Skip to content

Commit 85d6d02

Browse files
MrCloudSecjfagoagas
MrCloudSec
authored and
jfagoagas
committed
fix(cloudtrail): use dictionary instead of list (#3579)
1 parent c32f7ba commit 85d6d02

File tree

16 files changed

+43
-47
lines changed

16 files changed

+43
-47
lines changed

prowler/providers/aws/services/awslambda/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled.py

+1-1
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ def execute(self):
2020
f"Lambda function {function.name} is not recorded by CloudTrail."
2121
)
2222
lambda_recorded_cloudtrail = False
23-
for trail in cloudtrail_client.trails:
23+
for trail in cloudtrail_client.trails.values():
2424
for data_event in trail.data_events:
2525
# classic event selectors
2626
if not data_event.is_advanced:

prowler/providers/aws/services/cloudtrail/cloudtrail_bucket_requires_mfa_delete/cloudtrail_bucket_requires_mfa_delete.py

+1-1
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
class cloudtrail_bucket_requires_mfa_delete(Check):
99
def execute(self):
1010
findings = []
11-
for trail in cloudtrail_client.trails:
11+
for trail in cloudtrail_client.trails.values():
1212
if trail.is_logging:
1313
trail_bucket_is_in_account = False
1414
trail_bucket = trail.s3_bucket

prowler/providers/aws/services/cloudtrail/cloudtrail_cloudwatch_logging_enabled/cloudtrail_cloudwatch_logging_enabled.py

+1-1
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111
class cloudtrail_cloudwatch_logging_enabled(Check):
1212
def execute(self):
1313
findings = []
14-
for trail in cloudtrail_client.trails:
14+
for trail in cloudtrail_client.trails.values():
1515
if trail.name:
1616
report = Check_Report_AWS(self.metadata())
1717
report.region = trail.region

prowler/providers/aws/services/cloudtrail/cloudtrail_insights_exist/cloudtrail_insights_exist.py

+1-1
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
class cloudtrail_insights_exist(Check):
88
def execute(self):
99
findings = []
10-
for trail in cloudtrail_client.trails:
10+
for trail in cloudtrail_client.trails.values():
1111
if trail.is_logging:
1212
report = Check_Report_AWS(self.metadata())
1313
report.region = trail.region

prowler/providers/aws/services/cloudtrail/cloudtrail_kms_encryption_enabled/cloudtrail_kms_encryption_enabled.py

+1-1
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
class cloudtrail_kms_encryption_enabled(Check):
88
def execute(self):
99
findings = []
10-
for trail in cloudtrail_client.trails:
10+
for trail in cloudtrail_client.trails.values():
1111
if trail.name:
1212
report = Check_Report_AWS(self.metadata())
1313
report.region = trail.region

prowler/providers/aws/services/cloudtrail/cloudtrail_log_file_validation_enabled/cloudtrail_log_file_validation_enabled.py

+1-1
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
class cloudtrail_log_file_validation_enabled(Check):
88
def execute(self):
99
findings = []
10-
for trail in cloudtrail_client.trails:
10+
for trail in cloudtrail_client.trails.values():
1111
if trail.name:
1212
report = Check_Report_AWS(self.metadata())
1313
report.region = trail.region

prowler/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_access_logging_enabled/cloudtrail_logs_s3_bucket_access_logging_enabled.py

+1-1
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
class cloudtrail_logs_s3_bucket_access_logging_enabled(Check):
99
def execute(self):
1010
findings = []
11-
for trail in cloudtrail_client.trails:
11+
for trail in cloudtrail_client.trails.values():
1212
if trail.name:
1313
trail_bucket_is_in_account = False
1414
trail_bucket = trail.s3_bucket

prowler/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_is_not_publicly_accessible/cloudtrail_logs_s3_bucket_is_not_publicly_accessible.py

+1-1
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
class cloudtrail_logs_s3_bucket_is_not_publicly_accessible(Check):
99
def execute(self):
1010
findings = []
11-
for trail in cloudtrail_client.trails:
11+
for trail in cloudtrail_client.trails.values():
1212
if trail.name:
1313
trail_bucket_is_in_account = False
1414
trail_bucket = trail.s3_bucket

prowler/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled/cloudtrail_multi_region_enabled.py

+2-2
Original file line numberDiff line numberDiff line change
@@ -10,8 +10,8 @@ def execute(self):
1010
for region in cloudtrail_client.regional_clients.keys():
1111
report = Check_Report_AWS(self.metadata())
1212
report.region = region
13-
for trail in cloudtrail_client.trails:
14-
if trail.region == region:
13+
for trail in cloudtrail_client.trails.values():
14+
if trail.region == region or trail.is_multiregion:
1515
if trail.is_logging:
1616
report.status = "PASS"
1717
report.resource_id = trail.name

prowler/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled_logging_management_events/cloudtrail_multi_region_enabled_logging_management_events.py

