-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(efs): check all public conditions #3872
fix(efs): check all public conditions #3872
Conversation
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #3872 +/- ##
==========================================
+ Coverage 86.33% 86.39% +0.05%
==========================================
Files 746 747 +1
Lines 23228 23246 +18
==========================================
+ Hits 20055 20083 +28
+ Misses 3173 3163 -10 ☔ View full report in Codecov by Sentry. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great improvement @sergargar 👏
I left some comments about code organisation and some things missing in tests.
prowler/providers/aws/services/efs/efs_not_publicly_accessible/efs_not_publicly_accessible.py
Outdated
Show resolved
Hide resolved
and conditions["Bool"].get("elasticfilesystem:AccessedViaMountTarget") | ||
== "true" | ||
): | ||
return True |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It'd be more readable to set a has_secure_conditions = False
by default and the here
return True | |
has_secure_conditions = True |
prowler/providers/aws/services/efs/efs_not_publicly_accessible/efs_not_publicly_accessible.py
Outdated
Show resolved
Hide resolved
prowler/providers/aws/services/efs/efs_not_publicly_accessible/efs_not_publicly_accessible.py
Outdated
Show resolved
Hide resolved
...s/providers/aws/services/efs/efs_not_publicly_accessible/efs_not_publicly_accessible_test.py
Outdated
Show resolved
Hide resolved
...s/providers/aws/services/efs/efs_not_publicly_accessible/efs_not_publicly_accessible_test.py
Show resolved
Hide resolved
...s/providers/aws/services/efs/efs_not_publicly_accessible/efs_not_publicly_accessible_test.py
Outdated
Show resolved
Hide resolved
...s/providers/aws/services/efs/efs_not_publicly_accessible/efs_not_publicly_accessible_test.py
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lovely!!! Thanks for taking care of this 🚀
Description
As in https://docs.aws.amazon.com/efs/latest/ug/access-control-block-public-access.html#what-is-a-public-policy, check all the possible conditions that could make an EFS volume public.
License
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.