prowler-cloud 5.12.3__py3-none-any.whl → 5.13.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- dashboard/assets/markdown-styles.css +34 -0
- dashboard/compliance/c5_aws.py +43 -0
- dashboard/compliance/ccc_aws.py +36 -0
- dashboard/compliance/ccc_azure.py +36 -0
- dashboard/compliance/ccc_gcp.py +36 -0
- dashboard/compliance/cis_3_0_oci.py +41 -0
- dashboard/pages/overview.py +66 -16
- prowler/CHANGELOG.md +60 -0
- prowler/__main__.py +128 -14
- prowler/compliance/aws/aws_account_security_onboarding_aws.json +1 -0
- prowler/compliance/aws/aws_audit_manager_control_tower_guardrails_aws.json +1 -0
- prowler/compliance/aws/aws_foundational_security_best_practices_aws.json +2 -1
- prowler/compliance/aws/aws_foundational_technical_review_aws.json +1 -0
- prowler/compliance/aws/aws_well_architected_framework_reliability_pillar_aws.json +1 -0
- prowler/compliance/aws/aws_well_architected_framework_security_pillar_aws.json +1 -0
- prowler/compliance/aws/c5_aws.json +10744 -0
- prowler/compliance/aws/ccc_aws.json +6206 -0
- prowler/compliance/aws/cis_1.4_aws.json +1 -0
- prowler/compliance/aws/cis_1.5_aws.json +1 -0
- prowler/compliance/aws/cis_2.0_aws.json +1 -0
- prowler/compliance/aws/cis_3.0_aws.json +1 -0
- prowler/compliance/aws/cis_4.0_aws.json +1 -0
- prowler/compliance/aws/cis_5.0_aws.json +1 -0
- prowler/compliance/aws/cisa_aws.json +1 -0
- prowler/compliance/aws/ens_rd2022_aws.json +1 -0
- prowler/compliance/aws/fedramp_low_revision_4_aws.json +1 -0
- prowler/compliance/aws/fedramp_moderate_revision_4_aws.json +1 -0
- prowler/compliance/aws/ffiec_aws.json +1 -0
- prowler/compliance/aws/gdpr_aws.json +1 -0
- prowler/compliance/aws/gxp_21_cfr_part_11_aws.json +1 -0
- prowler/compliance/aws/gxp_eu_annex_11_aws.json +1 -0
- prowler/compliance/aws/hipaa_aws.json +1 -0
- prowler/compliance/aws/iso27001_2013_aws.json +1 -0
- prowler/compliance/aws/iso27001_2022_aws.json +1 -0
- prowler/compliance/aws/kisa_isms_p_2023_aws.json +1 -0
- prowler/compliance/aws/kisa_isms_p_2023_korean_aws.json +1 -0
- prowler/compliance/aws/mitre_attack_aws.json +287 -11
- prowler/compliance/aws/nis2_aws.json +1 -0
- prowler/compliance/aws/nist_800_171_revision_2_aws.json +1 -0
- prowler/compliance/aws/nist_800_53_revision_4_aws.json +1 -0
- prowler/compliance/aws/nist_800_53_revision_5_aws.json +1 -0
- prowler/compliance/aws/nist_csf_1.1_aws.json +1 -0
- prowler/compliance/aws/pci_3.2.1_aws.json +2 -1
- prowler/compliance/aws/pci_4.0_aws.json +1 -0
- prowler/compliance/aws/prowler_threatscore_aws.json +1 -0
- prowler/compliance/aws/rbi_cyber_security_framework_aws.json +1 -0
- prowler/compliance/aws/soc2_aws.json +1 -0
- prowler/compliance/azure/ccc_azure.json +6147 -0
- prowler/compliance/azure/cis_2.0_azure.json +1 -0
- prowler/compliance/azure/cis_2.1_azure.json +1 -0
- prowler/compliance/azure/cis_3.0_azure.json +1 -0
- prowler/compliance/azure/cis_4.0_azure.json +1 -0
- prowler/compliance/azure/ens_rd2022_azure.json +1 -0
- prowler/compliance/azure/iso27001_2022_azure.json +1 -0
- prowler/compliance/azure/mitre_attack_azure.json +131 -5
- prowler/compliance/azure/nis2_azure.json +1 -0
- prowler/compliance/azure/pci_4.0_azure.json +1 -0
- prowler/compliance/azure/prowler_threatscore_azure.json +1 -0
- prowler/compliance/azure/soc2_azure.json +1 -0
- prowler/compliance/gcp/ccc_gcp.json +6077 -0
- prowler/compliance/gcp/cis_2.0_gcp.json +1 -0
- prowler/compliance/gcp/cis_3.0_gcp.json +1 -0
- prowler/compliance/gcp/cis_4.0_gcp.json +1 -0
- prowler/compliance/gcp/ens_rd2022_gcp.json +1 -0
- prowler/compliance/gcp/iso27001_2022_gcp.json +1 -0
- prowler/compliance/gcp/mitre_attack_gcp.json +287 -11
- prowler/compliance/gcp/nis2_gcp.json +1 -0
- prowler/compliance/gcp/pci_4.0_gcp.json +1 -0
- prowler/compliance/gcp/prowler_threatscore_gcp.json +1 -0
- prowler/compliance/gcp/soc2_gcp.json +1 -0
- prowler/compliance/github/cis_1.0_github.json +1 -0
- prowler/compliance/kubernetes/cis_1.10_kubernetes.json +1 -0
- prowler/compliance/kubernetes/cis_1.11_kubernetes.json +1 -0
- prowler/compliance/kubernetes/cis_1.8_kubernetes.json +1 -0
- prowler/compliance/kubernetes/iso27001_2022_kubernetes.json +1 -0
- prowler/compliance/kubernetes/pci_4.0_kubernetes.json +1 -0
- prowler/compliance/llm/__init__.py +0 -0
- prowler/compliance/m365/cis_4.0_m365.json +1 -0
- prowler/compliance/m365/iso27001_2022_m365.json +1 -0
- prowler/compliance/m365/prowler_threatscore_m365.json +1 -0
- prowler/compliance/nhn/iso27001_2022_nhn.json +1 -0
- prowler/compliance/oci/__init__.py +0 -0
- prowler/compliance/oci/cis_3.0_oci.json +1141 -0
- prowler/config/config.py +5 -1
- prowler/config/llm_config.yaml +175015 -0
- prowler/config/oraclecloud_mutelist_example.yaml +61 -0
- prowler/lib/check/check.py +9 -1
- prowler/lib/check/compliance.py +1 -0
- prowler/lib/check/compliance_models.py +33 -3
- prowler/lib/check/models.py +96 -8
- prowler/lib/check/utils.py +8 -2
- prowler/lib/cli/parser.py +6 -4
- prowler/lib/outputs/compliance/aws_well_architected/aws_well_architected.py +4 -0
- prowler/lib/outputs/compliance/aws_well_architected/models.py +2 -0
- prowler/lib/outputs/compliance/c5/__init__.py +0 -0
- prowler/lib/outputs/compliance/c5/c5.py +98 -0
- prowler/lib/outputs/compliance/c5/c5_aws.py +92 -0
- prowler/lib/outputs/compliance/c5/models.py +30 -0
- prowler/lib/outputs/compliance/ccc/__init__.py +0 -0
- prowler/lib/outputs/compliance/ccc/ccc_aws.py +95 -0
- prowler/lib/outputs/compliance/ccc/ccc_azure.py +95 -0
- prowler/lib/outputs/compliance/ccc/ccc_gcp.py +95 -0
- prowler/lib/outputs/compliance/ccc/models.py +90 -0
- prowler/lib/outputs/compliance/cis/cis_aws.py +4 -0
- prowler/lib/outputs/compliance/cis/cis_azure.py +4 -0
- prowler/lib/outputs/compliance/cis/cis_gcp.py +4 -0
- prowler/lib/outputs/compliance/cis/cis_github.py +4 -0
- prowler/lib/outputs/compliance/cis/cis_kubernetes.py +4 -0
- prowler/lib/outputs/compliance/cis/cis_m365.py +4 -0
- prowler/lib/outputs/compliance/cis/cis_oci.py +106 -0
- prowler/lib/outputs/compliance/cis/models.py +56 -0
- prowler/lib/outputs/compliance/compliance.py +10 -0
- prowler/lib/outputs/compliance/compliance_output.py +4 -1
- prowler/lib/outputs/compliance/ens/ens_aws.py +4 -0
- prowler/lib/outputs/compliance/ens/ens_azure.py +4 -0
- prowler/lib/outputs/compliance/ens/ens_gcp.py +4 -0
- prowler/lib/outputs/compliance/ens/models.py +6 -0
- prowler/lib/outputs/compliance/generic/generic.py +4 -0
- prowler/lib/outputs/compliance/generic/models.py +2 -0
- prowler/lib/outputs/compliance/iso27001/iso27001_aws.py +4 -0
- prowler/lib/outputs/compliance/iso27001/iso27001_azure.py +4 -0
- prowler/lib/outputs/compliance/iso27001/iso27001_gcp.py +4 -0
- prowler/lib/outputs/compliance/iso27001/iso27001_kubernetes.py +4 -0
- prowler/lib/outputs/compliance/iso27001/iso27001_m365.py +4 -0
- prowler/lib/outputs/compliance/iso27001/iso27001_nhn.py +4 -0
- prowler/lib/outputs/compliance/iso27001/models.py +12 -0
- prowler/lib/outputs/compliance/kisa_ismsp/kisa_ismsp_aws.py +4 -0
- prowler/lib/outputs/compliance/kisa_ismsp/models.py +2 -0
- prowler/lib/outputs/compliance/mitre_attack/mitre_attack_aws.py +4 -0
- prowler/lib/outputs/compliance/mitre_attack/mitre_attack_azure.py +4 -0
- prowler/lib/outputs/compliance/mitre_attack/mitre_attack_gcp.py +4 -0
- prowler/lib/outputs/compliance/mitre_attack/models.py +6 -0
- prowler/lib/outputs/compliance/prowler_threatscore/models.py +8 -0
- prowler/lib/outputs/compliance/prowler_threatscore/prowler_threatscore.py +46 -4
- prowler/lib/outputs/compliance/prowler_threatscore/prowler_threatscore_aws.py +4 -0
- prowler/lib/outputs/compliance/prowler_threatscore/prowler_threatscore_azure.py +4 -0
- prowler/lib/outputs/compliance/prowler_threatscore/prowler_threatscore_gcp.py +4 -0
- prowler/lib/outputs/compliance/prowler_threatscore/prowler_threatscore_m365.py +4 -0
- prowler/lib/outputs/csv/csv.py +3 -0
- prowler/lib/outputs/finding.py +22 -0
- prowler/lib/outputs/html/html.py +192 -7
- prowler/lib/outputs/jira/jira.py +284 -47
- prowler/lib/outputs/ocsf/ocsf.py +1 -4
- prowler/lib/outputs/outputs.py +6 -0
- prowler/lib/outputs/summary_table.py +10 -0
- prowler/providers/aws/aws_regions_by_service.json +221 -44
- prowler/providers/aws/lib/quick_inventory/quick_inventory.py +3 -0
- prowler/providers/aws/lib/security_hub/security_hub.py +12 -2
- prowler/providers/aws/services/accessanalyzer/accessanalyzer_enabled/accessanalyzer_enabled.metadata.json +27 -13
- prowler/providers/aws/services/accessanalyzer/accessanalyzer_enabled_without_findings/accessanalyzer_enabled_without_findings.metadata.json +32 -13
- prowler/providers/aws/services/account/account_maintain_current_contact_details/account_maintain_current_contact_details.metadata.json +23 -11
- prowler/providers/aws/services/account/account_maintain_different_contact_details_to_security_billing_and_operations/account_maintain_different_contact_details_to_security_billing_and_operations.metadata.json +24 -12
- prowler/providers/aws/services/account/account_security_contact_information_is_registered/account_security_contact_information_is_registered.metadata.json +19 -11
- prowler/providers/aws/services/account/account_security_questions_are_registered_in_the_aws_account/account_security_questions_are_registered_in_the_aws_account.metadata.json +14 -10
- prowler/providers/aws/services/acm/acm_certificates_expiration_check/acm_certificates_expiration_check.metadata.json +17 -9
- prowler/providers/aws/services/acm/acm_certificates_transparency_logs_enabled/acm_certificates_transparency_logs_enabled.metadata.json +16 -12
- prowler/providers/aws/services/acm/acm_certificates_with_secure_key_algorithms/acm_certificates_with_secure_key_algorithms.metadata.json +21 -12
- prowler/providers/aws/services/apigateway/apigateway_restapi_authorizers_enabled/apigateway_restapi_authorizers_enabled.metadata.json +23 -16
- prowler/providers/aws/services/apigateway/apigateway_restapi_cache_encrypted/apigateway_restapi_cache_encrypted.metadata.json +22 -12
- prowler/providers/aws/services/apigateway/apigateway_restapi_client_certificate_enabled/apigateway_restapi_client_certificate_enabled.metadata.json +26 -18
- prowler/providers/aws/services/apigateway/apigateway_restapi_logging_enabled/apigateway_restapi_logging_enabled.metadata.json +30 -19
- prowler/providers/aws/services/apigateway/apigateway_restapi_public/apigateway_restapi_public.metadata.json +24 -16
- prowler/providers/aws/services/apigateway/apigateway_restapi_public_with_authorizer/apigateway_restapi_public_with_authorizer.metadata.json +31 -18
- prowler/providers/aws/services/apigateway/apigateway_restapi_tracing_enabled/apigateway_restapi_tracing_enabled.metadata.json +20 -12
- prowler/providers/aws/services/apigateway/apigateway_restapi_waf_acl_attached/apigateway_restapi_waf_acl_attached.metadata.json +24 -18
- prowler/providers/aws/services/apigatewayv2/apigatewayv2_api_access_logging_enabled/apigatewayv2_api_access_logging_enabled.metadata.json +18 -12
