From e3b69593b6525059d338c429b5ebff0a374ccf28 Mon Sep 17 00:00:00 2001 From: Kirill Date: Mon, 9 Dec 2024 10:20:27 +0000 Subject: [PATCH 1/2] feat: updated implementation to take only active findings --- plugins/aws/fix_plugin_aws/resource/guardduty.py | 4 +++- plugins/aws/fix_plugin_aws/resource/inspector.py | 5 ++++- plugins/aws/fix_plugin_aws/resource/ssm.py | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/plugins/aws/fix_plugin_aws/resource/guardduty.py b/plugins/aws/fix_plugin_aws/resource/guardduty.py index 14b4e89492..2ea226773d 100644 --- a/plugins/aws/fix_plugin_aws/resource/guardduty.py +++ b/plugins/aws/fix_plugin_aws/resource/guardduty.py @@ -699,7 +699,9 @@ def add_finding( "FindingIds", expected_errors=["BadRequestException"], DetectorId=detector_id, - FindingCriteria={"Criterion": {"accountId": {"Eq": [builder.account.id]}}}, + FindingCriteria={ + "Criterion": {"accountId": {"Eq": [builder.account.id]}, "service.archived": {"Eq": ["false"]}}, + }, ): detector_id for detector_id in detector_ids } diff --git a/plugins/aws/fix_plugin_aws/resource/inspector.py b/plugins/aws/fix_plugin_aws/resource/inspector.py index 12246e961d..a8b318dd6c 100644 --- a/plugins/aws/fix_plugin_aws/resource/inspector.py +++ b/plugins/aws/fix_plugin_aws/resource/inspector.py @@ -151,7 +151,10 @@ def add_finding( action="list-findings", result_name="findings", expected_errors=["AccessDeniedException"], - filterCriteria={"awsAccountId": [{"comparison": "EQUALS", "value": f"{builder.account.id}"}]}, + filterCriteria={ + "awsAccountId": [{"comparison": "EQUALS", "value": f"{builder.account.id}"}], + "findingStatus": [{"comparison": "EQUALS", "value": "ACTIVE"}], + }, ): if finding := AwsInspectorFinding.from_api(item, builder): for fr in finding.finding_resources or []: diff --git a/plugins/aws/fix_plugin_aws/resource/ssm.py b/plugins/aws/fix_plugin_aws/resource/ssm.py index 38d7446545..f27916b5d1 100644 --- a/plugins/aws/fix_plugin_aws/resource/ssm.py +++ b/plugins/aws/fix_plugin_aws/resource/ssm.py @@ -384,7 +384,7 @@ class AwsSSMResourceCompliance(AwsResource, PhantomBaseResource): compliance_details: Optional[Dict[str, str]] = field(default=None, metadata={"description": "A Key:Value tag combination for the compliance item."}) # fmt: skip def parse_finding(self) -> Finding: - title = self.title or "" + title = self.title or (self.compliance_details or {}).get("DocumentName") or "" severity = SEVERITY_MAPPING.get(self.severity or "", Severity.medium) details = self.compliance_details if self.execution_summary: From 8d0a3f97d3c3cc1b97280eea74245fa049f8337e Mon Sep 17 00:00:00 2001 From: Kirill Date: Mon, 9 Dec 2024 10:29:54 +0000 Subject: [PATCH 2/2] feat: updated tests --- ...findings__foo_test.json => list-findings__foo_test_false.json} | 0 ...LS_test.json => list-findings__EQUALS_test_EQUALS_ACTIVE.json} | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename plugins/aws/test/resources/files/guardduty/{list-findings__foo_test.json => list-findings__foo_test_false.json} (100%) rename plugins/aws/test/resources/files/inspector2/{list-findings__EQUALS_test.json => list-findings__EQUALS_test_EQUALS_ACTIVE.json} (100%) diff --git a/plugins/aws/test/resources/files/guardduty/list-findings__foo_test.json b/plugins/aws/test/resources/files/guardduty/list-findings__foo_test_false.json similarity index 100% rename from plugins/aws/test/resources/files/guardduty/list-findings__foo_test.json rename to plugins/aws/test/resources/files/guardduty/list-findings__foo_test_false.json diff --git a/plugins/aws/test/resources/files/inspector2/list-findings__EQUALS_test.json b/plugins/aws/test/resources/files/inspector2/list-findings__EQUALS_test_EQUALS_ACTIVE.json similarity index 100% rename from plugins/aws/test/resources/files/inspector2/list-findings__EQUALS_test.json rename to plugins/aws/test/resources/files/inspector2/list-findings__EQUALS_test_EQUALS_ACTIVE.json