prowler-cloud 5.12.3__py3-none-any.whl → 5.13.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- dashboard/assets/markdown-styles.css +34 -0
- dashboard/compliance/c5_aws.py +43 -0
- dashboard/compliance/ccc_aws.py +36 -0
- dashboard/compliance/ccc_azure.py +36 -0
- dashboard/compliance/ccc_gcp.py +36 -0
- dashboard/compliance/cis_3_0_oci.py +41 -0
- dashboard/pages/overview.py +66 -16
- prowler/CHANGELOG.md +60 -0
- prowler/__main__.py +128 -14
- prowler/compliance/aws/aws_account_security_onboarding_aws.json +1 -0
- prowler/compliance/aws/aws_audit_manager_control_tower_guardrails_aws.json +1 -0
- prowler/compliance/aws/aws_foundational_security_best_practices_aws.json +2 -1
- prowler/compliance/aws/aws_foundational_technical_review_aws.json +1 -0
- prowler/compliance/aws/aws_well_architected_framework_reliability_pillar_aws.json +1 -0
- prowler/compliance/aws/aws_well_architected_framework_security_pillar_aws.json +1 -0
- prowler/compliance/aws/c5_aws.json +10744 -0
- prowler/compliance/aws/ccc_aws.json +6206 -0
- prowler/compliance/aws/cis_1.4_aws.json +1 -0
- prowler/compliance/aws/cis_1.5_aws.json +1 -0
- prowler/compliance/aws/cis_2.0_aws.json +1 -0
- prowler/compliance/aws/cis_3.0_aws.json +1 -0
- prowler/compliance/aws/cis_4.0_aws.json +1 -0
- prowler/compliance/aws/cis_5.0_aws.json +1 -0
- prowler/compliance/aws/cisa_aws.json +1 -0
- prowler/compliance/aws/ens_rd2022_aws.json +1 -0
- prowler/compliance/aws/fedramp_low_revision_4_aws.json +1 -0
- prowler/compliance/aws/fedramp_moderate_revision_4_aws.json +1 -0
- prowler/compliance/aws/ffiec_aws.json +1 -0
- prowler/compliance/aws/gdpr_aws.json +1 -0
- prowler/compliance/aws/gxp_21_cfr_part_11_aws.json +1 -0
- prowler/compliance/aws/gxp_eu_annex_11_aws.json +1 -0
- prowler/compliance/aws/hipaa_aws.json +1 -0
- prowler/compliance/aws/iso27001_2013_aws.json +1 -0
- prowler/compliance/aws/iso27001_2022_aws.json +1 -0
- prowler/compliance/aws/kisa_isms_p_2023_aws.json +1 -0
- prowler/compliance/aws/kisa_isms_p_2023_korean_aws.json +1 -0
- prowler/compliance/aws/mitre_attack_aws.json +287 -11
- prowler/compliance/aws/nis2_aws.json +1 -0
- prowler/compliance/aws/nist_800_171_revision_2_aws.json +1 -0
- prowler/compliance/aws/nist_800_53_revision_4_aws.json +1 -0
- prowler/compliance/aws/nist_800_53_revision_5_aws.json +1 -0
- prowler/compliance/aws/nist_csf_1.1_aws.json +1 -0
- prowler/compliance/aws/pci_3.2.1_aws.json +2 -1
- prowler/compliance/aws/pci_4.0_aws.json +1 -0
- prowler/compliance/aws/prowler_threatscore_aws.json +1 -0
- prowler/compliance/aws/rbi_cyber_security_framework_aws.json +1 -0
- prowler/compliance/aws/soc2_aws.json +1 -0
- prowler/compliance/azure/ccc_azure.json +6147 -0
- prowler/compliance/azure/cis_2.0_azure.json +1 -0
- prowler/compliance/azure/cis_2.1_azure.json +1 -0
- prowler/compliance/azure/cis_3.0_azure.json +1 -0
- prowler/compliance/azure/cis_4.0_azure.json +1 -0
- prowler/compliance/azure/ens_rd2022_azure.json +1 -0
- prowler/compliance/azure/iso27001_2022_azure.json +1 -0
- prowler/compliance/azure/mitre_attack_azure.json +131 -5
- prowler/compliance/azure/nis2_azure.json +1 -0
- prowler/compliance/azure/pci_4.0_azure.json +1 -0
- prowler/compliance/azure/prowler_threatscore_azure.json +1 -0
- prowler/compliance/azure/soc2_azure.json +1 -0
- prowler/compliance/gcp/ccc_gcp.json +6077 -0
- prowler/compliance/gcp/cis_2.0_gcp.json +1 -0
- prowler/compliance/gcp/cis_3.0_gcp.json +1 -0
- prowler/compliance/gcp/cis_4.0_gcp.json +1 -0
- prowler/compliance/gcp/ens_rd2022_gcp.json +1 -0
- prowler/compliance/gcp/iso27001_2022_gcp.json +1 -0
- prowler/compliance/gcp/mitre_attack_gcp.json +287 -11
- prowler/compliance/gcp/nis2_gcp.json +1 -0
- prowler/compliance/gcp/pci_4.0_gcp.json +1 -0
- prowler/compliance/gcp/prowler_threatscore_gcp.json +1 -0
- prowler/compliance/gcp/soc2_gcp.json +1 -0
- prowler/compliance/github/cis_1.0_github.json +1 -0
- prowler/compliance/kubernetes/cis_1.10_kubernetes.json +1 -0
- prowler/compliance/kubernetes/cis_1.11_kubernetes.json +1 -0
- prowler/compliance/kubernetes/cis_1.8_kubernetes.json +1 -0
- prowler/compliance/kubernetes/iso27001_2022_kubernetes.json +1 -0
- prowler/compliance/kubernetes/pci_4.0_kubernetes.json +1 -0
- prowler/compliance/llm/__init__.py +0 -0
- prowler/compliance/m365/cis_4.0_m365.json +1 -0
- prowler/compliance/m365/iso27001_2022_m365.json +1 -0
- prowler/compliance/m365/prowler_threatscore_m365.json +1 -0
- prowler/compliance/nhn/iso27001_2022_nhn.json +1 -0
- prowler/compliance/oci/__init__.py +0 -0
- prowler/compliance/oci/cis_3.0_oci.json +1141 -0
- prowler/config/config.py +5 -1
- prowler/config/llm_config.yaml +175015 -0
- prowler/config/oraclecloud_mutelist_example.yaml +61 -0
- prowler/lib/check/check.py +9 -1
- prowler/lib/check/compliance.py +1 -0
- prowler/lib/check/compliance_models.py +33 -3
- prowler/lib/check/models.py +96 -8
- prowler/lib/check/utils.py +8 -2
- prowler/lib/cli/parser.py +6 -4
- prowler/lib/outputs/compliance/aws_well_architected/aws_well_architected.py +4 -0
- prowler/lib/outputs/compliance/aws_well_architected/models.py +2 -0
- prowler/lib/outputs/compliance/c5/__init__.py +0 -0
- prowler/lib/outputs/compliance/c5/c5.py +98 -0
- prowler/lib/outputs/compliance/c5/c5_aws.py +92 -0
- prowler/lib/outputs/compliance/c5/models.py +30 -0
- prowler/lib/outputs/compliance/ccc/__init__.py +0 -0
- prowler/lib/outputs/compliance/ccc/ccc_aws.py +95 -0
- prowler/lib/outputs/compliance/ccc/ccc_azure.py +95 -0
- prowler/lib/outputs/compliance/ccc/ccc_gcp.py +95 -0
- prowler/lib/outputs/compliance/ccc/models.py +90 -0
- prowler/lib/outputs/compliance/cis/cis_aws.py +4 -0
- prowler/lib/outputs/compliance/cis/cis_azure.py +4 -0
- prowler/lib/outputs/compliance/cis/cis_gcp.py +4 -0
- prowler/lib/outputs/compliance/cis/cis_github.py +4 -0
- prowler/lib/outputs/compliance/cis/cis_kubernetes.py +4 -0
- prowler/lib/outputs/compliance/cis/cis_m365.py +4 -0
- prowler/lib/outputs/compliance/cis/cis_oci.py +106 -0
- prowler/lib/outputs/compliance/cis/models.py +56 -0
- prowler/lib/outputs/compliance/compliance.py +10 -0
- prowler/lib/outputs/compliance/compliance_output.py +4 -1
- prowler/lib/outputs/compliance/ens/ens_aws.py +4 -0
- prowler/lib/outputs/compliance/ens/ens_azure.py +4 -0
- prowler/lib/outputs/compliance/ens/ens_gcp.py +4 -0
- prowler/lib/outputs/compliance/ens/models.py +6 -0
- prowler/lib/outputs/compliance/generic/generic.py +4 -0
- prowler/lib/outputs/compliance/generic/models.py +2 -0
- prowler/lib/outputs/compliance/iso27001/iso27001_aws.py +4 -0
- prowler/lib/outputs/compliance/iso27001/iso27001_azure.py +4 -0
- prowler/lib/outputs/compliance/iso27001/iso27001_gcp.py +4 -0
- prowler/lib/outputs/compliance/iso27001/iso27001_kubernetes.py +4 -0
- prowler/lib/outputs/compliance/iso27001/iso27001_m365.py +4 -0
- prowler/lib/outputs/compliance/iso27001/iso27001_nhn.py +4 -0
- prowler/lib/outputs/compliance/iso27001/models.py +12 -0
- prowler/lib/outputs/compliance/kisa_ismsp/kisa_ismsp_aws.py +4 -0
- prowler/lib/outputs/compliance/kisa_ismsp/models.py +2 -0
- prowler/lib/outputs/compliance/mitre_attack/mitre_attack_aws.py +4 -0
- prowler/lib/outputs/compliance/mitre_attack/mitre_attack_azure.py +4 -0
- prowler/lib/outputs/compliance/mitre_attack/mitre_attack_gcp.py +4 -0
- prowler/lib/outputs/compliance/mitre_attack/models.py +6 -0
- prowler/lib/outputs/compliance/prowler_threatscore/models.py +8 -0
- prowler/lib/outputs/compliance/prowler_threatscore/prowler_threatscore.py +46 -4
- prowler/lib/outputs/compliance/prowler_threatscore/prowler_threatscore_aws.py +4 -0
- prowler/lib/outputs/compliance/prowler_threatscore/prowler_threatscore_azure.py +4 -0
- prowler/lib/outputs/compliance/prowler_threatscore/prowler_threatscore_gcp.py +4 -0
- prowler/lib/outputs/compliance/prowler_threatscore/prowler_threatscore_m365.py +4 -0
- prowler/lib/outputs/csv/csv.py +3 -0
- prowler/lib/outputs/finding.py +22 -0
- prowler/lib/outputs/html/html.py +192 -7
- prowler/lib/outputs/jira/jira.py +284 -47
- prowler/lib/outputs/ocsf/ocsf.py +1 -4
- prowler/lib/outputs/outputs.py +6 -0
- prowler/lib/outputs/summary_table.py +10 -0
- prowler/providers/aws/aws_regions_by_service.json +221 -44
- prowler/providers/aws/lib/quick_inventory/quick_inventory.py +3 -0
- prowler/providers/aws/lib/security_hub/security_hub.py +12 -2
- prowler/providers/aws/services/accessanalyzer/accessanalyzer_enabled/accessanalyzer_enabled.metadata.json +27 -13
- prowler/providers/aws/services/accessanalyzer/accessanalyzer_enabled_without_findings/accessanalyzer_enabled_without_findings.metadata.json +32 -13
- prowler/providers/aws/services/account/account_maintain_current_contact_details/account_maintain_current_contact_details.metadata.json +23 -11
- prowler/providers/aws/services/account/account_maintain_different_contact_details_to_security_billing_and_operations/account_maintain_different_contact_details_to_security_billing_and_operations.metadata.json +24 -12
- prowler/providers/aws/services/account/account_security_contact_information_is_registered/account_security_contact_information_is_registered.metadata.json +19 -11
- prowler/providers/aws/services/account/account_security_questions_are_registered_in_the_aws_account/account_security_questions_are_registered_in_the_aws_account.metadata.json +14 -10
- prowler/providers/aws/services/acm/acm_certificates_expiration_check/acm_certificates_expiration_check.metadata.json +17 -9
- prowler/providers/aws/services/acm/acm_certificates_transparency_logs_enabled/acm_certificates_transparency_logs_enabled.metadata.json +16 -12
- prowler/providers/aws/services/acm/acm_certificates_with_secure_key_algorithms/acm_certificates_with_secure_key_algorithms.metadata.json +21 -12
- prowler/providers/aws/services/apigateway/apigateway_restapi_authorizers_enabled/apigateway_restapi_authorizers_enabled.metadata.json +23 -16
- prowler/providers/aws/services/apigateway/apigateway_restapi_cache_encrypted/apigateway_restapi_cache_encrypted.metadata.json +22 -12
- prowler/providers/aws/services/apigateway/apigateway_restapi_client_certificate_enabled/apigateway_restapi_client_certificate_enabled.metadata.json +26 -18
- prowler/providers/aws/services/apigateway/apigateway_restapi_logging_enabled/apigateway_restapi_logging_enabled.metadata.json +30 -19
- prowler/providers/aws/services/apigateway/apigateway_restapi_public/apigateway_restapi_public.metadata.json +24 -16
- prowler/providers/aws/services/apigateway/apigateway_restapi_public_with_authorizer/apigateway_restapi_public_with_authorizer.metadata.json +31 -18
- prowler/providers/aws/services/apigateway/apigateway_restapi_tracing_enabled/apigateway_restapi_tracing_enabled.metadata.json +20 -12
- prowler/providers/aws/services/apigateway/apigateway_restapi_waf_acl_attached/apigateway_restapi_waf_acl_attached.metadata.json +24 -18
