Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(prowler-check-kreator): ProwlerChecKreator first version #5099

Merged
merged 23 commits into from
Nov 12, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
91f079b
feat(prowler-check-kreator): first ProwlerCheckKreator version
puchy22 Sep 19, 2024
099a269
fix(prowler-check-kreator): fix init name
puchy22 Sep 20, 2024
1cdf96e
fix(prowler-check-kreator): fix init name
puchy22 Sep 20, 2024
04f31a7
refactor(prowler-check-kreator): separate gemini code into a new class
puchy22 Sep 20, 2024
16abc94
docs(tutorials): add prowler check kreator description and usage
puchy22 Sep 20, 2024
1b58721
fix(prowler-check-kreator): fix index list problems
puchy22 Sep 20, 2024
06da390
feat(prowler-check-kreator): manage variable not set
puchy22 Sep 20, 2024
6008da5
chore(pck): add single context source
puchy22 Oct 4, 2024
0ea2119
chore(pck): introduce metadata in correct order
puchy22 Oct 4, 2024
db6e88c
feat(pck): add to generate tests with Gemini
puchy22 Oct 4, 2024
a7c27bf
chore(pck): add default value to ResourceType in metadata
puchy22 Oct 10, 2024
bf3cec0
chore(pck): change order to introduce Notes in metadata
puchy22 Oct 14, 2024
b4b78ce
Merge branch 'master' into PRWLR-4864-add-mkcheck-script-to-public-repo
puchy22 Oct 28, 2024
392609c
chore(deps): add google-genai for use gemini to deps
puchy22 Oct 28, 2024
9efc455
chore(gemini): change flake8 error
puchy22 Oct 28, 2024
0c132fc
chore(gemini): change flake8 error
puchy22 Oct 28, 2024
6d0a6df
chore(gemini): change flake8 error
puchy22 Oct 28, 2024
583b233
Merge branch 'master' into PRWLR-4864-add-mkcheck-script-to-public-repo
puchy22 Oct 28, 2024
33a258a
chore: revision
MrCloudSec Nov 7, 2024
1ba4871
docs(prowler check kreator): add a note about necessary dependencies
puchy22 Nov 8, 2024
cc577d1
chore(prowler check kreator): change docstrings format
puchy22 Nov 8, 2024
84c7b1a
feat(prowler check kreator): add user input to include Gemini API key
puchy22 Nov 8, 2024
5e77655
chore(prowler check kreator): change logic of execution
puchy22 Nov 8, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 36 additions & 0 deletions docs/tutorials/prowler-check-kreator.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@

# Prowler Check Kreator

???+ note
Currently, this tool is only available for creating checks for the AWS provider.

**Prowler Check Kreator** is a utility designed to streamline the creation of new checks for Prowler. This tool generates all necessary files required to add a new check to the Prowler repository. Specifically, it creates:

- A dedicated folder for the check.
- The main check script.
- A metadata file with essential details.
- A folder and file structure for testing the check.

## Usage

To use the tool, execute the main script with the following command:

```bash
python util/prowler_check_kreator/prowler_check_kreator.py <prowler_provider> <check_name>
```
Parameters:

- `<prowler_provider>`: Currently only AWS is supported.
- `<check_name>`: The name you wish to assign to the new check.

## AI integration

This tool optionally integrates AI to assist in generating the check code and metadata file content. When AI assistance is chosen, the tool uses [Gemini](https://gemini.google.com/) to produce preliminary code and metadata.

???+ note
For this feature to work, you must have the library `google-generativeai` installed in your Python environment.

???+ warning
AI-generated code and metadata might contain errors or require adjustments to align with specific Prowler requirements. Carefully review all AI-generated content before committing.

