chore: revision

prowler-cloud · Feb 27, 2025 · ad2aa6a · ad2aa6a
1 parent 171bd4d
commit ad2aa6a
Show file tree

Hide file tree

Showing 11 changed files with 43 additions and 87 deletions.
diff --git a/...ra_thirdparty_integrated_apps_not_allowed/entra_thirdparty_integrated_apps_not_allowed.py b/...ra_thirdparty_integrated_apps_not_allowed/entra_thirdparty_integrated_apps_not_allowed.py
@@ -26,14 +26,15 @@ def execute(self) -> List[CheckReportMicrosoft365]:
         findings = []
         auth_policy = entra_client.authorization_policy
 
-        report = CheckReportMicrosoft365(
-            metadata=self.metadata(),
-            resource=auth_policy if auth_policy else {},
-            resource_name=auth_policy.name if auth_policy else "Authorization Policy",
-            resource_id=auth_policy.id if auth_policy else "authorizationPolicy",
-        )
-
         if auth_policy:
+            report = CheckReportMicrosoft365(
+                metadata=self.metadata(),
+                resource=auth_policy if auth_policy else {},
+                resource_name=(
+                    auth_policy.name if auth_policy else "Authorization Policy"
+                ),
+                resource_id=auth_policy.id if auth_policy else "authorizationPolicy",
+            )
             if getattr(
                 auth_policy, "default_user_role_permissions", None
             ) and not getattr(
@@ -48,10 +49,7 @@ def execute(self) -> List[CheckReportMicrosoft365]:
                 report.status_extended = (
                     "App creation is not disabled for non-admin users."
                 )
-        else:
-            report.status = "FAIL"
-            report.status_extended = "Authorization Policy was not found."
 
-        findings.append(report)
+            findings.append(report)
 
         return findings
diff --git a/...ces/sharepoint/sharepoint_external_sharing_managed/sharepoint_external_sharing_managed.py b/...ces/sharepoint/sharepoint_external_sharing_managed/sharepoint_external_sharing_managed.py
@@ -31,13 +31,13 @@ def execute(self) -> List[CheckReportMicrosoft365]:
         """
         findings = []
         settings = sharepoint_client.settings
-        report = CheckReportMicrosoft365(
-            self.metadata(),
-            resource=settings if settings else {},
-            resource_name="SharePoint Settings",
-            resource_id=sharepoint_client.tenant_domain,
-        )
         if settings:
+            report = CheckReportMicrosoft365(
+                self.metadata(),
+                resource=settings if settings else {},
+                resource_name="SharePoint Settings",
+                resource_id=sharepoint_client.tenant_domain,
+            )
             report.status = "FAIL"
             report.status_extended = "SharePoint external sharing is not managed through domain restrictions."
             if settings.sharingDomainRestrictionMode in ["allowList", "blockList"]:
@@ -54,9 +54,6 @@ def execute(self) -> List[CheckReportMicrosoft365]:
                 ):
                     report.status = "PASS"
                     report.status_extended = f"SharePoint external sharing is managed through domain restrictions with mode '{settings.sharingDomainRestrictionMode}'."
-        else:
-            report.status = "FAIL"
-            report.status_extended = "SharePoint settings were not found."
 
-        findings.append(report)
+            findings.append(report)
         return findings
diff --git a/...arepoint/sharepoint_external_sharing_restricted/sharepoint_external_sharing_restricted.py b/...arepoint/sharepoint_external_sharing_restricted/sharepoint_external_sharing_restricted.py
@@ -27,13 +27,13 @@ def execute(self) -> List[CheckReportMicrosoft365]:
         """
         findings = []
         settings = sharepoint_client.settings
-        report = CheckReportMicrosoft365(
-            self.metadata(),
-            resource=settings if settings else {},
-            resource_name="SharePoint Settings",
-            resource_id=sharepoint_client.tenant_domain,
-        )
         if settings:
+            report = CheckReportMicrosoft365(
+                self.metadata(),
+                resource=settings if settings else {},
+                resource_name="SharePoint Settings",
+                resource_id=sharepoint_client.tenant_domain,
+            )
             report.status = "FAIL"
             report.status_extended = (
                 "External sharing is not restricted and guests users can access."
@@ -46,9 +46,6 @@ def execute(self) -> List[CheckReportMicrosoft365]:
             ]:
                 report.status = "PASS"
                 report.status_extended = "External sharing is restricted to external user sharing or more restrictive."
-        else:
-            report.status = "FAIL"
-            report.status_extended = "SharePoint settings were not found."
 
