prowler-cloud 5.13.1__py3-none-any.whl → 5.14.0__py3-none-any.whl

prowler/lib/outputs/compliance/c5/c5_gcp.py

@@ -0,0 +1,92 @@
+from prowler.config.config import timestamp
+from prowler.lib.check.compliance_models import Compliance
+from prowler.lib.outputs.compliance.c5.models import GCPC5Model
+from prowler.lib.outputs.compliance.compliance_output import ComplianceOutput
+from prowler.lib.outputs.finding import Finding
+
+
+class GCPC5(ComplianceOutput):
+    """
+    This class represents the GCP C5 compliance output.
+
+    Attributes:
+        - _data (list): A list to store transformed data from findings.
+        - _file_descriptor (TextIOWrapper): A file descriptor to write data to a file.
+
+    Methods:
+        - transform: Transforms findings into GCP C5 compliance format.
+    """
+
+    def transform(
+        self,
+        findings: list[Finding],
+        compliance: Compliance,
+        compliance_name: str,
+    ) -> None:
+        """
+        Transforms a list of findings into GCP C5 compliance format.
+
+        Parameters:
+            - findings (list): A list of findings.
+            - compliance (Compliance): A compliance model.
+            - compliance_name (str): The name of the compliance model.
+
+        Returns:
+            - None
+        """
+        for finding in findings:
+            # Get the compliance requirements for the finding
+            finding_requirements = finding.compliance.get(compliance_name, [])
+            for requirement in compliance.Requirements:
+                if requirement.Id in finding_requirements:
+                    for attribute in requirement.Attributes:
+                        compliance_row = GCPC5Model(
+                            Provider=finding.provider,
+                            Description=compliance.Description,
+                            ProjectId=finding.account_uid,
+                            Location=finding.region,
+                            AssessmentDate=str(timestamp),
+                            Requirements_Id=requirement.Id,
+                            Requirements_Description=requirement.Description,
+                            Requirements_Attributes_Section=attribute.Section,
+                            Requirements_Attributes_SubSection=attribute.SubSection,
+                            Requirements_Attributes_Type=attribute.Type,
+                            Requirements_Attributes_AboutCriteria=attribute.AboutCriteria,
+                            Requirements_Attributes_ComplementaryCriteria=attribute.ComplementaryCriteria,
+                            Status=finding.status,
+                            StatusExtended=finding.status_extended,
+                            ResourceId=finding.resource_uid,
+                            ResourceName=finding.resource_name,
+                            CheckId=finding.check_id,
+                            Muted=finding.muted,
+                            Framework=compliance.Framework,
+                            Name=compliance.Name,
+                        )
+                        self._data.append(compliance_row)
+        # Add manual requirements to the compliance output
+        for requirement in compliance.Requirements:
+            if not requirement.Checks:
+                for attribute in requirement.Attributes:
+                    compliance_row = GCPC5Model(
+                        Provider=compliance.Provider.lower(),
+                        Description=compliance.Description,
+                        ProjectId="",
+                        Location="",
+                        AssessmentDate=str(timestamp),
+                        Requirements_Id=requirement.Id,
+                        Requirements_Description=requirement.Description,
+                        Requirements_Attributes_Section=attribute.Section,
+                        Requirements_Attributes_SubSection=attribute.SubSection,
+                        Requirements_Attributes_Type=attribute.Type,
+                        Requirements_Attributes_AboutCriteria=attribute.AboutCriteria,
+                        Requirements_Attributes_ComplementaryCriteria=attribute.ComplementaryCriteria,
+                        Status="MANUAL",
+                        StatusExtended="Manual check",
+                        ResourceId="manual_check",
+                        ResourceName="Manual check",
+                        CheckId="manual",
+                        Muted=False,
+                        Framework=compliance.Framework,
+                        Name=compliance.Name,
+                    )
+                    self._data.append(compliance_row)

