription, resource_group, keyvault_name):
def _get_secrets(self, subscription, resource_group, keyvault_name):
logger.info(f"KeyVault - Getting secrets for {keyvault_name}...")
secrets = []
try:
@@ -125,9 +125,7 @@ class KeyVault(AzureService):
)
return secrets
def __get_vault_monitor_settings__(
self, keyvault_name, resource_group, subscription
):
def _get_vault_monitor_settings(self, keyvault_name, resource_group, subscription):
logger.info(
f"KeyVault - Getting monitor diagnostics settings for {keyvault_name}..."
)
@@ -13,10 +13,10 @@ class Monitor(AzureService):
def __init__(self, provider: AzureProvider):
super().__init__(MonitorManagementClient, provider)
self.diagnostics_settings = self.__get_diagnostics_settings__()
self.diagnostics_settings = self._get_diagnostics_settings()
self.alert_rules = self.get_alert_rules()
def __get_diagnostics_settings__(self):
def _get_diagnostics_settings(self):
logger.info("Monitor - Getting diagnostics settings...")
diagnostics_settings_list = []
diagnostics_settings = {}
@@ -12,9 +12,9 @@ class MySQL(AzureService):
def __init__(self, provider: AzureProvider):
super().__init__(MySQLManagementClient, provider)
self.flexible_servers = self.__get_flexible_servers__()
self.flexible_servers = self._get_flexible_servers()
def __get_flexible_servers__(self):
def _get_flexible_servers(self):
logger.info("MySQL - Getting servers...")
servers = {}
for subscription_name, client in self.clients.items():
@@ -28,7 +28,7 @@ class MySQL(AzureService):
resource_id=server.id,
location=server.location,
version=server.version,
configurations=self.__get_configurations__(
configurations=self._get_configurations(
client, server.id.split("/")[4], server.name
),
)
@@ -40,7 +40,7 @@ class MySQL(AzureService):
)
return servers
def __get_configurations__(self, client, resource_group, server_name):
def _get_configurations(self, client, resource_group, server_name):
logger.info(f"MySQL - Getting configurations from server {server_name} ...")
configurations = {}
try:
@@ -10,12 +10,12 @@ from prowler.providers.azure.lib.service.service import AzureService
class Network(AzureService):
def __init__(self, provider: AzureProvider):
super().__init__(NetworkManagementClient, provider)
self.security_groups = self.__get_security_groups__()
self.bastion_hosts = self.__get_bastion_hosts__()
self.network_watchers = self.__get_network_watchers__()
self.public_ip_addresses = self.__get_public_ip_addresses__()
self.security_groups = self._get_security_groups()
self.bastion_hosts = self._get_bastion_hosts()
self.network_watchers = self._get_network_watchers()
self.public_ip_addresses = self._get_public_ip_addresses()
def __get_security_groups__(self):
def _get_security_groups(self):
logger.info("Network - Getting Network Security Groups...")
security_groups = {}
for subscription, client in self.clients.items():
@@ -38,7 +38,7 @@ class Network(AzureService):
)
return security_groups
def __get_network_watchers__(self):
def _get_network_watchers(self):
logger.info("Network - Getting Network Watchers...")
network_watchers = {}
for subscription, client in self.clients.items():
@@ -46,9 +46,7 @@ class Network(AzureService):
network_watchers.update({subscription: []})
network_watchers_list = client.network_watchers.list_all()
for network_watcher in network_watchers_list:
flow_logs = self.__get_flow_logs__(
subscription, network_watcher.name
)
flow_logs = self._get_flow_logs(subscription, network_watcher.name)
network_watchers[subscription].append(
NetworkWatcher(
id=network_watcher.id,
@@ -64,14 +62,14 @@ class Network(AzureService):
)
return network_watchers
def __get_flow_logs__(self, subscription, network_watcher_name):
def _get_flow_logs(self, subscription, network_watcher_name):
logger.info("Network - Getting Flow Logs...")
client = self.clients[subscription]
resource_group = "NetworkWatcherRG"
flow_logs = client.flow_logs.list(resource_group, network_watcher_name)
return flow_logs
def __get_bastion_hosts__(self):
def _get_bastion_hosts(self):
logger.info("Network - Getting Bastion Hosts...")
bastion_hosts = {}
for subscription, client in self.clients.items():
@@ -93,7 +91,7 @@ class Network(AzureService):
)
return bastion_hosts
def __get_public_ip_addresses__(self):
def _get_public_ip_addresses(self):
logger.info("Network - Getting Public IP Addresses...")
