fix(acm): Change check logic to scan only in use certificates

prowler-cloud / prowler

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

https://prowler.com

Apache License 2.0

10.53k stars 1.51k forks source link

fix(acm): Change check logic to scan only in use certificates #4732

Closed MarioRgzLpz closed 1 month ago

MarioRgzLpz commented 1 month ago

Context

We noticed that the ACM check acm_certificates_transparency_logs_enabled is scanning unused certificates too something that shouldn’t happen. In order to fix this we have to modify the check so it doesn't scan unused certificates unless the user wants to do it. Adding a test to the check to make sure it is working properly.

Description

Change acm_certificates_transparency_logs_enabled and added respective unit test .

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

codecov[bot] commented 1 month ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 89.11%. Comparing base (cb807e4) to head (40cb8b0).

Additional details and impacted files

```diff @@ Coverage Diff @@ ## master #4732 +/- ## ========================================== + Coverage 89.06% 89.11% +0.04% ========================================== Files 914 914 Lines 27970 27971 +1 ========================================== + Hits 24912 24925 +13 + Misses 3058 3046 -12 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.