-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(custom): execute custom checks #4202
fix(custom): execute custom checks #4202
Conversation
Hey! @sejimhp This looks great! Could you fix the tests in order to ensure that all it's correct? Thank you 💯 |
@pedrooot Thank you for review! |
I had to add an additional push because it failed in the format. |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #4202 +/- ##
=======================================
Coverage 86.66% 86.67%
=======================================
Files 818 818
Lines 25674 25675 +1
=======================================
+ Hits 22251 22253 +2
+ Misses 3423 3422 -1 ☔ View full report in Codecov by Sentry. |
The coverage drop seems to be caused by main.py, but I couldn't find a test for it... |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good catch @sejimhp, thank you so much for the fix!
This reverts commit 2a139e3.
@@ -180,7 +180,8 @@ def prowler(): | |||
|
|||
# Import custom checks from folder | |||
if checks_folder: | |||
parse_checks_from_folder(global_provider, checks_folder) | |||
custom_checks = parse_checks_from_folder(global_provider, checks_folder) | |||
checks_to_execute.update(custom_checks) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, this is wrong and a regression! Including checks from the checks_folder
does not necessarily mean that we want to execute all of them! You may want to execute only checks that are defined by parameter -c
or --checks
. See prowlers documentation. Your code prevents this behavior. It worked still in the previous prowler version 4.2.3 but it's broken now in the actual v4.2.4.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This workaround fixed that #4256
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This workaround fixed that #4256
That's great!
PS: I clicked on "submit review" only the next day of my comment. That's why my comment only appeared now, after having fixed the issue already.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No problem, thanks!
Context
Custom rules were not available and I would like to to fix it.
It is caused by copying the custom checks folder after loading the checks.
so, added when files are copied
Description
copying the custom check in the
parse_checks_from_folder
function hereBut check loading is called in load_checks_to_execute before that
There was no process to assign a custom check for that transition, so the custom check was not executed!
Added support for updating pre-loaded sets at the time of copying custom check folders.
Check
Here is an example of gcp.
Prepare the following directory structure rules.
Execute the following command
without custome rule scan
with custome rule scan
Confirmed that the number of scans performed and the number of compliant evaluations changes
License
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.