From 06c16e7825145ec67c91f5d4246a70f89e272699 Mon Sep 17 00:00:00 2001 From: kagahd Date: Wed, 5 Jun 2024 10:51:16 +0200 Subject: [PATCH 1/5] add prowler v4 parser --- .../parsers/file/aws_prowler_v4.md | 102 ++++++++ dojo/tools/aws_prowler_v4/__init__.py | 0 dojo/tools/aws_prowler_v4/parser.py | 109 ++++++++ unittests/scans/aws_prowler_v4/many_vuln.json | 247 ++++++++++++++++++ unittests/scans/aws_prowler_v4/no_vuln.json | 1 + unittests/scans/aws_prowler_v4/one_vuln.json | 80 ++++++ unittests/tools/test_aws_prowler_v4_parser.py | 40 +++ 7 files changed, 579 insertions(+) create mode 100644 docs/content/en/integrations/parsers/file/aws_prowler_v4.md create mode 100644 dojo/tools/aws_prowler_v4/__init__.py create mode 100644 dojo/tools/aws_prowler_v4/parser.py create mode 100644 unittests/scans/aws_prowler_v4/many_vuln.json create mode 100644 unittests/scans/aws_prowler_v4/no_vuln.json create mode 100644 unittests/scans/aws_prowler_v4/one_vuln.json create mode 100644 unittests/tools/test_aws_prowler_v4_parser.py diff --git a/docs/content/en/integrations/parsers/file/aws_prowler_v4.md b/docs/content/en/integrations/parsers/file/aws_prowler_v4.md new file mode 100644 index 00000000000..77f8ff10aad --- /dev/null +++ b/docs/content/en/integrations/parsers/file/aws_prowler_v4.md @@ -0,0 +1,102 @@ +--- +title: "AWS Prowler V3" +toc_hide: true +--- + +### File Types +DefectDojo parser accepts a .json-ocsf file. Please note: earlier versions of AWS Prowler create output data in a different format. See our other documentation if you are using an earlier version of AWS Prowler: +* [Prowler v2](https://documentation.defectdojo.com/integrations/parsers/file/aws_prowler/) +* [Prowler v3](https://documentation.defectdojo.com/integrations/parsers/file/aws_prowler_v3/) + +JSON reports can be created from the [AWS Prowler V4 CLI](https://docs.prowler.cloud/en/latest/tutorials/reporting/#json) using the following command: `prowler -M json-ocsf` + +### Acceptable JSON Format +The parser expects an array of assessments. All properties are strings and are required by the parser. + +~~~ + +[{ + "metadata": { + "event_code": "iam_role_administratoraccess_policy_permissive_trust_relationship", + "product": { + "name": "Prowler", + "vendor_name": "Prowler", + "version": "4.2.1" + }, + "version": "1.2.0" + }, + "severity_id": 4, + "severity": "High", + "status": "Suppressed", + "status_code": "FAIL", + "status_detail": "IAM Role myAdministratorExecutionRole has AdministratorAccess policy attached that has too permissive trust relationship.", + "status_id": 3, + "unmapped": { + "check_type": "", + "related_url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#jf_administrator", + "categories": "trustboundaries", + "depends_on": "", + "related_to": "", + "notes": "CAF Security Epic: IAM", + "compliance": {} + }, + "activity_name": "Create", + "activity_id": 1, + "finding_info": { + "created_time": "2024-06-03T14:15:19.382075", + "desc": "Ensure IAM Roles with attached AdministratorAccess policy have a well defined trust relationship", + "product_uid": "prowler", + "title": "Ensure IAM Roles with attached AdministratorAccess policy have a well defined trust relationship", + "uid": "prowler-aws-iam_role_administratoraccess_policy_permissive_trust_relationship-123456789012-us-east-1-myAdministratorExecutionRole" + }, + "resources": [ + { + "cloud_partition": "aws", + "region": "us-east-1", + "data": { + "details": "" + }, + "group": { + "name": "iam" + }, + "labels": [], + "name": "myAdministratorExecutionRole", + "type": "AwsIamRole", + "uid": "arn:aws:iam::123456789012:role/myAdministratorExecutionRole" + } + ], + "category_name": "Findings", + "category_uid": 2, + "class_name": "DetectionFinding", + "class_uid": 2004, + "cloud": { + "account": { + "name": "", + "type": "AWS_Account", + "type_id": 