ben.carrasco/prowler
1
0
Fork 0
mirror of https://github.com/prowler-cloud/prowler.git synced 2026-04-03 05:55:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: ben.carrasco:PRWLR-6464-running-into-302-error-subscription-could-not-be-found-7214
Branches Tags
ben.carrasco:master ben.carrasco:poc-gha-iac ben.carrasco:docs/sso-google-workspace ben.carrasco:feat/PROWLER-944-stage-4-image-provider-cloud-app-docs ben.carrasco:dependabot/pip/master/moto-5.1.22 ben.carrasco:dependabot/pip/master/coverage-7.13.5 ben.carrasco:dependabot/pip/master/marshmallow-4.2.3 ben.carrasco:dependabot/pip/master/black-26.3.1 ben.carrasco:dependabot/pip/master/bandit-1.9.4 ben.carrasco:dependabot/pip/master/pre-commit-4.5.1 ben.carrasco:dependabot/github_actions/master/docker/build-push-action-7.0.0 ben.carrasco:dependabot/github_actions/master/docker/setup-buildx-action-4.0.0 ben.carrasco:dependabot/github_actions/master/actions/upload-artifact-7.0.0 ben.carrasco:dependabot/github_actions/master/docker/login-action-4.0.0 ben.carrasco:dependabot/pip/master/pytest-9.0.2 ben.carrasco:dependabot/github_actions/master/tj-actions/changed-files-47.0.5 ben.carrasco:dependabot/github_actions/master/pnpm/action-setup-5.0.0 ben.carrasco:dependabot/github_actions/master/zizmorcore/zizmor-action-0.5.2 ben.carrasco:dependabot/github_actions/master/regclient/actions-f07124ffba4b0cbf96b2a666d481ed9d44b5e7e4 ben.carrasco:dependabot/github_actions/master/actions/checkout-6.0.2 ben.carrasco:dependabot/pip/master/pylint-4.0.5 ben.carrasco:dependabot/github_actions/master/actions/cache-5.0.4 ben.carrasco:dependabot/github_actions/master/actions/setup-node-6.3.0 ben.carrasco:dependabot/github_actions/master/softprops/action-gh-release-2.6.1 ben.carrasco:dependabot/github_actions/master/azure/setup-helm-5.0.0 ben.carrasco:dependabot/pip/master/filelock-3.25.2 ben.carrasco:dependabot/github_actions/master/actions/download-artifact-8.0.1 ben.carrasco:dependabot/github_actions/master/sorenlouv/backport-github-action-11.0.0 ben.carrasco:dependabot/pip/master/vulture-2.16 ben.carrasco:dependabot/pip/api/aiohttp-3.13.4 ben.carrasco:dependabot/pip/aiohttp-3.13.4 ben.carrasco:feat/vercel-ui ben.carrasco:feat/prowler-450-organization-switch ben.carrasco:feat/prowler-629-bedrock-access-not-stale ben.carrasco:feat/prowler-628-bedrock-marketplace-subscription-access-least-privilege ben.carrasco:chore/bump-cryptography-oci-alibabacloud ben.carrasco:wanr-sensitive-flags ben.carrasco:dependabot/uv/mcp_server/fastmcp-3.2.0 ben.carrasco:fix/ui-findings-groups-security-fixes ben.carrasco:fix/ui-findings-groups-pepe-ux ben.carrasco:PROWLER-1253-implement-directory-service-checks-for-google-workspace-provider-clean ben.carrasco:v5.22 ben.carrasco:dependabot/uv/mcp_server/pygments-2.20.0 ben.carrasco:dependabot/pip/api/pygments-2.20.0 ben.carrasco:dependabot/pip/pygments-2.20.0 ben.carrasco:fix/ui-findings-groups-pepe-blockers ben.carrasco:aws-regions-update-179 ben.carrasco:chore/fix-step-security ben.carrasco:dependabot/uv/mcp_server/cryptography-46.0.6 ben.carrasco:chore/GHA-271823-stepsecurity-remediation ben.carrasco:chore/GHA-261831-stepsecurity-remediation ben.carrasco:dependabot/pip/requests-2.33.0 ben.carrasco:dependabot/uv/mcp_server/requests-2.33.0 ben.carrasco:dependabot/pip/api/requests-2.33.0 ben.carrasco:k8s-ocsf ben.carrasco:mcp-resource-timeline-tool ben.carrasco:PROWLER-1251-porting-attack-paths-scan-temporary-database-from-neo-4-j-to-grafeo ben.carrasco:PROWLER-1250-extend-resource-group-filter-for-all-providers ben.carrasco:dependabot/pip/api/authlib-1.6.9 ben.carrasco:dependabot/pip/api/pyasn1-0.6.3 ben.carrasco:dependabot/pip/authlib-1.6.9 ben.carrasco:dependabot/pip/pyjwt-2.12.0 ben.carrasco:feat/aspm-provider ben.carrasco:fix/oraclecloud-idp-group-mapping-events-10411 ben.carrasco:PROWLER-1225-fix-read-queries-on-the-read-replica-that-doesnt-use-the-write-replica-on-retries--second-attempt ben.carrasco:v5.21 ben.carrasco:dependabot/pip/api/pyjwt-2.12.0 ben.carrasco:aws-regions-update-175 ben.carrasco:feat/s3-bucket-website-hosting-check ben.carrasco:fix/legacy-metadata-validators-error ben.carrasco:dependabot/uv/mcp_server/authlib-1.6.9 ben.carrasco:dependabot/uv/mcp_server/pyjwt-2.12.0 ben.carrasco:PROWLER-1225-fix-read-queries-on-the-read-replica-that-doesnt-use-the-write-replica-on-retries ben.carrasco:dependabot/npm_and_yarn/ui/next-16.1.7 ben.carrasco:dependabot/pip/pyasn1-0.6.3 ben.carrasco:backport/v5.20/pr-10360 ben.carrasco:feat/add-rbi-compliance-gcp ben.carrasco:feat/github-organization-repository-deletion-limited ben.carrasco:backport/v5.20/pr-10314 ben.carrasco:PRWLR-7706-add-pydantic-validators-to-check-metadata-model-per-rfc-specification ben.carrasco:k8s-dedup-rbac-findings-subject ben.carrasco:v5.20 ben.carrasco:fix/ci-e2e-empty-test-dirs ben.carrasco:v5.19 ben.carrasco:feat/prowler-683-4-cli-integration ben.carrasco:feat/prowler-683-3-compliance-jsons ben.carrasco:feat/prowler-683-2-universal-outputs ben.carrasco:feat/prowler-683-1-universal-models ben.carrasco:backport/v5.19/pr-10270 ben.carrasco:fix/attack-paths-elb-exposed-internet ben.carrasco:DEVREL-93-prowler-gha-poc-as-gh-service ben.carrasco:fix/codeartifact-list-package-versions-unbounded-fetch ben.carrasco:copilot/sub-pr-10236 ben.carrasco:feat/prowler-1151-entra-conditional-access-policy-unknown-device-blocked ben.carrasco:DEVREL-93-prowler-gha-poc ben.carrasco:ensure-key-format-cloudflare ben.carrasco:aws-regions-update-174 ben.carrasco:feat/prowler-1140-entra-legacy-authentication-blocked ben.carrasco:feat/vercel ben.carrasco:fix-ocsf-params ben.carrasco:v5.18 ben.carrasco:dependabot/pip/api/werkzeug-3.1.6 ben.carrasco:dependabot/pip/api/flask-3.1.3 ben.carrasco:dependabot/uv/mcp_server/python-multipart-0.0.22 ben.carrasco:feat/prowler-1138-entra-conditional-access-policy-risky-sign-in-mfa ben.carrasco:feat/PROWLER-1091-create-new-stepper-implement-aws-organizations-endpoints ben.carrasco:feat/PROWLER-943-image-provider-ui ben.carrasco:dependabot/pip/werkzeug-3.1.6 ben.carrasco:dependabot/pip/flask-3.1.3 ben.carrasco:dependabot/pip/protobuf-6.33.5 ben.carrasco:feat/prowler-1139-entra-conditional-access-policy-require-password-change-high-risk-users ben.carrasco:feat/PROWLER-943-stage-3-a-image-provider-ui ben.carrasco:feat/PROWLER-940-stage-2-a-image-provider-api-rebased ben.carrasco:fix-reporting-docs-1771930526 ben.carrasco:feat/prowler-837-entra-guest-users-mfa-enabled ben.carrasco:feat/prowler-838-entra-sign-in-frequency-for-non-corporate-devices ben.carrasco:feat/prowler-836-entra-policy-blocks-unknown-unsupported-device-platforms ben.carrasco:docs-agentic-workflow ben.carrasco:aws-regions-update-173 ben.carrasco:feat/PROWLER-940-stage-2-a-image-provider-api-redo ben.carrasco:feat/PROWLER-940-stage-2-a-image-provider-api-v2 ben.carrasco:feat/PROWLER-940-stage-2-a-image-provider-api-support ben.carrasco:dependabot/pip/api/cryptography-46.0.5 ben.carrasco:PROWLER-1099-api-scan-schedule-model-provider-fk-migration ben.carrasco:PROWLER-1100-api-crud-endpoints ben.carrasco:PROWLER-1098-cron-based-scan-scheduling ben.carrasco:copilot/fix-return-in-finally-block ben.carrasco:review_metadata_gcp_artifacts ben.carrasco:feat/prowler-836-entra-policy-unknown-unsupported-device-platforms-blocked ben.carrasco:PROWLER-1033-start-api-without-neo-4-j ben.carrasco:PROWLER-1084-skill-prowler-changelog-review ben.carrasco:revert-10028-fix/fidings-filters-navitagion-fail-v4 ben.carrasco:backport/v5.18/pr-10028 ben.carrasco:backport/v5.18/pr-10025 ben.carrasco:backport/v5.18/pr-10021 ben.carrasco:backport/v5.18/pr-10017 ben.carrasco:feat/elasticsearch-integration ben.carrasco:fix/ui-scans-polling-optimization ben.carrasco:image-scan-poc ben.carrasco:dependabot/pip/master/pytest-cov-6.3.0 ben.carrasco:dependabot/pip/master/coverage-7.10.7 ben.carrasco:dependabot/pip/master/pre-commit-4.3.0 ben.carrasco:dependabot/pip/master/flake8-7.3.0 ben.carrasco:dependabot/pip/master/freezegun-1.5.5 ben.carrasco:dependabot/pip/master/marshmallow-4.0.1 ben.carrasco:dependabot/pip/master/openapi-spec-validator-0.7.2 ben.carrasco:dependabot/pip/master/pytest-xdist-3.8.0 ben.carrasco:dependabot/pip/master/bandit-1.8.6 ben.carrasco:dependabot/pip/master/black-25.11.0 ben.carrasco:dependabot/pip/master/pytest-randomly-4.0.1 ben.carrasco:PROWLER-960-jwt-key-generation-fails-with-permission-error-on-fresh-docker-compose-deployment ben.carrasco:aws-regions-update-170 ben.carrasco:feat/prowler-838-entra-conditional-access-policy-enforce-sign-in-frequency ben.carrasco:v5.17 ben.carrasco:dependabot/pip/api/azure-core-1.38.0 ben.carrasco:feat/PROWLER-774-Findings-Hierarchical-Tree-View-Check-Resources ben.carrasco:PROWLER-822-high-cloudflare-zone-waf-enabled-check-false-positive ben.carrasco:backport/v5.17/pr-9892 ben.carrasco:PROWLER-690-feature-add-batch-provider-creation-endpoint-api ben.carrasco:feat/migrate-to-prek ben.carrasco:aws-regions-update-169 ben.carrasco:PROWLER-693-enhancement-add-status-field-to-provider-model-api ben.carrasco:aws-regions-update-168 ben.carrasco:dependabot/uv/mcp_server/starlette-0.49.1 ben.carrasco:dependabot/uv/mcp_server/urllib3-2.6.3 ben.carrasco:PROWLER-512-merge-attack-paths ben.carrasco:v5.16 ben.carrasco:attack-paths-demo-extras ben.carrasco:PROWLER-511-solve-one-neo-4-j-database-per-provider ben.carrasco:fix/black-formatting-validate-compliance ben.carrasco:feat/prowler-compliance-review-skill ben.carrasco:PROWLER-663-improve-skill-md-and-correct-typos-for-the-compliance-part ben.carrasco:dependabot/pip/master/google-auth-httplib2-0.2.1 ben.carrasco:feat/sns-integration ben.carrasco:feat/github-integration ben.carrasco:update-api-lock ben.carrasco:fix/v5.16-version-alignment ben.carrasco:api-5.16-changelog ben.carrasco:v5.15 ben.carrasco:feat/PROWLER-22-Risk-Radar-Component-UI-2 ben.carrasco:backport/v5.15/pr-9567 ben.carrasco:feat/api-query-performance-guide ben.carrasco:feat/ui-gga-code-review ben.carrasco:backport/v5.15/pr-9558 ben.carrasco:aws-regions-update-163 ben.carrasco:PROWLER-481-issues-with-ia-c-scan-in-bug-repos ben.carrasco:add-search-provider-bar ben.carrasco:chore/ui-e2e-cloud-tests ben.carrasco:feat/ui-scans-resources-link ben.carrasco:backport/v5.14/pr-9489 ben.carrasco:backport/v5.14/pr-9487 ben.carrasco:aws-regions-update-162 ben.carrasco:feat/PROWLER-34-Risk-Plot-Component-UI ben.carrasco:rbi-framework-support ben.carrasco:PROWLER-XX-separate-runner-for-aws-tests ben.carrasco:v5.14 ben.carrasco:feat/api-providers-severity-endpoint ben.carrasco:feat/PROWLER-447-Attack-surface-component-Front ben.carrasco:backport/v5.14/pr-9345 ben.carrasco:aws-regions-update-161 ben.carrasco:PROWLER-182-kubernetes-add-and-connect-the-provider ben.carrasco:PROWLER-181-gcp-add-and-connect-the-provider ben.carrasco:backport/v5.13/pr-9274 ben.carrasco:PRWLR-7853-asff-first-observed-at-is-not-taking-into-account-the-finding-can-exist ben.carrasco:backport/v5.13/pr-9208 ben.carrasco:v5.13 ben.carrasco:PRWLR-7885-fix-report-timestamps ben.carrasco:DEVREL-115-fix-anchors ben.carrasco:backport/v5.13/pr-9054 ben.carrasco:PROWLER-285-aws-add-an-connect-the-provider-sdk-default-env ben.carrasco:prwlr-7751-github-app-authentication-incorrectly-handles-key-parameter-and-environment-variables ben.carrasco:PROWLER-376-update-docs-with-gcp-permissions ben.carrasco:DEVREL-98-include-open-api-specification-in-mintlify ben.carrasco:add-timeout-thread ben.carrasco:DEVREL-109-add-link-to-aws-console-in-aws-findings ben.carrasco:PROWLER-185-launch-scheduled-scan ben.carrasco:add-links-to-iac-findings ben.carrasco:PROWLER-186-launch-on-demand-scan ben.carrasco:chore-api-prowler-version-update ben.carrasco:api-mintlify-docs ben.carrasco:PROWLER-188-invite-new-user ben.carrasco:PROWLER-197-out-of-scope-github-add-an-connect-the-provider ben.carrasco:PROWLER-XX-check-all-checks-have-passed ben.carrasco:backport/v5.13/pr-9062 ben.carrasco:PROWLER-253-extract-aws-data-from-prowler-database-and-transform-it-to-be-ingested-by-cartography ben.carrasco:workshop-as-docs ben.carrasco:create-alibaba-provider ben.carrasco:PRWLR-7835-amazon-bedrock ben.carrasco:feat/gcp-cloudstorage-versioning-enabled ben.carrasco:feat/cloudflare-provider ben.carrasco:feat/stuck-scans-command ben.carrasco:PROWLER-XX-update-changelogs ben.carrasco:refactor/graph-components-kebab-case ben.carrasco:fix-threatscore-s3-location ben.carrasco:demo-api-key ben.carrasco:trigger-preview ben.carrasco:api-changelog-1-14 ben.carrasco:feat/PRWLR-7763-new-credentials-form ben.carrasco:PROWLER-258-github-social-sign-up ben.carrasco:feat/PRWLR-7933-UI-Api-Key ben.carrasco:attribute-error-in-m365 ben.carrasco:v5.12 ben.carrasco:api-keys-docs-improvement ben.carrasco:iac-in-the-app ben.carrasco:pr-8743 ben.carrasco:PRWLR-8174-add-additional-compliance-information-to-compliance-detail-page-ui ben.carrasco:PRWLR-7170-improve-html-output-in-prowler ben.carrasco:todo-check-class ben.carrasco:review-metadata-aws-neptune ben.carrasco:fix/nextjs-cache-folder-not-found ben.carrasco:update-api-dependency-v5.12-1757406446 ben.carrasco:aws-services-regions-updated-422a8a0f625cee103be5e5a97b9639f49997b949 ben.carrasco:PRWLR-7873-add-all-finding-fields-in-the-ticket-summary-table-jira ben.carrasco:backport/v5.11/pr-8619 ben.carrasco:backport/v5.11/pr-8629 ben.carrasco:backport/v5.11/pr-8638 ben.carrasco:aws-services-regions-updated-fdb76e78207e10cf07660bbfa70665fc6552c0dd ben.carrasco:v5.11 ben.carrasco:nitpicks/7e7fce94-067a-47b0-b6d1-9b1f4ccac28f ben.carrasco:PRWLR-6707-create-a-way-of-reporting-for-prowler-threatscore ben.carrasco:v5.10 ben.carrasco:fix-threatscore-scoring ben.carrasco:PRWLR-7212-recommend-fix ben.carrasco:PRWLR-7784-cloud-providers-connection-filter-status-labels ben.carrasco:add-posthog-integration ben.carrasco:PRWLR-7732-add-mutelist-menu-item ben.carrasco:v5.9 ben.carrasco:alert-autofix-55 ben.carrasco:PRWLR-7212-recommend ben.carrasco:nitpicks/678b4540-69e7-4be1-802c-11e249359177 ben.carrasco:nitpicks/578b4540-69e7-4be1-802c-11e249359177 ben.carrasco:nitpicks/578b4540-69e7-4be1-802c-11e249359176 ben.carrasco:nitpicks/578b4540-69e7-4be1-802c-11e249359175 ben.carrasco:nitpicks/578b4540-69e7-4be1-802c-11e249359174 ben.carrasco:PRWLR-7606-add-github-provider-to-ui ben.carrasco:fix/kisa-isms-p_compilance ben.carrasco:fix-gh-typo ben.carrasco:backport/v5.9/pr-8265 ben.carrasco:PRWLR-7569-create-different-flows-of-onboarding-in-m-365 ben.carrasco:feature/add-posthog-analytics ben.carrasco:PRWLR-7635-mongodbatlas-additional-checks ben.carrasco:PRWLR-7635-mongodbatlas-provider-foundation ben.carrasco:v5.8 ben.carrasco:PRWLR-6064-change-user-deletion-api-response ben.carrasco:backport/v5.8/pr-8257 ben.carrasco:backport/v5.7/pr-8270 ben.carrasco:update-fixers-docs ben.carrasco:PRWLR-7205-migrate-fixers-to-new-class-structure ben.carrasco:PRWLR-5093-design-the-fixer-class ben.carrasco:PRWLR-7597-fix-and-optimize-search-filters-for-findings-and-resources ben.carrasco:backport/v5.8/pr-8253 ben.carrasco:PRWLR-7512-create-custom-link-component ben.carrasco:PRWLR-7524-improve-api-performance-on-scan-page-using-include-param ben.carrasco:v5.7 ben.carrasco:PRWLR-7386-playwright-setup-nextjs ben.carrasco:backport/v5.7/pr-8087 ben.carrasco:PRWLR-7459-support-for-scanning-remote-git-repositories-specified-by-url ben.carrasco:api-add-missing-map ben.carrasco:PRWLR-7346-create-a-db-helper-to-create-indexes-following-best-practices ben.carrasco:PRWLR-4758-django-must-support-read-only-replica-database-config ben.carrasco:PRWLR-7134-api-performance-tests-for-resources ben.carrasco:fix/update-changelog-and-block-1st-item-in-providers-selector ben.carrasco:psql-proxy ben.carrasco:PRWLR-7292-old-scans-not-shown-when-all-providers-have-connection-fail ben.carrasco:PRWLR-7160-findings-page-scan-id-filter-improvement ben.carrasco:showdown-demo ben.carrasco:backport/v5.7/pr-7928 ben.carrasco:PRWLR-7302-nextjs-analyst ben.carrasco:backport/v5.7/pr-7921 ben.carrasco:PRWLR-7297-django-endpoint ben.carrasco:api-changelog-5.7.2 ben.carrasco:update-changelog ben.carrasco:PRWLR-7318-add-ia-c-provider-tests ben.carrasco:PRWLR-6367-create-a-finding-new-uid-column-to-avoid-length-limitations ben.carrasco:PRWLR-5556-ensure-inactive-users-are-reviewed-and-removed-periodically ben.carrasco:fix/7508-review-fixes ben.carrasco:PRWLR-5989-ensure-that-spf-records-are-published-for-all-exchange ben.carrasco:v5.6 ben.carrasco:backport/v5.6/pr-7746 ben.carrasco:PRWLR-7117-implement-new-findings-latest-endpoint-API-UI ben.carrasco:poc-ui-e2e ben.carrasco:review-changelogs-for-v5.6 ben.carrasco:v5.5 ben.carrasco:PRWLR-6373-Implement-Compliance-Outputs-UI-temp ben.carrasco:PRWLR-6886-sdk-aws-resource-po-c ben.carrasco:PRWLR-6834-exclude-checks-in-prowler-api ben.carrasco:improve-rls-policies ben.carrasco:M365-testing ben.carrasco:PRWLR-6643-capture-sentry-exceptions ben.carrasco:PRWLR-6464-running-into-302-error-subscription-could-not-be-found-7214 ben.carrasco:v4.6 ben.carrasco:PRWLR-6469-review-resource-types-in-check-metadata-2nd-round ben.carrasco:v5.4 ben.carrasco:backport/v4.6/pr-7420 ben.carrasco:v3 ben.carrasco:backport/v4.6/pr-7410 ben.carrasco:backport/v4.6/pr-7330 ben.carrasco:backport/v3/pr-7330 ben.carrasco:improve-deletion-process ben.carrasco:PRWLR-6502-improve-docs-adding-videos ben.carrasco:PRWLR-6472-add-docs-inside-ui-page-for-each-provider ben.carrasco:PRWLR-6455-change-microsoft-365-check-names ben.carrasco:revert-7112-PRWLR-6398-upgrade-poetry-to-v-2-in-prowler ben.carrasco:fix-api-prowler-dep ben.carrasco:backport/v4.6/pr-7205 ben.carrasco:backport/v5.4/pr-7141 ben.carrasco:v5.3 ben.carrasco:PRWLR-5956-Export-Artifacts-only-UIpart-v2 ben.carrasco:backport/v5.2/pr-6947 ben.carrasco:backport/v4.6/pr-6896 ben.carrasco:backport/v4.6/pr-6908 ben.carrasco:PRWLR-5956-Export-Artifacts-only-UIpart ben.carrasco:PRWLR-5860-ensure-security-defaults-is-disabled ben.carrasco:v5.2 ben.carrasco:backport/v3/pr-6823 ben.carrasco:backport/v3/pr-6822 ben.carrasco:backport/v3/pr-6824 ben.carrasco:PRWLR-6129-review-check-report-init-for-region-resource-id-resource-arn ben.carrasco:PRWLR-5956-Export-Artifacts ben.carrasco:PRWLR-6143-fix-error-related-with-detect-secrets ben.carrasco:v5.1 ben.carrasco:v5.0 ben.carrasco:backport/v3/pr-6611 ben.carrasco:backport/v3/pr-6352 ben.carrasco:PRWLR-5573-ensure-scanners-are-in-place-for-open-source-vulnerabilities-in-used-packages ben.carrasco:PRWLR-4669-Roles-Page-UI-with-API-changes ben.carrasco:PRWLR-5831-review-and-fix-all-the-nonetypes-from-prod-logs ben.carrasco:PRWLR-4669-Roles-Page-API-UI ben.carrasco:PRWLR-5516-ensure-branch-protection-is-enforced-on-the-default-branch ben.carrasco:PRWLR-5535-ensure-linear-history-is-required ben.carrasco:backport/v3/pr-6122 ben.carrasco:PRWLR-5696-debug-django-loosing-db-connections ben.carrasco:backport/v4.4/pr-5195 ben.carrasco:PRWLR-5513-enforce-two-approval-requirement-for-code-changes-in-git-hub-repositories ben.carrasco:PRWLR-5550-Scans-New-attribute-Next-scan-schedule ben.carrasco:backport/v3/pr-5961 ben.carrasco:PRWLR-4785-remove-only-logs ben.carrasco:v4.5 ben.carrasco:PRWLR-5281-po-c-development ben.carrasco:PRWLR-5266-review-checks-executed-by-sdk-and-cli ben.carrasco:v4.4 ben.carrasco:PRWLR-4539-iam-customer-managed-policies-should-not-allow-decryption-actions-on-all-kms-keys ben.carrasco:PRWLR-4554-open-search-domains-should-have-at-least-three-data-nodes-with-zone-awareness-enabled ben.carrasco:PRWLR-4969-ensure-elasticsearch-domains-have-at-least-three-dedicated-master-nodes ben.carrasco:prowler-inventory ben.carrasco:PRWLR-4985-fix-resource-type-aws-metadata ben.carrasco:PRWLR-4782-research-about-removing-the-checks-metadata-loading-from-the-check-class ben.carrasco:v4.3 ben.carrasco:PRWLR-4785-review-only-logs-and-remove-it ben.carrasco:PRWLR-4820-error-in-gcp-execution-error-global-key-error-32-accounts ben.carrasco:PRWLR-4778-git-hub-issue-ensure-no-security-groups-allow-ingress-from-wide-open-non-rfc-1918-address-false-positive-4936 ben.carrasco:improve-ocsf ben.carrasco:PRWLR-4674-refactor-cloudfront-service ben.carrasco:dev-memory-management-optimization-poc ben.carrasco:PRWLR-4601-conflicting-documentation-for-mutelist-tags-on-aws-4782 ben.carrasco:PRWLR-4226-bad-dynamo-db-checks-i-ds ben.carrasco:PRWLR-3963-Create-new-tests-for-new-impersonate-account-of-GCP ben.carrasco:revert-4202-bugfix/execute-custom-rules ben.carrasco:v4.2 ben.carrasco:PRWLR-3773-add-listing-functions-to-new-cli ben.carrasco:PRWLR-3778-kubernetes-core-service-error ben.carrasco:PRWLR-3635-Azure-Review-checks-iam_subscription_roles_owner_custom_not_created-and-iam_custom_role_has_permissions_to_administer_resource_locks ben.carrasco:PRWLR-752-run-subservices-by-service-subservices ben.carrasco:PRWLR-2756-OSS-Amazon-Managed-Streaming-for-Apache-Kafka-MSK-Checks ben.carrasco:PRWLR-3666-bug-check-failing-due-to-iam-roles-created-by-aws-control-tower-and-aft-with-administrator-access-policy-3810 ben.carrasco:elasticache-keyerror ben.carrasco:PRWLR-3580-oss-map-k-8-s-checks-to-mitre-att-ck-framework ben.carrasco:cis-azure-fixes ben.carrasco:3865-bug-efs_not_publicly_accessible-does-not-consider-recommended-aws-condition ben.carrasco:v4.1 ben.carrasco:new-public-exposed-checks ben.carrasco:json-ocsf-checkid ben.carrasco:ens_compliance ben.carrasco:work-on-audit-manager ben.carrasco:refactor-audit-info-sagemaker ben.carrasco:bypass-compute-service ben.carrasco:fix-audit-info-tests ben.carrasco:PRWLR-2798-prowler-create-flag-to-remove-output-files-if-sent-to-an-external-provider ben.carrasco:fix-vpc_different_regions ben.carrasco:prowler-2 ben.carrasco:load-once-checks-metadata-info
ben.carrasco:5.22.0 ben.carrasco:5.21.1 ben.carrasco:5.21.0 ben.carrasco:5.20.0 ben.carrasco:5.19.0 ben.carrasco:5.18.3 ben.carrasco:5.18.2 ben.carrasco:5.18.1 ben.carrasco:5.18.0 ben.carrasco:5.17.1 ben.carrasco:5.17.0 ben.carrasco:5.16.1 ben.carrasco:5.16.0 ben.carrasco:5.15.1 ben.carrasco:5.15.0 ben.carrasco:5.14.2 ben.carrasco:5.14.1 ben.carrasco:5.14.0 ben.carrasco:5.13.1 ben.carrasco:5.13.0 ben.carrasco:5.12.3 ben.carrasco:5.12.2 ben.carrasco:5.12.1 ben.carrasco:5.12.0 ben.carrasco:5.11.0 ben.carrasco:5.10.2 ben.carrasco:5.10.1 ben.carrasco:5.10.0 ben.carrasco:5.9.2 ben.carrasco:5.9.1 ben.carrasco:5.9.0 ben.carrasco:5.8.1 ben.carrasco:5.8.0 ben.carrasco:5.7.5 ben.carrasco:5.7.4 ben.carrasco:5.7.3 ben.carrasco:5.7.2 ben.carrasco:5.7.1 ben.carrasco:5.7.0 ben.carrasco:5.6.0 ben.carrasco:5.5.1 ben.carrasco:5.5.0 ben.carrasco:5.4.4 ben.carrasco:5.4.3 ben.carrasco:5.4.2 ben.carrasco:5.4.1 ben.carrasco:5.4.0 ben.carrasco:5.3.0 ben.carrasco:5.2.3 ben.carrasco:5.2.2 ben.carrasco:5.2.1 ben.carrasco:5.2.0 ben.carrasco:5.1.5 ben.carrasco:5.1.4 ben.carrasco:5.1.3 ben.carrasco:5.1.2 ben.carrasco:5.1.1 ben.carrasco:5.1.0 ben.carrasco:5.0.5 ben.carrasco:5.0.4 ben.carrasco:5.0.3 ben.carrasco:5.0.2 ben.carrasco:5.0.1 ben.carrasco:4.6.2 ben.carrasco:5.0.0 ben.carrasco:4.6.1 ben.carrasco:4.6.0 ben.carrasco:4.5.3 ben.carrasco:4.5.2 ben.carrasco:4.5.1 ben.carrasco:4.5.0 ben.carrasco:4.4.1 ben.carrasco:4.4.0 ben.carrasco:4.3.7 ben.carrasco:4.3.6 ben.carrasco:3.16.17 ben.carrasco:4.3.5 ben.carrasco:4.3.4 ben.carrasco:3.16.16 ben.carrasco:3.16.15 ben.carrasco:4.3.3 ben.carrasco:4.3.2 ben.carrasco:4.3.1 ben.carrasco:4.3.0 ben.carrasco:3.16.14 ben.carrasco:3.16.13 ben.carrasco:3.16.12 ben.carrasco:3.16.11 ben.carrasco:3.16.10 ben.carrasco:4.2.4 ben.carrasco:4.2.3 ben.carrasco:3.16.9 ben.carrasco:4.2.2 ben.carrasco:3.16.8 ben.carrasco:3.16.7 ben.carrasco:3.16.6 ben.carrasco:4.2.1 ben.carrasco:4.2.0 ben.carrasco:3.16.5 ben.carrasco:3.16.4 ben.carrasco:3.16.3 ben.carrasco:4.1.0 ben.carrasco:3.16.2 ben.carrasco:3.16.1 ben.carrasco:4.0.1 ben.carrasco:4.0.0 ben.carrasco:3.16.0 ben.carrasco:3.15.3 ben.carrasco:3.15.2 ben.carrasco:3.15.1 ben.carrasco:3.15.0 ben.carrasco:3.14.0 ben.carrasco:3.13.1 ben.carrasco:3.13.0 ben.carrasco:3.12.1 ben.carrasco:3.12.0 ben.carrasco:3.11.3 ben.carrasco:3.11.2 ben.carrasco:3.11.1 ben.carrasco:3.11.0 ben.carrasco:3.10.0 ben.carrasco:3.9.0 ben.carrasco:3.8.2 ben.carrasco:3.8.1 ben.carrasco:3.8.0 ben.carrasco:3.7.2 ben.carrasco:3.7.1 ben.carrasco:3.7.0 ben.carrasco:3.6.1 ben.carrasco:3.6.0 ben.carrasco:3.5.3 ben.carrasco:3.5.2 ben.carrasco:3.5.1 ben.carrasco:3.5.0 ben.carrasco:3.4.1 ben.carrasco:3.4.0 ben.carrasco:3.3.4 ben.carrasco:3.3.3 ben.carrasco:3.3.2 ben.carrasco:3.3.1 ben.carrasco:3.3.0 ben.carrasco:3.2.4 ben.carrasco:3.2.3 ben.carrasco:3.2.2 ben.carrasco:3.2.1 ben.carrasco:3.2.0 ben.carrasco:3.1.4 ben.carrasco:3.1.3 ben.carrasco:3.1.2 ben.carrasco:3.1.1 ben.carrasco:3.1.0 ben.carrasco:3.0.2 ben.carrasco:3.0.1 ben.carrasco:3.0.0 ben.carrasco:2.12.1 ben.carrasco:2.12.0 ben.carrasco:2.11.0 ben.carrasco:2.10.0 ben.carrasco:2.9.0 ben.carrasco:2.8.1 ben.carrasco:2.8.0 ben.carrasco:2.7.0 ben.carrasco:2.6.1 ben.carrasco:2.6.0 ben.carrasco:2.5.0 ben.carrasco:2.4.1 ben.carrasco:2.4.0 ben.carrasco:2.3.0-18122020 ben.carrasco:2.3.0RC ben.carrasco:2.2.0 ben.carrasco:2.0 ben.carrasco:2.0-Beta ben.carrasco:1.6 ben.carrasco:1.5 ben.carrasco:1.4 ben.carrasco:1.3 ben.carrasco:1.2 ben.carrasco:1.1.1 ben.carrasco:1.1 ben.carrasco:1.0
