Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(fixer): improve fixer logic and include more #3750

Merged
merged 36 commits into from
Apr 15, 2024
Merged

chore(fixer): improve fixer logic and include more #3750

merged 36 commits into from
Apr 15, 2024

Conversation

MrCloudSec
Copy link
Member

Description

• Add 8 fixers
• Add fixer config file among --config-fixer flag.
• Improve fixer execution
• Add documentation

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@MrCloudSec MrCloudSec requested a review from a team April 10, 2024 13:46
@github-actions github-actions bot added documentation provider/aws Issues/PRs related with the AWS provider provider/azure Issues/PRs related with the Azure provider provider/gcp Issues/PRs related with the Google Cloud Platform provider provider/kubernetes Issues/PRs related with the Kubernetes provider labels Apr 10, 2024
@github-actions GitHub Actions
Copy link
Contributor

You can check the documentation for this PR here -> SaaS Documentation

@github-actions GitHub Actions
Copy link
Contributor

You can check the documentation for this PR here -> SaaS Documentation

@github-actions GitHub Actions
Copy link
Contributor

You can check the documentation for this PR here -> SaaS Documentation

jfagoagas
jfagoagas requested changes Apr 11, 2024
View reviewed changes
Copy link
Member

@jfagoagas jfagoagas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thats a great improvement @sergargar !!! 👏

Please review my comments and add tests for all the new included fixers, thanks!

