mirror of
https://github.com/prowler-cloud/prowler.git
synced 2026-07-04 19:21:51 +00:00
fix(azure): containerregistry_not_publicly_accesible is not accurate (#5938)
Co-authored-by: Rubén De la Torre Vico <rubendltv22@gmail.com> Co-authored-by: Rubén De la Torre Vico <ruben@prowler.com>
This commit is contained in:
+1
-6
@@ -18,12 +18,7 @@ class containerregistry_not_publicly_accessible(Check):
|
||||
report.status = "FAIL"
|
||||
report.status_extended = f"Container Registry {container_registry_info.name} from subscription {subscription} allows unrestricted network access."
|
||||
|
||||
if (
|
||||
getattr(
|
||||
container_registry_info.network_rule_set, "default_action", ""
|
||||
).lower()
|
||||
== "deny"
|
||||
):
|
||||
if not container_registry_info.public_network_access:
|
||||
report.status = "PASS"
|
||||
report.status_extended = f"Container Registry {container_registry_info.name} from subscription {subscription} does not allow unrestricted network access."
|
||||
|
||||
|
||||
@@ -37,8 +37,13 @@ class ContainerRegistry(AzureService):
|
||||
resource_group=resource_group,
|
||||
sku=getattr(registry.sku, "name", ""),
|
||||
login_server=getattr(registry, "login_server", ""),
|
||||
public_network_access=getattr(
|
||||
registry, "public_network_access", ""
|
||||
public_network_access=(
|
||||
False
|
||||
if getattr(
|
||||
registry, "public_network_access" "Enabled"
|
||||
)
|
||||
== "Disabled"
|
||||
else True
|
||||
),
|
||||
admin_user_enabled=getattr(
|
||||
registry, "admin_user_enabled", False
|
||||
@@ -93,7 +98,7 @@ class ContainerRegistryInfo:
|
||||
resource_group: str
|
||||
sku: str
|
||||
login_server: str
|
||||
public_network_access: str
|
||||
public_network_access: bool
|
||||
admin_user_enabled: bool
|
||||
network_rule_set: NetworkRuleSet
|
||||
monitor_diagnostic_settings: list[DiagnosticSetting]
|
||||
|
||||
+2
-2
@@ -57,7 +57,7 @@ class Test_containerregistry_not_publicly_accessible:
|
||||
resource_group="mock_resource_group",
|
||||
sku="Basic",
|
||||
login_server="mock_login_server.azurecr.io",
|
||||
public_network_access="Enabled",
|
||||
public_network_access=True,
|
||||
admin_user_enabled=True,
|
||||
network_rule_set=NetworkRuleSet(default_action="Allow"),
|
||||
private_endpoint_connections=[],
|
||||
@@ -131,7 +131,7 @@ class Test_containerregistry_not_publicly_accessible:
|
||||
resource_group="mock_resource_group",
|
||||
sku="Basic",
|
||||
login_server="mock_login_server.azurecr.io",
|
||||
public_network_access="Enabled",
|
||||
public_network_access=False,
|
||||
admin_user_enabled=False,
|
||||
network_rule_set=NetworkRuleSet(default_action="Deny"),
|
||||
private_endpoint_connections=[],
|
||||
|
||||
@@ -32,7 +32,7 @@ class TestContainerRegistryService:
|
||||
resource_group="mock_resource_group",
|
||||
sku="Basic",
|
||||
login_server="mock_login_server.azurecr.io",
|
||||
public_network_access="Enabled",
|
||||
public_network_access=False,
|
||||
admin_user_enabled=True,
|
||||
network_rule_set=None,
|
||||
private_endpoint_connections=[],
|
||||
@@ -71,7 +71,7 @@ class TestContainerRegistryService:
|
||||
assert registry_info.resource_group == "mock_resource_group"
|
||||
assert registry_info.sku == "Basic"
|
||||
assert registry_info.login_server == "mock_login_server.azurecr.io"
|
||||
assert registry_info.public_network_access == "Enabled"
|
||||
assert not registry_info.public_network_access
|
||||
assert registry_info.admin_user_enabled is True
|
||||
assert isinstance(registry_info.monitor_diagnostic_settings, list)
|
||||
|
||||
|
||||
Reference in New Issue
Block a user