chore(release): point v4.4 to master (#5250)

Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Mario Rodriguez Lopez <[email protected]> Co-authored-by: Daniel Barranquero <[email protected]> Co-authored-by: Prowler Bot <[email protected]> Co-authored-by: Pedro Martín <[email protected]> Co-authored-by: Hugo Pereira Brito <[email protected]> Co-authored-by: LefterisXefteris <[email protected]> Co-authored-by: Lefteris Gilmaz <[email protected]> Co-authored-by: Rubén De la Torre Vico <[email protected]> Co-authored-by: Amogh Bantwal <[email protected]> Co-authored-by: Harshit Raj Singh <[email protected]> Co-authored-by: Pepe Fagoaga <[email protected]> Co-authored-by: Jude Bae(Bae cheongho) <[email protected]> Co-authored-by: MZC01-JUDE <[email protected]> Co-authored-by: johannes-engler-mw <[email protected]>
prowler-cloud · Sep 30, 2024 · f1f0609 · f1f0609
1 parent 1af7f65
commit f1f0609
Show file tree

Hide file tree

Showing 593 changed files with 29,455 additions and 5,464 deletions.
diff --git a/.github/workflows/build-lint-push-containers.yml b/.github/workflows/build-lint-push-containers.yml
@@ -153,7 +153,7 @@ jobs:
  run: |
  curl https://api.github.com/repos/${{ secrets.DISPATCH_OWNER }}/${{ secrets.DISPATCH_REPO }}/dispatches \
  -H "Accept: application/vnd.github+json" \
- -H "Authorization: Bearer ${{ secrets.ACCESS_TOKEN }}" \
+ -H "Authorization: Bearer ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  --data '{"event_type":"dispatch","client_payload":{"version":"v3-latest", "tag": "${{ env.LATEST_COMMIT_HASH }}"}}'
 
@@ -162,6 +162,6 @@ jobs:
  run: |
  curl https://api.github.com/repos/${{ secrets.DISPATCH_OWNER }}/${{ secrets.DISPATCH_REPO }}/dispatches \
  -H "Accept: application/vnd.github+json" \
- -H "Authorization: Bearer ${{ secrets.ACCESS_TOKEN }}" \
+ -H "Authorization: Bearer ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  --data '{"event_type":"dispatch","client_payload":{"version":"release", "tag":"${{ needs.container-build-push.outputs.prowler_version }}"}}'
diff --git a/.github/workflows/find-secrets.yml b/.github/workflows/find-secrets.yml
@@ -11,7 +11,7 @@ jobs:
  with:
  fetch-depth: 0
  - name: TruffleHog OSS
- uses: trufflesecurity/trufflehog@v3.81.10
+ uses: trufflesecurity/trufflehog@v3.82.6
  with:
  path: ./
  base: ${{ github.event.repository.default_branch }}

diff --git a/README.md b/README.md
@@ -63,9 +63,9 @@ It contains hundreds of controls covering CIS, NIST 800, NIST CSF, CISA, RBI, Fe
 
 | Provider | Checks | Services | [Compliance Frameworks](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/compliance/) | [Categories](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/misc/#categories) |
 |---|---|---|---|---|
-| AWS | 415 | 67 -> `prowler aws --list-services` | 28 -> `prowler aws --list-compliance` | 9 -> `prowler aws --list-categories` |
-| GCP | 77 | 13 -> `prowler gcp --list-services` | 1 -> `prowler gcp --list-compliance` | 2 -> `prowler gcp --list-categories`|
-| Azure | 135 | 16 -> `prowler azure --list-services` | 2 -> `prowler azure --list-compliance` | 2 -> `prowler azure --list-categories` |
+| AWS | 457 | 67 -> `prowler aws --list-services` | 30 -> `prowler aws --list-compliance` | 9 -> `prowler aws --list-categories` |
+| GCP | 77 | 13 -> `prowler gcp --list-services` | 2 -> `prowler gcp --list-compliance` | 2 -> `prowler gcp --list-categories`|
+| Azure | 136 | 17 -> `prowler azure --list-services` | 3 -> `prowler azure --list-compliance` | 2 -> `prowler azure --list-categories` |
 | Kubernetes | 83 | 7 -> `prowler kubernetes --list-services` | 1 -> `prowler kubernetes --list-compliance` | 7 -> `prowler kubernetes --list-categories` |
 
