prowler-cloud 5.14.2__py3-none-any.whl → 5.15.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- dashboard/assets/images/providers/alibabacloud_provider.png +0 -0
- dashboard/compliance/cis_2_0_alibabacloud.py +24 -0
- dashboard/lib/layouts.py +1 -0
- dashboard/pages/compliance.py +8 -2
- dashboard/pages/overview.py +52 -1
- prowler/CHANGELOG.md +53 -21
- prowler/__main__.py +34 -0
- prowler/compliance/alibabacloud/__init__.py +0 -0
- prowler/compliance/alibabacloud/cis_2.0_alibabacloud.json +1833 -0
- prowler/compliance/aws/iso27001_2013_aws.json +158 -158
- prowler/compliance/aws/soc2_aws.json +100 -0
- prowler/compliance/azure/rbi_cyber_security_framework_azure.json +248 -0
- prowler/compliance/azure/soc2_azure.json +87 -1
- prowler/compliance/gcp/soc2_gcp.json +82 -1
- prowler/config/config.py +2 -1
- prowler/lib/check/check.py +4 -0
- prowler/lib/check/models.py +23 -0
- prowler/lib/check/utils.py +1 -1
- prowler/lib/cli/parser.py +3 -2
- prowler/lib/outputs/compliance/cis/cis_alibabacloud.py +106 -0
- prowler/lib/outputs/compliance/cis/models.py +35 -0
- prowler/lib/outputs/finding.py +16 -0
- prowler/lib/outputs/html/html.py +67 -0
- prowler/lib/outputs/outputs.py +2 -0
- prowler/lib/outputs/summary_table.py +3 -0
- prowler/providers/alibabacloud/__init__.py +0 -0
- prowler/providers/alibabacloud/alibabacloud_provider.py +872 -0
- prowler/providers/alibabacloud/config.py +41 -0
- prowler/providers/alibabacloud/exceptions/__init__.py +0 -0
- prowler/providers/alibabacloud/exceptions/exceptions.py +116 -0
- prowler/providers/alibabacloud/lib/__init__.py +0 -0
- prowler/providers/alibabacloud/lib/arguments/__init__.py +0 -0
- prowler/providers/alibabacloud/lib/arguments/arguments.py +58 -0
- prowler/providers/alibabacloud/lib/mutelist/__init__.py +0 -0
- prowler/providers/alibabacloud/lib/mutelist/mutelist.py +175 -0
- prowler/providers/alibabacloud/lib/service/__init__.py +0 -0
- prowler/providers/alibabacloud/lib/service/service.py +113 -0
- prowler/providers/alibabacloud/models.py +266 -0
- prowler/providers/alibabacloud/services/__init__.py +0 -0
- prowler/providers/alibabacloud/services/actiontrail/__init__.py +0 -0
- prowler/providers/alibabacloud/services/actiontrail/actiontrail_client.py +6 -0
- prowler/providers/alibabacloud/services/actiontrail/actiontrail_multi_region_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/actiontrail/actiontrail_multi_region_enabled/actiontrail_multi_region_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/actiontrail/actiontrail_multi_region_enabled/actiontrail_multi_region_enabled.py +81 -0
- prowler/providers/alibabacloud/services/actiontrail/actiontrail_oss_bucket_not_publicly_accessible/__init__.py +0 -0
- prowler/providers/alibabacloud/services/actiontrail/actiontrail_oss_bucket_not_publicly_accessible/actiontrail_oss_bucket_not_publicly_accessible.metadata.json +40 -0
- prowler/providers/alibabacloud/services/actiontrail/actiontrail_oss_bucket_not_publicly_accessible/actiontrail_oss_bucket_not_publicly_accessible.py +119 -0
- prowler/providers/alibabacloud/services/actiontrail/actiontrail_service.py +110 -0
- prowler/providers/alibabacloud/services/cs/__init__.py +0 -0
- prowler/providers/alibabacloud/services/cs/cs_client.py +4 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_cloudmonitor_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_cloudmonitor_enabled/cs_kubernetes_cloudmonitor_enabled.metadata.json +38 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_cloudmonitor_enabled/cs_kubernetes_cloudmonitor_enabled.py +26 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_cluster_check_recent/__init__.py +0 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_cluster_check_recent/cs_kubernetes_cluster_check_recent.metadata.json +38 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_cluster_check_recent/cs_kubernetes_cluster_check_recent.py +62 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_cluster_check_weekly/cs_kubernetes_cluster_check_weekly.metadata.json +38 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_cluster_check_weekly/cs_kubernetes_cluster_check_weekly.py +62 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_dashboard_disabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_dashboard_disabled/cs_kubernetes_dashboard_disabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_dashboard_disabled/cs_kubernetes_dashboard_disabled.py +26 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_eni_multiple_ip_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_eni_multiple_ip_enabled/cs_kubernetes_eni_multiple_ip_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_eni_multiple_ip_enabled/cs_kubernetes_eni_multiple_ip_enabled.py +26 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_log_service_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_log_service_enabled/cs_kubernetes_log_service_enabled.metadata.json +40 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_log_service_enabled/cs_kubernetes_log_service_enabled.py +26 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_network_policy_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_network_policy_enabled/cs_kubernetes_network_policy_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_network_policy_enabled/cs_kubernetes_network_policy_enabled.py +26 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_private_cluster_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_private_cluster_enabled/cs_kubernetes_private_cluster_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_private_cluster_enabled/cs_kubernetes_private_cluster_enabled.py +26 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_rbac_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_rbac_enabled/cs_kubernetes_rbac_enabled.metadata.json +40 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_rbac_enabled/cs_kubernetes_rbac_enabled.py +28 -0
- prowler/providers/alibabacloud/services/cs/cs_service.py +354 -0
- prowler/providers/alibabacloud/services/ecs/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ecs/ecs_attached_disk_encrypted/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ecs/ecs_attached_disk_encrypted/ecs_attached_disk_encrypted.metadata.json +38 -0
- prowler/providers/alibabacloud/services/ecs/ecs_attached_disk_encrypted/ecs_attached_disk_encrypted.py +38 -0
- prowler/providers/alibabacloud/services/ecs/ecs_client.py +4 -0
- prowler/providers/alibabacloud/services/ecs/ecs_instance_endpoint_protection_installed/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ecs/ecs_instance_endpoint_protection_installed/ecs_instance_endpoint_protection_installed.metadata.json +41 -0
- prowler/providers/alibabacloud/services/ecs/ecs_instance_endpoint_protection_installed/ecs_instance_endpoint_protection_installed.py +47 -0
- prowler/providers/alibabacloud/services/ecs/ecs_instance_latest_os_patches_applied/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ecs/ecs_instance_latest_os_patches_applied/ecs_instance_latest_os_patches_applied.metadata.json +38 -0
- prowler/providers/alibabacloud/services/ecs/ecs_instance_latest_os_patches_applied/ecs_instance_latest_os_patches_applied.py +50 -0
- prowler/providers/alibabacloud/services/ecs/ecs_instance_no_legacy_network/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ecs/ecs_instance_no_legacy_network/ecs_instance_no_legacy_network.metadata.json +38 -0
- prowler/providers/alibabacloud/services/ecs/ecs_instance_no_legacy_network/ecs_instance_no_legacy_network.py +34 -0
- prowler/providers/alibabacloud/services/ecs/ecs_securitygroup_restrict_rdp_internet/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ecs/ecs_securitygroup_restrict_rdp_internet/ecs_securitygroup_restrict_rdp_internet.metadata.json +39 -0