- prowler/providers/aws/services/apigatewayv2/apigatewayv2_api_access_logging_enabled/apigatewayv2_api_access_logging_enabled.metadata.json +18 -12
- prowler/providers/aws/services/apigatewayv2/apigatewayv2_api_authorizers_enabled/apigatewayv2_api_authorizers_enabled.metadata.json +21 -12
- prowler/providers/aws/services/appstream/appstream_fleet_default_internet_access_disabled/appstream_fleet_default_internet_access_disabled.metadata.json +23 -15
- prowler/providers/aws/services/appstream/appstream_fleet_maximum_session_duration/appstream_fleet_maximum_session_duration.metadata.json +15 -12
- prowler/providers/aws/services/appstream/appstream_fleet_session_disconnect_timeout/appstream_fleet_session_disconnect_timeout.metadata.json +17 -14
- prowler/providers/aws/services/appstream/appstream_fleet_session_idle_disconnect_timeout/appstream_fleet_session_idle_disconnect_timeout.metadata.json +20 -15
- prowler/providers/aws/services/appsync/appsync_field_level_logging_enabled/appsync_field_level_logging_enabled.metadata.json +21 -12
- prowler/providers/aws/services/appsync/appsync_graphql_api_no_api_key_authentication/appsync_graphql_api_no_api_key_authentication.metadata.json +20 -13
- prowler/providers/aws/services/athena/athena_workgroup_encryption/athena_workgroup_encryption.metadata.json +24 -12
- prowler/providers/aws/services/athena/athena_workgroup_enforce_configuration/athena_workgroup_enforce_configuration.metadata.json +20 -13
- prowler/providers/aws/services/athena/athena_workgroup_logging_enabled/athena_workgroup_logging_enabled.metadata.json +21 -12
- prowler/providers/aws/services/autoscaling/autoscaling_find_secrets_ec2_launch_configuration/autoscaling_find_secrets_ec2_launch_configuration.metadata.json +15 -10
- prowler/providers/aws/services/autoscaling/autoscaling_group_capacity_rebalance_enabled/autoscaling_group_capacity_rebalance_enabled.metadata.json +20 -13
- prowler/providers/aws/services/autoscaling/autoscaling_group_elb_health_check_enabled/autoscaling_group_elb_health_check_enabled.metadata.json +20 -12
- prowler/providers/aws/services/autoscaling/autoscaling_group_launch_configuration_no_public_ip/autoscaling_group_launch_configuration_no_public_ip.metadata.json +20 -13
- prowler/providers/aws/services/autoscaling/autoscaling_group_launch_configuration_requires_imdsv2/autoscaling_group_launch_configuration_requires_imdsv2.metadata.json +26 -14
- prowler/providers/aws/services/autoscaling/autoscaling_group_multiple_az/autoscaling_group_multiple_az.metadata.json +22 -13
- prowler/providers/aws/services/autoscaling/autoscaling_group_multiple_instance_types/autoscaling_group_multiple_instance_types.metadata.json +21 -13
- prowler/providers/aws/services/autoscaling/autoscaling_group_using_ec2_launch_template/autoscaling_group_using_ec2_launch_template.metadata.json +19 -12
- prowler/providers/aws/services/autoscaling/autoscaling_service.py +1 -1
- prowler/providers/aws/services/awslambda/awslambda_function_inside_vpc/awslambda_function_inside_vpc.metadata.json +26 -13
- prowler/providers/aws/services/awslambda/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled.metadata.json +20 -13
- prowler/providers/aws/services/awslambda/awslambda_function_no_secrets_in_code/awslambda_function_no_secrets_in_code.metadata.json +18 -9
- prowler/providers/aws/services/awslambda/awslambda_function_no_secrets_in_variables/awslambda_function_no_secrets_in_variables.metadata.json +20 -12
- prowler/providers/aws/services/awslambda/awslambda_function_not_publicly_accessible/awslambda_function_not_publicly_accessible.metadata.json +21 -12
- prowler/providers/aws/services/awslambda/awslambda_function_url_cors_policy/awslambda_function_url_cors_policy.metadata.json +24 -13
- prowler/providers/aws/services/awslambda/awslambda_function_url_public/awslambda_function_url_public.metadata.json +22 -12
- prowler/providers/aws/services/awslambda/awslambda_function_using_supported_runtimes/awslambda_function_using_supported_runtimes.metadata.json +24 -13
- prowler/providers/aws/services/awslambda/awslambda_function_vpc_multi_az/awslambda_function_vpc_multi_az.metadata.json +23 -13
- prowler/providers/aws/services/backup/backup_plans_exist/backup_plans_exist.metadata.json +22 -15
- prowler/providers/aws/services/backup/backup_recovery_point_encrypted/backup_recovery_point_encrypted.metadata.json +21 -12
- prowler/providers/aws/services/backup/backup_reportplans_exist/backup_reportplans_exist.metadata.json +19 -15
- prowler/providers/aws/services/backup/backup_vaults_encrypted/backup_vaults_encrypted.metadata.json +24 -13
- prowler/providers/aws/services/backup/backup_vaults_exist/backup_vaults_exist.metadata.json +19 -15
- prowler/providers/aws/services/cloudformation/cloudformation_stack_cdktoolkit_bootstrap_version/cloudformation_stack_cdktoolkit_bootstrap_version.metadata.json +24 -13
- prowler/providers/aws/services/cloudformation/cloudformation_stack_outputs_find_secrets/cloudformation_stack_outputs_find_secrets.metadata.json +22 -12
- prowler/providers/aws/services/cloudformation/cloudformation_stacks_termination_protection_enabled/cloudformation_stacks_termination_protection_enabled.metadata.json +21 -12
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_custom_ssl_certificate/cloudfront_distributions_custom_ssl_certificate.metadata.json +21 -12
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_default_root_object/cloudfront_distributions_default_root_object.metadata.json +19 -12
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_field_level_encryption_enabled/cloudfront_distributions_field_level_encryption_enabled.metadata.json +19 -12
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_geo_restrictions_enabled/cloudfront_distributions_geo_restrictions_enabled.metadata.json +22 -13
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_https_enabled/cloudfront_distributions_https_enabled.metadata.json +21 -12
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_https_sni_enabled/cloudfront_distributions_https_sni_enabled.metadata.json +20 -12
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_logging_enabled/cloudfront_distributions_logging_enabled.metadata.json +22 -13
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_multiple_origin_failover_configured/cloudfront_distributions_multiple_origin_failover_configured.metadata.json +21 -16
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_origin_traffic_encrypted/cloudfront_distributions_origin_traffic_encrypted.metadata.json +27 -14
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_s3_origin_access_control/cloudfront_distributions_s3_origin_access_control.metadata.json +24 -14
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_s3_origin_non_existent_bucket/cloudfront_distributions_s3_origin_non_existent_bucket.metadata.json +18 -11
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_using_deprecated_ssl_protocols/cloudfront_distributions_using_deprecated_ssl_protocols.metadata.json +20 -12
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_using_waf/cloudfront_distributions_using_waf.metadata.json +21 -12
- prowler/providers/aws/services/cloudtrail/cloudtrail_bucket_requires_mfa_delete/cloudtrail_bucket_requires_mfa_delete.metadata.json +16 -11
- prowler/providers/aws/services/cloudtrail/cloudtrail_cloudwatch_logging_enabled/cloudtrail_cloudwatch_logging_enabled.metadata.json +19 -15
- prowler/providers/aws/services/cloudtrail/cloudtrail_insights_exist/cloudtrail_insights_exist.metadata.json +19 -14
- prowler/providers/aws/services/cloudtrail/cloudtrail_kms_encryption_enabled/cloudtrail_kms_encryption_enabled.metadata.json +19 -14
- prowler/providers/aws/services/cloudtrail/cloudtrail_log_file_validation_enabled/cloudtrail_log_file_validation_enabled.metadata.json +20 -13
- prowler/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_access_logging_enabled/cloudtrail_logs_s3_bucket_access_logging_enabled.metadata.json +18 -13
- prowler/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_is_not_publicly_accessible/cloudtrail_logs_s3_bucket_is_not_publicly_accessible.metadata.json +24 -16
- prowler/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled/cloudtrail_multi_region_enabled.metadata.json +17 -13
- prowler/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled_logging_management_events/cloudtrail_multi_region_enabled_logging_management_events.metadata.json +19 -12
- prowler/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_read_enabled/cloudtrail_s3_dataevents_read_enabled.metadata.json +22 -12
- prowler/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_write_enabled/cloudtrail_s3_dataevents_write_enabled.metadata.json +21 -11
- prowler/providers/aws/services/cloudtrail/cloudtrail_threat_detection_enumeration/cloudtrail_threat_detection_enumeration.metadata.json +22 -11
- prowler/providers/aws/services/cloudtrail/cloudtrail_threat_detection_llm_jacking/cloudtrail_threat_detection_llm_jacking.metadata.json +25 -12
- prowler/providers/aws/services/cloudtrail/cloudtrail_threat_detection_privilege_escalation/cloudtrail_threat_detection_privilege_escalation.metadata.json +18 -10
- prowler/providers/aws/services/config/config_recorder_all_regions_enabled/config_recorder_all_regions_enabled.metadata.json +20 -12
- prowler/providers/aws/services/config/config_recorder_using_aws_service_role/config_recorder_using_aws_service_role.metadata.json +20 -13
- prowler/providers/aws/services/directoryservice/directoryservice_directory_log_forwarding_enabled/directoryservice_directory_log_forwarding_enabled.metadata.json +20 -11
- prowler/providers/aws/services/directoryservice/directoryservice_directory_monitor_notifications/directoryservice_directory_monitor_notifications.metadata.json +19 -11
- prowler/providers/aws/services/directoryservice/directoryservice_directory_snapshots_limit/directoryservice_directory_snapshots_limit.metadata.json +19 -10
- prowler/providers/aws/services/directoryservice/directoryservice_ldap_certificate_expiration/directoryservice_ldap_certificate_expiration.metadata.json +20 -11
- prowler/providers/aws/services/directoryservice/directoryservice_radius_server_security_protocol/directoryservice_radius_server_security_protocol.metadata.json +23 -12
- prowler/providers/aws/services/directoryservice/directoryservice_supported_mfa_radius_enabled/directoryservice_supported_mfa_radius_enabled.metadata.json +23 -12
- prowler/providers/aws/services/dlm/dlm_ebs_snapshot_lifecycle_policy_exists/dlm_ebs_snapshot_lifecycle_policy_exists.metadata.json +19 -13
- prowler/providers/aws/services/dms/dms_endpoint_mongodb_authentication_enabled/dms_endpoint_mongodb_authentication_enabled.metadata.json +20 -13