 # 💻 Installation

diff --git a/dashboard/common_methods.py b/dashboard/common_methods.py
@@ -2223,3 +2223,232 @@ def get_section_containers_ens(data, section_1, section_2, section_3, section_4)
  section_containers.append(section_container)
 
  return html.Div(section_containers, className="compliance-data-layout")
+
+
+# This function extracts and compares up to two numeric values, ensuring correct sorting for version-like strings.
+def extract_numeric_values(value):
+ numbers = re.findall(r"\d+", str(value))
+ if len(numbers) >= 2:
+ return int(numbers[0]), int(numbers[1])
+ elif len(numbers) == 1:
+ return int(numbers[0]), 0
+ return 0, 0
+
+
+def get_section_containers_kisa_ismsp(data, section_1, section_2):
+ data["STATUS"] = data["STATUS"].apply(map_status_to_icon)
+ data[section_1] = data[section_1].astype(str)
+ data[section_2] = data[section_2].astype(str)
+ data.sort_values(
+ by=section_1,
+ key=lambda x: x.map(extract_numeric_values),
+ ascending=True,
+ inplace=True,
+ )
+
+ findings_counts_section = (
+ data.groupby([section_2, "STATUS"]).size().unstack(fill_value=0)
+ )
+ findings_counts_name = (
+ data.groupby([section_1, "STATUS"]).size().unstack(fill_value=0)
+ )
+
+ section_containers = []
+
+ for name in data[section_1].unique():
+ success_name = (
+ findings_counts_name.loc[name, pass_emoji]
+ if pass_emoji in findings_counts_name.columns
+ else 0
+ )
+ failed_name = (
+ findings_counts_name.loc[name, fail_emoji]
+ if fail_emoji in findings_counts_name.columns
+ else 0
+ )
+
+ fig_name = go.Figure(
+ data=[
+ go.Bar(
+ name="Failed",
+ x=[failed_name],
+ y=[""],
+ orientation="h",
+ marker=dict(color="#e77676"),
+ width=[0.8],
+ ),
+ go.Bar(
+ name="Success",
+ x=[success_name],
+ y=[""],
+ orientation="h",
+ marker=dict(color="#45cc6e"),
+ width=[0.8],
+ ),
+ ]
+ )
+
+ fig_name.update_layout(
+ barmode="stack",
+ margin=dict(l=10, r=10, t=10, b=10),
+ paper_bgcolor="rgba(0,0,0,0)",
+ plot_bgcolor="rgba(0,0,0,0)",
+ showlegend=False,
+ width=350,
+ height=30,
+ xaxis=dict(showticklabels=False, showgrid=False, zeroline=False),
+ yaxis=dict(showticklabels=False, showgrid=False, zeroline=False),
+ annotations=[
+ dict(
+ x=success_name + failed_name,
+ y=0,
+ xref="x",
+ yref="y",
+ text=str(success_name),
+ showarrow=False,
+ font=dict(color="#45cc6e", size=14),
+ xanchor="left",
+ yanchor="middle",
+ ),
+ dict(
+ x=0,
+ y=0,
+ xref="x",
+ yref="y",
+ text=str(failed_name),
+ showarrow=False,
+ font=dict(color="#e77676", size=14),
+ xanchor="right",
+ yanchor="middle",
+ ),
+ ],
+ )
+
+ graph_name = dcc.Graph(
+ figure=fig_name, config={"staticPlot": True}, className="info-bar"
+ )
+
+ graph_div = html.Div(graph_name, className="graph-section")
+
+ direct_internal_items = []
+
+ for section in data[data[section_1] == name][section_2].unique():
+ specific_data = data[
+ (data[section_1] == name) & (data[section_2] == section)
+ ]
+ success_section = (
+ findings_counts_section.loc[section, pass_emoji]
+ if pass_emoji in findings_counts_section.columns
+ else 0
+ )
+ failed_section = (
+ findings_counts_section.loc[section, fail_emoji]
+ if fail_emoji in findings_counts_section.columns
+ else 0
+ )
+
+ data_table = dash_table.DataTable(
+ data=specific_data.to_dict("records"),
+ columns=[
+ {"name": i, "id": i}
+ for i in ["CHECKID", "STATUS", "REGION", "ACCOUNTID", "RESOURCEID"]
+ ],
+ style_table={"overflowX": "auto"},
+ style_as_list_view=True,
+ style_cell={"textAlign": "left", "padding": "5px"},
+ )
+
+ fig_section = go.Figure(
+ data=[
+ go.Bar(
+ name="Failed",
+ x=[failed_section],
+ y=[""],
+ orientation="h",
+ marker=dict(color="#e77676"),
+ ),
+ go.Bar(
+ name="Success",
+ x=[success_section],
+ y=[""],
+ orientation="h",
+ marker=dict(color="#45cc6e"),
+ ),
+ ]
+ )
+
+ fig_section.update_layout(
+ barmode="stack",
+ margin=dict(l=10, r=10, t=10, b=10),
+ paper_bgcolor="rgba(0,0,0,0)",
+ plot_bgcolor="rgba(0,0,0,0)",
+ showlegend=False,
+ width=350,
+ height=30,
+ xaxis=dict(showticklabels=False, showgrid=False, zeroline=False),
+ yaxis=dict(showticklabels=False, showgrid=False, zeroline=False),