- prowler/providers/aws/services/apigatewayv2/apigatewayv2_api_authorizers_enabled/apigatewayv2_api_authorizers_enabled.metadata.json +21 -12
- prowler/providers/aws/services/appstream/appstream_fleet_default_internet_access_disabled/appstream_fleet_default_internet_access_disabled.metadata.json +23 -15
- prowler/providers/aws/services/appstream/appstream_fleet_maximum_session_duration/appstream_fleet_maximum_session_duration.metadata.json +15 -12
- prowler/providers/aws/services/appstream/appstream_fleet_session_disconnect_timeout/appstream_fleet_session_disconnect_timeout.metadata.json +17 -14
- prowler/providers/aws/services/appstream/appstream_fleet_session_idle_disconnect_timeout/appstream_fleet_session_idle_disconnect_timeout.metadata.json +20 -15
- prowler/providers/aws/services/appsync/appsync_field_level_logging_enabled/appsync_field_level_logging_enabled.metadata.json +21 -12
- prowler/providers/aws/services/appsync/appsync_graphql_api_no_api_key_authentication/appsync_graphql_api_no_api_key_authentication.metadata.json +20 -13
- prowler/providers/aws/services/athena/athena_workgroup_encryption/athena_workgroup_encryption.metadata.json +24 -12
- prowler/providers/aws/services/athena/athena_workgroup_enforce_configuration/athena_workgroup_enforce_configuration.metadata.json +20 -13
- prowler/providers/aws/services/athena/athena_workgroup_logging_enabled/athena_workgroup_logging_enabled.metadata.json +21 -12
- prowler/providers/aws/services/autoscaling/autoscaling_find_secrets_ec2_launch_configuration/autoscaling_find_secrets_ec2_launch_configuration.metadata.json +15 -10
- prowler/providers/aws/services/autoscaling/autoscaling_group_capacity_rebalance_enabled/autoscaling_group_capacity_rebalance_enabled.metadata.json +20 -13
- prowler/providers/aws/services/autoscaling/autoscaling_group_elb_health_check_enabled/autoscaling_group_elb_health_check_enabled.metadata.json +20 -12
- prowler/providers/aws/services/autoscaling/autoscaling_group_launch_configuration_no_public_ip/autoscaling_group_launch_configuration_no_public_ip.metadata.json +20 -13
- prowler/providers/aws/services/autoscaling/autoscaling_group_launch_configuration_requires_imdsv2/autoscaling_group_launch_configuration_requires_imdsv2.metadata.json +26 -14
- prowler/providers/aws/services/autoscaling/autoscaling_group_multiple_az/autoscaling_group_multiple_az.metadata.json +22 -13
- prowler/providers/aws/services/autoscaling/autoscaling_group_multiple_instance_types/autoscaling_group_multiple_instance_types.metadata.json +21 -13
- prowler/providers/aws/services/autoscaling/autoscaling_group_using_ec2_launch_template/autoscaling_group_using_ec2_launch_template.metadata.json +19 -12
- prowler/providers/aws/services/autoscaling/autoscaling_service.py +1 -1
- prowler/providers/aws/services/awslambda/awslambda_function_inside_vpc/awslambda_function_inside_vpc.metadata.json +26 -13
- prowler/providers/aws/services/awslambda/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled.metadata.json +20 -13
- prowler/providers/aws/services/awslambda/awslambda_function_no_secrets_in_code/awslambda_function_no_secrets_in_code.metadata.json +18 -9
- prowler/providers/aws/services/awslambda/awslambda_function_no_secrets_in_variables/awslambda_function_no_secrets_in_variables.metadata.json +20 -12
- prowler/providers/aws/services/awslambda/awslambda_function_not_publicly_accessible/awslambda_function_not_publicly_accessible.metadata.json +21 -12
- prowler/providers/aws/services/awslambda/awslambda_function_url_cors_policy/awslambda_function_url_cors_policy.metadata.json +24 -13
- prowler/providers/aws/services/awslambda/awslambda_function_url_public/awslambda_function_url_public.metadata.json +22 -12
- prowler/providers/aws/services/awslambda/awslambda_function_using_supported_runtimes/awslambda_function_using_supported_runtimes.metadata.json +24 -13
- prowler/providers/aws/services/awslambda/awslambda_function_vpc_multi_az/awslambda_function_vpc_multi_az.metadata.json +23 -13
- prowler/providers/aws/services/backup/backup_plans_exist/backup_plans_exist.metadata.json +22 -15
- prowler/providers/aws/services/backup/backup_recovery_point_encrypted/backup_recovery_point_encrypted.metadata.json +21 -12
- prowler/providers/aws/services/backup/backup_reportplans_exist/backup_reportplans_exist.metadata.json +19 -15
- prowler/providers/aws/services/backup/backup_vaults_encrypted/backup_vaults_encrypted.metadata.json +24 -13
- prowler/providers/aws/services/backup/backup_vaults_exist/backup_vaults_exist.metadata.json +19 -15
- prowler/providers/aws/services/cloudformation/cloudformation_stack_cdktoolkit_bootstrap_version/cloudformation_stack_cdktoolkit_bootstrap_version.metadata.json +24 -13
- prowler/providers/aws/services/cloudformation/cloudformation_stack_outputs_find_secrets/cloudformation_stack_outputs_find_secrets.metadata.json +22 -12
- prowler/providers/aws/services/cloudformation/cloudformation_stacks_termination_protection_enabled/cloudformation_stacks_termination_protection_enabled.metadata.json +21 -12
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_custom_ssl_certificate/cloudfront_distributions_custom_ssl_certificate.metadata.json +21 -12
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_default_root_object/cloudfront_distributions_default_root_object.metadata.json +19 -12
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_field_level_encryption_enabled/cloudfront_distributions_field_level_encryption_enabled.metadata.json +19 -12
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_geo_restrictions_enabled/cloudfront_distributions_geo_restrictions_enabled.metadata.json +22 -13
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_https_enabled/cloudfront_distributions_https_enabled.metadata.json +21 -12
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_https_sni_enabled/cloudfront_distributions_https_sni_enabled.metadata.json +20 -12
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_logging_enabled/cloudfront_distributions_logging_enabled.metadata.json +22 -13
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_multiple_origin_failover_configured/cloudfront_distributions_multiple_origin_failover_configured.metadata.json +21 -16
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_origin_traffic_encrypted/cloudfront_distributions_origin_traffic_encrypted.metadata.json +27 -14
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_s3_origin_access_control/cloudfront_distributions_s3_origin_access_control.metadata.json +24 -14
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_s3_origin_non_existent_bucket/cloudfront_distributions_s3_origin_non_existent_bucket.metadata.json +18 -11
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_using_deprecated_ssl_protocols/cloudfront_distributions_using_deprecated_ssl_protocols.metadata.json +20 -12
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_using_waf/cloudfront_distributions_using_waf.metadata.json +21 -12
- prowler/providers/aws/services/cloudtrail/cloudtrail_bucket_requires_mfa_delete/cloudtrail_bucket_requires_mfa_delete.metadata.json +16 -11
- prowler/providers/aws/services/cloudtrail/cloudtrail_cloudwatch_logging_enabled/cloudtrail_cloudwatch_logging_enabled.metadata.json +19 -15
- prowler/providers/aws/services/cloudtrail/cloudtrail_insights_exist/cloudtrail_insights_exist.metadata.json +19 -14
- prowler/providers/aws/services/cloudtrail/cloudtrail_kms_encryption_enabled/cloudtrail_kms_encryption_enabled.metadata.json +19 -14
- prowler/providers/aws/services/cloudtrail/cloudtrail_log_file_validation_enabled/cloudtrail_log_file_validation_enabled.metadata.json +20 -13
- prowler/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_access_logging_enabled/cloudtrail_logs_s3_bucket_access_logging_enabled.metadata.json +18 -13
- prowler/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_is_not_publicly_accessible/cloudtrail_logs_s3_bucket_is_not_publicly_accessible.metadata.json +24 -16
- prowler/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled/cloudtrail_multi_region_enabled.metadata.json +17 -13
- prowler/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled_logging_management_events/cloudtrail_multi_region_enabled_logging_management_events.metadata.json +19 -12
- prowler/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_read_enabled/cloudtrail_s3_dataevents_read_enabled.metadata.json +22 -12
- prowler/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_write_enabled/cloudtrail_s3_dataevents_write_enabled.metadata.json +21 -11
- prowler/providers/aws/services/cloudtrail/cloudtrail_threat_detection_enumeration/cloudtrail_threat_detection_enumeration.metadata.json +22 -11
- prowler/providers/aws/services/cloudtrail/cloudtrail_threat_detection_llm_jacking/cloudtrail_threat_detection_llm_jacking.metadata.json +25 -12
- prowler/providers/aws/services/cloudtrail/cloudtrail_threat_detection_privilege_escalation/cloudtrail_threat_detection_privilege_escalation.metadata.json +18 -10
- prowler/providers/aws/services/config/config_recorder_all_regions_enabled/config_recorder_all_regions_enabled.metadata.json +20 -12
- prowler/providers/aws/services/config/config_recorder_using_aws_service_role/config_recorder_using_aws_service_role.metadata.json +20 -13
- prowler/providers/aws/services/directoryservice/directoryservice_directory_log_forwarding_enabled/directoryservice_directory_log_forwarding_enabled.metadata.json +20 -11
- prowler/providers/aws/services/directoryservice/directoryservice_directory_monitor_notifications/directoryservice_directory_monitor_notifications.metadata.json +19 -11
- prowler/providers/aws/services/directoryservice/directoryservice_directory_snapshots_limit/directoryservice_directory_snapshots_limit.metadata.json +19 -10
- prowler/providers/aws/services/directoryservice/directoryservice_ldap_certificate_expiration/directoryservice_ldap_certificate_expiration.metadata.json +20 -11
- prowler/providers/aws/services/directoryservice/directoryservice_radius_server_security_protocol/directoryservice_radius_server_security_protocol.metadata.json +23 -12
- prowler/providers/aws/services/directoryservice/directoryservice_supported_mfa_radius_enabled/directoryservice_supported_mfa_radius_enabled.metadata.json +23 -12
- prowler/providers/aws/services/dlm/dlm_ebs_snapshot_lifecycle_policy_exists/dlm_ebs_snapshot_lifecycle_policy_exists.metadata.json +19 -13
- prowler/providers/aws/services/dms/dms_endpoint_mongodb_authentication_enabled/dms_endpoint_mongodb_authentication_enabled.metadata.json +20 -13
- prowler/providers/aws/services/dms/dms_endpoint_neptune_iam_authorization_enabled/dms_endpoint_neptune_iam_authorization_enabled.metadata.json +19 -12
- prowler/providers/aws/services/dms/dms_endpoint_redis_in_transit_encryption_enabled/dms_endpoint_redis_in_transit_encryption_enabled.metadata.json +23 -13
- prowler/providers/aws/services/dms/dms_endpoint_ssl_enabled/dms_endpoint_ssl_enabled.metadata.json +27 -19
- prowler/providers/aws/services/dms/dms_instance_minor_version_upgrade_enabled/dms_instance_minor_version_upgrade_enabled.metadata.json +22 -12
