chore(merge): 2024-03-06 11:03:00 UTC

.github/ISSUE_TEMPLATE/feature-request.yml

@@ -1,6 +1,6 @@
 name:  💡 Feature Request
 description: Suggest an idea for this project
-labels: ["enhancement", "status/needs-triage"]
+labels: ["feature-request", "status/needs-triage"]
 
 
 body:

.github/workflows/find-secrets.yml

@@ -11,7 +11,7 @@ jobs:
         with:
           fetch-depth: 0
       - name: TruffleHog OSS
-        uses: trufflesecurity/[email protected].2
+        uses: trufflesecurity/[email protected].4
         with:
           path: ./
           base: ${{ github.event.repository.default_branch }}

README.md

@@ -8,7 +8,7 @@
 <p align="center">
 <b>Learn more at <a href="https://prowler.com">prowler.com</i></b>
 </p>
-  
+
 <p align="center">
 <a href="https://join.slack.com/t/prowler-workspace/shared_invite/zt-1hix76xsl-2uq222JIXrC7Q8It~9ZNog"><img width="30" height="30" alt="Prowler community on Slack" src="https://github.com/prowler-cloud/prowler/assets/3985464/3617e470-670c-47c9-9794-ce895ebdb627"></a>
   <br>
@@ -49,7 +49,7 @@ It contains hundreds of controls covering CIS, NIST 800, NIST CSF, CISA, RBI, Fe
 |---|---|---|---|---|
 | AWS | 302 | 61 -> `prowler aws --list-services` | 27 -> `prowler aws --list-compliance` | 6 -> `prowler aws --list-categories` |
 | GCP | 73 | 11 -> `prowler gcp --list-services` | 1 -> `prowler gcp --list-compliance` | 2 -> `prowler gcp --list-categories`|
-| Azure | 37 | 4 -> `prowler azure --list-services` | CIS soon | 1 -> `prowler azure --list-categories` |
+| Azure | 91 | 14 -> `prowler azure --list-services` | CIS soon | 2 -> `prowler azure --list-categories` |
 | Kubernetes | Work In Progress | - | CIS soon | - |
 
 # 📖 Documentation

docs/developer-guide/checks.md

@@ -125,7 +125,7 @@ All the checks MUST fill the `report.resource_id` and `report.resource_arn` with
     - Resource ARN -- `report.resource_arn`
         - AWS Account --> Root ARN `arn:aws:iam::123456789012:root`
         - AWS Resource --> Resource ARN
-        - Root resource --> Root ARN `arn:aws:iam::123456789012:root`
+        - Root resource --> Resource Type ARN `f"arn:{service_client.audited_partition}:<service_name>:{service_client.region}:{service_client.audited_account}:<resource_type>"`
 - GCP
     - Resource ID -- `report.resource_id`
         - GCP Resource --> Resource ID