..
compare: ben.carrasco:PRWLR-6455-change-microsoft-365-check-names
Branches Tags
ben.carrasco:poc-gha-iac ben.carrasco:docs/sso-google-workspace ben.carrasco:feat/PROWLER-944-stage-4-image-provider-cloud-app-docs ben.carrasco:dependabot/pip/master/moto-5.1.22 ben.carrasco:dependabot/pip/master/coverage-7.13.5 ben.carrasco:dependabot/pip/master/marshmallow-4.2.3 ben.carrasco:dependabot/pip/master/black-26.3.1 ben.carrasco:dependabot/pip/master/bandit-1.9.4 ben.carrasco:dependabot/pip/master/pre-commit-4.5.1 ben.carrasco:dependabot/github_actions/master/docker/build-push-action-7.0.0 ben.carrasco:dependabot/github_actions/master/docker/setup-buildx-action-4.0.0 ben.carrasco:dependabot/github_actions/master/actions/upload-artifact-7.0.0 ben.carrasco:dependabot/github_actions/master/docker/login-action-4.0.0 ben.carrasco:dependabot/pip/master/pytest-9.0.2 ben.carrasco:dependabot/github_actions/master/tj-actions/changed-files-47.0.5 ben.carrasco:dependabot/github_actions/master/pnpm/action-setup-5.0.0 ben.carrasco:dependabot/github_actions/master/zizmorcore/zizmor-action-0.5.2 ben.carrasco:dependabot/github_actions/master/regclient/actions-f07124ffba4b0cbf96b2a666d481ed9d44b5e7e4 ben.carrasco:dependabot/github_actions/master/actions/checkout-6.0.2 ben.carrasco:dependabot/pip/master/pylint-4.0.5 ben.carrasco:dependabot/github_actions/master/actions/cache-5.0.4 ben.carrasco:dependabot/github_actions/master/actions/setup-node-6.3.0 ben.carrasco:dependabot/github_actions/master/softprops/action-gh-release-2.6.1 ben.carrasco:dependabot/github_actions/master/azure/setup-helm-5.0.0 ben.carrasco:dependabot/pip/master/filelock-3.25.2 ben.carrasco:dependabot/github_actions/master/actions/download-artifact-8.0.1 ben.carrasco:dependabot/github_actions/master/sorenlouv/backport-github-action-11.0.0 ben.carrasco:dependabot/pip/master/vulture-2.16 ben.carrasco:dependabot/pip/api/aiohttp-3.13.4 ben.carrasco:dependabot/pip/aiohttp-3.13.4 ben.carrasco:feat/vercel-ui ben.carrasco:feat/prowler-450-organization-switch ben.carrasco:master ben.carrasco:feat/prowler-629-bedrock-access-not-stale ben.carrasco:feat/prowler-628-bedrock-marketplace-subscription-access-least-privilege ben.carrasco:chore/bump-cryptography-oci-alibabacloud ben.carrasco:wanr-sensitive-flags ben.carrasco:dependabot/uv/mcp_server/fastmcp-3.2.0 ben.carrasco:fix/ui-findings-groups-security-fixes ben.carrasco:fix/ui-findings-groups-pepe-ux ben.carrasco:PROWLER-1253-implement-directory-service-checks-for-google-workspace-provider-clean ben.carrasco:v5.22 ben.carrasco:dependabot/uv/mcp_server/pygments-2.20.0 ben.carrasco:dependabot/pip/api/pygments-2.20.0 ben.carrasco:dependabot/pip/pygments-2.20.0 ben.carrasco:fix/ui-findings-groups-pepe-blockers ben.carrasco:aws-regions-update-179 ben.carrasco:chore/fix-step-security ben.carrasco:dependabot/uv/mcp_server/cryptography-46.0.6 ben.carrasco:chore/GHA-271823-stepsecurity-remediation ben.carrasco:chore/GHA-261831-stepsecurity-remediation ben.carrasco:dependabot/pip/requests-2.33.0 ben.carrasco:dependabot/uv/mcp_server/requests-2.33.0 ben.carrasco:dependabot/pip/api/requests-2.33.0 ben.carrasco:k8s-ocsf ben.carrasco:mcp-resource-timeline-tool ben.carrasco:PROWLER-1251-porting-attack-paths-scan-temporary-database-from-neo-4-j-to-grafeo ben.carrasco:PROWLER-1250-extend-resource-group-filter-for-all-providers ben.carrasco:dependabot/pip/api/authlib-1.6.9 ben.carrasco:dependabot/pip/api/pyasn1-0.6.3 ben.carrasco:dependabot/pip/authlib-1.6.9 ben.carrasco:dependabot/pip/pyjwt-2.12.0 ben.carrasco:feat/aspm-provider ben.carrasco:fix/oraclecloud-idp-group-mapping-events-10411 ben.carrasco:PROWLER-1225-fix-read-queries-on-the-read-replica-that-doesnt-use-the-write-replica-on-retries--second-attempt ben.carrasco:v5.21 ben.carrasco:dependabot/pip/api/pyjwt-2.12.0 ben.carrasco:aws-regions-update-175 ben.carrasco:feat/s3-bucket-website-hosting-check ben.carrasco:fix/legacy-metadata-validators-error ben.carrasco:dependabot/uv/mcp_server/authlib-1.6.9 ben.carrasco:dependabot/uv/mcp_server/pyjwt-2.12.0 ben.carrasco:PROWLER-1225-fix-read-queries-on-the-read-replica-that-doesnt-use-the-write-replica-on-retries ben.carrasco:dependabot/npm_and_yarn/ui/next-16.1.7 ben.carrasco:dependabot/pip/pyasn1-0.6.3 ben.carrasco:backport/v5.20/pr-10360 ben.carrasco:feat/add-rbi-compliance-gcp ben.carrasco:feat/github-organization-repository-deletion-limited ben.carrasco:backport/v5.20/pr-10314 ben.carrasco:PRWLR-7706-add-pydantic-validators-to-check-metadata-model-per-rfc-specification ben.carrasco:k8s-dedup-rbac-findings-subject ben.carrasco:v5.20 ben.carrasco:fix/ci-e2e-empty-test-dirs ben.carrasco:v5.19 ben.carrasco:feat/prowler-683-4-cli-integration ben.carrasco:feat/prowler-683-3-compliance-jsons ben.carrasco:feat/prowler-683-2-universal-outputs ben.carrasco:feat/prowler-683-1-universal-models ben.carrasco:backport/v5.19/pr-10270 ben.carrasco:fix/attack-paths-elb-exposed-internet ben.carrasco:DEVREL-93-prowler-gha-poc-as-gh-service ben.carrasco:fix/codeartifact-list-package-versions-unbounded-fetch ben.carrasco:copilot/sub-pr-10236 ben.carrasco:feat/prowler-1151-entra-conditional-access-policy-unknown-device-blocked ben.carrasco:DEVREL-93-prowler-gha-poc ben.carrasco:ensure-key-format-cloudflare ben.carrasco:aws-regions-update-174 ben.carrasco:feat/prowler-1140-entra-legacy-authentication-blocked ben.carrasco:feat/vercel ben.carrasco:fix-ocsf-params ben.carrasco:v5.18 ben.carrasco:dependabot/pip/api/werkzeug-3.1.6 ben.carrasco:dependabot/pip/api/flask-3.1.3 ben.carrasco:dependabot/uv/mcp_server/python-multipart-0.0.22 ben.carrasco:feat/prowler-1138-entra-conditional-access-policy-risky-sign-in-mfa ben.carrasco:feat/PROWLER-1091-create-new-stepper-implement-aws-organizations-endpoints ben.carrasco:feat/PROWLER-943-image-provider-ui ben.carrasco:dependabot/pip/werkzeug-3.1.6 ben.carrasco:dependabot/pip/flask-3.1.3 ben.carrasco:dependabot/pip/protobuf-6.33.5 ben.carrasco:feat/prowler-1139-entra-conditional-access-policy-require-password-change-high-risk-users ben.carrasco:feat/PROWLER-943-stage-3-a-image-provider-ui ben.carrasco:feat/PROWLER-940-stage-2-a-image-provider-api-rebased ben.carrasco:fix-reporting-docs-1771930526 ben.carrasco:feat/prowler-837-entra-guest-users-mfa-enabled ben.carrasco:feat/prowler-838-entra-sign-in-frequency-for-non-corporate-devices ben.carrasco:feat/prowler-836-entra-policy-blocks-unknown-unsupported-device-platforms ben.carrasco:docs-agentic-workflow ben.carrasco:aws-regions-update-173 ben.carrasco:feat/PROWLER-940-stage-2-a-image-provider-api-redo ben.carrasco:feat/PROWLER-940-stage-2-a-image-provider-api-v2 ben.carrasco:feat/PROWLER-940-stage-2-a-image-provider-api-support ben.carrasco:dependabot/pip/api/cryptography-46.0.5 ben.carrasco:PROWLER-1099-api-scan-schedule-model-provider-fk-migration ben.carrasco:PROWLER-1100-api-crud-endpoints ben.carrasco:PROWLER-1098-cron-based-scan-scheduling ben.carrasco:copilot/fix-return-in-finally-block ben.carrasco:review_metadata_gcp_artifacts ben.carrasco:feat/prowler-836-entra-policy-unknown-unsupported-device-platforms-blocked ben.carrasco:PROWLER-1033-start-api-without-neo-4-j ben.carrasco:PROWLER-1084-skill-prowler-changelog-review ben.carrasco:revert-10028-fix/fidings-filters-navitagion-fail-v4 ben.carrasco:backport/v5.18/pr-10028 ben.carrasco:backport/v5.18/pr-10025 ben.carrasco:backport/v5.18/pr-10021 ben.carrasco:backport/v5.18/pr-10017 ben.carrasco:feat/elasticsearch-integration ben.carrasco:fix/ui-scans-polling-optimization ben.carrasco:image-scan-poc ben.carrasco:dependabot/pip/master/pytest-cov-6.3.0 ben.carrasco:dependabot/pip/master/coverage-7.10.7 ben.carrasco:dependabot/pip/master/pre-commit-4.3.0 ben.carrasco:dependabot/pip/master/flake8-7.3.0 ben.carrasco:dependabot/pip/master/freezegun-1.5.5 ben.carrasco:dependabot/pip/master/marshmallow-4.0.1 ben.carrasco:dependabot/pip/master/openapi-spec-validator-0.7.2 ben.carrasco:dependabot/pip/master/pytest-xdist-3.8.0 ben.carrasco:dependabot/pip/master/bandit-1.8.6 ben.carrasco:dependabot/pip/master/black-25.11.0 ben.carrasco:dependabot/pip/master/pytest-randomly-4.0.1 ben.carrasco:PROWLER-960-jwt-key-generation-fails-with-permission-error-on-fresh-docker-compose-deployment ben.carrasco:aws-regions-update-170 ben.carrasco:feat/prowler-838-entra-conditional-access-policy-enforce-sign-in-frequency ben.carrasco:v5.17 ben.carrasco:dependabot/pip/api/azure-core-1.38.0 ben.carrasco:feat/PROWLER-774-Findings-Hierarchical-Tree-View-Check-Resources ben.carrasco:PROWLER-822-high-cloudflare-zone-waf-enabled-check-false-positive ben.carrasco:backport/v5.17/pr-9892 ben.carrasco:PROWLER-690-feature-add-batch-provider-creation-endpoint-api ben.carrasco:feat/migrate-to-prek ben.carrasco:aws-regions-update-169 ben.carrasco:PROWLER-693-enhancement-add-status-field-to-provider-model-api ben.carrasco:aws-regions-update-168 ben.carrasco:dependabot/uv/mcp_server/starlette-0.49.1 ben.carrasco:dependabot/uv/mcp_server/urllib3-2.6.3 ben.carrasco:PROWLER-512-merge-attack-paths ben.carrasco:v5.16 ben.carrasco:attack-paths-demo-extras ben.carrasco:PROWLER-511-solve-one-neo-4-j-database-per-provider ben.carrasco:fix/black-formatting-validate-compliance ben.carrasco:feat/prowler-compliance-review-skill ben.carrasco:PROWLER-663-improve-skill-md-and-correct-typos-for-the-compliance-part ben.carrasco:dependabot/pip/master/google-auth-httplib2-0.2.1 ben.carrasco:feat/sns-integration ben.carrasco:feat/github-integration ben.carrasco:update-api-lock ben.carrasco:fix/v5.16-version-alignment ben.carrasco:api-5.16-changelog ben.carrasco:v5.15 ben.carrasco:feat/PROWLER-22-Risk-Radar-Component-UI-2 ben.carrasco:backport/v5.15/pr-9567 ben.carrasco:feat/api-query-performance-guide ben.carrasco:feat/ui-gga-code-review ben.carrasco:backport/v5.15/pr-9558 ben.carrasco:aws-regions-update-163 ben.carrasco:PROWLER-481-issues-with-ia-c-scan-in-bug-repos ben.carrasco:add-search-provider-bar ben.carrasco:chore/ui-e2e-cloud-tests ben.carrasco:feat/ui-scans-resources-link ben.carrasco:backport/v5.14/pr-9489 ben.carrasco:backport/v5.14/pr-9487 ben.carrasco:aws-regions-update-162 ben.carrasco:feat/PROWLER-34-Risk-Plot-Component-UI ben.carrasco:rbi-framework-support ben.carrasco:PROWLER-XX-separate-runner-for-aws-tests ben.carrasco:v5.14 ben.carrasco:feat/api-providers-severity-endpoint ben.carrasco:feat/PROWLER-447-Attack-surface-component-Front ben.carrasco:backport/v5.14/pr-9345 ben.carrasco:aws-regions-update-161 ben.carrasco:PROWLER-182-kubernetes-add-and-connect-the-provider ben.carrasco:PROWLER-181-gcp-add-and-connect-the-provider ben.carrasco:backport/v5.13/pr-9274 ben.carrasco:PRWLR-7853-asff-first-observed-at-is-not-taking-into-account-the-finding-can-exist ben.carrasco:backport/v5.13/pr-9208 ben.carrasco:v5.13 ben.carrasco:PRWLR-7885-fix-report-timestamps ben.carrasco:DEVREL-115-fix-anchors ben.carrasco:backport/v5.13/pr-9054 ben.carrasco:PROWLER-285-aws-add-an-connect-the-provider-sdk-default-env ben.carrasco:prwlr-7751-github-app-authentication-incorrectly-handles-key-parameter-and-environment-variables ben.carrasco:PROWLER-376-update-docs-with-gcp-permissions ben.carrasco:DEVREL-98-include-open-api-specification-in-mintlify ben.carrasco:add-timeout-thread ben.carrasco:DEVREL-109-add-link-to-aws-console-in-aws-findings ben.carrasco:PROWLER-185-launch-scheduled-scan ben.carrasco:add-links-to-iac-findings ben.carrasco:PROWLER-186-launch-on-demand-scan ben.carrasco:chore-api-prowler-version-update ben.carrasco:api-mintlify-docs ben.carrasco:PROWLER-188-invite-new-user ben.carrasco:PROWLER-197-out-of-scope-github-add-an-connect-the-provider ben.carrasco:PROWLER-XX-check-all-checks-have-passed ben.carrasco:backport/v5.13/pr-9062 ben.carrasco:PROWLER-253-extract-aws-data-from-prowler-database-and-transform-it-to-be-ingested-by-cartography ben.carrasco:workshop-as-docs ben.carrasco:create-alibaba-provider ben.carrasco:PRWLR-7835-amazon-bedrock ben.carrasco:feat/gcp-cloudstorage-versioning-enabled ben.carrasco:feat/cloudflare-provider ben.carrasco:feat/stuck-scans-command ben.carrasco:PROWLER-XX-update-changelogs ben.carrasco:refactor/graph-components-kebab-case ben.carrasco:fix-threatscore-s3-location ben.carrasco:demo-api-key ben.carrasco:trigger-preview ben.carrasco:api-changelog-1-14 ben.carrasco:feat/PRWLR-7763-new-credentials-form ben.carrasco:PROWLER-258-github-social-sign-up ben.carrasco:feat/PRWLR-7933-UI-Api-Key ben.carrasco:attribute-error-in-m365 ben.carrasco:v5.12 ben.carrasco:api-keys-docs-improvement ben.carrasco:iac-in-the-app ben.carrasco:pr-8743 ben.carrasco:PRWLR-8174-add-additional-compliance-information-to-compliance-detail-page-ui ben.carrasco:PRWLR-7170-improve-html-output-in-prowler ben.carrasco:todo-check-class ben.carrasco:review-metadata-aws-neptune ben.carrasco:fix/nextjs-cache-folder-not-found ben.carrasco:update-api-dependency-v5.12-1757406446 ben.carrasco:aws-services-regions-updated-422a8a0f625cee103be5e5a97b9639f49997b949 ben.carrasco:PRWLR-7873-add-all-finding-fields-in-the-ticket-summary-table-jira ben.carrasco:backport/v5.11/pr-8619 ben.carrasco:backport/v5.11/pr-8629 ben.carrasco:backport/v5.11/pr-8638 ben.carrasco:aws-services-regions-updated-fdb76e78207e10cf07660bbfa70665fc6552c0dd ben.carrasco:v5.11 ben.carrasco:nitpicks/7e7fce94-067a-47b0-b6d1-9b1f4ccac28f ben.carrasco:PRWLR-6707-create-a-way-of-reporting-for-prowler-threatscore ben.carrasco:v5.10 ben.carrasco:fix-threatscore-scoring ben.carrasco:PRWLR-7212-recommend-fix ben.carrasco:PRWLR-7784-cloud-providers-connection-filter-status-labels ben.carrasco:add-posthog-integration ben.carrasco:PRWLR-7732-add-mutelist-menu-item ben.carrasco:v5.9 ben.carrasco:alert-autofix-55 ben.carrasco:PRWLR-7212-recommend ben.carrasco:nitpicks/678b4540-69e7-4be1-802c-11e249359177 ben.carrasco:nitpicks/578b4540-69e7-4be1-802c-11e249359177 ben.carrasco:nitpicks/578b4540-69e7-4be1-802c-11e249359176 ben.carrasco:nitpicks/578b4540-69e7-4be1-802c-11e249359175 ben.carrasco:nitpicks/578b4540-69e7-4be1-802c-11e249359174 ben.carrasco:PRWLR-7606-add-github-provider-to-ui ben.carrasco:fix/kisa-isms-p_compilance ben.carrasco:fix-gh-typo ben.carrasco:backport/v5.9/pr-8265 ben.carrasco:PRWLR-7569-create-different-flows-of-onboarding-in-m-365 ben.carrasco:feature/add-posthog-analytics ben.carrasco:PRWLR-7635-mongodbatlas-additional-checks ben.carrasco:PRWLR-7635-mongodbatlas-provider-foundation ben.carrasco:v5.8 ben.carrasco:PRWLR-6064-change-user-deletion-api-response ben.carrasco:backport/v5.8/pr-8257 ben.carrasco:backport/v5.7/pr-8270 ben.carrasco:update-fixers-docs ben.carrasco:PRWLR-7205-migrate-fixers-to-new-class-structure ben.carrasco:PRWLR-5093-design-the-fixer-class ben.carrasco:PRWLR-7597-fix-and-optimize-search-filters-for-findings-and-resources ben.carrasco:backport/v5.8/pr-8253 ben.carrasco:PRWLR-7512-create-custom-link-component ben.carrasco:PRWLR-7524-improve-api-performance-on-scan-page-using-include-param ben.carrasco:v5.7 ben.carrasco:PRWLR-7386-playwright-setup-nextjs ben.carrasco:backport/v5.7/pr-8087 ben.carrasco:PRWLR-7459-support-for-scanning-remote-git-repositories-specified-by-url ben.carrasco:api-add-missing-map ben.carrasco:PRWLR-7346-create-a-db-helper-to-create-indexes-following-best-practices ben.carrasco:PRWLR-4758-django-must-support-read-only-replica-database-config ben.carrasco:PRWLR-7134-api-performance-tests-for-resources ben.carrasco:fix/update-changelog-and-block-1st-item-in-providers-selector ben.carrasco:psql-proxy ben.carrasco:PRWLR-7292-old-scans-not-shown-when-all-providers-have-connection-fail ben.carrasco:PRWLR-7160-findings-page-scan-id-filter-improvement ben.carrasco:showdown-demo ben.carrasco:backport/v5.7/pr-7928 ben.carrasco:PRWLR-7302-nextjs-analyst ben.carrasco:backport/v5.7/pr-7921 ben.carrasco:PRWLR-7297-django-endpoint ben.carrasco:api-changelog-5.7.2 ben.carrasco:update-changelog ben.carrasco:PRWLR-7318-add-ia-c-provider-tests ben.carrasco:PRWLR-6367-create-a-finding-new-uid-column-to-avoid-length-limitations ben.carrasco:PRWLR-5556-ensure-inactive-users-are-reviewed-and-removed-periodically ben.carrasco:fix/7508-review-fixes ben.carrasco:PRWLR-5989-ensure-that-spf-records-are-published-for-all-exchange ben.carrasco:v5.6 ben.carrasco:backport/v5.6/pr-7746 ben.carrasco:PRWLR-7117-implement-new-findings-latest-endpoint-API-UI ben.carrasco:poc-ui-e2e ben.carrasco:review-changelogs-for-v5.6 ben.carrasco:v5.5 ben.carrasco:PRWLR-6373-Implement-Compliance-Outputs-UI-temp ben.carrasco:PRWLR-6886-sdk-aws-resource-po-c ben.carrasco:PRWLR-6834-exclude-checks-in-prowler-api ben.carrasco:improve-rls-policies ben.carrasco:M365-testing ben.carrasco:PRWLR-6643-capture-sentry-exceptions ben.carrasco:PRWLR-6464-running-into-302-error-subscription-could-not-be-found-7214 ben.carrasco:v4.6 ben.carrasco:PRWLR-6469-review-resource-types-in-check-metadata-2nd-round ben.carrasco:v5.4 ben.carrasco:backport/v4.6/pr-7420 ben.carrasco:v3 ben.carrasco:backport/v4.6/pr-7410 ben.carrasco:backport/v4.6/pr-7330 ben.carrasco:backport/v3/pr-7330 ben.carrasco:improve-deletion-process ben.carrasco:PRWLR-6502-improve-docs-adding-videos ben.carrasco:PRWLR-6472-add-docs-inside-ui-page-for-each-provider ben.carrasco:PRWLR-6455-change-microsoft-365-check-names ben.carrasco:revert-7112-PRWLR-6398-upgrade-poetry-to-v-2-in-prowler ben.carrasco:fix-api-prowler-dep ben.carrasco:backport/v4.6/pr-7205 ben.carrasco:backport/v5.4/pr-7141 ben.carrasco:v5.3 ben.carrasco:PRWLR-5956-Export-Artifacts-only-UIpart-v2 ben.carrasco:backport/v5.2/pr-6947 ben.carrasco:backport/v4.6/pr-6896 ben.carrasco:backport/v4.6/pr-6908 ben.carrasco:PRWLR-5956-Export-Artifacts-only-UIpart ben.carrasco:PRWLR-5860-ensure-security-defaults-is-disabled ben.carrasco:v5.2 ben.carrasco:backport/v3/pr-6823 ben.carrasco:backport/v3/pr-6822 ben.carrasco:backport/v3/pr-6824 ben.carrasco:PRWLR-6129-review-check-report-init-for-region-resource-id-resource-arn ben.carrasco:PRWLR-5956-Export-Artifacts ben.carrasco:PRWLR-6143-fix-error-related-with-detect-secrets ben.carrasco:v5.1 ben.carrasco:v5.0 ben.carrasco:backport/v3/pr-6611 ben.carrasco:backport/v3/pr-6352 ben.carrasco:PRWLR-5573-ensure-scanners-are-in-place-for-open-source-vulnerabilities-in-used-packages ben.carrasco:PRWLR-4669-Roles-Page-UI-with-API-changes ben.carrasco:PRWLR-5831-review-and-fix-all-the-nonetypes-from-prod-logs ben.carrasco:PRWLR-4669-Roles-Page-API-UI ben.carrasco:PRWLR-5516-ensure-branch-protection-is-enforced-on-the-default-branch ben.carrasco:PRWLR-5535-ensure-linear-history-is-required ben.carrasco:backport/v3/pr-6122 ben.carrasco:PRWLR-5696-debug-django-loosing-db-connections ben.carrasco:backport/v4.4/pr-5195 ben.carrasco:PRWLR-5513-enforce-two-approval-requirement-for-code-changes-in-git-hub-repositories ben.carrasco:PRWLR-5550-Scans-New-attribute-Next-scan-schedule ben.carrasco:backport/v3/pr-5961 ben.carrasco:PRWLR-4785-remove-only-logs ben.carrasco:v4.5 ben.carrasco:PRWLR-5281-po-c-development ben.carrasco:PRWLR-5266-review-checks-executed-by-sdk-and-cli ben.carrasco:v4.4 ben.carrasco:PRWLR-4539-iam-customer-managed-policies-should-not-allow-decryption-actions-on-all-kms-keys ben.carrasco:PRWLR-4554-open-search-domains-should-have-at-least-three-data-nodes-with-zone-awareness-enabled ben.carrasco:PRWLR-4969-ensure-elasticsearch-domains-have-at-least-three-dedicated-master-nodes ben.carrasco:prowler-inventory ben.carrasco:PRWLR-4985-fix-resource-type-aws-metadata ben.carrasco:PRWLR-4782-research-about-removing-the-checks-metadata-loading-from-the-check-class ben.carrasco:v4.3 ben.carrasco:PRWLR-4785-review-only-logs-and-remove-it ben.carrasco:PRWLR-4820-error-in-gcp-execution-error-global-key-error-32-accounts ben.carrasco:PRWLR-4778-git-hub-issue-ensure-no-security-groups-allow-ingress-from-wide-open-non-rfc-1918-address-false-positive-4936 ben.carrasco:improve-ocsf ben.carrasco:PRWLR-4674-refactor-cloudfront-service ben.carrasco:dev-memory-management-optimization-poc ben.carrasco:PRWLR-4601-conflicting-documentation-for-mutelist-tags-on-aws-4782 ben.carrasco:PRWLR-4226-bad-dynamo-db-checks-i-ds ben.carrasco:PRWLR-3963-Create-new-tests-for-new-impersonate-account-of-GCP ben.carrasco:revert-4202-bugfix/execute-custom-rules ben.carrasco:v4.2 ben.carrasco:PRWLR-3773-add-listing-functions-to-new-cli ben.carrasco:PRWLR-3778-kubernetes-core-service-error ben.carrasco:PRWLR-3635-Azure-Review-checks-iam_subscription_roles_owner_custom_not_created-and-iam_custom_role_has_permissions_to_administer_resource_locks ben.carrasco:PRWLR-752-run-subservices-by-service-subservices ben.carrasco:PRWLR-2756-OSS-Amazon-Managed-Streaming-for-Apache-Kafka-MSK-Checks ben.carrasco:PRWLR-3666-bug-check-failing-due-to-iam-roles-created-by-aws-control-tower-and-aft-with-administrator-access-policy-3810 ben.carrasco:elasticache-keyerror ben.carrasco:PRWLR-3580-oss-map-k-8-s-checks-to-mitre-att-ck-framework ben.carrasco:cis-azure-fixes ben.carrasco:3865-bug-efs_not_publicly_accessible-does-not-consider-recommended-aws-condition ben.carrasco:v4.1 ben.carrasco:new-public-exposed-checks ben.carrasco:json-ocsf-checkid ben.carrasco:ens_compliance ben.carrasco:work-on-audit-manager ben.carrasco:refactor-audit-info-sagemaker ben.carrasco:bypass-compute-service ben.carrasco:fix-audit-info-tests ben.carrasco:PRWLR-2798-prowler-create-flag-to-remove-output-files-if-sent-to-an-external-provider ben.carrasco:fix-vpc_different_regions ben.carrasco:prowler-2 ben.carrasco:load-once-checks-metadata-info
ben.carrasco:5.22.0 ben.carrasco:5.21.1 ben.carrasco:5.21.0 ben.carrasco:5.20.0 ben.carrasco:5.19.0 ben.carrasco:5.18.3 ben.carrasco:5.18.2 ben.carrasco:5.18.1 ben.carrasco:5.18.0 ben.carrasco:5.17.1 ben.carrasco:5.17.0 ben.carrasco:5.16.1 ben.carrasco:5.16.0 ben.carrasco:5.15.1 ben.carrasco:5.15.0 ben.carrasco:5.14.2 ben.carrasco:5.14.1 ben.carrasco:5.14.0 ben.carrasco:5.13.1 ben.carrasco:5.13.0 ben.carrasco:5.12.3 ben.carrasco:5.12.2 ben.carrasco:5.12.1 ben.carrasco:5.12.0 ben.carrasco:5.11.0 ben.carrasco:5.10.2 ben.carrasco:5.10.1 ben.carrasco:5.10.0 ben.carrasco:5.9.2 ben.carrasco:5.9.1 ben.carrasco:5.9.0 ben.carrasco:5.8.1 ben.carrasco:5.8.0 ben.carrasco:5.7.5 ben.carrasco:5.7.4 ben.carrasco:5.7.3 ben.carrasco:5.7.2 ben.carrasco:5.7.1 ben.carrasco:5.7.0 ben.carrasco:5.6.0 ben.carrasco:5.5.1 ben.carrasco:5.5.0 ben.carrasco:5.4.4 ben.carrasco:5.4.3 ben.carrasco:5.4.2 ben.carrasco:5.4.1 ben.carrasco:5.4.0 ben.carrasco:5.3.0 ben.carrasco:5.2.3 ben.carrasco:5.2.2 ben.carrasco:5.2.1 ben.carrasco:5.2.0 ben.carrasco:5.1.5 ben.carrasco:5.1.4 ben.carrasco:5.1.3 ben.carrasco:5.1.2 ben.carrasco:5.1.1 ben.carrasco:5.1.0 ben.carrasco:5.0.5 ben.carrasco:5.0.4 ben.carrasco:5.0.3 ben.carrasco:5.0.2 ben.carrasco:5.0.1 ben.carrasco:4.6.2 ben.carrasco:5.0.0 ben.carrasco:4.6.1 ben.carrasco:4.6.0 ben.carrasco:4.5.3 ben.carrasco:4.5.2 ben.carrasco:4.5.1 ben.carrasco:4.5.0 ben.carrasco:4.4.1 ben.carrasco:4.4.0 ben.carrasco:4.3.7 ben.carrasco:4.3.6 ben.carrasco:3.16.17 ben.carrasco:4.3.5 ben.carrasco:4.3.4 ben.carrasco:3.16.16 ben.carrasco:3.16.15 ben.carrasco:4.3.3 ben.carrasco:4.3.2 ben.carrasco:4.3.1 ben.carrasco:4.3.0 ben.carrasco:3.16.14 ben.carrasco:3.16.13 ben.carrasco:3.16.12 ben.carrasco:3.16.11 ben.carrasco:3.16.10 ben.carrasco:4.2.4 ben.carrasco:4.2.3 ben.carrasco:3.16.9 ben.carrasco:4.2.2 ben.carrasco:3.16.8 ben.carrasco:3.16.7 ben.carrasco:3.16.6 ben.carrasco:4.2.1 ben.carrasco:4.2.0 ben.carrasco:3.16.5 ben.carrasco:3.16.4 ben.carrasco:3.16.3 ben.carrasco:4.1.0 ben.carrasco:3.16.2 ben.carrasco:3.16.1 ben.carrasco:4.0.1 ben.carrasco:4.0.0 ben.carrasco:3.16.0 ben.carrasco:3.15.3 ben.carrasco:3.15.2 ben.carrasco:3.15.1 ben.carrasco:3.15.0 ben.carrasco:3.14.0 ben.carrasco:3.13.1 ben.carrasco:3.13.0 ben.carrasco:3.12.1 ben.carrasco:3.12.0 ben.carrasco:3.11.3 ben.carrasco:3.11.2 ben.carrasco:3.11.1 ben.carrasco:3.11.0 ben.carrasco:3.10.0 ben.carrasco:3.9.0 ben.carrasco:3.8.2 ben.carrasco:3.8.1 ben.carrasco:3.8.0 ben.carrasco:3.7.2 ben.carrasco:3.7.1 ben.carrasco:3.7.0 ben.carrasco:3.6.1 ben.carrasco:3.6.0 ben.carrasco:3.5.3 ben.carrasco:3.5.2 ben.carrasco:3.5.1 ben.carrasco:3.5.0 ben.carrasco:3.4.1 ben.carrasco:3.4.0 ben.carrasco:3.3.4 ben.carrasco:3.3.3 ben.carrasco:3.3.2 ben.carrasco:3.3.1 ben.carrasco:3.3.0 ben.carrasco:3.2.4 ben.carrasco:3.2.3 ben.carrasco:3.2.2 ben.carrasco:3.2.1 ben.carrasco:3.2.0 ben.carrasco:3.1.4 ben.carrasco:3.1.3 ben.carrasco:3.1.2 ben.carrasco:3.1.1 ben.carrasco:3.1.0 ben.carrasco:3.0.2 ben.carrasco:3.0.1 ben.carrasco:3.0.0 ben.carrasco:2.12.1 ben.carrasco:2.12.0 ben.carrasco:2.11.0 ben.carrasco:2.10.0 ben.carrasco:2.9.0 ben.carrasco:2.8.1 ben.carrasco:2.8.0 ben.carrasco:2.7.0 ben.carrasco:2.6.1 ben.carrasco:2.6.0 ben.carrasco:2.5.0 ben.carrasco:2.4.1 ben.carrasco:2.4.0 ben.carrasco:2.3.0-18122020 ben.carrasco:2.3.0RC ben.carrasco:2.2.0 ben.carrasco:2.0 ben.carrasco:2.0-Beta ben.carrasco:1.6 ben.carrasco:1.5 ben.carrasco:1.4 ben.carrasco:1.3 ben.carrasco:1.2 ben.carrasco:1.1.1 ben.carrasco:1.1 ben.carrasco:1.0