- prowler/providers/aws/services/dms/dms_endpoint_neptune_iam_authorization_enabled/dms_endpoint_neptune_iam_authorization_enabled.metadata.json +19 -12
- prowler/providers/aws/services/dms/dms_endpoint_redis_in_transit_encryption_enabled/dms_endpoint_redis_in_transit_encryption_enabled.metadata.json +23 -13
- prowler/providers/aws/services/dms/dms_endpoint_ssl_enabled/dms_endpoint_ssl_enabled.metadata.json +27 -19
- prowler/providers/aws/services/dms/dms_instance_minor_version_upgrade_enabled/dms_instance_minor_version_upgrade_enabled.metadata.json +22 -12
- prowler/providers/aws/services/dms/dms_instance_multi_az_enabled/dms_instance_multi_az_enabled.metadata.json +20 -13
- prowler/providers/aws/services/dms/dms_instance_no_public_access/dms_instance_no_public_access.metadata.json +22 -11
- prowler/providers/aws/services/dms/dms_replication_task_source_logging_enabled/dms_replication_task_source_logging_enabled.metadata.json +21 -13
- prowler/providers/aws/services/dms/dms_replication_task_target_logging_enabled/dms_replication_task_target_logging_enabled.metadata.json +22 -13
- prowler/providers/aws/services/dms/dms_replication_task_target_logging_enabled/dms_replication_task_target_logging_enabled.py +39 -37
- prowler/providers/aws/services/dms/dms_service.py +0 -1
- prowler/providers/aws/services/ec2/ec2_ami_public/ec2_ami_public.py +11 -10
- prowler/providers/aws/services/ec2/ec2_instance_with_outdated_ami/__init__.py +0 -0
- prowler/providers/aws/services/ec2/ec2_instance_with_outdated_ami/ec2_instance_with_outdated_ami.metadata.json +30 -0
- prowler/providers/aws/services/ec2/ec2_instance_with_outdated_ami/ec2_instance_with_outdated_ami.py +52 -0
- prowler/providers/aws/services/ec2/ec2_service.py +26 -14
- prowler/providers/aws/services/efs/efs_access_point_enforce_root_directory/efs_access_point_enforce_root_directory.metadata.json +19 -13
- prowler/providers/aws/services/efs/efs_access_point_enforce_user_identity/efs_access_point_enforce_user_identity.metadata.json +23 -13
- prowler/providers/aws/services/efs/efs_encryption_at_rest_enabled/efs_encryption_at_rest_enabled.metadata.json +23 -13
- prowler/providers/aws/services/efs/efs_have_backup_enabled/efs_have_backup_enabled.metadata.json +20 -14
- prowler/providers/aws/services/efs/efs_mount_target_not_publicly_accessible/efs_mount_target_not_publicly_accessible.metadata.json +18 -12
- prowler/providers/aws/services/efs/efs_multi_az_enabled/efs_multi_az_enabled.metadata.json +21 -13
- prowler/providers/aws/services/efs/efs_not_publicly_accessible/efs_not_publicly_accessible.metadata.json +17 -13
- prowler/providers/aws/services/eks/eks_cluster_uses_a_supported_version/eks_cluster_uses_a_supported_version.py +4 -0
- prowler/providers/aws/services/elb/elb_ssl_listeners_use_acm_certificate/elb_ssl_listeners_use_acm_certificate.py +8 -2
- prowler/providers/aws/services/neptune/neptune_cluster_backup_enabled/neptune_cluster_backup_enabled.metadata.json +23 -13
- prowler/providers/aws/services/neptune/neptune_cluster_copy_tags_to_snapshots/neptune_cluster_copy_tags_to_snapshots.metadata.json +18 -14
- prowler/providers/aws/services/neptune/neptune_cluster_deletion_protection/neptune_cluster_deletion_protection.metadata.json +23 -14
- prowler/providers/aws/services/neptune/neptune_cluster_iam_authentication_enabled/neptune_cluster_iam_authentication_enabled.metadata.json +25 -13
- prowler/providers/aws/services/neptune/neptune_cluster_integration_cloudwatch_logs/neptune_cluster_integration_cloudwatch_logs.metadata.json +22 -14
- prowler/providers/aws/services/neptune/neptune_cluster_multi_az/neptune_cluster_multi_az.metadata.json +20 -12
- prowler/providers/aws/services/neptune/neptune_cluster_public_snapshot/neptune_cluster_public_snapshot.metadata.json +18 -10
- prowler/providers/aws/services/neptune/neptune_cluster_snapshot_encrypted/neptune_cluster_snapshot_encrypted.metadata.json +16 -10
- prowler/providers/aws/services/neptune/neptune_cluster_storage_encrypted/neptune_cluster_storage_encrypted.metadata.json +22 -13
- prowler/providers/aws/services/neptune/neptune_cluster_uses_public_subnet/neptune_cluster_uses_public_subnet.metadata.json +20 -12
- prowler/providers/aws/services/rds/rds_service.py +9 -2
- prowler/providers/aws/services/vpc/vpc_service.py +1 -1
- prowler/providers/azure/services/entra/entra_service.py +54 -25
- prowler/providers/common/arguments.py +16 -2
- prowler/providers/common/provider.py +34 -2
- prowler/providers/gcp/services/cloudsql/cloudsql_service.py +3 -3
- prowler/providers/gcp/services/cloudstorage/cloudstorage_bucket_lifecycle_management_enabled/__init__.py +0 -0
- prowler/providers/gcp/services/cloudstorage/cloudstorage_bucket_lifecycle_management_enabled/cloudstorage_bucket_lifecycle_management_enabled.metadata.json +34 -0
- prowler/providers/gcp/services/cloudstorage/cloudstorage_bucket_lifecycle_management_enabled/cloudstorage_bucket_lifecycle_management_enabled.py +48 -0
- prowler/providers/gcp/services/cloudstorage/cloudstorage_service.py +10 -0
- prowler/providers/gcp/services/compute/compute_project_os_login_enabled/compute_project_os_login_enabled.py +5 -0
- prowler/providers/gcp/services/iam/iam_audit_logs_enabled/iam_audit_logs_enabled.py +5 -0
- prowler/providers/gcp/services/iam/iam_role_kms_enforce_separation_of_duties/iam_role_kms_enforce_separation_of_duties.py +5 -0
- prowler/providers/gcp/services/logging/logging_log_metric_filter_and_alert_for_audit_configuration_changes_enabled/logging_log_metric_filter_and_alert_for_audit_configuration_changes_enabled.py +5 -0
- prowler/providers/gcp/services/logging/logging_log_metric_filter_and_alert_for_bucket_permission_changes_enabled/logging_log_metric_filter_and_alert_for_bucket_permission_changes_enabled.py +5 -0
- prowler/providers/gcp/services/logging/logging_log_metric_filter_and_alert_for_custom_role_changes_enabled/logging_log_metric_filter_and_alert_for_custom_role_changes_enabled.py +5 -0
- prowler/providers/gcp/services/logging/logging_log_metric_filter_and_alert_for_project_ownership_changes_enabled/logging_log_metric_filter_and_alert_for_project_ownership_changes_enabled.py +5 -0
- prowler/providers/gcp/services/logging/logging_log_metric_filter_and_alert_for_sql_instance_configuration_changes_enabled/logging_log_metric_filter_and_alert_for_sql_instance_configuration_changes_enabled.py +5 -0
- prowler/providers/gcp/services/logging/logging_log_metric_filter_and_alert_for_vpc_firewall_rule_changes_enabled/logging_log_metric_filter_and_alert_for_vpc_firewall_rule_changes_enabled.py +5 -0
- prowler/providers/gcp/services/logging/logging_log_metric_filter_and_alert_for_vpc_network_changes_enabled/logging_log_metric_filter_and_alert_for_vpc_network_changes_enabled.py +5 -0
- prowler/providers/gcp/services/logging/logging_log_metric_filter_and_alert_for_vpc_network_route_changes_enabled/logging_log_metric_filter_and_alert_for_vpc_network_route_changes_enabled.py +5 -0
- prowler/providers/gcp/services/logging/logging_sink_created/logging_sink_created.py +5 -0
- prowler/providers/gcp/services/monitoring/monitoring_service.py +30 -2
- prowler/providers/iac/iac_provider.py +1 -1
- prowler/providers/llm/__init__.py +0 -0
- prowler/providers/llm/lib/__init__.py +0 -0
- prowler/providers/llm/lib/arguments/__init__.py +0 -0
- prowler/providers/llm/lib/arguments/arguments.py +13 -0
- prowler/providers/llm/llm_provider.py +518 -0
- prowler/providers/llm/models.py +27 -0
- prowler/providers/m365/exceptions/exceptions.py +0 -55
- prowler/providers/m365/lib/arguments/arguments.py +8 -4
- prowler/providers/m365/lib/powershell/m365_powershell.py +14 -156
- prowler/providers/m365/m365_provider.py +19 -117
- prowler/providers/m365/models.py +0 -3
- prowler/providers/m365/services/admincenter/admincenter_service.py +52 -23
- prowler/providers/m365/services/entra/entra_admin_users_phishing_resistant_mfa_enabled/entra_admin_users_phishing_resistant_mfa_enabled.py +19 -2
- prowler/providers/m365/services/entra/entra_service.py +58 -30
- prowler/providers/m365/services/sharepoint/sharepoint_service.py +24 -3
- prowler/providers/oraclecloud/__init__.py +0 -0
- prowler/providers/oraclecloud/config.py +61 -0
- prowler/providers/oraclecloud/exceptions/__init__.py +0 -0
- prowler/providers/oraclecloud/exceptions/exceptions.py +197 -0
- prowler/providers/oraclecloud/lib/__init__.py +0 -0
- prowler/providers/oraclecloud/lib/arguments/__init__.py +0 -0
- prowler/providers/oraclecloud/lib/arguments/arguments.py +123 -0
- prowler/providers/oraclecloud/lib/mutelist/__init__.py +0 -0
- prowler/providers/oraclecloud/lib/mutelist/mutelist.py +176 -0
- prowler/providers/oraclecloud/lib/service/__init__.py +0 -0
- prowler/providers/oraclecloud/lib/service/service.py +213 -0
- prowler/providers/oraclecloud/models.py +96 -0
- prowler/providers/oraclecloud/oci_provider.py +1038 -0
- prowler/providers/oraclecloud/services/__init__.py +0 -0
- prowler/providers/oraclecloud/services/analytics/__init__.py +0 -0
- prowler/providers/oraclecloud/services/analytics/analytics_client.py +6 -0
- prowler/providers/oraclecloud/services/analytics/analytics_instance_access_restricted/__init__.py +0 -0
- prowler/providers/oraclecloud/services/analytics/analytics_instance_access_restricted/analytics_instance_access_restricted.metadata.json +36 -0
- prowler/providers/oraclecloud/services/analytics/analytics_instance_access_restricted/analytics_instance_access_restricted.py +48 -0
- prowler/providers/oraclecloud/services/analytics/analytics_service.py +99 -0
- prowler/providers/oraclecloud/services/audit/__init__.py +0 -0
- prowler/providers/oraclecloud/services/audit/audit_client.py +4 -0
- prowler/providers/oraclecloud/services/audit/audit_log_retention_period_365_days/__init__.py +0 -0
- prowler/providers/oraclecloud/services/audit/audit_log_retention_period_365_days/audit_log_retention_period_365_days.metadata.json +37 -0
- prowler/providers/oraclecloud/services/audit/audit_log_retention_period_365_days/audit_log_retention_period_365_days.py +46 -0
- prowler/providers/oraclecloud/services/audit/audit_service.py +57 -0
- prowler/providers/oraclecloud/services/blockstorage/__init__.py +0 -0
- prowler/providers/oraclecloud/services/blockstorage/blockstorage_block_volume_encrypted_with_cmk/__init__.py +0 -0
- prowler/providers/oraclecloud/services/blockstorage/blockstorage_block_volume_encrypted_with_cmk/blockstorage_block_volume_encrypted_with_cmk.metadata.json +37 -0
- prowler/providers/oraclecloud/services/blockstorage/blockstorage_block_volume_encrypted_with_cmk/blockstorage_block_volume_encrypted_with_cmk.py +39 -0
- prowler/providers/oraclecloud/services/blockstorage/blockstorage_boot_volume_encrypted_with_cmk/__init__.py +0 -0