prowler/lib/outputs/compliance/c5/models.py

@@ -28,3 +28,57 @@ class AWSC5Model(BaseModel):
     Muted: bool
     Framework: str
     Name: str
+
+
+class AzureC5Model(BaseModel):
+    """
+    AzureC5Model generates a finding's output in Azure C5 Compliance format.
+    """
+
+    Provider: str
+    Description: str
+    SubscriptionId: str
+    Location: str
+    AssessmentDate: str
+    Requirements_Id: str
+    Requirements_Description: str
+    Requirements_Attributes_Section: str
+    Requirements_Attributes_SubSection: str = None
+    Requirements_Attributes_Type: str = None
+    Requirements_Attributes_AboutCriteria: Optional[str] = None
+    Requirements_Attributes_ComplementaryCriteria: Optional[str] = None
+    Status: str
+    StatusExtended: str
+    ResourceId: str
+    ResourceName: str
+    CheckId: str
+    Muted: bool
+    Framework: str
+    Name: str
+
+
+class GCPC5Model(BaseModel):
+    """
+    GCPC5Model generates a finding's output in GCP C5 Compliance format.
+    """
+
+    Provider: str
+    Description: str
+    ProjectId: str
+    Location: str
+    AssessmentDate: str
+    Requirements_Id: str
+    Requirements_Description: str
+    Requirements_Attributes_Section: str
+    Requirements_Attributes_SubSection: str = None
+    Requirements_Attributes_Type: str = None
+    Requirements_Attributes_AboutCriteria: Optional[str] = None
+    Requirements_Attributes_ComplementaryCriteria: Optional[str] = None
+    Status: str
+    StatusExtended: str
+    ResourceId: str
+    ResourceName: str
+    CheckId: str
+    Muted: bool
+    Framework: str
+    Name: str

prowler/lib/outputs/compliance/cis/{cis_oci.py → cis_oraclecloud.py}

@@ -1,20 +1,20 @@
 from prowler.config.config import timestamp
 from prowler.lib.check.compliance_models import Compliance
-from prowler.lib.outputs.compliance.cis.models import OCICISModel
+from prowler.lib.outputs.compliance.cis.models import OracleCloudCISModel
 from prowler.lib.outputs.compliance.compliance_output import ComplianceOutput
 from prowler.lib.outputs.finding import Finding
 
 
-class OCICIS(ComplianceOutput):
+class OracleCloudCIS(ComplianceOutput):
     """
-    This class represents the OCI CIS compliance output.
+    This class represents the Oracle Cloud CIS compliance output.
 
     Attributes:
         - _data (list): A list to store transformed data from findings.
         - _file_descriptor (TextIOWrapper): A file descriptor to write data to a file.
 
     Methods:
-        - transform: Transforms findings into OCI CIS compliance format.
+        - transform: Transforms findings into Oracle Cloud CIS compliance format.
     """
 
     def transform(
@@ -24,7 +24,7 @@ class OCICIS(ComplianceOutput):
         compliance_name: str,
     ) -> None:
         """
-        Transforms a list of findings into OCI CIS compliance format.
+        Transforms a list of findings into Oracle Cloud CIS compliance format.
 
         Parameters:
             - findings (list): A list of findings.
@@ -40,7 +40,7 @@ class OCICIS(ComplianceOutput):
             for requirement in compliance.Requirements:
                 if requirement.Id in finding_requirements:
                     for attribute in requirement.Attributes:
-                        compliance_row = OCICISModel(
+                        compliance_row = OracleCloudCISModel(
                             Provider=finding.provider,
                             Description=compliance.Description,
                             TenancyId=finding.account_uid,
@@ -74,7 +74,7 @@ class OCICIS(ComplianceOutput):
         for requirement in compliance.Requirements:
             if not requirement.Checks:
                 for attribute in requirement.Attributes:
-                    compliance_row = OCICISModel(
+                    compliance_row = OracleCloudCISModel(
                         Provider=compliance.Provider.lower(),
                         Description=compliance.Description,
                         TenancyId="",

prowler/lib/outputs/compliance/cis/models.py

@@ -207,9 +207,9 @@ class GithubCISModel(BaseModel):
     Name: str
 
 
-class OCICISModel(BaseModel):
+class OracleCloudCISModel(BaseModel):
     """
-    OCICISModel generates a finding's output in OCI CIS Compliance format.
+    OracleCloudCISModel generates a finding's output in Oracle Cloud CIS Compliance format.
     """
 
