fix(resource filters): add missing resource filters

prowler-cloud · Oct 19, 2023 · 9dba760 · 9dba760
1 parent 5113b83
commit 9dba760
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 25 deletions.
diff --git a/prowler/providers/aws/services/documentdb/documentdb_service.py b/prowler/providers/aws/services/documentdb/documentdb_service.py
@@ -3,6 +3,7 @@
 from pydantic import BaseModel
 
 from prowler.lib.logger import logger
+from prowler.lib.scan_filters.scan_filters import is_resource_filtered
 from prowler.providers.aws.lib.service.service import AWSService
 
 
@@ -34,18 +35,21 @@ def __describe_db_instances__(self, regional_client):
             ):
                 for instance in page["DBInstances"]:
                     instance_arn = instance["DBInstanceArn"]
-                    self.db_instances[instance_arn] = Instance(
-                        id=instance["DBInstanceIdentifier"],
-                        arn=instance["DBInstanceArn"],
-                        engine=instance["Engine"],
-                        engine_version=instance["EngineVersion"],
-                        status=instance["DBInstanceStatus"],
-                        public=instance["PubliclyAccessible"],
-                        encrypted=instance["StorageEncrypted"],
-                        cluster_id=instance.get("DBClusterIdentifier"),
-                        region=regional_client.region,
-                        tags=instance.get("TagList", []),
-                    )
+                    if not self.audit_resources or (
+                        is_resource_filtered(instance_arn, self.audit_resources)
+                    ):
+                        self.db_instances[instance_arn] = Instance(
+                            id=instance["DBInstanceIdentifier"],
+                            arn=instance["DBInstanceArn"],
+                            engine=instance["Engine"],
+                            engine_version=instance["EngineVersion"],
+                            status=instance["DBInstanceStatus"],
+                            public=instance["PubliclyAccessible"],
+                            encrypted=instance["StorageEncrypted"],
+                            cluster_id=instance.get("DBClusterIdentifier"),
+                            region=regional_client.region,
+                            tags=instance.get("TagList", []),
+                        )
 
         except Exception as error:
             logger.error(

diff --git a/prowler/providers/aws/services/elasticache/elasticache_service.py b/prowler/providers/aws/services/elasticache/elasticache_service.py
@@ -3,6 +3,7 @@
 from pydantic import BaseModel
 
 from prowler.lib.logger import logger
+from prowler.lib.scan_filters.scan_filters import is_resource_filtered
 from prowler.providers.aws.lib.service.service import AWSService
 
 
@@ -23,12 +24,15 @@ def __describe_cache_clusters__(self, regional_client):
                 "CacheClusters"
             ]:
                 cluster_arn = cache_cluster["ARN"]
-                self.clusters[cluster_arn] = Cluster(
-                    id=cache_cluster["CacheClusterId"],
-                    arn=cluster_arn,
-                    region=regional_client.region,
-                    cache_subnet_group_id=cache_cluster["CacheSubnetGroupName"],
-                )
+                if not self.audit_resources or (
+                    is_resource_filtered(cluster_arn, self.audit_resources)
+                ):
+                    self.clusters[cluster_arn] = Cluster(
+                        id=cache_cluster["CacheClusterId"],
+                        arn=cluster_arn,
+                        region=regional_client.region,
+                        cache_subnet_group_id=cache_cluster["CacheSubnetGroupName"],
+                    )
         except Exception as error:
             logger.error(
                 f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"

diff --git a/prowler/providers/aws/services/neptune/neptune_service.py b/prowler/providers/aws/services/neptune/neptune_service.py
@@ -3,6 +3,7 @@
 from pydantic import BaseModel
 
 from prowler.lib.logger import logger
+from prowler.lib.scan_filters.scan_filters import is_resource_filtered
 from prowler.providers.aws.lib.service.service import AWSService
 
 
@@ -31,13 +32,16 @@ def __describe_clusters__(self, regional_client):
                 ],
             )["DBClusters"]:
                 cluster_arn = cluster["DBClusterArn"]
-                self.clusters[cluster_arn] = Cluster(
-                    arn=cluster_arn,
-                    name=cluster["DBClusterIdentifier"],
-                    id=cluster["DbClusterResourceId"],
-                    db_subnet_group_id=cluster["DBSubnetGroup"],
-                    region=regional_client.region,
-                )
+                if not self.audit_resources or (
+                    is_resource_filtered(cluster_arn, self.audit_resources)
+                ):
+                    self.clusters[cluster_arn] = Cluster(
+                        arn=cluster_arn,
+                        name=cluster["DBClusterIdentifier"],
+                        id=cluster["DbClusterResourceId"],
+                        db_subnet_group_id=cluster["DBSubnetGroup"],
+                        region=regional_client.region,
+                    )
 
         except Exception as error:
             logger.error(