- prowler/providers/aws/services/dms/dms_instance_multi_az_enabled/dms_instance_multi_az_enabled.metadata.json +20 -13
- prowler/providers/aws/services/dms/dms_instance_no_public_access/dms_instance_no_public_access.metadata.json +22 -11
- prowler/providers/aws/services/dms/dms_replication_task_source_logging_enabled/dms_replication_task_source_logging_enabled.metadata.json +21 -13
- prowler/providers/aws/services/dms/dms_replication_task_target_logging_enabled/dms_replication_task_target_logging_enabled.metadata.json +22 -13
- prowler/providers/aws/services/dms/dms_replication_task_target_logging_enabled/dms_replication_task_target_logging_enabled.py +39 -37
- prowler/providers/aws/services/dms/dms_service.py +0 -1
- prowler/providers/aws/services/ec2/ec2_ami_public/ec2_ami_public.py +11 -10
- prowler/providers/aws/services/ec2/ec2_instance_with_outdated_ami/__init__.py +0 -0
- prowler/providers/aws/services/ec2/ec2_instance_with_outdated_ami/ec2_instance_with_outdated_ami.metadata.json +30 -0
- prowler/providers/aws/services/ec2/ec2_instance_with_outdated_ami/ec2_instance_with_outdated_ami.py +52 -0
- prowler/providers/aws/services/ec2/ec2_service.py +26 -14
- prowler/providers/aws/services/efs/efs_access_point_enforce_root_directory/efs_access_point_enforce_root_directory.metadata.json +19 -13
- prowler/providers/aws/services/efs/efs_access_point_enforce_user_identity/efs_access_point_enforce_user_identity.metadata.json +23 -13
- prowler/providers/aws/services/efs/efs_encryption_at_rest_enabled/efs_encryption_at_rest_enabled.metadata.json +23 -13
- prowler/providers/aws/services/efs/efs_have_backup_enabled/efs_have_backup_enabled.metadata.json +20 -14
- prowler/providers/aws/services/efs/efs_mount_target_not_publicly_accessible/efs_mount_target_not_publicly_accessible.metadata.json +18 -12
- prowler/providers/aws/services/efs/efs_multi_az_enabled/efs_multi_az_enabled.metadata.json +21 -13
- prowler/providers/aws/services/efs/efs_not_publicly_accessible/efs_not_publicly_accessible.metadata.json +17 -13
- prowler/providers/aws/services/eks/eks_cluster_uses_a_supported_version/eks_cluster_uses_a_supported_version.py +4 -0
- prowler/providers/aws/services/elb/elb_ssl_listeners_use_acm_certificate/elb_ssl_listeners_use_acm_certificate.py +8 -2
- prowler/providers/aws/services/neptune/neptune_cluster_backup_enabled/neptune_cluster_backup_enabled.metadata.json +23 -13
- prowler/providers/aws/services/neptune/neptune_cluster_copy_tags_to_snapshots/neptune_cluster_copy_tags_to_snapshots.metadata.json +18 -14
- prowler/providers/aws/services/neptune/neptune_cluster_deletion_protection/neptune_cluster_deletion_protection.metadata.json +23 -14
- prowler/providers/aws/services/neptune/neptune_cluster_iam_authentication_enabled/neptune_cluster_iam_authentication_enabled.metadata.json +25 -13
- prowler/providers/aws/services/neptune/neptune_cluster_integration_cloudwatch_logs/neptune_cluster_integration_cloudwatch_logs.metadata.json +22 -14
- prowler/providers/aws/services/neptune/neptune_cluster_multi_az/neptune_cluster_multi_az.metadata.json +20 -12
- prowler/providers/aws/services/neptune/neptune_cluster_public_snapshot/neptune_cluster_public_snapshot.metadata.json +18 -10
- prowler/providers/aws/services/neptune/neptune_cluster_snapshot_encrypted/neptune_cluster_snapshot_encrypted.metadata.json +16 -10
- prowler/providers/aws/services/neptune/neptune_cluster_storage_encrypted/neptune_cluster_storage_encrypted.metadata.json +22 -13
- prowler/providers/aws/services/neptune/neptune_cluster_uses_public_subnet/neptune_cluster_uses_public_subnet.metadata.json +20 -12
- prowler/providers/aws/services/rds/rds_service.py +9 -2
- prowler/providers/aws/services/vpc/vpc_service.py +1 -1
- prowler/providers/azure/services/entra/entra_service.py +54 -25
- prowler/providers/common/arguments.py +16 -2
- prowler/providers/common/provider.py +34 -2
- prowler/providers/gcp/services/cloudsql/cloudsql_service.py +3 -3
- prowler/providers/gcp/services/cloudstorage/cloudstorage_bucket_lifecycle_management_enabled/__init__.py +0 -0
- prowler/providers/gcp/services/cloudstorage/cloudstorage_bucket_lifecycle_management_enabled/cloudstorage_bucket_lifecycle_management_enabled.metadata.json +34 -0
- prowler/providers/gcp/services/cloudstorage/cloudstorage_bucket_lifecycle_management_enabled/cloudstorage_bucket_lifecycle_management_enabled.py +48 -0
- prowler/providers/gcp/services/cloudstorage/cloudstorage_service.py +10 -0
- prowler/providers/gcp/services/compute/compute_project_os_login_enabled/compute_project_os_login_enabled.py +5 -0
- prowler/providers/gcp/services/iam/iam_audit_logs_enabled/iam_audit_logs_enabled.py +5 -0
- prowler/providers/gcp/services/iam/iam_role_kms_enforce_separation_of_duties/iam_role_kms_enforce_separation_of_duties.py +5 -0
- prowler/providers/gcp/services/logging/logging_log_metric_filter_and_alert_for_audit_configuration_changes_enabled/logging_log_metric_filter_and_alert_for_audit_configuration_changes_enabled.py +5 -0
- prowler/providers/gcp/services/logging/logging_log_metric_filter_and_alert_for_bucket_permission_changes_enabled/logging_log_metric_filter_and_alert_for_bucket_permission_changes_enabled.py +5 -0
- prowler/providers/gcp/services/logging/logging_log_metric_filter_and_alert_for_custom_role_changes_enabled/logging_log_metric_filter_and_alert_for_custom_role_changes_enabled.py +5 -0
- prowler/providers/gcp/services/logging/logging_log_metric_filter_and_alert_for_project_ownership_changes_enabled/logging_log_metric_filter_and_alert_for_project_ownership_changes_enabled.py +5 -0
- prowler/providers/gcp/services/logging/logging_log_metric_filter_and_alert_for_sql_instance_configuration_changes_enabled/logging_log_metric_filter_and_alert_for_sql_instance_configuration_changes_enabled.py +5 -0
- prowler/providers/gcp/services/logging/logging_log_metric_filter_and_alert_for_vpc_firewall_rule_changes_enabled/logging_log_metric_filter_and_alert_for_vpc_firewall_rule_changes_enabled.py +5 -0
- prowler/providers/gcp/services/logging/logging_log_metric_filter_and_alert_for_vpc_network_changes_enabled/logging_log_metric_filter_and_alert_for_vpc_network_changes_enabled.py +5 -0
- prowler/providers/gcp/services/logging/logging_log_metric_filter_and_alert_for_vpc_network_route_changes_enabled/logging_log_metric_filter_and_alert_for_vpc_network_route_changes_enabled.py +5 -0
- prowler/providers/gcp/services/logging/logging_sink_created/logging_sink_created.py +5 -0
- prowler/providers/gcp/services/monitoring/monitoring_service.py +30 -2
- prowler/providers/iac/iac_provider.py +1 -1
- prowler/providers/llm/__init__.py +0 -0
- prowler/providers/llm/lib/__init__.py +0 -0
- prowler/providers/llm/lib/arguments/__init__.py +0 -0
- prowler/providers/llm/lib/arguments/arguments.py +13 -0
- prowler/providers/llm/llm_provider.py +518 -0
- prowler/providers/llm/models.py +27 -0
- prowler/providers/m365/exceptions/exceptions.py +0 -55
- prowler/providers/m365/lib/arguments/arguments.py +8 -4
- prowler/providers/m365/lib/powershell/m365_powershell.py +14 -156
- prowler/providers/m365/m365_provider.py +19 -117
- prowler/providers/m365/models.py +0 -3
- prowler/providers/m365/services/admincenter/admincenter_service.py +52 -23
- prowler/providers/m365/services/entra/entra_admin_users_phishing_resistant_mfa_enabled/entra_admin_users_phishing_resistant_mfa_enabled.py +19 -2
- prowler/providers/m365/services/entra/entra_service.py +58 -30
- prowler/providers/m365/services/sharepoint/sharepoint_service.py +24 -3
- prowler/providers/oraclecloud/__init__.py +0 -0
- prowler/providers/oraclecloud/config.py +61 -0
- prowler/providers/oraclecloud/exceptions/__init__.py +0 -0
- prowler/providers/oraclecloud/exceptions/exceptions.py +197 -0
- prowler/providers/oraclecloud/lib/__init__.py +0 -0
- prowler/providers/oraclecloud/lib/arguments/__init__.py +0 -0
- prowler/providers/oraclecloud/lib/arguments/arguments.py +123 -0
- prowler/providers/oraclecloud/lib/mutelist/__init__.py +0 -0
- prowler/providers/oraclecloud/lib/mutelist/mutelist.py +176 -0
- prowler/providers/oraclecloud/lib/service/__init__.py +0 -0
- prowler/providers/oraclecloud/lib/service/service.py +213 -0
- prowler/providers/oraclecloud/models.py +96 -0
- prowler/providers/oraclecloud/oci_provider.py +1038 -0
- prowler/providers/oraclecloud/services/__init__.py +0 -0
- prowler/providers/oraclecloud/services/analytics/__init__.py +0 -0
- prowler/providers/oraclecloud/services/analytics/analytics_client.py +6 -0
- prowler/providers/oraclecloud/services/analytics/analytics_instance_access_restricted/__init__.py +0 -0
- prowler/providers/oraclecloud/services/analytics/analytics_instance_access_restricted/analytics_instance_access_restricted.metadata.json +36 -0
- prowler/providers/oraclecloud/services/analytics/analytics_instance_access_restricted/analytics_instance_access_restricted.py +48 -0
- prowler/providers/oraclecloud/services/analytics/analytics_service.py +99 -0
- prowler/providers/oraclecloud/services/audit/__init__.py +0 -0
- prowler/providers/oraclecloud/services/audit/audit_client.py +4 -0
- prowler/providers/oraclecloud/services/audit/audit_log_retention_period_365_days/__init__.py +0 -0
- prowler/providers/oraclecloud/services/audit/audit_log_retention_period_365_days/audit_log_retention_period_365_days.metadata.json +37 -0
- prowler/providers/oraclecloud/services/audit/audit_log_retention_period_365_days/audit_log_retention_period_365_days.py +46 -0
- prowler/providers/oraclecloud/services/audit/audit_service.py +57 -0
- prowler/providers/oraclecloud/services/blockstorage/__init__.py +0 -0
- prowler/providers/oraclecloud/services/blockstorage/blockstorage_block_volume_encrypted_with_cmk/__init__.py +0 -0
- prowler/providers/oraclecloud/services/blockstorage/blockstorage_block_volume_encrypted_with_cmk/blockstorage_block_volume_encrypted_with_cmk.metadata.json +37 -0
- prowler/providers/oraclecloud/services/blockstorage/blockstorage_block_volume_encrypted_with_cmk/blockstorage_block_volume_encrypted_with_cmk.py +39 -0
- prowler/providers/oraclecloud/services/blockstorage/blockstorage_boot_volume_encrypted_with_cmk/__init__.py +0 -0
- prowler/providers/oraclecloud/services/blockstorage/blockstorage_boot_volume_encrypted_with_cmk/blockstorage_boot_volume_encrypted_with_cmk.metadata.json +36 -0
- prowler/providers/oraclecloud/services/blockstorage/blockstorage_boot_volume_encrypted_with_cmk/blockstorage_boot_volume_encrypted_with_cmk.py +35 -0
- prowler/providers/oraclecloud/services/blockstorage/blockstorage_client.py +6 -0
- prowler/providers/oraclecloud/services/blockstorage/blockstorage_service.py +182 -0
- prowler/providers/oraclecloud/services/cloudguard/__init__.py +0 -0
- prowler/providers/oraclecloud/services/cloudguard/cloudguard_client.py +6 -0
- prowler/providers/oraclecloud/services/cloudguard/cloudguard_enabled/__init__.py +0 -0