23 Commits
PRWLR-6464 ... PRWLR-6455

Author SHA1 Message Date
HugoPBrito
cf80c41ce8 fix: entra_policy_ensure_default_user_cannot_create_tenants alias 2025-03-17 11:07:00 +01:00
HugoPBrito
d6dc91062c feat: final renames and add aliases 2025-03-17 11:04:44 +01:00
HugoPBrito
2d10e4023a Merge branch 'master' of https://github.com/prowler-cloud/prowler into PRWLR-6455-change-microsoft-365-check-names 2025-03-14 14:17:17 +01:00
HugoPBrito
5f88e5a628 refactor: rename check 2025-03-14 13:27:17 +01:00
HugoPBrito
e420ff31d1 Revert "refactor: rename entra_policy_ensure_default_user_cannot_create_tenants" 
This reverts commit 55a8310334.
 2025-03-14 13:23:51 +01:00
HugoPBrito
be204fec1c refactor: test names 2025-03-14 13:19:12 +01:00
Pablo Lara
89d4c521ba chore(social-login): disable social login buttons when env vars are not set (#7238) 2025-03-14 11:32:22 +01:00
HugoPBrito
bfabc65324 refactor: rename entra_admin_mfa_enabled_for_administrative_roles 2025-03-13 20:59:54 +01:00
HugoPBrito
6e22d0839a refactor: rename entra_admin_users_sign_in_frequency_enabled 2025-03-13 20:58:04 +01:00
HugoPBrito
0db303b926 refactor: rename entra_thirdparty_integrated_apps_not_allowed 2025-03-13 20:56:34 +01:00
HugoPBrito
97616bc541 feat: enhance remediation other 2025-03-13 20:55:10 +01:00
HugoPBrito
7a4f0399c5 refactor: rename entra_password_hash_sync_enabled 2025-03-13 20:52:54 +01:00
HugoPBrito
bf47642d46 refactor: rename entra_enterprise_app_admin_consent_workflow_enabled 2025-03-13 20:50:46 +01:00
HugoPBrito
49cd10136d refactor: rename entra_dynamic_group_for_guests_created 2025-03-13 20:50:00 +01:00
HugoPBrito
55a8310334 refactor: rename entra_policy_ensure_default_user_cannot_create_tenants 2025-03-13 20:48:33 +01:00
HugoPBrito
b69f79f0fa refactor: rename entra_ca_policy_identity_protection_user_risk_enabled 2025-03-13 20:43:50 +01:00
HugoPBrito
b39ec544cf refactor: rename entra_ca_policy_identity_protection_sign_in_risk_enabled 2025-03-13 20:42:59 +01:00
HugoPBrito
dab3ae4872 refactor: rename entra_managed_device_required_for_authentication 2025-03-13 20:40:44 +01:00
HugoPBrito
391b10d79f refactor: rename entra_identity_protection_user_risk_enabled 2025-03-13 20:10:56 +01:00
HugoPBrito
4ab392a4c1 refactor: rename entra_identity_protection_sign_in_risk_enabled 2025-03-13 20:08:36 +01:00
HugoPBrito
f0d4c2cfda refactor: enhance entra_organization_admin_consent_workflow_enabled rename 2025-03-13 20:04:48 +01:00
HugoPBrito
1ab91b0cae refactor: rename entra_admin_portals_role_limited_access 2025-03-13 19:54:35 +01:00
HugoPBrito
3bf62f7b70 refactor: rename entra_admin_consent_workflow_enabled 2025-03-13 19:47:14 +01:00
73 changed files with 409 additions and 439 deletions
Expand all files Collapse all files

6
docs/tutorials/azure/use-non-default-cloud.md
View File

@@ -6,11 +6,7 @@ By default, Prowler uses `AzureCloud` cloud which is the comercial one. (you can
At the time of writing this documentation the available Azure Clouds from different regions are the following:
- AzureCloud
- AzureChinaCloud
- AzureUSGovernmentL4
- AzureUSGovernmentL5
???+ note
More information about Azure US Goverment region [here](https://devblogs.microsoft.com/microsoft365dev/new-microsoft-graph-endpoints-in-us-government-cloud/)
- AzureUSGovernment
If you want to change the default one you must include the flag `--azure-region`, i.e.:

66
prowler/providers/azure/azure_provider.py
View File

@@ -17,11 +17,7 @@ from azure.identity import (
)
from azure.mgmt.subscription import SubscriptionClient
from colorama import Fore, Style
from kiota_authentication_azure.azure_identity_authentication_provider import (
AzureIdentityAuthenticationProvider,
)
from msgraph import GraphRequestAdapter, GraphServiceClient
from msgraph_core import GraphClientFactory
from msgraph import GraphServiceClient
from prowler.config.config import (
default_config_file_path,
@@ -206,7 +202,7 @@ class AzureProvider(Provider):
... sp_env_auth=True,
... browser_auth=False,
... managed_identity_auth=False,
... region="AzureUSGovernmentL4",
... region="AzureUSGovernment",
... )
- Subscriptions: rowler is multisubscription, which means that is going to scan all the subscriptions is able to list. If you only assign permissions to one subscription, it is going to scan a single one.
Prowler also allows you to specify the subscriptions you want to scan by passing a list of subscription IDs.
@@ -410,8 +406,6 @@ class AzureProvider(Provider):
authority=config["authority"],
base_url=config["base_url"],
credential_scopes=config["credential_scopes"],
graph_credential_scopes=config["graph_credential_scopes"],
graph_base_url=config["graph_base_url"],
)
except ArgumentTypeError as validation_error:
logger.error(
@@ -897,31 +891,7 @@ class AzureProvider(Provider):
logger.info(
"Trying to retrieve tenant domain from AAD to populate identity structure ..."
)
if self.region_config.name == "AzureCloud":
client = GraphServiceClient(
credentials=credentials,
scopes=self.region_config.graph_credential_scopes,
)
else:
auth_provider = AzureIdentityAuthenticationProvider(
credentials,
scopes=self.region_config.graph_credential_scopes,
allowed_hosts=[
self.region_config.graph_base_url.replace(
"http://", ""
).replace("https://", "")
],
)
http_client = GraphClientFactory.create_with_default_middleware(
host=self.region_config.graph_base_url
)
adapter = GraphRequestAdapter(
auth_provider=auth_provider, client=http_client
)
adapter.base_url = self.region_config.graph_base_url
client = GraphServiceClient(
request_adapter=adapter,
)
client = GraphServiceClient(credentials=credentials)
domain_result = await client.domains.get()
if getattr(domain_result, "value"):
@@ -960,35 +930,9 @@ class AzureProvider(Provider):
identity.identity_type = "User"
try:
logger.info(
"Trying to retrieve user information from Microsoft Graph to populate identity structure ..."
"Trying to retrieve user information from AAD to populate identity structure ..."
)
if self.region_config.name == "AzureCloud":
client = GraphServiceClient(
credentials=credentials,
scopes=self.region_config.graph_credential_scopes,
)
else:
auth_provider = AzureIdentityAuthenticationProvider(
credentials,
scopes=self.region_config.graph_credential_scopes,
allowed_hosts=[
self.region_config.graph_base_url.replace(
"http://", ""
).replace("https://", "")
],
)
http_client = (
GraphClientFactory.create_with_default_middleware(
host=self.region_config.graph_base_url
)
)
adapter = GraphRequestAdapter(
auth_provider=auth_provider, client=http_client
)
adapter.base_url = self.region_config.graph_base_url
client = GraphServiceClient(
request_adapter=adapter,
)
client = GraphServiceClient(credentials=credentials)
me = await client.me.get()
if me:

3
prowler/providers/azure/lib/arguments/arguments.py
View File

@@ -59,8 +59,7 @@ def validate_azure_region(region):
"""validate_azure_region validates if the region passed as argument is valid"""
regions_allowed = [
"AzureChinaCloud",
"AzureUSGovernmentL4",
"AzureUSGovernmentL5",
"AzureUSGovernment",
"AzureCloud",
]
if region not in regions_allowed:

27
prowler/providers/azure/lib/regions/regions.py
View File

@@ -1,45 +1,26 @@
from azure.identity import AzureAuthorityHosts
AZURE_GENERIC_CLOUD = "https://management.azure.com"
AZURE_GRAPH_GLOBAL = "https://graph.microsoft.com"
AZURE_US_GOV_CLOUD = "https://management.usgovcloudapi.net"
AZURE_GRAPH_GOV_US_L4 = "https://graph.microsoft.us"
AZURE_GRAPH_GOV_US_L5 = "https://dod-graph.microsoft.us"
AZURE_CHINA_CLOUD = "https://management.chinacloudapi.cn"
AZURE_GRAPH_CHINA = "https://microsoftgraph.chinacloudapi.cn"
AZURE_US_GOV_CLOUD = "https://management.usgovcloudapi.net"
AZURE_GENERIC_CLOUD = "https://management.azure.com"
def get_regions_config(region):
allowed_regions = {
"AzureCloud": {
"authority": AzureAuthorityHosts.AZURE_PUBLIC_CLOUD,
"authority": None,
"base_url": AZURE_GENERIC_CLOUD,
"credential_scopes": [AZURE_GENERIC_CLOUD + "/.default"],
"graph_credential_scopes": [AZURE_GRAPH_GLOBAL + "/.default"],
"graph_base_url": AZURE_GRAPH_GLOBAL,
},
"AzureChinaCloud": {
"authority": AzureAuthorityHosts.AZURE_CHINA,
"base_url": AZURE_CHINA_CLOUD,
"credential_scopes": [AZURE_CHINA_CLOUD + "/.default"],
"graph_credential_scopes": [AZURE_GRAPH_CHINA + "/.default"],
"graph_base_url": AZURE_GRAPH_CHINA,
},
"AzureUSGovernmentL4": {
"AzureUSGovernment": {
"authority": AzureAuthorityHosts.AZURE_GOVERNMENT,
"base_url": AZURE_US_GOV_CLOUD,
"credential_scopes": [AZURE_US_GOV_CLOUD + "/.default"],
"graph_credential_scopes": [AZURE_GRAPH_GOV_US_L4 + "/.default"],
"graph_base_url": AZURE_GRAPH_GOV_US_L4,
},
"AzureUSGovernmentL5": {
"authority": AzureAuthorityHosts.AZURE_GOVERNMENT,
"base_url": AZURE_US_GOV_CLOUD,
"credential_scopes": [AZURE_US_GOV_CLOUD + "/.default"],
"graph_credential_scopes": [AZURE_GRAPH_GOV_US_L5 + "/.default"],
"graph_base_url": AZURE_GRAPH_GOV_US_L5,
},
}
return allowed_regions[region]

9
prowler/providers/azure/lib/service/service.py
View File

@@ -24,14 +24,7 @@ class AzureService:
clients = {}
try:
if "GraphServiceClient" in str(service):
clients.update(
{
identity.tenant_domain: service(
credentials=session,
scopes=region_config.graph_credential_scopes,
)
}
)
clients.update({identity.tenant_domain: service(credentials=session)})
else:
for display_name, id in identity.subscriptions.items():
clients.update(

2
prowler/providers/azure/models.py
View File

@@ -18,8 +18,6 @@ class AzureRegionConfig(BaseModel):
authority: str = None
base_url: str = ""
credential_scopes: list = []
graph_credential_scopes: list = []
graph_base_url: str = ""
class AzureSubscription(BaseModel):

0
prowler/providers/microsoft365/services/entra/entra_admin_consent_workflow_enabled/__init__.py → prowler/providers/microsoft365/services/entra/entra_capolicy_admin_portals_role_limited_access/__init__.py
View File

5
prowler/providers/microsoft365/services/entra/entra_admin_portals_role_limited_access/entra_admin_portals_role_limited_access.metadata.json → prowler/providers/microsoft365/services/entra/entra_capolicy_admin_portals_role_limited_access/entra_capolicy_admin_portals_role_limited_access.metadata.json
View File

@@ -1,7 +1,10 @@
{
"Provider": "microsoft365",
"CheckID": "entra_admin_portals_role_limited_access",
"CheckID": "entra_capolicy_admin_portals_role_limited_access",
"CheckTitle": "Ensure that only administrative roles have access to Microsoft Admin Portals",
"CheckAliases": [
"entra_admin_portals_role_limited_access"
],
"CheckType": [],
"ServiceName": "entra",
"SubServiceName": "",

2
prowler/providers/microsoft365/services/entra/entra_admin_portals_role_limited_access/entra_admin_portals_role_limited_access.py → prowler/providers/microsoft365/services/entra/entra_capolicy_admin_portals_role_limited_access/entra_capolicy_admin_portals_role_limited_access.py
View File

@@ -7,7 +7,7 @@ from prowler.providers.microsoft365.services.entra.entra_service import (
)
class entra_admin_portals_role_limited_access(Check):
class entra_capolicy_admin_portals_role_limited_access(Check):
"""Check if Conditional Access policies deny access to the Microsoft 365 admin center for users with limited access roles.
This check ensures that Conditional Access policies are in place to deny access to the Microsoft 365 admin center for users with limited access roles.

0
prowler/providers/microsoft365/services/entra/entra_admin_mfa_enabled_for_administrative_roles/__init__.py → prowler/providers/microsoft365/services/entra/entra_capolicy_admin_users_sign_in_frequency_enabled/__init__.py
View File

5
prowler/providers/microsoft365/services/entra/entra_admin_users_sign_in_frequency_enabled/entra_admin_users_sign_in_frequency_enabled.metadata.json → prowler/providers/microsoft365/services/entra/entra_capolicy_admin_users_sign_in_frequency_enabled/entra_capolicy_admin_users_sign_in_frequency_enabled.metadata.json
View File

@@ -1,7 +1,10 @@
{
"Provider": "microsoft365",
"CheckID": "entra_admin_users_sign_in_frequency_enabled",
"CheckID": "entra_capolicy_admin_users_sign_in_frequency_enabled",
"CheckTitle": "Ensure Sign-in frequency periodic reauthentication is enabled and properly configured.",
"CheckAliases": [
"entra_admin_users_sign_in_frequency_enabled"
],
"CheckType": [],
"ServiceName": "entra",
"SubServiceName": "",

2
prowler/providers/microsoft365/services/entra/entra_admin_users_sign_in_frequency_enabled/entra_admin_users_sign_in_frequency_enabled.py → prowler/providers/microsoft365/services/entra/entra_capolicy_admin_users_sign_in_frequency_enabled/entra_capolicy_admin_users_sign_in_frequency_enabled.py
View File

@@ -8,7 +8,7 @@ from prowler.providers.microsoft365.services.entra.entra_service import (
)
class entra_admin_users_sign_in_frequency_enabled(Check):
class entra_capolicy_admin_users_sign_in_frequency_enabled(Check):
"""Check if Conditional Access policies enforce sign-in frequency for admin users."""
def execute(self) -> list[CheckReportMicrosoft365]:

0
prowler/providers/microsoft365/services/entra/entra_admin_portals_role_limited_access/__init__.py → prowler/providers/microsoft365/services/entra/entra_capolicy_administrative_roles_have_mfa_enabled/__init__.py
View File

5
prowler/providers/microsoft365/services/entra/entra_admin_mfa_enabled_for_administrative_roles/entra_admin_mfa_enabled_for_administrative_roles.metadata.json → prowler/providers/microsoft365/services/entra/entra_capolicy_administrative_roles_have_mfa_enabled/entra_capolicy_administrative_roles_have_mfa_enabled.metadata.json
View File

@@ -1,7 +1,10 @@
{
"Provider": "microsoft365",
"CheckID": "entra_admin_mfa_enabled_for_administrative_roles",
"CheckID": "entra_capolicy_administrative_roles_have_mfa_enabled",
"CheckTitle": "Ensure multifactor authentication is enabled for all users in administrative roles.",
"CheckAliases": [
"entra_admin_mfa_enabled_for_administrative_roles"
],
"CheckType": [],
"ServiceName": "entra",
"SubServiceName": "",

2
prowler/providers/microsoft365/services/entra/entra_admin_mfa_enabled_for_administrative_roles/entra_admin_mfa_enabled_for_administrative_roles.py → prowler/providers/microsoft365/services/entra/entra_capolicy_administrative_roles_have_mfa_enabled/entra_capolicy_administrative_roles_have_mfa_enabled.py
View File

@@ -9,7 +9,7 @@ from prowler.providers.microsoft365.services.entra.entra_service import (
)
class entra_admin_mfa_enabled_for_administrative_roles(Check):
class entra_capolicy_administrative_roles_have_mfa_enabled(Check):
"""
Ensure multifactor authentication is enabled for all users in administrative roles.

0
prowler/providers/microsoft365/services/entra/entra_admin_users_sign_in_frequency_enabled/__init__.py → prowler/providers/microsoft365/services/entra/entra_capolicy_ensure_default_user_cannot_create_tenants/__init__.py
View File

5
prowler/providers/microsoft365/services/entra/entra_policy_ensure_default_user_cannot_create_tenants/entra_policy_ensure_default_user_cannot_create_tenants.metadata.json → prowler/providers/microsoft365/services/entra/entra_capolicy_ensure_default_user_cannot_create_tenants/entra_capolicy_ensure_default_user_cannot_create_tenants.metadata.json
View File

@@ -1,7 +1,10 @@
{
"Provider": "microsoft365",
"CheckID": "entra_policy_ensure_default_user_cannot_create_tenants",
"CheckID": "entra_capolicy_ensure_default_user_cannot_create_tenants",
"CheckTitle": "Ensure that 'Restrict non-admin users from creating tenants' is set to 'Yes'",
"CheckAliases": [
"entra_policy_ensure_default_user_cannot_create_tenants"
],
"CheckType": [],
"ServiceName": "entra",
"SubServiceName": "",

2
prowler/providers/microsoft365/services/entra/entra_policy_ensure_default_user_cannot_create_tenants/entra_policy_ensure_default_user_cannot_create_tenants.py → prowler/providers/microsoft365/services/entra/entra_capolicy_ensure_default_user_cannot_create_tenants/entra_capolicy_ensure_default_user_cannot_create_tenants.py
View File

@@ -4,7 +4,7 @@ from prowler.lib.check.models import Check, CheckReportMicrosoft365
from prowler.providers.microsoft365.services.entra.entra_client import entra_client
class entra_policy_ensure_default_user_cannot_create_tenants(Check):
class entra_capolicy_ensure_default_user_cannot_create_tenants(Check):
"""Check if default users are restricted from creating tenants.
This check verifies whether the authorization policy prevents non-admin users

0
prowler/providers/microsoft365/services/entra/entra_dynamic_group_for_guests_created/__init__.py → prowler/providers/microsoft365/services/entra/entra_capolicy_identity_protection_sign_in_risk_enabled/__init__.py
View File

5
prowler/providers/microsoft365/services/entra/entra_identity_protection_sign_in_risk_enabled/entra_identity_protection_sign_in_risk_enabled.metadata.json → prowler/providers/microsoft365/services/entra/entra_capolicy_identity_protection_sign_in_risk_enabled/entra_capolicy_identity_protection_sign_in_risk_enabled.metadata.json
View File

@@ -1,7 +1,10 @@
{
"Provider": "microsoft365",
"CheckID": "entra_identity_protection_sign_in_risk_enabled",
"CheckID": "entra_capolicy_identity_protection_sign_in_risk_enabled",
"CheckTitle": "Ensure that Identity Protection sign-in risk policies are enabled",
"CheckAliases": [
"entra_identity_protection_sign_in_risk_enabled"
],
"CheckType": [],
"ServiceName": "entra",
"SubServiceName": "",

2
prowler/providers/microsoft365/services/entra/entra_identity_protection_sign_in_risk_enabled/entra_identity_protection_sign_in_risk_enabled.py → prowler/providers/microsoft365/services/entra/entra_capolicy_identity_protection_sign_in_risk_enabled/entra_capolicy_identity_protection_sign_in_risk_enabled.py
View File

@@ -8,7 +8,7 @@ from prowler.providers.microsoft365.services.entra.entra_service import (
)
class entra_identity_protection_sign_in_risk_enabled(Check):
class entra_capolicy_identity_protection_sign_in_risk_enabled(Check):
"""Check if at least one Conditional Access policy is a Identity Protection sign-in risk policy.
This check ensures that at least one Conditional Access policy is a Identity Protection sign-in risk policy.

0
prowler/providers/microsoft365/services/entra/entra_identity_protection_sign_in_risk_enabled/__init__.py → prowler/providers/microsoft365/services/entra/entra_capolicy_identity_protection_user_risk_enabled/__init__.py
View File

5
prowler/providers/microsoft365/services/entra/entra_identity_protection_user_risk_enabled/entra_identity_protection_user_risk_enabled.metadata.json → prowler/providers/microsoft365/services/entra/entra_capolicy_identity_protection_user_risk_enabled/entra_capolicy_identity_protection_user_risk_enabled.metadata.json
View File

@@ -1,7 +1,10 @@
{
"Provider": "microsoft365",
"CheckID": "entra_identity_protection_user_risk_enabled",
"CheckID": "entra_capolicy_identity_protection_user_risk_enabled",
"CheckTitle": "Ensure that Identity Protection user risk policies are enabled",
"CheckAliases": [
"entra_identity_protection_user_risk_enabled"
],
"CheckType": [],
"ServiceName": "entra",
"SubServiceName": "",

2
prowler/providers/microsoft365/services/entra/entra_identity_protection_user_risk_enabled/entra_identity_protection_user_risk_enabled.py → prowler/providers/microsoft365/services/entra/entra_capolicy_identity_protection_user_risk_enabled/entra_capolicy_identity_protection_user_risk_enabled.py
View File

@@ -8,7 +8,7 @@ from prowler.providers.microsoft365.services.entra.entra_service import (
)
class entra_identity_protection_user_risk_enabled(Check):
class entra_capolicy_identity_protection_user_risk_enabled(Check):
"""Check if at least one Conditional Access policy is a Identity Protection user risk policy.
This check ensures that at least one Conditional Access policy is a Identity Protection user risk policy.

0
prowler/providers/microsoft365/services/entra/entra_identity_protection_user_risk_enabled/__init__.py → prowler/providers/microsoft365/services/entra/entra_capolicy_managed_device_required_for_authentication/__init__.py
View File

5
prowler/providers/microsoft365/services/entra/entra_managed_device_required_for_authentication/entra_managed_device_required_for_authentication.metadata.json → prowler/providers/microsoft365/services/entra/entra_capolicy_managed_device_required_for_authentication/entra_capolicy_managed_device_required_for_authentication.metadata.json
View File

@@ -1,7 +1,10 @@
{
"Provider": "microsoft365",
"CheckID": "entra_managed_device_required_for_authentication",
"CheckID": "entra_capolicy_managed_device_required_for_authentication",
"CheckTitle": "Ensure that only managed devices are required for authentication",
"CheckAliases": [
"entra_managed_device_required_for_authentication"
],
"CheckType": [],
"ServiceName": "entra",
"SubServiceName": "",

2
prowler/providers/microsoft365/services/entra/entra_managed_device_required_for_authentication/entra_managed_device_required_for_authentication.py → prowler/providers/microsoft365/services/entra/entra_capolicy_managed_device_required_for_authentication/entra_capolicy_managed_device_required_for_authentication.py
View File

@@ -7,7 +7,7 @@ from prowler.providers.microsoft365.services.entra.entra_service import (
)
class entra_managed_device_required_for_authentication(Check):
class entra_capolicy_managed_device_required_for_authentication(Check):
"""Check if Conditional Access policies deny access to the Microsoft 365
This check ensures that Conditional Access policies are in place to enforce managed device requirement for authentication.

0
prowler/providers/microsoft365/services/entra/entra_managed_device_required_for_authentication/__init__.py → prowler/providers/microsoft365/services/entra/entra_enterpriseapps_admin_consent_workflow_enabled/__init__.py
View File

7
prowler/providers/microsoft365/services/entra/entra_admin_consent_workflow_enabled/entra_admin_consent_workflow_enabled.metadata.json → prowler/providers/microsoft365/services/entra/entra_enterpriseapps_admin_consent_workflow_enabled/entra_enterpriseapps_admin_consent_workflow_enabled.metadata.json
View File

@@ -1,13 +1,16 @@
{
"Provider": "microsoft365",
"CheckID": "entra_admin_consent_workflow_enabled",
"CheckID": "entra_enterpriseapps_admin_consent_workflow_enabled",
"CheckTitle": "Ensure the admin consent workflow is enabled.",
"CheckAliases": [
"entra_admin_consent_workflow_enabled"
],
"CheckType": [],
"ServiceName": "entra",
"SubServiceName": "",
"ResourceIdTemplate": "",
"Severity": "high",
"ResourceType": "Organization Settings",
"ResourceType": "Enterprise Applications Settings",
"Description": "Ensure that the admin consent workflow is enabled in Microsoft Entra to allow users to request admin approval for applications requiring consent.",
"Risk": "If the admin consent workflow is not enabled, users may be blocked from accessing applications that require admin consent, leading to potential work disruptions or unauthorized workarounds.",
"RelatedUrl": "https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/configure-admin-consent-workflow",

2
prowler/providers/microsoft365/services/entra/entra_admin_consent_workflow_enabled/entra_admin_consent_workflow_enabled.py → prowler/providers/microsoft365/services/entra/entra_enterpriseapps_admin_consent_workflow_enabled/entra_enterpriseapps_admin_consent_workflow_enabled.py
View File

@@ -4,7 +4,7 @@ from prowler.lib.check.models import Check, CheckReportMicrosoft365
from prowler.providers.microsoft365.services.entra.entra_client import entra_client
class entra_admin_consent_workflow_enabled(Check):
class entra_enterpriseapps_admin_consent_workflow_enabled(Check):
"""
Ensure the admin consent workflow is enabled in Microsoft Entra.

0
prowler/providers/microsoft365/services/entra/entra_password_hash_sync_enabled/__init__.py → prowler/providers/microsoft365/services/entra/entra_groups_dynamicgroup_for_guests_created/__init__.py
View File

5
prowler/providers/microsoft365/services/entra/entra_dynamic_group_for_guests_created/entra_dynamic_group_for_guests_created.metadata.json → prowler/providers/microsoft365/services/entra/entra_groups_dynamicgroup_for_guests_created/entra_groups_dynamicgroup_for_guests_created.metadata.json
View File

@@ -1,7 +1,10 @@
{
"Provider": "microsoft365",
"CheckID": "entra_dynamic_group_for_guests_created",
"CheckID": "entra_groups_dynamicgroup_for_guests_created",
"CheckTitle": "Ensure a dynamic group for guest users is created.",
"CheckAliases": [
"entra_dynamicgroup_for_guests_created"
],
"CheckType": [],
"ServiceName": "entra",
"SubServiceName": "",

2
prowler/providers/microsoft365/services/entra/entra_dynamic_group_for_guests_created/entra_dynamic_group_for_guests_created.py → prowler/providers/microsoft365/services/entra/entra_groups_dynamicgroup_for_guests_created/entra_groups_dynamicgroup_for_guests_created.py
View File

@@ -4,7 +4,7 @@ from prowler.lib.check.models import Check, CheckReportMicrosoft365
from prowler.providers.microsoft365.services.entra.entra_client import entra_client
class entra_dynamic_group_for_guests_created(Check):
class entra_groups_dynamicgroup_for_guests_created(Check):
"""
Check if a dynamic group for guest users is created in Microsoft Entra.

0
prowler/providers/microsoft365/services/entra/entra_policy_ensure_default_user_cannot_create_tenants/__init__.py → prowler/providers/microsoft365/services/entra/entra_organization_password_hash_sync_enabled/__init__.py
View File

5
prowler/providers/microsoft365/services/entra/entra_password_hash_sync_enabled/entra_password_hash_sync_enabled.metadata.json → prowler/providers/microsoft365/services/entra/entra_organization_password_hash_sync_enabled/entra_organization_password_hash_sync_enabled.metadata.json
View File

@@ -1,7 +1,10 @@
{
"Provider": "microsoft365",
"CheckID": "entra_password_hash_sync_enabled",
"CheckID": "entra_organization_password_hash_sync_enabled",
"CheckTitle": "Ensure that password hash sync is enabled for hybrid deployments.",
"CheckAliases": [
"entra_password_hash_sync_enabled"
],
"CheckType": [],
"ServiceName": "entra",
"SubServiceName": "",

2
prowler/providers/microsoft365/services/entra/entra_password_hash_sync_enabled/entra_password_hash_sync_enabled.py → prowler/providers/microsoft365/services/entra/entra_organization_password_hash_sync_enabled/entra_organization_password_hash_sync_enabled.py
View File

@@ -4,7 +4,7 @@ from prowler.lib.check.models import Check, CheckReportMicrosoft365
from prowler.providers.microsoft365.services.entra.entra_client import entra_client
class entra_password_hash_sync_enabled(Check):
class entra_organization_password_hash_sync_enabled(Check):
"""
Check if password hash synchronization is enabled for hybrid Microsoft Entra deployments.

