Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(security hub): solve Security Hub format requirements #2520

Merged
merged 3 commits into from
Jun 21, 2023
Merged

fix(security hub): solve Security Hub format requirements #2520

merged 3 commits into from
Jun 21, 2023

Conversation

sergargar
Copy link
Member

Description

Solve Security Hub format requirements:

  • Description should NOT be longer than 1024 characters
  • AssociatedStandards should NOT have more than 20 items

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@sergargar sergargar requested a review from a team as a code owner June 20, 2023 19:23
@sergargar sergargar linked an issue Jun 20, 2023 that may be closed by this pull request
[Bug]: Additional output formats causing errors reporting to Security Hub, preventing findings from being recorded. #2519
Closed
@jfagoagas jfagoagas added the provider/aws Issues/PRs related with the AWS provider label Jun 21, 2023
jfagoagas
jfagoagas requested changes Jun 21, 2023
View reviewed changes
Copy link
Member

@jfagoagas jfagoagas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good job! Please check my comments to merge 🚀

prowler/lib/outputs/json.py Outdated
Comment on lines 58 to 63
# Description should NOT be longer than 1024 characters
finding_output.Description = (
(finding.status_extended[:1000] + "..")
if len(finding.status_extended) > 100
else finding.status_extended
)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you include this as a part of the class validator? It's so easy to do it with Pydantic https://docs.pydantic.dev/latest/usage/validators/

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, you are doing the comparison with 100 as length.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do I need validators? I want to change the field, not to validate it.

Copy link
Member

@jfagoagas jfagoagas Jun 21, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because you are doing a validation checking the field length, also with that you have all the logic to build the model within the class since you can do that:

class JSONASFF(BaseModel):
    Description: str

    @validator('Description')
    def description_sould_not_exceed_1024_chars(cls, value):
        if len(value) > 1000:
            return value[:1000] + ".."

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, please include tests that validates the new logic included

prowler/lib/outputs/json.py
Comment on lines +77 to +84
if (
len(associated_standards) < 20
): # AssociatedStandards should NOT have more than 20 items
associated_standards.append({"StandardsId": key})
item = f"{key} {' '.join(value)}"
if len(item) > 64:
item = item[0:63]
compliance_summary.append(item)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you include this as a part of the class validator? It's so easy to do it with Pydantic https://docs.pydantic.dev/latest/usage/validators/

@sergargar sergargar force-pushed the 2519-bug-additional-output-formats-causing-errors-reporting-to-security-hub-preventing-findings-from-being-recorded branch 3 times, most recently from b660a46 to 2ce8a18 Compare June 21, 2023 09:42
@sergargar sergargar force-pushed the 2519-bug-additional-output-formats-causing-errors-reporting-to-security-hub-preventing-findings-from-being-recorded branch from 2ce8a18 to 1d6ab73 Compare June 21, 2023 10:39
jfagoagas
jfagoagas approved these changes Jun 21, 2023
View reviewed changes
Copy link
Member

@jfagoagas jfagoagas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀

@jfagoagas jfagoagas merged commit 90ebb81 into master Jun 21, 2023
4 checks passed
@jfagoagas jfagoagas deleted the 2519-bug-additional-output-formats-causing-errors-reporting-to-security-hub-preventing-findings-from-being-recorded branch June 21, 2023 11:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jfagoagas jfagoagas Awaiting requested review from jfagoagas

Assignees

@sergargar sergargar

Labels
provider/aws Issues/PRs related with the AWS provider
Projects
None yet
Milestone
No milestone
2 participants
@sergargar @jfagoagas