- prowler/providers/alibabacloud/services/ecs/ecs_securitygroup_restrict_rdp_internet/ecs_securitygroup_restrict_rdp_internet.py +68 -0
- prowler/providers/alibabacloud/services/ecs/ecs_securitygroup_restrict_ssh_internet/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ecs/ecs_securitygroup_restrict_ssh_internet/ecs_securitygroup_restrict_ssh_internet.metadata.json +39 -0
- prowler/providers/alibabacloud/services/ecs/ecs_securitygroup_restrict_ssh_internet/ecs_securitygroup_restrict_ssh_internet.py +68 -0
- prowler/providers/alibabacloud/services/ecs/ecs_service.py +380 -0
- prowler/providers/alibabacloud/services/ecs/ecs_unattached_disk_encrypted/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ecs/ecs_unattached_disk_encrypted/ecs_unattached_disk_encrypted.metadata.json +38 -0
- prowler/providers/alibabacloud/services/ecs/ecs_unattached_disk_encrypted/ecs_unattached_disk_encrypted.py +38 -0
- prowler/providers/alibabacloud/services/ecs/lib/security_groups.py +23 -0
- prowler/providers/alibabacloud/services/oss/__init__.py +0 -0
- prowler/providers/alibabacloud/services/oss/oss_bucket_logging_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/oss/oss_bucket_logging_enabled/oss_bucket_logging_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/oss/oss_bucket_logging_enabled/oss_bucket_logging_enabled.py +37 -0
- prowler/providers/alibabacloud/services/oss/oss_bucket_not_publicly_accessible/__init__.py +0 -0
- prowler/providers/alibabacloud/services/oss/oss_bucket_not_publicly_accessible/oss_bucket_not_publicly_accessible.metadata.json +39 -0
- prowler/providers/alibabacloud/services/oss/oss_bucket_not_publicly_accessible/oss_bucket_not_publicly_accessible.py +89 -0
- prowler/providers/alibabacloud/services/oss/oss_bucket_secure_transport_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/oss/oss_bucket_secure_transport_enabled/oss_bucket_secure_transport_enabled.metadata.json +38 -0
- prowler/providers/alibabacloud/services/oss/oss_bucket_secure_transport_enabled/oss_bucket_secure_transport_enabled.py +87 -0
- prowler/providers/alibabacloud/services/oss/oss_client.py +4 -0
- prowler/providers/alibabacloud/services/oss/oss_service.py +317 -0
- prowler/providers/alibabacloud/services/ram/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ram/ram_client.py +4 -0
- prowler/providers/alibabacloud/services/ram/ram_no_root_access_key/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ram/ram_no_root_access_key/ram_no_root_access_key.metadata.json +39 -0
- prowler/providers/alibabacloud/services/ram/ram_no_root_access_key/ram_no_root_access_key.py +33 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_lowercase/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_lowercase/ram_password_policy_lowercase.metadata.json +39 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_lowercase/ram_password_policy_lowercase.py +32 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_max_login_attempts/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_max_login_attempts/ram_password_policy_max_login_attempts.metadata.json +39 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_max_login_attempts/ram_password_policy_max_login_attempts.py +32 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_max_password_age/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_max_password_age/ram_password_policy_max_password_age.metadata.json +39 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_max_password_age/ram_password_policy_max_password_age.py +35 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_minimum_length/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_minimum_length/ram_password_policy_minimum_length.metadata.json +39 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_minimum_length/ram_password_policy_minimum_length.py +30 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_number/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_number/ram_password_policy_number.metadata.json +39 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_password_reuse_prevention/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_password_reuse_prevention/ram_password_policy_password_reuse_prevention.metadata.json +39 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_password_reuse_prevention/ram_password_policy_password_reuse_prevention.py +35 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_symbol/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_symbol/ram_password_policy_symbol.metadata.json +39 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_symbol/ram_password_policy_symbol.py +34 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_uppercase/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_uppercase/ram_password_policy_uppercase.metadata.json +39 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_uppercase/ram_password_policy_uppercase.py +32 -0
- prowler/providers/alibabacloud/services/ram/ram_policy_attached_only_to_group_or_roles/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ram/ram_policy_attached_only_to_group_or_roles/ram_policy_attached_only_to_group_or_roles.metadata.json +39 -0
- prowler/providers/alibabacloud/services/ram/ram_policy_attached_only_to_group_or_roles/ram_policy_attached_only_to_group_or_roles.py +35 -0
- prowler/providers/alibabacloud/services/ram/ram_policy_no_administrative_privileges/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ram/ram_policy_no_administrative_privileges/ram_policy_no_administrative_privileges.metadata.json +39 -0
- prowler/providers/alibabacloud/services/ram/ram_policy_no_administrative_privileges/ram_policy_no_administrative_privileges.py +73 -0
- prowler/providers/alibabacloud/services/ram/ram_rotate_access_key_90_days/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ram/ram_rotate_access_key_90_days/ram_rotate_access_key_90_days.metadata.json +39 -0
- prowler/providers/alibabacloud/services/ram/ram_rotate_access_key_90_days/ram_rotate_access_key_90_days.py +58 -0
- prowler/providers/alibabacloud/services/ram/ram_service.py +478 -0
- prowler/providers/alibabacloud/services/ram/ram_user_console_access_unused/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ram/ram_user_console_access_unused/ram_user_console_access_unused.metadata.json +39 -0
- prowler/providers/alibabacloud/services/ram/ram_user_console_access_unused/ram_user_console_access_unused.py +56 -0
- prowler/providers/alibabacloud/services/ram/ram_user_mfa_enabled_console_access/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ram/ram_user_mfa_enabled_console_access/ram_user_mfa_enabled_console_access.metadata.json +39 -0
- prowler/providers/alibabacloud/services/ram/ram_user_mfa_enabled_console_access/ram_user_mfa_enabled_console_access.py +36 -0
- prowler/providers/alibabacloud/services/rds/__init__.py +0 -0
