ben.carrasco/prowler
1
0
Fork 0
mirror of https://github.com/prowler-cloud/prowler.git synced 2026-04-06 02:58:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: move logic from provider config to config.yaml

Browse Source
This commit is contained in:
HugoPBrito
2025-12-15 17:29:35 +01:00
parent 4d078aece5
commit e4d1d647c5
3 changed files with 22 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
prowler/config/config.yaml
View File

@@ -595,3 +595,22 @@ cloudflare:
# Maximum number of retries for API requests (default is 2)
# Set to 0 to disable retries
max_retries: 3
# cloudflare.zones_min_tls_version_secure
# Minimum TLS version considered secure
min_tls_version: "1.2"
# cloudflare.zones_ssl_strict
# Recommended SSL modes for zones
recommended_ssl_modes:
[
"full",
]
# cloudflare.zones_security_level (future check)
# Recommended security levels for zones
recommended_security_levels:
[
"high",
"under_attack",
]

5
prowler/providers/cloudflare/config.py
View File

@@ -1,5 +0,0 @@
"""Cloudflare provider configuration defaults."""
CLOUDFLARE_DEFAULT_MIN_TLS = "1.2"
CLOUDFLARE_RECOMMENDED_SSL_MODES = {"full"}
CLOUDFLARE_RECOMMENDED_SECURITY_LEVELS = {"high", "under_attack"}

6
prowler/providers/cloudflare/services/zones/zones_min_tls_version_secure/zones_min_tls_version_secure.py
View File

@@ -1,12 +1,12 @@
from prowler.lib.check.models import Check, CheckReportCloudflare
from prowler.providers.cloudflare.config import CLOUDFLARE_DEFAULT_MIN_TLS
from prowler.providers.cloudflare.services.zones.zones_client import zones_client
class zones_min_tls_version_secure(Check):
def execute(self) -> list[CheckReportCloudflare]:
findings = []
required_version = float(CLOUDFLARE_DEFAULT_MIN_TLS)
min_tls_version = zones_client.audit_config.get("min_tls_version", "1.2")
required_version = float(min_tls_version)
for zone in zones_client.zones.values():
report = CheckReportCloudflare(
@@ -23,6 +23,6 @@ class zones_min_tls_version_secure(Check):
report.status_extended = f"Minimum TLS version for zone {zone.name} is set to {current_version}."
else:
report.status = "FAIL"
report.status_extended = f"Minimum TLS version for zone {zone.name} is {current_version}, below the recommended {CLOUDFLARE_DEFAULT_MIN_TLS}."
report.status_extended = f"Minimum TLS version for zone {zone.name} is {current_version}, below the recommended {min_tls_version}."
findings.append(report)
return findings