10, + "uid": "123456789012", + "labels": [] + }, + "org": { + "name": "", + "uid": "" + }, + "provider": "aws", + "region": "us-east-1" + }, + "event_time": "2024-06-03T14:15:19.382075", + "remediation": { + "desc": "Apply the principle of least privilege. Instead of AdministratorAccess, assign only the permissions necessary for specific roles and tasks. Create custom IAM policies with minimal permissions based on the principle of least privilege. If a role really needs AdministratorAccess, the trust relationship must be well defined to restrict it usage only to the Principal, Action, Audience and Subject intended for it.", + "references": [ + "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege" + ] + }, + "risk_details": "The AWS-managed AdministratorAccess policy grants all actions for all AWS services and for all resources in the account and as such exposes the customer to a significant data leakage threat. It is therefore particularly important that the trust relationship is well defined to restrict it usage only to the Principal, Action, Audience and Subject intended for it.", + "type_uid": 200401, + "type_name": "Create" +}] + +~~~ + +### Sample Scan Data +Unit tests of AWS Prowler V4 JSON-OCSF can be found at https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/aws_prowler_v4. \ No newline at end of file diff --git a/dojo/tools/aws_prowler_v4/__init__.py b/dojo/tools/aws_prowler_v4/__init__.py new file mode 100644 index 00000000000..e69de29bb2d diff --git a/dojo/tools/aws_prowler_v4/parser.py b/dojo/tools/aws_prowler_v4/parser.py new file mode 100644 index 00000000000..f8298104cc1 --- /dev/null +++ b/dojo/tools/aws_prowler_v4/parser.py @@ -0,0 +1,109 @@ + +import hashlib +import json +import textwrap +from datetime import date + +from dojo.models import Finding + + +class AWSProwlerV4Parser: + SCAN_TYPE = ["AWS Prowler V4"] + + def get_scan_types(self): + return AWSProwlerV4Parser.SCAN_TYPE + + def get_label_for_scan_types(self, scan_type): + return AWSProwlerV4Parser.SCAN_TYPE[0] + + def get_description_for_scan_types(self, scan_type): + return "Export of AWS Prowler V4 JSON OCSF v1.1.0 format." + + def get_findings(self, file, test): + if file.name.lower().endswith('.json'): + return self.process_json(file, test) + else: + msg = 'Unknown file format' + raise ValueError(msg) + + def process_json(self, file, test): + dupes = {} + + data = json.load(file) + # mapping of json fields between Prowler v3 and v4: + # https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/reporting/#json + for deserialized in data: + + status = deserialized.get('status_code') + if status.upper() != 'FAIL': + continue + + account_id = deserialized.get('cloud', {}).get('account', {}).get("uid", '') + region = deserialized.get('resources', [{}])[0].get('region', '') + provider = deserialized.get('cloud', {}).get('provider', '') + compliance = '' + compliance_field = deserialized.get('unmapped', {}).get("compliance", {}) + if compliance_field: + compliance = ' | '.join([f"{key}:{','.join(value)}" for key, value in compliance_field.items()]) + result_extended = deserialized.get('status_detail') + general_description = deserialized.get('finding_info', {}).get('desc', '') + asff_compliance_type = deserialized.get('unmapped', {}).get('check_type', '') + severity = deserialized.get('severity', 'Info').capitalize() + aws_service_name = deserialized.get('resources', [{}])[0].get('group', {}).get('name', '') + impact = deserialized.get('risk_details') + mitigation = deserialized.get('remediation', {}).get("desc", '') + documentation = deserialized.get('remediation', {}).get("references", '') + documentation = str(documentation) + "\n" + str(deserialized.get('unmapped', {}).get('related_url', '')) + security_domain = deserialized.get('resources', [{}])[0].get('type', '') + timestamp = deserialized.get("event_time") + resource_arn = deserialized.get('resources', [{}])[0].get('uid', '') + resource_id = deserialized.get('resources', [{}])[0].get('name', '') + unique_id_from_tool = deserialized.get('finding_info', {}).get('uid', '') + if not resource_arn or resource_arn == "": + component_name = str(provider) + "-" + str(account_id) + "-" + str(region) + "-" + str(resource_id) + else: + component_name = resource_arn + + description = "**Issue:** " + str(result_extended) + \ + "\n**Description:** " + str(general_description) + \ + "\n**AWS Account:** " + str(account_id) + \ + "\n**Region:** " + str(region) + \ + "\n**AWS Service:** " + str(aws_service_name) + \ + "\n**Security Domain:** " + str(security_domain) + \ + "\n**Compliance:** " + str(compliance) + \ + "\n**ASFF Compliance Type:** " + str(asff_compliance_type) + + + # improving key to get duplicates + dupe_key = hashlib.sha256(unique_id_from_tool.encode('utf-8')).hexdigest() + if dupe_key in dupes: + find = dupes[dupe_key] + if description is not None: + find.description += description + "\n\n" + find.nb_occurences += 1 + else: + find = Finding( + title=textwrap.shorten(result_extended, 150), + cwe=1032, # Security Configuration Weaknesses, would like to fine tune + test=test, + description=description, + component_name=component_name, + unique_id_from_tool=unique_id_from_tool, + severity=severity, + references=documentation, + date=date.fromisoformat(timestamp[:10]), + static_finding=True, + dynamic_finding=False, + nb_occurences=1, + mitigation=mitigation, + impact=impact, + ) + dupes[dupe_key] = find + + return list(dupes.values()) + + def formatview(self, depth): + if depth > 1: + return "* " + else: + return "" diff --git a/unittests/scans/aws_prowler_v4/many_vuln.json b/unittests/scans/aws_prowler_v4/many_vuln.json new file mode 100644 index 00000000000..e0f563c2a05 --- /dev/null +++ b/unittests/scans/aws_prowler_v4/many_vuln.json @@ -0,0 +1,247 @@ +[{ + "metadata": { + "event_code": "iam_role_administratoraccess_policy_permissive_trust_relationship", + "product": { + "name": "Prowler", + "vendor_name": "Prowler", + "version": "4.2.1" + }, + "version": "1.2.0" + }, + "severity_id": 4, + "severity": "High", + "status": "Suppressed", + "status_code": "FAIL", + "status_detail": "IAM Role myAdministratorExecutionRole has AdministratorAccess policy attached that has too permissive trust relationship.", + "status_id": 3, + "unmapped": { + "check_type": "", + "related_url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#jf_administrator", + "categories": "trustboundaries", + "depends_on": "", + "related_to": "", + "notes": "CAF Security Epic: IAM", + "compliance": {} + }, + "activity_name": "Create", + "activity_id": 1, + "finding_info": { + "created_time": "2024-06-03T14:15:19.382075", + "desc": "Ensure IAM Roles with attached AdministratorAccess policy have a well defined trust relationship", + "product_uid": "prowler", + "title": "Ensure IAM Roles with attached AdministratorAccess policy have a well defined trust relationship", + "uid": "prowler-aws-iam_role_administratoraccess_policy_permissive_trust_relationship-123456789012-us-east-1-myAdministratorExecutionRole" + }, + "resources": [ + { + "cloud_partition": "aws", + "region": "us-east-1", + "data": { + "details": "" + }, + "group": { + "name": "iam" + }, + "labels": [], + "name": "myAdministratorExecutionRole", + "type": "AwsIamRole", + "uid": "arn:aws:iam::123456789012:role/myAdministratorExecutionRole" + } + ], + "category_name": "Findings", + "category_uid": 2, + "class_name": "DetectionFinding", + "class_uid": 2004, + "cloud": { + "account": { + "name": "", + "type": "AWS_Account", + "type_id": 