aws-cis-controls-assessment 1.1.1__tar.gz → 1.1.2__tar.gz

{aws_cis_controls_assessment-1.1.1/aws_cis_controls_assessment.egg-info → aws_cis_controls_assessment-1.1.2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: aws-cis-controls-assessment
-Version: 1.1.1
+Version: 1.1.2
 Summary: Production-ready AWS CIS Controls compliance assessment framework with 145 comprehensive rules
 Author-email: AWS CIS Assessment Team <security@example.com>
 Maintainer-email: AWS CIS Assessment Team <security@example.com>

{aws_cis_controls_assessment-1.1.1 → aws_cis_controls_assessment-1.1.2}/aws_cis_assessment/__init__.py

@@ -6,6 +6,6 @@ CIS Controls Implementation Groups (IG1, IG2, IG3). Implements 163 comprehensive
 across all implementation groups for complete security compliance assessment.
 """
 
-__version__ = "1.1.1"
+__version__ = "1.1.2"
 __author__ = "AWS CIS Assessment Team"
 __description__ = "Production-ready AWS CIS Controls Compliance Assessment Framework"

{aws_cis_controls_assessment-1.1.1 → aws_cis_controls_assessment-1.1.2}/aws_cis_assessment/reporters/html_reporter.py

@@ -274,6 +274,8 @@ class HTMLReporter(ReportGenerator):
     def _generate_html_body(self, html_data: Dict[str, Any]) -> str:
         """Generate HTML body section with content.
         
+        Modified in v1.1.2 to remove Detailed Findings and Remediation sections.
+        
         Args:
             html_data: Enhanced HTML report data
             
@@ -285,9 +287,7 @@ class HTMLReporter(ReportGenerator):
         navigation = self._generate_navigation(html_data)
         executive_dashboard = self._generate_executive_dashboard(html_data)
         implementation_groups = self._generate_implementation_groups_section(html_data)
-        detailed_findings = self._generate_detailed_findings_section(html_data)
         resource_details = self._generate_resource_details_section(html_data)
-        remediation_section = self._generate_remediation_section(html_data)
         footer = self._generate_footer(html_data)
         
         body_content = f"""<body>
@@ -296,9 +296,7 @@ class HTMLReporter(ReportGenerator):
         {navigation}
         {executive_dashboard}
         {implementation_groups}
-        {detailed_findings}
         {resource_details}
-        {remediation_section}
         {footer}
     </div>
     
@@ -771,9 +769,9 @@ class HTMLReporter(ReportGenerator):
             background-color: #2c3e50;
         }
         
-        /* Resource ID column width constraint */
+        /* Resource ID column width constraint - increased to 220px in v1.1.2 */
         .resource-table td:first-child {
-            max-width: 200px;
+            max-width: 220px;
             overflow: hidden;
             text-overflow: ellipsis;
             white-space: nowrap;
@@ -785,6 +783,20 @@ class HTMLReporter(ReportGenerator):
             word-wrap: break-word;
         }
         
+        /* Resource Type column width constraint - added in v1.1.2 (reduced by 20%) */
+        .resource-table td:nth-child(2) {
+            max-width: 150px;
+            overflow: hidden;
+            text-overflow: ellipsis;
+            white-space: nowrap;
+        }
+        
+        .resource-table td:nth-child(2):hover {
+            overflow: visible;
+            white-space: normal;
+            word-wrap: break-word;
+        }
+        
         /* Visual frames around each resource row */
         .resource-row {
             border: 1px solid #e0e0e0;
@@ -1487,11 +1499,12 @@ class HTMLReporter(ReportGenerator):
             window.URL.revokeObjectURL(url);
         }}
         