- prowler/providers/alibabacloud/services/rds/rds_client.py +4 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_no_public_access_whitelist/__init__.py +0 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_no_public_access_whitelist/rds_instance_no_public_access_whitelist.metadata.json +39 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_no_public_access_whitelist/rds_instance_no_public_access_whitelist.py +36 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_postgresql_log_connections_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_postgresql_log_connections_enabled/rds_instance_postgresql_log_connections_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_postgresql_log_connections_enabled/rds_instance_postgresql_log_connections_enabled.py +29 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_postgresql_log_disconnections_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_postgresql_log_disconnections_enabled/rds_instance_postgresql_log_disconnections_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_postgresql_log_disconnections_enabled/rds_instance_postgresql_log_disconnections_enabled.py +29 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_postgresql_log_duration_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_postgresql_log_duration_enabled/rds_instance_postgresql_log_duration_enabled.metadata.json +38 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_postgresql_log_duration_enabled/rds_instance_postgresql_log_duration_enabled.py +29 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_sql_audit_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_sql_audit_enabled/rds_instance_sql_audit_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_sql_audit_enabled/rds_instance_sql_audit_enabled.py +32 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_sql_audit_retention/__init__.py +0 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_sql_audit_retention/rds_instance_sql_audit_retention.metadata.json +39 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_sql_audit_retention/rds_instance_sql_audit_retention.py +41 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_ssl_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_ssl_enabled/rds_instance_ssl_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_ssl_enabled/rds_instance_ssl_enabled.py +30 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_tde_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_tde_enabled/rds_instance_tde_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_tde_enabled/rds_instance_tde_enabled.py +32 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_tde_key_custom/__init__.py +0 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_tde_key_custom/rds_instance_tde_key_custom.metadata.json +39 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_tde_key_custom/rds_instance_tde_key_custom.py +38 -0
- prowler/providers/alibabacloud/services/rds/rds_service.py +274 -0
- prowler/providers/alibabacloud/services/securitycenter/__init__.py +0 -0
- prowler/providers/alibabacloud/services/securitycenter/securitycenter_advanced_or_enterprise_edition/__init__.py +0 -0
- prowler/providers/alibabacloud/services/securitycenter/securitycenter_advanced_or_enterprise_edition/securitycenter_advanced_or_enterprise_edition.metadata.json +43 -0
- prowler/providers/alibabacloud/services/securitycenter/securitycenter_advanced_or_enterprise_edition/securitycenter_advanced_or_enterprise_edition.py +48 -0
- prowler/providers/alibabacloud/services/securitycenter/securitycenter_all_assets_agent_installed/__init__.py +0 -0
- prowler/providers/alibabacloud/services/securitycenter/securitycenter_all_assets_agent_installed/securitycenter_all_assets_agent_installed.metadata.json +42 -0
- prowler/providers/alibabacloud/services/securitycenter/securitycenter_all_assets_agent_installed/securitycenter_all_assets_agent_installed.py +48 -0
- prowler/providers/alibabacloud/services/securitycenter/securitycenter_client.py +6 -0
- prowler/providers/alibabacloud/services/securitycenter/securitycenter_notification_enabled_high_risk/__init__.py +0 -0
- prowler/providers/alibabacloud/services/securitycenter/securitycenter_notification_enabled_high_risk/securitycenter_notification_enabled_high_risk.metadata.json +42 -0
- prowler/providers/alibabacloud/services/securitycenter/securitycenter_notification_enabled_high_risk/securitycenter_notification_enabled_high_risk.py +65 -0
- prowler/providers/alibabacloud/services/securitycenter/securitycenter_service.py +394 -0
- prowler/providers/alibabacloud/services/securitycenter/securitycenter_vulnerability_scan_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/securitycenter/securitycenter_vulnerability_scan_enabled/securitycenter_vulnerability_scan_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/securitycenter/securitycenter_vulnerability_scan_enabled/securitycenter_vulnerability_scan_enabled.py +68 -0
- prowler/providers/alibabacloud/services/sls/__init__.py +0 -0
- prowler/providers/alibabacloud/services/sls/sls_client.py +4 -0
- prowler/providers/alibabacloud/services/sls/sls_cloud_firewall_changes_alert_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/sls/sls_cloud_firewall_changes_alert_enabled/sls_cloud_firewall_changes_alert_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/sls/sls_cloud_firewall_changes_alert_enabled/sls_cloud_firewall_changes_alert_enabled.py +50 -0
- prowler/providers/alibabacloud/services/sls/sls_customer_created_cmk_changes_alert_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/sls/sls_customer_created_cmk_changes_alert_enabled/sls_customer_created_cmk_changes_alert_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/sls/sls_customer_created_cmk_changes_alert_enabled/sls_customer_created_cmk_changes_alert_enabled.py +48 -0
- prowler/providers/alibabacloud/services/sls/sls_logstore_retention_period/__init__.py +0 -0
- prowler/providers/alibabacloud/services/sls/sls_logstore_retention_period/sls_logstore_retention_period.metadata.json +38 -0
- prowler/providers/alibabacloud/services/sls/sls_logstore_retention_period/sls_logstore_retention_period.py +32 -0
- prowler/providers/alibabacloud/services/sls/sls_management_console_authentication_failures_alert_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/sls/sls_management_console_authentication_failures_alert_enabled/sls_management_console_authentication_failures_alert_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/sls/sls_management_console_authentication_failures_alert_enabled/sls_management_console_authentication_failures_alert_enabled.py +44 -0
- prowler/providers/alibabacloud/services/sls/sls_management_console_signin_without_mfa_alert_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/sls/sls_management_console_signin_without_mfa_alert_enabled/sls_management_console_signin_without_mfa_alert_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/sls/sls_management_console_signin_without_mfa_alert_enabled/sls_management_console_signin_without_mfa_alert_enabled.py +49 -0
- prowler/providers/alibabacloud/services/sls/sls_oss_bucket_policy_changes_alert_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/sls/sls_oss_bucket_policy_changes_alert_enabled/sls_oss_bucket_policy_changes_alert_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/sls/sls_oss_bucket_policy_changes_alert_enabled/sls_oss_bucket_policy_changes_alert_enabled.py +57 -0
- prowler/providers/alibabacloud/services/sls/sls_oss_permission_changes_alert_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/sls/sls_oss_permission_changes_alert_enabled/sls_oss_permission_changes_alert_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/sls/sls_oss_permission_changes_alert_enabled/sls_oss_permission_changes_alert_enabled.py +48 -0
- prowler/providers/alibabacloud/services/sls/sls_ram_role_changes_alert_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/sls/sls_ram_role_changes_alert_enabled/sls_ram_role_changes_alert_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/sls/sls_ram_role_changes_alert_enabled/sls_ram_role_changes_alert_enabled.py +54 -0
- prowler/providers/alibabacloud/services/sls/sls_rds_instance_configuration_changes_alert_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/sls/sls_rds_instance_configuration_changes_alert_enabled/sls_rds_instance_configuration_changes_alert_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/sls/sls_rds_instance_configuration_changes_alert_enabled/sls_rds_instance_configuration_changes_alert_enabled.py +72 -0
- prowler/providers/alibabacloud/services/sls/sls_root_account_usage_alert_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/sls/sls_root_account_usage_alert_enabled/sls_root_account_usage_alert_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/sls/sls_root_account_usage_alert_enabled/sls_root_account_usage_alert_enabled.py +50 -0