- prowler/providers/oraclecloud/services/cloudguard/cloudguard_enabled/cloudguard_enabled.metadata.json +36 -0
- prowler/providers/oraclecloud/services/cloudguard/cloudguard_enabled/cloudguard_enabled.py +39 -0
- prowler/providers/oraclecloud/services/cloudguard/cloudguard_service.py +63 -0
- prowler/providers/oraclecloud/services/compute/__init__.py +0 -0
- prowler/providers/oraclecloud/services/compute/compute_client.py +4 -0
- prowler/providers/oraclecloud/services/compute/compute_instance_in_transit_encryption_enabled/__init__.py +0 -0
- prowler/providers/oraclecloud/services/compute/compute_instance_in_transit_encryption_enabled/compute_instance_in_transit_encryption_enabled.metadata.json +37 -0
- prowler/providers/oraclecloud/services/compute/compute_instance_in_transit_encryption_enabled/compute_instance_in_transit_encryption_enabled.py +38 -0
- prowler/providers/oraclecloud/services/compute/compute_instance_legacy_metadata_endpoint_disabled/__init__.py +0 -0
- prowler/providers/oraclecloud/services/compute/compute_instance_legacy_metadata_endpoint_disabled/compute_instance_legacy_metadata_endpoint_disabled.metadata.json +37 -0
- prowler/providers/oraclecloud/services/compute/compute_instance_legacy_metadata_endpoint_disabled/compute_instance_legacy_metadata_endpoint_disabled.py +37 -0
- prowler/providers/oraclecloud/services/compute/compute_instance_secure_boot_enabled/__init__.py +0 -0
- prowler/providers/oraclecloud/services/compute/compute_instance_secure_boot_enabled/compute_instance_secure_boot_enabled.metadata.json +37 -0
- prowler/providers/oraclecloud/services/compute/compute_instance_secure_boot_enabled/compute_instance_secure_boot_enabled.py +39 -0
- prowler/providers/oraclecloud/services/compute/compute_service.py +136 -0
- prowler/providers/oraclecloud/services/database/__init__.py +0 -0
- prowler/providers/oraclecloud/services/database/database_autonomous_database_access_restricted/__init__.py +0 -0
- prowler/providers/oraclecloud/services/database/database_autonomous_database_access_restricted/database_autonomous_database_access_restricted.metadata.json +36 -0
- prowler/providers/oraclecloud/services/database/database_autonomous_database_access_restricted/database_autonomous_database_access_restricted.py +40 -0
- prowler/providers/oraclecloud/services/database/database_client.py +6 -0
- prowler/providers/oraclecloud/services/database/database_service.py +79 -0
- prowler/providers/oraclecloud/services/events/__init__.py +0 -0
- prowler/providers/oraclecloud/services/events/events_client.py +4 -0
- prowler/providers/oraclecloud/services/events/events_notification_topic_and_subscription_exists/__init__.py +0 -0
- prowler/providers/oraclecloud/services/events/events_notification_topic_and_subscription_exists/events_notification_topic_and_subscription_exists.metadata.json +37 -0
- prowler/providers/oraclecloud/services/events/events_notification_topic_and_subscription_exists/events_notification_topic_and_subscription_exists.py +53 -0
- prowler/providers/oraclecloud/services/events/events_rule_cloudguard_problems/__init__.py +0 -0
- prowler/providers/oraclecloud/services/events/events_rule_cloudguard_problems/events_rule_cloudguard_problems.metadata.json +36 -0
- prowler/providers/oraclecloud/services/events/events_rule_cloudguard_problems/events_rule_cloudguard_problems.py +90 -0
- prowler/providers/oraclecloud/services/events/events_rule_iam_group_changes/__init__.py +0 -0
- prowler/providers/oraclecloud/services/events/events_rule_iam_group_changes/events_rule_iam_group_changes.metadata.json +37 -0
- prowler/providers/oraclecloud/services/events/events_rule_iam_group_changes/events_rule_iam_group_changes.py +67 -0
- prowler/providers/oraclecloud/services/events/events_rule_iam_policy_changes/__init__.py +0 -0
- prowler/providers/oraclecloud/services/events/events_rule_iam_policy_changes/events_rule_iam_policy_changes.metadata.json +37 -0
- prowler/providers/oraclecloud/services/events/events_rule_iam_policy_changes/events_rule_iam_policy_changes.py +67 -0
- prowler/providers/oraclecloud/services/events/events_rule_identity_provider_changes/__init__.py +0 -0
- prowler/providers/oraclecloud/services/events/events_rule_identity_provider_changes/events_rule_identity_provider_changes.metadata.json +37 -0
- prowler/providers/oraclecloud/services/events/events_rule_identity_provider_changes/events_rule_identity_provider_changes.py +67 -0
- prowler/providers/oraclecloud/services/events/events_rule_idp_group_mapping_changes/__init__.py +0 -0
- prowler/providers/oraclecloud/services/events/events_rule_idp_group_mapping_changes/events_rule_idp_group_mapping_changes.metadata.json +37 -0
- prowler/providers/oraclecloud/services/events/events_rule_idp_group_mapping_changes/events_rule_idp_group_mapping_changes.py +67 -0
- prowler/providers/oraclecloud/services/events/events_rule_local_user_authentication/__init__.py +0 -0
- prowler/providers/oraclecloud/services/events/events_rule_local_user_authentication/events_rule_local_user_authentication.metadata.json +38 -0
- prowler/providers/oraclecloud/services/events/events_rule_local_user_authentication/events_rule_local_user_authentication.py +63 -0
- prowler/providers/oraclecloud/services/events/events_rule_network_gateway_changes/__init__.py +0 -0
- prowler/providers/oraclecloud/services/events/events_rule_network_gateway_changes/events_rule_network_gateway_changes.metadata.json +37 -0
- prowler/providers/oraclecloud/services/events/events_rule_network_gateway_changes/events_rule_network_gateway_changes.py +88 -0
- prowler/providers/oraclecloud/services/events/events_rule_network_security_group_changes/__init__.py +0 -0
- prowler/providers/oraclecloud/services/events/events_rule_network_security_group_changes/events_rule_network_security_group_changes.metadata.json +37 -0
- prowler/providers/oraclecloud/services/events/events_rule_network_security_group_changes/events_rule_network_security_group_changes.py +68 -0
- prowler/providers/oraclecloud/services/events/events_rule_route_table_changes/__init__.py +0 -0
- prowler/providers/oraclecloud/services/events/events_rule_route_table_changes/events_rule_route_table_changes.metadata.json +37 -0
- prowler/providers/oraclecloud/services/events/events_rule_route_table_changes/events_rule_route_table_changes.py +68 -0
- prowler/providers/oraclecloud/services/events/events_rule_security_list_changes/__init__.py +0 -0
- prowler/providers/oraclecloud/services/events/events_rule_security_list_changes/events_rule_security_list_changes.metadata.json +37 -0
- prowler/providers/oraclecloud/services/events/events_rule_security_list_changes/events_rule_security_list_changes.py +68 -0
- prowler/providers/oraclecloud/services/events/events_rule_user_changes/__init__.py +0 -0
- prowler/providers/oraclecloud/services/events/events_rule_user_changes/events_rule_user_changes.metadata.json +37 -0
- prowler/providers/oraclecloud/services/events/events_rule_user_changes/events_rule_user_changes.py +69 -0
- prowler/providers/oraclecloud/services/events/events_rule_vcn_changes/__init__.py +0 -0
- prowler/providers/oraclecloud/services/events/events_rule_vcn_changes/events_rule_vcn_changes.metadata.json +37 -0
- prowler/providers/oraclecloud/services/events/events_rule_vcn_changes/events_rule_vcn_changes.py +65 -0
- prowler/providers/oraclecloud/services/events/events_service.py +215 -0
- prowler/providers/oraclecloud/services/events/lib/__init__.py +0 -0
- prowler/providers/oraclecloud/services/events/lib/helpers.py +116 -0
- prowler/providers/oraclecloud/services/filestorage/__init__.py +0 -0
- prowler/providers/oraclecloud/services/filestorage/filestorage_client.py +6 -0
- prowler/providers/oraclecloud/services/filestorage/filestorage_file_system_encrypted_with_cmk/__init__.py +0 -0
- prowler/providers/oraclecloud/services/filestorage/filestorage_file_system_encrypted_with_cmk/filestorage_file_system_encrypted_with_cmk.metadata.json +36 -0
- prowler/providers/oraclecloud/services/filestorage/filestorage_file_system_encrypted_with_cmk/filestorage_file_system_encrypted_with_cmk.py +39 -0
- prowler/providers/oraclecloud/services/filestorage/filestorage_service.py +96 -0
- prowler/providers/oraclecloud/services/identity/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_client.py +4 -0
- prowler/providers/oraclecloud/services/identity/identity_iam_admins_cannot_update_tenancy_admins/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_iam_admins_cannot_update_tenancy_admins/identity_iam_admins_cannot_update_tenancy_admins.metadata.json +36 -0
- prowler/providers/oraclecloud/services/identity/identity_iam_admins_cannot_update_tenancy_admins/identity_iam_admins_cannot_update_tenancy_admins.py +107 -0
- prowler/providers/oraclecloud/services/identity/identity_instance_principal_used/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_instance_principal_used/identity_instance_principal_used.metadata.json +36 -0
- prowler/providers/oraclecloud/services/identity/identity_instance_principal_used/identity_instance_principal_used.py +70 -0
- prowler/providers/oraclecloud/services/identity/identity_no_resources_in_root_compartment/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_no_resources_in_root_compartment/identity_no_resources_in_root_compartment.metadata.json +32 -0
- prowler/providers/oraclecloud/services/identity/identity_no_resources_in_root_compartment/identity_no_resources_in_root_compartment.py +51 -0
- prowler/providers/oraclecloud/services/identity/identity_non_root_compartment_exists/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_non_root_compartment_exists/identity_non_root_compartment_exists.metadata.json +32 -0
- prowler/providers/oraclecloud/services/identity/identity_non_root_compartment_exists/identity_non_root_compartment_exists.py +39 -0
- prowler/providers/oraclecloud/services/identity/identity_password_policy_expires_within_365_days/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_password_policy_expires_within_365_days/identity_password_policy_expires_within_365_days.metadata.json +36 -0
- prowler/providers/oraclecloud/services/identity/identity_password_policy_expires_within_365_days/identity_password_policy_expires_within_365_days.py +67 -0
- prowler/providers/oraclecloud/services/identity/identity_password_policy_minimum_length_14/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_password_policy_minimum_length_14/identity_password_policy_minimum_length_14.metadata.json +36 -0
- prowler/providers/oraclecloud/services/identity/identity_password_policy_minimum_length_14/identity_password_policy_minimum_length_14.py +97 -0
- prowler/providers/oraclecloud/services/identity/identity_password_policy_prevents_reuse/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_password_policy_prevents_reuse/identity_password_policy_prevents_reuse.metadata.json +36 -0
- prowler/providers/oraclecloud/services/identity/identity_password_policy_prevents_reuse/identity_password_policy_prevents_reuse.py +77 -0
- prowler/providers/oraclecloud/services/identity/identity_service.py +828 -0