- prowler/providers/oraclecloud/services/blockstorage/blockstorage_boot_volume_encrypted_with_cmk/blockstorage_boot_volume_encrypted_with_cmk.metadata.json +36 -0
- prowler/providers/oraclecloud/services/blockstorage/blockstorage_boot_volume_encrypted_with_cmk/blockstorage_boot_volume_encrypted_with_cmk.py +35 -0
- prowler/providers/oraclecloud/services/blockstorage/blockstorage_client.py +6 -0
- prowler/providers/oraclecloud/services/blockstorage/blockstorage_service.py +182 -0
- prowler/providers/oraclecloud/services/cloudguard/__init__.py +0 -0
- prowler/providers/oraclecloud/services/cloudguard/cloudguard_client.py +6 -0
- prowler/providers/oraclecloud/services/cloudguard/cloudguard_enabled/__init__.py +0 -0
- prowler/providers/oraclecloud/services/cloudguard/cloudguard_enabled/cloudguard_enabled.metadata.json +36 -0
- prowler/providers/oraclecloud/services/cloudguard/cloudguard_enabled/cloudguard_enabled.py +39 -0
- prowler/providers/oraclecloud/services/cloudguard/cloudguard_service.py +63 -0
- prowler/providers/oraclecloud/services/compute/__init__.py +0 -0
- prowler/providers/oraclecloud/services/compute/compute_client.py +4 -0
- prowler/providers/oraclecloud/services/compute/compute_instance_in_transit_encryption_enabled/__init__.py +0 -0
- prowler/providers/oraclecloud/services/compute/compute_instance_in_transit_encryption_enabled/compute_instance_in_transit_encryption_enabled.metadata.json +37 -0
- prowler/providers/oraclecloud/services/compute/compute_instance_in_transit_encryption_enabled/compute_instance_in_transit_encryption_enabled.py +38 -0
- prowler/providers/oraclecloud/services/compute/compute_instance_legacy_metadata_endpoint_disabled/__init__.py +0 -0
- prowler/providers/oraclecloud/services/compute/compute_instance_legacy_metadata_endpoint_disabled/compute_instance_legacy_metadata_endpoint_disabled.metadata.json +37 -0
- prowler/providers/oraclecloud/services/compute/compute_instance_legacy_metadata_endpoint_disabled/compute_instance_legacy_metadata_endpoint_disabled.py +37 -0
- prowler/providers/oraclecloud/services/compute/compute_instance_secure_boot_enabled/__init__.py +0 -0
- prowler/providers/oraclecloud/services/compute/compute_instance_secure_boot_enabled/compute_instance_secure_boot_enabled.metadata.json +37 -0
- prowler/providers/oraclecloud/services/compute/compute_instance_secure_boot_enabled/compute_instance_secure_boot_enabled.py +39 -0
- prowler/providers/oraclecloud/services/compute/compute_service.py +136 -0
- prowler/providers/oraclecloud/services/database/__init__.py +0 -0
- prowler/providers/oraclecloud/services/database/database_autonomous_database_access_restricted/__init__.py +0 -0
- prowler/providers/oraclecloud/services/database/database_autonomous_database_access_restricted/database_autonomous_database_access_restricted.metadata.json +36 -0
- prowler/providers/oraclecloud/services/database/database_autonomous_database_access_restricted/database_autonomous_database_access_restricted.py +40 -0
- prowler/providers/oraclecloud/services/database/database_client.py +6 -0
- prowler/providers/oraclecloud/services/database/database_service.py +79 -0
- prowler/providers/oraclecloud/services/events/__init__.py +0 -0
- prowler/providers/oraclecloud/services/events/events_client.py +4 -0
- prowler/providers/oraclecloud/services/events/events_notification_topic_and_subscription_exists/__init__.py +0 -0
- prowler/providers/oraclecloud/services/events/events_notification_topic_and_subscription_exists/events_notification_topic_and_subscription_exists.metadata.json +37 -0
- prowler/providers/oraclecloud/services/events/events_notification_topic_and_subscription_exists/events_notification_topic_and_subscription_exists.py +53 -0
- prowler/providers/oraclecloud/services/events/events_rule_cloudguard_problems/__init__.py +0 -0
- prowler/providers/oraclecloud/services/events/events_rule_cloudguard_problems/events_rule_cloudguard_problems.metadata.json +36 -0
- prowler/providers/oraclecloud/services/events/events_rule_cloudguard_problems/events_rule_cloudguard_problems.py +90 -0
- prowler/providers/oraclecloud/services/events/events_rule_iam_group_changes/__init__.py +0 -0
- prowler/providers/oraclecloud/services/events/events_rule_iam_group_changes/events_rule_iam_group_changes.metadata.json +37 -0
- prowler/providers/oraclecloud/services/events/events_rule_iam_group_changes/events_rule_iam_group_changes.py +67 -0
- prowler/providers/oraclecloud/services/events/events_rule_iam_policy_changes/__init__.py +0 -0
- prowler/providers/oraclecloud/services/events/events_rule_iam_policy_changes/events_rule_iam_policy_changes.metadata.json +37 -0
- prowler/providers/oraclecloud/services/events/events_rule_iam_policy_changes/events_rule_iam_policy_changes.py +67 -0
- prowler/providers/oraclecloud/services/events/events_rule_identity_provider_changes/__init__.py +0 -0
- prowler/providers/oraclecloud/services/events/events_rule_identity_provider_changes/events_rule_identity_provider_changes.metadata.json +37 -0
- prowler/providers/oraclecloud/services/events/events_rule_identity_provider_changes/events_rule_identity_provider_changes.py +67 -0
- prowler/providers/oraclecloud/services/events/events_rule_idp_group_mapping_changes/__init__.py +0 -0
- prowler/providers/oraclecloud/services/events/events_rule_idp_group_mapping_changes/events_rule_idp_group_mapping_changes.metadata.json +37 -0
- prowler/providers/oraclecloud/services/events/events_rule_idp_group_mapping_changes/events_rule_idp_group_mapping_changes.py +67 -0
- prowler/providers/oraclecloud/services/events/events_rule_local_user_authentication/__init__.py +0 -0
- prowler/providers/oraclecloud/services/events/events_rule_local_user_authentication/events_rule_local_user_authentication.metadata.json +38 -0
- prowler/providers/oraclecloud/services/events/events_rule_local_user_authentication/events_rule_local_user_authentication.py +63 -0
- prowler/providers/oraclecloud/services/events/events_rule_network_gateway_changes/__init__.py +0 -0
- prowler/providers/oraclecloud/services/events/events_rule_network_gateway_changes/events_rule_network_gateway_changes.metadata.json +37 -0
- prowler/providers/oraclecloud/services/events/events_rule_network_gateway_changes/events_rule_network_gateway_changes.py +88 -0
- prowler/providers/oraclecloud/services/events/events_rule_network_security_group_changes/__init__.py +0 -0
- prowler/providers/oraclecloud/services/events/events_rule_network_security_group_changes/events_rule_network_security_group_changes.metadata.json +37 -0
- prowler/providers/oraclecloud/services/events/events_rule_network_security_group_changes/events_rule_network_security_group_changes.py +68 -0
- prowler/providers/oraclecloud/services/events/events_rule_route_table_changes/__init__.py +0 -0
- prowler/providers/oraclecloud/services/events/events_rule_route_table_changes/events_rule_route_table_changes.metadata.json +37 -0
- prowler/providers/oraclecloud/services/events/events_rule_route_table_changes/events_rule_route_table_changes.py +68 -0
- prowler/providers/oraclecloud/services/events/events_rule_security_list_changes/__init__.py +0 -0
- prowler/providers/oraclecloud/services/events/events_rule_security_list_changes/events_rule_security_list_changes.metadata.json +37 -0
- prowler/providers/oraclecloud/services/events/events_rule_security_list_changes/events_rule_security_list_changes.py +68 -0
- prowler/providers/oraclecloud/services/events/events_rule_user_changes/__init__.py +0 -0
- prowler/providers/oraclecloud/services/events/events_rule_user_changes/events_rule_user_changes.metadata.json +37 -0
- prowler/providers/oraclecloud/services/events/events_rule_user_changes/events_rule_user_changes.py +69 -0
- prowler/providers/oraclecloud/services/events/events_rule_vcn_changes/__init__.py +0 -0
- prowler/providers/oraclecloud/services/events/events_rule_vcn_changes/events_rule_vcn_changes.metadata.json +37 -0
- prowler/providers/oraclecloud/services/events/events_rule_vcn_changes/events_rule_vcn_changes.py +65 -0
- prowler/providers/oraclecloud/services/events/events_service.py +215 -0
- prowler/providers/oraclecloud/services/events/lib/__init__.py +0 -0
- prowler/providers/oraclecloud/services/events/lib/helpers.py +116 -0
- prowler/providers/oraclecloud/services/filestorage/__init__.py +0 -0
- prowler/providers/oraclecloud/services/filestorage/filestorage_client.py +6 -0
- prowler/providers/oraclecloud/services/filestorage/filestorage_file_system_encrypted_with_cmk/__init__.py +0 -0
- prowler/providers/oraclecloud/services/filestorage/filestorage_file_system_encrypted_with_cmk/filestorage_file_system_encrypted_with_cmk.metadata.json +36 -0
- prowler/providers/oraclecloud/services/filestorage/filestorage_file_system_encrypted_with_cmk/filestorage_file_system_encrypted_with_cmk.py +39 -0
- prowler/providers/oraclecloud/services/filestorage/filestorage_service.py +96 -0
- prowler/providers/oraclecloud/services/identity/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_client.py +4 -0
- prowler/providers/oraclecloud/services/identity/identity_iam_admins_cannot_update_tenancy_admins/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_iam_admins_cannot_update_tenancy_admins/identity_iam_admins_cannot_update_tenancy_admins.metadata.json +36 -0
- prowler/providers/oraclecloud/services/identity/identity_iam_admins_cannot_update_tenancy_admins/identity_iam_admins_cannot_update_tenancy_admins.py +107 -0
- prowler/providers/oraclecloud/services/identity/identity_instance_principal_used/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_instance_principal_used/identity_instance_principal_used.metadata.json +36 -0
- prowler/providers/oraclecloud/services/identity/identity_instance_principal_used/identity_instance_principal_used.py +70 -0
- prowler/providers/oraclecloud/services/identity/identity_no_resources_in_root_compartment/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_no_resources_in_root_compartment/identity_no_resources_in_root_compartment.metadata.json +32 -0
- prowler/providers/oraclecloud/services/identity/identity_no_resources_in_root_compartment/identity_no_resources_in_root_compartment.py +51 -0
- prowler/providers/oraclecloud/services/identity/identity_non_root_compartment_exists/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_non_root_compartment_exists/identity_non_root_compartment_exists.metadata.json +32 -0
- prowler/providers/oraclecloud/services/identity/identity_non_root_compartment_exists/identity_non_root_compartment_exists.py +39 -0
- prowler/providers/oraclecloud/services/identity/identity_password_policy_expires_within_365_days/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_password_policy_expires_within_365_days/identity_password_policy_expires_within_365_days.metadata.json +36 -0
