PyPI - prowler-cloud - Versions diffs - 5.14.2__py3-none-any.whl → 5.15.0__py3-none-any.whl - Mend

prowler-cloud 5.14.2py3-none-any.whl → 5.15.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (326) hide show

prowler/lib/outputs/compliance/cis/cis_alibabacloud.py ADDED Viewed

@@ -0,0 +1,106 @@
+from prowler.config.config import timestamp
+from prowler.lib.check.compliance_models import Compliance
+from prowler.lib.outputs.compliance.cis.models import AlibabaCloudCISModel
+from prowler.lib.outputs.compliance.compliance_output import ComplianceOutput
+from prowler.lib.outputs.finding import Finding
+class AlibabaCloudCIS(ComplianceOutput):
+    """
+    This class represents the Alibaba Cloud CIS compliance output.
+    Attributes:
+        - _data (list): A list to store transformed data from findings.
+        - _file_descriptor (TextIOWrapper): A file descriptor to write data to a file.
+    Methods:
+        - transform: Transforms findings into Alibaba Cloud CIS compliance format.
+    """
+    def transform(
+        self,
+        findings: list[Finding],
+        compliance: Compliance,
+        compliance_name: str,
+    ) -> None:
+        """
+        Transforms a list of findings into Alibaba Cloud CIS compliance format.
+        Parameters:
+            - findings (list): A list of findings.
+            - compliance (Compliance): A compliance model.
+            - compliance_name (str): The name of the compliance model.
+        Returns:
+            - None
+        """
+        for finding in findings:
+            # Get the compliance requirements for the finding
+            finding_requirements = finding.compliance.get(compliance_name, [])
+            for requirement in compliance.Requirements:
+                if requirement.Id in finding_requirements:
+                    for attribute in requirement.Attributes:
+                        compliance_row = AlibabaCloudCISModel(
+                            Provider=finding.provider,
+                            Description=compliance.Description,
+                            AccountId=finding.account_uid,
+                            Region=finding.region,
+                            AssessmentDate=str(timestamp),
+                            Requirements_Id=requirement.Id,
+                            Requirements_Description=requirement.Description,
+                            Requirements_Attributes_Section=attribute.Section,
+                            Requirements_Attributes_SubSection=attribute.SubSection,
+                            Requirements_Attributes_Profile=attribute.Profile,
+                            Requirements_Attributes_AssessmentStatus=attribute.AssessmentStatus,
+                            Requirements_Attributes_Description=attribute.Description,
+                            Requirements_Attributes_RationaleStatement=attribute.RationaleStatement,
+                            Requirements_Attributes_ImpactStatement=attribute.ImpactStatement,
+                            Requirements_Attributes_RemediationProcedure=attribute.RemediationProcedure,
+                            Requirements_Attributes_AuditProcedure=attribute.AuditProcedure,
+                            Requirements_Attributes_AdditionalInformation=attribute.AdditionalInformation,
+                            Requirements_Attributes_DefaultValue=attribute.DefaultValue,
+                            Requirements_Attributes_References=attribute.References,
+                            Status=finding.status,
+                            StatusExtended=finding.status_extended,
+                            ResourceId=finding.resource_uid,
+                            ResourceName=finding.resource_name,
+                            CheckId=finding.check_id,
+                            Muted=finding.muted,
+                            Framework=compliance.Framework,
+                            Name=compliance.Name,
+                        )
+                        self._data.append(compliance_row)
+        # Add manual requirements to the compliance output
+        for requirement in compliance.Requirements:
+            if not requirement.Checks:
+                for attribute in requirement.Attributes:
+                    compliance_row = AlibabaCloudCISModel(
+                        Provider=compliance.Provider.lower(),
+                        Description=compliance.Description,
+                        AccountId="",
+                        Region="",
+                        AssessmentDate=str(timestamp),
+                        Requirements_Id=requirement.Id,
+                        Requirements_Description=requirement.Description,
+                        Requirements_Attributes_Section=attribute.Section,
+                        Requirements_Attributes_SubSection=attribute.SubSection,
+                        Requirements_Attributes_Profile=attribute.Profile,
+                        Requirements_Attributes_AssessmentStatus=attribute.AssessmentStatus,
+                        Requirements_Attributes_Description=attribute.Description,
+                        Requirements_Attributes_RationaleStatement=attribute.RationaleStatement,
+                        Requirements_Attributes_ImpactStatement=attribute.ImpactStatement,
+                        Requirements_Attributes_RemediationProcedure=attribute.RemediationProcedure,
+                        Requirements_Attributes_AuditProcedure=attribute.AuditProcedure,
+                        Requirements_Attributes_AdditionalInformation=attribute.AdditionalInformation,
+                        Requirements_Attributes_DefaultValue=attribute.DefaultValue,
+                        Requirements_Attributes_References=attribute.References,
+                        Status="MANUAL",
+                        StatusExtended="Manual check",
+                        ResourceId="manual_check",
+                        ResourceName="Manual check",
+                        CheckId="manual",
+                        Muted=False,
+                        Framework=compliance.Framework,
+                        Name=compliance.Name,
+                    )
+                    self._data.append(compliance_row)