public_ip_addresses = {}
for subscription, client in self.clients.items():
@@ -11,9 +11,9 @@ from prowler.providers.azure.lib.service.service import AzureService
class Policy(AzureService):
def __init__(self, provider: AzureProvider):
super().__init__(PolicyClient, provider)
self.policy_assigments = self.__get_policy_assigments__()
self.policy_assigments = self._get_policy_assigments()
def __get_policy_assigments__(self):
def _get_policy_assigments(self):
logger.info("Policy - Getting policy assigments...")
policy_assigments = {}
@@ -10,9 +10,9 @@ from prowler.providers.azure.lib.service.service import AzureService
class PostgreSQL(AzureService):
def __init__(self, provider: AzureProvider):
super().__init__(PostgreSQLManagementClient, provider)
self.flexible_servers = self.__get_flexible_servers__()
self.flexible_servers = self._get_flexible_servers()
def __get_flexible_servers__(self):
def _get_flexible_servers(self):
logger.info("PostgreSQL - Getting PostgreSQL servers...")
flexible_servers = {}
for subscription, client in self.clients.items():
@@ -20,29 +20,29 @@ class PostgreSQL(AzureService):
flexible_servers.update({subscription: []})
flexible_servers_list = client.servers.list()
for postgresql_server in flexible_servers_list:
resource_group = self.__get_resource_group__(postgresql_server.id)
require_secure_transport = self.__get_require_secure_transport__(
resource_group = self._get_resource_group(postgresql_server.id)
require_secure_transport = self._get_require_secure_transport(
subscription, resource_group, postgresql_server.name
)
log_checkpoints = self.__get_log_checkpoints__(
log_checkpoints = self._get_log_checkpoints(
subscription, resource_group, postgresql_server.name
)
log_disconnections = self.__get_log_disconnections__(
log_disconnections = self._get_log_disconnections(
subscription, resource_group, postgresql_server.name
)
log_connections = self.__get_log_connections__(
log_connections = self._get_log_connections(
subscription, resource_group, postgresql_server.name
)
connection_throttling = self.__get_connection_throttling__(
connection_throttling = self._get_connection_throttling(
subscription, resource_group, postgresql_server.name
)
log_retention_days = self.__get_log_retention_days__(
log_retention_days = self._get_log_retention_days(
subscription, resource_group, postgresql_server.name
)
firewall = self.__get_firewall__(
firewall = self._get_firewall(
subscription, resource_group, postgresql_server.name
)
location = self.__get_location__(
location = self._get_location(
subscription, resource_group, postgresql_server.name
)
flexible_servers[subscription].append(
@@ -66,11 +66,11 @@ class PostgreSQL(AzureService):
)
return flexible_servers
def __get_resource_group__(self, id):
def _get_resource_group(self, id):
resource_group = id.split("/")[4]
return resource_group
def __get_require_secure_transport__(
def _get_require_secure_transport(
self, subscription, resouce_group_name, server_name
):
client = self.clients[subscription]
@@ -79,42 +79,40 @@ class PostgreSQL(AzureService):
)
return require_secure_transport.value.upper()
def __get_log_checkpoints__(self, subscription, resouce_group_name, server_name):
def _get_log_checkpoints(self, subscription, resouce_group_name, server_name):
client = self.clients[subscription]
log_checkpoints = client.configurations.get(
resouce_group_name, server_name, "log_checkpoints"
)
return log_checkpoints.value.upper()
def __get_log_connections__(self, subscription, resouce_group_name, server_name):
def _get_log_connections(self, subscription, resouce_group_name, server_name):
client = self.clients[subscription]
log_connections = client.configurations.get(
resouce_group_name, server_name, "log_connections"
)
return log_connections.value.upper()
def __get_log_disconnections__(self, subscription, resouce_group_name, server_name):
def _get_log_disconnections(self, subscription, resouce_group_name, server_name):
client = self.clients[subscription]
log_disconnections = client.configurations.get(
resouce_group_name, server_name, "log_disconnections"
)
return log_disconnections.value.upper()
def __get_location__(self, subscription, resouce_group_name, server_name):
def _get_location(self, subscription, resouce_group_name, server_name):
client = self.clients[subscription]
location = client.servers.get(resouce_group_name, server_name).location
return location
def __get_connection_throttling__(
self, subscription, resouce_group_name, server_name
):
def _get_connection_throttling(self, subscription, resouce_group_name, server_name):
client = self.clients[subscription]
connection_throttling = client.configurations.get(
resouce_group_name, server_name, "connection_throttle.enable"
)
return connection_throttling.value.upper()
def __get_log_retention_days__(self, subscription, resouce_group_name, server_name):
def _get_log_retention_days(self, subscription, resouce_group_name, server_name):
client = self.clients[subscription]
try:
log_retention_days = client.configurations.get(
@@ -125,7 +123,7 @@ class PostgreSQL(AzureService):
log_retention_days = None
return log_retention_days
def __get_firewall__(self, subscription, resource_group, server_name):
def _get_firewall(self, subscription, resource_group, server_name):
client = self.clients[subscription]
firewall = client.firewall_rules.list_by_server(resource_group, server_name)
firewall_list = []
@@ -20,9 +20,9 @@ from prowler.providers.azure.lib.service.service import AzureService
class SQLServer(AzureService):
def __init__(self, provider: AzureProvider):
super().__init__(SqlManagementClient, provider)
self.sql_servers = self.__get_sql_servers__()
self.sql_servers = self._get_sql_servers()
def __get_sql_servers__(self):
def _get_sql_servers(self):
logger.info("SQL Server - Getting SQL servers...")