- prowler/providers/alibabacloud/services/sls/sls_security_group_changes_alert_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/sls/sls_security_group_changes_alert_enabled/sls_security_group_changes_alert_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/sls/sls_security_group_changes_alert_enabled/sls_security_group_changes_alert_enabled.py +56 -0
- prowler/providers/alibabacloud/services/sls/sls_service.py +137 -0
- prowler/providers/alibabacloud/services/sls/sls_unauthorized_api_calls_alert_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/sls/sls_unauthorized_api_calls_alert_enabled/sls_unauthorized_api_calls_alert_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/sls/sls_unauthorized_api_calls_alert_enabled/sls_unauthorized_api_calls_alert_enabled.py +56 -0
- prowler/providers/alibabacloud/services/sls/sls_vpc_changes_alert_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/sls/sls_vpc_changes_alert_enabled/sls_vpc_changes_alert_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/sls/sls_vpc_changes_alert_enabled/sls_vpc_changes_alert_enabled.py +57 -0
- prowler/providers/alibabacloud/services/sls/sls_vpc_network_route_changes_alert_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/sls/sls_vpc_network_route_changes_alert_enabled/sls_vpc_network_route_changes_alert_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/sls/sls_vpc_network_route_changes_alert_enabled/sls_vpc_network_route_changes_alert_enabled.py +52 -0
- prowler/providers/alibabacloud/services/vpc/__init__.py +0 -0
- prowler/providers/alibabacloud/services/vpc/vpc_client.py +4 -0
- prowler/providers/alibabacloud/services/vpc/vpc_flow_logs_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/vpc/vpc_flow_logs_enabled/vpc_flow_logs_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/vpc/vpc_flow_logs_enabled/vpc_flow_logs_enabled.py +30 -0
- prowler/providers/alibabacloud/services/vpc/vpc_service.py +102 -0
- prowler/providers/aws/aws_regions_by_service.json +20 -0
- prowler/providers/aws/services/apigateway/apigateway_restapi_waf_acl_attached/apigateway_restapi_waf_acl_attached.metadata.json +1 -3
- prowler/providers/aws/services/cloudtrail/cloudtrail_insights_exist/cloudtrail_insights_exist.metadata.json +1 -1
- prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured/cloudwatch_changes_to_network_acls_alarm_configured.metadata.json +1 -2
- prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured/cloudwatch_changes_to_network_gateways_alarm_configured.metadata.json +1 -2
- prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured/cloudwatch_changes_to_network_route_tables_alarm_configured.metadata.json +1 -2
- prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_vpcs_alarm_configured/cloudwatch_changes_to_vpcs_alarm_configured.metadata.json +1 -2
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled.metadata.json +1 -2
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled.metadata.json +1 -2
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_authentication_failures/cloudwatch_log_metric_filter_authentication_failures.metadata.json +1 -2
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_aws_organizations_changes/cloudwatch_log_metric_filter_aws_organizations_changes.metadata.json +1 -2
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes.metadata.json +1 -2
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_policy_changes/cloudwatch_log_metric_filter_policy_changes.metadata.json +1 -2
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_root_usage/cloudwatch_log_metric_filter_root_usage.metadata.json +1 -2
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_security_group_changes/cloudwatch_log_metric_filter_security_group_changes.metadata.json +1 -2
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_sign_in_without_mfa/cloudwatch_log_metric_filter_sign_in_without_mfa.metadata.json +1 -2
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_unauthorized_api_calls/cloudwatch_log_metric_filter_unauthorized_api_calls.metadata.json +0 -1
- prowler/providers/aws/services/guardduty/guardduty_centrally_managed/guardduty_centrally_managed.metadata.json +16 -10
- prowler/providers/aws/services/guardduty/guardduty_ec2_malware_protection_enabled/guardduty_ec2_malware_protection_enabled.metadata.json +23 -14
- prowler/providers/aws/services/guardduty/guardduty_eks_audit_log_enabled/guardduty_eks_audit_log_enabled.metadata.json +19 -13
- prowler/providers/aws/services/guardduty/guardduty_eks_runtime_monitoring_enabled/guardduty_eks_runtime_monitoring_enabled.metadata.json +18 -12
- prowler/providers/aws/services/guardduty/guardduty_is_enabled/guardduty_is_enabled.metadata.json +24 -13
- prowler/providers/aws/services/guardduty/guardduty_lambda_protection_enabled/guardduty_lambda_protection_enabled.metadata.json +20 -14
- prowler/providers/aws/services/guardduty/guardduty_no_high_severity_findings/guardduty_no_high_severity_findings.metadata.json +18 -9
- prowler/providers/aws/services/guardduty/guardduty_rds_protection_enabled/guardduty_rds_protection_enabled.metadata.json +18 -11
- prowler/providers/aws/services/guardduty/guardduty_s3_protection_enabled/guardduty_s3_protection_enabled.metadata.json +21 -12
- prowler/providers/aws/services/lightsail/lightsail_database_public/lightsail_database_public.metadata.json +21 -13
- prowler/providers/aws/services/lightsail/lightsail_instance_automated_snapshots/lightsail_instance_automated_snapshots.metadata.json +24 -13
- prowler/providers/aws/services/lightsail/lightsail_instance_public/lightsail_instance_public.metadata.json +21 -13
- prowler/providers/aws/services/lightsail/lightsail_static_ip_unused/lightsail_static_ip_unused.metadata.json +23 -14
- prowler/providers/aws/services/macie/macie_automated_sensitive_data_discovery_enabled/macie_automated_sensitive_data_discovery_enabled.metadata.json +20 -12
- prowler/providers/aws/services/macie/macie_is_enabled/macie_is_enabled.metadata.json +17 -12
- prowler/providers/aws/services/mq/mq_broker_active_deployment_mode/mq_broker_active_deployment_mode.metadata.json +22 -13
- prowler/providers/aws/services/mq/mq_broker_auto_minor_version_upgrades/mq_broker_auto_minor_version_upgrades.metadata.json +21 -12
- prowler/providers/aws/services/mq/mq_broker_cluster_deployment_mode/mq_broker_cluster_deployment_mode.metadata.json +23 -14
- prowler/providers/aws/services/mq/mq_broker_logging_enabled/mq_broker_logging_enabled.metadata.json +22 -13
- prowler/providers/aws/services/mq/mq_broker_not_publicly_accessible/mq_broker_not_publicly_accessible.metadata.json +20 -12
- prowler/providers/aws/services/networkfirewall/networkfirewall_deletion_protection/networkfirewall_deletion_protection.metadata.json +21 -13
- prowler/providers/aws/services/networkfirewall/networkfirewall_in_all_vpc/networkfirewall_in_all_vpc.metadata.json +23 -13
- prowler/providers/aws/services/networkfirewall/networkfirewall_logging_enabled/networkfirewall_logging_enabled.metadata.json +20 -13
- prowler/providers/aws/services/networkfirewall/networkfirewall_multi_az/networkfirewall_multi_az.metadata.json +22 -14
- prowler/providers/aws/services/networkfirewall/networkfirewall_policy_default_action_fragmented_packets/networkfirewall_policy_default_action_fragmented_packets.metadata.json +26 -14
- prowler/providers/aws/services/networkfirewall/networkfirewall_policy_default_action_full_packets/networkfirewall_policy_default_action_full_packets.metadata.json +22 -13
- prowler/providers/aws/services/networkfirewall/networkfirewall_policy_rule_group_associated/networkfirewall_policy_rule_group_associated.metadata.json +25 -14
- prowler/providers/common/provider.py +12 -0
- prowler/providers/gcp/services/accesscontextmanager/__init__.py +0 -0
