Merge branch 'master' into PRWLR-5471-Cleaning-for-v5

prowler-cloud · Nov 26, 2024 · 286b323 · 286b323
2 parents 01bdb2a + 0b2e1f1
commit 286b323
Show file tree

Hide file tree

Showing 9 changed files with 147 additions and 74 deletions.
diff --git a/.github/codeql/ui-codeql-config.yml b/.github/codeql/ui-codeql-config.yml
@@ -0,0 +1,3 @@
+name: "Custom CodeQL Config for UI"
+paths:
+  - "ui/"
diff --git a/.github/workflows/ui-codeql.yml b/.github/workflows/ui-codeql.yml
@@ -0,0 +1,61 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "UI - CodeQL"
+
+on:
+  push:
+    branches:
+      - "master"
+      - "v4.*"
+      - "v5.*"
+    paths:
+      - "ui/**"
+  pull_request:
+    branches:
+      - "master"
+      - "v4.*"
+      - "v5.*"
+    paths:
+      - "ui/**"
+  schedule:
+    - cron: "00 12 * * *"
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: ["javascript"]
+        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: ${{ matrix.language }}
+          config-file: ./.github/codeql/ui-codeql-config.yml
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:${{matrix.language}}"
diff --git a/docs/tutorials/configuration_file.md b/docs/tutorials/configuration_file.md
@@ -41,7 +41,7 @@ The following list includes all the AWS checks with configurable variables that
 | `ec2_launch_template_no_secrets`                              | `secrets_ignore_patterns`                        | List of Strings |
 | `ec2_securitygroup_allow_ingress_from_internet_to_any_port`   | `ec2_allowed_instance_owners`                    | List of Strings |
 | `ec2_securitygroup_allow_ingress_from_internet_to_any_port`   | `ec2_allowed_interface_types`                    | List of Strings |
-| `ec2_securitygroup_allow_ingress_from_internet_to_high_risk_tcp_ports`| `ec2_sg_high_risk_ports`                 | List of Integer |
+| `ec2_securitygroup_allow_ingress_from_internet_to_high_risk_tcp_ports`| `ec2_high_risk_ports`                    | List of Integer |
 | `ec2_securitygroup_with_many_ingress_egress_rules`            | `max_security_group_rules`                       | Integer         |
 | `ecs_task_definitions_no_environment_secrets`                 | `secrets_ignore_patterns`                        | List of Strings |
 | `ecr_repositories_scan_vulnerabilities_in_latest_image`       | `ecr_repository_vulnerability_minimum_severity`  | String          |
@@ -144,7 +144,7 @@ aws:
         "amazon-elb"
     ]
   # aws.ec2_securitygroup_allow_ingress_from_internet_to_high_risk_tcp_ports
-  ec2_sg_high_risk_ports:
+  ec2_high_risk_ports:
     [
         25,
         110,

diff --git a/poetry.lock b/poetry.lock
diff --git a/prowler/config/config.yaml b/prowler/config/config.yaml
@@ -42,7 +42,7 @@ aws:
         "amazon-elb"
     ]
   # aws.ec2_securitygroup_allow_ingress_from_internet_to_high_risk_tcp_ports
-  ec2_sg_high_risk_ports:
+  ec2_high_risk_ports:
     [
         25,
         110,

diff --git a/prowler/providers/aws/aws_regions_by_service.json b/prowler/providers/aws/aws_regions_by_service.json
@@ -10098,6 +10098,15 @@
         ]
       }
     },
+    "socialmessaging": {
+      "regions": {
+        "aws": [
+          "eu-central-1"
+        ],
+        "aws-cn": [],
+        "aws-us-gov": []
+      }
+    },
     "sqs": {
       "regions": {
         "aws": [

diff --git a/pyproject.toml b/pyproject.toml
@@ -77,7 +77,7 @@ tzlocal = "5.2"
 [tool.poetry.group.dev.dependencies]
 bandit = "1.7.10"
 black = "24.10.0"
-coverage = "7.6.7"
+coverage = "7.6.8"
 docker = "7.1.0"
 flake8 = "7.1.1"
 freezegun = "1.5.1"
@@ -100,7 +100,7 @@ optional = true
 [tool.poetry.group.docs.dependencies]
 mkdocs = "1.6.1"
 mkdocs-git-revision-date-localized-plugin = "1.3.0"
-mkdocs-material = "9.5.45"
+mkdocs-material = "9.5.46"
 mkdocs-material-extensions = "1.3.1"
 
 [tool.poetry.scripts]

diff --git a/tests/config/config_test.py b/tests/config/config_test.py
@@ -79,7 +79,7 @@ def mock_prowler_get_latest_release(_, **kwargs):
     "max_ec2_instance_age_in_days": 180,
     "ec2_allowed_interface_types": ["api_gateway_managed", "vpc_endpoint"],
     "ec2_allowed_instance_owners": ["amazon-elb"],
-    "ec2_sg_high_risk_ports": [
+    "ec2_high_risk_ports": [
         25,
         110,
         135,

diff --git a/tests/config/fixtures/config.yaml b/tests/config/fixtures/config.yaml
@@ -42,7 +42,7 @@ aws:
         "amazon-elb"
     ]
   # aws.ec2_securitygroup_allow_ingress_from_internet_to_high_risk_tcp_ports
-  ec2_sg_high_risk_ports:
+  ec2_high_risk_ports:
     [
         25,
         110,