To enable AI assistance, simply confirm when prompted by the tool. Additionally, ensure that the `GEMINI_API_KEY` environment variable is set with a valid Gemini API key. For instructions on obtaining your API key, refer to the [Gemini documentation](https://ai.google.dev/gemini-api/docs/api-key).
1 change: 1 addition & 0 deletions mkdocs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,7 @@ nav:
- Pentesting: tutorials/pentesting.md
- Parallel Execution: tutorials/parallel-execution.md
- Developer Guide: developer-guide/introduction.md
- Prowler Check Kreator: tutorials/prowler-check-kreator.md
- AWS:
- Authentication: tutorials/aws/authentication.md
- Assume Role: tutorials/aws/role-assumption.md
Expand Down
6 changes: 3 additions & 3 deletions poetry.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Empty file added util/__init__.py
Empty file.
Empty file.
Empty file.
239 changes: 239 additions & 0 deletions util/prowler_check_kreator/lib/llms/gemini.py

Large diffs are not rendered by default.

246 changes: 246 additions & 0 deletions util/prowler_check_kreator/lib/metadata_types.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,246 @@
def get_metadata_valid_check_type(provider: str = "aws") -> list:
"""Get the valid check types for the provider

Args:
provider: The Prowler provider.

Returns:
A list of valid check types for the given provider.
"""
check_types = []

if provider == "aws":
check_types = [
{
"namespace": "Software and Configuration Checks",
"children": [
{
"category": "Vulnerabilities",
"children": [{"classifier": "CVE"}],
},
{
"category": "AWS Security Best Practices",
"children": [
{"classifier": "Network Reachability"},
{"classifier": "Runtime Behavior Analysis"},
],
},
{
"category": "Industry and Regulatory Standards",
"children": [
{"classifier": "AWS Foundational Security Best Practices"},
{"classifier": "CIS Host Hardening Benchmarks"},
{"classifier": "CIS AWS Foundations Benchmark"},
{"classifier": "PCI-DSS"},
{"classifier": "Cloud Security Alliance Controls"},
{"classifier": "ISO 90001 Controls"},
{"classifier": "ISO 27001 Controls"},
{"classifier": "ISO 27017 Controls"},
{"classifier": "ISO 27018 Controls"},
{"classifier": "SOC 1"},
{"classifier": "SOC 2"},
{"classifier": "HIPAA Controls (USA)"},
{"classifier": "NIST 800-53 Controls (USA)"},
{"classifier": "NIST CSF Controls (USA)"},
{"classifier": "IRAP Controls (Australia)"},
{"classifier": "K-ISMS Controls (Korea)"},
{"classifier": "MTCS Controls (Singapore)"},
{"classifier": "FISC Controls (Japan)"},
{"classifier": "My Number Act Controls (Japan)"},
{"classifier": "ENS Controls (Spain)"},
{"classifier": "Cyber Essentials Plus Controls (UK)"},
{"classifier": "G-Cloud Controls (UK)"},
{"classifier": "C5 Controls (Germany)"},
{"classifier": "IT-Grundschutz Controls (Germany)"},
{"classifier": "GDPR Controls (Europe)"},
{"classifier": "TISAX Controls (Europe)"},
],
},
{"category": "Patch Management"},
],
},
{
"namespace": "TTPs",
"children": [
{"category": "Initial Access"},
{"category": "Execution"},
{"category": "Persistence"},
{"category": "Privilege Escalation"},
{"category": "Defense Evasion"},
{"category": "Credential Access"},
{"category": "Discovery"},
{"category": "Lateral Movement"},
{"category": "Collection"},
{"category": "Command and Control"},
],
},
{
"namespace": "Effects",
"children": [
{"category": "Data Exposure"},
{"category": "Data Exfiltration"},
{"category": "Data Destruction"},
{"category": "Denial of Service"},
{"category": "Resource Consumption"},
],
},
{
"namespace": "Unusual Behaviors",
"children": [
{"category": "Application"},
{"category": "Network Flow"},
{"category": "IP address"},
{"category": "User"},
{"category": "VM"},
{"category": "Container"},
{"category": "Serverless"},
{"category": "Process"},
{"category": "Database"},
{"category": "Data"},
],
},
{
"namespace": "Sensitive Data Identifications",
"children": [
{"category": "PII"},
{"category": "Passwords"},
{"category": "Legal"},
{"category": "Financial"},
{"category": "Security"},
{"category": "Business"},
],
},
]

return check_types


def get_metadata_valid_resource_type(provider: str = "aws") -> set:
"""Get the valid resource types for the provider

Args:
provider: The Prowler provider.

