-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(aws): review checks with wrong attributes #5503
base: master
Are you sure you want to change the base?
fix(aws): review checks with wrong attributes #5503
Conversation
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #5503 +/- ##
==========================================
+ Coverage 89.66% 89.67% +0.01%
==========================================
Files 1076 1085 +9
Lines 33305 33525 +220
==========================================
+ Hits 29862 30063 +201
- Misses 3443 3462 +19 ☔ View full report in Codecov by Sentry. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's a great one, so many improvements in our checks 🚀 Please review my comments when you get a chance, thanks!
@@ -11,8 +11,7 @@ def execute(self): | |||
report = Check_Report_AWS(self.metadata()) | |||
report.region = registry.region | |||
report.resource_id = registry.id | |||
# A registry cannot have tags | |||
report.resource_tags = [] | |||
report.resource_arn = ecr_client.audited_account_arn |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think here we should create our own ARN, what do you think?
@@ -67,11 +67,11 @@ def execute(self): | |||
utc | |||
): | |||
report.status = "FAIL" | |||
report.check_metadata.Severity = "high" | |||
report.check_metadata.Severity = Severity.high |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please, add a test to cover this scenarion.
@@ -11,6 +11,7 @@ def execute(self) -> Check_Report_AWS: | |||
for domain in route53domains_client.domains.values(): | |||
report = Check_Report_AWS(self.metadata()) | |||
report.resource_id = domain.name | |||
report.resource_arn = route53domains_client.audited_account_arn |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The same again to create an ARN for this one.
@@ -11,6 +11,7 @@ def execute(self) -> Check_Report_AWS: | |||
for domain in route53domains_client.domains.values(): | |||
report = Check_Report_AWS(self.metadata()) | |||
report.resource_id = domain.name | |||
report.resource_arn = route53domains_client.audited_account_arn |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The same again to create an ARN for this one.
self._list_web_acls() | ||
self.__threading_call__(self._get_web_acl, self.web_acls.values()) | ||
self.__threading_call__(self._get_logging_configuration, self.web_acls.values()) | ||
if self.audited_partition == "aws": |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why only aws
? China has also CloudFront, at least by our regions file.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can see in https://docs.aws.amazon.com/general/latest/gr/waf-classic.html that only this partition is supported.
@jfagoagas comments were solved! |
Context
Some checks did not have ARN, Resource Type or
Recommendation.Text
, which was making SecurityHub failing when sending findings.Fix #5498.
Description
Checklist
License
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.