sql_servers = {}
for subscription, client in self.clients.items():
@@ -30,25 +30,23 @@ class SQLServer(AzureService):
sql_servers.update({subscription: []})
sql_servers_list = client.servers.list()
for sql_server in sql_servers_list:
resource_group = self.__get_resource_group__(sql_server.id)
auditing_policies = self.__get_server_blob_auditing_policies__(
resource_group = self._get_resource_group(sql_server.id)
auditing_policies = self._get_server_blob_auditing_policies(
subscription, resource_group, sql_server.name
)
firewall_rules = self.__get_firewall_rules__(
firewall_rules = self._get_firewall_rules(
subscription, resource_group, sql_server.name
)
encryption_protector = self.__get_enctyption_protectors__(
encryption_protector = self._get_enctyption_protectors(
subscription, resource_group, sql_server.name
)
vulnerability_assessment = self.__get_vulnerability_assesments__(
vulnerability_assessment = self._get_vulnerability_assesments(
subscription, resource_group, sql_server.name
)
security_alert_policies = (
self.__get_server_security_alert_policies__(
subscription, resource_group, sql_server.name
)
security_alert_policies = self._get_server_security_alert_policies(
subscription, resource_group, sql_server.name
)
location = self.__get_location__(
location = self._get_location(
subscription, resource_group, sql_server.name
)
@@ -62,7 +60,7 @@ class SQLServer(AzureService):
auditing_policies=auditing_policies,
firewall_rules=firewall_rules,
encryption_protector=encryption_protector,
databases=self.__get_databases__(
databases=self._get_databases(
subscription, resource_group, sql_server.name
),
vulnerability_assessment=vulnerability_assessment,
@@ -76,11 +74,11 @@ class SQLServer(AzureService):
)
return sql_servers
def __get_resource_group__(self, id):
def _get_resource_group(self, id):
resource_group = id.split("/")[4]
return resource_group
def __get_transparent_data_encryption__(
def _get_transparent_data_encryption(
self, subscription, resource_group, server_name, database_name
):
client = self.clients[subscription]
@@ -92,7 +90,7 @@ class SQLServer(AzureService):
)
return tde_encrypted
def __get_enctyption_protectors__(self, subscription, resource_group, server_name):
def _get_enctyption_protectors(self, subscription, resource_group, server_name):
client = self.clients[subscription]
encryption_protectors = client.encryption_protectors.get(
resource_group_name=resource_group,
@@ -101,7 +99,7 @@ class SQLServer(AzureService):
)
return encryption_protectors
def __get_databases__(self, subscription, resource_group, server_name):
def _get_databases(self, subscription, resource_group, server_name):
logger.info("SQL Server - Getting server databases...")
