fix(security-groups): remove RFC1918 from ec2_securitygroup_allow_wide_open_public_ipv4

docs/tutorials/scan-unused-services.md

@@ -36,10 +36,11 @@ If EBS default encyption is not enabled, sensitive information at rest is not pr
 
   - `ec2_ebs_default_encryption`
 
-If your Security groups are not properly configured the attack surface is increased, nonetheless, Prowler will detect those security groups that are being used (they are attached) to only notify those that are being used. This logic applies to the 15 checks related to open ports in security groups and the check for the default security group.
+If your Security groups are not properly configured the attack surface is increased, nonetheless, Prowler will detect those security groups that are being used (they are attached) to only notify those that are being used. This logic applies to the 15 checks related to open ports in security groups, the check for the default security group and for the security groups that allow ingress and egress traffic.
 
   - `ec2_securitygroup_allow_ingress_from_internet_to_port_X` (15 checks)
   - `ec2_securitygroup_default_restrict_traffic`
+  - `ec2_securitygroup_allow_wide_open_public_ipv4`
 
 Prowler will also check for used Network ACLs to only alerts those with open ports that are being used.
 

prowler/providers/aws/services/ec2/ec2_securitygroup_allow_wide_open_public_ipv4/ec2_securitygroup_allow_wide_open_public_ipv4.metadata.json

@@ -1,7 +1,7 @@
 {
   "Provider": "aws",
   "CheckID": "ec2_securitygroup_allow_wide_open_public_ipv4",
-  "CheckTitle": "Ensure no security groups allow ingress from wide-open non-RFC1918 address.",
+  "CheckTitle": "Ensure no security groups allow ingress and egress from public IP addresses",
   "CheckType": [
     "Infrastructure Security"
   ],
@@ -10,7 +10,7 @@
   "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
   "Severity": "high",
   "ResourceType": "AwsEc2SecurityGroup",
-  "Description": "Ensure no security groups allow ingress from wide-open non-RFC1918 address.",
+  "Description": "Ensure no security groups allow ingress and egress from public IP addresses.",
   "Risk": "If Security groups are not properly configured the attack surface is increased.",
   "RelatedUrl": "",
   "Remediation": {

prowler/providers/aws/services/ec2/ec2_securitygroup_allow_wide_open_public_ipv4/ec2_securitygroup_allow_wide_open_public_ipv4.py

@@ -28,7 +28,7 @@ class ec2_securitygroup_allow_wide_open_public_ipv4(Check):
                 for ingress_rule in security_group.ingress_rules:
                     for ipv4 in ingress_rule["IpRanges"]:
                         ip = ipaddress.ip_network(ipv4["CidrIp"])
-                        # Check if IP is public according to RFC1918 and if 0 < prefixlen < 24
+                        # Check if IP is public if 0 < prefixlen < 24
                         if (
                             ip.is_global
                             and ip.prefixlen < cidr_treshold
@@ -42,7 +42,7 @@ class ec2_securitygroup_allow_wide_open_public_ipv4(Check):
                 for egress_rule in security_group.egress_rules:
                     for ipv4 in egress_rule["IpRanges"]:
                         ip = ipaddress.ip_network(ipv4["CidrIp"])
-                        # Check if IP is public according to RFC1918 and if 0 < prefixlen < 24
+                        # Check if IP is public if 0 < prefixlen < 24
                         if (
                             ip.is_global
                             and ip.prefixlen < cidr_treshold