Returns:
A set of valid resource types for the given provider.
"""
valid_resource_types = set()

if provider == "aws":
valid_resource_types = {
"AwsIamAccessKey",
"AwsElbLoadBalancer",
"AwsRedshiftCluster",
"AwsEventsEndpoint",
"AwsElbv2LoadBalancer",
"AwsAutoScalingLaunchConfiguration",
"AwsWafv2RuleGroup",
"AwsWafRegionalRule",
"AwsCloudFrontDistribution",
"AwsWafRegionalWebAcl",
"AwsWafRateBasedRule",
"AwsCertificateManagerCertificate",
"AwsKmsKey",
"AwsDmsEndpoint",
"AwsLambdaLayerVersion",
"AwsIamRole",
"AwsElasticBeanstalkEnvironment",
"AwsBackupBackupPlan",
"AwsEc2ClientVpnEndpoint",
"AwsEcrContainerImage",
"AwsSqsQueue",
"AwsIamGroup",
"AwsOpenSearchServiceDomain",
"AwsApiGatewayV2Api",
"AwsCloudTrailTrail",
"AwsWafWebAcl",
"AwsEc2Subnet",
"AwsEc2VpcPeeringConnection",
"AwsEc2VpcEndpointService",
"AwsCodeBuildProject",
"AwsLambdaFunction",
"AwsNetworkFirewallRuleGroup",
"AwsDmsReplicationInstance",
"AwsRdsEventSubscription",
"AwsCloudWatchAlarm",
"AwsS3AccountPublicAccessBlock",
"AwsWafRegionalRateBasedRule",
"AwsRdsDbInstance",
"AwsEksCluster",
"AwsXrayEncryptionConfig",
"AwsWafv2WebAcl",
"AwsWafRuleGroup",
"AwsBackupBackupVault",
"AwsKinesisStream",
"AwsNetworkFirewallFirewallPolicy",
"AwsEc2NetworkInterface",
"AwsEcsTaskDefinition",
"AwsMskCluster",
"AwsApiGatewayRestApi",
"AwsS3Object",
"AwsRdsDbSnapshot",
"AwsBackupRecoveryPoint",
"AwsWafRule",
"AwsS3AccessPoint",
"AwsApiGatewayV2Stage",
"AwsGuardDutyDetector",
"AwsEfsAccessPoint",
"AwsEcsContainer",
"AwsEcsTask",
"AwsS3Bucket",
"AwsSageMakerNotebookInstance",
"AwsNetworkFirewallFirewall",
"AwsStepFunctionStateMachine",
"AwsIamUser",
"AwsAppSyncGraphQLApi",
"AwsApiGatewayStage",
"AwsEcrRepository",
"AwsEcsService",
"AwsEc2Vpc",
"AwsAmazonMQBroker",
"AwsWafRegionalRuleGroup",
"AwsEventSchemasRegistry",
"AwsRoute53HostedZone",
"AwsEventsEventbus",
"AwsDmsReplicationTask",
"AwsEc2Instance",
"AwsEcsCluster",
"AwsRdsDbSecurityGroup",
"AwsCloudFormationStack",
"AwsSnsTopic",
"AwsDynamoDbTable",
"AwsRdsDbCluster",
"AwsEc2Eip",
"AwsEc2RouteTable",
"AwsEc2TransitGateway",
"AwsElasticSearchDomain",
"AwsEc2LaunchTemplate",
"AwsEc2Volume",
"AwsAthenaWorkGroup",
"AwsSecretsManagerSecret",
"AwsEc2SecurityGroup",
"AwsIamPolicy",
"AwsSsmPatchCompliance",
"AwsAutoScalingAutoScalingGroup",
"AwsEc2NetworkAcl",
"AwsRdsDbClusterSnapshot",
}

return valid_resource_types


def get_metadata_placeholder_resource_type(provider: str = "aws") -> str:
"""Get the placeholder for the resource type for the provider

Args:
provider: The Prowler provider.

Returns:
A placeholder for the resource type for the given provider.
"""
placeholder = ""

if provider == "aws":
placeholder = "Other"

return placeholder
Loading
Loading