fix(mutelist): properly handle wildcards and regex (#7685)

2026-01-25 02:08:11 +00:00 · 2025-05-08 02:25:55 -04:00
parent 1017510a67
commit ed26c2c42c
2 changed files with 56 additions and 3 deletions
--- a/prowler/lib/mutelist/mutelist.py
+++ b/prowler/lib/mutelist/mutelist.py
@@ -433,8 +433,8 @@ class Mutelist(ABC):
                if tag:
                    is_item_matched = True
                for item in matched_items:
-                    if item.startswith("*"):
-                        item = ".*" + item[1:]
+                    if "*" in item:
+                        item = item.replace("*", ".*")
                    if tag:
                        if not re.search(item, finding_items):
                            is_item_matched = False
--- a/tests/providers/aws/lib/mutelist/aws_mutelist_test.py
+++ b/tests/providers/aws/lib/mutelist/aws_mutelist_test.py
@@ -848,7 +848,6 @@ class TestAWSMutelist:
    def test_is_muted_aws_default_mutelist(
        self,
    ):
-
        mutelist = AWSMutelist(
            mutelist_path=f"{path.dirname(path.realpath(__file__))}/../../../../../prowler/config/aws_mutelist.yaml"
        )
@@ -1877,3 +1876,57 @@ class TestAWSMutelist:
        assert muted_finding.status == "MUTED"
        assert muted_finding.muted
        assert muted_finding.raw["status"] == "FAIL"
+
+    def test_is_muted_with_wildcard_check(self):
+        mutelist_content = {
+            "Accounts": {
+                "*": {
+                    "Checks": {
+                        "cloudtrail_*": {
+                            "Regions": ["*"],
+                            "Resources": ["*"],
+                        }
+                    }
+                }
+            }
+        }
+        mutelist = AWSMutelist(mutelist_content=mutelist_content)
+
+        assert not mutelist.is_muted(
+            AWS_ACCOUNT_NUMBER,
+            "iam_inline_policy_no_full_access_to_cloudtrail",
+            AWS_REGION_US_EAST_1,
+            "prowler",
+            "",
+        )
+
+        assert mutelist.is_muted(
+            AWS_ACCOUNT_NUMBER,
+            "cloudtrail_insights_exist",
+            AWS_REGION_US_EAST_1,
+            "prowler",
+            "",
+        )
+
+    def test_is_muted_with_wildcard_in_middle_of_check(self):
+        mutelist_content = {
+            "Accounts": {
+                "*": {
+                    "Checks": {
+                        "guardduty_*_enabled": {
+                            "Regions": ["*"],
+                            "Resources": ["*"],
+                        }
+                    }
+                }
+            }
+        }
+        mutelist = AWSMutelist(mutelist_content=mutelist_content)
+
+        assert mutelist.is_muted(
+            AWS_ACCOUNT_NUMBER,
+            "guardduty_is_enabled",
+            AWS_REGION_US_EAST_1,
+            "prowler",
+            "",
+        )