databases = []
try:
@@ -111,7 +109,7 @@ class SQLServer(AzureService):
server_name=server_name,
)
for database in databases_server:
tde_encrypted = self.__get_transparent_data_encryption__(
tde_encrypted = self._get_transparent_data_encryption(
subscription, resource_group, server_name, database.name
)
databases.append(
@@ -130,9 +128,7 @@ class SQLServer(AzureService):
)
return databases
def __get_vulnerability_assesments__(
self, subscription, resource_group, server_name
):
def _get_vulnerability_assesments(self, subscription, resource_group, server_name):
client = self.clients[subscription]
vulnerability_assessment = client.server_vulnerability_assessments.get(
resource_group_name=resource_group,
@@ -141,7 +137,7 @@ class SQLServer(AzureService):
)
return vulnerability_assessment
def __get_server_blob_auditing_policies__(
def _get_server_blob_auditing_policies(
self, subscription, resource_group, server_name
):
client = self.clients[subscription]
@@ -151,14 +147,14 @@ class SQLServer(AzureService):
)
return auditing_policies
def __get_firewall_rules__(self, subscription, resource_group, server_name):
def _get_firewall_rules(self, subscription, resource_group, server_name):
client = self.clients[subscription]
firewall_rules = client.firewall_rules.list_by_server(
resource_group_name=resource_group, server_name=server_name
)
return firewall_rules
def __get_server_security_alert_policies__(
def _get_server_security_alert_policies(
self, subscription, resource_group, server_name
):
client = self.clients[subscription]
@@ -169,7 +165,7 @@ class SQLServer(AzureService):
)
return security_alert_policies
def __get_location__(self, subscription, resouce_group_name, server_name):
def _get_location(self, subscription, resouce_group_name, server_name):
client = self.clients[subscription]
location = client.servers.get(resouce_group_name, server_name).location
@@ -16,10 +16,10 @@ from prowler.providers.azure.lib.service.service import AzureService
class Storage(AzureService):
def __init__(self, provider: AzureProvider):
super().__init__(StorageManagementClient, provider)
self.storage_accounts = self.__get_storage_accounts__()
self.__get_blob_properties__()
self.storage_accounts = self._get_storage_accounts()
self._get_blob_properties()
def __get_storage_accounts__(self):
def _get_storage_accounts(self):
logger.info("Storage - Getting storage accounts...")
storage_accounts = {}
for subscription, client in self.clients.items():
@@ -60,7 +60,7 @@ class Storage(AzureService):
)
return storage_accounts
def __get_blob_properties__(self):
def _get_blob_properties(self):
logger.info("Storage - Getting blob properties...")
try:
for subscription, accounts in self.storage_accounts.items():
@@ -12,10 +12,10 @@ from prowler.providers.azure.lib.service.service import AzureService
class VirtualMachines(AzureService):
def __init__(self, provider: AzureProvider):
super().__init__(ComputeManagementClient, provider)
self.virtual_machines = self.__get_virtual_machines__()
self.disks = self.__get_disks__()
self.virtual_machines = self._get_virtual_machines()
self.disks = self._get_disks()
def __get_virtual_machines__(self):
def _get_virtual_machines(self):
logger.info("VirtualMachines - Getting virtual machines...")
virtual_machines = {}
@@ -43,7 +43,7 @@ class VirtualMachines(AzureService):
return virtual_machines
def __get_disks__(self):
def _get_disks(self):
logger.info("VirtualMachines - Getting disks...")
disks = {}
+1 -1
View File
@@ -33,7 +33,7 @@ class GCPService:
self.audit_config = provider.audit_config
self.fixer_config = provider.fixer_config
def __get_client__(self):
def _get_client(self):
return self.client
def __threading_call__(self, call, iterator):
@@ -11,9 +11,9 @@ class APIKeys(GCPService):
super().__init__(__class__.__name__, provider, api_version="v2")
self.keys = []
self.__get_keys__()
self._get_keys()
def __get_keys__(self):
def _get_keys(self):
for project_id in self.project_ids:
try:
request = (
@@ -12,10 +12,10 @@ class BigQuery(GCPService):
self.datasets = []
self.tables = []
self.__get_datasets__()
self.__get_tables__()
self._get_datasets()
self._get_tables()
def __get_datasets__(self):
def _get_datasets(self):
for project_id in self.project_ids:
try:
request = self.client.datasets().list(projectId=project_id)
@@ -59,7 +59,7 @@ class BigQuery(GCPService):
f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_tables__(self):
def _get_tables(self):
for dataset in self.datasets:
try:
request = self.client.tables().list(
@@ -13,10 +13,10 @@ class CloudResourceManager(GCPService):
self.bindings = []
self.projects = []
self.organizations = []
self.__get_iam_policy__()
self.__get_organizations__()
self._get_iam_policy()
self._get_organizations()
def __get_iam_policy__(self):
def _get_iam_policy(self):
for project_id in self.project_ids:
try:
policy = (
@@ -41,7 +41,7 @@ class CloudResourceManager(GCPService):
f"{self.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_organizations__(self):
def _get_organizations(self):
try:
response = self.client.organizations().search().execute()