10, + "uid": "123456789012", + "labels": [] + }, + "org": { + "name": "", + "uid": "" + }, + "provider": "aws", + "region": "us-east-1" + }, + "event_time": "2024-06-03T14:15:19.382075", + "remediation": { + "desc": "Apply the principle of least privilege. Instead of AdministratorAccess, assign only the permissions necessary for specific roles and tasks. Create custom IAM policies with minimal permissions based on the principle of least privilege. If a role really needs AdministratorAccess, the trust relationship must be well defined to restrict it usage only to the Principal, Action, Audience and Subject intended for it.", + "references": [ + "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege" + ] + }, + "risk_details": "The AWS-managed AdministratorAccess policy grants all actions for all AWS services and for all resources in the account and as such exposes the customer to a significant data leakage threat. It is therefore particularly important that the trust relationship is well defined to restrict it usage only to the Principal, Action, Audience and Subject intended for it.", + "type_uid": 200401, + "type_name": "Create" +},{ + "metadata": { + "event_code": "iam_role_cross_account_readonlyaccess_policy", + "product": { + "name": "Prowler", + "vendor_name": "Prowler", + "version": "4.2.1" + }, + "version": "1.2.0" + }, + "severity_id": 4, + "severity": "High", + "status": "Suppressed", + "status_code": "FAIL", + "status_detail": "IAM Role AuditRole gives cross account read-only access.", + "status_id": 3, + "unmapped": { + "check_type": "", + "related_url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#awsmp_readonlyaccess", + "categories": "trustboundaries", + "depends_on": "", + "related_to": "", + "notes": "CAF Security Epic: IAM", + "compliance": { + "MITRE-ATTACK": [ + "T1078" + ], + "AWS-Foundational-Technical-Review": [ + "IAM-0012" + ] + } + }, + "activity_name": "Create", + "activity_id": 1, + "finding_info": { + "created_time": "2024-06-03T14:15:19.382075", + "desc": "Ensure IAM Roles do not have ReadOnlyAccess access for external AWS accounts", + "product_uid": "prowler", + "title": "Ensure IAM Roles do not have ReadOnlyAccess access for external AWS accounts", + "uid": "prowler-aws-iam_role_cross_account_readonlyaccess_policy-123456789012-us-east-1-AuditRole" + }, + "resources": [ + { + "cloud_partition": "aws", + "region": "us-east-1", + "data": { + "details": "" + }, + "group": { + "name": "iam" + }, + "labels": [ + "some-label=some value" + ], + "name": "AuditRole", + "type": "AwsIamRole", + "uid": "arn:aws:iam::123456789012:role/AuditRole" + } + ], + "category_name": "Findings", + "category_uid": 2, + "class_name": "DetectionFinding", + "class_uid": 2004, + "cloud": { + "account": { + "name": "", + "type": "AWS_Account", + "type_id": 10, + "uid": "123456789012", + "labels": [] + }, + "org": { + "name": "", + "uid": "" + }, + "provider": "aws", + "region": "us-east-1" + }, + "event_time": "2024-06-03T14:15:19.382075", + "remediation": { + "desc": "Remove the AWS-managed ReadOnlyAccess policy from all roles that have a trust policy, including third-party cloud accounts, or remove third-party cloud accounts from the trust policy of all roles that need the ReadOnlyAccess policy.", + "references": [ + "https://docs.securestate.vmware.com/rule-docs/aws-iam-role-cross-account-readonlyaccess-policy" + ] + }, + "risk_details": "The AWS-managed ReadOnlyAccess policy is highly potent and exposes the customer to a significant data leakage threat. It should be granted very conservatively. For granting access to 3rd party vendors, consider using alternative managed policies, such as ViewOnlyAccess or SecurityAudit.", + "type_uid": 200401, + "type_name": "Create" +},{ + "metadata": { + "event_code": "iam_role_permissive_trust_relationship", + "product": { + "name": "Prowler", + "vendor_name": "Prowler", + "version": "4.2.1" + }, + "version": "1.2.0" + }, + "severity_id": 