     Provider: str
@@ -248,7 +248,7 @@ CIS_GCP = GCPCISModel
 CIS_Kubernetes = KubernetesCISModel
 CIS_M365 = M365CISModel
 CIS_Github = GithubCISModel
-CIS_OCI = OCICISModel
+CIS_OracleCloud = OracleCloudCISModel
 
 
 # TODO: Create a parent class for the common fields of CIS and have the specific classes from each provider to inherit from it.

prowler/lib/outputs/compliance/prowler_threatscore/models.py

@@ -117,3 +117,32 @@ class ProwlerThreatScoreM365Model(BaseModel):
     Muted: bool
     Framework: str
     Name: str
+
+
+class ProwlerThreatScoreKubernetesModel(BaseModel):
+    """
+    ProwlerThreatScoreKubernetesModel generates a finding's output in Kubernetes Prowler ThreatScore Compliance format.
+    """
+
+    Provider: str
+    Description: str
+    Context: str
+    Namespace: str
+    AssessmentDate: str
+    Requirements_Id: str
+    Requirements_Description: str
+    Requirements_Attributes_Title: str
+    Requirements_Attributes_Section: str
+    Requirements_Attributes_SubSection: Optional[str] = None
+    Requirements_Attributes_AttributeDescription: str
+    Requirements_Attributes_AdditionalInformation: str
+    Requirements_Attributes_LevelOfRisk: int
+    Requirements_Attributes_Weight: int
+    Status: str
+    StatusExtended: str
+    ResourceId: str
+    ResourceName: str
+    CheckId: str
+    Muted: bool
+    Framework: str
+    Name: str

prowler/lib/outputs/compliance/prowler_threatscore/prowler_threatscore_kubernetes.py

@@ -0,0 +1,98 @@
+from prowler.config.config import timestamp
+from prowler.lib.check.compliance_models import Compliance
+from prowler.lib.outputs.compliance.compliance_output import ComplianceOutput
+from prowler.lib.outputs.compliance.prowler_threatscore.models import (
+    ProwlerThreatScoreKubernetesModel,
+)
+from prowler.lib.outputs.finding import Finding
+
+
+class ProwlerThreatScoreKubernetes(ComplianceOutput):
+    """
+    This class represents the Kubernetes Prowler ThreatScore compliance output.
+
+    Attributes:
+        - _data (list): A list to store transformed data from findings.
+        - _file_descriptor (TextIOWrapper): A file descriptor to write data to a file.
+
+    Methods:
+        - transform: Transforms findings into Kubernetes Prowler ThreatScore compliance format.
+    """
+
+    def transform(
+        self,
+        findings: list[Finding],
+        compliance: Compliance,
+        compliance_name: str,
+    ) -> None:
+        """
+        Transforms a list of findings into Kubernetes Prowler ThreatScore compliance format.
+
+        Parameters:
+            - findings (list): A list of findings.
+            - compliance (Compliance): A compliance model.
+            - compliance_name (str): The name of the compliance model.
+
+        Returns:
+            - None
+        """
+        for finding in findings:
+            # Get the compliance requirements for the finding
+            finding_requirements = finding.compliance.get(compliance_name, [])
+            for requirement in compliance.Requirements:
+                if requirement.Id in finding_requirements:
+                    for attribute in requirement.Attributes:
+                        compliance_row = ProwlerThreatScoreKubernetesModel(
+                            Provider=finding.provider,
+                            Description=compliance.Description,
+                            Context=finding.account_name,
+                            Namespace=finding.region,
+                            AssessmentDate=str(timestamp),
+                            Requirements_Id=requirement.Id,
+                            Requirements_Description=requirement.Description,
+                            Requirements_Attributes_Title=attribute.Title,
+                            Requirements_Attributes_Section=attribute.Section,
+                            Requirements_Attributes_SubSection=attribute.SubSection,
+                            Requirements_Attributes_AttributeDescription=attribute.AttributeDescription,
+                            Requirements_Attributes_AdditionalInformation=attribute.AdditionalInformation,
+                            Requirements_Attributes_LevelOfRisk=attribute.LevelOfRisk,
+                            Requirements_Attributes_Weight=attribute.Weight,
+                            Status=finding.status,
+                            StatusExtended=finding.status_extended,
+                            ResourceId=finding.resource_uid,
+                            ResourceName=finding.resource_name,
+                            CheckId=finding.check_id,
+                            Muted=finding.muted,
+                            Framework=compliance.Framework,
+                            Name=compliance.Name,
+                        )
+                        self._data.append(compliance_row)
+        # Add manual requirements to the compliance output
+        for requirement in compliance.Requirements:
+            if not requirement.Checks:
+                for attribute in requirement.Attributes:
+                    compliance_row = ProwlerThreatScoreKubernetesModel(
+                        Provider=compliance.Provider.lower(),
+                        Description=compliance.Description,
+                        Context="",
+                        Namespace="",
+                        AssessmentDate=str(timestamp),
+                        Requirements_Id=requirement.Id,
+                        Requirements_Description=requirement.Description,
+                        Requirements_Attributes_Title=attribute.Title,
+                        Requirements_Attributes_Section=attribute.Section,
+                        Requirements_Attributes_SubSection=attribute.SubSection,
+                        Requirements_Attributes_AttributeDescription=attribute.AttributeDescription,
+                        Requirements_Attributes_AdditionalInformation=attribute.AdditionalInformation,
+                        Requirements_Attributes_LevelOfRisk=attribute.LevelOfRisk,
+                        Requirements_Attributes_Weight=attribute.Weight,
+                        Status="MANUAL",
+                        StatusExtended="Manual check",
+                        ResourceId="manual_check",
+                        ResourceName="Manual check",
+                        CheckId="manual",
+                        Muted=False,
+                        Framework=compliance.Framework,
+                        Name=compliance.Name,
+                    )
+                    self._data.append(compliance_row)