- prowler/providers/oraclecloud/services/identity/identity_service_level_admins_exist/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_service_level_admins_exist/identity_service_level_admins_exist.metadata.json +32 -0
- prowler/providers/oraclecloud/services/identity/identity_service_level_admins_exist/identity_service_level_admins_exist.py +81 -0
- prowler/providers/oraclecloud/services/identity/identity_tenancy_admin_permissions_limited/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_tenancy_admin_permissions_limited/identity_tenancy_admin_permissions_limited.metadata.json +36 -0
- prowler/providers/oraclecloud/services/identity/identity_tenancy_admin_permissions_limited/identity_tenancy_admin_permissions_limited.py +81 -0
- prowler/providers/oraclecloud/services/identity/identity_tenancy_admin_users_no_api_keys/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_tenancy_admin_users_no_api_keys/identity_tenancy_admin_users_no_api_keys.metadata.json +36 -0
- prowler/providers/oraclecloud/services/identity/identity_tenancy_admin_users_no_api_keys/identity_tenancy_admin_users_no_api_keys.py +49 -0
- prowler/providers/oraclecloud/services/identity/identity_user_api_keys_rotated_90_days/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_user_api_keys_rotated_90_days/identity_user_api_keys_rotated_90_days.metadata.json +37 -0
- prowler/providers/oraclecloud/services/identity/identity_user_api_keys_rotated_90_days/identity_user_api_keys_rotated_90_days.py +73 -0
- prowler/providers/oraclecloud/services/identity/identity_user_auth_tokens_rotated_90_days/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_user_auth_tokens_rotated_90_days/identity_user_auth_tokens_rotated_90_days.metadata.json +36 -0
- prowler/providers/oraclecloud/services/identity/identity_user_auth_tokens_rotated_90_days/identity_user_auth_tokens_rotated_90_days.py +52 -0
- prowler/providers/oraclecloud/services/identity/identity_user_customer_secret_keys_rotated_90_days/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_user_customer_secret_keys_rotated_90_days/identity_user_customer_secret_keys_rotated_90_days.metadata.json +36 -0
- prowler/providers/oraclecloud/services/identity/identity_user_customer_secret_keys_rotated_90_days/identity_user_customer_secret_keys_rotated_90_days.py +49 -0
- prowler/providers/oraclecloud/services/identity/identity_user_db_passwords_rotated_90_days/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_user_db_passwords_rotated_90_days/identity_user_db_passwords_rotated_90_days.metadata.json +36 -0
- prowler/providers/oraclecloud/services/identity/identity_user_db_passwords_rotated_90_days/identity_user_db_passwords_rotated_90_days.py +49 -0
- prowler/providers/oraclecloud/services/identity/identity_user_mfa_enabled_console_access/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_user_mfa_enabled_console_access/identity_user_mfa_enabled_console_access.metadata.json +36 -0
- prowler/providers/oraclecloud/services/identity/identity_user_mfa_enabled_console_access/identity_user_mfa_enabled_console_access.py +43 -0
- prowler/providers/oraclecloud/services/identity/identity_user_valid_email_address/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_user_valid_email_address/identity_user_valid_email_address.metadata.json +36 -0
- prowler/providers/oraclecloud/services/identity/identity_user_valid_email_address/identity_user_valid_email_address.py +38 -0
- prowler/providers/oraclecloud/services/integration/__init__.py +0 -0
- prowler/providers/oraclecloud/services/integration/integration_client.py +8 -0
- prowler/providers/oraclecloud/services/integration/integration_instance_access_restricted/__init__.py +0 -0
- prowler/providers/oraclecloud/services/integration/integration_instance_access_restricted/integration_instance_access_restricted.metadata.json +36 -0
- prowler/providers/oraclecloud/services/integration/integration_instance_access_restricted/integration_instance_access_restricted.py +48 -0
- prowler/providers/oraclecloud/services/integration/integration_service.py +92 -0
- prowler/providers/oraclecloud/services/kms/__init__.py +0 -0
- prowler/providers/oraclecloud/services/kms/kms_client.py +4 -0
- prowler/providers/oraclecloud/services/kms/kms_key_rotation_enabled/__init__.py +0 -0
- prowler/providers/oraclecloud/services/kms/kms_key_rotation_enabled/kms_key_rotation_enabled.metadata.json +36 -0
- prowler/providers/oraclecloud/services/kms/kms_key_rotation_enabled/kms_key_rotation_enabled.py +37 -0
- prowler/providers/oraclecloud/services/kms/kms_service.py +136 -0
- prowler/providers/oraclecloud/services/logging/__init__.py +0 -0
- prowler/providers/oraclecloud/services/logging/logging_client.py +6 -0
- prowler/providers/oraclecloud/services/logging/logging_service.py +189 -0
- prowler/providers/oraclecloud/services/network/__init__.py +0 -0
- prowler/providers/oraclecloud/services/network/network_client.py +4 -0
- prowler/providers/oraclecloud/services/network/network_default_security_list_restricts_traffic/__init__.py +0 -0
- prowler/providers/oraclecloud/services/network/network_default_security_list_restricts_traffic/network_default_security_list_restricts_traffic.metadata.json +36 -0
- prowler/providers/oraclecloud/services/network/network_default_security_list_restricts_traffic/network_default_security_list_restricts_traffic.py +99 -0
- prowler/providers/oraclecloud/services/network/network_security_group_ingress_from_internet_to_rdp_port/__init__.py +0 -0
- prowler/providers/oraclecloud/services/network/network_security_group_ingress_from_internet_to_rdp_port/network_security_group_ingress_from_internet_to_rdp_port.metadata.json +36 -0
- prowler/providers/oraclecloud/services/network/network_security_group_ingress_from_internet_to_rdp_port/network_security_group_ingress_from_internet_to_rdp_port.py +65 -0
- prowler/providers/oraclecloud/services/network/network_security_group_ingress_from_internet_to_ssh_port/__init__.py +0 -0
- prowler/providers/oraclecloud/services/network/network_security_group_ingress_from_internet_to_ssh_port/network_security_group_ingress_from_internet_to_ssh_port.metadata.json +37 -0
- prowler/providers/oraclecloud/services/network/network_security_group_ingress_from_internet_to_ssh_port/network_security_group_ingress_from_internet_to_ssh_port.py +70 -0
- prowler/providers/oraclecloud/services/network/network_security_list_ingress_from_internet_to_rdp_port/__init__.py +0 -0
- prowler/providers/oraclecloud/services/network/network_security_list_ingress_from_internet_to_rdp_port/network_security_list_ingress_from_internet_to_rdp_port.metadata.json +36 -0
- prowler/providers/oraclecloud/services/network/network_security_list_ingress_from_internet_to_rdp_port/network_security_list_ingress_from_internet_to_rdp_port.py +62 -0
- prowler/providers/oraclecloud/services/network/network_security_list_ingress_from_internet_to_ssh_port/__init__.py +0 -0
- prowler/providers/oraclecloud/services/network/network_security_list_ingress_from_internet_to_ssh_port/network_security_list_ingress_from_internet_to_ssh_port.metadata.json +37 -0
- prowler/providers/oraclecloud/services/network/network_security_list_ingress_from_internet_to_ssh_port/network_security_list_ingress_from_internet_to_ssh_port.py +67 -0
- prowler/providers/oraclecloud/services/network/network_service.py +321 -0
- prowler/providers/oraclecloud/services/network/network_vcn_subnet_flow_logs_enabled/__init__.py +0 -0
- prowler/providers/oraclecloud/services/network/network_vcn_subnet_flow_logs_enabled/network_vcn_subnet_flow_logs_enabled.metadata.json +36 -0
- prowler/providers/oraclecloud/services/network/network_vcn_subnet_flow_logs_enabled/network_vcn_subnet_flow_logs_enabled.py +66 -0
- prowler/providers/oraclecloud/services/objectstorage/__init__.py +0 -0
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_encrypted_with_cmk/__init__.py +0 -0
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_encrypted_with_cmk/objectstorage_bucket_encrypted_with_cmk.metadata.json +37 -0
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_encrypted_with_cmk/objectstorage_bucket_encrypted_with_cmk.py +40 -0
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_logging_enabled/__init__.py +0 -0
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_logging_enabled/objectstorage_bucket_logging_enabled.metadata.json +32 -0
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_logging_enabled/objectstorage_bucket_logging_enabled.py +68 -0
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_not_publicly_accessible/__init__.py +0 -0
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_not_publicly_accessible/objectstorage_bucket_not_publicly_accessible.metadata.json +37 -0
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_not_publicly_accessible/objectstorage_bucket_not_publicly_accessible.py +43 -0
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_versioning_enabled/__init__.py +0 -0
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_versioning_enabled/objectstorage_bucket_versioning_enabled.metadata.json +37 -0
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_versioning_enabled/objectstorage_bucket_versioning_enabled.py +38 -0
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_client.py +6 -0
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_service.py +138 -0
- {prowler_cloud-5.12.3.dist-info → prowler_cloud-5.13.0.dist-info}/METADATA +9 -33
- {prowler_cloud-5.12.3.dist-info → prowler_cloud-5.13.0.dist-info}/RECORD +528 -280
- {prowler_cloud-5.12.3.dist-info → prowler_cloud-5.13.0.dist-info}/LICENSE +0 -0
- {prowler_cloud-5.12.3.dist-info → prowler_cloud-5.13.0.dist-info}/WHEEL +0 -0
- {prowler_cloud-5.12.3.dist-info → prowler_cloud-5.13.0.dist-info}/entry_points.txt +0 -0
|
@@ -0,0 +1,518 @@
|
|
|
1
|
+
import json
|
|
2
|
+
import os
|
|
3
|
+
import subprocess
|
|
4
|
+
import sys
|
|
5
|
+
from typing import List
|
|
6
|
+
|
|
7
|
+
import yaml
|
|
8
|
+
from alive_progress import alive_bar
|
|
9
|
+
from colorama import Fore, Style
|
|
10
|
+
|
|
11
|
+
from prowler.config.config import (
|
|
12
|
+
default_config_file_path,
|
|
13
|
+
default_redteam_config_file_path,
|
|
14
|
+
load_and_validate_config_file,
|
|
15
|
+
)
|
|
16
|
+
from prowler.lib.check.models import CheckReportLLM
|
|
17
|
+
from prowler.lib.logger import logger
|
|
18
|
+
from prowler.lib.utils.utils import print_boxes
|
|
19
|
+
from prowler.providers.common.models import Audit_Metadata
|
|
20
|
+
from prowler.providers.common.provider import Provider
|
|
21
|
+
|
|
22
|
+
|
|
23
|
+
class LlmProvider(Provider):
|
|
24
|
+
_type: str = "llm"
|
|
25
|
+
audit_metadata: Audit_Metadata
|
|
26
|
+
model: str = ""
|
|
27
|
+
|
|
28
|
+
def __init__(
|
|
29
|
+
self,
|
|
30
|
+
max_concurrency: int = 10,
|
|
31
|
+
config_path: str = None,
|
|
32
|
+
config_content: dict = None,
|
|
33
|
+
fixer_config: dict = {},
|
|
34
|
+
):
|
|
35
|
+
logger.info("Instantiating LLM Provider...")
