From b861d97ad47cc131af1e3fbb255741e988d7f431 Mon Sep 17 00:00:00 2001 From: Sergio Garcia Date: Wed, 19 Feb 2025 16:42:52 +0100 Subject: [PATCH] fix(report): remove invalid resources in report (#6852) --- .../account_maintain_current_contact_details.py | 4 +--- ...rent_contact_details_to_security_billing_and_operations.py | 4 +--- .../account_security_contact_information_is_registered.py | 4 +--- ...nt_security_questions_are_registered_in_the_aws_account.py | 4 +--- .../iam_root_credentials_management_enabled.py | 2 +- ...contact_details_to_security_billing_and_operations_test.py | 2 ++ .../iam_root_credentials_management_enabled_test.py | 2 ++ 7 files changed, 9 insertions(+), 13 deletions(-) diff --git a/prowler/providers/aws/services/account/account_maintain_current_contact_details/account_maintain_current_contact_details.py b/prowler/providers/aws/services/account/account_maintain_current_contact_details/account_maintain_current_contact_details.py index f326594b58..acdd51458c 100644 --- a/prowler/providers/aws/services/account/account_maintain_current_contact_details/account_maintain_current_contact_details.py +++ b/prowler/providers/aws/services/account/account_maintain_current_contact_details/account_maintain_current_contact_details.py @@ -6,9 +6,7 @@ from prowler.providers.aws.services.account.account_client import account_client class account_maintain_current_contact_details(Check): def execute(self): - report = Check_Report_AWS( - metadata=self.metadata(), resource=account_client.contact_base - ) + report = Check_Report_AWS(metadata=self.metadata(), resource={}) report.region = account_client.region report.resource_id = account_client.audited_account report.resource_arn = account_client.audited_account_arn diff --git a/prowler/providers/aws/services/account/account_maintain_different_contact_details_to_security_billing_and_operations/account_maintain_different_contact_details_to_security_billing_and_operations.py b/prowler/providers/aws/services/account/account_maintain_different_contact_details_to_security_billing_and_operations/account_maintain_different_contact_details_to_security_billing_and_operations.py index c1201bf907..e49a8eb674 100644 --- a/prowler/providers/aws/services/account/account_maintain_different_contact_details_to_security_billing_and_operations/account_maintain_different_contact_details_to_security_billing_and_operations.py +++ b/prowler/providers/aws/services/account/account_maintain_different_contact_details_to_security_billing_and_operations/account_maintain_different_contact_details_to_security_billing_and_operations.py @@ -8,9 +8,7 @@ class account_maintain_different_contact_details_to_security_billing_and_operati def execute(self): findings = [] if account_client.contact_base: - report = Check_Report_AWS( - metadata=self.metadata(), resource=account_client.contact_base - ) + report = Check_Report_AWS(metadata=self.metadata(), resource={}) report.resource_id = account_client.audited_account report.resource_arn = account_client.audited_account_arn report.region = account_client.region diff --git a/prowler/providers/aws/services/account/account_security_contact_information_is_registered/account_security_contact_information_is_registered.py b/prowler/providers/aws/services/account/account_security_contact_information_is_registered/account_security_contact_information_is_registered.py index a7aab3e008..fe16096cc7 100644 --- a/prowler/providers/aws/services/account/account_security_contact_information_is_registered/account_security_contact_information_is_registered.py +++ b/prowler/providers/aws/services/account/account_security_contact_information_is_registered/account_security_contact_information_is_registered.py @@ -6,9 +6,7 @@ from prowler.providers.aws.services.account.account_client import account_client class account_security_contact_information_is_registered(Check): def execute(self): - report = Check_Report_AWS( - metadata=self.metadata(), resource=account_client.contact_base - ) + report = Check_Report_AWS(metadata=self.metadata(), resource={}) report.region = account_client.region report.resource_id = account_client.audited_account report.resource_arn = account_client.audited_account_arn diff --git a/prowler/providers/aws/services/account/account_security_questions_are_registered_in_the_aws_account/account_security_questions_are_registered_in_the_aws_account.py b/prowler/providers/aws/services/account/account_security_questions_are_registered_in_the_aws_account/account_security_questions_are_registered_in_the_aws_account.py