- prowler/providers/gcp/services/accesscontextmanager/accesscontextmanager_client.py +6 -0
- prowler/providers/gcp/services/accesscontextmanager/accesscontextmanager_service.py +101 -0
- prowler/providers/gcp/services/cloudresourcemanager/cloudresourcemanager_service.py +10 -0
- prowler/providers/gcp/services/cloudstorage/cloudstorage_service.py +13 -0
- prowler/providers/gcp/services/cloudstorage/cloudstorage_uses_vpc_service_controls/__init__.py +0 -0
- prowler/providers/gcp/services/cloudstorage/cloudstorage_uses_vpc_service_controls/cloudstorage_uses_vpc_service_controls.metadata.json +36 -0
- prowler/providers/gcp/services/cloudstorage/cloudstorage_uses_vpc_service_controls/cloudstorage_uses_vpc_service_controls.py +67 -0
- prowler/providers/gcp/services/compute/compute_instance_automatic_restart_enabled/__init__.py +0 -0
- prowler/providers/gcp/services/compute/compute_instance_automatic_restart_enabled/compute_instance_automatic_restart_enabled.metadata.json +36 -0
- prowler/providers/gcp/services/compute/compute_instance_automatic_restart_enabled/compute_instance_automatic_restart_enabled.py +35 -0
- prowler/providers/gcp/services/compute/compute_instance_deletion_protection_enabled/__init__.py +0 -0
- prowler/providers/gcp/services/compute/compute_instance_deletion_protection_enabled/compute_instance_deletion_protection_enabled.metadata.json +36 -0
- prowler/providers/gcp/services/compute/compute_instance_deletion_protection_enabled/compute_instance_deletion_protection_enabled.py +29 -0
- prowler/providers/gcp/services/compute/compute_instance_preemptible_vm_disabled/__init__.py +0 -0
- prowler/providers/gcp/services/compute/compute_instance_preemptible_vm_disabled/compute_instance_preemptible_vm_disabled.metadata.json +37 -0
- prowler/providers/gcp/services/compute/compute_instance_preemptible_vm_disabled/compute_instance_preemptible_vm_disabled.py +32 -0
- prowler/providers/gcp/services/compute/compute_service.py +16 -0
- prowler/providers/github/services/repository/repository_immutable_releases_enabled/__init__.py +0 -0
- prowler/providers/github/services/repository/repository_immutable_releases_enabled/repository_immutable_releases_enabled.metadata.json +33 -0
- prowler/providers/github/services/repository/repository_immutable_releases_enabled/repository_immutable_releases_enabled.py +41 -0
- prowler/providers/github/services/repository/repository_service.py +52 -0
- {prowler_cloud-5.14.2.dist-info → prowler_cloud-5.15.0.dist-info}/METADATA +40 -22
- {prowler_cloud-5.14.2.dist-info → prowler_cloud-5.15.0.dist-info}/RECORD +326 -73
- {prowler_cloud-5.14.2.dist-info → prowler_cloud-5.15.0.dist-info}/LICENSE +0 -0
- {prowler_cloud-5.14.2.dist-info → prowler_cloud-5.15.0.dist-info}/WHEEL +0 -0
- {prowler_cloud-5.14.2.dist-info → prowler_cloud-5.15.0.dist-info}/entry_points.txt +0 -0
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
"""Alibaba Cloud Provider Configuration Constants"""
|
|
2
|
+
|
|
3
|
+
ALIBABACLOUD_DEFAULT_REGION = "cn-hangzhou"
|
|
4
|
+
ROLE_SESSION_NAME = "ProwlerAssessmentSession"
|
|
5
|
+
|
|
6
|
+
# Alibaba Cloud SDK Configuration
|
|
7
|
+
ALIBABACLOUD_SDK_READ_TIMEOUT = 60 # seconds
|
|
8
|
+
ALIBABACLOUD_SDK_CONNECT_TIMEOUT = 10 # seconds
|
|
9
|
+
|
|
10
|
+
# Alibaba Cloud Regions - Only publicly accessible regions
|
|
11
|
+
# Note: Some regions may require special approval or are not globally available
|
|
12
|
+
ALIBABACLOUD_REGIONS = {
|
|
13
|
+
# China Regions
|
|
14
|
+
"cn-qingdao": "China (Qingdao)",
|
|
15
|
+
"cn-beijing": "China (Beijing)",
|
|
16
|
+
"cn-zhangjiakou": "China (Zhangjiakou)",
|
|
17
|
+
"cn-huhehaote": "China (Hohhot)",
|
|
18
|
+
"cn-wulanchabu": "China (Ulanqab)",
|
|
19
|
+
"cn-hangzhou": "China (Hangzhou)",
|
|
20
|
+
"cn-shanghai": "China (Shanghai)",
|
|
21
|
+
"cn-shenzhen": "China (Shenzhen)",
|
|
22
|
+
"cn-heyuan": "China (Heyuan)",
|
|
23
|
+
"cn-guangzhou": "China (Guangzhou)",
|
|
24
|
+
"cn-chengdu": "China (Chengdu)",
|
|
25
|
+
"cn-hongkong": "China (Hong Kong)",
|
|
26
|
+
# Asia-Pacific Regions
|
|
27
|
+
"ap-northeast-1": "Japan (Tokyo)",
|
|
28
|
+
"ap-northeast-2": "South Korea (Seoul)",
|
|
29
|
+
"ap-southeast-1": "Singapore",
|
|
30
|
+
"ap-southeast-3": "Malaysia (Kuala Lumpur)",
|
|
31
|
+
"ap-southeast-5": "Indonesia (Jakarta)",
|
|
32
|
+
"ap-southeast-6": "Philippines (Manila)",
|
|
33
|
+
"ap-southeast-7": "Thailand (Bangkok)",
|
|
34
|
+
# US Regions
|
|
35
|
+
"us-east-1": "US (Virginia)",
|
|
36
|
+
"us-west-1": "US (Silicon Valley)",
|
|
37
|
+
# Europe & Middle East Regions
|
|
38
|
+
"eu-west-1": "UK (London)",
|
|
39
|
+
"me-east-1": "UAE (Dubai)",
|
|
40
|
+
"eu-central-1": "Germany (Frankfurt)",
|
|
41
|
+
}
|
|
File without changes
|
|
@@ -0,0 +1,116 @@
|
|
|
1
|
+
from prowler.exceptions.exceptions import ProwlerException
|
|
2
|
+
|
|
3
|
+
|
|
4
|
+
# Exceptions codes from 10000 to 10999 are reserved for AlibabaCloud exceptions
|
|
5
|
+
class AlibabaCloudBaseException(ProwlerException):
|
|
6
|
+
"""Base class for Alibaba Cloud Provider exceptions"""
|
|
7
|
+
|
|
8
|
+
ALIBABACLOUD_ERROR_CODES = {
|
|
9
|
+
(10000, "AlibabaCloudClientError"): {
|
|
10
|
+
"message": "Alibaba Cloud ClientError occurred",
|
|
11
|
+
"remediation": "Check your Alibaba Cloud client configuration and permissions.",
|
|
12
|
+
},
|
|
13
|
+
(10001, "AlibabaCloudNoCredentialsError"): {
|
|
14
|
+
"message": "No credentials found for Alibaba Cloud provider",
|
|
15
|
+
"remediation": "Verify that Alibaba Cloud credentials are properly set up. Access Key ID and Access Key Secret are required.",
|
|
16
|
+
},
|
|
17
|
+
(10002, "AlibabaCloudInvalidCredentialsError"): {
|
|
18
|
+
"message": "Invalid credentials provided for Alibaba Cloud provider",
|
|
19
|
+
"remediation": "Check your Alibaba Cloud credentials and ensure they are valid and have proper permissions.",
|
|
20
|
+
},
|
|
21
|
+
(10003, "AlibabaCloudSetUpSessionError"): {
|
|
22
|
+
"message": "Failed to set up session for Alibaba Cloud provider",
|
|
23
|
+
"remediation": "Check the Alibaba Cloud session setup and ensure it is properly configured.",
|
|
24
|
+
},
|
|
25
|
+
(10004, "AlibabaCloudAssumeRoleError"): {
|
|
26
|
+
"message": "Failed to assume role for Alibaba Cloud provider",
|
|
27
|
+
"remediation": "Check the Alibaba Cloud assume role configuration and ensure it is properly set up.",
|
|
28
|
+
},
|
|
29
|
+
(10005, "AlibabaCloudInvalidRegionError"): {
|
|
30
|
+
"message": "Invalid region specified for Alibaba Cloud provider",
|
|
31
|
+
"remediation": "Check the region and ensure it is a valid region for Alibaba Cloud.",
|
|
32
|
+
},
|
|
33
|
+
(10006, "AlibabaCloudArgumentTypeValidationError"): {
|
|
34
|
+
"message": "Alibaba Cloud argument type validation error",
|
|
35
|
+
"remediation": "Check the provided argument types specific to Alibaba Cloud and ensure they meet the required format.",
|
|
36
|
+
},
|
|
37
|
+
(10007, "AlibabaCloudHTTPError"): {
|
|
38
|
+
"message": "Alibaba Cloud HTTP/API error",
|
|
39
|
+
"remediation": "Check the Alibaba Cloud API request and response, and ensure the service is accessible.",
|
|
40
|
+
},
|
|
41
|
+
}
|
|
42
|
+
|
|
43
|
+
def __init__(self, code, file=None, original_exception=None, message=None):
|
|
44
|
+
error_info = self.ALIBABACLOUD_ERROR_CODES.get((code, self.__class__.__name__))
|
|
45
|
+
if message:
|
|
46
|
+
error_info["message"] = message
|
|
47
|
+
super().__init__(
|
|
48
|
+
code,
|
|
49
|
+
source="AlibabaCloud",
|
|
50
|
+
file=file,
|
|
51
|
+
original_exception=original_exception,
|
|
52
|
+
error_info=error_info,
|
|
53
|
+
)
|
|
54
|
+
|
|
55
|
+
|
|
56
|
+
class AlibabaCloudCredentialsError(AlibabaCloudBaseException):
|
|
57
|
+
"""Base class for Alibaba Cloud credentials errors."""