|
|
36
|
+
logger.info(f"Received config_path: {config_path}")
|
|
37
|
+
|
|
38
|
+
self.max_concurrency = max_concurrency
|
|
39
|
+
# For LLM provider, only use config_path if it's not the default Prowler config
|
|
40
|
+
if config_path and config_path != default_config_file_path:
|
|
41
|
+
self.config_path = config_path
|
|
42
|
+
else:
|
|
43
|
+
self.config_path = default_redteam_config_file_path
|
|
44
|
+
|
|
45
|
+
# Read config file and extract model
|
|
46
|
+
with open(self.config_path, "r") as config_file:
|
|
47
|
+
config = yaml.safe_load(config_file)
|
|
48
|
+
self.model = config.get("targets", [])[0].get("id", "No model available.")
|
|
49
|
+
# Extract only the plugin IDs
|
|
50
|
+
plugins_data = config.get("redteam", {}).get("plugins", [])
|
|
51
|
+
self.plugins = [
|
|
52
|
+
plugin.get("id") for plugin in plugins_data if plugin.get("id")
|
|
53
|
+
]
|
|
54
|
+
self.region = "global"
|
|
55
|
+
self.audited_account = "local-llm"
|
|
56
|
+
self._session = None
|
|
57
|
+
self._identity = "prowler"
|
|
58
|
+
self._auth_method = "No auth"
|
|
59
|
+
|
|
60
|
+
# Audit Config
|
|
61
|
+
if config_content:
|
|
62
|
+
self._audit_config = config_content
|
|
63
|
+
elif self.config_path:
|
|
64
|
+
self._audit_config = load_and_validate_config_file(
|
|
65
|
+
self._type, self.config_path
|
|
66
|
+
)
|
|
67
|
+
else:
|
|
68
|
+
# For LLM provider, use empty config if no config file provided
|
|
69
|
+
self._audit_config = {}
|
|
70
|
+
|
|
71
|
+
# Fixer Config
|
|
72
|
+
self._fixer_config = fixer_config
|
|
73
|
+
|
|
74
|
+
# Mutelist (not needed for LLM since promptfoo has its own logic)
|
|
75
|
+
self._mutelist = None
|
|
76
|
+
|
|
77
|
+
self.audit_metadata = Audit_Metadata(
|
|
78
|
+
provider=self._type,
|
|
79
|
+
account_id=self.audited_account,
|
|
80
|
+
account_name="llm",
|
|
81
|
+
region=self.region,
|
|
82
|
+
services_scanned=0, # LLM doesn't use services
|
|
83
|
+
expected_checks=[], # LLM doesn't use checks
|
|
84
|
+
completed_checks=0, # LLM doesn't use progress tracking
|
|
85
|
+
audit_progress=0, # LLM doesn't use progress tracking
|
|
86
|
+
)
|
|
87
|
+
|
|
88
|
+
# Set this provider as the global provider
|
|
89
|
+
Provider.set_global_provider(self)
|
|
90
|
+
|
|
91
|
+
@property
|
|
92
|
+
def type(self):
|
|
93
|
+
return self._type
|
|
94
|
+
|
|
95
|
+
@property
|
|
96
|
+
def identity(self):
|
|
97
|
+
return self._identity
|
|
98
|
+
|
|
99
|
+
@property
|
|
100
|
+
def session(self):
|
|
101
|
+
return self._session
|
|
102
|
+
|
|
103
|
+
@property
|
|
104
|
+
def audit_config(self):
|
|
105
|
+
return self._audit_config
|
|
106
|
+
|
|
107
|
+
@property
|
|
108
|
+
def fixer_config(self):
|
|
109
|
+
return self._fixer_config
|
|
110
|
+
|
|
111
|
+
@property
|
|
112
|
+
def auth_method(self):
|
|
113
|
+
return self._auth_method
|
|
114
|
+
|
|
115
|
+
def setup_session(self):
|
|
116
|
+
"""LLM provider doesn't need a session since it uses promptfoo directly"""
|
|
117
|
+
|
|
118
|
+
def _process_check(self, finding: dict) -> CheckReportLLM:
|
|
119
|
+
"""
|
|
120
|
+
Process a single check (failed or passed) and create a CheckReportIAC object.
|
|
121
|
+
|
|
122
|
+
Args:
|
|
123
|
+
finding: The finding object from Trivy output
|
|
124
|
+
file_path: The path to the file that contains the finding
|
|
125
|
+
type: The type of the finding
|
|
126
|
+
|
|
127
|
+
Returns:
|
|
128
|
+
CheckReportIAC: The processed check report
|
|
129
|
+
"""
|
|
130
|
+
try:
|
|
131
|
+
status = "FAIL"
|
|
132
|
+
if finding.get("success"):
|
|
133
|
+
status = "PASS"
|
|
134
|
+
|
|
135
|
+
metadata_dict = {
|
|
136
|
+
"Provider": "llm",
|
|
137
|
+
"CheckID": finding["metadata"]["pluginId"],
|
|
138
|
+
"CheckTitle": finding["metadata"]["goal"],
|
|
139
|
+
"CheckType": ["LLM Security"],
|
|
140
|
+
"ServiceName": finding["metadata"]["pluginId"].split(":")[0],
|
|
141
|
+
"SubServiceName": "",
|
|
142
|
+
"ResourceIdTemplate": "",
|
|
143
|
+
"Severity": finding["metadata"]["severity"].lower(),
|
|
144
|
+
"ResourceType": "llm",
|
|
145
|
+
"Description": finding["metadata"]["goal"],
|
|
146
|
+
"Risk": "",
|
|
147
|
+
"RelatedUrl": "",
|
|
148
|
+
"Remediation": {
|
|
149
|
+
"Code": {
|
|
150
|
+
"NativeIaC": "",
|
|
151
|
+
"Terraform": "",
|
|
152
|
+
"CLI": "",
|
|
153
|
+
"Other": "",
|
|
154
|
+
},
|
|
155
|
+
"Recommendation": {
|
|
156
|
+
"Text": "",
|
|
157
|
+
"Url": "",
|
|
158
|
+
},
|
|
159
|
+
},
|
|
160
|
+
"Categories": [],
|
|
161
|
+
"DependsOn": [],
|
|
162
|
+
"RelatedTo": [],
|
|
163
|
+
"Notes": "",
|
|
164
|
+
}
|
|
165
|
+
|
|
166
|
+
# Convert metadata dict to JSON string
|
|
167
|
+
metadata = json.dumps(metadata_dict)
|
|
168
|
+
|
|
169
|
+
report = CheckReportLLM(
|
|
170
|
+
metadata=metadata,
|
|
171
|
+
finding=finding,
|
|
172
|
+
)
|
|
173
|
+
report.status = status
|
|
174
|
+
status_extended = (
|
|
175
|
+
finding.get("gradingResult", {})
|
|
176
|
+
.get("componentResults", [{}])[0]
|
|
177
|
+
.get("reason", "No assertions found.")
|
|
178
|
+
)
|
|
179
|
+
report.status_extended = status_extended
|
|
180
|
+
return report
|
|
181
|
+
except Exception as error:
|
|
182
|
+
logger.critical(
|
|
183
|
+
f"{error.__class__.__name__}:{error.__traceback__.tb_lineno} -- {error}"
|
|
184
|
+
)
|
|
185
|
+
sys.exit(1)
|
|
186
|
+
|
|
187
|
+
def _process_finding_line(
|
|
188
|
+
self, line: str, reports: list, streaming_callback=None, progress_counter=None
|
|
189
|
+
) -> bool:
|
|
190
|
+
"""
|
|
191
|
+
Process a single line from the report file and add to reports if valid.