docs/developer-guide/security-compliance-framework.md

@@ -23,7 +23,7 @@ Each file version of a framework will have the following structure at high level
   "Requirements": [
     {
       "Id": "<unique-id>",
-      "Description": "Requiemente full description",
+      "Description": "Requirement full description",
       "Checks": [
         "Here is the prowler check or checks that is going to be executed"
       ],
@@ -38,4 +38,4 @@ Each file version of a framework will have the following structure at high level
 }
 ```
 
-Finally, to have a proper output file for your reports, your framework data model has to be created in `prowler/lib/outputs/models.py` and also the CLI table output in `prowler/lib/outputs/compliance.py`.
+Finally, to have a proper output file for your reports, your framework data model has to be created in `prowler/lib/outputs/models.py` and also the CLI table output in `prowler/lib/outputs/compliance.py`. Also, you need to add a new conditional in `prowler/lib/outputs/file_descriptors.py` if you create a new CSV model.

docs/getting-started/requirements.md

@@ -38,7 +38,7 @@ If your IAM entity enforces MFA you can use `--mfa` and Prowler will ask you to
 
 ## Azure
 
-Prowler for azure supports the following authentication types:
+Prowler for Azure supports the following authentication types:
 
 - Service principal authentication by environment variables (Enterprise Application)
 - Current az cli credentials stored
@@ -62,7 +62,7 @@ The other three cases does not need additional configuration, `--az-cli-auth` an
 
 ### Permissions
 
-To use each one you need to pass the proper flag to the execution. Prowler fro Azure handles two types of permission scopes, which are:
+To use each one you need to pass the proper flag to the execution. Prowler for Azure handles two types of permission scopes, which are:
 
 - **Azure Active Directory permissions**: Used to retrieve metadata from the identity assumed by Prowler and future AAD checks (not mandatory to have access to execute the tool)
 - **Subscription scope permissions**: Required to launch the checks against your resources, mandatory to launch the tool.
@@ -75,7 +75,7 @@ Microsoft Entra ID (AAD earlier) permissions required by the tool are the follow
 - `Directory.Read.All`
 - `Policy.Read.All`
 
-The best way to assign it is through the azure web console:
+The best way to assign it is through the Azure web console:
 
 1. Access to Microsoft Entra ID
 2. In the left menu bar, go to "App registrations"

prowler/config/config.py

@@ -58,7 +58,6 @@ def get_available_compliance_frameworks(provider=None):
 json_file_suffix = ".json"
 json_asff_file_suffix = ".asff.json"
 json_ocsf_file_suffix = ".ocsf.json"
-html_file_suffix = ".html"
 default_config_file_path = (
     f"{pathlib.Path(os.path.dirname(os.path.realpath(__file__)))}/config.yaml"
 )

prowler/lib/check/checks_loader.py

@@ -32,21 +32,26 @@ def load_checks_to_execute(
 
         # First, loop over the bulk_checks_metadata to extract the needed subsets
         for check, metadata in bulk_checks_metadata.items():
-            # Aliases
-            for alias in metadata.CheckAliases:
-                if alias not in check_aliases:
-                    check_aliases[alias] = []
-                check_aliases[alias].append(check)
-
-            # Severities
-            if metadata.Severity:
-                check_severities[metadata.Severity].append(check)
-
-            # Categories
-            for category in metadata.Categories:
-                if category not in check_categories:
-                    check_categories[category] = []
-                check_categories[category].append(check)
+            try:
+                # Aliases
+                for alias in metadata.CheckAliases:
+                    if alias not in check_aliases:
+                        check_aliases[alias] = []
+                    check_aliases[alias].append(check)
+
+                # Severities
+                if metadata.Severity:
+                    check_severities[metadata.Severity].append(check)
+
+                # Categories
+                for category in metadata.Categories:
+                    if category not in check_categories:
+                        check_categories[category] = []
+                    check_categories[category].append(check)
+            except Exception as error:
+                logger.error(
+                    f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}] -- {error}"
+                )
 
         # Handle if there are checks passed using -c/--checks
         if check_list:
@@ -105,6 +110,7 @@ def load_checks_to_execute(
         logger.error(
             f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}] -- {error}"
         )
+        return checks_to_execute
 
 
 def update_checks_to_execute_with_aliases(

prowler/lib/check/compliance.py

@@ -53,14 +53,14 @@ def update_checks_metadata_with_compliance(
                     check_compliance.append(compliance)
             # Create metadata for Manual Control
             manual_check_metadata = {
-                "Provider": "aws",
+                "Provider": framework.Provider.lower(),
                 "CheckID": "manual_check",
                 "CheckTitle": "Manual Check",
                 "CheckType": [],
                 "ServiceName": "",
                 "SubServiceName": "",
                 "ResourceIdTemplate": "",
-                "Severity": "",
+                "Severity": "low",
                 "ResourceType": "",
                 "Description": "",
                 "Risk": "",