|
|
58
|
+
|
|
59
|
+
def __init__(self, code, file=None, original_exception=None, message=None):
|
|
60
|
+
super().__init__(code, file, original_exception, message)
|
|
61
|
+
|
|
62
|
+
|
|
63
|
+
class AlibabaCloudClientError(AlibabaCloudCredentialsError):
|
|
64
|
+
def __init__(self, file=None, original_exception=None, message=None):
|
|
65
|
+
super().__init__(
|
|
66
|
+
10000, file=file, original_exception=original_exception, message=message
|
|
67
|
+
)
|
|
68
|
+
|
|
69
|
+
|
|
70
|
+
class AlibabaCloudNoCredentialsError(AlibabaCloudCredentialsError):
|
|
71
|
+
def __init__(self, file=None, original_exception=None, message=None):
|
|
72
|
+
super().__init__(
|
|
73
|
+
10001, file=file, original_exception=original_exception, message=message
|
|
74
|
+
)
|
|
75
|
+
|
|
76
|
+
|
|
77
|
+
class AlibabaCloudInvalidCredentialsError(AlibabaCloudCredentialsError):
|
|
78
|
+
def __init__(self, file=None, original_exception=None, message=None):
|
|
79
|
+
super().__init__(
|
|
80
|
+
10002, file=file, original_exception=original_exception, message=message
|
|
81
|
+
)
|
|
82
|
+
|
|
83
|
+
|
|
84
|
+
class AlibabaCloudSetUpSessionError(AlibabaCloudBaseException):
|
|
85
|
+
def __init__(self, file=None, original_exception=None, message=None):
|
|
86
|
+
super().__init__(
|
|
87
|
+
10003, file=file, original_exception=original_exception, message=message
|
|
88
|
+
)
|
|
89
|
+
|
|
90
|
+
|
|
91
|
+
class AlibabaCloudAssumeRoleError(AlibabaCloudBaseException):
|
|
92
|
+
def __init__(self, file=None, original_exception=None, message=None):
|
|
93
|
+
super().__init__(
|
|
94
|
+
10004, file=file, original_exception=original_exception, message=message
|
|
95
|
+
)
|
|
96
|
+
|
|
97
|
+
|
|
98
|
+
class AlibabaCloudInvalidRegionError(AlibabaCloudBaseException):
|
|
99
|
+
def __init__(self, file=None, original_exception=None, message=None):
|
|
100
|
+
super().__init__(
|
|
101
|
+
10005, file=file, original_exception=original_exception, message=message
|
|
102
|
+
)
|
|
103
|
+
|
|
104
|
+
|
|
105
|
+
class AlibabaCloudArgumentTypeValidationError(AlibabaCloudBaseException):
|
|
106
|
+
def __init__(self, file=None, original_exception=None, message=None):
|
|
107
|
+
super().__init__(
|
|
108
|
+
10006, file=file, original_exception=original_exception, message=message
|
|
109
|
+
)
|
|
110
|
+
|
|
111
|
+
|
|
112
|
+
class AlibabaCloudHTTPError(AlibabaCloudBaseException):
|
|
113
|
+
def __init__(self, file=None, original_exception=None, message=None):
|
|
114
|
+
super().__init__(
|
|
115
|
+
10007, file=file, original_exception=original_exception, message=message
|
|
116
|
+
)
|
|
File without changes
|
|
File without changes
|
|
@@ -0,0 +1,58 @@
|
|
|
1
|
+
def init_parser(self):
|
|
2
|
+
"""Init the Alibaba Cloud Provider CLI parser"""
|
|
3
|
+
alibabacloud_parser = self.subparsers.add_parser(
|
|
4
|
+
"alibabacloud",
|
|
5
|
+
parents=[self.common_providers_parser],
|
|
6
|
+
help="Alibaba Cloud Provider",
|
|
7
|
+
)
|
|
8
|
+
|
|
9
|
+
# Authentication Methods
|
|
10
|
+
alibabacloud_auth_subparser = alibabacloud_parser.add_argument_group(
|
|
11
|
+
"Authentication Modes"
|
|
12
|
+
)
|
|
13
|
+
alibabacloud_auth_subparser.add_argument(
|
|
14
|
+
"--role-arn",
|
|
15
|
+
nargs="?",
|
|
16
|
+
default=None,
|
|
17
|
+
help="ARN of the RAM role to assume (e.g., acs:ram::123456789012:role/ProwlerAuditRole). Requires access keys to be set via environment variables (ALIBABA_CLOUD_ACCESS_KEY_ID and ALIBABA_CLOUD_ACCESS_KEY_SECRET). The provider will automatically obtain and refresh STS tokens. Can also use ALIBABA_CLOUD_ROLE_ARN environment variable",
|
|
18
|
+
)
|
|
19
|
+
alibabacloud_auth_subparser.add_argument(
|
|
20
|
+
"--role-session-name",
|
|
21
|
+
nargs="?",
|
|
22
|
+
default=None,
|
|
23
|
+
help="Session name when assuming the RAM role. Defaults to ProwlerAssessmentSession. Can also use ALIBABA_CLOUD_ROLE_SESSION_NAME environment variable",
|
|
24
|
+
)
|
|
25
|
+
alibabacloud_auth_subparser.add_argument(
|
|
26
|
+
"--ecs-ram-role",
|
|
27
|
+
nargs="?",
|
|
28
|
+
default=None,
|
|
29
|
+
help="Name of the RAM role attached to an ECS instance. When specified, credentials are obtained from the ECS instance metadata service. Can also use ALIBABA_CLOUD_ECS_METADATA environment variable",
|
|
30
|
+
)
|
|
31
|
+
alibabacloud_auth_subparser.add_argument(
|
|
32
|
+
"--oidc-role-arn",
|
|
33
|
+
nargs="?",
|
|
34
|
+
default=None,
|
|
35
|
+
help="ARN of the RAM role for OIDC authentication. Requires OIDC provider ARN and token file to be set via environment variables (ALIBABA_CLOUD_OIDC_PROVIDER_ARN and ALIBABA_CLOUD_OIDC_TOKEN_FILE). Can also use ALIBABA_CLOUD_ROLE_ARN environment variable",
|
|
36
|
+
)
|
|
37
|
+
alibabacloud_auth_subparser.add_argument(
|
|
38
|
+
"--credentials-uri",
|
|
39
|
+
nargs="?",
|
|
40
|
+
default=None,
|
|
41
|
+
help="URI to retrieve credentials from an external service. The URI must return credentials in the required JSON format. Can also use ALIBABA_CLOUD_CREDENTIALS_URI environment variable",
|
|
42
|
+
)
|
|
43
|
+
|
|
44
|
+
# Alibaba Cloud Regions
|
|
45
|
+
alibabacloud_regions_subparser = alibabacloud_parser.add_argument_group(
|
|
46
|
+
"Alibaba Cloud Regions"
|
|
47
|
+
)
|
|
48
|
+
alibabacloud_regions_subparser.add_argument(
|
|
49
|
+
"--region",
|
|
50
|
+
"--filter-region",
|
|
51
|
+
"-f",
|
|
52
|
+
nargs="+",
|
|
53
|
+
dest="regions",
|
|
54
|
+
help="Alibaba Cloud region IDs to run Prowler against (e.g., cn-hangzhou, cn-shanghai)",
|
|
55
|
+
)
|
|
56
|
+
|
|
57
|
+
# Set the provider
|
|
58
|
+
alibabacloud_parser.set_defaults(provider="alibabacloud")
|
|
File without changes
|
|
@@ -0,0 +1,175 @@
|
|
|
1
|
+
from prowler.lib.check.models import CheckReportAlibabaCloud
|
|
2
|
+
from prowler.lib.logger import logger
|
|
3
|
+
from prowler.lib.mutelist.mutelist import Mutelist
|
|
4
|
+
from prowler.lib.outputs.utils import unroll_tags
|
|
5
|
+
|
|
6
|
+
|
|
7
|
+
class AlibabaCloudMutelist(Mutelist):
|
|
8
|
+
"""
|
|
9
|
+
AlibabaCloudMutelist class extends the base Mutelist for Alibaba Cloud-specific functionality.