- prowler/providers/oraclecloud/services/identity/identity_password_policy_expires_within_365_days/identity_password_policy_expires_within_365_days.py +67 -0
- prowler/providers/oraclecloud/services/identity/identity_password_policy_minimum_length_14/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_password_policy_minimum_length_14/identity_password_policy_minimum_length_14.metadata.json +36 -0
- prowler/providers/oraclecloud/services/identity/identity_password_policy_minimum_length_14/identity_password_policy_minimum_length_14.py +97 -0
- prowler/providers/oraclecloud/services/identity/identity_password_policy_prevents_reuse/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_password_policy_prevents_reuse/identity_password_policy_prevents_reuse.metadata.json +36 -0
- prowler/providers/oraclecloud/services/identity/identity_password_policy_prevents_reuse/identity_password_policy_prevents_reuse.py +77 -0
- prowler/providers/oraclecloud/services/identity/identity_service.py +828 -0
- prowler/providers/oraclecloud/services/identity/identity_service_level_admins_exist/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_service_level_admins_exist/identity_service_level_admins_exist.metadata.json +32 -0
- prowler/providers/oraclecloud/services/identity/identity_service_level_admins_exist/identity_service_level_admins_exist.py +81 -0
- prowler/providers/oraclecloud/services/identity/identity_tenancy_admin_permissions_limited/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_tenancy_admin_permissions_limited/identity_tenancy_admin_permissions_limited.metadata.json +36 -0
- prowler/providers/oraclecloud/services/identity/identity_tenancy_admin_permissions_limited/identity_tenancy_admin_permissions_limited.py +81 -0
- prowler/providers/oraclecloud/services/identity/identity_tenancy_admin_users_no_api_keys/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_tenancy_admin_users_no_api_keys/identity_tenancy_admin_users_no_api_keys.metadata.json +36 -0
- prowler/providers/oraclecloud/services/identity/identity_tenancy_admin_users_no_api_keys/identity_tenancy_admin_users_no_api_keys.py +49 -0
- prowler/providers/oraclecloud/services/identity/identity_user_api_keys_rotated_90_days/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_user_api_keys_rotated_90_days/identity_user_api_keys_rotated_90_days.metadata.json +37 -0
- prowler/providers/oraclecloud/services/identity/identity_user_api_keys_rotated_90_days/identity_user_api_keys_rotated_90_days.py +73 -0
- prowler/providers/oraclecloud/services/identity/identity_user_auth_tokens_rotated_90_days/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_user_auth_tokens_rotated_90_days/identity_user_auth_tokens_rotated_90_days.metadata.json +36 -0
- prowler/providers/oraclecloud/services/identity/identity_user_auth_tokens_rotated_90_days/identity_user_auth_tokens_rotated_90_days.py +52 -0
- prowler/providers/oraclecloud/services/identity/identity_user_customer_secret_keys_rotated_90_days/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_user_customer_secret_keys_rotated_90_days/identity_user_customer_secret_keys_rotated_90_days.metadata.json +36 -0
- prowler/providers/oraclecloud/services/identity/identity_user_customer_secret_keys_rotated_90_days/identity_user_customer_secret_keys_rotated_90_days.py +49 -0
- prowler/providers/oraclecloud/services/identity/identity_user_db_passwords_rotated_90_days/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_user_db_passwords_rotated_90_days/identity_user_db_passwords_rotated_90_days.metadata.json +36 -0
- prowler/providers/oraclecloud/services/identity/identity_user_db_passwords_rotated_90_days/identity_user_db_passwords_rotated_90_days.py +49 -0
- prowler/providers/oraclecloud/services/identity/identity_user_mfa_enabled_console_access/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_user_mfa_enabled_console_access/identity_user_mfa_enabled_console_access.metadata.json +36 -0
- prowler/providers/oraclecloud/services/identity/identity_user_mfa_enabled_console_access/identity_user_mfa_enabled_console_access.py +43 -0
- prowler/providers/oraclecloud/services/identity/identity_user_valid_email_address/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_user_valid_email_address/identity_user_valid_email_address.metadata.json +36 -0
- prowler/providers/oraclecloud/services/identity/identity_user_valid_email_address/identity_user_valid_email_address.py +38 -0
- prowler/providers/oraclecloud/services/integration/__init__.py +0 -0
- prowler/providers/oraclecloud/services/integration/integration_client.py +8 -0
- prowler/providers/oraclecloud/services/integration/integration_instance_access_restricted/__init__.py +0 -0
- prowler/providers/oraclecloud/services/integration/integration_instance_access_restricted/integration_instance_access_restricted.metadata.json +36 -0
- prowler/providers/oraclecloud/services/integration/integration_instance_access_restricted/integration_instance_access_restricted.py +48 -0
- prowler/providers/oraclecloud/services/integration/integration_service.py +92 -0
- prowler/providers/oraclecloud/services/kms/__init__.py +0 -0
- prowler/providers/oraclecloud/services/kms/kms_client.py +4 -0
- prowler/providers/oraclecloud/services/kms/kms_key_rotation_enabled/__init__.py +0 -0
- prowler/providers/oraclecloud/services/kms/kms_key_rotation_enabled/kms_key_rotation_enabled.metadata.json +36 -0
- prowler/providers/oraclecloud/services/kms/kms_key_rotation_enabled/kms_key_rotation_enabled.py +37 -0
- prowler/providers/oraclecloud/services/kms/kms_service.py +136 -0
- prowler/providers/oraclecloud/services/logging/__init__.py +0 -0
- prowler/providers/oraclecloud/services/logging/logging_client.py +6 -0
- prowler/providers/oraclecloud/services/logging/logging_service.py +189 -0
- prowler/providers/oraclecloud/services/network/__init__.py +0 -0
- prowler/providers/oraclecloud/services/network/network_client.py +4 -0
- prowler/providers/oraclecloud/services/network/network_default_security_list_restricts_traffic/__init__.py +0 -0
- prowler/providers/oraclecloud/services/network/network_default_security_list_restricts_traffic/network_default_security_list_restricts_traffic.metadata.json +36 -0
- prowler/providers/oraclecloud/services/network/network_default_security_list_restricts_traffic/network_default_security_list_restricts_traffic.py +99 -0
- prowler/providers/oraclecloud/services/network/network_security_group_ingress_from_internet_to_rdp_port/__init__.py +0 -0
- prowler/providers/oraclecloud/services/network/network_security_group_ingress_from_internet_to_rdp_port/network_security_group_ingress_from_internet_to_rdp_port.metadata.json +36 -0
- prowler/providers/oraclecloud/services/network/network_security_group_ingress_from_internet_to_rdp_port/network_security_group_ingress_from_internet_to_rdp_port.py +65 -0
- prowler/providers/oraclecloud/services/network/network_security_group_ingress_from_internet_to_ssh_port/__init__.py +0 -0
- prowler/providers/oraclecloud/services/network/network_security_group_ingress_from_internet_to_ssh_port/network_security_group_ingress_from_internet_to_ssh_port.metadata.json +37 -0
- prowler/providers/oraclecloud/services/network/network_security_group_ingress_from_internet_to_ssh_port/network_security_group_ingress_from_internet_to_ssh_port.py +70 -0
- prowler/providers/oraclecloud/services/network/network_security_list_ingress_from_internet_to_rdp_port/__init__.py +0 -0
- prowler/providers/oraclecloud/services/network/network_security_list_ingress_from_internet_to_rdp_port/network_security_list_ingress_from_internet_to_rdp_port.metadata.json +36 -0
- prowler/providers/oraclecloud/services/network/network_security_list_ingress_from_internet_to_rdp_port/network_security_list_ingress_from_internet_to_rdp_port.py +62 -0
- prowler/providers/oraclecloud/services/network/network_security_list_ingress_from_internet_to_ssh_port/__init__.py +0 -0
- prowler/providers/oraclecloud/services/network/network_security_list_ingress_from_internet_to_ssh_port/network_security_list_ingress_from_internet_to_ssh_port.metadata.json +37 -0
- prowler/providers/oraclecloud/services/network/network_security_list_ingress_from_internet_to_ssh_port/network_security_list_ingress_from_internet_to_ssh_port.py +67 -0
- prowler/providers/oraclecloud/services/network/network_service.py +321 -0
- prowler/providers/oraclecloud/services/network/network_vcn_subnet_flow_logs_enabled/__init__.py +0 -0
- prowler/providers/oraclecloud/services/network/network_vcn_subnet_flow_logs_enabled/network_vcn_subnet_flow_logs_enabled.metadata.json +36 -0
- prowler/providers/oraclecloud/services/network/network_vcn_subnet_flow_logs_enabled/network_vcn_subnet_flow_logs_enabled.py +66 -0
- prowler/providers/oraclecloud/services/objectstorage/__init__.py +0 -0
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_encrypted_with_cmk/__init__.py +0 -0
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_encrypted_with_cmk/objectstorage_bucket_encrypted_with_cmk.metadata.json +37 -0
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_encrypted_with_cmk/objectstorage_bucket_encrypted_with_cmk.py +40 -0
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_logging_enabled/__init__.py +0 -0
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_logging_enabled/objectstorage_bucket_logging_enabled.metadata.json +32 -0
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_logging_enabled/objectstorage_bucket_logging_enabled.py +68 -0
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_not_publicly_accessible/__init__.py +0 -0
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_not_publicly_accessible/objectstorage_bucket_not_publicly_accessible.metadata.json +37 -0
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_not_publicly_accessible/objectstorage_bucket_not_publicly_accessible.py +43 -0
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_versioning_enabled/__init__.py +0 -0
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_versioning_enabled/objectstorage_bucket_versioning_enabled.metadata.json +37 -0
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_versioning_enabled/objectstorage_bucket_versioning_enabled.py +38 -0
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_client.py +6 -0
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_service.py +138 -0
- {prowler_cloud-5.12.3.dist-info → prowler_cloud-5.13.0.dist-info}/METADATA +9 -33
- {prowler_cloud-5.12.3.dist-info → prowler_cloud-5.13.0.dist-info}/RECORD +528 -280
- {prowler_cloud-5.12.3.dist-info → prowler_cloud-5.13.0.dist-info}/LICENSE +0 -0
- {prowler_cloud-5.12.3.dist-info → prowler_cloud-5.13.0.dist-info}/WHEEL +0 -0
- {prowler_cloud-5.12.3.dist-info → prowler_cloud-5.13.0.dist-info}/entry_points.txt +0 -0