prowler/lib/outputs/finding.py

@@ -309,10 +309,15 @@ class Finding(BaseModel):
                 output_data["auth_method"] = provider.auth_method
                 output_data["account_uid"] = "iac"
                 output_data["account_name"] = "iac"
-                output_data["resource_name"] = check_output.resource_name
-                output_data["resource_uid"] = check_output.resource_name
-                output_data["region"] = check_output.resource_line_range
-                output_data["resource_line_range"] = check_output.resource_line_range
+                output_data["resource_name"] = getattr(
+                    check_output, "resource_name", ""
+                )
+                output_data["resource_uid"] = getattr(check_output, "resource_name", "")
+                # For IaC, resource_line_range only exists on CheckReportIAC, not on Finding objects
+                output_data["region"] = getattr(check_output, "region", "global")
+                output_data["resource_line_range"] = getattr(
+                    check_output, "resource_line_range", ""
+                )
                 output_data["framework"] = check_output.check_metadata.ServiceName
 
             elif provider.type == "llm":
@@ -323,7 +328,7 @@ class Finding(BaseModel):
                 output_data["resource_uid"] = check_output.model
                 output_data["region"] = check_output.model
 
-            elif provider.type == "oci":
+            elif provider.type == "oraclecloud":
                 output_data["auth_method"] = (
                     f"Profile: {get_nested_attribute(provider, 'session.profile')}"
                 )
@@ -407,6 +412,12 @@ class Finding(BaseModel):
             finding.subscription = list(provider.identity.subscriptions.keys())[0]
         elif provider.type == "gcp":
             finding.project_id = list(provider.projects.keys())[0]
+        elif provider.type == "iac":
+            # For IaC, we don't have resource_line_range in the Finding model
+            # It would need to be extracted from the resource metadata if needed
+            finding.resource_line_range = ""  # Set empty for compatibility
+        elif provider.type == "oraclecloud":
+            finding.compartment_id = getattr(finding, "compartment_id", "")
 
         finding.check_metadata = CheckMetadata(
             Provider=finding.check_metadata["provider"],

prowler/lib/outputs/html/html.py

@@ -241,7 +241,7 @@ class HTML(Output):
                     <th scope="col">Status</th>
                     <th scope="col">Severity</th>
                     <th scope="col">Service Name</th>
-                    <th scope="col">{"Line Range" if provider.type == "iac" else "Region"}</th>
+                    <th scope="col">Region</th>
                     <th style="width:20%" scope="col">Check ID</th>
                     <th style="width:20%" scope="col">Check Title</th>
                     <th scope="col">Resource ID</th>
@@ -974,18 +974,20 @@ class HTML(Output):
             return ""
 