|
|
10
|
+
|
|
11
|
+
This class handles muting/filtering of findings for Alibaba Cloud resources.
|
|
12
|
+
|
|
13
|
+
Attributes:
|
|
14
|
+
account_id: The Alibaba Cloud account ID
|
|
15
|
+
mutelist: The parsed mutelist data
|
|
16
|
+
"""
|
|
17
|
+
|
|
18
|
+
def __init__(
|
|
19
|
+
self,
|
|
20
|
+
mutelist_path: str = None,
|
|
21
|
+
mutelist_content: dict = None,
|
|
22
|
+
account_id: str = "",
|
|
23
|
+
):
|
|
24
|
+
"""
|
|
25
|
+
Initialize the AlibabaCloudMutelist.
|
|
26
|
+
|
|
27
|
+
Args:
|
|
28
|
+
mutelist_path: Path to the mutelist file
|
|
29
|
+
mutelist_content: Dictionary containing mutelist content
|
|
30
|
+
account_id: The Alibaba Cloud account ID
|
|
31
|
+
"""
|
|
32
|
+
self.account_id = account_id
|
|
33
|
+
super().__init__(
|
|
34
|
+
mutelist_path=mutelist_path or "",
|
|
35
|
+
mutelist_content=mutelist_content or {},
|
|
36
|
+
)
|
|
37
|
+
|
|
38
|
+
def is_finding_muted(
|
|
39
|
+
self,
|
|
40
|
+
finding: CheckReportAlibabaCloud,
|
|
41
|
+
account_id: str,
|
|
42
|
+
) -> bool:
|
|
43
|
+
"""
|
|
44
|
+
Check if a finding is muted based on the mutelist.
|
|
45
|
+
|
|
46
|
+
Args:
|
|
47
|
+
finding: The finding object to check (should have check_metadata, region, resource_id, resource_tags).
|
|
48
|
+
account_id: The Alibaba Cloud account ID to use for mutelist evaluation.
|
|
49
|
+
|
|
50
|
+
Returns:
|
|
51
|
+
bool: True if the finding is muted, False otherwise.
|
|
52
|
+
"""
|
|
53
|
+
try:
|
|
54
|
+
check_id = finding.check_metadata.CheckID
|
|
55
|
+
region = finding.region if hasattr(finding, "region") else ""
|
|
56
|
+
resource_id = finding.resource_id if hasattr(finding, "resource_id") else ""
|
|
57
|
+
resource_tags = {}
|
|
58
|
+
|
|
59
|
+
# Handle resource tags
|
|
60
|
+
if hasattr(finding, "resource_tags") and finding.resource_tags:
|
|
61
|
+
# Keep as dict for tag matching logic; do not unroll to string
|
|
62
|
+
resource_tags = unroll_tags(finding.resource_tags)
|
|
63
|
+
|
|
64
|
+
return self.is_muted(
|
|
65
|
+
account_id,
|
|
66
|
+
check_id,
|
|
67
|
+
region,
|
|
68
|
+
resource_id,
|
|
69
|
+
resource_tags,
|
|
70
|
+
)
|
|
71
|
+
except Exception as error:
|
|
72
|
+
logger.error(
|
|
73
|
+
f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
|
|
74
|
+
)
|
|
75
|
+
return False
|
|
76
|
+
|
|
77
|
+
def is_muted(
|
|
78
|
+
self,
|
|
79
|
+
account_id: str,
|
|
80
|
+
check_id: str,
|
|
81
|
+
region: str,
|
|
82
|
+
resource_id: str,
|
|
83
|
+
resource_tags: dict = None,
|
|
84
|
+
) -> bool:
|
|
85
|
+
"""
|
|
86
|
+
Check if a finding should be muted.
|
|
87
|
+
|
|
88
|
+
Args:
|
|
89
|
+
account_id: The Alibaba Cloud account ID
|
|
90
|
+
check_id: The check ID
|
|
91
|
+
region: The region ID
|
|
92
|
+
resource_id: The resource ID
|
|
93
|
+
resource_tags: Dictionary of resource tags
|
|
94
|
+
|
|
95
|
+
Returns:
|
|
96
|
+
True if the finding should be muted, False otherwise
|
|
97
|
+
"""
|
|
98
|
+
if not self.mutelist:
|
|
99
|
+
return False
|
|
100
|
+
|
|
101
|
+
try:
|
|
102
|
+
# Check account-level mutes
|
|
103
|
+
accounts = self.mutelist.get("Accounts", {})
|
|
104
|
+
if not accounts:
|
|
105
|
+
return False
|
|
106
|
+
|
|
107
|
+
# Check for wildcard or specific account
|
|
108
|
+
account_mutelist = accounts.get("*", {})
|
|
109
|
+
if account_id in accounts:
|
|
110
|
+
# Merge with specific account rules
|
|
111
|
+
specific_account = accounts.get(account_id, {})
|
|
112
|
+
account_mutelist = {**account_mutelist, **specific_account}
|
|
113
|
+
|
|
114
|
+
if not account_mutelist:
|
|
115
|
+
return False
|
|
116
|
+
|
|
117
|
+
# Get checks for this account
|
|
118
|
+
checks = account_mutelist.get("Checks", {})
|
|
119
|
+
|
|
120
|
+
# Check for wildcard or specific check
|
|
121
|
+
check_mutelist = checks.get("*", {})
|
|
122
|
+
if check_id in checks:
|
|
123
|
+
specific_check = checks.get(check_id, {})
|
|
124
|
+
check_mutelist = {**check_mutelist, **specific_check}
|
|
125
|
+
|
|
126
|
+
if not check_mutelist:
|
|
127
|
+
return False
|
|
128
|
+
|
|
129
|
+
# Check regions
|
|
130
|
+
regions = check_mutelist.get("Regions", [])
|
|
131
|
+
if regions and "*" not in regions and region not in regions:
|
|
132
|
+
return False
|
|
133
|
+
|
|
134
|
+
# Check resources
|
|
135
|
+
resources = check_mutelist.get("Resources", [])
|
|
136
|
+
if resources:
|
|
137
|
+
if "*" not in resources and resource_id not in resources:
|
|
138
|
+
return False
|
|
139
|
+
|
|
140
|
+
# Check tags
|
|
141
|
+
tags = check_mutelist.get("Tags", [])
|
|
142
|
+
if tags and resource_tags:
|
|
143
|
+
# Check if any tag matches
|
|
144
|
+
tag_match = False
|
|
145
|
+
for tag_filter in tags:
|
|
146
|
+
# Tag filter format: "key=value" or "key=*"
|
|
147
|
+
if "=" in tag_filter:
|
|
148
|
+
key, value = tag_filter.split("=", 1)
|
|
149
|
+
if key in resource_tags:
|
|
150
|
+
if value == "*" or resource_tags[key] == value:
|
|
151
|
+
tag_match = True
|
|
152
|
+
break
|
|
153
|
+
|
|
154
|
+
if not tag_match:
|
|
155
|
+
return False
|
|
156
|
+
|
|
157
|
+
# Check exceptions (resources that should NOT be muted)
|
|
158
|
+
exceptions = check_mutelist.get("Exceptions", {})
|
|
159
|
+
if exceptions:
|
|
160
|
+
exception_resources = exceptions.get("Resources", [])
