diff --git a/prowler/providers/azure/services/containerregistry/containerregistry_not_publicly_accessible/containerregistry_not_publicly_accessible.py b/prowler/providers/azure/services/containerregistry/containerregistry_not_publicly_accessible/containerregistry_not_publicly_accessible.py index d8a6a41da4..d63d1a5e28 100644 --- a/prowler/providers/azure/services/containerregistry/containerregistry_not_publicly_accessible/containerregistry_not_publicly_accessible.py +++ b/prowler/providers/azure/services/containerregistry/containerregistry_not_publicly_accessible/containerregistry_not_publicly_accessible.py @@ -18,12 +18,7 @@ class containerregistry_not_publicly_accessible(Check): report.status = "FAIL" report.status_extended = f"Container Registry {container_registry_info.name} from subscription {subscription} allows unrestricted network access." - if ( - getattr( - container_registry_info.network_rule_set, "default_action", "" - ).lower() - == "deny" - ): + if not container_registry_info.public_network_access: report.status = "PASS" report.status_extended = f"Container Registry {container_registry_info.name} from subscription {subscription} does not allow unrestricted network access." diff --git a/prowler/providers/azure/services/containerregistry/containerregistry_service.py b/prowler/providers/azure/services/containerregistry/containerregistry_service.py index 6c3840febc..189c89c642 100644 --- a/prowler/providers/azure/services/containerregistry/containerregistry_service.py +++ b/prowler/providers/azure/services/containerregistry/containerregistry_service.py @@ -37,8 +37,13 @@ class ContainerRegistry(AzureService): resource_group=resource_group, sku=getattr(registry.sku, "name", ""), login_server=getattr(registry, "login_server", ""), - public_network_access=getattr( - registry, "public_network_access", "" + public_network_access=( + False + if getattr( + registry, "public_network_access" "Enabled" + ) + == "Disabled" + else True ), admin_user_enabled=getattr( registry, "admin_user_enabled", False @@ -93,7 +98,7 @@ class ContainerRegistryInfo: resource_group: str sku: str login_server: str - public_network_access: str + public_network_access: bool admin_user_enabled: bool network_rule_set: NetworkRuleSet monitor_diagnostic_settings: list[DiagnosticSetting] diff --git a/tests/providers/azure/services/containerregistry/containerregistry_not_publicly_accessible/containerregistry_not_publicly_accessible_test.py b/tests/providers/azure/services/containerregistry/containerregistry_not_publicly_accessible/containerregistry_not_publicly_accessible_test.py index 827c889b73..8239aa5b70 100644 --- a/tests/providers/azure/services/containerregistry/containerregistry_not_publicly_accessible/containerregistry_not_publicly_accessible_test.py +++ b/tests/providers/azure/services/containerregistry/containerregistry_not_publicly_accessible/containerregistry_not_publicly_accessible_test.py @@ -57,7 +57,7 @@ class Test_containerregistry_not_publicly_accessible: resource_group="mock_resource_group", sku="Basic", login_server="mock_login_server.azurecr.io", - public_network_access="Enabled", + public_network_access=True, admin_user_enabled=True, network_rule_set=NetworkRuleSet(default_action="Allow"), private_endpoint_connections=[], @@ -131,7 +131,7 @@ class Test_containerregistry_not_publicly_accessible: resource_group="mock_resource_group", sku="Basic", login_server="mock_login_server.azurecr.io", - public_network_access="Enabled", + public_network_access=False, admin_user_enabled=False, network_rule_set=NetworkRuleSet(default_action="Deny"), private_endpoint_connections=[], diff --git a/tests/providers/azure/services/containerregistry/containerregistry_service_test.py b/tests/providers/azure/services/containerregistry/containerregistry_service_test.py index 31ca7cea9a..b6ff17fb16 100644 --- a/tests/providers/azure/services/containerregistry/containerregistry_service_test.py +++ b/tests/providers/azure/services/containerregistry/containerregistry_service_test.py @@ -32,7 +32,7 @@ class TestContainerRegistryService: resource_group="mock_resource_group", sku="Basic", login_server="mock_login_server.azurecr.io", - public_network_access="Enabled", + public_network_access=False, admin_user_enabled=True, network_rule_set=None, private_endpoint_connections=[], @@ -71,7 +71,7 @@ class TestContainerRegistryService: assert registry_info.resource_group == "mock_resource_group" assert registry_info.sku == "Basic" assert registry_info.login_server == "mock_login_server.azurecr.io" - assert registry_info.public_network_access == "Enabled" + assert not registry_info.public_network_access assert registry_info.admin_user_enabled is True assert isinstance(registry_info.monitor_diagnostic_settings, list)