From dcf74113fc1caf1518eeb0323d3a1e3099b7a185 Mon Sep 17 00:00:00 2001 From: Daniel Barranquero <74871504+danibarranqueroo@users.noreply.github.com> Date: Mon, 2 Mar 2026 17:22:09 +0100 Subject: [PATCH] chore: modify M365 and Github account UIDs (#10226) --- prowler/CHANGELOG.md | 1 + prowler/lib/outputs/finding.py | 20 +++++++++++++++----- tests/lib/outputs/finding_test.py | 18 +++++++++--------- 3 files changed, 25 insertions(+), 14 deletions(-) diff --git a/prowler/CHANGELOG.md b/prowler/CHANGELOG.md index 4baa36fc1a..8f0dcf4b20 100644 --- a/prowler/CHANGELOG.md +++ b/prowler/CHANGELOG.md @@ -62,6 +62,7 @@ All notable changes to the **Prowler SDK** are documented in this file. - Cloudflare provider credential validation with specific exceptions [(#9910)](https://github.com/prowler-cloud/prowler/pull/9910) - Enhance AWS IAM privilege escalation detection with patterns from pathfinding.cloud library [(#9922)](https://github.com/prowler-cloud/prowler/pull/9922) - Bump Trivy from 0.66.0 to 0.69.2 [(#10210)](https://github.com/prowler-cloud/prowler/pull/10210) +- Modify GitHub and M365 account UIDs [(#10226)](https://github.com/prowler-cloud/prowler/pull/10226) ### 🐞 Fixed diff --git a/prowler/lib/outputs/finding.py b/prowler/lib/outputs/finding.py index 8ec5d09789..c33ba6b20d 100644 --- a/prowler/lib/outputs/finding.py +++ b/prowler/lib/outputs/finding.py @@ -251,15 +251,22 @@ class Finding(BaseModel): output_data["resource_name"] = check_output.resource_name output_data["resource_uid"] = check_output.resource_id + owner = getattr(check_output, "owner", None) + if isinstance(provider.identity, GithubIdentityInfo): # GithubIdentityInfo (Personal Access Token, OAuth) - output_data["account_name"] = provider.identity.account_name - output_data["account_uid"] = provider.identity.account_id + output_data["account_name"] = ( + owner or provider.identity.account_name + ) + output_data["account_uid"] = owner or provider.identity.account_name output_data["account_email"] = provider.identity.account_email elif isinstance(provider.identity, GithubAppIdentityInfo): # GithubAppIdentityInfo (GitHub App) - output_data["account_name"] = provider.identity.app_name - output_data["account_uid"] = provider.identity.app_id + output_data["account_name"] = owner or provider.identity.app_name + output_data["account_uid"] = owner or provider.identity.app_name + output_data["account_organization_uid"] = str( + provider.identity.app_id + ) output_data["installations"] = provider.identity.installations output_data["region"] = check_output.owner @@ -269,11 +276,14 @@ class Finding(BaseModel): f"{provider.identity.identity_type}: {provider.identity.identity_id}" ) output_data["account_uid"] = get_nested_attribute( - provider, "identity.tenant_id" + provider, "identity.tenant_domain" ) output_data["account_name"] = get_nested_attribute( provider, "identity.tenant_domain" ) + output_data["account_organization_uid"] = get_nested_attribute( + provider, "identity.tenant_id" + ) output_data["resource_name"] = check_output.resource_name output_data["resource_uid"] = check_output.resource_id output_data["region"] = check_output.location diff --git a/tests/lib/outputs/finding_test.py b/tests/lib/outputs/finding_test.py index 0cebe97f42..6756233322 100644 --- a/tests/lib/outputs/finding_test.py +++ b/tests/lib/outputs/finding_test.py @@ -599,8 +599,9 @@ class TestFinding: assert finding_output.resource_tags == {"topic": "security"} # Assert account information for Personal Access Token - assert finding_output.account_name == ACCOUNT_NAME - assert finding_output.account_uid == ACCOUNT_ID + # When owner is present, it takes priority for account_name and account_uid + assert finding_output.account_name == "test-owner" + assert finding_output.account_uid == "test-owner" assert finding_output.account_email is None assert finding_output.account_organization_uid is None assert finding_output.account_organization_name is None @@ -666,13 +667,12 @@ class TestFinding: assert finding_output.resource_tags == {"language": "python"} assert isinstance(finding_output.timestamp, int) - # Assert account information for GitHub App - this is the core of the bug fix - # Before the fix, this would fail because GithubAppIdentityInfo doesn't have account_name - # After the fix, it should use app_name - assert finding_output.account_name == "test-app" - assert finding_output.account_uid == APP_ID + # Assert account information for GitHub App + # When owner is present, it takes priority for account_name and account_uid + assert finding_output.account_name == "test-owner" + assert finding_output.account_uid == "test-owner" assert finding_output.account_email is None - assert finding_output.account_organization_uid is None + assert finding_output.account_organization_uid == str(APP_ID) assert finding_output.account_organization_name is None assert finding_output.account_tags == {} @@ -1254,7 +1254,7 @@ class TestFinding: dummy_finding.muted = True finding_obj = Finding.transform_api_finding(dummy_finding, provider) assert finding_obj.auth_method == "ms_identity_type: ms_identity_id" - assert finding_obj.account_uid == "ms-tenant-id" + assert finding_obj.account_uid == "ms-tenant-domain" assert finding_obj.account_name == "ms-tenant-domain" assert finding_obj.resource_name == "ms-resource-name" assert finding_obj.resource_uid == "ms-resource-uid"