+ annotations=[
+ dict(
+ x=success_section + failed_section,
+ y=0,
+ xref="x",
+ yref="y",
+ text=str(success_section),
+ showarrow=False,
+ font=dict(color="#45cc6e", size=14),
+ xanchor="left",
+ yanchor="middle",
+ ),
+ dict(
+ x=0,
+ y=0,
+ xref="x",
+ yref="y",
+ text=str(failed_section),
+ showarrow=False,
+ font=dict(color="#e77676", size=14),
+ xanchor="right",
+ yanchor="middle",
+ ),
+ ],
+ )
+
+ graph_section = dcc.Graph(
+ figure=fig_section,
+ config={"staticPlot": True},
+ className="info-bar-child",
+ )
+
+ graph_div_section = html.Div(graph_section, className="graph-section-req")
+
+ internal_accordion_item = dbc.AccordionItem(
+ title=section,
+ children=[html.Div([data_table], className="inner-accordion-content")],
+ )
+
+ internal_section_container = html.Div(
+ [
+ graph_div_section,
+ dbc.Accordion(
+ [internal_accordion_item], start_collapsed=True, flush=True
+ ),
+ ],
+ className="accordion-inner--child",
+ )
+
+ direct_internal_items.append(internal_section_container)
+
+ accordion_item = dbc.AccordionItem(
+ title=f"{name}", children=direct_internal_items
+ )
+ section_container = html.Div(
+ [
+ graph_div,
+ dbc.Accordion([accordion_item], start_collapsed=True, flush=True),
+ ],
+ className="accordion-inner",
+ )
+
+ section_containers.append(section_container)
+
+ return html.Div(section_containers, className="compliance-data-layout")
diff --git a/dashboard/compliance/kisa_isms_p_2023_aws.py b/dashboard/compliance/kisa_isms_p_2023_aws.py
@@ -0,0 +1,25 @@
+import warnings
+
+from dashboard.common_methods import get_section_containers_kisa_ismsp
+
+warnings.filterwarnings("ignore")
+
+
+def get_table(data):
+ aux = data[
+ [
+ "REQUIREMENTS_ID",
+ "REQUIREMENTS_ATTRIBUTES_SUBDOMAIN",
+ "REQUIREMENTS_ATTRIBUTES_SECTION",
+ # "REQUIREMENTS_DESCRIPTION",
+ "CHECKID",
+ "STATUS",
+ "REGION",
+ "ACCOUNTID",
+ "RESOURCEID",
+ ]
+ ].copy()
+
+ return get_section_containers_kisa_ismsp(
+ aux, "REQUIREMENTS_ATTRIBUTES_SUBDOMAIN", "REQUIREMENTS_ATTRIBUTES_SECTION"
+ )
diff --git a/dashboard/compliance/kisa_isms_p_2023_korean_aws.py b/dashboard/compliance/kisa_isms_p_2023_korean_aws.py
@@ -0,0 +1,25 @@
+import warnings
+
+from dashboard.common_methods import get_section_containers_kisa_ismsp
+
+warnings.filterwarnings("ignore")
+
+
+def get_table(data):
+ aux = data[
+ [
+ "REQUIREMENTS_ID",
+ "REQUIREMENTS_ATTRIBUTES_SUBDOMAIN",
+ "REQUIREMENTS_ATTRIBUTES_SECTION",
+ # "REQUIREMENTS_DESCRIPTION",
+ "CHECKID",
+ "STATUS",
+ "REGION",
+ "ACCOUNTID",
+ "RESOURCEID",
+ ]
+ ].copy()
+
+ return get_section_containers_kisa_ismsp(
+ aux, "REQUIREMENTS_ATTRIBUTES_SUBDOMAIN", "REQUIREMENTS_ATTRIBUTES_SECTION"
+ )
diff --git a/docs/developer-guide/checks.md b/docs/developer-guide/checks.md
@@ -272,7 +272,7 @@ Each Prowler check has metadata associated which is stored at the same level of
  # Severity holds the check's severity, always in lowercase (critical, high, medium, low or informational)
  "Severity": "critical",
  # ResourceType only for AWS, holds the type from here
- # https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html
+ # https://docs.aws.amazon.com/securityhub/latest/userguide/asff-resources.html
  "ResourceType": "Other",
  # Description holds the title of the check, for now is the same as CheckTitle
  "Description": "Ensure there are no EC2 AMIs set as Public.",

diff --git a/docs/developer-guide/introduction.md b/docs/developer-guide/introduction.md
@@ -14,10 +14,8 @@ Once that is satisfied go ahead and clone your forked repo:
 git clone https://github.com/<your-github-user>/prowler
 cd prowler
 ```
-For isolation and avoid conflicts with other environments, we recommend usage of `poetry`:
-```
-pip install poetry
-```
+For isolation and to avoid conflicts with other environments, we recommend using `poetry`, a Python dependency management tool. You can install it by following the instructions [here](https://python-poetry.org/docs/#installation).
+
 Then install all dependencies including the ones for developers:
 ```
 poetry install --with dev