+1-1
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ def execute(self):
1616
report.resource_id = cloudtrail_client.audited_account
1717
report.resource_arn = cloudtrail_client.trail_arn_template
1818

19-
for trail in cloudtrail_client.trails:
19+
for trail in cloudtrail_client.trails.values():
2020
if trail.is_logging:
2121
if trail.is_multiregion:
2222
for event in trail.data_events:

prowler/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_read_enabled/cloudtrail_s3_dataevents_read_enabled.py

+1-1
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
class cloudtrail_s3_dataevents_read_enabled(Check):
99
def execute(self):
1010
findings = []
11-
for trail in cloudtrail_client.trails:
11+
for trail in cloudtrail_client.trails.values():
1212
for data_event in trail.data_events:
1313
# classic event selectors
1414
if not data_event.is_advanced:

prowler/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_write_enabled/cloudtrail_s3_dataevents_write_enabled.py

+1-1
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
class cloudtrail_s3_dataevents_write_enabled(Check):
99
def execute(self):
1010
findings = []
11-
for trail in cloudtrail_client.trails:
11+
for trail in cloudtrail_client.trails.values():
1212
for data_event in trail.data_events:
1313
# Classic event selectors
1414
if not data_event.is_advanced:

prowler/providers/aws/services/cloudtrail/cloudtrail_service.py

+20-24
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ def __init__(self, audit_info):
1515
# Call AWSService's __init__
1616
super().__init__(__class__.__name__, audit_info)
1717
self.trail_arn_template = f"arn:{self.audited_partition}:cloudtrail:{self.region}:{self.audited_account}:trail"
18-
self.trails = []
18+
self.trails = {}
1919
self.__threading_call__(self.__get_trails__)
2020
self.__get_trail_status__()
2121
self.__get_insight_selectors__()
@@ -45,27 +45,23 @@ def __get_trails__(self, regional_client):
4545
kms_key_id = trail["KmsKeyId"]
4646
if "CloudWatchLogsLogGroupArn" in trail:
4747
log_group_arn = trail["CloudWatchLogsLogGroupArn"]
48-
self.trails.append(
49-
Trail(
50-
name=trail["Name"],
51-
is_multiregion=trail["IsMultiRegionTrail"],
52-
home_region=trail["HomeRegion"],
53-
arn=trail["TrailARN"],
54-
region=regional_client.region,
55-
is_logging=False,
56-
log_file_validation_enabled=trail[
57-
"LogFileValidationEnabled"
58-
],
59-
latest_cloudwatch_delivery_time=None,
60-
s3_bucket=trail["S3BucketName"],
61-
kms_key=kms_key_id,
62-
log_group_arn=log_group_arn,
63-
data_events=[],
64-
has_insight_selectors=trail.get("HasInsightSelectors"),
65-
)
48+
self.trails[trail["TrailARN"]] = Trail(
49+
name=trail["Name"],
50+
is_multiregion=trail["IsMultiRegionTrail"],
51+
home_region=trail["HomeRegion"],
52+
arn=trail["TrailARN"],
53+
region=regional_client.region,
54+
is_logging=False,
55+
log_file_validation_enabled=trail["LogFileValidationEnabled"],
56+
latest_cloudwatch_delivery_time=None,
57+
s3_bucket=trail["S3BucketName"],
58+
kms_key=kms_key_id,
59+
log_group_arn=log_group_arn,
60+
data_events=[],
61+
has_insight_selectors=trail.get("HasInsightSelectors"),
6662
)
6763
if trails_count == 0:
68-
self.trails.append(
64+
self.trails[self.__get_trail_arn_template__(regional_client.region)] = (
6965
Trail(
7066
region=regional_client.region,
7167
)
@@ -79,7 +75,7 @@ def __get_trails__(self, regional_client):
7975
def __get_trail_status__(self):
8076
logger.info("Cloudtrail - Getting trail status")
8177
try:
82-
for trail in self.trails:
78+
for trail in self.trails.values():
8379
for region, client in self.regional_clients.items():
8480
if trail.region == region and trail.name:
8581
status = client.get_trail_status(Name=trail.arn)
@@ -97,7 +93,7 @@ def __get_trail_status__(self):
9793
def __get_event_selectors__(self):
9894
logger.info("Cloudtrail - Getting event selector")
9995
try:
100-
for trail in self.trails:
96+
for trail in self.trails.values():
10197
for region, client in self.regional_clients.items():
10298
if trail.region == region and trail.name:
10399
data_events = client.get_event_selectors(TrailName=trail.arn)
@@ -131,7 +127,7 @@ def __get_insight_selectors__(self):
131127
logger.info("Cloudtrail - Getting trail insight selectors...")
132128

