Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(eks_endpoints_not_publicly_accessible): handle endpoint private access #2825

Merged
merged 2 commits into from
Sep 22, 2023
Merged

fix(eks_endpoints_not_publicly_accessible): handle endpoint private access #2825

merged 2 commits into from
Sep 22, 2023

Conversation

Fennerr
Copy link
Contributor

@Fennerr Fennerr commented Sep 11, 2023

Context

This check would create false-negatives when the EKS API endpoint was set to "Public and private" and the Public access source allowlist was set to "0.0.0.0/0(open to all traffic)"

This change fixed this issue

Description

An EKS cluster could have cluster.endpoint_public_access and cluster.endpoint_private_access set to True. This would result in the AND bool operator failing, and the check would pass, when it should fail.

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@Fennerr
Update eks_endpoints_not_publicly_accessible.py
4a68bc1 
### Context
This check would create false-negatives when the EKS API endpoint was set to "Public and private" and the Public access source allowlist was set to "0.0.0.0/0(open to all traffic)"

This change fixed this issue


### Description

An EKS cluster could have cluster.endpoint_public_access and cluster.endpoint_private_access set to True. This would result in the AND bool operator failing, and the check would pass, when it should fail.
@Fennerr Fennerr requested a review from a team September 11, 2023 19:13
@codecov
Copy link

codecov bot commented Sep 11, 2023
edited
Loading

Codecov Report

Merging #2825 (3f56fa8) into master (8606a45) will increase coverage by 0.03%.
Report is 26 commits behind head on master.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##           master    #2825      +/-   ##
==========================================
+ Coverage   86.23%   86.26%   +0.03%     
==========================================
  Files         538      539       +1     
  Lines       17292    17295       +3     
==========================================
+ Hits        14911    14920       +9     
+ Misses       2381     2375       -6
Files Changed Coverage Δ
...ccessible/eks_endpoints_not_publicly_accessible.py 100.00% <100.00%> (ø)

... and 10 files with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

@MrCloudSec MrCloudSec changed the title Fix logic flaw in eks_endpoints_not_publicly_accessible.py fix(eks_endpoints_not_publicly_accessible): handle endpoint private access Sep 12, 2023
@jfagoagas jfagoagas added the provider/aws Issues/PRs related with the AWS provider label Sep 19, 2023
jfagoagas
jfagoagas approved these changes Sep 22, 2023
View reviewed changes
Copy link
Member

@jfagoagas jfagoagas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @Fennerr for all the contributions!!

I've included some missing asserts in the tests.

@MrCloudSec MrCloudSec merged commit 6204f6c into prowler-cloud:master Sep 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jfagoagas jfagoagas jfagoagas approved these changes

Assignees
No one assigned
Labels
provider/aws Issues/PRs related with the AWS provider
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Fennerr @jfagoagas @MrCloudSec