|
|
192
|
+
|
|
193
|
+
Args:
|
|
194
|
+
line: JSON line from the report file
|
|
195
|
+
reports: List to append the processed report to
|
|
196
|
+
streaming_callback: Optional callback for streaming mode
|
|
197
|
+
progress_counter: Optional dict to track progress {'completed': int, 'total': int, 'completed_test_ids': set}
|
|
198
|
+
|
|
199
|
+
Returns:
|
|
200
|
+
bool: True if a valid finding was processed, False otherwise
|
|
201
|
+
"""
|
|
202
|
+
try:
|
|
203
|
+
finding = json.loads(line.strip())
|
|
204
|
+
# Extract testIdx and track unique tests
|
|
205
|
+
test_idx = finding.get("testIdx")
|
|
206
|
+
if test_idx is not None and progress_counter is not None:
|
|
207
|
+
if test_idx not in progress_counter["completed_test_ids"]:
|
|
208
|
+
progress_counter["completed_test_ids"].add(test_idx)
|
|
209
|
+
progress_counter["completed"] += 1
|
|
210
|
+
if finding.get("prompt", {}).get("raw"):
|
|
211
|
+
if finding.get("response", {}).get("error"):
|
|
212
|
+
logger.error(f"Error: {finding.get('response', {}).get('error')}")
|
|
213
|
+
return False
|
|
214
|
+
elif finding.get("error"):
|
|
215
|
+
logger.error(f"{finding.get('error')}")
|
|
216
|
+
return False
|
|
217
|
+
report = self._process_check(finding)
|
|
218
|
+
if report:
|
|
219
|
+
reports.append(report)
|
|
220
|
+
if streaming_callback:
|
|
221
|
+
streaming_callback([report])
|
|
222
|
+
return True
|
|
223
|
+
except json.JSONDecodeError as json_error:
|
|
224
|
+
logger.error(
|
|
225
|
+
f"Error decoding JSON line: {json_error} - Line content: {line.strip()}"
|
|
226
|
+
)
|
|
227
|
+
return False
|
|
228
|
+
|
|
229
|
+
def run(self) -> List[CheckReportLLM]:
|
|
230
|
+
"""Main method to run the LLM security scan"""
|
|
231
|
+
try:
|
|
232
|
+
return self.run_scan()
|
|
233
|
+
except Exception as error:
|
|
234
|
+
logger.error(f"Error running LLM scan: {error}")
|
|
235
|
+
return []
|
|
236
|
+
|
|
237
|
+
def run_scan(self, streaming_callback) -> List[CheckReportLLM]:
|
|
238
|
+
"""Run promptfoo red team scan and process its output."""
|
|
239
|
+
report_path = None
|
|
240
|
+
try:
|
|
241
|
+
logger.info("Running LLM security scan...")
|
|
242
|
+
|
|
243
|
+
# Use config file if provided, otherwise let promptfoo use its defaults
|
|
244
|
+
if self.config_path:
|
|
245
|
+
if not os.path.exists(self.config_path):
|
|
246
|
+
logger.error(f"Config file not found: {self.config_path}")
|
|
247
|
+
return []
|
|
248
|
+
config_path = self.config_path
|
|
249
|
+
logger.info(f"Using provided config file: {config_path}")
|
|
250
|
+
|
|
251
|
+
# Set output path for the scan results
|
|
252
|
+
report_path = "/tmp/prowler_promptfoo_results.jsonl"
|
|
253
|
+
|
|
254
|
+
promptfoo_command = [
|
|
255
|
+
"promptfoo",
|
|
256
|
+
"redteam",
|
|
257
|
+
"eval",
|
|
258
|
+
"--output",
|
|
259
|
+
report_path,
|
|
260
|
+
"--max-concurrency",
|
|
261
|
+
str(self.max_concurrency),
|
|
262
|
+
"--no-cache",
|
|
263
|
+
"--config",
|
|
264
|
+
config_path,
|
|
265
|
+
]
|
|
266
|
+
|
|
267
|
+
logger.info(f"Running promptfoo command: {' '.join(promptfoo_command)}")
|
|
268
|
+
|
|
269
|
+
process = subprocess.Popen(
|
|
270
|
+
promptfoo_command,
|
|
271
|
+
stdout=subprocess.PIPE,
|
|
272
|
+
stderr=subprocess.PIPE,
|
|
273
|
+
text=True,
|
|
274
|
+
encoding="utf-8",
|
|
275
|
+
env=os.environ,
|
|
276
|
+
)
|
|
277
|
+
|
|
278
|
+
return self._stream_findings(process, report_path, streaming_callback)
|
|
279
|
+
|
|
280
|
+
except Exception as error:
|
|
281
|
+
if "No such file or directory: 'promptfoo'" in str(error):
|
|
282
|
+
logger.critical(
|
|
283
|
+
"Promptfoo binary not found. Please install promptfoo from https://promptfoo.dev/docs/installation/ or use your system package manager (e.g., 'npm install -g promptfoo' or 'brew install promptfoo' on macOS)"
|
|
284
|
+
)
|
|
285
|
+
sys.exit(1)
|
|
286
|
+
logger.critical(
|
|
287
|
+
f"{error.__class__.__name__}:{error.__traceback__.tb_lineno} -- {error}"
|
|
288
|
+
)
|
|
289
|
+
return []
|
|
290
|
+
finally:
|
|
291
|
+
# Clean up temporary report file
|
|
292
|
+
if report_path and os.path.exists(report_path):
|
|
293
|
+
os.remove(report_path)
|
|
294
|
+
logger.info(f"Cleaned up promptfoo report file: {report_path}")
|
|
295
|
+
|
|
296
|
+
def _stream_findings(self, process, report_path, streaming_callback):
|
|
297
|
+
"""Stream findings in real-time as they are written to the output file."""
|
|
298
|
+
import queue
|
|
299
|
+
import re
|
|
300
|
+
import threading
|
|
301
|
+
import time
|
|
302
|
+
|
|
303
|
+
reports = []
|
|
304
|
+
processed_lines = set() # Track which lines we've already processed
|
|
305
|
+
error_queue = queue.Queue() # Thread-safe communication for errors
|
|
306
|
+
|
|
307
|
+
def monitor_file():
|
|
308
|
+
"""Monitor the output file for new findings."""
|
|
309
|
+
try:
|
|
310
|
+
while process.poll() is None: # While process is still running
|
|
311
|
+
if os.path.exists(report_path):
|
|
312
|
+
try:
|
|
313
|
+
with open(
|
|
314
|
+
report_path, "r", encoding="utf-8"
|
|
315
|
+
) as report_file:
|
|
316
|
+
lines = report_file.readlines()
|
|
317
|
+
|
|
318
|
+
# Process only new lines
|
|
319
|
+
for i, line in enumerate(lines):
|
|
320
|
+
if i not in processed_lines and line.strip():
|
|
321
|
+
if self._process_finding_line(
|
|
322
|
+
line,
|
|
323
|
+
reports,
|
|
324
|
+
streaming_callback,
|
|
325
|
+
progress_counter,
|
|
326
|
+
):
|
|
327
|
+
processed_lines.add(i)
|
|
328
|
+
except Exception as e:
|
|
329
|
+
logger.debug(f"Error reading report file: {e}")
|
|
330
|
+
|
|
331
|
+
time.sleep(0.5) # Check every 500ms
|
|
332
|
+
except Exception as e:
|
|
333
|
+
logger.debug(f"Monitor file thread error: {e}")
|
|
334
|
+
|
|
335
|
+
def process_stdout(error_queue):
|
|
336
|
+
"""Process stdout to extract test count information and detect errors."""
|
|
337
|
+
try:
|
|
338
|
+
for line in process.stdout:
|
|
339
|
+
if (
|
|
340
|
+
"Redteam evals require email verification. Please enter your work email"
|
|
341
|
+
in line
|
|
342
|
+
):
|
|
343
|
+
error_queue.put(
|
|
344
|
+
"Please, provide first your work email in promptfoo with `promptfoo config set email <email>` command."
|
|
345
|
+
)
|
|
346
|
+
process.terminate()
|
|
347
|
+
return
|
|
348
|
+
if "No promptfooconfig found" in line:
|
|
349
|
+
error_queue.put(
|
|
350
|
+
"No config file found. Please, provide a valid promptfoo config file."
|
|
351
|
+
)
|
|
352
|
+
process.terminate()
|
|
353
|
+
return
|
|
354
|
+
if (
|
|
355
|
+
"Warning: Config file has a redteam section but no test cases."
|
|
356
|
+
in line
|
|
357
|
+
):
|
|
358
|
+
error_queue.put(
|
|
359
|
+
"Please, generate first the test cases using `promptfoo redteam generate` command."
|
|
360
|
+
)
|
|
361
|
+
process.terminate()
|
|
362
|
+
return
|
|
363
|
+
|
|
364
|
+
# Extract total number of tests from stdout
|
|
365
|
+
test_count_match = re.search(
|
|
366
|
+
r"Running (\d+) test cases \(up to \d+ at a time\)", line
|
|
367
|
+
)
|
|
368
|
+
if test_count_match and progress_counter["total"] == 0:
|
|
369
|
+
progress_counter["total"] = int(test_count_match.group(1))
|
|
370
|
+
logger.info(
|
|
371
|
+
f"Found {progress_counter['total']} test cases to run"
|
|
372
|
+
)
|
|
373
|
+
except Exception as e:
|
|
374
|
+
logger.debug(f"Process stdout thread error: {e}")
|
|
375
|
+
|
|
376
|
+
# Create progress counter dictionary
|
|
377
|
+
progress_counter = {"completed": 0, "total": 0, "completed_test_ids": set()}
|
|
378
|
+
previous_completed = 0 # Track previous completed count for bar updates
|
|
379
|
+
|
|
380
|
+
# Start monitoring in separate threads
|
|
381
|
+
monitor_thread = threading.Thread(target=monitor_file)
|
|
382
|
+
monitor_thread.daemon = True
|
|
383
|
+
monitor_thread.start()
|
|
384
|
+
|
|
385
|
+
stdout_thread = threading.Thread(target=process_stdout, args=(error_queue,))
|
|
386
|
+
stdout_thread.daemon = True
|
|
387
|
+
stdout_thread.start()
|
|
388
|
+
|
|
389
|
+
# Wait for total number of tests to be detected or error
|
|
390
|
+
while process.poll() is None and progress_counter["total"] == 0:
|
|
391
|
+
# Check for errors from background thread
|
|
392
|
+
try:
|
|
393
|
+
error_msg = error_queue.get_nowait()
|
|
394
|
+
logger.critical(error_msg)
|
|
395
|
+
process.terminate()
|
|
396
|
+
process.wait() # Ensure cleanup
|
|
397
|
+
sys.exit(1)
|
|
398
|
+
except queue.Empty:
|
|
399
|
+
pass
|
|
400
|
+
|
|
401
|
+
time.sleep(0.5) # Wait for total to be detected
|
|
402
|
+
|
|
403
|
+
# If process finished before we detected total, handle it
|
|
404
|
+
if process.poll() is not None and progress_counter["total"] == 0:
|
|
405
|
+
# Check for any final errors
|
|
406
|
+
try:
|
|
407
|
+
error_msg = error_queue.get_nowait()
|
|
408
|
+
logger.critical(error_msg)
|
|
409
|
+
sys.exit(1)
|
|
410
|
+
except queue.Empty:
|
|
411
|
+
pass
|
|
412
|
+
|
|
413
|
+
process.wait()
|
|
414
|
+
logger.critical(
|
|
415
|
+
f"Promptfoo exited with a non-zero exit code {process.returncode} {process.stderr.read()}"
|
|
416
|
+
)
|
|
417
|
+
sys.exit(1)
|
|
418
|
+
|
|
419
|
+
# Now create the progress bar with the known total
|
|
420
|
+
with alive_bar(
|
|
421
|
+
total=progress_counter["total"],
|
|
422
|
+
ctrl_c=False,
|
|
423
|
+
bar="blocks",
|
|
424
|
+
spinner="classic",
|
|
425
|
+
stats=False,
|
|
426
|
+
enrich_print=False,
|
|
427
|
+
) as bar:
|
|
428
|
+
try:
|
|
429
|
+
bar.title = f"-> Running LLM security scan on {self.model}..."