docs/tutorials/fixer.md
```

## Writing a Fixer
To write a fixer, you need to create a file called `<check_id>_fixer.py` inside the check folder, with a function called `fixer` that receives either the region or the resource to be fixed as a parameter, and returns a boolean value indicating if the fix was successful or not.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What if the fixer needs the region and the resource_id?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is not contemplated, but good point...

prowler/lib/check/check.py
@@ -462,15 +468,18 @@ def run_check(check: Check, output_options) -> list:
return findings


def run_fixer(check_findings: list):
def run_fixer(check_findings: list) -> int:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we have tests for this function? If not please add some.

prowler/lib/check/check.py
Comment on lines +509 to +512
fixed_findings += 1
print(f"\t{Fore.GREEN}DONE{Style.RESET_ALL}")
else:
print(f"\t{Fore.RED}ERROR{Style.RESET_ALL}")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you move this to a function not to repeat it? Something like print_fixer_result.

...ices/s3/s3_account_level_public_access_blocks/s3_account_level_public_access_blocks_fixer.py
bool: True if S3 Block Public Access is enabled, False otherwise
"""
try:
s3control_client.client.put_public_access_block(
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add a test for this function.

@MrCloudSec MrCloudSec requested a review from a team April 15, 2024 08:24
@github-actions GitHub Actions
Copy link
Contributor

You can check the documentation for this PR here -> SaaS Documentation

@MrCloudSec @jfagoagas
fix spaces
a478025 
Co-authored-by: Pepe Fagoaga <[email protected]>
@github-actions GitHub Actions
Copy link
Contributor

You can check the documentation for this PR here -> SaaS Documentation

@github-actions GitHub Actions
Copy link
Contributor

You can check the documentation for this PR here -> SaaS Documentation

@github-actions GitHub Actions
Copy link
Contributor

You can check the documentation for this PR here -> SaaS Documentation

@github-actions GitHub Actions
Copy link
Contributor

You can check the documentation for this PR here -> SaaS Documentation

@github-actions GitHub Actions
Copy link
Contributor

You can check the documentation for this PR here -> SaaS Documentation

@github-actions GitHub Actions
Copy link
Contributor

You can check the documentation for this PR here -> SaaS Documentation

jfagoagas
jfagoagas previously approved these changes Apr 15, 2024
View reviewed changes
Copy link
Member

@jfagoagas jfagoagas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome! Thanks for taking care of the comments 🚀

jfagoagas and others added 18 commits April 15, 2024 17:05
@jfagoagas @MrCloudSec
chore(dashboard): Use Prowler CLI parser (#3722)
b4281d3
@jfagoagas @MrCloudSec
fix(ocsf): Include check_id as metadata.event_code (#3748)
08484fe
@n4ch04 @MrCloudSec
chore(regions_update): Changes in regions for AWS services. (#3755)
a9046ad 
Co-authored-by: sergargar <[email protected]>
@dependabot @MrCloudSec
chore(deps): bump idna from 3.6 to 3.7 (#3758)
f46f6f4 
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@pedrooot @MrCloudSec
docs(threat-detection): Add threat-detection docs (#3757)
752389b
@pedrooot @jfagoagas @MrCloudSec
fix(json-ocsf): Remove risk field from unmapped (#3759)
45f192f 
Co-authored-by: Pepe Fagoaga <[email protected]>
@pedrooot @MrCloudSec
fix(wafv2): Handle WAFNonexistentItemException (#3761)
c7e8a4e
@pedrooot @MrCloudSec
fix(compliance): Add muted info to compliance outputs (#3751)
bed1871
@jfagoagas @MrCloudSec
fix(mutelist): if all fails are muted do exit 0 (#3754)
ac610ae
@jfagoagas @MrCloudSec
chore(codeowners): Add prowler-dev team (#3763)
17fe320
@jfagoagas @pedrooot @MrCloudSec
fix(ocsf): Add compliance (#3753)
c91a6e7 
Co-authored-by: pedrooot <[email protected]>
@pedrooot @MrCloudSec
docs(compliance): Change images for compliance (#3760)
ecd6442
@puchy22 @jfagoagas @MrCloudSec
docs(devel-guide): Adding some improves and clarifications to develop…
04f67a9 
…er guide (#3749)

Co-authored-by: Pepe Fagoaga <[email protected]>
@n4ch04 @MrCloudSec
chore(regions_update): Changes in regions for AWS services. (#3765)
f5cb77f 
Co-authored-by: sergargar <[email protected]>
@jfagoagas @MrCloudSec
fix(security-hub): MUTED -> WARNING (#3768)
d4f4e40
@puchy22 @jfagoagas @MrCloudSec
docs(devel-guide): Add provider section and remove audit_info section (
11a4ab3 
…#3756)

Co-authored-by: Pepe Fagoaga <[email protected]>
@puchy22 @jfagoagas @MrCloudSec
docs(unit-testing): Update the unit testing section (#3764)
776593d 
Co-authored-by: Pepe Fagoaga <[email protected]>
@jfagoagas @MrCloudSec
fix(slack): Use global provider object (#3770)
8e61da2
@github-actions GitHub Actions
Copy link
Contributor

You can check the documentation for this PR here -> SaaS Documentation

@github-actions GitHub Actions
Copy link
Contributor

You can check the documentation for this PR here -> SaaS Documentation

@MrCloudSec MrCloudSec requested a review from jfagoagas April 15, 2024 15:13
@codecov Codecov
Copy link

codecov bot commented Apr 15, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 64.34109% with 46 lines in your changes are missing coverage. Please review.

Project coverage is 85.49%. Comparing base (fc7ec18) to head (d6099ea).

Files Patch % Lines
prowler/lib/check/check.py 16.66% 15 Missing ⚠️
prowler/__main__.py 0.00% 4 Missing ⚠️
..._expires_passwords_within_90_days_or_less_fixer.py 66.66% 3 Missing ⚠️
...y_lowercase/iam_password_policy_lowercase_fixer.py 66.66% 3 Missing ⚠️
..._14/iam_password_policy_minimum_length_14_fixer.py 66.66% 3 Missing ⚠️
..._policy_number/iam_password_policy_number_fixer.py 66.66% 3 Missing ⚠️
...icy_reuse_24/iam_password_policy_reuse_24_fixer.py 66.66% 3 Missing ⚠️
..._policy_symbol/iam_password_policy_symbol_fixer.py 66.66% 3 Missing ⚠️
...y_uppercase/iam_password_policy_uppercase_fixer.py 66.66% 3 Missing ⚠️
...cks/s3_account_level_public_access_blocks_fixer.py 66.66% 3 Missing ⚠️
... and 3 more
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #3750      +/-   ##
==========================================
- Coverage   85.61%   85.49%   -0.12%     
==========================================
  Files         722      731       +9     
  Lines       22527    22653     +126     
==========================================
+ Hits        19286    19368      +82     
- Misses       3241     3285      +44

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

jfagoagas
jfagoagas reviewed Apr 15, 2024
View reviewed changes
tests/config/fixtures/config.yaml
@@ -1,3 +1,5 @@
# TODO: UPDATE YAML
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is this?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To update the config yaml with the latest changes, meaning that we have to update the tests.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't saw that it was the fixtures one, thanks!

@jfagoagas jfagoagas self-requested a review April 15, 2024 15:44
@jfagoagas jfagoagas merged commit 99bd637 into master Apr 15, 2024
10 of 12 checks passed
@jfagoagas jfagoagas deleted the fixers-part-2 branch April 15, 2024 15:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jfagoagas jfagoagas jfagoagas approved these changes

Assignees

@MrCloudSec MrCloudSec

Labels
documentation provider/aws Issues/PRs related with the AWS provider provider/azure Issues/PRs related with the Azure provider provider/gcp Issues/PRs related with the Google Cloud Platform provider provider/kubernetes Issues/PRs related with the Kubernetes provider
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@MrCloudSec @jfagoagas @n4ch04 @pedrooot @puchy22