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
### Tenancy, Check and/or Region can be * to apply for all the cases.
|
|
2
|
+
### Tenancy == OCI Tenancy OCID and Region == OCI Region
|
|
3
|
+
### Resources and tags are lists that can have either Regex or Keywords.
|
|
4
|
+
### Tags is an optional list that matches on tuples of 'key=value' and are "ANDed" together.
|
|
5
|
+
### Use an alternation Regex to match one of multiple tags with "ORed" logic.
|
|
6
|
+
### For each check you can except Tenancies, Regions, Resources and/or Tags.
|
|
7
|
+
########################### MUTELIST EXAMPLE ###########################
|
|
8
|
+
Mutelist:
|
|
9
|
+
Tenancies:
|
|
10
|
+
"ocid1.tenancy.oc1..aaaaaaaexample":
|
|
11
|
+
Checks:
|
|
12
|
+
"iam_user_mfa_enabled":
|
|
13
|
+
Regions:
|
|
14
|
+
- "us-phoenix-1"
|
|
15
|
+
Resources:
|
|
16
|
+
- "ocid1.user.oc1..aaaaaaaexample1" # Will ignore user1 in check iam_user_mfa_enabled
|
|
17
|
+
- "ocid1.user.oc1..aaaaaaaexample2" # Will ignore user2 in check iam_user_mfa_enabled
|
|
18
|
+
Description: "Check iam_user_mfa_enabled muted for region us-phoenix-1 and specific user resources"
|
|
19
|
+
"objectstorage_*":
|
|
20
|
+
Regions:
|
|
21
|
+
- "*"
|
|
22
|
+
Resources:
|
|
23
|
+
- "*" # Will ignore every Object Storage check in every region
|
|
24
|
+
"*":
|
|
25
|
+
Regions:
|
|
26
|
+
- "*"
|
|
27
|
+
Resources:
|
|
28
|
+
- "test"
|
|
29
|
+
Tags:
|
|
30
|
+
- "test=test" # Will ignore every resource containing the string "test" and the tags 'test=test' and
|
|
31
|
+
- "project=test|project=stage" # either of ('project=test' OR project=stage) in tenancy ocid1.tenancy.oc1..aaaaaaaexample and every region
|
|
32
|
+
- "environment=prod" # Will ignore every resource containing the string "test" and tag environment=prod
|
|
33
|
+
|
|
34
|
+
"*":
|
|
35
|
+
Checks:
|
|
36
|
+
"objectstorage_bucket_public_access":
|
|
37
|
+
Regions:
|
|
38
|
+
- "us-ashburn-1"
|
|
39
|
+
- "us-phoenix-1"
|
|
40
|
+
Resources:
|
|
41
|
+
- "ci-logs" # Will ignore bucket "ci-logs" AND ALSO bucket "ci-logs-replica" in specified check and regions
|
|
42
|
+
- "logs" # Will ignore EVERY BUCKET containing the string "logs" in specified check and regions
|
|
43
|
+
- ".+-logs" # Will ignore all buckets containing the terms ci-logs, qa-logs, etc. in specified check and regions
|
|
44
|
+
"*":
|
|
45
|
+
Regions:
|
|
46
|
+
- "*"
|
|
47
|
+
Resources:
|
|
48
|
+
- "*"
|
|
49
|
+
Tags:
|
|
50
|
+
- "environment=dev" # Will ignore every resource containing the tag 'environment=dev' in every tenancy and region
|
|
51
|
+
"compute_instance_monitoring_enabled":
|
|
52
|
+
Regions:
|
|
53
|
+
- "*"
|
|
54
|
+
Resources:
|
|
55
|
+
- "*"
|
|
56
|
+
Exceptions:
|
|
57
|
+
Tenancies:
|
|
58
|
+
- "ocid1.tenancy.oc1..aaaaaaaexample2"
|
|
59
|
+
Regions:
|
|
60
|
+
- "eu-frankfurt-1"
|
|
61
|
+
- "eu-amsterdam-1" # Will ignore every resource in check compute_instance_monitoring_enabled except the ones in tenancy ocid1.tenancy.oc1..aaaaaaaexample2 located in eu-frankfurt-1 or eu-amsterdam-1
|
prowler/lib/check/check.py
CHANGED
|
@@ -518,8 +518,16 @@ def execute_checks(
|
|
|
518
518
|
)
|
|
519
519
|
try:
|
|
520
520
|
try:
|
|
521
|
+
# Map CLI provider names to directory names (for cases where they differ)
|
|
522
|
+
provider_directory_map = {
|
|
523
|
+
"oci": "oraclecloud", # oci SDK conflict avoidance
|
|
524
|
+
}
|
|
525
|
+
provider_directory = provider_directory_map.get(
|
|
526
|
+
global_provider.type, global_provider.type
|
|
527
|
+
)
|
|
528
|
+
|
|
521
529
|
# Import check module
|
|
522
|
-
check_module_path = f"prowler.providers.{
|
|
530
|
+
check_module_path = f"prowler.providers.{provider_directory}.services.{service}.{check_name}.{check_name}"
|
|
523
531
|
lib = import_check(check_module_path)
|
|
524
532
|
# Recover functions from check
|
|
525
533
|
check_to_execute = getattr(lib, check_name)
|
prowler/lib/check/compliance.py
CHANGED
|
@@ -200,6 +200,32 @@ class Prowler_ThreatScore_Requirement_Attribute(BaseModel):
|
|
|
200
200
|
Weight: int
|
|
201
201
|
|
|
202
202
|
|
|
203
|
+
# CCC Requirement Attribute
|
|
204
|
+
class CCC_Requirement_Attribute(BaseModel):
|
|
205
|
+
"""CCC Requirement Attribute"""
|
|
206
|
+
|
|
207
|
+
FamilyName: str
|
|
208
|
+
FamilyDescription: str
|
|
209
|
+
Section: str
|
|
210
|
+
SubSection: str
|
|
211
|
+
SubSectionObjective: str
|
|
212
|
+
Applicability: list[str]
|
|
213
|
+
Recommendation: str
|
|
214
|
+
SectionThreatMappings: list[dict]
|
|
215
|
+
SectionGuidelineMappings: list[dict]
|
|
216
|
+
|
|
217
|
+
|
|
218
|
+
# C5 Germany Requirement Attribute
|
|
219
|
+
class C5Germany_Requirement_Attribute(BaseModel):
|
|
220
|
+
"""C5 Germany Requirement Attribute"""
|
|
221
|
+
|
|
222
|
+
Section: str
|
|
223
|
+
SubSection: str
|
|
224
|
+
Type: str
|
|
225
|
+
AboutCriteria: str
|
|
226
|
+
ComplementaryCriteria: str
|
|
227
|
+
|
|
228
|
+
|
|
203
229
|
# Base Compliance Model
|
|
204
230
|
# TODO: move this to compliance folder
|
|
205
231
|
class Compliance_Requirement(BaseModel):
|
|
@@ -216,6 +242,8 @@ class Compliance_Requirement(BaseModel):
|
|
|
216
242
|
AWS_Well_Architected_Requirement_Attribute,
|
|
217
243
|
KISA_ISMSP_Requirement_Attribute,
|
|
218
244
|
Prowler_ThreatScore_Requirement_Attribute,
|
|
245
|
+
CCC_Requirement_Attribute,
|
|
246
|
+
C5Germany_Requirement_Attribute,
|
|
219
247
|
# Generic_Compliance_Requirement_Attribute must be the last one since it is the fallback for generic compliance framework
|
|
220
248
|
Generic_Compliance_Requirement_Attribute,
|
|
221
249
|
]
|
|
@@ -227,6 +255,7 @@ class Compliance(BaseModel):
|
|
|
227
255
|
"""Compliance holds the base model for every compliance framework"""
|
|
228
256
|
|
|
229
257
|
Framework: str
|
|
258
|
+
Name: str
|
|
230
259
|
Provider: str
|
|
231
260
|
Version: Optional[str] = None
|
|
232
261
|
Description: str
|
|
@@ -240,12 +269,13 @@ class Compliance(BaseModel):
|
|
|
240
269
|
@root_validator(pre=True)
|
|
241
270
|
# noqa: F841 - since vulture raises unused variable 'cls'
|
|
242
271
|
def framework_and_provider_must_not_be_empty(cls, values): # noqa: F841
|
|
243
|
-
framework, provider = (
|
|
272
|
+
framework, provider, name = (
|
|
244
273
|
values.get("Framework"),
|
|
245
274
|
values.get("Provider"),
|
|
275
|
+
values.get("Name"),
|
|
246
276
|
)
|
|
247
|
-
if framework == "" or provider == "":
|
|
248
|
-
raise ValueError("Framework or
|
|
277
|
+
if framework == "" or provider == "" or name == "":
|
|
278
|
+
raise ValueError("Framework, Provider or Name must not be empty")
|
|
249
279
|
return values
|
|
250
280
|
|
|
251
281
|
@staticmethod
|
prowler/lib/check/models.py
CHANGED
|
@@ -8,6 +8,7 @@ from enum import Enum
|
|
|
8
8
|
from typing import Any, Dict, Optional, Set
|
|
9
9
|
|
|
10
10
|
from pydantic.v1 import BaseModel, Field, ValidationError, validator
|
|
11
|
+
from pydantic.v1.error_wrappers import ErrorWrapper
|
|
11
12
|
|
|
12
13
|
from prowler.config.config import Provider
|
|
13
14
|
from prowler.lib.check.compliance_models import Compliance
|
|
@@ -157,7 +158,11 @@ class CheckMetadata(BaseModel):
|
|
|
157
158
|
raise ValueError("ServiceName must be a non-empty string")
|
|
158
159
|
|
|
159
160
|
check_id = values.get("CheckID")
|
|
160
|
-
if
|
|
161
|
+
if (
|
|
162
|
+
check_id
|
|
163
|
+
and values.get("Provider") != "iac"
|
|
164
|
+
and values.get("Provider") != "llm"
|
|
165
|
+
):
|
|
161
166
|
service_from_check_id = check_id.split("_")[0]
|
|
162
167
|
if service_name != service_from_check_id:
|
|
163
168
|
raise ValueError(
|
|
@@ -173,7 +178,11 @@ class CheckMetadata(BaseModel):
|
|
|
173
178
|
if not check_id:
|
|
174
179
|
raise ValueError("CheckID must be a non-empty string")
|
|
175
180
|
|
|
176
|
-
if
|
|
181
|
+
if (
|
|
182
|
+
check_id
|
|
183
|
+
and values.get("Provider") != "iac"
|
|
184
|
+
and values.get("Provider") != "llm"
|
|
185
|
+
):
|
|
177
186
|
if "-" in check_id:
|
|
178
187
|
raise ValueError(
|
|
179
188
|
f"CheckID {check_id} contains a hyphen, which is not allowed"
|
|
@@ -436,17 +445,31 @@ class Check(ABC, CheckMetadata):
|
|
|
436
445
|
|
|
437
446
|
def __init__(self, **data):
|
|
438
447
|
"""Check's init function. Calls the CheckMetadataModel init."""