for org in response.get("organizations", []):
@@ -10,9 +10,9 @@ class CloudSQL(GCPService):
def __init__(self, provider: GcpProvider):
super().__init__("sqladmin", provider)
self.instances = []
self.__get_instances__()
self._get_instances()
def __get_instances__(self):
def _get_instances(self):
for project_id in self.project_ids:
try:
request = self.client.instances().list(project=project_id)
@@ -12,9 +12,9 @@ class CloudStorage(GCPService):
def __init__(self, provider: GcpProvider):
super().__init__("storage", provider)
self.buckets = []
self.__get_buckets__()
self._get_buckets()
def __get_buckets__(self):
def _get_buckets(self):
for project_id in self.project_ids:
try:
request = self.client.buckets().list(project=project_id)
@@ -18,18 +18,18 @@ class Compute(GCPService):
self.firewalls = []
self.projects = []
self.load_balancers = []
self.__get_url_maps__()
self.__describe_backend_service__()
self.__get_regions__()
self.__get_projects__()
self.__get_zones__()
self.__threading_call__(self.__get_instances__, self.zones)
self.__get_networks__()
self.__threading_call__(self.__get_subnetworks__, self.regions)
self.__get_firewalls__()
self.__threading_call__(self.__get_addresses__, self.regions)
self._get_url_maps()
self._describe_backend_service()
self._get_regions()
self._get_projects()
self._get_zones()
self.__threading_call__(self._get_instances, self.zones)
self._get_networks()
self.__threading_call__(self._get_subnetworks, self.regions)
self._get_firewalls()
self.__threading_call__(self._get_addresses, self.regions)
def __get_regions__(self):
def _get_regions(self):
for project_id in self.project_ids:
try:
request = self.client.regions().list(project=project_id)
@@ -47,7 +47,7 @@ class Compute(GCPService):
f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_zones__(self):
def _get_zones(self):
for project_id in self.project_ids:
try:
request = self.client.zones().list(project=project_id)
@@ -65,7 +65,7 @@ class Compute(GCPService):
f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_projects__(self):
def _get_projects(self):
for project_id in self.project_ids:
try:
enable_oslogin = False
@@ -81,7 +81,7 @@ class Compute(GCPService):
f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_instances__(self, zone):
def _get_instances(self, zone):
for project_id in self.project_ids:
try:
request = self.client.instances().list(project=project_id, zone=zone)
@@ -139,7 +139,7 @@ class Compute(GCPService):
f"{zone} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_networks__(self):
def _get_networks(self):
for project_id in self.project_ids:
try:
request = self.client.networks().list(project=project_id)
@@ -170,7 +170,7 @@ class Compute(GCPService):
f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_subnetworks__(self, region):
def _get_subnetworks(self, region):
for project_id in self.project_ids:
try:
request = self.client.subnetworks().list(
@@ -200,7 +200,7 @@ class Compute(GCPService):
f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_addresses__(self, region):
def _get_addresses(self, region):
for project_id in self.project_ids:
try:
request = self.client.addresses().list(
@@ -230,7 +230,7 @@ class Compute(GCPService):
f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_firewalls__(self):
def _get_firewalls(self):
for project_id in self.project_ids:
try:
request = self.client.firewalls().list(project=project_id)
@@ -257,7 +257,7 @@ class Compute(GCPService):
f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_url_maps__(self):
def _get_url_maps(self):
for project_id in self.project_ids:
try:
request = self.client.urlMaps().list(project=project_id)
@@ -281,7 +281,7 @@ class Compute(GCPService):
f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __describe_backend_service__(self):
def _describe_backend_service(self):
for balancer in self.load_balancers:
try:
response = (
@@ -12,9 +12,9 @@ class Dataproc(GCPService):
super().__init__(__class__.__name__, provider)
self.regions = compute_client.regions
self.clusters = []
self.__threading_call__(self.__get_clusters__, self.regions)
self.__threading_call__(self._get_clusters, self.regions)
def __get_clusters__(self, region):
def _get_clusters(self, region):
for project_id in self.project_ids:
try:
request = (
@@ -10,11 +10,11 @@ class DNS(GCPService):
def __init__(self, provider: GcpProvider):
super().__init__(__class__.__name__, provider)
self.managed_zones = []
self.__get_managed_zones__()
self._get_managed_zones()
self.policies = []
self.__get_policies__()
self._get_policies()
def __get_managed_zones__(self):
def _get_managed_zones(self):
for project_id in self.project_ids:
try:
request = self.client.managedZones().list(project=project_id)
@@ -41,7 +41,7 @@ class DNS(GCPService):
f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
def __get_policies__(self):
def _get_policies(self):
for project_id in self.project_ids:
try:
request = self.client.policies().list(project=project_id)

Some files were not shown because too many files have changed in this diff Show More