Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(fixer): add Prowler Fixer feature! #3634

Merged
merged 20 commits into from
Apr 2, 2024
Merged

feat(fixer): add Prowler Fixer feature! #3634

merged 20 commits into from
Apr 2, 2024

Conversation

MrCloudSec
Copy link
Member

@MrCloudSec MrCloudSec commented Apr 2, 2024
edited
Loading

Description

Add Prowler Fixer feature to fix checks when Prowler finds misconfigurations. At the moment, it is only included for check ec2_ebs_default_encryption.

prowler aws -c ec2_ebs_default_encryption --fixer
image

prowler aws --list-fixer
image

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@MrCloudSec MrCloudSec requested a review from a team April 2, 2024 07:45
@github-actions github-actions bot added the provider/aws Issues/PRs related with the AWS provider label Apr 2, 2024
jfagoagas
jfagoagas requested changes Apr 2, 2024
View reviewed changes
prowler/lib/check/check.py Outdated
@@ -419,12 +419,33 @@ def run_check(check: Check, output_options) -> list:
return findings


def run_fixer(check_findings, check_name, c):
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is c? Please use a more readable word, is free of cost!

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done!

prowler/providers/aws/services/ec2/ec2_service.py Outdated
@@ -410,6 +410,18 @@ def __get_ebs_encryption_settings__(self, regional_client):
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)

def __enable_ebs_encryption_by_default__(self, region):
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add a test for this in the service. Thanks!

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done!

@codecov Codecov
Copy link

codecov bot commented Apr 2, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 14.49275% with 59 lines in your changes are missing coverage. Please review.

Project coverage is 85.88%. Comparing base (175e8d2) to head (87949b6).
Report is 4 commits behind head on prowler-4.0-dev.

Files Patch % Lines
prowler/lib/check/check.py 6.52% 43 Missing ⚠️
prowler/__main__.py 0.00% 9 Missing ⚠️
prowler/lib/outputs/outputs.py 33.33% 2 Missing ⚠️
prowler/lib/banner.py 0.00% 1 Missing ⚠️
prowler/providers/aws/aws_provider.py 0.00% 1 Missing ⚠️
prowler/providers/azure/azure_provider.py 0.00% 1 Missing ⚠️
prowler/providers/gcp/gcp_provider.py 0.00% 1 Missing ⚠️
...rowler/providers/kubernetes/kubernetes_provider.py 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@                 Coverage Diff                 @@
##           prowler-4.0-dev    #3634      +/-   ##
===================================================
- Coverage            86.08%   85.88%   -0.21%     
===================================================
  Files                  705      719      +14     
  Lines                21868    22332     +464     
===================================================
+ Hits                 18826    19179     +353     
- Misses                3042     3153     +111

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@MrCloudSec MrCloudSec requested a review from jfagoagas April 2, 2024 09:06
jfagoagas
jfagoagas reviewed Apr 2, 2024
View reviewed changes
prowler/lib/check/check.py Outdated
Run the fixer for the check if it exists and there are any FAIL findings
Args:
check_findings (list): list of findings
check_name (str): check name
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you don't need the check name here, you can use check.CheckID.

jfagoagas
jfagoagas requested changes Apr 2, 2024
View reviewed changes
tests/providers/aws/services/ec2/ec2_service_test.py Outdated
@@ -544,3 +544,19 @@ def test__describe_volumes__(self):
assert ec2.volumes[0].tags == [
{"Key": "test", "Value": "test"},
]

# Test EC2 EBS Enabling Encryption by Default
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lovely!

@MrCloudSec MrCloudSec requested a review from jfagoagas April 2, 2024 09:19
@jfagoagas jfagoagas added the no-merge Please, DO NOT MERGE this PR. label Apr 2, 2024
@github-actions github-actions bot added provider/azure Issues/PRs related with the Azure provider provider/gcp Issues/PRs related with the Google Cloud Platform provider provider/kubernetes Issues/PRs related with the Kubernetes provider labels Apr 2, 2024
jfagoagas
jfagoagas approved these changes Apr 2, 2024
View reviewed changes
prowler/lib/banner.py
@@ -15,7 +15,7 @@ def print_banner(args):
"""
print(banner)

if args.verbose:
if args.verbose or getattr(args, "fix", None):
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If this needs to be done force the verbose to be True if the fix is set, I think is more than enough to have one argument to control the outputs.

@jfagoagas jfagoagas merged commit 45978bd into prowler-4.0-dev Apr 2, 2024
9 of 11 checks passed
@jfagoagas jfagoagas deleted the prowler-fixer branch April 2, 2024 15:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jfagoagas jfagoagas jfagoagas approved these changes

Assignees
No one assigned
Labels
no-merge Please, DO NOT MERGE this PR. provider/aws Issues/PRs related with the AWS provider provider/azure Issues/PRs related with the Azure provider provider/gcp Issues/PRs related with the Google Cloud Platform provider provider/kubernetes Issues/PRs related with the Kubernetes provider
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@MrCloudSec @jfagoagas