0
prowler/providers/microsoft365/services/entra/entra_thirdparty_integrated_apps_not_allowed/__init__.py → prowler/providers/microsoft365/services/entra/entra_users_thirdparty_integrated_apps_not_allowed/__init__.py
View File

11
prowler/providers/microsoft365/services/entra/entra_thirdparty_integrated_apps_not_allowed/entra_thirdparty_integrated_apps_not_allowed.metadata.json → prowler/providers/microsoft365/services/entra/entra_users_thirdparty_integrated_apps_not_allowed/entra_users_thirdparty_integrated_apps_not_allowed.metadata.json
View File

@@ -1,13 +1,16 @@
{
"Provider": "microsoft365",
"CheckID": "entra_thirdparty_integrated_apps_not_allowed",
"CheckTitle": "Ensure third party integrated applications are not allowed",
"CheckID": "entra_users_thirdparty_integrated_apps_not_allowed",
"CheckTitle": "Ensure only administrators or appropriately delegated users can register third-party applications.",
"CheckAliases": [
"entra_thirdparty_integrated_apps_not_allowed"
],
"CheckType": [],
"ServiceName": "entra",
"SubServiceName": "",
"ResourceIdTemplate": "",
"Severity": "high",
"ResourceType": "User settings",
"ResourceType": "Users settings",
"Description": "Require administrators or appropriately delegated users to register third-party applications.",
"Risk": "It is recommended to only allow an administrator to register custom-developed applications. This ensures that the application undergoes a formal security review and approval process prior to exposing Azure Active Directory data. Certain users like developers or other high-request users may also be delegated permissions to prevent them from waiting on an administrative user. Your organization should review your policies and decide your needs.",
"RelatedUrl": "https://learn.microsoft.com/en-us/entra/identity-platform/how-applications-are-added#who-has-permission-to-add-applications-to-my-microsoft-entra-instance",
@@ -15,7 +18,7 @@
"Code": {
"CLI": "",
"NativeIaC": "",
"Other": "1. From Entra select the Portal Menu 2. Select Azure Active Directory 3. Select Users 4. Select User settings 5. Ensure that Users can register applications is set to No",
"Other": "1. Navigate to Microsoft Entra admin center https://entra.microsoft.com/. 2. Click to expand Identity > Users select Users settings. 3. Set Users can register applications to No. 4. Click Save.",
"Terraform": ""
},
"Recommendation": {

2
prowler/providers/microsoft365/services/entra/entra_thirdparty_integrated_apps_not_allowed/entra_thirdparty_integrated_apps_not_allowed.py → prowler/providers/microsoft365/services/entra/entra_users_thirdparty_integrated_apps_not_allowed/entra_users_thirdparty_integrated_apps_not_allowed.py
View File

@@ -4,7 +4,7 @@ from prowler.lib.check.models import Check, CheckReportMicrosoft365
from prowler.providers.microsoft365.services.entra.entra_client import entra_client
class entra_thirdparty_integrated_apps_not_allowed(Check):
class entra_users_thirdparty_integrated_apps_not_allowed(Check):
"""Check if third-party integrated apps are not allowed for non-admin users in Entra.
This check verifies that non-admin users are not allowed to create third-party apps.

0
prowler/providers/microsoft365/services/sharepoint/sharepoint_external_sharing_managed/__init__.py → prowler/providers/microsoft365/services/sharepoint/sharepoint_settings_external_sharing_managed/__init__.py
View File

5
prowler/providers/microsoft365/services/sharepoint/sharepoint_external_sharing_managed/sharepoint_external_sharing_managed.metadata.json → prowler/providers/microsoft365/services/sharepoint/sharepoint_settings_external_sharing_managed/sharepoint_settings_external_sharing_managed.metadata.json
View File

@@ -1,6 +1,9 @@
{
"Provider": "microsoft365",
"CheckID": "sharepoint_external_sharing_managed",
"CheckID": "sharepoint_settings_external_sharing_managed",
"CheckAliases": [
"sharepoint_external_sharing_managed"
],
"CheckTitle": "Ensure SharePoint external sharing is managed through domain whitelists/blacklists.",
"CheckType": [],
"ServiceName": "sharepoint",

2
prowler/providers/microsoft365/services/sharepoint/sharepoint_external_sharing_managed/sharepoint_external_sharing_managed.py → prowler/providers/microsoft365/services/sharepoint/sharepoint_settings_external_sharing_managed/sharepoint_settings_external_sharing_managed.py
View File

@@ -6,7 +6,7 @@ from prowler.providers.microsoft365.services.sharepoint.sharepoint_client import
)
class sharepoint_external_sharing_managed(Check):
class sharepoint_settings_external_sharing_managed(Check):
"""
Check if Microsoft 365 SharePoint external sharing is managed through domain whitelists/blacklists.

0
prowler/providers/microsoft365/services/sharepoint/sharepoint_external_sharing_restricted/__init__.py → prowler/providers/microsoft365/services/sharepoint/sharepoint_settings_external_sharing_restricted/__init__.py
View File

5
prowler/providers/microsoft365/services/sharepoint/sharepoint_external_sharing_restricted/sharepoint_external_sharing_restricted.metadata.json → prowler/providers/microsoft365/services/sharepoint/sharepoint_settings_external_sharing_restricted/sharepoint_settings_external_sharing_restricted.metadata.json
View File

@@ -1,7 +1,10 @@
{
"Provider": "microsoft365",
"CheckID": "sharepoint_external_sharing_restricted",
"CheckID": "sharepoint_settings_external_sharing_restricted",
"CheckTitle": "Ensure external content sharing is restricted.",
"CheckAliases": [
"sharepoint_external_sharing_restricted"
],
"CheckType": [],
"ServiceName": "sharepoint",
"SubServiceName": "",

2
prowler/providers/microsoft365/services/sharepoint/sharepoint_external_sharing_restricted/sharepoint_external_sharing_restricted.py → prowler/providers/microsoft365/services/sharepoint/sharepoint_settings_external_sharing_restricted/sharepoint_settings_external_sharing_restricted.py
View File

@@ -6,7 +6,7 @@ from prowler.providers.microsoft365.services.sharepoint.sharepoint_client import
)
class sharepoint_external_sharing_restricted(Check):
class sharepoint_settings_external_sharing_restricted(Check):
"""
Check if Microsoft 365 SharePoint restricts external sharing at organization level.

0
prowler/providers/microsoft365/services/sharepoint/sharepoint_guest_sharing_restricted/__init__.py → prowler/providers/microsoft365/services/sharepoint/sharepoint_settings_guest_sharing_restricted/__init__.py
View File

5
prowler/providers/microsoft365/services/sharepoint/sharepoint_guest_sharing_restricted/sharepoint_guest_sharing_restricted.metadata.json → prowler/providers/microsoft365/services/sharepoint/sharepoint_settings_guest_sharing_restricted/sharepoint_settings_guest_sharing_restricted.metadata.json
View File

@@ -1,7 +1,10 @@
{
"Provider": "microsoft365",
"CheckID": "sharepoint_guest_sharing_restricted",
"CheckID": "sharepoint_settings_guest_sharing_restricted",
"CheckTitle": "Ensure that SharePoint guest users cannot share items they don't own.",
"CheckAliases": [
"sharepoint_guest_sharing_restricted"
],
"CheckType": [],
"ServiceName": "sharepoint",
"SubServiceName": "",

2
prowler/providers/microsoft365/services/sharepoint/sharepoint_guest_sharing_restricted/sharepoint_guest_sharing_restricted.py → prowler/providers/microsoft365/services/sharepoint/sharepoint_settings_guest_sharing_restricted/sharepoint_settings_guest_sharing_restricted.py
View File

@@ -6,7 +6,7 @@ from prowler.providers.microsoft365.services.sharepoint.sharepoint_client import
)
class sharepoint_guest_sharing_restricted(Check):
class sharepoint_settings_guest_sharing_restricted(Check):
"""
Check if Microsoft 365 SharePoint guest sharing is restricted.

0
prowler/providers/microsoft365/services/sharepoint/sharepoint_modern_authentication_required/__init__.py → prowler/providers/microsoft365/services/sharepoint/sharepoint_settings_modern_authentication_required/__init__.py
View File

5
prowler/providers/microsoft365/services/sharepoint/sharepoint_modern_authentication_required/sharepoint_modern_authentication_required.metadata.json → prowler/providers/microsoft365/services/sharepoint/sharepoint_settings_modern_authentication_required/sharepoint_settings_modern_authentication_required.metadata.json
View File

@@ -1,7 +1,10 @@
{
"Provider": "microsoft365",
"CheckID": "sharepoint_modern_authentication_required",
"CheckID": "sharepoint_settings_modern_authentication_required",
"CheckTitle": "Ensure modern authentication for SharePoint applications is required.",
"CheckAliases": [
"sharepoint_modern_authentication_required"
],
"CheckType": [],
"ServiceName": "sharepoint",
"SubServiceName": "",

2
prowler/providers/microsoft365/services/sharepoint/sharepoint_modern_authentication_required/sharepoint_modern_authentication_required.py → prowler/providers/microsoft365/services/sharepoint/sharepoint_settings_modern_authentication_required/sharepoint_settings_modern_authentication_required.py
View File

@@ -6,7 +6,7 @@ from prowler.providers.microsoft365.services.sharepoint.sharepoint_client import
)
class sharepoint_modern_authentication_required(Check):
class sharepoint_settings_modern_authentication_required(Check):
"""
Check if Microsoft 365 SharePoint requires modern authentication.

9
tests/lib/cli/parser_test.py
View File

@@ -1293,14 +1293,12 @@ class Test_Parser:
def test_validate_azure_region_valid_regions(self):
expected_regions = [
"AzureChinaCloud",
"AzureUSGovernmentL4",
"AzureUSGovernmentL5",
"AzureUSGovernment",
"AzureCloud",
]
input_regions = [
"AzureChinaCloud",
"AzureUSGovernmentL4",
"AzureUSGovernmentL5",
"AzureUSGovernment",
"AzureCloud",
]
for region in input_regions:
@@ -1309,8 +1307,7 @@ class Test_Parser:
def test_validate_azure_region_invalid_regions(self):
expected_regions = [
"AzureChinaCloud",
"AzureUSGovernmentL4",
"AzureUSGovernmentL5",
"AzureUSGovernment",
"AzureCloud",
]
invalid_region = "non-valid-region"

4
tests/providers/azure/azure_provider_test.py
View File

@@ -66,11 +66,9 @@ class TestAzureProvider:
assert azure_provider.region_config == AzureRegionConfig(
name="AzureCloud",
authority="login.microsoftonline.com",
authority=None,
base_url="https://management.azure.com",
credential_scopes=["https://management.azure.com/.default"],
graph_credential_scopes=["https://graph.microsoft.com/.default"],
graph_base_url="https://graph.microsoft.com",
)
assert isinstance(azure_provider.session, DefaultAzureCredential)
assert azure_provider.identity == AzureIdentityInfo(

18
tests/providers/azure/lib/regions/regions_test.py
View File

@@ -3,10 +3,6 @@ from azure.identity import AzureAuthorityHosts
from prowler.providers.azure.lib.regions.regions import (
AZURE_CHINA_CLOUD,
AZURE_GENERIC_CLOUD,
AZURE_GRAPH_CHINA,
AZURE_GRAPH_GLOBAL,
AZURE_GRAPH_GOV_US_L4,
AZURE_GRAPH_GOV_US_L5,
AZURE_US_GOV_CLOUD,
get_regions_config,
)
@@ -17,33 +13,23 @@ class Test_azure_regions:
allowed_regions = [
"AzureCloud",
"AzureChinaCloud",
"AzureUSGovernmentL4",
"AzureUSGovernmentL5",
"AzureUSGovernment",
]
expected_output = {
"AzureCloud": {
"authority": None,
"base_url": AZURE_GENERIC_CLOUD,
"credential_scopes": [AZURE_GENERIC_CLOUD + "/.default"],
"graph_credential_scopes": [AZURE_GRAPH_GLOBAL],
},
"AzureChinaCloud": {
"authority": AzureAuthorityHosts.AZURE_CHINA,
"base_url": AZURE_CHINA_CLOUD,
"credential_scopes": [AZURE_CHINA_CLOUD + "/.default"],
"graph_credential_scopes": [AZURE_GRAPH_CHINA],
},
"AzureUSGovernmentL4": {
"AzureUSGovernment": {
"authority": AzureAuthorityHosts.AZURE_GOVERNMENT,
"base_url": AZURE_US_GOV_CLOUD,
"credential_scopes": [AZURE_US_GOV_CLOUD + "/.default"],
"graph_credential_scopes": [AZURE_GRAPH_GOV_US_L4],
},
"AzureUSGovernmentL5": {
"authority": AzureAuthorityHosts.AZURE_GOVERNMENT,
"base_url": AZURE_US_GOV_CLOUD,
"credential_scopes": [AZURE_US_GOV_CLOUD + "/.default"],
"graph_credential_scopes": [AZURE_GRAPH_GOV_US_L5],
},
}

34
tests/providers/microsoft365/services/entra/entra_admin_portals_role_limited_access/entra_admin_portals_role_limited_access_test.py → tests/providers/microsoft365/services/entra/entra_capolicy_admin_portals_role_limited_access/entra_capolicy_admin_portals_role_limited_access_test.py
View File

@@ -20,7 +20,7 @@ from tests.providers.microsoft365.microsoft365_fixtures import (
)
class Test_entra_admin_portals_role_limited_access:
class Test_entra_capolicy_admin_portals_role_limited_access:
def test_entra_no_conditional_access_policies(self):
entra_client = mock.MagicMock
entra_client.audited_tenant = "audited_tenant"
@@ -31,17 +31,17 @@ class Test_entra_admin_portals_role_limited_access:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_admin_portals_role_limited_access.entra_admin_portals_role_limited_access.entra_client",
"prowler.providers.microsoft365.services.entra.entra_capolicy_admin_portals_role_limited_access.entra_capolicy_admin_portals_role_limited_access.entra_client",
new=entra_client,
),
):
from prowler.providers.microsoft365.services.entra.entra_admin_portals_role_limited_access.entra_admin_portals_role_limited_access import (
entra_admin_portals_role_limited_access,
from prowler.providers.microsoft365.services.entra.entra_capolicy_admin_portals_role_limited_access.entra_capolicy_admin_portals_role_limited_access import (
entra_capolicy_admin_portals_role_limited_access,
)
entra_client.conditional_access_policies = {}
check = entra_admin_portals_role_limited_access()
check = entra_capolicy_admin_portals_role_limited_access()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
@@ -66,12 +66,12 @@ class Test_entra_admin_portals_role_limited_access:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_admin_portals_role_limited_access.entra_admin_portals_role_limited_access.entra_client",
"prowler.providers.microsoft365.services.entra.entra_capolicy_admin_portals_role_limited_access.entra_capolicy_admin_portals_role_limited_access.entra_client",
new=entra_client,
),
):
from prowler.providers.microsoft365.services.entra.entra_admin_portals_role_limited_access.entra_admin_portals_role_limited_access import (
entra_admin_portals_role_limited_access,
from prowler.providers.microsoft365.services.entra.entra_capolicy_admin_portals_role_limited_access.entra_capolicy_admin_portals_role_limited_access import (
entra_capolicy_admin_portals_role_limited_access,
)
from prowler.providers.microsoft365.services.entra.entra_service import (
ConditionalAccessPolicy,
@@ -112,7 +112,7 @@ class Test_entra_admin_portals_role_limited_access:
)
}
check = entra_admin_portals_role_limited_access()
check = entra_capolicy_admin_portals_role_limited_access()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
@@ -138,12 +138,12 @@ class Test_entra_admin_portals_role_limited_access:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_admin_portals_role_limited_access.entra_admin_portals_role_limited_access.entra_client",
"prowler.providers.microsoft365.services.entra.entra_capolicy_admin_portals_role_limited_access.entra_capolicy_admin_portals_role_limited_access.entra_client",
new=entra_client,
),
):
from prowler.providers.microsoft365.services.entra.entra_admin_portals_role_limited_access.entra_admin_portals_role_limited_access import (
entra_admin_portals_role_limited_access,
from prowler.providers.microsoft365.services.entra.entra_capolicy_admin_portals_role_limited_access.entra_capolicy_admin_portals_role_limited_access import (
entra_capolicy_admin_portals_role_limited_access,
)
from prowler.providers.microsoft365.services.entra.entra_service import (
ConditionalAccessPolicy,
@@ -186,7 +186,7 @@ class Test_entra_admin_portals_role_limited_access:
)
}
check = entra_admin_portals_role_limited_access()
check = entra_capolicy_admin_portals_role_limited_access()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
@@ -215,12 +215,12 @@ class Test_entra_admin_portals_role_limited_access:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_admin_portals_role_limited_access.entra_admin_portals_role_limited_access.entra_client",
"prowler.providers.microsoft365.services.entra.entra_capolicy_admin_portals_role_limited_access.entra_capolicy_admin_portals_role_limited_access.entra_client",
new=entra_client,
),
):
from prowler.providers.microsoft365.services.entra.entra_admin_portals_role_limited_access.entra_admin_portals_role_limited_access import (
entra_admin_portals_role_limited_access,
from prowler.providers.microsoft365.services.entra.entra_capolicy_admin_portals_role_limited_access.entra_capolicy_admin_portals_role_limited_access import (
entra_capolicy_admin_portals_role_limited_access,
)
from prowler.providers.microsoft365.services.entra.entra_service import (
ConditionalAccessPolicy,
@@ -263,7 +263,7 @@ class Test_entra_admin_portals_role_limited_access:
)
}
check = entra_admin_portals_role_limited_access()
check = entra_capolicy_admin_portals_role_limited_access()
result = check.execute()
assert len(result) == 1
assert result[0].status == "PASS"

58
tests/providers/microsoft365/services/entra/entra_admin_users_sign_in_frequency_enabled/entra_admin_users_sign_in_frequency_enabled_test.py → tests/providers/microsoft365/services/entra/entra_capolicy_admin_users_sign_in_frequency_enabled/entra_capolicy_admin_users_sign_in_frequency_enabled_test.py
View File

@@ -20,7 +20,7 @@ from tests.providers.microsoft365.microsoft365_fixtures import (
)
class Test_entra_admin_users_sign_in_frequency_enabled:
class Test_entra_capolicy_admin_users_sign_in_frequency_enabled:
def test_entra_no_conditional_access_policies(self):
entra_client = mock.MagicMock
entra_client.audited_tenant = "audited_tenant"
@@ -31,18 +31,18 @@ class Test_entra_admin_users_sign_in_frequency_enabled:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_admin_users_sign_in_frequency_enabled.entra_admin_users_sign_in_frequency_enabled.entra_client",
"prowler.providers.microsoft365.services.entra.entra_capolicy_admin_users_sign_in_frequency_enabled.entra_capolicy_admin_users_sign_in_frequency_enabled.entra_client",
new=entra_client,
),
):
from prowler.providers.microsoft365.services.entra.entra_admin_users_sign_in_frequency_enabled.entra_admin_users_sign_in_frequency_enabled import (
entra_admin_users_sign_in_frequency_enabled,
from prowler.providers.microsoft365.services.entra.entra_capolicy_admin_users_sign_in_frequency_enabled.entra_capolicy_admin_users_sign_in_frequency_enabled import (
entra_capolicy_admin_users_sign_in_frequency_enabled,
)
entra_client.conditional_access_policies = {}
entra_client.audit_config = {"sign_in_frequency": 4}
check = entra_admin_users_sign_in_frequency_enabled()
check = entra_capolicy_admin_users_sign_in_frequency_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
@@ -68,12 +68,12 @@ class Test_entra_admin_users_sign_in_frequency_enabled:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_admin_users_sign_in_frequency_enabled.entra_admin_users_sign_in_frequency_enabled.entra_client",
"prowler.providers.microsoft365.services.entra.entra_capolicy_admin_users_sign_in_frequency_enabled.entra_capolicy_admin_users_sign_in_frequency_enabled.entra_client",
new=entra_client,
),
):
from prowler.providers.microsoft365.services.entra.entra_admin_users_sign_in_frequency_enabled.entra_admin_users_sign_in_frequency_enabled import (
entra_admin_users_sign_in_frequency_enabled,
from prowler.providers.microsoft365.services.entra.entra_capolicy_admin_users_sign_in_frequency_enabled.entra_capolicy_admin_users_sign_in_frequency_enabled import (
entra_capolicy_admin_users_sign_in_frequency_enabled,
)
from prowler.providers.microsoft365.services.entra.entra_service import (
ConditionalAccessPolicy,
@@ -114,7 +114,7 @@ class Test_entra_admin_users_sign_in_frequency_enabled:
)
}
check = entra_admin_users_sign_in_frequency_enabled()
check = entra_capolicy_admin_users_sign_in_frequency_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
@@ -141,12 +141,12 @@ class Test_entra_admin_users_sign_in_frequency_enabled:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_admin_users_sign_in_frequency_enabled.entra_admin_users_sign_in_frequency_enabled.entra_client",
"prowler.providers.microsoft365.services.entra.entra_capolicy_admin_users_sign_in_frequency_enabled.entra_capolicy_admin_users_sign_in_frequency_enabled.entra_client",
new=entra_client,
),
):
from prowler.providers.microsoft365.services.entra.entra_admin_users_sign_in_frequency_enabled.entra_admin_users_sign_in_frequency_enabled import (
entra_admin_users_sign_in_frequency_enabled,
from prowler.providers.microsoft365.services.entra.entra_capolicy_admin_users_sign_in_frequency_enabled.entra_capolicy_admin_users_sign_in_frequency_enabled import (
entra_capolicy_admin_users_sign_in_frequency_enabled,
)
from prowler.providers.microsoft365.services.entra.entra_service import (
ConditionalAccessPolicy,
@@ -204,7 +204,7 @@ class Test_entra_admin_users_sign_in_frequency_enabled:
)
}
check = entra_admin_users_sign_in_frequency_enabled()
check = entra_capolicy_admin_users_sign_in_frequency_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "PASS"
@@ -235,12 +235,12 @@ class Test_entra_admin_users_sign_in_frequency_enabled:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_admin_users_sign_in_frequency_enabled.entra_admin_users_sign_in_frequency_enabled.entra_client",
"prowler.providers.microsoft365.services.entra.entra_capolicy_admin_users_sign_in_frequency_enabled.entra_capolicy_admin_users_sign_in_frequency_enabled.entra_client",
new=entra_client,
),
):
from prowler.providers.microsoft365.services.entra.entra_admin_users_sign_in_frequency_enabled.entra_admin_users_sign_in_frequency_enabled import (
entra_admin_users_sign_in_frequency_enabled,
from prowler.providers.microsoft365.services.entra.entra_capolicy_admin_users_sign_in_frequency_enabled.entra_capolicy_admin_users_sign_in_frequency_enabled import (
entra_capolicy_admin_users_sign_in_frequency_enabled,
)
from prowler.providers.microsoft365.services.entra.entra_service import (
ConditionalAccessPolicy,
@@ -300,7 +300,7 @@ class Test_entra_admin_users_sign_in_frequency_enabled:
)
}
check = entra_admin_users_sign_in_frequency_enabled()
check = entra_capolicy_admin_users_sign_in_frequency_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
@@ -330,12 +330,12 @@ class Test_entra_admin_users_sign_in_frequency_enabled:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_admin_users_sign_in_frequency_enabled.entra_admin_users_sign_in_frequency_enabled.entra_client",
"prowler.providers.microsoft365.services.entra.entra_capolicy_admin_users_sign_in_frequency_enabled.entra_capolicy_admin_users_sign_in_frequency_enabled.entra_client",
new=entra_client,
),
):
from prowler.providers.microsoft365.services.entra.entra_admin_users_sign_in_frequency_enabled.entra_admin_users_sign_in_frequency_enabled import (
entra_admin_users_sign_in_frequency_enabled,
from prowler.providers.microsoft365.services.entra.entra_capolicy_admin_users_sign_in_frequency_enabled.entra_capolicy_admin_users_sign_in_frequency_enabled import (
entra_capolicy_admin_users_sign_in_frequency_enabled,
)
from prowler.providers.microsoft365.services.entra.entra_service import (
ConditionalAccessPolicy,
@@ -393,7 +393,7 @@ class Test_entra_admin_users_sign_in_frequency_enabled:
)
}
check = entra_admin_users_sign_in_frequency_enabled()
check = entra_capolicy_admin_users_sign_in_frequency_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
@@ -423,12 +423,12 @@ class Test_entra_admin_users_sign_in_frequency_enabled:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_admin_users_sign_in_frequency_enabled.entra_admin_users_sign_in_frequency_enabled.entra_client",
"prowler.providers.microsoft365.services.entra.entra_capolicy_admin_users_sign_in_frequency_enabled.entra_capolicy_admin_users_sign_in_frequency_enabled.entra_client",
new=entra_client,
),
):
from prowler.providers.microsoft365.services.entra.entra_admin_users_sign_in_frequency_enabled.entra_admin_users_sign_in_frequency_enabled import (
entra_admin_users_sign_in_frequency_enabled,
from prowler.providers.microsoft365.services.entra.entra_capolicy_admin_users_sign_in_frequency_enabled.entra_capolicy_admin_users_sign_in_frequency_enabled import (
entra_capolicy_admin_users_sign_in_frequency_enabled,
)
from prowler.providers.microsoft365.services.entra.entra_service import (
ConditionalAccessPolicy,
@@ -486,7 +486,7 @@ class Test_entra_admin_users_sign_in_frequency_enabled:
)
}
check = entra_admin_users_sign_in_frequency_enabled()
check = entra_capolicy_admin_users_sign_in_frequency_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "PASS"
@@ -517,12 +517,12 @@ class Test_entra_admin_users_sign_in_frequency_enabled:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_admin_users_sign_in_frequency_enabled.entra_admin_users_sign_in_frequency_enabled.entra_client",
"prowler.providers.microsoft365.services.entra.entra_capolicy_admin_users_sign_in_frequency_enabled.entra_capolicy_admin_users_sign_in_frequency_enabled.entra_client",
new=entra_client,
),
):
from prowler.providers.microsoft365.services.entra.entra_admin_users_sign_in_frequency_enabled.entra_admin_users_sign_in_frequency_enabled import (
entra_admin_users_sign_in_frequency_enabled,
from prowler.providers.microsoft365.services.entra.entra_capolicy_admin_users_sign_in_frequency_enabled.entra_capolicy_admin_users_sign_in_frequency_enabled import (
entra_capolicy_admin_users_sign_in_frequency_enabled,
)
from prowler.providers.microsoft365.services.entra.entra_service import (
ConditionalAccessPolicy,
@@ -582,7 +582,7 @@ class Test_entra_admin_users_sign_in_frequency_enabled:
)
}
check = entra_admin_users_sign_in_frequency_enabled()
check = entra_capolicy_admin_users_sign_in_frequency_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "PASS"