-        findings.append(report)
+            findings.append(report)
         return findings
diff --git a/...ces/sharepoint/sharepoint_guest_sharing_restricted/sharepoint_guest_sharing_restricted.py b/...ces/sharepoint/sharepoint_guest_sharing_restricted/sharepoint_guest_sharing_restricted.py
@@ -28,21 +28,18 @@ def execute(self) -> List[CheckReportMicrosoft365]:
         """
         findings = []
         settings = sharepoint_client.settings
-        report = CheckReportMicrosoft365(
-            self.metadata(),
-            resource=settings if settings else {},
-            resource_name="SharePoint Settings",
-            resource_id=sharepoint_client.tenant_domain,
-        )
         if settings:
+            report = CheckReportMicrosoft365(
+                self.metadata(),
+                resource=settings if settings else {},
+                resource_name="SharePoint Settings",
+                resource_id=sharepoint_client.tenant_domain,
+            )
             report.status = "FAIL"
             report.status_extended = "Guest sharing is not restricted; guest users can share items they do not own."
             if not settings.resharingEnabled:
                 report.status = "PASS"
                 report.status_extended = "Guest sharing is restricted; guest users cannot share items they do not own."
-        else:
-            report.status = "FAIL"
-            report.status_extended = "SharePoint settings were not found."
 
-        findings.append(report)
+            findings.append(report)
         return findings
diff --git a/...nt_modern_authentication_required/sharepoint_modern_authentication_required.metadata.json b/...nt_modern_authentication_required/sharepoint_modern_authentication_required.metadata.json
@@ -6,7 +6,7 @@
   "ServiceName": "sharepoint",
   "SubServiceName": "",
   "ResourceIdTemplate": "",
-  "Severity": "high",
+  "Severity": "critical",
   "ResourceType": "Sharepoint Settings",
   "Description": "Ensure that modern authentication is required for SharePoint applications in Microsoft 365, preventing the use of legacy authentication protocols and blocking access to apps that don't use modern authentication.",
   "Risk": "If modern authentication is not enforced, SharePoint applications may rely on basic authentication, which lacks strong security measures like MFA and increases the risk of credential theft.",

diff --git a/...nt/sharepoint_modern_authentication_required/sharepoint_modern_authentication_required.py b/...nt/sharepoint_modern_authentication_required/sharepoint_modern_authentication_required.py
@@ -30,23 +30,20 @@ def execute(self) -> List[CheckReportMicrosoft365]:
         """
         findings = []
         settings = sharepoint_client.settings
-        report = CheckReportMicrosoft365(
-            self.metadata(),
-            resource=settings if settings else {},
-            resource_name="SharePoint Settings",
-            resource_id=sharepoint_client.tenant_domain,
-        )
         if settings:
+            report = CheckReportMicrosoft365(
+                self.metadata(),
+                resource=settings if settings else {},
+                resource_name="SharePoint Settings",
+                resource_id=sharepoint_client.tenant_domain,
+            )
             report.status = "PASS"
             report.status_extended = "Microsoft 365 SharePoint does not allow access to apps that don't use modern authentication."
 
             if settings.modernAuthentication:
                 report.status = "FAIL"
                 report.status_extended = "Microsoft 365 SharePoint allows access to apps that don't use modern authentication."
-        else:
-            report.status = "FAIL"
-            report.status_extended = "SharePoint settings were not found."
 
