#10732 Prowler v4 importer ignores muted findings (#10750)

ivan-morgun · web-flow · commit 14c53af190ca · 2024-08-21T10:55:06.000-05:00
* #10732 Prowler v4 importer ignores muted findings * Modify test with new and suppressed findings * Fix typo * Fix one_vuln.ocsf.json
diff --git a/dojo/tools/aws_prowler_v3plus/prowler_v4.py b/dojo/tools/aws_prowler_v3plus/prowler_v4.py
@@ -15,8 +15,9 @@ def process_ocsf_json(self, file, test):
         # https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/reporting/#json
         for deserialized in data:
 
+            mute_status = deserialized.get("status")
             status = deserialized.get("status_code")
-            if status.upper() != "FAIL":
+            if (status.upper() != "FAIL") or (status.upper() == "FAIL" and mute_status == "Suppressed"):
                 continue
 
             account_id = deserialized.get("cloud", {}).get("account", {}).get("uid", "")
diff --git a/unittests/scans/aws_prowler_v3plus/many_vuln.ocsf.json b/unittests/scans/aws_prowler_v3plus/many_vuln.ocsf.json
@@ -10,7 +10,7 @@
     },
     "severity_id": 4,
     "severity": "High",
-    "status": "Suppressed",
+    "status": "New",
     "status_code": "FAIL",
     "status_detail": "IAM Role myAdministratorExecutionRole has AdministratorAccess policy attached that has too permissive trust relationship.",
     "status_id": 3,
@@ -89,7 +89,7 @@
     },
     "severity_id": 4,
     "severity": "High",
-    "status": "Suppressed",
+    "status": "New",
     "status_code": "FAIL",
     "status_detail": "IAM Role AuditRole gives cross account read-only access.",
     "status_id": 3,
diff --git a/unittests/scans/aws_prowler_v3plus/one_vuln.ocsf.json b/unittests/scans/aws_prowler_v3plus/one_vuln.ocsf.json
@@ -10,7 +10,7 @@
     },
     "severity_id": 4,
     "severity": "High",
-    "status": "Suppressed",
+    "status": "New",
     "status_code": "FAIL",
     "status_detail": "IAM Role myAdministratorExecutionRole has AdministratorAccess policy attached that has too permissive trust relationship.",
     "status_id": 3,
diff --git a/unittests/tools/test_aws_prowler_v3plus_parser.py b/unittests/tools/test_aws_prowler_v3plus_parser.py
@@ -55,13 +55,10 @@ def test_aws_prowler_parser_with_critical_vuln_has_one_findings_ocsf_json(self):
     def test_aws_prowler_parser_with_many_vuln_has_many_findings_ocsf_json(self):
         findings = self.setup(
             open("unittests/scans/aws_prowler_v3plus/many_vuln.ocsf.json", encoding="utf-8"))
-        self.assertEqual(3, len(findings))
+        self.assertEqual(2, len(findings))
         with self.subTest(i=0):
             self.assertEqual("prowler-aws-iam_role_administratoraccess_policy_permissive_trust_relationship-123456789012-us-east-1-myAdministratorExecutionRole", findings[0].unique_id_from_tool)
             self.assertIn("Ensure IAM Roles with attached AdministratorAccess policy have a well defined trust relationship", findings[0].description)
         with self.subTest(i=1):
             self.assertEqual("prowler-aws-iam_role_cross_account_readonlyaccess_policy-123456789012-us-east-1-AuditRole", findings[1].unique_id_from_tool)
             self.assertIn("Ensure IAM Roles do not have ReadOnlyAccess access for external AWS accounts", findings[1].description)
-        with self.subTest(i=3):
-            self.assertEqual("prowler-aws-iam_role_permissive_trust_relationship-123456789012-us-east-1-CrossAccountResourceAccessRole", findings[2].unique_id_from_tool)
-            self.assertIn("Ensure IAM Roles do not allow assume role from any role of a cross account", findings[2].description)