-        // Resource filtering functionality
+        // Resource filtering functionality (updated in v1.1.2 to support Control filter)
         function filterResources() {{
             const searchTerm = document.getElementById('resourceSearch').value.toLowerCase();
             const statusFilter = document.getElementById('statusFilter').value;
             const typeFilter = document.getElementById('typeFilter').value;
+            const controlFilter = document.getElementById('controlFilter').value;
             const rows = document.querySelectorAll('#resourceTable tbody tr');
             
             rows.forEach(function(row) {{
@@ -1500,6 +1513,7 @@ class HTMLReporter(ReportGenerator):
                 const resourceType = cells[1].textContent;
                 const status = cells[3].textContent.includes('COMPLIANT') ? 
                     (cells[3].textContent.includes('NON_COMPLIANT') ? 'NON_COMPLIANT' : 'COMPLIANT') : 'NON_COMPLIANT';
+                const controlId = cells[4].textContent;
                 const evaluationReason = cells[6].textContent.toLowerCase();
                 
                 const matchesSearch = resourceId.includes(searchTerm) || 
@@ -1507,8 +1521,9 @@ class HTMLReporter(ReportGenerator):
                                     evaluationReason.includes(searchTerm);
                 const matchesStatus = !statusFilter || status === statusFilter;
                 const matchesType = !typeFilter || resourceType === typeFilter;
+                const matchesControl = !controlFilter || controlId === controlFilter;
                 
-                row.style.display = (matchesSearch && matchesStatus && matchesType) ? '' : 'none';
+                row.style.display = (matchesSearch && matchesStatus && matchesType && matchesControl) ? '' : 'none';
             }});
         }}
         
@@ -1538,18 +1553,74 @@ class HTMLReporter(ReportGenerator):
             }});
         }}
         
-        // Export resources to CSV
+        // Export resources to CSV (updated in v1.1.2 with ARN, aggregate filtering, and port truncation)
         function exportResourcesToCSV() {{
             const table = document.getElementById('resourceTable');
             const rows = table.querySelectorAll('tr');
             let csvContent = '';
             
-            rows.forEach(function(row) {{
+            // Excluded aggregate row IDs (v1.1.2)
+            const excludedIds = ['5631', '6460', '629'];
+            
+            // Helper function to truncate port lists (v1.1.2)
+            function truncatePortList(text) {{
+                // Match port list patterns like [0, 1, 2, 3, ...]
+                const portListRegex = /\\[(\\d+(?:,\\s*\\d+)*)\\]/g;
+                
+                return text.replace(portListRegex, function(match, ports) {{
+                    const portArray = ports.split(',').map(p => p.trim());
+                    if (portArray.length > 10) {{
+                        const truncated = portArray.slice(0, 10).join(', ');
+                        return `[${{truncated}}, ...]`;
+                    }}
+                    return match;
+                }});
+            }}
+            
+            rows.forEach(function(row, index) {{
                 const cells = row.querySelectorAll('th, td');
-                const rowData = Array.from(cells).map(cell => 
-                    '"' + cell.textContent.replace(/"/g, '""').replace(/\\s+/g, ' ').trim() + '"'
-                ).join(',');
-                csvContent += rowData + '\\n';
+                
+                // Handle header row - change "Resource ID" to "Resource ARN"
+                if (index === 0) {{
+                    const headerData = Array.from(cells).map((cell, cellIndex) => {{
+                        let headerText = cell.textContent.replace(/\\s+/g, ' ').trim();
+                        // Replace "Resource ID" with "Resource ARN" in header
+                        if (cellIndex === 0 && headerText.includes('Resource ID')) {{
+                            headerText = headerText.replace('Resource ID', 'Resource ARN');
+                        }}
+                        return '"' + headerText.replace(/"/g, '""') + '"';
+                    }}).join(',');
+                    csvContent += headerData + '\\n';
+                }} else if (cells.length > 0) {{
+                    // Get resource ID to check if it should be excluded
+                    const resourceIdCell = cells[0];
+                    const resourceId = resourceIdCell.textContent.replace(/\\s+/g, ' ').trim();
+                    
+                    // Skip aggregate rows (v1.1.2)
+                    if (excludedIds.includes(resourceId)) {{
+                        return;
+                    }}
+                    
+                    // Get ARN from data attribute or fall back to resource ID
+                    const resourceArn = resourceIdCell.getAttribute('data-arn') || resourceId;
+                    
+                    const rowData = Array.from(cells).map((cell, cellIndex) => {{
+                        let cellText = cell.textContent.replace(/\\s+/g, ' ').trim();
+                        
+                        // Use ARN for first column instead of Resource ID (v1.1.2)
+                        if (cellIndex === 0) {{
+                            cellText = resourceArn;
+                        }}
+                        
+                        // Apply port list truncation to evaluation reason column (v1.1.2)
+                        if (cellIndex === 6) {{
+                            cellText = truncatePortList(cellText);
+                        }}
+                        
+                        return '"' + cellText.replace(/"/g, '""') + '"';
+                    }}).join(',');
+                    csvContent += rowData + '\\n';
+                }}
             }});
             