4, + "severity": "High", + "status": "Suppressed", + "status_code": "FAIL", + "status_detail": "IAM Role CrossAccountResourceAccessRole has permissive trust relationship to other accounts", + "status_id": 3, + "unmapped": { + "check_type": "", + "related_url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html#principal-accounts", + "categories": "trustboundaries", + "depends_on": "", + "related_to": "", + "notes": "CAF Security Epic: IAM", + "compliance": {} + }, + "activity_name": "Create", + "activity_id": 1, + "finding_info": { + "created_time": "2024-06-03T14:15:19.382075", + "desc": "Ensure IAM Roles do not allow assume role from any role of a cross account", + "product_uid": "prowler", + "title": "Ensure IAM Roles do not allow assume role from any role of a cross account", + "uid": "prowler-aws-iam_role_permissive_trust_relationship-123456789012-us-east-1-CrossAccountResourceAccessRole" + }, + "resources": [ + { + "cloud_partition": "aws", + "region": "us-east-1", + "data": { + "details": "" + }, + "group": { + "name": "iam" + }, + "labels": [], + "name": "CrossAccountResourceAccessRole", + "type": "AwsIamRole", + "uid": "arn:aws:iam::123456789012:role/CrossAccountResourceAccessRole" + } + ], + "category_name": "Findings", + "category_uid": 2, + "class_name": "DetectionFinding", + "class_uid": 2004, + "cloud": { + "account": { + "name": "", + "type": "AWS_Account", + "type_id": 10, + "uid": "123456789012", + "labels": [] + }, + "org": { + "name": "", + "uid": "" + }, + "provider": "aws", + "region": "us-east-1" + }, + "event_time": "2024-06-03T14:15:19.382075", + "remediation": { + "desc": "Ensure IAM Roles do not allow assume role from any role of a cross account but only from specific roles of specific accounts.", + "references": [ + "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html#principal-roles" + ] + }, + "risk_details": "If an IAM role allows assume role from any role of a cross account, it can lead to privilege escalation.", + "type_uid": 200401, + "type_name": "Create" +}] \ No newline at end of file diff --git a/unittests/scans/aws_prowler_v4/no_vuln.json b/unittests/scans/aws_prowler_v4/no_vuln.json new file mode 100644 index 00000000000..0637a088a01 --- /dev/null +++ b/unittests/scans/aws_prowler_v4/no_vuln.json @@ -0,0 +1 @@ +[] \ No newline at end of file diff --git a/unittests/scans/aws_prowler_v4/one_vuln.json b/unittests/scans/aws_prowler_v4/one_vuln.json new file mode 100644 index 00000000000..5e45f2077e3 --- /dev/null +++ b/unittests/scans/aws_prowler_v4/one_vuln.json @@ -0,0 +1,80 @@ +[{ + "metadata": { + "event_code": "iam_role_administratoraccess_policy_permissive_trust_relationship", + "product": { + "name": "Prowler", + "vendor_name": "Prowler", + "version": "4.2.1" + }, + "version": "1.2.0" + }, + "severity_id": 4, + "severity": "High", + "status": "Suppressed", + "status_code": "FAIL", + "status_detail": "IAM Role myAdministratorExecutionRole has AdministratorAccess policy attached that has too permissive trust relationship.", + "status_id": 3, + "unmapped": { + "check_type": "", + "related_url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#jf_administrator", + "categories": "trustboundaries", + "depends_on": "", + "related_to": "", + "notes": "CAF Security Epic: IAM", + "compliance": {} + }, + "activity_name": "Create", + "activity_id": 1, + "finding_info": { + "created_time": "2024-06-03T14:15:19.382075", + "desc": "Ensure IAM Roles with attached AdministratorAccess policy have a well defined trust relationship", + "product_uid": "prowler", + "title": "Ensure IAM Roles with attached AdministratorAccess policy have a well defined trust relationship", + "uid": "prowler-aws-iam_role_administratoraccess_policy_permissive_trust_relationship-123456789012-us-east-1-myAdministratorExecutionRole" + }, + "resources": [ + { + "cloud_partition": "aws", + "region": "us-east-1", + "data": { + "details": "" + }, + "group": { + "name": "iam" + }, + "labels": [], + "name": "myAdministratorExecutionRole", + "type": "AwsIamRole", + "uid": "arn:aws:iam::123456789012:role/myAdministratorExecutionRole" + } + ], + "category_name": "Findings", + "category_uid": 2, + "class_name": "DetectionFinding", + "class_uid": 2004, + "cloud": { + "account": { + "name": "", + "type": "AWS_Account", + "type_id": 10, + "uid": "123456789012", + "labels": [] + }, + "org": { + "name": "", + "uid": "" + }, + "provider": "aws", + "region": "us-east-1" + }, + "event_time": "2024-06-03T14:15:19.382075", + "remediation": { + "desc": "Apply the principle of least privilege. Instead of AdministratorAccess, assign only the permissions necessary for specific roles and tasks. Create custom IAM policies with minimal permissions based on the principle of least privilege. If a role really needs AdministratorAccess, the trust relationship must be well defined to restrict it usage only to the Principal, Action, Audience and Subject intended for it.", + "references": [ + "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege" + ] + }, + "risk_details": "The AWS-managed AdministratorAccess policy grants all actions for all AWS services and for all resources in the account and as such exposes the customer to a significant data leakage threat. It is therefore particularly important that the trust relationship is well defined to restrict it usage only to the Principal, Action, Audience and Subject intended for it.", + "type_uid": 200401, + "type_name": "Create" +}] \ No newline at end of file diff --git a/unittests/tools/test_aws_prowler_v4_parser.py b/unittests/tools/test_aws_prowler_v4_parser.py new file mode 100644 index 00000000000..74e97050f6e --- /dev/null +++ b/unittests/tools/test_aws_prowler_v4_parser.py @@ -0,0 +1,40 @@ +from dojo.models import Test +from dojo.tools.aws_prowler_v4.parser import AWSProwlerV4Parser + +from ..dojo_test_case import DojoTestCase + + +class TestAwsProwlerV4Parser(DojoTestCase): + def setup(self, testfile): + parser = AWSProwlerV4Parser() + findings = parser.get_findings(testfile, Test()) + testfile.close() + return findings + + def test_aws_prowler_parser_with_no_vuln_has_no_findings_json(self): + findings = self.setup( + open("unittests/scans/aws_prowler_v4/no_vuln.json")) + self.assertEqual(0, len(findings)) + + def test_aws_prowler_parser_with_critical_vuln_has_one_findings_json(self): + findings = self.setup( + open("unittests/scans/aws_prowler_v4/one_vuln.json")) + self.assertEqual(1, len(findings)) + self.assertEqual("prowler-aws-iam_role_administratoraccess_policy_permissive_trust_relationship-123456789012-us-east-1-myAdministratorExecutionRole", findings[0].unique_id_from_tool) + self.assertIn('Ensure IAM Roles with attached AdministratorAccess policy have a well defined trust relationship', findings[0].description) + self.assertEqual("arn:aws:iam::123456789012:role/myAdministratorExecutionRole", findings[0].component_name) + self.assertIn('https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege', findings[0].references) + + def test_aws_prowler_parser_with_many_vuln_has_many_findings_json(self): + findings = self.setup( + open("unittests/scans/aws_prowler_v4/many_vuln.json")) + self.assertEqual(3, len(findings)) + with self.subTest(i=0): + self.assertEqual("prowler-aws-iam_role_administratoraccess_policy_permissive_trust_relationship-123456789012-us-east-1-myAdministratorExecutionRole", findings[0].unique_id_from_tool) + self.assertIn('Ensure IAM Roles with attached AdministratorAccess policy have a well defined trust relationship', findings[0].description) + with