|
|
448
|
+
file_path = os.path.abspath(sys.modules[self.__module__].__file__)[:-3]
|
|
449
|
+
|
|
439
450
|
# Parse the Check's metadata file
|
|
440
|
-
metadata_file =
|
|
441
|
-
os.path.abspath(sys.modules[self.__module__].__file__)[:-3]
|
|
442
|
-
+ ".metadata.json"
|
|
443
|
-
)
|
|
451
|
+
metadata_file = file_path + ".metadata.json"
|
|
444
452
|
# Store it to validate them with Pydantic
|
|
445
453
|
data = CheckMetadata.parse_file(metadata_file).dict()
|
|
446
454
|
# Calls parents init function
|
|
447
455
|
super().__init__(**data)
|
|
448
|
-
|
|
449
|
-
#
|
|
456
|
+
|
|
457
|
+
# Verify names consistency
|
|
458
|
+
check_id = self.CheckID
|
|
459
|
+
class_name = self.__class__.__name__
|
|
460
|
+
file_name = file_path.split(sep="/")[-1]
|
|
461
|
+
|
|
462
|
+
errors = []
|
|
463
|
+
if check_id != class_name:
|
|
464
|
+
errors.append(f"CheckID '{check_id}' != class name '{class_name}'")
|
|
465
|
+
if check_id != file_name:
|
|
466
|
+
errors.append(f"CheckID '{check_id}' != file name '{file_name}'")
|
|
467
|
+
|
|
468
|
+
if errors:
|
|
469
|
+
formatted_errors = [
|
|
470
|
+
ErrorWrapper(ValueError(err), loc=("CheckID",)) for err in errors
|
|
471
|
+
]
|
|
472
|
+
raise ValidationError(formatted_errors, model=CheckMetadata)
|
|
450
473
|
|
|
451
474
|
def metadata(self) -> dict:
|
|
452
475
|
"""Return the JSON representation of the check's metadata"""
|
|
@@ -576,6 +599,46 @@ class Check_Report_GCP(Check_Report):
|
|
|
576
599
|
)
|
|
577
600
|
|
|
578
601
|
|
|
602
|
+
@dataclass
|
|
603
|
+
class Check_Report_OCI(Check_Report):
|
|
604
|
+
"""Contains the OCI Check's finding information."""
|
|
605
|
+
|
|
606
|
+
resource_name: str
|
|
607
|
+
resource_id: str
|
|
608
|
+
compartment_id: str
|
|
609
|
+
region: str
|
|
610
|
+
|
|
611
|
+
def __init__(
|
|
612
|
+
self,
|
|
613
|
+
metadata: Dict,
|
|
614
|
+
resource: Any,
|
|
615
|
+
region: str = None,
|
|
616
|
+
resource_name: str = None,
|
|
617
|
+
resource_id: str = None,
|
|
618
|
+
compartment_id: str = None,
|
|
619
|
+
) -> None:
|
|
620
|
+
"""Initialize the OCI Check's finding information.
|
|
621
|
+
|
|
622
|
+
Args:
|
|
623
|
+
metadata: The metadata of the check.
|
|
624
|
+
resource: Basic information about the resource. Defaults to None.
|
|
625
|
+
region: The region of the resource.
|
|
626
|
+
resource_name: The name of the resource related with the finding.
|
|
627
|
+
resource_id: The OCID of the resource related with the finding.
|
|
628
|
+
compartment_id: The compartment OCID of the resource.
|
|
629
|
+
"""
|
|
630
|
+
super().__init__(metadata, resource)
|
|
631
|
+
self.resource_id = (
|
|
632
|
+
resource_id
|
|
633
|
+
or getattr(resource, "id", None)
|
|
634
|
+
or getattr(resource, "name", None)
|
|
635
|
+
or ""
|
|
636
|
+
)
|
|
637
|
+
self.resource_name = resource_name or getattr(resource, "name", "")
|
|
638
|
+
self.compartment_id = compartment_id or getattr(resource, "compartment_id", "")
|
|
639
|
+
self.region = region or getattr(resource, "region", "")
|
|
640
|
+
|
|
641
|
+
|
|
579
642
|
@dataclass
|
|
580
643
|
class Check_Report_Kubernetes(Check_Report):
|
|
581
644
|
# TODO change class name to CheckReportKubernetes
|
|
@@ -694,6 +757,31 @@ class CheckReportIAC(Check_Report):
|
|
|
694
757
|
)
|
|
695
758
|
|
|
696
759
|
|
|
760
|
+
@dataclass
|
|
761
|
+
class CheckReportLLM(Check_Report):
|
|
762
|
+
"""Contains the LLM Check's finding information."""
|
|
763
|
+
|
|
764
|
+
prompt: str
|
|
765
|
+
response: str
|
|
766
|
+
model: str
|
|
767
|
+
|
|
768
|
+
def __init__(self, metadata: dict = {}, finding: dict = {}) -> None:
|
|
769
|
+
"""
|
|
770
|
+
Initialize the LLM Check's finding information from a promptfoo finding dict.
|
|
771
|
+
|
|
772
|
+
Args:
|
|
773
|
+
metadata (Dict): Optional check metadata (can be None).
|
|
774
|
+
finding (dict): A single finding result from promptfoo's JSON output.
|
|
775
|
+
"""
|
|
776
|
+
super().__init__(metadata, finding)
|
|
777
|
+
|
|
778
|
+
self.prompt = finding.get("prompt", {}).get("raw", "No prompt available.")
|
|
779
|
+
self.response = finding.get("response", {}).get(
|
|
780
|
+
"output", "No output available."
|
|
781
|
+
)
|
|
782
|
+
self.model = finding.get("provider", {}).get("id", "No model available.")
|
|
783
|
+
|
|
784
|
+
|
|
697
785
|
@dataclass
|
|
698
786
|
class CheckReportNHN(Check_Report):
|
|
699
787
|
"""Contains the NHN Check's finding information."""
|
prowler/lib/check/utils.py
CHANGED
|
@@ -15,7 +15,7 @@ def recover_checks_from_provider(
|
|
|
15
15
|
"""
|
|
16
16
|
try:
|
|
17
17
|
# Bypass check loading for IAC provider since it uses Trivy directly
|
|
18
|
-
if provider == "iac":
|
|
18
|
+
if provider == "iac" or provider == "llm":
|
|
19
19
|
return []
|
|
20
20
|
|
|
21
21
|
checks = []
|
|
@@ -46,8 +46,14 @@ def recover_checks_from_provider(
|
|
|
46
46
|
|
|
47
47
|
# List all available modules in the selected provider and service
|
|
48
48
|
def list_modules(provider: str, service: str):
|
|
49
|
+
# Map CLI provider names to directory names (for cases where they differ)
|
|
50
|
+
provider_directory_map = {
|
|
51
|
+
"oci": "oraclecloud", # OCI SDK conflict avoidance
|
|
52
|
+
}
|
|
53
|
+
provider_directory = provider_directory_map.get(provider, provider)
|
|
54
|
+
|
|
49
55
|
# This module path requires the full path including "prowler."
|
|
50
|
-
module_path = f"prowler.providers.{
|
|
56
|
+
module_path = f"prowler.providers.{provider_directory}.services"
|
|
51
57
|
if service:
|
|
52
58
|
module_path += f".{service}"
|
|
53
59
|
return walk_packages(
|
prowler/lib/cli/parser.py
CHANGED
|
@@ -26,19 +26,21 @@ class ProwlerArgumentParser:
|
|
|
26
26
|
self.parser = argparse.ArgumentParser(
|
|
27
27
|
prog="prowler",
|
|
28
28
|
formatter_class=RawTextHelpFormatter,
|
|
29
|
-
usage="prowler [-h] [--version] {aws,azure,gcp,kubernetes,m365,github,nhn,mongodbatlas,dashboard,iac} ...",
|
|
29
|
+
usage="prowler [-h] [--version] {aws,azure,gcp,kubernetes,m365,github,nhn,mongodbatlas,oci,dashboard,iac} ...",
|
|
30
30
|
epilog="""
|
|
31
31
|
Available Cloud Providers:
|
|
32
|
-
{aws,azure,gcp,kubernetes,m365,github,iac,nhn,mongodbatlas}
|
|
32
|
+
{aws,azure,gcp,kubernetes,m365,github,iac,llm,nhn,mongodbatlas,oci}
|
|
33
33
|
aws AWS Provider
|
|
34
34
|
azure Azure Provider
|
|
35
35
|
gcp GCP Provider
|
|
36
36
|
kubernetes Kubernetes Provider
|
|
37
37
|
m365 Microsoft 365 Provider
|
|
38
38
|
github GitHub Provider
|
|
39
|
-
|
|
39
|
+
oci Oracle Cloud Infrastructure Provider
|
|
40
|
+
iac IaC Provider (Beta)
|
|
41
|
+
llm LLM Provider (Beta)
|
|
40
42
|
nhn NHN Provider (Unofficial)
|
|
41
|
-
mongodbatlas MongoDB Atlas Provider
|
|
43
|
+
mongodbatlas MongoDB Atlas Provider (Beta)
|
|
42
44
|
|
|
43
45
|
Available components:
|
|
44
46
|
dashboard Local dashboard
|
|
@@ -65,6 +65,8 @@ class AWSWellArchitected(ComplianceOutput):
|
|
|
65
65
|
ResourceName=finding.resource_name,
|
|
66
66
|
CheckId=finding.check_id,
|
|
67
67
|
Muted=finding.muted,
|
|
68
|
+
Framework=compliance.Framework,
|
|
69
|
+
Name=compliance.Name,
|
|
68
70
|
)
|
|
69
71
|
self._data.append(compliance_row)
|
|
70
72
|
# Add manual requirements to the compliance output
|
|
@@ -94,5 +96,7 @@ class AWSWellArchitected(ComplianceOutput):
|
|
|
94
96
|
ResourceName="Manual check",
|
|
95
97
|
CheckId="manual",
|
|
96
98
|
Muted=False,
|
|
99
|
+
Framework=compliance.Framework,
|
|
100
|
+
Name=compliance.Name,
|
|
97
101
|
)
|
|
98
102
|
self._data.append(compliance_row)
|
|
File without changes
|
|
@@ -0,0 +1,98 @@
|
|
|
1
|
+
from colorama import Fore, Style
|
|
2
|
+
from tabulate import tabulate
|
|
3
|
+
|
|
4
|
+
from prowler.config.config import orange_color
|
|
5
|
+
|
|
6
|
+
|
|
7
|
+
def get_c5_table(
|
|
8
|
+
findings: list,
|
|
9
|
+
bulk_checks_metadata: dict,
|
|
10
|
+
compliance_framework: str,
|
|
11
|
+
output_filename: str,
|
|
12
|
+
output_directory: str,
|
|
13
|
+
compliance_overview: bool,
|
|
14
|
+
):
|
|
15
|
+
section_table = {
|
|
16
|
+
"Provider": [],
|
|
17
|
+
"Section": [],
|
|
18
|
+
"Status": [],
|
|
19
|
+
"Muted": [],
|
|
20
|
+
}
|
|
21
|
+
pass_count = []
|
|
22
|
+
fail_count = []
|
|
23
|
+
muted_count = []
|
|
24
|
+
sections = {}
|
|
25
|
+
for index, finding in enumerate(findings):
|
|
26
|
+
