chore: modify M365 and Github account UIDs (#10226)

prowler/CHANGELOG.md

@@ -62,6 +62,7 @@ All notable changes to the **Prowler SDK** are documented in this file.
 - Cloudflare provider credential validation with specific exceptions [(#9910)](https://github.com/prowler-cloud/prowler/pull/9910)
 - Enhance AWS IAM privilege escalation detection with patterns from pathfinding.cloud library [(#9922)](https://github.com/prowler-cloud/prowler/pull/9922)
 - Bump Trivy from 0.66.0 to 0.69.2 [(#10210)](https://github.com/prowler-cloud/prowler/pull/10210)
+- Modify GitHub and M365 account UIDs [(#10226)](https://github.com/prowler-cloud/prowler/pull/10226)
 
 ### 🐞 Fixed
 

prowler/lib/outputs/finding.py

@@ -251,15 +251,22 @@ class Finding(BaseModel):
                 output_data["resource_name"] = check_output.resource_name
                 output_data["resource_uid"] = check_output.resource_id
 
+                owner = getattr(check_output, "owner", None)
+
                 if isinstance(provider.identity, GithubIdentityInfo):
                     # GithubIdentityInfo (Personal Access Token, OAuth)
-                    output_data["account_name"] = provider.identity.account_name
-                    output_data["account_uid"] = provider.identity.account_id
+                    output_data["account_name"] = (
+                        owner or provider.identity.account_name
+                    )
+                    output_data["account_uid"] = owner or provider.identity.account_name
                     output_data["account_email"] = provider.identity.account_email
                 elif isinstance(provider.identity, GithubAppIdentityInfo):
                     # GithubAppIdentityInfo (GitHub App)
-                    output_data["account_name"] = provider.identity.app_name
-                    output_data["account_uid"] = provider.identity.app_id
+                    output_data["account_name"] = owner or provider.identity.app_name
+                    output_data["account_uid"] = owner or provider.identity.app_name
+                    output_data["account_organization_uid"] = str(
+                        provider.identity.app_id
+                    )
                     output_data["installations"] = provider.identity.installations
 
                 output_data["region"] = check_output.owner
@@ -269,11 +276,14 @@ class Finding(BaseModel):
                     f"{provider.identity.identity_type}: {provider.identity.identity_id}"
                 )
                 output_data["account_uid"] = get_nested_attribute(
-                    provider, "identity.tenant_id"
+                    provider, "identity.tenant_domain"
                 )
                 output_data["account_name"] = get_nested_attribute(
                     provider, "identity.tenant_domain"
                 )
+                output_data["account_organization_uid"] = get_nested_attribute(
+                    provider, "identity.tenant_id"
+                )
                 output_data["resource_name"] = check_output.resource_name
                 output_data["resource_uid"] = check_output.resource_id
                 output_data["region"] = check_output.location

tests/lib/outputs/finding_test.py

@@ -599,8 +599,9 @@ class TestFinding:
         assert finding_output.resource_tags == {"topic": "security"}
 
         # Assert account information for Personal Access Token
-        assert finding_output.account_name == ACCOUNT_NAME
-        assert finding_output.account_uid == ACCOUNT_ID
+        # When owner is present, it takes priority for account_name and account_uid
+        assert finding_output.account_name == "test-owner"
+        assert finding_output.account_uid == "test-owner"
         assert finding_output.account_email is None
         assert finding_output.account_organization_uid is None
         assert finding_output.account_organization_name is None
@@ -666,13 +667,12 @@ class TestFinding:
         assert finding_output.resource_tags == {"language": "python"}
         assert isinstance(finding_output.timestamp, int)
 
-        # Assert account information for GitHub App - this is the core of the bug fix
-        # Before the fix, this would fail because GithubAppIdentityInfo doesn't have account_name
-        # After the fix, it should use app_name
-        assert finding_output.account_name == "test-app"
-        assert finding_output.account_uid == APP_ID
+        # Assert account information for GitHub App
+        # When owner is present, it takes priority for account_name and account_uid
+        assert finding_output.account_name == "test-owner"
+        assert finding_output.account_uid == "test-owner"
         assert finding_output.account_email is None
-        assert finding_output.account_organization_uid is None
+        assert finding_output.account_organization_uid == str(APP_ID)
         assert finding_output.account_organization_name is None
         assert finding_output.account_tags == {}
 
@@ -1254,7 +1254,7 @@ class TestFinding:
         dummy_finding.muted = True
         finding_obj = Finding.transform_api_finding(dummy_finding, provider)
         assert finding_obj.auth_method == "ms_identity_type: ms_identity_id"
-        assert finding_obj.account_uid == "ms-tenant-id"
+        assert finding_obj.account_uid == "ms-tenant-domain"
         assert finding_obj.account_name == "ms-tenant-domain"
         assert finding_obj.resource_name == "ms-resource-name"
         assert finding_obj.resource_uid == "ms-resource-uid"