index f6d9ae9091..07aace9a0d 100644 --- a/prowler/providers/aws/services/account/account_security_questions_are_registered_in_the_aws_account/account_security_questions_are_registered_in_the_aws_account.py +++ b/prowler/providers/aws/services/account/account_security_questions_are_registered_in_the_aws_account/account_security_questions_are_registered_in_the_aws_account.py @@ -6,9 +6,7 @@ from prowler.providers.aws.services.account.account_client import account_client class account_security_questions_are_registered_in_the_aws_account(Check): def execute(self): - report = Check_Report_AWS( - metadata=self.metadata(), resource=account_client.contacts_security - ) + report = Check_Report_AWS(metadata=self.metadata(), resource={}) report.region = account_client.region report.resource_id = account_client.audited_account report.resource_arn = account_client.audited_account_arn diff --git a/prowler/providers/aws/services/iam/iam_root_credentials_management_enabled/iam_root_credentials_management_enabled.py b/prowler/providers/aws/services/iam/iam_root_credentials_management_enabled/iam_root_credentials_management_enabled.py index f1b1280c95..b48f708e52 100644 --- a/prowler/providers/aws/services/iam/iam_root_credentials_management_enabled/iam_root_credentials_management_enabled.py +++ b/prowler/providers/aws/services/iam/iam_root_credentials_management_enabled/iam_root_credentials_management_enabled.py @@ -15,7 +15,7 @@ class iam_root_credentials_management_enabled(Check): ): report = Check_Report_AWS( metadata=self.metadata(), - resource=iam_client.organization_features, + resource={}, ) report.region = iam_client.region report.resource_arn = iam_client.audited_account_arn diff --git a/tests/providers/aws/services/account/account_maintain_different_contact_details_to_security_billing_and_operations/account_maintain_different_contact_details_to_security_billing_and_operations_test.py b/tests/providers/aws/services/account/account_maintain_different_contact_details_to_security_billing_and_operations/account_maintain_different_contact_details_to_security_billing_and_operations_test.py index cbb8d9015b..1d07719a79 100644 --- a/tests/providers/aws/services/account/account_maintain_different_contact_details_to_security_billing_and_operations/account_maintain_different_contact_details_to_security_billing_and_operations_test.py +++ b/tests/providers/aws/services/account/account_maintain_different_contact_details_to_security_billing_and_operations/account_maintain_different_contact_details_to_security_billing_and_operations_test.py @@ -56,6 +56,7 @@ class Test_account_maintain_different_contact_details_to_security_billing_and_op assert result[0].region == AWS_REGION_EU_WEST_1 assert result[0].resource_id == AWS_ACCOUNT_NUMBER assert result[0].resource_arn == AWS_ACCOUNT_ARN + assert result[0].resource == {} def test_contacts_different(self): aws_mocked_provider = set_mocked_aws_provider([AWS_REGION_EU_WEST_1]) @@ -109,6 +110,7 @@ class Test_account_maintain_different_contact_details_to_security_billing_and_op assert result[0].region == AWS_REGION_EU_WEST_1 assert result[0].resource_id == AWS_ACCOUNT_NUMBER assert result[0].resource_arn == AWS_ACCOUNT_ARN + assert result[0].resource == {} def test_access_denied(self): aws_mocked_provider = set_mocked_aws_provider([AWS_REGION_EU_WEST_1]) diff --git a/tests/providers/aws/services/iam/iam_root_credentials_management_enabled/iam_root_credentials_management_enabled_test.py b/tests/providers/aws/services/iam/iam_root_credentials_management_enabled/iam_root_credentials_management_enabled_test.py index d9164ea3b1..a2f300a0da 100644 --- a/tests/providers/aws/services/iam/iam_root_credentials_management_enabled/iam_root_credentials_management_enabled_test.py +++ b/tests/providers/aws/services/iam/iam_root_credentials_management_enabled/iam_root_credentials_management_enabled_test.py @@ -110,6 +110,7 @@ class Test_iam_root_credentials_management_enabled_test: assert result[0].resource_id == AWS_ACCOUNT_NUMBER assert result[0].resource_arn == AWS_ACCOUNT_ARN assert result[0].region == AWS_REGION_US_EAST_1 + assert result[0].resource == {} @mock.patch( "botocore.client.BaseClient._make_api_call", new=mock_make_api_call_disabled @@ -154,3 +155,4 @@ class Test_iam_root_credentials_management_enabled_test: assert result[0].resource_id == AWS_ACCOUNT_NUMBER assert result[0].resource_arn == AWS_ACCOUNT_ARN assert result[0].region == AWS_REGION_US_EAST_1 + assert result[0].resource == {}