prowler/lib/outputs/compliance/cis/models.py CHANGED Viewed

@@ -241,6 +241,40 @@ class OracleCloudCISModel(BaseModel):
     Name: str
+class AlibabaCloudCISModel(BaseModel):
+    """
+    AlibabaCloudCISModel generates a finding's output in Alibaba Cloud CIS Compliance format.
+    """
+    Provider: str
+    Description: str
+    AccountId: str
+    Region: str
+    AssessmentDate: str
+    Requirements_Id: str
+    Requirements_Description: str
+    Requirements_Attributes_Section: str
+    Requirements_Attributes_SubSection: Optional[str] = None
+    Requirements_Attributes_Profile: str
+    Requirements_Attributes_AssessmentStatus: str
+    Requirements_Attributes_Description: str
+    Requirements_Attributes_RationaleStatement: str
+    Requirements_Attributes_ImpactStatement: str
+    Requirements_Attributes_RemediationProcedure: str
+    Requirements_Attributes_AuditProcedure: str
+    Requirements_Attributes_AdditionalInformation: str
+    Requirements_Attributes_DefaultValue: Optional[str] = None
+    Requirements_Attributes_References: str
+    Status: str
+    StatusExtended: str
+    ResourceId: str
+    ResourceName: str
+    CheckId: str
+    Muted: bool
+    Framework: str
+    Name: str
 # Compliance models alias for backwards compatibility
 CIS_AWS = AWSCISModel
 CIS_Azure = AzureCISModel
@@ -249,6 +283,7 @@ CIS_Kubernetes = KubernetesCISModel
 CIS_M365 = M365CISModel
 CIS_Github = GithubCISModel
 CIS_OracleCloud = OracleCloudCISModel
+CIS_AlibabaCloud = AlibabaCloudCISModel
 # TODO: Create a parent class for the common fields of CIS and have the specific classes from each provider to inherit from it.

prowler/lib/outputs/finding.py CHANGED Viewed

@@ -342,6 +342,22 @@ class Finding(BaseModel):
                 output_data["resource_uid"] = check_output.resource_id
                 output_data["region"] = check_output.region
+            elif provider.type == "alibabacloud":
+                output_data["auth_method"] = get_nested_attribute(
+                    provider, "identity.identity_arn"
+                )
+                output_data["account_uid"] = get_nested_attribute(
+                    provider, "identity.account_id"
+                )
+                output_data["account_name"] = get_nested_attribute(
+                    provider, "identity.account_name"
+                )
+                output_data["resource_name"] = check_output.resource_id
+                output_data["resource_uid"] = getattr(
+                    check_output, "resource_arn", check_output.resource_id
+                )
+                output_data["region"] = check_output.region
             # check_output Unique ID
             # TODO: move this to a function
             # TODO: in Azure, GCP and K8s there are findings without resource_name

prowler/lib/outputs/html/html.py CHANGED Viewed

@@ -1022,6 +1022,73 @@ class HTML(Output):
             )
             return ""
+    @staticmethod
+    def get_alibabacloud_assessment_summary(provider: Provider) -> str:
+        """
+        get_alibabacloud_assessment_summary gets the HTML assessment summary for the Alibaba Cloud provider
+        Args:
+            provider (Provider): the Alibaba Cloud provider object
+        Returns:
+            str: HTML assessment summary for the Alibaba Cloud provider
+        """
+        try:
+            account_id = getattr(provider.identity, "account_id", "unknown")
+            account_name = getattr(provider.identity, "account_name", "")
+            audited_regions = getattr(
+                provider.identity, "audited_regions", "All Regions"
+            )
+            identity_arn = getattr(provider.identity, "identity_arn", "unknown")
+            user_name = getattr(provider.identity, "user_name", "unknown")
+            account_name_item = (
+                f"""
+                            <li class="list-group-item">
+                                <b>Account Name:</b> {account_name}
+                            </li>"""
+                if account_name
+                else ""
+            )
+            return f"""
+                <div class="col-md-2">
+                    <div class="card">
+                        <div class="card-header">
+                            Alibaba Cloud Assessment Summary
+                        </div>
+                        <ul class="list-group list-group-flush">
+                            <li class="list-group-item">
+                                <b>Account ID:</b> {account_id}
+                            </li>
+                            {account_name_item}
+                            <li class="list-group-item">
+                                <b>Audited Regions:</b> {audited_regions}
+                            </li>
+                        </ul>
+                    </div>
+                </div>
+                <div class="col-md-4">
+                    <div class="card">
+                        <div class="card-header">
+                            Alibaba Cloud Credentials
+                        </div>
+                        <ul class="list-group list-group-flush">
+                            <li class="list-group-item">
+                                <b>User Name:</b> {user_name}
+                            </li>
+                            <li class="list-group-item">
+                                <b>Identity ARN:</b> {identity_arn}
+                            </li>
+                        </ul>
+                    </div>
+                </div>"""
+        except Exception as error:
+            logger.error(
+                f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}] -- {error}"
+            )
+            return ""
     @staticmethod
     def get_assessment_summary(provider: Provider) -> str:
         """

prowler/lib/outputs/outputs.py CHANGED Viewed

@@ -30,6 +30,8 @@ def stdout_report(finding, color, verbose, status, fix):
         details = finding.check_metadata.CheckID
     if finding.check_metadata.Provider == "oraclecloud":
         details = finding.region
+    if finding.check_metadata.Provider == "alibabacloud":
+        details = finding.region
     if (verbose or fix) and (not status or finding.status in status):
         if finding.muted:

prowler/lib/outputs/summary_table.py CHANGED Viewed

@@ -74,6 +74,9 @@ def display_summary_table(
                 if provider.identity.tenancy_name != "unknown"
                 else provider.identity.tenancy_id
             )
+        elif provider.type == "alibabacloud":
+            entity_type = "Account"
+            audited_entities = provider.identity.account_id
         # Check if there are findings and that they are not all MANUAL
         if findings and not all(finding.status == "MANUAL" for finding in findings):

prowler/providers/alibabacloud/__init__.py ADDED Viewed

File without changes

prowler-cloud 5.14.2__py3-none-any.whl → 5.15.0__py3-none-any.whl

prowler-cloud 5.14.2py3-none-any.whl → 5.15.0py3-none-any.whl