self.subTest(i=1): + self.assertEqual("prowler-aws-iam_role_cross_account_readonlyaccess_policy-123456789012-us-east-1-AuditRole", findings[1].unique_id_from_tool) + self.assertIn('Ensure IAM Roles do not have ReadOnlyAccess access for external AWS accounts', findings[1].description) + with self.subTest(i=3): + self.assertEqual("prowler-aws-iam_role_permissive_trust_relationship-123456789012-us-east-1-CrossAccountResourceAccessRole", findings[2].unique_id_from_tool) + self.assertIn('Ensure IAM Roles do not allow assume role from any role of a cross account', findings[2].description) From b76f19b6a6c96ba97f74203f876891b7761a3fb1 Mon Sep 17 00:00:00 2001 From: kagahd Date: Wed, 5 Jun 2024 10:55:03 +0200 Subject: [PATCH 2/5] remove line --- dojo/tools/aws_prowler_v4/parser.py | 1 - 1 file changed, 1 deletion(-) diff --git a/dojo/tools/aws_prowler_v4/parser.py b/dojo/tools/aws_prowler_v4/parser.py index f8298104cc1..54ae4e092b0 100644 --- a/dojo/tools/aws_prowler_v4/parser.py +++ b/dojo/tools/aws_prowler_v4/parser.py @@ -73,7 +73,6 @@ def process_json(self, file, test): "\n**Compliance:** " + str(compliance) + \ "\n**ASFF Compliance Type:** " + str(asff_compliance_type) - # improving key to get duplicates dupe_key = hashlib.sha256(unique_id_from_tool.encode('utf-8')).hexdigest() if dupe_key in dupes: From 01b94991eaaccab9c8070b3a9f31e00ee2e5ad12 Mon Sep 17 00:00:00 2001 From: kagahd Date: Wed, 5 Jun 2024 14:24:14 +0200 Subject: [PATCH 3/5] fix typo --- docs/content/en/integrations/parsers/file/aws_prowler_v4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/content/en/integrations/parsers/file/aws_prowler_v4.md b/docs/content/en/integrations/parsers/file/aws_prowler_v4.md index 77f8ff10aad..aada1887ae1 100644 --- a/docs/content/en/integrations/parsers/file/aws_prowler_v4.md +++ b/docs/content/en/integrations/parsers/file/aws_prowler_v4.md @@ -1,5 +1,5 @@ --- -title: "AWS Prowler V3" +title: "AWS Prowler V4" toc_hide: true --- From 77e7e067828b1f68d9069d5d796e9931db5816c1 Mon Sep 17 00:00:00 2001 From: kagahd Date: Wed, 5 Jun 2024 16:30:16 +0200 Subject: [PATCH 4/5] add settings.dist.py although it's written that one should not touch it but use env vars --- dojo/settings/settings.dist.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/dojo/settings/settings.dist.py b/dojo/settings/settings.dist.py index b63bdc0f705..7363505a60e 100644 --- a/dojo/settings/settings.dist.py +++ b/dojo/settings/settings.dist.py @@ -1293,6 +1293,7 @@ def saml2_attrib_map_format(dict): 'Anchore Grype': True, 'AWS Prowler Scan': True, 'AWS Prowler V3': True, + 'AWS Prowler V4': True, 'Checkmarx Scan': False, 'Checkmarx OSA': True, 'Cloudsploit Scan': True, @@ -1378,6 +1379,7 @@ def saml2_attrib_map_format(dict): 'AuditJS Scan': DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL, 'AWS Prowler Scan': DEDUPE_ALGO_HASH_CODE, 'AWS Prowler V3': DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL, + 'AWS Prowler V4': DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL, "AWS Security Finding Format (ASFF) Scan": DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL, 'Burp REST API': DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL, 'Bandit Scan': DEDUPE_ALGO_HASH_CODE, From 1851d73525cc33697ef32e290ae0835aa928e687 Mon Sep 17 00:00:00 2001 From: kagahd Date: Thu, 6 Jun 2024 09:37:13 +0200 Subject: [PATCH 5/5] add modified .settings.dist.py.sha256sum --- dojo/settings/.settings.dist.py.sha256sum | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dojo/settings/.settings.dist.py.sha256sum b/dojo/settings/.settings.dist.py.sha256sum index c0de37b5fe3..8870b37793c 100644 --- a/dojo/settings/.settings.dist.py.sha256sum +++ b/dojo/settings/.settings.dist.py.sha256sum @@ -1 +1 @@ -c0f6db3774e94fcfd22a5861d47e42cdd52839d01dd99ce361ecfd44f42b221c +a7b0e9897d9fe41abaad45297dab541ac687715ac9fd44a8b01805c237637c15