|
|
430
|
+
|
|
431
|
+
# Update progress bar while process is running
|
|
432
|
+
while process.poll() is None:
|
|
433
|
+
# Check for errors from background thread during execution
|
|
434
|
+
try:
|
|
435
|
+
error_msg = error_queue.get_nowait()
|
|
436
|
+
logger.critical(error_msg)
|
|
437
|
+
process.terminate()
|
|
438
|
+
process.wait() # Ensure cleanup
|
|
439
|
+
bar.title = "-> LLM security scan failed!"
|
|
440
|
+
sys.exit(1)
|
|
441
|
+
except queue.Empty:
|
|
442
|
+
pass
|
|
443
|
+
|
|
444
|
+
# Update the progress by incrementing by the difference
|
|
445
|
+
if progress_counter["completed"] > previous_completed:
|
|
446
|
+
bar(progress_counter["completed"] - previous_completed)
|
|
447
|
+
previous_completed = progress_counter["completed"]
|
|
448
|
+
|
|
449
|
+
time.sleep(0.5) # Update every 500ms
|
|
450
|
+
|
|
451
|
+
# Wait for process to complete
|
|
452
|
+
process.wait()
|
|
453
|
+
|
|
454
|
+
# Wait a bit more for any final findings to be written
|
|
455
|
+
time.sleep(1)
|
|
456
|
+
|
|
457
|
+
# Process any remaining findings
|
|
458
|
+
if os.path.exists(report_path):
|
|
459
|
+
try:
|
|
460
|
+
with open(report_path, "r", encoding="utf-8") as report_file:
|
|
461
|
+
lines = report_file.readlines()
|
|
462
|
+
for i, line in enumerate(lines):
|
|
463
|
+
if i not in processed_lines and line.strip():
|
|
464
|
+
self._process_finding_line(
|
|
465
|
+
line,
|
|
466
|
+
reports,
|
|
467
|
+
streaming_callback,
|
|
468
|
+
progress_counter,
|
|
469
|
+
)
|
|
470
|
+
except Exception as e:
|
|
471
|
+
logger.error(f"Error processing final findings: {e}")
|
|
472
|
+
|
|
473
|
+
bar.title = "-> LLM security scan completed!"
|
|
474
|
+
|
|
475
|
+
except Exception as error:
|
|
476
|
+
bar.title = "-> LLM security scan failed!"
|
|
477
|
+
raise error
|
|
478
|
+
|
|
479
|
+
# Check for errors
|
|
480
|
+
stderr = process.stderr.read()
|
|
481
|
+
if stderr:
|
|
482
|
+
logger.error(f"Promptfoo stderr:\n{stderr}")
|
|
483
|
+
|
|
484
|
+
if (
|
|
485
|
+
process.returncode != 0
|
|
486
|
+
and process.returncode != 100
|
|
487
|
+
and process.returncode is not None
|
|
488
|
+
and process.returncode != -2
|
|
489
|
+
):
|
|
490
|
+
logger.error(
|
|
491
|
+
f"Promptfoo exited with a non-zero exit code: {process.returncode}"
|
|
492
|
+
)
|
|
493
|
+
sys.exit(1)
|
|
494
|
+
|
|
495
|
+
return reports
|
|
496
|
+
|
|
497
|
+
def print_credentials(self):
|
|
498
|
+
"""Print the LLM provider credentials and configuration"""
|
|
499
|
+
report_title = f"{Style.BRIGHT}Scanning LLM:{Style.RESET_ALL}"
|
|
500
|
+
report_lines = [
|
|
501
|
+
f"Target LLM: {Fore.YELLOW}{self.model}{Style.RESET_ALL}",
|
|
502
|
+
]
|
|
503
|
+
if self.plugins:
|
|
504
|
+
report_lines.append(
|
|
505
|
+
f"Plugins: {Fore.YELLOW}{', '.join(self.plugins)}{Style.RESET_ALL}"
|
|
506
|
+
)
|
|
507
|
+
if self.config_path:
|
|
508
|
+
report_lines.append(
|
|
509
|
+
f"Config file: {Fore.YELLOW}{self.config_path}{Style.RESET_ALL}"
|
|
510
|
+
)
|
|
511
|
+
else:
|
|
512
|
+
report_lines.append("Using promptfoo default configuration")
|
|
513
|
+
|
|
514
|
+
report_lines.append(
|
|
515
|
+
f"Max concurrency: {Fore.YELLOW}{self.max_concurrency}{Style.RESET_ALL}"
|
|
516
|
+
)
|
|
517
|
+
|
|
518
|
+
print_boxes(report_lines, report_title)
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
from prowler.config.config import output_file_timestamp
|
|
2
|
+
from prowler.providers.common.models import ProviderOutputOptions
|
|
3
|
+
|
|
4
|
+
|
|
5
|
+
class LLMOutputOptions(ProviderOutputOptions):
|
|
6
|
+
"""
|
|
7
|
+
LLMOutputOptions overrides ProviderOutputOptions for LLM-specific output logic.
|
|
8
|
+
For example, generating a filename that includes the LLM tenant_id.
|
|
9
|
+
|
|
10
|
+
Attributes inherited from ProviderOutputOptions:
|
|
11
|
+
- output_filename (str): The base filename used for generated reports.
|
|
12
|
+
- output_directory (str): The directory to store the output files.
|
|
13
|
+
- ... see ProviderOutputOptions for more details.
|
|
14
|
+
|
|
15
|
+
Methods:
|
|
16
|
+
- __init__: Customizes the output filename logic for LLM.
|
|
17
|
+
"""
|
|
18
|
+
|
|
19
|
+
def __init__(self, arguments, bulk_checks_metadata):
|
|
20
|
+
super().__init__(arguments, bulk_checks_metadata)
|
|
21
|
+
|
|
22
|
+
# If --output-filename is not specified, build a default name.
|
|
23
|
+
if not getattr(arguments, "output_filename", None):
|
|
24
|
+
self.output_filename = f"prowler-output-llm-{output_file_timestamp}"
|
|
25
|
+
# If --output-filename was explicitly given, respect that
|
|
26
|
+
else:
|
|
27
|
+
self.output_filename = arguments.output_filename
|
|
@@ -94,26 +94,6 @@ class M365BaseException(ProwlerException):
|
|
|
94
94
|
"message": "Tenant Id is required for Microsoft 365 static credentials. Make sure you are using the correct credentials.",
|
|
95
95
|
"remediation": "Check the Microsoft 365 Tenant ID and ensure it is properly set up.",
|
|
96
96
|
},
|
|
97
|
-
(6022, "M365MissingEnvironmentCredentialsError"): {
|
|
98
|
-
"message": "User and Password environment variables are needed to use Credentials authentication method.",
|
|
99
|
-
"remediation": "Ensure your environment variables are properly set up.",
|
|
100
|
-
},
|
|
101
|
-
(6023, "M365UserCredentialsError"): {
|
|
102
|
-
"message": "The provided User credentials are not valid.",
|
|
103
|
-
"remediation": "Check the User credentials and ensure they are valid.",
|
|
104
|
-
},
|
|
105
|
-
(6024, "M365NotValidUserError"): {
|
|
106
|
-
"message": "The provided User is not valid.",
|
|
107
|
-
"remediation": "Check the User and ensure it is a valid user.",
|
|
108
|
-
},
|
|
109
|
-
(6025, "M365NotValidPasswordError"): {
|
|
110
|
-
"message": "The provided Password is not valid.",
|
|
111
|
-
"remediation": "Check the Password and ensure it is a valid password.",
|
|
112
|
-
},
|
|
113
|
-
(6026, "M365UserNotBelongingToTenantError"): {
|
|
114
|
-
"message": "The provided User does not belong to the specified tenant.",
|
|
115
|
-
"remediation": "Check the User email domain and ensure it belongs to the specified tenant.",
|
|
116
|
-
},
|
|
117
97
|
(6027, "M365GraphConnectionError"): {
|
|
118
98
|
"message": "Failed to establish connection to Microsoft Graph API.",
|
|
119
99
|
"remediation": "Check your Microsoft Application credentials and ensure the app has proper permissions.",
|
|
@@ -315,41 +295,6 @@ class M365NotTenantIdButClientIdAndClientSecretError(M365CredentialsError):
|
|
|
315
295
|
)
|
|
316
296
|
|
|
317
297
|
|
|
318
|
-
class M365MissingEnvironmentCredentialsError(M365CredentialsError):
|
|
319
|
-
def __init__(self, file=None, original_exception=None, message=None):
|
|
320
|
-
super().__init__(
|
|
321
|
-
6022, file=file, original_exception=original_exception, message=message
|
|
322
|
-
)
|
|
323
|
-
|
|
324
|
-
|
|
325
|
-
class M365UserCredentialsError(M365CredentialsError):
|
|
326
|
-
def __init__(self, file=None, original_exception=None, message=None):
|
|
327
|
-
super().__init__(
|
|
328
|
-
6023, file=file, original_exception=original_exception, message=message
|
|
329
|
-
)
|
|
330
|
-
|
|
331
|
-
|
|
332
|
-
class M365NotValidUserError(M365CredentialsError):
|
|
333
|
-
def __init__(self, file=None, original_exception=None, message=None):
|
|
334
|
-
super().__init__(
|
|
335
|
-
6024, file=file, original_exception=original_exception, message=message
|
|
336
|
-
)
|
|
337
|
-
|
|
338
|
-
|
|
339
|
-
class M365NotValidPasswordError(M365CredentialsError):
|
|
340
|
-
def __init__(self, file=None, original_exception=None, message=None):
|
|
341
|
-
super().__init__(
|
|
342
|
-
6025, file=file, original_exception=original_exception, message=message
|
|
343
|
-
)
|
|
344
|
-
|
|
345
|
-
|
|
346
|
-
class M365UserNotBelongingToTenantError(M365CredentialsError):
|
|
347
|
-
def __init__(self, file=None, original_exception=None, message=None):
|
|
348
|
-
super().__init__(
|
|
349
|
-
6026, file=file, original_exception=original_exception, message=message
|
|
350
|
-
)
|
|
351
|
-
|
|
352
|
-
|
|
353
298
|
class M365GraphConnectionError(M365CredentialsError):
|
|
354
299
|
def __init__(self, file=None, original_exception=None, message=None):
|
|
355
300
|
super().__init__(
|
|
@@ -1,3 +1,6 @@
|
|
|
1
|
+
import argparse
|
|
2
|
+
|
|
3
|
+
|
|
1
4
|
def init_parser(self):
|
|
2
5
|
"""Init the M365 Provider CLI parser"""
|
|
3
6
|
m365_parser = self.subparsers.add_parser(
|
|
@@ -14,14 +17,15 @@ def init_parser(self):
|
|
|
14
17
|
help="Use Azure CLI authentication to log in against Microsoft 365",
|
|
15
18
|
)
|
|
16
19
|
m365_auth_modes_group.add_argument(
|
|
17
|
-
"--env-auth",
|
|
20
|
+
"--sp-env-auth",
|
|
18
21
|
action="store_true",
|
|
19
|
-
help="Use
|
|
22
|
+
help="Use Service Principal environment variables authentication to log in against Microsoft 365",
|
|
20
23
|
)
|
|
21
24
|
m365_auth_modes_group.add_argument(
|
|
22
|
-
"--
|
|
25
|
+
"--env-auth",
|
|
26
|
+
dest="sp_env_auth",
|
|
23
27
|
action="store_true",
|
|
24
|
-
help=
|
|
28
|
+
help=argparse.SUPPRESS,
|
|
25
29
|
)
|
|
26
30
|
m365_auth_modes_group.add_argument(
|
|
27
31
|
"--browser-auth",
|