-        findings.append(report)
+            findings.append(report)
 
         return findings
diff --git a/...irdparty_integrated_apps_not_allowed/entra_thirdparty_integrated_apps_not_allowed_test.py b/...irdparty_integrated_apps_not_allowed/entra_thirdparty_integrated_apps_not_allowed_test.py
@@ -33,13 +33,7 @@ def test_entra_no_authorization_policy(self):
 
             check = entra_thirdparty_integrated_apps_not_allowed()
             result = check.execute()
-            assert len(result) == 1
-            assert result[0].status == "FAIL"
-            assert result[0].resource == {}
-            assert result[0].resource_name == "Authorization Policy"
-            assert result[0].resource_id == "authorizationPolicy"
-            assert result[0].status_extended == "Authorization Policy was not found."
-            assert result[0].location == "global"
+            assert len(result) == 0
 
     def test_entra_default_user_role_permissions_not_allowed_to_create_apps(self):
         id = str(uuid4())

diff --git a/...harepoint/sharepoint_external_sharing_managed/sharepoint_external_sharing_managed_test.py b/...harepoint/sharepoint_external_sharing_managed/sharepoint_external_sharing_managed_test.py
@@ -295,10 +295,4 @@ def test_empty_settings(self):
 
             check = sharepoint_external_sharing_managed()
             result = check.execute()
-            assert len(result) == 1
-            assert result[0].status == "FAIL"
-            assert result[0].resource == {}
-            assert result[0].resource_name == "SharePoint Settings"
-            assert result[0].resource_id == DOMAIN
-            assert result[0].status_extended == "SharePoint settings were not found."
-            assert result[0].location == "global"
+            assert len(result) == 0
diff --git a/...int/sharepoint_external_sharing_restricted/sharepoint_external_sharing_restricted_test.py b/...int/sharepoint_external_sharing_restricted/sharepoint_external_sharing_restricted_test.py
@@ -135,10 +135,4 @@ def test_empty_settings(self):
 
             check = sharepoint_external_sharing_restricted()
             result = check.execute()
-            assert len(result) == 1
-            assert result[0].status == "FAIL"
-            assert result[0].status_extended == "SharePoint settings were not found."
-            assert result[0].resource_id == DOMAIN
-            assert result[0].location == "global"
-            assert result[0].resource_name == "SharePoint Settings"
-            assert result[0].resource == {}
+            assert len(result) == 0
diff --git a/...harepoint/sharepoint_guest_sharing_restricted/sharepoint_guest_sharing_restricted_test.py b/...harepoint/sharepoint_guest_sharing_restricted/sharepoint_guest_sharing_restricted_test.py
@@ -138,10 +138,4 @@ def test_empty_settings(self):
             check = sharepoint_guest_sharing_restricted()
             result = check.execute()
 
-            assert len(result) == 1
-            assert result[0].status == "FAIL"
-            assert result[0].status_extended == "SharePoint settings were not found."
-            assert result[0].resource_id == DOMAIN
-            assert result[0].location == "global"
-            assert result[0].resource_name == "SharePoint Settings"
-            assert result[0].resource == {}
+            assert len(result) == 0
diff --git a/...arepoint_modern_authentication_required/sharepoint_modern_authentication_required_test.py b/...arepoint_modern_authentication_required/sharepoint_modern_authentication_required_test.py
@@ -138,10 +138,4 @@ def test_sharepoint_empty_settings(self):
 
             check = sharepoint_modern_authentication_required()
             result = check.execute()
-            assert len(result) == 1
-            assert result[0].status == "FAIL"
-            assert result[0].status_extended == "SharePoint settings were not found."
-            assert result[0].resource_id == DOMAIN
-            assert result[0].location == "global"
-            assert result[0].resource_name == "SharePoint Settings"
-            assert result[0].resource == {}
+            assert len(result) == 0