             const blob = new Blob([csvContent], {{ type: 'text/csv' }});
@@ -1849,161 +1920,7 @@ class HTMLReporter(ReportGenerator):
         </section>
         """
     
-    def _generate_detailed_findings_section(self, html_data: Dict[str, Any]) -> str:
-        """Generate detailed findings section.
-        
-        This method consolidates findings by control ID only (not by IG) to eliminate
-        duplication. Each control appears once with IG membership indicators.
-        
-        Args:
-            html_data: Enhanced HTML report data
-            
-        Returns:
-            Detailed findings HTML as string
-        """
-        # Consolidate findings by control ID (deduplicated across IGs)
-        consolidated_findings = self._consolidate_findings_by_control(
-            html_data.get("implementation_groups", {})
-        )
-        
-        findings_content = ""
-        
-        # Generate findings grouped by control ID only (sorted alphanumerically)
-        for control_id, control_data in consolidated_findings.items():
-            findings = control_data.get('findings', [])
-            
-            # Skip if no non-compliant findings
-            if not findings:
-                continue
-            
-            # Get control metadata
-            config_rule_name = control_data.get('config_rule_name', '')
-            title = control_data.get('title', f'CIS Control {control_id}')
-            member_igs = control_data.get('member_igs', [])
-            
-            # Format display name for collapsible header
-            display_name = self._format_control_display_name(control_id, config_rule_name, title)
-            
-            # Generate IG membership badges
-            ig_badges_html = ""
-            for ig in member_igs:
-                badge_class = self._get_ig_badge_class(ig)
-                ig_badges_html += f'<span class="ig-membership-badge {badge_class}">{ig}</span>'
-            
-            # Generate findings table rows
-            findings_rows = ""
-            for finding in findings:
-                if finding.get("compliance_status") == "NON_COMPLIANT":
-                    findings_rows += f"""
-                    <tr>
-                        <td>{finding.get('resource_id', 'N/A')}</td>
-                        <td>{finding.get('resource_type', 'N/A')}</td>
-                        <td>{finding.get('region', 'N/A')}</td>
-                        <td><span class="badge {finding.get('compliance_status', '').lower()}">{finding.get('compliance_status', 'UNKNOWN')}</span></td>
-                        <td>{finding.get('evaluation_reason', 'N/A')}</td>
-                        <td>{finding.get('config_rule_name', config_rule_name)}</td>
-                    </tr>
-                    """
-            
-            # Only add control section if there are non-compliant findings
-            if findings_rows:
-                non_compliant_count = len([f for f in findings if f.get('compliance_status') == 'NON_COMPLIANT'])
-                
-                findings_content += f"""
-                <div class="control-findings-section">
-                    <button class="collapsible">
-                        <span class="control-display-name">{display_name}</span>
-                        <span class="findings-count"> - Non-Compliant Resources ({non_compliant_count} items)</span>
-                    </button>
-                    <div class="collapsible-content">
-                        <div class="ig-membership-badges" style="margin-bottom: 15px;">
-                            <strong>Implementation Groups:</strong> {ig_badges_html}
-                        </div>
-                        <table class="findings-table">
-                            <thead>
-                                <tr>
-                                    <th>Resource ID</th>
-                                    <th>Resource Type</th>
-                                    <th>Region</th>
-                                    <th>Compliance Status</th>
-                                    <th>Reason</th>
-                                    <th>Config Rule</th>
-                                </tr>
-                            </thead>
-                            <tbody>
-                                {findings_rows}
-                            </tbody>
-                        </table>
-                    </div>
-                </div>
-                """
-        
-        return f"""
-        <section id="detailed-findings" class="detailed-findings">
-            <h2>Detailed Findings</h2>
-            <p class="section-description">
-                Findings are grouped by control ID and deduplicated across Implementation Groups. 
-                Each control shows which IGs include it.
-            </p>
-            <div class="search-container">
-                <input type="text" placeholder="Search findings..." onkeyup="searchFindings(this.value)" style="width: 100%; padding: 10px; margin-bottom: 20px; border: 1px solid #ddd; border-radius: 5px;">
-            </div>
-            {findings_content if findings_content else '<p>No non-compliant findings to display.</p>'}
-        </section>
-        """
     