check = bulk_checks_metadata[finding.check_metadata.CheckID]
|
|
27
|
+
check_compliances = check.Compliance
|
|
28
|
+
for compliance in check_compliances:
|
|
29
|
+
if compliance.Framework == "C5":
|
|
30
|
+
for requirement in compliance.Requirements:
|
|
31
|
+
for attribute in requirement.Attributes:
|
|
32
|
+
section = attribute.Section
|
|
33
|
+
|
|
34
|
+
if section not in sections:
|
|
35
|
+
sections[section] = {"FAIL": 0, "PASS": 0, "Muted": 0}
|
|
36
|
+
|
|
37
|
+
if finding.muted:
|
|
38
|
+
if index not in muted_count:
|
|
39
|
+
muted_count.append(index)
|
|
40
|
+
sections[section]["Muted"] += 1
|
|
41
|
+
else:
|
|
42
|
+
if finding.status == "FAIL" and index not in fail_count:
|
|
43
|
+
fail_count.append(index)
|
|
44
|
+
sections[section]["FAIL"] += 1
|
|
45
|
+
elif finding.status == "PASS" and index not in pass_count:
|
|
46
|
+
pass_count.append(index)
|
|
47
|
+
sections[section]["PASS"] += 1
|
|
48
|
+
|
|
49
|
+
sections = dict(sorted(sections.items()))
|
|
50
|
+
for section in sections:
|
|
51
|
+
section_table["Provider"].append(compliance.Provider)
|
|
52
|
+
section_table["Section"].append(section)
|
|
53
|
+
if sections[section]["FAIL"] > 0:
|
|
54
|
+
section_table["Status"].append(
|
|
55
|
+
f"{Fore.RED}FAIL({sections[section]['FAIL']}){Style.RESET_ALL}"
|
|
56
|
+
)
|
|
57
|
+
else:
|
|
58
|
+
if sections[section]["PASS"] > 0:
|
|
59
|
+
section_table["Status"].append(
|
|
60
|
+
f"{Fore.GREEN}PASS({sections[section]['PASS']}){Style.RESET_ALL}"
|
|
61
|
+
)
|
|
62
|
+
else:
|
|
63
|
+
section_table["Status"].append(f"{Fore.GREEN}PASS{Style.RESET_ALL}")
|
|
64
|
+
section_table["Muted"].append(
|
|
65
|
+
f"{orange_color}{sections[section]['Muted']}{Style.RESET_ALL}"
|
|
66
|
+
)
|
|
67
|
+
|
|
68
|
+
if (
|
|
69
|
+
len(fail_count) + len(pass_count) + len(muted_count) > 1
|
|
70
|
+
): # If there are no resources, don't print the compliance table
|
|
71
|
+
print(
|
|
72
|
+
f"\nCompliance Status of {Fore.YELLOW}{compliance_framework.upper()}{Style.RESET_ALL} Framework:"
|
|
73
|
+
)
|
|
74
|
+
total_findings_count = len(fail_count) + len(pass_count) + len(muted_count)
|
|
75
|
+
overview_table = [
|
|
76
|
+
[
|
|
77
|
+
f"{Fore.RED}{round(len(fail_count) / total_findings_count * 100, 2)}% ({len(fail_count)}) FAIL{Style.RESET_ALL}",
|
|
78
|
+
f"{Fore.GREEN}{round(len(pass_count) / total_findings_count * 100, 2)}% ({len(pass_count)}) PASS{Style.RESET_ALL}",
|
|
79
|
+
f"{orange_color}{round(len(muted_count) / total_findings_count * 100, 2)}% ({len(muted_count)}) MUTED{Style.RESET_ALL}",
|
|
80
|
+
]
|
|
81
|
+
]
|
|
82
|
+
print(tabulate(overview_table, tablefmt="rounded_grid"))
|
|
83
|
+
if not compliance_overview:
|
|
84
|
+
if len(fail_count) > 0 and len(section_table["Section"]) > 0:
|
|
85
|
+
print(
|
|
86
|
+
f"\nFramework {Fore.YELLOW}{compliance_framework.upper()}{Style.RESET_ALL} Results:"
|
|
87
|
+
)
|
|
88
|
+
print(
|
|
89
|
+
tabulate(
|
|
90
|
+
section_table,
|
|
91
|
+
tablefmt="rounded_grid",
|
|
92
|
+
headers="keys",
|
|
93
|
+
)
|
|
94
|
+
)
|
|
95
|
+
print(f"\nDetailed results of {compliance_framework.upper()} are in:")
|
|
96
|
+
print(
|
|
97
|
+
f" - CSV: {output_directory}/compliance/{output_filename}_{compliance_framework}.csv\n"
|
|
98
|
+
)
|
|
@@ -0,0 +1,92 @@
|
|
|
1
|
+
from prowler.config.config import timestamp
|
|
2
|
+
from prowler.lib.check.compliance_models import Compliance
|
|
3
|
+
from prowler.lib.outputs.compliance.c5.models import AWSC5Model
|
|
4
|
+
from prowler.lib.outputs.compliance.compliance_output import ComplianceOutput
|
|
5
|
+
from prowler.lib.outputs.finding import Finding
|
|
6
|
+
|
|
7
|
+
|
|
8
|
+
class AWSC5(ComplianceOutput):
|
|
9
|
+
"""
|
|
10
|
+
This class represents the AWS C5 compliance output.
|
|
11
|
+
|
|
12
|
+
Attributes:
|
|
13
|
+
- _data (list): A list to store transformed data from findings.
|
|
14
|
+
- _file_descriptor (TextIOWrapper): A file descriptor to write data to a file.
|
|
15
|
+
|
|
16
|
+
Methods:
|
|
17
|
+
- transform: Transforms findings into AWS C5 compliance format.
|
|
18
|
+
"""
|
|
19
|
+
|
|
20
|
+
def transform(
|
|
21
|
+
self,
|
|
22
|
+
findings: list[Finding],
|
|
23
|
+
compliance: Compliance,
|
|
24
|
+
compliance_name: str,
|
|
25
|
+
) -> None:
|
|
26
|
+
"""
|
|
27
|
+
Transforms a list of findings into AWS C5 compliance format.
|
|
28
|
+
|
|
29
|
+
Parameters:
|
|
30
|
+
- findings (list): A list of findings.
|
|
31
|
+
- compliance (Compliance): A compliance model.
|
|
32
|
+
- compliance_name (str): The name of the compliance model.
|
|
33
|
+
|
|
34
|
+
Returns:
|
|
35
|
+
- None
|
|
36
|
+
"""
|
|
37
|
+
for finding in findings:
|
|
38
|
+
# Get the compliance requirements for the finding
|
|
39
|
+
finding_requirements = finding.compliance.get(compliance_name, [])
|
|
40
|
+
for requirement in compliance.Requirements:
|
|
41
|
+
if requirement.Id in finding_requirements:
|
|
42
|
+
for attribute in requirement.Attributes:
|
|
43
|
+
compliance_row = AWSC5Model(
|
|
44
|
+
Provider=finding.provider,
|
|
45
|
+
Description=compliance.Description,
|
|
46
|
+
AccountId=finding.account_uid,
|
|
47
|
+
Region=finding.region,
|
|
48
|
+
AssessmentDate=str(timestamp),
|
|
49
|
+
Requirements_Id=requirement.Id,
|
|
50
|
+
Requirements_Description=requirement.Description,
|
|
51
|
+
Requirements_Attributes_Section=attribute.Section,
|
|
52
|
+
Requirements_Attributes_SubSection=attribute.SubSection,
|
|
53
|
+
Requirements_Attributes_Type=attribute.Type,
|
|
54
|
+
Requirements_Attributes_AboutCriteria=attribute.AboutCriteria,
|
|
55
|
+
Requirements_Attributes_ComplementaryCriteria=attribute.ComplementaryCriteria,
|
|
56
|
+
Status=finding.status,
|
|
57
|
+
StatusExtended=finding.status_extended,
|
|
58
|
+
ResourceId=finding.resource_uid,
|
|
59
|
+
ResourceName=finding.resource_name,
|
|
60
|
+
CheckId=finding.check_id,
|
|
61
|
+
Muted=finding.muted,
|
|
62
|
+
Framework=compliance.Framework,
|
|
63
|
+
Name=compliance.Name,
|
|
64
|
+
)
|
|
65
|
+
self._data.append(compliance_row)
|
|
66
|
+
# Add manual requirements to the compliance output
|
|
67
|
+
for requirement in compliance.Requirements:
|
|
68
|
+
if not requirement.Checks:
|
|
69
|
+
for attribute in requirement.Attributes:
|
|
70
|
+
compliance_row = AWSC5Model(
|
|
71
|
+
Provider=compliance.Provider.lower(),
|
|
72
|
+
Description=compliance.Description,
|
|
73
|
+
AccountId="",
|
|
74
|
+
Region="",
|
|
75
|
+
AssessmentDate=str(timestamp),
|
|
76
|
+
Requirements_Id=requirement.Id,
|
|
77
|
+
Requirements_Description=requirement.Description,
|
|
78
|
+
Requirements_Attributes_Section=attribute.Section,
|
|
79
|
+
Requirements_Attributes_SubSection=attribute.SubSection,
|
|
80
|
+
Requirements_Attributes_Type=attribute.Type,
|
|
81
|
+
Requirements_Attributes_AboutCriteria=attribute.AboutCriteria,
|
|
82
|
+
Requirements_Attributes_ComplementaryCriteria=attribute.ComplementaryCriteria,
|
|
83
|
+
Status="MANUAL",
|
|
84
|
+
StatusExtended="Manual check",
|
|
85
|
+
ResourceId="manual_check",
|
|
86
|
+
ResourceName="Manual check",
|
|
87
|
+
CheckId="manual",
|
|
88
|
+
Muted=False,
|
|
89
|
+
Framework=compliance.Framework,
|
|
90
|
+
Name=compliance.Name,
|
|
91
|
+
)
|
|
92
|
+
self._data.append(compliance_row)
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
from typing import Optional
|
|
2
|
+
|
|
3
|
+
from pydantic.v1 import BaseModel
|
|
4
|
+
|
|
5
|
+
|
|
6
|
+
class AWSC5Model(BaseModel):
|
|
7
|
+
"""
|
|
8
|
+
AWSC5Model generates a finding's output in AWS C5 Compliance format.
|
|
9
|
+
"""
|
|
10
|
+
|
|
11
|
+
Provider: str
|
|
12
|
+
Description: str
|
|
13
|
+
AccountId: str
|
|
14
|
+
Region: str
|
|
15
|
+
AssessmentDate: str
|
|
16
|
+
Requirements_Id: str
|
|
17
|
+
Requirements_Description: str
|
|
18
|
+
Requirements_Attributes_Section: str
|
|
19
|
+
Requirements_Attributes_SubSection: str = None
|
|
20
|
+
Requirements_Attributes_Type: str = None
|
|
21
|
+
Requirements_Attributes_AboutCriteria: Optional[str] = None
|
|
22
|
+
Requirements_Attributes_ComplementaryCriteria: Optional[str] = None
|
|
23
|
+
Status: str
|
|
24
|
+
StatusExtended: str
|
|
25
|
+
ResourceId: str
|
|
26
|
+
ResourceName: str
|
|
27
|
+
CheckId: str
|
|
28
|
+
Muted: bool
|
|
29
|
+
Framework: str
|
|
30
|
+
Name: str
|
|
File without changes
|