133129
try:
134-
for trail in self.trails:
130+
for trail in self.trails.values():
135131
for region, client in self.regional_clients.items():
136132
if trail.region == region and trail.name:
137133
insight_selectors = None
@@ -180,7 +176,7 @@ def __get_insight_selectors__(self):
180176
def __list_tags_for_resource__(self):
181177
logger.info("CloudTrail - List Tags...")
182178
try:
183-
for trail in self.trails:
179+
for trail in self.trails.values():
184180
# Check if trails are in this account and region
185181
if (
186182
trail.region == trail.home_region

prowler/providers/aws/services/cloudwatch/lib/metric_filters.py

+1-1
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ def check_cloudwatch_log_metric_filter(
1212
):
1313
# 1. Iterate for CloudWatch Log Group in CloudTrail trails
1414
log_groups = []
15-
for trail in trails:
15+
for trail in trails.values():
1616
if trail.log_group_arn:
1717
log_groups.append(trail.log_group_arn.split(":")[6])
1818
# 2. Describe metric filters for previous log groups

tests/providers/aws/services/cloudtrail/cloudtrail_cloudwatch_logging_enabled/cloudtrail_cloudwatch_logging_enabled_test.py

+5-5
Original file line numberDiff line numberDiff line change
@@ -87,7 +87,7 @@ def test_trails_sending_logs_during_and_not_last_day(self):
8787
cloudtrail_cloudwatch_logging_enabled,
8888
)
8989

90-
for trail in service_client.trails:
90+
for trail in service_client.trails.values():
9191
if trail.name == trail_name_us:
9292
trail.latest_cloudwatch_delivery_time = datetime.now().replace(
9393
tzinfo=timezone.utc
@@ -174,7 +174,7 @@ def test_multi_region_and_single_region_logging_and_not(self):
174174
cloudtrail_cloudwatch_logging_enabled,
175175
)
176176

177-
for trail in service_client.trails:
177+
for trail in service_client.trails.values():
178178
if trail.name == trail_name_us:
179179
trail.latest_cloudwatch_delivery_time = datetime.now().replace(
180180
tzinfo=timezone.utc
@@ -190,8 +190,8 @@ def test_multi_region_and_single_region_logging_and_not(self):
190190

191191
check = cloudtrail_cloudwatch_logging_enabled()
192192
result = check.execute()
193-
# len of result should be 3 -> (1 multiregion entry per region + 1 entry because of single region trail)
194-
assert len(result) == 3
193+
# len of result should be 2 -> (1 per trail)
194+
assert len(result) == 2
195195
for report in result:
196196
if report.resource_id == trail_name_us:
197197
assert report.resource_id == trail_name_us
@@ -262,7 +262,7 @@ def test_trails_sending_and_not_sending_logs(self):
262262
cloudtrail_cloudwatch_logging_enabled,
263263
)
264264

265-
for trail in service_client.trails:
265+
for trail in service_client.trails.values():
266266
if trail.name == trail_name_us:
267267
trail.latest_cloudwatch_delivery_time = datetime.now().replace(
268268
tzinfo=timezone.utc

tests/providers/aws/services/cloudtrail/cloudtrail_service_test.py

+4-4
Original file line numberDiff line numberDiff line change
@@ -88,7 +88,7 @@ def test_describe_trails(self):
8888
)
8989
cloudtrail = Cloudtrail(audit_info)
9090
assert len(cloudtrail.trails) == 2
91-
for trail in cloudtrail.trails:
91+
for trail in cloudtrail.trails.values():
9292
if trail.name:
9393
assert trail.name == trail_name_us or trail.name == trail_name_eu
9494
assert not trail.is_multiregion
@@ -145,7 +145,7 @@ def test_status_trails(self):
145145
)
146146
cloudtrail = Cloudtrail(audit_info)
147147
assert len(cloudtrail.trails) == len(audit_info.audited_regions)
148-
for trail in cloudtrail.trails:
148+
for trail in cloudtrail.trails.values():
149149
if trail.name:
150150
if trail.name == trail_name_us:
151151
assert not trail.is_multiregion
@@ -189,7 +189,7 @@ def test_get_classic_event_selectors(self):
189189
)
190190
cloudtrail = Cloudtrail(audit_info)
191191
assert len(cloudtrail.trails) == len(audit_info.audited_regions)
192-
for trail in cloudtrail.trails:
192+
for trail in cloudtrail.trails.values():
193193
if trail.name:
194194
if trail.name == trail_name_us:
195195
assert not trail.is_multiregion
@@ -237,7 +237,7 @@ def test_get_advanced_event_selectors(self):
237237
)
238238
cloudtrail = Cloudtrail(audit_info)
239239
assert len(cloudtrail.trails) == len(audit_info.audited_regions)
240-
for trail in cloudtrail.trails:
240+
for trail in cloudtrail.trails.values():
241241
if trail.name:
242242
if trail.name == trail_name_us:
243243
assert not trail.is_multiregion

0 commit comments

Comments
 (0)