-    def _generate_remediation_section(self, html_data: Dict[str, Any]) -> str:
-        """Generate remediation section.
-        
-        Args:
-            html_data: Enhanced HTML report data
-            
-        Returns:
-            Remediation HTML as string
-        """
-        remediation_items = ""
-        
-        for remediation in html_data["remediation_priorities"]:
-            steps_html = ""
-            for step in remediation["remediation_steps"]:
-                steps_html += f"<li>{step}</li>"
-            
-            # Normalize priority and effort text to proper capitalization
-            priority_text = remediation['priority'].capitalize()
-            effort_text = remediation['estimated_effort'].capitalize()
-            
-            remediation_items += f"""
-            <div class="remediation-item">
-                <div class="remediation-header">
-                    <div>
-                        <h4>{remediation['control_id']} - {remediation['config_rule_name']}</h4>
-                    </div>
-                    <div class="remediation-badges">
-                        <span class="badge {remediation['priority_badge']}">{priority_text}</span>
-                        <span class="badge {remediation['effort_badge']}">{effort_text}</span>
-                    </div>
-                </div>
-                <div class="remediation-content">
-                    <h5>Remediation Steps:</h5>
-                    <ol>
-                        {steps_html}
-                    </ol>
-                    <p><strong>Documentation:</strong> <a href="{remediation['aws_documentation_link']}" target="_blank">AWS Documentation</a></p>
-                </div>
-            </div>
-            """
-        
-        return f"""
-        <section id="remediation" class="remediation">
-            <h2>Remediation Priorities</h2>
-            <div class="remediation-list">
-                {remediation_items}
-            </div>
-            <div class="export-actions">
-                <button onclick="exportToCSV()" class="export-btn">Export Findings to CSV</button>
-            </div>
-        </section>
-        """
     
     def _generate_footer(self, html_data: Dict[str, Any]) -> str:
         """Generate footer section.
@@ -2109,6 +2026,8 @@ class HTMLReporter(ReportGenerator):
     def _build_navigation_structure(self, html_data: Dict[str, Any]) -> Dict[str, Any]:
         """Build navigation structure for the report.
         
+        Modified in v1.1.2 to remove Detailed Findings and Remediation sections.
+        
         Args:
             html_data: Enhanced HTML report data
             
@@ -2119,9 +2038,7 @@ class HTMLReporter(ReportGenerator):
             "sections": [
                 {"id": "dashboard", "title": "Dashboard"},
                 {"id": "implementation-groups", "title": "Implementation Groups"},
-                {"id": "detailed-findings", "title": "Detailed Findings"},
-                {"id": "resource-details", "title": "Resource Details"},
-                {"id": "remediation", "title": "Remediation"}
+                {"id": "resource-details", "title": "Resource Details"}
             ]
         }
     
@@ -2594,9 +2511,14 @@ class HTMLReporter(ReportGenerator):
             status_class = "compliant" if resource["compliance_status"] == "COMPLIANT" else "non_compliant"
             status_icon = "✓" if resource["compliance_status"] == "COMPLIANT" else "✗"
             
+            # Construct pseudo-ARN for CSV export (v1.1.2)
+            # Format: arn:aws:service:region:account:resource-type/resource-id
+            # Since we don't have account ID in resource data, we'll use a placeholder
+            resource_arn = f"arn:aws:{resource['resource_type'].split('::')[1].lower() if '::' in resource['resource_type'] else 'unknown'}:{resource['region']}:*:{resource['resource_id']}"
+            
             resource_rows += f"""
             <tr class="resource-row {status_class}">
-                <td><code>{resource['resource_id']}</code></td>
+                <td data-arn="{resource_arn}"><code>{resource['resource_id']}</code></td>
                 <td>{resource['resource_type']}</td>
                 <td>{resource['region']}</td>
                 <td>
@@ -2616,6 +2538,12 @@ class HTMLReporter(ReportGenerator):
         non_compliant_resources = total_resources - compliant_resources
         compliance_percentage = (compliant_resources / total_resources * 100) if total_resources > 0 else 0
         