     @staticmethod
-    def get_oci_assessment_summary(provider: Provider) -> str:
+    def get_oraclecloud_assessment_summary(provider: Provider) -> str:
         """
-        get_oci_assessment_summary gets the HTML assessment summary for the OCI provider
+        get_oraclecloud_assessment_summary gets the HTML assessment summary for the OracleCloud provider
 
         Args:
-            provider (Provider): the OCI provider object
+            provider (Provider): the OracleCloud provider object
 
         Returns:
-            str: HTML assessment summary for the OCI provider
+            str: HTML assessment summary for the OracleCloud provider
         """
         try:
             profile = getattr(provider.session, "profile", "default")
+            if profile is None:
+                profile = "instance-principal"
             tenancy_name = getattr(provider.identity, "tenancy_name", "unknown")
             tenancy_id = getattr(provider.identity, "tenancy_id", "unknown")
 
@@ -993,11 +995,11 @@ class HTML(Output):
                 <div class="col-md-2">
                     <div class="card">
                         <div class="card-header">
-                            OCI Assessment Summary
+                            OracleCloud Assessment Summary
                         </div>
                         <ul class="list-group list-group-flush">
                             <li class="list-group-item">
-                                <b>OCI Tenancy:</b> {tenancy_name if tenancy_name != "unknown" else tenancy_id}
+                                <b>OracleCloud Tenancy:</b> {tenancy_name if tenancy_name != "unknown" else tenancy_id}
                             </li>
                         </ul>
                     </div>
@@ -1005,7 +1007,7 @@ class HTML(Output):
                 <div class="col-md-4">
                     <div class="card">
                         <div class="card-header">
-                            OCI Credentials
+                            OracleCloud Credentials
                         </div>
                         <ul class="list-group list-group-flush">
                             <li class="list-group-item">

prowler/lib/outputs/outputs.py

@@ -28,7 +28,7 @@ def stdout_report(finding, color, verbose, status, fix):
         details = finding.check_metadata.CheckID
     if finding.check_metadata.Provider == "iac":
         details = finding.check_metadata.CheckID
-    if finding.check_metadata.Provider == "oci":
+    if finding.check_metadata.Provider == "oraclecloud":
         details = finding.region
 
     if (verbose or fix) and (not status or finding.status in status):

prowler/lib/outputs/summary_table.py

@@ -67,7 +67,7 @@ def display_summary_table(
         elif provider.type == "llm":
             entity_type = "LLM"
             audited_entities = provider.model
-        elif provider.type == "oci":
+        elif provider.type == "oraclecloud":
             entity_type = "Tenancy"
             audited_entities = (
                 provider.identity.tenancy_name

prowler/lib/powershell/powershell.py

@@ -220,18 +220,19 @@ class PowerShellSession:
         if output == "":
             return {}
 
-        json_match = re.search(r"(\[.*\]|\{.*\})", output, re.DOTALL)
-        if not json_match:
-            logger.error(
-                f"Unexpected PowerShell output: {output}\n",
-            )
-        else:
+        decoder = json.JSONDecoder()
+        for index, character in enumerate(output):
+            if character not in ("{", "["):
+                continue
             try:
-                return json.loads(json_match.group(1))
-            except json.JSONDecodeError as error:
-                logger.error(
-                    f"Error parsing PowerShell output as JSON: {str(error)}\n",
-                )
+                parsed_json, _ = decoder.raw_decode(output[index:])
+                return parsed_json
+            except json.JSONDecodeError:
+                continue
+
+        logger.error(
+            f"Unexpected PowerShell output: {output}\n",
+        )
 
         return {}