|
|
161
|
+
if resource_id in exception_resources:
|
|
162
|
+
return False
|
|
163
|
+
|
|
164
|
+
exception_regions = exceptions.get("Regions", [])
|
|
165
|
+
if region in exception_regions:
|
|
166
|
+
return False
|
|
167
|
+
|
|
168
|
+
# If we passed all checks, the finding is muted
|
|
169
|
+
return True
|
|
170
|
+
|
|
171
|
+
except Exception as error:
|
|
172
|
+
logger.error(
|
|
173
|
+
f"Error checking mutelist: {error.__class__.__name__}: {error}"
|
|
174
|
+
)
|
|
175
|
+
return False
|
|
File without changes
|
|
@@ -0,0 +1,113 @@
|
|
|
1
|
+
from concurrent.futures import ThreadPoolExecutor, as_completed
|
|
2
|
+
from typing import Any, Dict
|
|
3
|
+
|
|
4
|
+
from prowler.lib.logger import logger
|
|
5
|
+
|
|
6
|
+
MAX_WORKERS = 10
|
|
7
|
+
|
|
8
|
+
|
|
9
|
+
class AlibabaCloudService:
|
|
10
|
+
"""
|
|
11
|
+
The AlibabaCloudService class offers a parent class for each Alibaba Cloud Service to generate:
|
|
12
|
+
- Alibaba Cloud Regional Clients
|
|
13
|
+
- Shared information like the account ID, the checks audited
|
|
14
|
+
- Thread pool for the __threading_call__
|
|
15
|
+
- Handles if the service is Regional or Global
|
|
16
|
+
"""
|
|
17
|
+
|
|
18
|
+
def __init__(self, service: str, provider, global_service: bool = False):
|
|
19
|
+
"""
|
|
20
|
+
Initialize the AlibabaCloudService.
|
|
21
|
+
|
|
22
|
+
Args:
|
|
23
|
+
service: The service name (e.g., 'RAM', 'ECS', 'OSS')
|
|
24
|
+
provider: The AlibabaCloudProvider instance
|
|
25
|
+
global_service: Whether this is a global service (default: False)
|
|
26
|
+
"""
|
|
27
|
+
# Audit Information
|
|
28
|
+
self.provider = provider
|
|
29
|
+
self.audited_account = provider.identity.account_id
|
|
30
|
+
self.audited_account_name = provider.identity.account_name
|
|
31
|
+
self.audit_resources = provider.audit_resources
|
|
32
|
+
self.audited_checks = provider.audit_metadata.expected_checks
|
|
33
|
+
self.audit_config = provider.audit_config
|
|
34
|
+
|
|
35
|
+
# Session
|
|
36
|
+
self.session = provider.session
|
|
37
|
+
|
|
38
|
+
# Service name
|
|
39
|
+
self.service = service.lower() if not service.islower() else service
|
|
40
|
+
|
|
41
|
+
# Generate Regional Clients
|
|
42
|
+
self.regional_clients: Dict[str, Any] = {}
|
|
43
|
+
if not global_service:
|
|
44
|
+
self.regional_clients = provider.generate_regional_clients(self.service)
|
|
45
|
+
|
|
46
|
+
# Get default region and client
|
|
47
|
+
self.region = provider.get_default_region(self.service)
|
|
48
|
+
self.client = self.session.client(self.service, self.region)
|
|
49
|
+
|
|
50
|
+
# Thread pool for __threading_call__
|
|
51
|
+
self.thread_pool = ThreadPoolExecutor(max_workers=MAX_WORKERS)
|
|
52
|
+
|
|
53
|
+
def __get_session__(self):
|
|
54
|
+
"""Get the session."""
|
|
55
|
+
return self.session
|
|
56
|
+
|
|
57
|
+
def __get_client__(self, region: str = None):
|
|
58
|
+
"""
|
|
59
|
+
Get a client for the specified region or the default region.
|
|
60
|
+
|
|
61
|
+
Args:
|
|
62
|
+
region: The region to get the client for (optional)
|
|
63
|
+
|
|
64
|
+
Returns:
|
|
65
|
+
A client instance for the service
|
|
66
|
+
"""
|
|
67
|
+
if region and region in self.regional_clients:
|
|
68
|
+
return self.regional_clients[region]
|
|
69
|
+
return self.client
|
|
70
|
+
|
|
71
|
+
def __threading_call__(self, call, iterator=None):
|
|
72
|
+
"""
|
|
73
|
+
Execute a function across multiple regions or items using threads.
|
|
74
|
+
|
|
75
|
+
Args:
|
|
76
|
+
call: The function to call
|
|
77
|
+
iterator: The items to iterate over (default: regional clients)
|
|
78
|
+
"""
|
|
79
|
+
# Use the provided iterator, or default to self.regional_clients
|
|
80
|
+
items = iterator if iterator is not None else self.regional_clients.values()
|
|
81
|
+
# Determine the total count for logging
|
|
82
|
+
item_count = (
|
|
83
|
+
len(list(items)) if iterator is not None else len(self.regional_clients)
|
|
84
|
+
)
|
|
85
|
+
|
|
86
|
+
# Trim leading and trailing underscores from the call's name
|
|
87
|
+
call_name = call.__name__.strip("_")
|
|
88
|
+
# Add Capitalization
|
|
89
|
+
call_name = " ".join([x.capitalize() for x in call_name.split("_")])
|
|
90
|
+
|
|
91
|
+
# Print a message based on the call's name
|
|
92
|
+
if iterator is None:
|
|
93
|
+
logger.info(
|
|
94
|
+
f"{self.service.upper()} - Starting threads for '{call_name}' function across {item_count} regions..."
|
|
95
|
+
)
|
|
96
|
+
else:
|
|
97
|
+
logger.info(
|
|
98
|
+
f"{self.service.upper()} - Starting threads for '{call_name}' function to process {item_count} items..."
|
|
99
|
+
)
|
|
100
|
+
|
|
101
|
+
# Re-create the iterator for submission if it was a generator
|
|
102
|
+
items = iterator if iterator is not None else self.regional_clients.values()
|
|
103
|
+
|
|
104
|
+
# Submit tasks to the thread pool
|
|
105
|
+
futures = [self.thread_pool.submit(call, item) for item in items]
|
|
106
|
+
|
|
107
|
+
# Wait for all tasks to complete
|
|
108
|
+
for future in as_completed(futures):
|
|
109
|
+
try:
|
|
110
|
+
future.result() # Raises exceptions from the thread, if any
|
|
111
|
+
except Exception:
|
|
112
|
+
# Handle exceptions if necessary
|
|
113
|
+
pass # Currently handled within the called function
|