+        # Extract unique Control IDs for filter dropdown (v1.1.2)
+        unique_control_ids = sorted(set(r["control_id"] for r in all_resources), key=self._sort_control_id)
+        control_filter_options = ""
+        for control_id in unique_control_ids:
+            control_filter_options += f'<option value="{control_id}">{control_id}</option>'
+        
         # Generate resource type breakdown
         resource_type_stats = {}
         for resource in all_resources:
@@ -2689,6 +2617,10 @@ class HTMLReporter(ReportGenerator):
                         <option value="">All Types</option>
                         {self._generate_resource_type_options(resource_type_stats)}
                     </select>
+                    <select id="controlFilter" onchange="filterResources()" class="filter-select">
+                        <option value="">All Controls</option>
+                        {control_filter_options}
+                    </select>
                 </div>
                 
                 <table class="findings-table resource-table" id="resourceTable">
@@ -2859,6 +2791,8 @@ class HTMLReporter(ReportGenerator):
         Enriches control data with additional fields needed for improved display,
         including formatted names, IG membership badges, and truncation indicators.
         
+        Modified in v1.1.2 to remove duplicate Control ID prefix from display names.
+        
         Args:
             control_data: Existing control data dictionary
             control_id: Control identifier (e.g., "1.5")
@@ -2867,7 +2801,7 @@ class HTMLReporter(ReportGenerator):
             
         Returns:
             Enhanced control data with additional fields:
-            - display_name: Formatted name combining control ID and rule name
+            - display_name: Formatted name without duplicate Control ID prefix
             - originating_ig: Which IG introduced this control (IG1, IG2, or IG3)
             - ig_badge_class: CSS class for IG badge styling
             - needs_truncation: Boolean indicating if display name exceeds 50 characters
@@ -2884,7 +2818,7 @@ class HTMLReporter(ReportGenerator):
             Output enriched data (includes all input fields plus):
             {
                 ...original fields...,
-                'display_name': '1.5: root-account-hardware-mfa-enabled',
+                'display_name': 'root-account-hardware-mfa-enabled',  # No "1.5:" prefix
                 'originating_ig': 'IG1',
                 'ig_badge_class': 'ig-badge-1',
                 'needs_truncation': False
@@ -2895,16 +2829,25 @@ class HTMLReporter(ReportGenerator):
             - Truncation threshold is 50 characters
             - Gracefully handles missing config_rule_name
             - Originating IG is determined by checking IG1, IG2, IG3 in order
+            - v1.1.2: Removes duplicate Control ID prefix from display names
         """
         enriched = control_data.copy()
         
         # Format display name
-        enriched['display_name'] = self._format_control_display_name(
+        display_name = self._format_control_display_name(
             control_id,
             control_data.get('config_rule_name', ''),
             control_data.get('title')
         )
         
+        # Remove duplicate Control ID prefix if present (v1.1.2 improvement)
+        # Check if display_name starts with "control_id: "
+        prefix = f"{control_id}: "
+        if display_name.startswith(prefix):
+            display_name = display_name[len(prefix):]
+        
+        enriched['display_name'] = display_name
+        
         # Determine originating IG (which IG introduced this control)
         originating_ig = self._determine_originating_ig(control_id, all_igs)
         enriched['originating_ig'] = originating_ig

{aws_cis_controls_assessment-1.1.1 → aws_cis_controls_assessment-1.1.2/aws_cis_controls_assessment.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: aws-cis-controls-assessment
-Version: 1.1.1
+Version: 1.1.2
 Summary: Production-ready AWS CIS Controls compliance assessment framework with 145 comprehensive rules
 Author-email: AWS CIS Assessment Team <security@example.com>
 Maintainer-email: AWS CIS Assessment Team <security@example.com>