58
tests/providers/microsoft365/services/entra/entra_admin_mfa_enabled_for_administrative_roles/entra_admin_mfa_enabled_for_administrative_roles_test.py → tests/providers/microsoft365/services/entra/entra_capolicy_administrative_roles_have_mfa_enabled/entra_capolicy_administrative_roles_have_mfa_enabled_test.py
View File

@@ -21,7 +21,7 @@ from tests.providers.microsoft365.microsoft365_fixtures import (
)
class Test_entra_admin_mfa_enabled_for_administrative_roles:
class Test_entra_capolicy_administrative_roles_have_mfa_enabled:
def test_no_conditional_access_policies(self):
"""No conditional access policies configured: expected FAIL."""
entra_client = mock.MagicMock
@@ -34,17 +34,17 @@ class Test_entra_admin_mfa_enabled_for_administrative_roles:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_admin_mfa_enabled_for_administrative_roles.entra_admin_mfa_enabled_for_administrative_roles.entra_client",
"prowler.providers.microsoft365.services.entra.entra_capolicy_administrative_roles_have_mfa_enabled.entra_capolicy_administrative_roles_have_mfa_enabled.entra_client",
new=entra_client,
),
):
from prowler.providers.microsoft365.services.entra.entra_admin_mfa_enabled_for_administrative_roles.entra_admin_mfa_enabled_for_administrative_roles import (
entra_admin_mfa_enabled_for_administrative_roles,
from prowler.providers.microsoft365.services.entra.entra_capolicy_administrative_roles_have_mfa_enabled.entra_capolicy_administrative_roles_have_mfa_enabled import (
entra_capolicy_administrative_roles_have_mfa_enabled,
)
entra_client.conditional_access_policies = {}
check = entra_admin_mfa_enabled_for_administrative_roles()
check = entra_capolicy_administrative_roles_have_mfa_enabled()
result = check.execute()
assert len(result) == 1
@@ -70,12 +70,12 @@ class Test_entra_admin_mfa_enabled_for_administrative_roles:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_admin_mfa_enabled_for_administrative_roles.entra_admin_mfa_enabled_for_administrative_roles.entra_client",
"prowler.providers.microsoft365.services.entra.entra_capolicy_administrative_roles_have_mfa_enabled.entra_capolicy_administrative_roles_have_mfa_enabled.entra_client",
new=entra_client,
),
):
from prowler.providers.microsoft365.services.entra.entra_admin_mfa_enabled_for_administrative_roles.entra_admin_mfa_enabled_for_administrative_roles import (
entra_admin_mfa_enabled_for_administrative_roles,
from prowler.providers.microsoft365.services.entra.entra_capolicy_administrative_roles_have_mfa_enabled.entra_capolicy_administrative_roles_have_mfa_enabled import (
entra_capolicy_administrative_roles_have_mfa_enabled,
)
entra_client.conditional_access_policies = {
@@ -114,7 +114,7 @@ class Test_entra_admin_mfa_enabled_for_administrative_roles:
)
}
check = entra_admin_mfa_enabled_for_administrative_roles()
check = entra_capolicy_administrative_roles_have_mfa_enabled()
result = check.execute()
assert len(result) == 1
@@ -144,12 +144,12 @@ class Test_entra_admin_mfa_enabled_for_administrative_roles:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_admin_mfa_enabled_for_administrative_roles.entra_admin_mfa_enabled_for_administrative_roles.entra_client",
"prowler.providers.microsoft365.services.entra.entra_capolicy_administrative_roles_have_mfa_enabled.entra_capolicy_administrative_roles_have_mfa_enabled.entra_client",
new=entra_client,
),
):
from prowler.providers.microsoft365.services.entra.entra_admin_mfa_enabled_for_administrative_roles.entra_admin_mfa_enabled_for_administrative_roles import (
entra_admin_mfa_enabled_for_administrative_roles,
from prowler.providers.microsoft365.services.entra.entra_capolicy_administrative_roles_have_mfa_enabled.entra_capolicy_administrative_roles_have_mfa_enabled import (
entra_capolicy_administrative_roles_have_mfa_enabled,
)
entra_client.conditional_access_policies = {
@@ -188,7 +188,7 @@ class Test_entra_admin_mfa_enabled_for_administrative_roles:
)
}
check = entra_admin_mfa_enabled_for_administrative_roles()
check = entra_capolicy_administrative_roles_have_mfa_enabled()
result = check.execute()
assert len(result) == 1
@@ -218,12 +218,12 @@ class Test_entra_admin_mfa_enabled_for_administrative_roles:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_admin_mfa_enabled_for_administrative_roles.entra_admin_mfa_enabled_for_administrative_roles.entra_client",
"prowler.providers.microsoft365.services.entra.entra_capolicy_administrative_roles_have_mfa_enabled.entra_capolicy_administrative_roles_have_mfa_enabled.entra_client",
new=entra_client,
),
):
from prowler.providers.microsoft365.services.entra.entra_admin_mfa_enabled_for_administrative_roles.entra_admin_mfa_enabled_for_administrative_roles import (
entra_admin_mfa_enabled_for_administrative_roles,
from prowler.providers.microsoft365.services.entra.entra_capolicy_administrative_roles_have_mfa_enabled.entra_capolicy_administrative_roles_have_mfa_enabled import (
entra_capolicy_administrative_roles_have_mfa_enabled,
)
entra_client.conditional_access_policies = {
@@ -263,7 +263,7 @@ class Test_entra_admin_mfa_enabled_for_administrative_roles:
)
}
check = entra_admin_mfa_enabled_for_administrative_roles()
check = entra_capolicy_administrative_roles_have_mfa_enabled()
result = check.execute()
assert len(result) == 1
@@ -298,12 +298,12 @@ class Test_entra_admin_mfa_enabled_for_administrative_roles:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_admin_mfa_enabled_for_administrative_roles.entra_admin_mfa_enabled_for_administrative_roles.entra_client",
"prowler.providers.microsoft365.services.entra.entra_capolicy_administrative_roles_have_mfa_enabled.entra_capolicy_administrative_roles_have_mfa_enabled.entra_client",
new=entra_client,
),
):
from prowler.providers.microsoft365.services.entra.entra_admin_mfa_enabled_for_administrative_roles.entra_admin_mfa_enabled_for_administrative_roles import (
entra_admin_mfa_enabled_for_administrative_roles,
from prowler.providers.microsoft365.services.entra.entra_capolicy_administrative_roles_have_mfa_enabled.entra_capolicy_administrative_roles_have_mfa_enabled import (
entra_capolicy_administrative_roles_have_mfa_enabled,
)
entra_client.conditional_access_policies = {
@@ -342,7 +342,7 @@ class Test_entra_admin_mfa_enabled_for_administrative_roles:
)
}
check = entra_admin_mfa_enabled_for_administrative_roles()
check = entra_capolicy_administrative_roles_have_mfa_enabled()
result = check.execute()
assert len(result) == 1
@@ -375,12 +375,12 @@ class Test_entra_admin_mfa_enabled_for_administrative_roles:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_admin_mfa_enabled_for_administrative_roles.entra_admin_mfa_enabled_for_administrative_roles.entra_client",
"prowler.providers.microsoft365.services.entra.entra_capolicy_administrative_roles_have_mfa_enabled.entra_capolicy_administrative_roles_have_mfa_enabled.entra_client",
new=entra_client,
),
):
from prowler.providers.microsoft365.services.entra.entra_admin_mfa_enabled_for_administrative_roles.entra_admin_mfa_enabled_for_administrative_roles import (
entra_admin_mfa_enabled_for_administrative_roles,
from prowler.providers.microsoft365.services.entra.entra_capolicy_administrative_roles_have_mfa_enabled.entra_capolicy_administrative_roles_have_mfa_enabled import (
entra_capolicy_administrative_roles_have_mfa_enabled,
)
entra_client.conditional_access_policies = {
@@ -435,7 +435,7 @@ class Test_entra_admin_mfa_enabled_for_administrative_roles:
)
}
check = entra_admin_mfa_enabled_for_administrative_roles()
check = entra_capolicy_administrative_roles_have_mfa_enabled()
result = check.execute()
assert len(result) == 1
@@ -468,12 +468,12 @@ class Test_entra_admin_mfa_enabled_for_administrative_roles:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_admin_mfa_enabled_for_administrative_roles.entra_admin_mfa_enabled_for_administrative_roles.entra_client",
"prowler.providers.microsoft365.services.entra.entra_capolicy_administrative_roles_have_mfa_enabled.entra_capolicy_administrative_roles_have_mfa_enabled.entra_client",
new=entra_client,
),
):
from prowler.providers.microsoft365.services.entra.entra_admin_mfa_enabled_for_administrative_roles.entra_admin_mfa_enabled_for_administrative_roles import (
entra_admin_mfa_enabled_for_administrative_roles,
from prowler.providers.microsoft365.services.entra.entra_capolicy_administrative_roles_have_mfa_enabled.entra_capolicy_administrative_roles_have_mfa_enabled import (
entra_capolicy_administrative_roles_have_mfa_enabled,
)
entra_client.conditional_access_policies = {
@@ -527,7 +527,7 @@ class Test_entra_admin_mfa_enabled_for_administrative_roles:
)
}
check = entra_admin_mfa_enabled_for_administrative_roles()
check = entra_capolicy_administrative_roles_have_mfa_enabled()
result = check.execute()
assert len(result) == 1

26
tests/providers/microsoft365/services/entra/entra_policy_ensure_default_user_cannot_create_tenants/microsoft365_entra_policy_ensure_default_user_cannot_create_tenants_test.py → tests/providers/microsoft365/services/entra/entra_capolicy_ensure_default_user_cannot_create_tenants/entra_capolicy_ensure_default_user_cannot_create_tenants_test.py
View File

@@ -10,7 +10,7 @@ from tests.providers.microsoft365.microsoft365_fixtures import (
)
class Test_entra_policy_ensure_default_user_cannot_create_tenants:
class Test_entra_capolicy_ensure_default_user_cannot_create_tenants:
def test_entra_empty_tenant(self):
entra_client = mock.MagicMock
entra_client.authorization_policy = {}
@@ -21,15 +21,15 @@ class Test_entra_policy_ensure_default_user_cannot_create_tenants:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_policy_ensure_default_user_cannot_create_tenants.entra_policy_ensure_default_user_cannot_create_tenants.entra_client",
"prowler.providers.microsoft365.services.entra.entra_capolicy_ensure_default_user_cannot_create_tenants.entra_capolicy_ensure_default_user_cannot_create_tenants.entra_client",
new=entra_client,
),
):
from prowler.providers.microsoft365.services.entra.entra_policy_ensure_default_user_cannot_create_tenants.entra_policy_ensure_default_user_cannot_create_tenants import (
entra_policy_ensure_default_user_cannot_create_tenants,
from prowler.providers.microsoft365.services.entra.entra_capolicy_ensure_default_user_cannot_create_tenants.entra_capolicy_ensure_default_user_cannot_create_tenants import (
entra_capolicy_ensure_default_user_cannot_create_tenants,
)
check = entra_policy_ensure_default_user_cannot_create_tenants()
check = entra_capolicy_ensure_default_user_cannot_create_tenants()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
@@ -52,12 +52,12 @@ class Test_entra_policy_ensure_default_user_cannot_create_tenants:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_policy_ensure_default_user_cannot_create_tenants.entra_policy_ensure_default_user_cannot_create_tenants.entra_client",
"prowler.providers.microsoft365.services.entra.entra_capolicy_ensure_default_user_cannot_create_tenants.entra_capolicy_ensure_default_user_cannot_create_tenants.entra_client",
new=entra_client,
),
):
from prowler.providers.microsoft365.services.entra.entra_policy_ensure_default_user_cannot_create_tenants.entra_policy_ensure_default_user_cannot_create_tenants import (
entra_policy_ensure_default_user_cannot_create_tenants,
from prowler.providers.microsoft365.services.entra.entra_capolicy_ensure_default_user_cannot_create_tenants.entra_capolicy_ensure_default_user_cannot_create_tenants import (
entra_capolicy_ensure_default_user_cannot_create_tenants,
)
entra_client.authorization_policy = AuthorizationPolicy(
@@ -69,7 +69,7 @@ class Test_entra_policy_ensure_default_user_cannot_create_tenants:
),
)
check = entra_policy_ensure_default_user_cannot_create_tenants()
check = entra_capolicy_ensure_default_user_cannot_create_tenants()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
@@ -92,12 +92,12 @@ class Test_entra_policy_ensure_default_user_cannot_create_tenants:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_policy_ensure_default_user_cannot_create_tenants.entra_policy_ensure_default_user_cannot_create_tenants.entra_client",
"prowler.providers.microsoft365.services.entra.entra_capolicy_ensure_default_user_cannot_create_tenants.entra_capolicy_ensure_default_user_cannot_create_tenants.entra_client",
new=entra_client,
),
):
from prowler.providers.microsoft365.services.entra.entra_policy_ensure_default_user_cannot_create_tenants.entra_policy_ensure_default_user_cannot_create_tenants import (
entra_policy_ensure_default_user_cannot_create_tenants,
from prowler.providers.microsoft365.services.entra.entra_capolicy_ensure_default_user_cannot_create_tenants.entra_capolicy_ensure_default_user_cannot_create_tenants import (
entra_capolicy_ensure_default_user_cannot_create_tenants,
)
entra_client.authorization_policy = AuthorizationPolicy(
@@ -109,7 +109,7 @@ class Test_entra_policy_ensure_default_user_cannot_create_tenants:
),
)
check = entra_policy_ensure_default_user_cannot_create_tenants()
check = entra_capolicy_ensure_default_user_cannot_create_tenants()
result = check.execute()
assert len(result) == 1
assert result[0].status == "PASS"

52
tests/providers/microsoft365/services/entra/entra_identity_protection_sign_in_risk_enabled/entra_identity_protection_sign_in_risk_enabled_test.py → tests/providers/microsoft365/services/entra/entra_capolicy_identity_protection_sign_in_risk_enabled/entra_capolicy_identity_protection_sign_in_risk_enabled_test.py
View File

@@ -21,7 +21,7 @@ from tests.providers.microsoft365.microsoft365_fixtures import (
)
class Test_entra_identity_protection_sign_in_risk_enabled:
class Test_entra_capolicy_identity_protection_sign_in_risk_enabled:
def test_entra_no_conditional_access_policies(self):
entra_client = mock.MagicMock
entra_client.audited_tenant = "audited_tenant"
@@ -32,17 +32,17 @@ class Test_entra_identity_protection_sign_in_risk_enabled:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_identity_protection_sign_in_risk_enabled.entra_identity_protection_sign_in_risk_enabled.entra_client",
"prowler.providers.microsoft365.services.entra.entra_capolicy_identity_protection_sign_in_risk_enabled.entra_capolicy_identity_protection_sign_in_risk_enabled.entra_client",
new=entra_client,
),
):
from prowler.providers.microsoft365.services.entra.entra_identity_protection_sign_in_risk_enabled.entra_identity_protection_sign_in_risk_enabled import (
entra_identity_protection_sign_in_risk_enabled,
from prowler.providers.microsoft365.services.entra.entra_capolicy_identity_protection_sign_in_risk_enabled.entra_capolicy_identity_protection_sign_in_risk_enabled import (
entra_capolicy_identity_protection_sign_in_risk_enabled,
)
entra_client.conditional_access_policies = {}
check = entra_identity_protection_sign_in_risk_enabled()
check = entra_capolicy_identity_protection_sign_in_risk_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
@@ -55,7 +55,7 @@ class Test_entra_identity_protection_sign_in_risk_enabled:
assert result[0].resource_id == "conditionalAccessPolicies"
assert result[0].location == "global"
def test_entra_identity_protection_user_risk_policy_disabled(self):
def test_entra_identity_protection_sign_in_risk_policy_disabled(self):
id = str(uuid4())
entra_client = mock.MagicMock
entra_client.audited_tenant = "audited_tenant"
@@ -67,12 +67,12 @@ class Test_entra_identity_protection_sign_in_risk_enabled:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_identity_protection_sign_in_risk_enabled.entra_identity_protection_sign_in_risk_enabled.entra_client",
"prowler.providers.microsoft365.services.entra.entra_capolicy_identity_protection_sign_in_risk_enabled.entra_capolicy_identity_protection_sign_in_risk_enabled.entra_client",
new=entra_client,
),
):
from prowler.providers.microsoft365.services.entra.entra_identity_protection_sign_in_risk_enabled.entra_identity_protection_sign_in_risk_enabled import (
entra_identity_protection_sign_in_risk_enabled,
from prowler.providers.microsoft365.services.entra.entra_capolicy_identity_protection_sign_in_risk_enabled.entra_capolicy_identity_protection_sign_in_risk_enabled import (
entra_capolicy_identity_protection_sign_in_risk_enabled,
)
from prowler.providers.microsoft365.services.entra.entra_service import (
ConditionalAccessPolicy,
@@ -115,7 +115,7 @@ class Test_entra_identity_protection_sign_in_risk_enabled:
)
}
check = entra_identity_protection_sign_in_risk_enabled()
check = entra_capolicy_identity_protection_sign_in_risk_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
@@ -128,7 +128,9 @@ class Test_entra_identity_protection_sign_in_risk_enabled:
assert result[0].resource_id == "conditionalAccessPolicies"
assert result[0].location == "global"
def test_entra_identity_protection_user_risk_policy_enabled_not_enough_risk(self):
def test_entra_identity_protection_sign_in_risk_policy_enabled_not_enough_risk(
self,
):
id = str(uuid4())
display_name = "Test"
entra_client = mock.MagicMock
@@ -141,12 +143,12 @@ class Test_entra_identity_protection_sign_in_risk_enabled:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_identity_protection_sign_in_risk_enabled.entra_identity_protection_sign_in_risk_enabled.entra_client",
"prowler.providers.microsoft365.services.entra.entra_capolicy_identity_protection_sign_in_risk_enabled.entra_capolicy_identity_protection_sign_in_risk_enabled.entra_client",
new=entra_client,
),
):
from prowler.providers.microsoft365.services.entra.entra_identity_protection_sign_in_risk_enabled.entra_identity_protection_sign_in_risk_enabled import (
entra_identity_protection_sign_in_risk_enabled,
from prowler.providers.microsoft365.services.entra.entra_capolicy_identity_protection_sign_in_risk_enabled.entra_capolicy_identity_protection_sign_in_risk_enabled import (
entra_capolicy_identity_protection_sign_in_risk_enabled,
)
from prowler.providers.microsoft365.services.entra.entra_service import (
ConditionalAccessPolicy,
@@ -194,7 +196,7 @@ class Test_entra_identity_protection_sign_in_risk_enabled:
)
}
check = entra_identity_protection_sign_in_risk_enabled()
check = entra_capolicy_identity_protection_sign_in_risk_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
@@ -210,7 +212,7 @@ class Test_entra_identity_protection_sign_in_risk_enabled:
assert result[0].resource_id == id
assert result[0].location == "global"
def test_entra_identity_protection_user_risk_policy_enabled_for_reporting(self):
def test_entra_identity_protection_sign_in_risk_policy_enabled_for_reporting(self):
id = str(uuid4())
display_name = "Test"
entra_client = mock.MagicMock
@@ -223,12 +225,12 @@ class Test_entra_identity_protection_sign_in_risk_enabled:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_identity_protection_sign_in_risk_enabled.entra_identity_protection_sign_in_risk_enabled.entra_client",
"prowler.providers.microsoft365.services.entra.entra_capolicy_identity_protection_sign_in_risk_enabled.entra_capolicy_identity_protection_sign_in_risk_enabled.entra_client",
new=entra_client,
),
):
from prowler.providers.microsoft365.services.entra.entra_identity_protection_sign_in_risk_enabled.entra_identity_protection_sign_in_risk_enabled import (
entra_identity_protection_sign_in_risk_enabled,
from prowler.providers.microsoft365.services.entra.entra_capolicy_identity_protection_sign_in_risk_enabled.entra_capolicy_identity_protection_sign_in_risk_enabled import (
entra_capolicy_identity_protection_sign_in_risk_enabled,
)
from prowler.providers.microsoft365.services.entra.entra_service import (
ConditionalAccessPolicy,
@@ -276,7 +278,7 @@ class Test_entra_identity_protection_sign_in_risk_enabled:
)
}
check = entra_identity_protection_sign_in_risk_enabled()
check = entra_capolicy_identity_protection_sign_in_risk_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
@@ -292,7 +294,7 @@ class Test_entra_identity_protection_sign_in_risk_enabled:
assert result[0].resource_id == id
assert result[0].location == "global"
def test_entra_identity_protection_user_risk_policy_enabled(self):
def test_entra_identity_protection_sign_in_risk_policy_enabled(self):
id = str(uuid4())
display_name = "Test"
entra_client = mock.MagicMock
@@ -305,12 +307,12 @@ class Test_entra_identity_protection_sign_in_risk_enabled:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_identity_protection_sign_in_risk_enabled.entra_identity_protection_sign_in_risk_enabled.entra_client",
"prowler.providers.microsoft365.services.entra.entra_capolicy_identity_protection_sign_in_risk_enabled.entra_capolicy_identity_protection_sign_in_risk_enabled.entra_client",
new=entra_client,
),
):
from prowler.providers.microsoft365.services.entra.entra_identity_protection_sign_in_risk_enabled.entra_identity_protection_sign_in_risk_enabled import (
entra_identity_protection_sign_in_risk_enabled,
from prowler.providers.microsoft365.services.entra.entra_capolicy_identity_protection_sign_in_risk_enabled.entra_capolicy_identity_protection_sign_in_risk_enabled import (
entra_capolicy_identity_protection_sign_in_risk_enabled,
)
from prowler.providers.microsoft365.services.entra.entra_service import (
ConditionalAccessPolicy,
@@ -358,7 +360,7 @@ class Test_entra_identity_protection_sign_in_risk_enabled:
)
}
check = entra_identity_protection_sign_in_risk_enabled()
check = entra_capolicy_identity_protection_sign_in_risk_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "PASS"

42
tests/providers/microsoft365/services/entra/entra_identity_protection_user_risk_enabled/entra_identity_protection_user_risk_enabled_test.py → tests/providers/microsoft365/services/entra/entra_capolicy_identity_protection_user_risk_enabled/entra_capolicy_identity_protection_user_risk_enabled_test.py
View File

