search

prowler-cloud / prowler

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
https://prowler.com
Apache License 2.0
10.87k stars 1.55k forks source link

[Bug]: allowlist with tags unexpected behavior #2391

Closed D592 closed 1 year ago

D592 commented 1 year ago

Steps to Reproduce

I'm trying to use allowlist.yaml file for reducing false positive - for instance:

Allowlist:
  Accounts:
    "*":
      Checks:
        "s3_bucket_default_encryption":
          Regions: ["*"]
          Resources: ["*"]
          Tags:
            - "mytag:env=ppe|mytag:env=demo|mytag:env=staging"

It's according documentation ignores all resources with tag mytag:env=ppe OR mytag:env=demo OR mytag:env=staging But noting happens and the findings for the resources are marked "FAIL" The allowlist.yaml file with the next settings - works:

Allowlist:
  Accounts:
    "*":
      Checks:
        "s3_bucket_default_encryption":
          Regions: ["*"]
          Resources: ["*"]
          Tags:
            - "mytag:env=ppe"

Resources with tag mytag:env=ppe are marked "WARNING"

Expected behavior

The "allowlist" settings should mark all the findings ("s3_bucket_default_encryption") for the tagged resources as "WARNING"

      Checks:
        "s3_bucket_default_encryption":
          Regions: ["*"]
          Resources: ["*"]
          Tags:
            - "mytag:env=ppe|mytag:env=demo|mytag:env=staging"

resourceA with tag mytag:env=ppe, resourceA with tag mytag:env=demo - and so on ... Anyway that behavior is claimed in documentation https://docs.prowler.cloud/en/latest/tutorials/allowlist/

Actual Result with Screenshots or Logs

prowler aws -M csv html json -w allowlist.yaml --checks s3_bucket_default_encryption

How did you install Prowler?

From pip package (pip install prowler)

Environment Resource

workstation

OS used

Ubuntu 22

Prowler version

Prowler 3.4.1

Pip version

pip 22.0.2

Context

No response

MrCloudSec commented 1 year ago

Hi @D592, thanks for reaching us out. Can you update Prowler to latest version 3.5.2 and let us know if it is still happening?

D592 commented 1 year ago

hello - upgraded to latest v 3.5.2 - tested - the same issue

On Tue, May 23, 2023 at 11:21 AM Sergio Garcia @.***> wrote:

Hi @D592 https://github.com/D592, thanks for reaching us out. Can you update Prowler to latest version 3.5.2 and let us know if it is still happening?

— Reply to this email directly, view it on GitHub https://github.com/prowler-cloud/prowler/issues/2391#issuecomment-1558771828, or unsubscribe https://github.com/notifications/unsubscribe-auth/AUE4PITXSWEJ4OUKOOCYGADXHRXSBANCNFSM6AAAAAAYLQKGJ4 . You are receiving this because you were mentioned.Message ID: @.***>

MrCloudSec commented 1 year ago

Can you try it again with the version 3.5.3 we have just release? It should be solved now, thank you.

D592 commented 1 year ago

Yes, it works. Could you close the issue

On Wed, May 24, 2023 at 1:06 PM Sergio Garcia @.***> wrote:

Can you try it again with the version 3.5.3 we have just release? It should be solved now.

— Reply to this email directly, view it on GitHub https://github.com/prowler-cloud/prowler/issues/2391#issuecomment-1560829581, or unsubscribe https://github.com/notifications/unsubscribe-auth/AUE4PIXRPAQ3UNKORX3BNCTXHXMTRANCNFSM6AAAAAAYLQKGJ4 . You are receiving this because you were mentioned.Message ID: @.***>