@@ -21,7 +21,7 @@ from tests.providers.microsoft365.microsoft365_fixtures import (
)
class Test_entra_identity_protection_user_risk_enabled:
class Test_entra_capolicy_identity_protection_user_risk_enabled:
def test_entra_no_conditional_access_policies(self):
entra_client = mock.MagicMock
entra_client.audited_tenant = "audited_tenant"
@@ -32,17 +32,17 @@ class Test_entra_identity_protection_user_risk_enabled:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_identity_protection_user_risk_enabled.entra_identity_protection_user_risk_enabled.entra_client",
"prowler.providers.microsoft365.services.entra.entra_capolicy_identity_protection_user_risk_enabled.entra_capolicy_identity_protection_user_risk_enabled.entra_client",
new=entra_client,
),
):
from prowler.providers.microsoft365.services.entra.entra_identity_protection_user_risk_enabled.entra_identity_protection_user_risk_enabled import (
entra_identity_protection_user_risk_enabled,
from prowler.providers.microsoft365.services.entra.entra_capolicy_identity_protection_user_risk_enabled.entra_capolicy_identity_protection_user_risk_enabled import (
entra_capolicy_identity_protection_user_risk_enabled,
)
entra_client.conditional_access_policies = {}
check = entra_identity_protection_user_risk_enabled()
check = entra_capolicy_identity_protection_user_risk_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
@@ -67,12 +67,12 @@ class Test_entra_identity_protection_user_risk_enabled:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_identity_protection_user_risk_enabled.entra_identity_protection_user_risk_enabled.entra_client",
"prowler.providers.microsoft365.services.entra.entra_capolicy_identity_protection_user_risk_enabled.entra_capolicy_identity_protection_user_risk_enabled.entra_client",
new=entra_client,
),
):
from prowler.providers.microsoft365.services.entra.entra_identity_protection_user_risk_enabled.entra_identity_protection_user_risk_enabled import (
entra_identity_protection_user_risk_enabled,
from prowler.providers.microsoft365.services.entra.entra_capolicy_identity_protection_user_risk_enabled.entra_capolicy_identity_protection_user_risk_enabled import (
entra_capolicy_identity_protection_user_risk_enabled,
)
from prowler.providers.microsoft365.services.entra.entra_service import (
ConditionalAccessPolicy,
@@ -114,7 +114,7 @@ class Test_entra_identity_protection_user_risk_enabled:
)
}
check = entra_identity_protection_user_risk_enabled()
check = entra_capolicy_identity_protection_user_risk_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
@@ -140,12 +140,12 @@ class Test_entra_identity_protection_user_risk_enabled:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_identity_protection_user_risk_enabled.entra_identity_protection_user_risk_enabled.entra_client",
"prowler.providers.microsoft365.services.entra.entra_capolicy_identity_protection_user_risk_enabled.entra_capolicy_identity_protection_user_risk_enabled.entra_client",
new=entra_client,
),
):
from prowler.providers.microsoft365.services.entra.entra_identity_protection_user_risk_enabled.entra_identity_protection_user_risk_enabled import (
entra_identity_protection_user_risk_enabled,
from prowler.providers.microsoft365.services.entra.entra_capolicy_identity_protection_user_risk_enabled.entra_capolicy_identity_protection_user_risk_enabled import (
entra_capolicy_identity_protection_user_risk_enabled,
)
from prowler.providers.microsoft365.services.entra.entra_service import (
ConditionalAccessPolicy,
@@ -192,7 +192,7 @@ class Test_entra_identity_protection_user_risk_enabled:
)
}
check = entra_identity_protection_user_risk_enabled()
check = entra_capolicy_identity_protection_user_risk_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
@@ -221,12 +221,12 @@ class Test_entra_identity_protection_user_risk_enabled:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_identity_protection_user_risk_enabled.entra_identity_protection_user_risk_enabled.entra_client",
"prowler.providers.microsoft365.services.entra.entra_capolicy_identity_protection_user_risk_enabled.entra_capolicy_identity_protection_user_risk_enabled.entra_client",
new=entra_client,
),
):
from prowler.providers.microsoft365.services.entra.entra_identity_protection_user_risk_enabled.entra_identity_protection_user_risk_enabled import (
entra_identity_protection_user_risk_enabled,
from prowler.providers.microsoft365.services.entra.entra_capolicy_identity_protection_user_risk_enabled.entra_capolicy_identity_protection_user_risk_enabled import (
entra_capolicy_identity_protection_user_risk_enabled,
)
from prowler.providers.microsoft365.services.entra.entra_service import (
ConditionalAccessPolicy,
@@ -273,7 +273,7 @@ class Test_entra_identity_protection_user_risk_enabled:
)
}
check = entra_identity_protection_user_risk_enabled()
check = entra_capolicy_identity_protection_user_risk_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
@@ -302,12 +302,12 @@ class Test_entra_identity_protection_user_risk_enabled:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_identity_protection_user_risk_enabled.entra_identity_protection_user_risk_enabled.entra_client",
"prowler.providers.microsoft365.services.entra.entra_capolicy_identity_protection_user_risk_enabled.entra_capolicy_identity_protection_user_risk_enabled.entra_client",
new=entra_client,
),
):
from prowler.providers.microsoft365.services.entra.entra_identity_protection_user_risk_enabled.entra_identity_protection_user_risk_enabled import (
entra_identity_protection_user_risk_enabled,
from prowler.providers.microsoft365.services.entra.entra_capolicy_identity_protection_user_risk_enabled.entra_capolicy_identity_protection_user_risk_enabled import (
entra_capolicy_identity_protection_user_risk_enabled,
)
from prowler.providers.microsoft365.services.entra.entra_service import (
ConditionalAccessPolicy,
@@ -354,7 +354,7 @@ class Test_entra_identity_protection_user_risk_enabled:
)
}
check = entra_identity_protection_user_risk_enabled()
check = entra_capolicy_identity_protection_user_risk_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "PASS"

34
tests/providers/microsoft365/services/entra/entra_managed_device_required_for_authentication/entra_managed_device_required_for_authentication_test.py → tests/providers/microsoft365/services/entra/entra_capolicy_managed_device_required_for_authentication/entra_capolicy_managed_device_required_for_authentication_test.py
View File

@@ -20,7 +20,7 @@ from tests.providers.microsoft365.microsoft365_fixtures import (
)
class Test_entra_managed_device_required_for_authentication:
class Test_entra_capolicy_managed_device_required_for_authentication:
def test_entra_no_conditional_access_policies(self):
entra_client = mock.MagicMock
entra_client.audited_tenant = "audited_tenant"
@@ -31,17 +31,17 @@ class Test_entra_managed_device_required_for_authentication:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_managed_device_required_for_authentication.entra_managed_device_required_for_authentication.entra_client",
"prowler.providers.microsoft365.services.entra.entra_capolicy_managed_device_required_for_authentication.entra_capolicy_managed_device_required_for_authentication.entra_client",
new=entra_client,
),
):
from prowler.providers.microsoft365.services.entra.entra_managed_device_required_for_authentication.entra_managed_device_required_for_authentication import (
entra_managed_device_required_for_authentication,
from prowler.providers.microsoft365.services.entra.entra_capolicy_managed_device_required_for_authentication.entra_capolicy_managed_device_required_for_authentication import (
entra_capolicy_managed_device_required_for_authentication,
)
entra_client.conditional_access_policies = {}
check = entra_managed_device_required_for_authentication()
check = entra_capolicy_managed_device_required_for_authentication()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
@@ -66,12 +66,12 @@ class Test_entra_managed_device_required_for_authentication:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_managed_device_required_for_authentication.entra_managed_device_required_for_authentication.entra_client",
"prowler.providers.microsoft365.services.entra.entra_capolicy_managed_device_required_for_authentication.entra_capolicy_managed_device_required_for_authentication.entra_client",
new=entra_client,
),
):
from prowler.providers.microsoft365.services.entra.entra_managed_device_required_for_authentication.entra_managed_device_required_for_authentication import (
entra_managed_device_required_for_authentication,
from prowler.providers.microsoft365.services.entra.entra_capolicy_managed_device_required_for_authentication.entra_capolicy_managed_device_required_for_authentication import (
entra_capolicy_managed_device_required_for_authentication,
)
from prowler.providers.microsoft365.services.entra.entra_service import (
ConditionalAccessPolicy,
@@ -112,7 +112,7 @@ class Test_entra_managed_device_required_for_authentication:
)
}
check = entra_managed_device_required_for_authentication()
check = entra_capolicy_managed_device_required_for_authentication()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
@@ -138,12 +138,12 @@ class Test_entra_managed_device_required_for_authentication:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_managed_device_required_for_authentication.entra_managed_device_required_for_authentication.entra_client",
"prowler.providers.microsoft365.services.entra.entra_capolicy_managed_device_required_for_authentication.entra_capolicy_managed_device_required_for_authentication.entra_client",
new=entra_client,
),
):
from prowler.providers.microsoft365.services.entra.entra_managed_device_required_for_authentication.entra_managed_device_required_for_authentication import (
entra_managed_device_required_for_authentication,
from prowler.providers.microsoft365.services.entra.entra_capolicy_managed_device_required_for_authentication.entra_capolicy_managed_device_required_for_authentication import (
entra_capolicy_managed_device_required_for_authentication,
)
from prowler.providers.microsoft365.services.entra.entra_service import (
ConditionalAccessPolicy,
@@ -189,7 +189,7 @@ class Test_entra_managed_device_required_for_authentication:
)
}
check = entra_managed_device_required_for_authentication()
check = entra_capolicy_managed_device_required_for_authentication()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
@@ -219,12 +219,12 @@ class Test_entra_managed_device_required_for_authentication:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_managed_device_required_for_authentication.entra_managed_device_required_for_authentication.entra_client",
"prowler.providers.microsoft365.services.entra.entra_capolicy_managed_device_required_for_authentication.entra_capolicy_managed_device_required_for_authentication.entra_client",
new=entra_client,
),
):
from prowler.providers.microsoft365.services.entra.entra_managed_device_required_for_authentication.entra_managed_device_required_for_authentication import (
entra_managed_device_required_for_authentication,
from prowler.providers.microsoft365.services.entra.entra_capolicy_managed_device_required_for_authentication.entra_capolicy_managed_device_required_for_authentication import (
entra_capolicy_managed_device_required_for_authentication,
)
from prowler.providers.microsoft365.services.entra.entra_service import (
ConditionalAccessPolicy,
@@ -270,7 +270,7 @@ class Test_entra_managed_device_required_for_authentication:
)
}
check = entra_managed_device_required_for_authentication()
check = entra_capolicy_managed_device_required_for_authentication()
result = check.execute()
assert len(result) == 1
assert result[0].status == "PASS"

34
tests/providers/microsoft365/services/entra/entra_admin_consent_workflow_enabled/entra_admin_consent_workflow_enabled_test.py → tests/providers/microsoft365/services/entra/entra_enterpriseapps_admin_consent_workflow_enabled/entra_enterpriseapps_admin_consent_workflow_enabled_test.py
View File

@@ -9,7 +9,7 @@ from tests.providers.microsoft365.microsoft365_fixtures import (
)
class Test_entra_admin_consent_workflow_enabled:
class Test_entra_enterpriseapps_admin_consent_workflow_enabled:
def test_admin_consent_enabled(self):
"""
Test when admin_consent_enabled is True:
@@ -23,12 +23,12 @@ class Test_entra_admin_consent_workflow_enabled:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_admin_consent_workflow_enabled.entra_admin_consent_workflow_enabled.entra_client",
"prowler.providers.microsoft365.services.entra.entra_enterpriseapps_admin_consent_workflow_enabled.entra_enterpriseapps_admin_consent_workflow_enabled.entra_client",
new=entra_client,
),
):
from prowler.providers.microsoft365.services.entra.entra_admin_consent_workflow_enabled.entra_admin_consent_workflow_enabled import (
entra_admin_consent_workflow_enabled,
from prowler.providers.microsoft365.services.entra.entra_enterpriseapps_admin_consent_workflow_enabled.entra_enterpriseapps_admin_consent_workflow_enabled import (
entra_enterpriseapps_admin_consent_workflow_enabled,
)
entra_client.admin_consent_policy = AdminConsentPolicy(
@@ -39,7 +39,7 @@ class Test_entra_admin_consent_workflow_enabled:
)
entra_client.tenant_domain = DOMAIN
check = entra_admin_consent_workflow_enabled()
check = entra_enterpriseapps_admin_consent_workflow_enabled()
result = check.execute()
assert len(result) == 1
@@ -65,12 +65,12 @@ class Test_entra_admin_consent_workflow_enabled:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_admin_consent_workflow_enabled.entra_admin_consent_workflow_enabled.entra_client",
"prowler.providers.microsoft365.services.entra.entra_enterpriseapps_admin_consent_workflow_enabled.entra_enterpriseapps_admin_consent_workflow_enabled.entra_client",
new=entra_client,
),
):
from prowler.providers.microsoft365.services.entra.entra_admin_consent_workflow_enabled.entra_admin_consent_workflow_enabled import (
entra_admin_consent_workflow_enabled,
from prowler.providers.microsoft365.services.entra.entra_enterpriseapps_admin_consent_workflow_enabled.entra_enterpriseapps_admin_consent_workflow_enabled import (
entra_enterpriseapps_admin_consent_workflow_enabled,
)
entra_client.admin_consent_policy = AdminConsentPolicy(
@@ -81,7 +81,7 @@ class Test_entra_admin_consent_workflow_enabled:
)
entra_client.tenant_domain = DOMAIN
check = entra_admin_consent_workflow_enabled()
check = entra_enterpriseapps_admin_consent_workflow_enabled()
result = check.execute()
assert len(result) == 1
@@ -107,12 +107,12 @@ class Test_entra_admin_consent_workflow_enabled:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_admin_consent_workflow_enabled.entra_admin_consent_workflow_enabled.entra_client",
"prowler.providers.microsoft365.services.entra.entra_enterpriseapps_admin_consent_workflow_enabled.entra_enterpriseapps_admin_consent_workflow_enabled.entra_client",
new=entra_client,
),
):
from prowler.providers.microsoft365.services.entra.entra_admin_consent_workflow_enabled.entra_admin_consent_workflow_enabled import (
entra_admin_consent_workflow_enabled,
from prowler.providers.microsoft365.services.entra.entra_enterpriseapps_admin_consent_workflow_enabled.entra_enterpriseapps_admin_consent_workflow_enabled import (
entra_enterpriseapps_admin_consent_workflow_enabled,
)
entra_client.admin_consent_policy = AdminConsentPolicy(
@@ -123,7 +123,7 @@ class Test_entra_admin_consent_workflow_enabled:
)
entra_client.tenant_domain = DOMAIN
check = entra_admin_consent_workflow_enabled()
check = entra_enterpriseapps_admin_consent_workflow_enabled()
result = check.execute()
assert len(result) == 1
@@ -151,15 +151,15 @@ class Test_entra_admin_consent_workflow_enabled:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_admin_consent_workflow_enabled.entra_admin_consent_workflow_enabled.entra_client",
"prowler.providers.microsoft365.services.entra.entra_enterpriseapps_admin_consent_workflow_enabled.entra_enterpriseapps_admin_consent_workflow_enabled.entra_client",
new=entra_client,
),
):
from prowler.providers.microsoft365.services.entra.entra_admin_consent_workflow_enabled.entra_admin_consent_workflow_enabled import (
entra_admin_consent_workflow_enabled,
from prowler.providers.microsoft365.services.entra.entra_enterpriseapps_admin_consent_workflow_enabled.entra_enterpriseapps_admin_consent_workflow_enabled import (
entra_enterpriseapps_admin_consent_workflow_enabled,
)
check = entra_admin_consent_workflow_enabled()
check = entra_enterpriseapps_admin_consent_workflow_enabled()
result = check.execute()
assert len(result) == 0

26
tests/providers/microsoft365/services/entra/entra_dynamic_group_for_guests_created/entra_dynamic_group_for_guests_created_test.py → tests/providers/microsoft365/services/entra/entra_groups_dynamicgroup_for_guests_created/entra_groups_dynamicgroup_for_guests_created_test.py
View File

@@ -6,7 +6,7 @@ from tests.providers.microsoft365.microsoft365_fixtures import (
)
class Test_entra_dynamic_group_for_guests_created:
class Test_entra_groups_dynamicgroup_for_guests_created:
def test_no_groups(self):
"""
Test when no groups exist:
@@ -21,15 +21,15 @@ class Test_entra_dynamic_group_for_guests_created:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_dynamic_group_for_guests_created.entra_dynamic_group_for_guests_created.entra_client",
"prowler.providers.microsoft365.services.entra.entra_groups_dynamicgroup_for_guests_created.entra_groups_dynamicgroup_for_guests_created.entra_client",
new=entra_client,
),
):
from prowler.providers.microsoft365.services.entra.entra_dynamic_group_for_guests_created.entra_dynamic_group_for_guests_created import (
entra_dynamic_group_for_guests_created,
from prowler.providers.microsoft365.services.entra.entra_groups_dynamicgroup_for_guests_created.entra_groups_dynamicgroup_for_guests_created import (
entra_groups_dynamicgroup_for_guests_created,
)
check = entra_dynamic_group_for_guests_created()
check = entra_groups_dynamicgroup_for_guests_created()
result = check.execute()
assert len(result) == 0
@@ -46,7 +46,7 @@ class Test_entra_dynamic_group_for_guests_created:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_dynamic_group_for_guests_created.entra_dynamic_group_for_guests_created.entra_client",
"prowler.providers.microsoft365.services.entra.entra_groups_dynamicgroup_for_guests_created.entra_groups_dynamicgroup_for_guests_created.entra_client",
new=entra_client,
),
):
@@ -59,11 +59,11 @@ class Test_entra_dynamic_group_for_guests_created:
)
]
from prowler.providers.microsoft365.services.entra.entra_dynamic_group_for_guests_created.entra_dynamic_group_for_guests_created import (
entra_dynamic_group_for_guests_created,
from prowler.providers.microsoft365.services.entra.entra_groups_dynamicgroup_for_guests_created.entra_groups_dynamicgroup_for_guests_created import (
entra_groups_dynamicgroup_for_guests_created,
)
check = entra_dynamic_group_for_guests_created()
check = entra_groups_dynamicgroup_for_guests_created()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
@@ -88,7 +88,7 @@ class Test_entra_dynamic_group_for_guests_created:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_dynamic_group_for_guests_created.entra_dynamic_group_for_guests_created.entra_client",
"prowler.providers.microsoft365.services.entra.entra_groups_dynamicgroup_for_guests_created.entra_groups_dynamicgroup_for_guests_created.entra_client",
new=entra_client,
),
):
@@ -101,11 +101,11 @@ class Test_entra_dynamic_group_for_guests_created:
)
]
from prowler.providers.microsoft365.services.entra.entra_dynamic_group_for_guests_created.entra_dynamic_group_for_guests_created import (
entra_dynamic_group_for_guests_created,
from prowler.providers.microsoft365.services.entra.entra_groups_dynamicgroup_for_guests_created.entra_groups_dynamicgroup_for_guests_created import (
entra_groups_dynamicgroup_for_guests_created,
)
check = entra_dynamic_group_for_guests_created()
check = entra_groups_dynamicgroup_for_guests_created()
result = check.execute()
assert len(result) == 1
assert result[0].status == "PASS"

34
tests/providers/microsoft365/services/entra/entra_password_hash_sync_enabled/entra_password_hash_sync_enabled_test.py → tests/providers/microsoft365/services/entra/entra_organization_password_hash_sync_enabled/entra_organization_password_hash_sync_enabled_test.py
View File

@@ -6,7 +6,7 @@ from tests.providers.microsoft365.microsoft365_fixtures import (
)
class Test_entra_password_hash_sync_enabled:
class Test_entra_organization_password_hash_sync_enabled:
def test_password_hash_sync_enabled(self):
entra_client = mock.MagicMock()
@@ -16,12 +16,12 @@ class Test_entra_password_hash_sync_enabled:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_password_hash_sync_enabled.entra_password_hash_sync_enabled.entra_client",
"prowler.providers.microsoft365.services.entra.entra_organization_password_hash_sync_enabled.entra_organization_password_hash_sync_enabled.entra_client",
new=entra_client,
),
):
from prowler.providers.microsoft365.services.entra.entra_password_hash_sync_enabled.entra_password_hash_sync_enabled import (
entra_password_hash_sync_enabled,
from prowler.providers.microsoft365.services.entra.entra_organization_password_hash_sync_enabled.entra_organization_password_hash_sync_enabled import (
entra_organization_password_hash_sync_enabled,
)
org = Organization(
@@ -31,7 +31,7 @@ class Test_entra_password_hash_sync_enabled:
)
entra_client.organizations = [org]
check = entra_password_hash_sync_enabled()
check = entra_organization_password_hash_sync_enabled()
result = check.execute()
assert len(result) == 1
@@ -54,12 +54,12 @@ class Test_entra_password_hash_sync_enabled:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_password_hash_sync_enabled.entra_password_hash_sync_enabled.entra_client",
"prowler.providers.microsoft365.services.entra.entra_organization_password_hash_sync_enabled.entra_organization_password_hash_sync_enabled.entra_client",
new=entra_client,
),
):
from prowler.providers.microsoft365.services.entra.entra_password_hash_sync_enabled.entra_password_hash_sync_enabled import (
entra_password_hash_sync_enabled,
from prowler.providers.microsoft365.services.entra.entra_organization_password_hash_sync_enabled.entra_organization_password_hash_sync_enabled import (
entra_organization_password_hash_sync_enabled,
)
org1 = Organization(
@@ -74,7 +74,7 @@ class Test_entra_password_hash_sync_enabled:
)
entra_client.organizations = [org1, org2]
check = entra_password_hash_sync_enabled()
check = entra_organization_password_hash_sync_enabled()
result = check.execute()
assert len(result) == 2
@@ -106,12 +106,12 @@ class Test_entra_password_hash_sync_enabled:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_password_hash_sync_enabled.entra_password_hash_sync_enabled.entra_client",
"prowler.providers.microsoft365.services.entra.entra_organization_password_hash_sync_enabled.entra_organization_password_hash_sync_enabled.entra_client",
new=entra_client,
),
):
from prowler.providers.microsoft365.services.entra.entra_password_hash_sync_enabled.entra_password_hash_sync_enabled import (
entra_password_hash_sync_enabled,
from prowler.providers.microsoft365.services.entra.entra_organization_password_hash_sync_enabled.entra_organization_password_hash_sync_enabled import (
entra_organization_password_hash_sync_enabled,
)
org = Organization(
@@ -121,7 +121,7 @@ class Test_entra_password_hash_sync_enabled:
)
entra_client.organizations = [org]
check = entra_password_hash_sync_enabled()
check = entra_organization_password_hash_sync_enabled()
result = check.execute()
assert len(result) == 1
@@ -145,15 +145,15 @@ class Test_entra_password_hash_sync_enabled:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_password_hash_sync_enabled.entra_password_hash_sync_enabled.entra_client",
"prowler.providers.microsoft365.services.entra.entra_organization_password_hash_sync_enabled.entra_organization_password_hash_sync_enabled.entra_client",
new=entra_client,
),
):
from prowler.providers.microsoft365.services.entra.entra_password_hash_sync_enabled.entra_password_hash_sync_enabled import (
entra_password_hash_sync_enabled,
from prowler.providers.microsoft365.services.entra.entra_organization_password_hash_sync_enabled.entra_organization_password_hash_sync_enabled import (
entra_organization_password_hash_sync_enabled,
)
check = entra_password_hash_sync_enabled()
check = entra_organization_password_hash_sync_enabled()
result = check.execute()
assert len(result) == 0

26
tests/providers/microsoft365/services/entra/entra_thirdparty_integrated_apps_not_allowed/entra_thirdparty_integrated_apps_not_allowed_test.py → tests/providers/microsoft365/services/entra/entra_users_thirdparty_integrated_apps_not_allowed/entra_users_thirdparty_integrated_apps_not_allowed_test.py
View File

@@ -10,7 +10,7 @@ from tests.providers.microsoft365.microsoft365_fixtures import (
)
class Test_entra_thirdparty_integrated_apps_not_allowed:
class Test_entra_users_thirdparty_integrated_apps_not_allowed:
def test_entra_no_authorization_policy(self):
entra_client = mock.MagicMock
entra_client.audited_tenant = "audited_tenant"
@@ -21,17 +21,17 @@ class Test_entra_thirdparty_integrated_apps_not_allowed:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_thirdparty_integrated_apps_not_allowed.entra_thirdparty_integrated_apps_not_allowed.entra_client",
"prowler.providers.microsoft365.services.entra.entra_users_thirdparty_integrated_apps_not_allowed.entra_users_thirdparty_integrated_apps_not_allowed.entra_client",
new=entra_client,
),
):
from prowler.providers.microsoft365.services.entra.entra_thirdparty_integrated_apps_not_allowed.entra_thirdparty_integrated_apps_not_allowed import (
entra_thirdparty_integrated_apps_not_allowed,
from prowler.providers.microsoft365.services.entra.entra_users_thirdparty_integrated_apps_not_allowed.entra_users_thirdparty_integrated_apps_not_allowed import (
entra_users_thirdparty_integrated_apps_not_allowed,
)
entra_client.authorization_policy = None
check = entra_thirdparty_integrated_apps_not_allowed()
check = entra_users_thirdparty_integrated_apps_not_allowed()
result = check.execute()
assert len(result) == 0
@@ -47,15 +47,15 @@ class Test_entra_thirdparty_integrated_apps_not_allowed:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_thirdparty_integrated_apps_not_allowed.entra_thirdparty_integrated_apps_not_allowed.entra_client",
"prowler.providers.microsoft365.services.entra.entra_users_thirdparty_integrated_apps_not_allowed.entra_users_thirdparty_integrated_apps_not_allowed.entra_client",
new=entra_client,
),
):
from prowler.providers.microsoft365.services.entra.entra_service import (
AuthorizationPolicy,
)
from prowler.providers.microsoft365.services.entra.entra_thirdparty_integrated_apps_not_allowed.entra_thirdparty_integrated_apps_not_allowed import (
entra_thirdparty_integrated_apps_not_allowed,
from prowler.providers.microsoft365.services.entra.entra_users_thirdparty_integrated_apps_not_allowed.entra_users_thirdparty_integrated_apps_not_allowed import (
entra_users_thirdparty_integrated_apps_not_allowed,
)
role_permissions = DefaultUserRolePermissions(allowed_to_create_apps=False)
@@ -66,7 +66,7 @@ class Test_entra_thirdparty_integrated_apps_not_allowed:
default_user_role_permissions=role_permissions,
)
check = entra_thirdparty_integrated_apps_not_allowed()
check = entra_users_thirdparty_integrated_apps_not_allowed()
result = check.execute()
assert len(result) == 1
assert result[0].status == "PASS"
@@ -91,15 +91,15 @@ class Test_entra_thirdparty_integrated_apps_not_allowed:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.entra.entra_thirdparty_integrated_apps_not_allowed.entra_thirdparty_integrated_apps_not_allowed.entra_client",
"prowler.providers.microsoft365.services.entra.entra_users_thirdparty_integrated_apps_not_allowed.entra_users_thirdparty_integrated_apps_not_allowed.entra_client",
new=entra_client,
),
):
from prowler.providers.microsoft365.services.entra.entra_service import (
AuthorizationPolicy,
)
from prowler.providers.microsoft365.services.entra.entra_thirdparty_integrated_apps_not_allowed.entra_thirdparty_integrated_apps_not_allowed import (
entra_thirdparty_integrated_apps_not_allowed,
from prowler.providers.microsoft365.services.entra.entra_users_thirdparty_integrated_apps_not_allowed.entra_users_thirdparty_integrated_apps_not_allowed import (
entra_users_thirdparty_integrated_apps_not_allowed,
)
role_permissions = DefaultUserRolePermissions(allowed_to_create_apps=True)
@@ -110,7 +110,7 @@ class Test_entra_thirdparty_integrated_apps_not_allowed:
default_user_role_permissions=role_permissions,
)
check = entra_thirdparty_integrated_apps_not_allowed()
check = entra_users_thirdparty_integrated_apps_not_allowed()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"

50
tests/providers/microsoft365/services/sharepoint/sharepoint_external_sharing_managed/sharepoint_external_sharing_managed_test.py → tests/providers/microsoft365/services/sharepoint/sharepoint_settings_external_sharing_managed/sharepoint_settings_external_sharing_managed_test.py
View File

@@ -9,7 +9,7 @@ from tests.providers.microsoft365.microsoft365_fixtures import (
)
class Test_sharepoint_external_sharing_managed:
class Test_sharepoint_settings_external_sharing_managed:
def test_external_sharing_invalid_mode(self):
"""
Test when sharingDomainRestrictionMode is set to an invalid value (not "allowList" ni "blockList"):
@@ -23,12 +23,12 @@ class Test_sharepoint_external_sharing_managed:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.sharepoint.sharepoint_external_sharing_managed.sharepoint_external_sharing_managed.sharepoint_client",
"prowler.providers.microsoft365.services.sharepoint.sharepoint_settings_external_sharing_managed.sharepoint_settings_external_sharing_managed.sharepoint_client",
new=sharepoint_client,
),
):
from prowler.providers.microsoft365.services.sharepoint.sharepoint_external_sharing_managed.sharepoint_external_sharing_managed import (
sharepoint_external_sharing_managed,
from prowler.providers.microsoft365.services.sharepoint.sharepoint_settings_external_sharing_managed.sharepoint_settings_external_sharing_managed import (
sharepoint_settings_external_sharing_managed,
)
sharepoint_client.settings = SharePointSettings(
@@ -41,7 +41,7 @@ class Test_sharepoint_external_sharing_managed:
)
sharepoint_client.tenant_domain = DOMAIN
check = sharepoint_external_sharing_managed()
check = sharepoint_settings_external_sharing_managed()
result = check.execute()
assert len(result) == 1
@@ -68,12 +68,12 @@ class Test_sharepoint_external_sharing_managed:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.sharepoint.sharepoint_external_sharing_managed.sharepoint_external_sharing_managed.sharepoint_client",
"prowler.providers.microsoft365.services.sharepoint.sharepoint_settings_external_sharing_managed.sharepoint_settings_external_sharing_managed.sharepoint_client",
new=sharepoint_client,
),
):
from prowler.providers.microsoft365.services.sharepoint.sharepoint_external_sharing_managed.sharepoint_external_sharing_managed import (
sharepoint_external_sharing_managed,
from prowler.providers.microsoft365.services.sharepoint.sharepoint_settings_external_sharing_managed.sharepoint_settings_external_sharing_managed import (
sharepoint_settings_external_sharing_managed,
)
sharepoint_client.settings = SharePointSettings(
@@ -86,7 +86,7 @@ class Test_sharepoint_external_sharing_managed:
)
sharepoint_client.tenant_domain = DOMAIN
check = sharepoint_external_sharing_managed()
check = sharepoint_settings_external_sharing_managed()
result = check.execute()
assert len(result) == 1
@@ -113,12 +113,12 @@ class Test_sharepoint_external_sharing_managed:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.sharepoint.sharepoint_external_sharing_managed.sharepoint_external_sharing_managed.sharepoint_client",
"prowler.providers.microsoft365.services.sharepoint.sharepoint_settings_external_sharing_managed.sharepoint_settings_external_sharing_managed.sharepoint_client",
new=sharepoint_client,
),
):
from prowler.providers.microsoft365.services.sharepoint.sharepoint_external_sharing_managed.sharepoint_external_sharing_managed import (
sharepoint_external_sharing_managed,
from prowler.providers.microsoft365.services.sharepoint.sharepoint_settings_external_sharing_managed.sharepoint_settings_external_sharing_managed import (
sharepoint_settings_external_sharing_managed,
)
sharepoint_client.settings = SharePointSettings(
@@ -131,7 +131,7 @@ class Test_sharepoint_external_sharing_managed:
)
sharepoint_client.tenant_domain = DOMAIN
check = sharepoint_external_sharing_managed()
check = sharepoint_settings_external_sharing_managed()
result = check.execute()
assert len(result) == 1
@@ -158,12 +158,12 @@ class Test_sharepoint_external_sharing_managed:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.sharepoint.sharepoint_external_sharing_managed.sharepoint_external_sharing_managed.sharepoint_client",
"prowler.providers.microsoft365.services.sharepoint.sharepoint_settings_external_sharing_managed.sharepoint_settings_external_sharing_managed.sharepoint_client",
new=sharepoint_client,
),
):
from prowler.providers.microsoft365.services.sharepoint.sharepoint_external_sharing_managed.sharepoint_external_sharing_managed import (
sharepoint_external_sharing_managed,
from prowler.providers.microsoft365.services.sharepoint.sharepoint_settings_external_sharing_managed.sharepoint_settings_external_sharing_managed import (
sharepoint_settings_external_sharing_managed,
)
sharepoint_client.settings = SharePointSettings(
@@ -176,7 +176,7 @@ class Test_sharepoint_external_sharing_managed:
)
sharepoint_client.tenant_domain = DOMAIN
check = sharepoint_external_sharing_managed()
check = sharepoint_settings_external_sharing_managed()
result = check.execute()
assert len(result) == 1
@@ -203,12 +203,12 @@ class Test_sharepoint_external_sharing_managed:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.sharepoint.sharepoint_external_sharing_managed.sharepoint_external_sharing_managed.sharepoint_client",
"prowler.providers.microsoft365.services.sharepoint.sharepoint_settings_external_sharing_managed.sharepoint_settings_external_sharing_managed.sharepoint_client",
new=sharepoint_client,
),
):
from prowler.providers.microsoft365.services.sharepoint.sharepoint_external_sharing_managed.sharepoint_external_sharing_managed import (
sharepoint_external_sharing_managed,
from prowler.providers.microsoft365.services.sharepoint.sharepoint_settings_external_sharing_managed.sharepoint_settings_external_sharing_managed import (
sharepoint_settings_external_sharing_managed,
)
sharepoint_client.settings = SharePointSettings(
@@ -221,7 +221,7 @@ class Test_sharepoint_external_sharing_managed:
)
sharepoint_client.tenant_domain = DOMAIN
check = sharepoint_external_sharing_managed()
check = sharepoint_settings_external_sharing_managed()
result = check.execute()
assert len(result) == 1
@@ -250,14 +250,14 @@ class Test_sharepoint_external_sharing_managed:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.sharepoint.sharepoint_external_sharing_managed.sharepoint_external_sharing_managed.sharepoint_client",
"prowler.providers.microsoft365.services.sharepoint.sharepoint_settings_external_sharing_managed.sharepoint_settings_external_sharing_managed.sharepoint_client",
new=sharepoint_client,
),
):
from prowler.providers.microsoft365.services.sharepoint.sharepoint_external_sharing_managed.sharepoint_external_sharing_managed import (
sharepoint_external_sharing_managed,
from prowler.providers.microsoft365.services.sharepoint.sharepoint_settings_external_sharing_managed.sharepoint_settings_external_sharing_managed import (
sharepoint_settings_external_sharing_managed,
)
check = sharepoint_external_sharing_managed()
check = sharepoint_settings_external_sharing_managed()
result = check.execute()
assert len(result) == 0

26
tests/providers/microsoft365/services/sharepoint/sharepoint_external_sharing_restricted/sharepoint_external_sharing_restricted_test.py → tests/providers/microsoft365/services/sharepoint/sharepoint_settings_external_sharing_restricted/sharepoint_settings_external_sharing_restricted_test.py
View File

@@ -9,7 +9,7 @@ from tests.providers.microsoft365.microsoft365_fixtures import (
)
class Test_sharepoint_external_sharing_restricted:
class Test_sharepoint_settings_external_sharing_restricted:
def test_external_sharing_restricted(self):
"""
Test when sharingCapability is set to an allowed value (e.g. "ExternalUserSharingOnly"):
@@ -23,12 +23,12 @@ class Test_sharepoint_external_sharing_restricted:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.sharepoint.sharepoint_external_sharing_restricted.sharepoint_external_sharing_restricted.sharepoint_client",
"prowler.providers.microsoft365.services.sharepoint.sharepoint_settings_external_sharing_restricted.sharepoint_settings_external_sharing_restricted.sharepoint_client",
new=sharepoint_client,
),
):
from prowler.providers.microsoft365.services.sharepoint.sharepoint_external_sharing_restricted.sharepoint_external_sharing_restricted import (
sharepoint_external_sharing_restricted,
from prowler.providers.microsoft365.services.sharepoint.sharepoint_settings_external_sharing_restricted.sharepoint_settings_external_sharing_restricted import (
sharepoint_settings_external_sharing_restricted,
)
sharepoint_client.settings = SharePointSettings(
@@ -41,7 +41,7 @@ class Test_sharepoint_external_sharing_restricted:
)
sharepoint_client.tenant_domain = DOMAIN
check = sharepoint_external_sharing_restricted()
check = sharepoint_settings_external_sharing_restricted()
result = check.execute()
assert len(result) == 1
assert result[0].status == "PASS"
@@ -66,12 +66,12 @@ class Test_sharepoint_external_sharing_restricted:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.sharepoint.sharepoint_external_sharing_restricted.sharepoint_external_sharing_restricted.sharepoint_client",
"prowler.providers.microsoft365.services.sharepoint.sharepoint_settings_external_sharing_restricted.sharepoint_settings_external_sharing_restricted.sharepoint_client",
new=sharepoint_client,
),
):
from prowler.providers.microsoft365.services.sharepoint.sharepoint_external_sharing_restricted.sharepoint_external_sharing_restricted import (
sharepoint_external_sharing_restricted,
from prowler.providers.microsoft365.services.sharepoint.sharepoint_settings_external_sharing_restricted.sharepoint_settings_external_sharing_restricted import (
sharepoint_settings_external_sharing_restricted,
)
sharepoint_client.settings = SharePointSettings(
@@ -84,7 +84,7 @@ class Test_sharepoint_external_sharing_restricted:
)
sharepoint_client.tenant_domain = DOMAIN
check = sharepoint_external_sharing_restricted()
check = sharepoint_settings_external_sharing_restricted()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
@@ -111,14 +111,14 @@ class Test_sharepoint_external_sharing_restricted:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.sharepoint.sharepoint_external_sharing_restricted.sharepoint_external_sharing_restricted.sharepoint_client",
"prowler.providers.microsoft365.services.sharepoint.sharepoint_settings_external_sharing_restricted.sharepoint_settings_external_sharing_restricted.sharepoint_client",
new=sharepoint_client,
),
):
from prowler.providers.microsoft365.services.sharepoint.sharepoint_external_sharing_restricted.sharepoint_external_sharing_restricted import (
sharepoint_external_sharing_restricted,
from prowler.providers.microsoft365.services.sharepoint.sharepoint_settings_external_sharing_restricted.sharepoint_settings_external_sharing_restricted import (
sharepoint_settings_external_sharing_restricted,
)
check = sharepoint_external_sharing_restricted()
check = sharepoint_settings_external_sharing_restricted()
result = check.execute()
assert len(result) == 0

26
tests/providers/microsoft365/services/sharepoint/sharepoint_guest_sharing_restricted/sharepoint_guest_sharing_restricted_test.py → tests/providers/microsoft365/services/sharepoint/sharepoint_settings_guest_sharing_restricted/sharepoint_settings_guest_sharing_restricted_test.py
View File

@@ -9,7 +9,7 @@ from tests.providers.microsoft365.microsoft365_fixtures import (
)
class Test_sharepoint_guest_sharing_restricted:
class Test_sharepoint_settings_guest_sharing_restricted:
def test_guest_sharing_restricted(self):
"""
Test when resharingEnabled is False:
@@ -23,12 +23,12 @@ class Test_sharepoint_guest_sharing_restricted:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.sharepoint.sharepoint_guest_sharing_restricted.sharepoint_guest_sharing_restricted.sharepoint_client",
"prowler.providers.microsoft365.services.sharepoint.sharepoint_settings_guest_sharing_restricted.sharepoint_settings_guest_sharing_restricted.sharepoint_client",
new=sharepoint_client,
),
):
from prowler.providers.microsoft365.services.sharepoint.sharepoint_guest_sharing_restricted.sharepoint_guest_sharing_restricted import (
sharepoint_guest_sharing_restricted,
from prowler.providers.microsoft365.services.sharepoint.sharepoint_settings_guest_sharing_restricted.sharepoint_settings_guest_sharing_restricted import (
sharepoint_settings_guest_sharing_restricted,
)
sharepoint_client.settings = SharePointSettings(
@@ -41,7 +41,7 @@ class Test_sharepoint_guest_sharing_restricted:
)
sharepoint_client.tenant_domain = DOMAIN
check = sharepoint_guest_sharing_restricted()
check = sharepoint_settings_guest_sharing_restricted()
result = check.execute()
assert len(result) == 1
@@ -67,12 +67,12 @@ class Test_sharepoint_guest_sharing_restricted:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.sharepoint.sharepoint_guest_sharing_restricted.sharepoint_guest_sharing_restricted.sharepoint_client",
"prowler.providers.microsoft365.services.sharepoint.sharepoint_settings_guest_sharing_restricted.sharepoint_settings_guest_sharing_restricted.sharepoint_client",
new=sharepoint_client,
),
):
from prowler.providers.microsoft365.services.sharepoint.sharepoint_guest_sharing_restricted.sharepoint_guest_sharing_restricted import (
sharepoint_guest_sharing_restricted,
from prowler.providers.microsoft365.services.sharepoint.sharepoint_settings_guest_sharing_restricted.sharepoint_settings_guest_sharing_restricted import (
sharepoint_settings_guest_sharing_restricted,
)
sharepoint_client.settings = SharePointSettings(
@@ -85,7 +85,7 @@ class Test_sharepoint_guest_sharing_restricted:
)
sharepoint_client.tenant_domain = DOMAIN
check = sharepoint_guest_sharing_restricted()
check = sharepoint_settings_guest_sharing_restricted()
result = check.execute()
assert len(result) == 1
@@ -113,15 +113,15 @@ class Test_sharepoint_guest_sharing_restricted:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.sharepoint.sharepoint_guest_sharing_restricted.sharepoint_guest_sharing_restricted.sharepoint_client",
"prowler.providers.microsoft365.services.sharepoint.sharepoint_settings_guest_sharing_restricted.sharepoint_settings_guest_sharing_restricted.sharepoint_client",
new=sharepoint_client,
),
):
from prowler.providers.microsoft365.services.sharepoint.sharepoint_guest_sharing_restricted.sharepoint_guest_sharing_restricted import (
sharepoint_guest_sharing_restricted,
from prowler.providers.microsoft365.services.sharepoint.sharepoint_settings_guest_sharing_restricted.sharepoint_settings_guest_sharing_restricted import (
sharepoint_settings_guest_sharing_restricted,
)
check = sharepoint_guest_sharing_restricted()
check = sharepoint_settings_guest_sharing_restricted()
result = check.execute()
assert len(result) == 0

30
tests/providers/microsoft365/services/sharepoint/sharepoint_modern_authentication_required/sharepoint_modern_authentication_required_test.py → tests/providers/microsoft365/services/sharepoint/sharepoint_settings_modern_authentication_required/sharepoint_settings_modern_authentication_required_test.py
View File

@@ -6,7 +6,7 @@ from tests.providers.microsoft365.microsoft365_fixtures import (
)
class Test_sharepoint_modern_authentication_required:
class Test_sharepoint_settings_modern_authentication_required:
def test_sharepoint_modern_authentication_disabled(self):
"""
Test when legacyAuth is False:
@@ -20,16 +20,16 @@ class Test_sharepoint_modern_authentication_required:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.sharepoint.sharepoint_modern_authentication_required.sharepoint_modern_authentication_required.sharepoint_client",
"prowler.providers.microsoft365.services.sharepoint.sharepoint_settings_modern_authentication_required.sharepoint_settings_modern_authentication_required.sharepoint_client",
new=sharepoint_client,
),
):
from prowler.providers.microsoft365.services.sharepoint.sharepoint_modern_authentication_required.sharepoint_modern_authentication_required import (
sharepoint_modern_authentication_required,
)
from prowler.providers.microsoft365.services.sharepoint.sharepoint_service import (
SharePointSettings,
)
from prowler.providers.microsoft365.services.sharepoint.sharepoint_settings_modern_authentication_required.sharepoint_settings_modern_authentication_required import (
sharepoint_settings_modern_authentication_required,
)
sharepoint_client.settings = SharePointSettings(
sharingCapability="ExternalUserAndGuestSharing",
@@ -41,7 +41,7 @@ class Test_sharepoint_modern_authentication_required:
)
sharepoint_client.tenant_domain = DOMAIN
check = sharepoint_modern_authentication_required()
check = sharepoint_settings_modern_authentication_required()
result = check.execute()
assert len(result) == 1
assert result[0].status == "PASS"
@@ -66,16 +66,16 @@ class Test_sharepoint_modern_authentication_required:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.sharepoint.sharepoint_modern_authentication_required.sharepoint_modern_authentication_required.sharepoint_client",
"prowler.providers.microsoft365.services.sharepoint.sharepoint_settings_modern_authentication_required.sharepoint_settings_modern_authentication_required.sharepoint_client",
new=sharepoint_client,
),
):
from prowler.providers.microsoft365.services.sharepoint.sharepoint_modern_authentication_required.sharepoint_modern_authentication_required import (
sharepoint_modern_authentication_required,
)
from prowler.providers.microsoft365.services.sharepoint.sharepoint_service import (
SharePointSettings,
)
from prowler.providers.microsoft365.services.sharepoint.sharepoint_settings_modern_authentication_required.sharepoint_settings_modern_authentication_required import (
sharepoint_settings_modern_authentication_required,
)
sharepoint_client.settings = SharePointSettings(
sharingCapability="ExternalUserAndGuestSharing",
@@ -87,7 +87,7 @@ class Test_sharepoint_modern_authentication_required:
)
sharepoint_client.tenant_domain = DOMAIN
check = sharepoint_modern_authentication_required()
check = sharepoint_settings_modern_authentication_required()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
@@ -114,14 +114,14 @@ class Test_sharepoint_modern_authentication_required:
return_value=set_mocked_microsoft365_provider(),
),
mock.patch(
"prowler.providers.microsoft365.services.sharepoint.sharepoint_modern_authentication_required.sharepoint_modern_authentication_required.sharepoint_client",
"prowler.providers.microsoft365.services.sharepoint.sharepoint_settings_modern_authentication_required.sharepoint_settings_modern_authentication_required.sharepoint_client",
new=sharepoint_client,
),
):
from prowler.providers.microsoft365.services.sharepoint.sharepoint_modern_authentication_required.sharepoint_modern_authentication_required import (
sharepoint_modern_authentication_required,
from prowler.providers.microsoft365.services.sharepoint.sharepoint_settings_modern_authentication_required.sharepoint_settings_modern_authentication_required import (
sharepoint_settings_modern_authentication_required,
)
check = sharepoint_modern_authentication_required()
check = sharepoint_settings_modern_authentication_required()
result = check.execute()
assert len(result) == 0

9
ui/app/(auth)/sign-in/page.tsx
View File

@@ -1,7 +1,14 @@
import { AuthForm } from "@/components/auth/oss";
import { isGithubOAuthEnabled, isGoogleOAuthEnabled } from "@/lib/helper";
const SignIn = () => {
return <AuthForm type="sign-in" />;
return (
<AuthForm
type="sign-in"
isGoogleOAuthEnabled={isGoogleOAuthEnabled}
isGithubOAuthEnabled={isGithubOAuthEnabled}
/>
);
};
export default SignIn;

11
ui/app/(auth)/sign-up/page.tsx
View File

@@ -1,4 +1,6 @@
import { AuthForm } from "@/components/auth/oss";
import { isGithubOAuthEnabled } from "@/lib/helper";
import { isGoogleOAuthEnabled } from "@/lib/helper";
import { SearchParamsProps } from "@/types";
const SignUp = ({ searchParams }: { searchParams: SearchParamsProps }) => {
@@ -7,7 +9,14 @@ const SignUp = ({ searchParams }: { searchParams: SearchParamsProps }) => {
? searchParams.invitation_token
: null;
return <AuthForm type="sign-up" invitationToken={invitationToken} />;
return (
<AuthForm
type="sign-up"
invitationToken={invitationToken}
isGoogleOAuthEnabled={isGoogleOAuthEnabled}
isGithubOAuthEnabled={isGithubOAuthEnabled}
/>
);
};
export default SignUp;

7
ui/components/auth/oss/auth-form.tsx
View File

@@ -25,10 +25,14 @@ export const AuthForm = ({
type,
invitationToken,
isCloudEnv,
isGoogleOAuthEnabled,
isGithubOAuthEnabled,
}: {
type: string;
invitationToken?: string | null;
isCloudEnv?: boolean;
isGoogleOAuthEnabled?: boolean;
isGithubOAuthEnabled?: boolean;
}) => {
const formSchema = authFormSchema(type);
const router = useRouter();
@@ -302,9 +306,11 @@ export const AuthForm = ({
variant="bordered"
as="a"
href={getAuthUrl("google")}
isDisabled={!isGoogleOAuthEnabled}
>
Continue with Google
</Button>
<Button
startContent={
<Icon
@@ -316,6 +322,7 @@ export const AuthForm = ({
variant="bordered"
as="a"
href={getAuthUrl("github")}
isDisabled={!isGithubOAuthEnabled}
>
Continue with Github
</Button>

8
ui/lib/helper.ts
View File

@@ -34,6 +34,14 @@ export const getAuthUrl = (provider: AuthSocialProvider) => {
return url.toString();
};
export const isGoogleOAuthEnabled =
process.env.SOCIAL_GOOGLE_OAUTH_CLIENT_ID !== "" &&
process.env.SOCIAL_GOOGLE_OAUTH_CLIENT_SECRET !== "";
export const isGithubOAuthEnabled =
process.env.SOCIAL_GITHUB_OAUTH_CLIENT_ID !== "" &&
process.env.SOCIAL_GITHUB_OAUTH_CLIENT_SECRET !== "";
export async function checkTaskStatus(
taskId: string,
): Promise<{ completed: boolean; error?: string }> {