feat(resource metadata): add resource metadata to JSON OCSF

prowler/lib/check/models.py

@@ -3,7 +3,7 @@
 import re
 import sys
 from abc import ABC, abstractmethod
-from dataclasses import dataclass
+from dataclasses import asdict, dataclass, is_dataclass
 from enum import Enum
 from typing import Any, Dict, Set
 
@@ -405,36 +405,34 @@
     status: str
     status_extended: str
     check_metadata: CheckMetadata
-    resource_metadata: dict
+    resource: dict
     resource_details: str
     resource_tags: list
     muted: bool
 
-    def __init__(self, metadata: Dict, resource: Any = None) -> None:
+    def __init__(self, metadata: Dict, resource: Any) -> None:
         """Initialize the Check's finding information.
 
         Args:
             metadata: The metadata of the check.
             resource: Basic information about the resource. Defaults to None.
-                      Only accepted dict, list, BaseModels (dict attribute), custom models (with to_dict attribute) or objects with __dict__.
+                      Only accepted dict, list, BaseModels (dict attribute), custom models (with to_dict attribute) and dataclasses.
         """
         self.status = ""
         self.check_metadata = CheckMetadata.parse_raw(metadata)
         if isinstance(resource, dict):
-            self.resource_metadata = resource
-        elif isinstance(resource, list):
-            self.resource_metadata = dict(enumerate(resource))
+            self.resource = resource
         elif hasattr(resource, "dict"):
-            self.resource_metadata = resource.dict()
+            self.resource = resource.dict()
         elif hasattr(resource, "to_dict"):
-            self.resource_metadata = resource.to_dict()
-        elif hasattr(resource, "__dict__"):
-            self.resource_metadata = resource.__dict__
+            self.resource = resource.to_dict()
+        elif is_dataclass(resource):
+            self.resource = asdict(resource)
         else:
             logger.error(
-                f"Resource metadata {type(resource)} could not be converted to dict"
+                f"Resource metadata {type(resource)} in {self.check_metadata.CheckID} could not be converted to dict"
             )
-            self.resource_metadata = {}
+            self.resource = {}
         self.status_extended = ""
         self.resource_details = ""
         self.resource_tags = getattr(resource, "tags", []) if resource else []
@@ -449,20 +447,13 @@
     resource_arn: str
     region: str
 
-    def __init__(self, metadata, resource_metadata=None):
-        super().__init__(metadata, resource_metadata)
-        if resource_metadata:
-            self.resource_id = (
-                getattr(resource_metadata, "id", None)
-                or getattr(resource_metadata, "name", None)
-                or ""
-            )
-            self.resource_arn = getattr(resource_metadata, "arn", "")
-            self.region = getattr(resource_metadata, "region", "")
-        else:
-            self.resource_id = ""
-            self.resource_arn = ""
-            self.region = ""
+    def __init__(self, metadata: Dict, resource: Any) -> None:
+        super().__init__(metadata, resource)
+        self.resource_id = (
+            getattr(resource, "id", None) or getattr(resource, "name", None) or ""
+        )
+        self.resource_arn = getattr(resource, "arn", "")
+        self.region = getattr(resource, "region", "")
 
 
 @dataclass
@@ -474,34 +465,20 @@
     subscription: str
     location: str
 
-    def __init__(self, metadata: Dict, resource_metadata: Any = None) -> None:
+    def __init__(self, metadata: Dict, resource: Any) -> None:
         """Initialize the Azure Check's finding information.
 
         Args:
             metadata: The metadata of the check.
-            resource_metadata: Basic information about the resource. Defaults to None.
+            resource: Basic information about the resource. Defaults to None.
         """
-        super().__init__(metadata, resource_metadata)
-        self.resource_name = (
-            resource_metadata.name
-            if hasattr(resource_metadata, "name")
-            else (
-                resource_metadata.resource_name
-                if hasattr(resource_metadata, "resource_name")
-                else ""
-            )
-        )
-        self.resource_id = (
-            resource_metadata.id
-            if hasattr(resource_metadata, "id")
-            else (
-                resource_metadata.resource_id
-                if hasattr(resource_metadata, "resource_id")
-                else ""
-            )
+        super().__init__(metadata, resource)
+        self.resource_name = getattr(
+            resource, "name", getattr(resource, "resource_name", "")
         )
+        self.resource_id = getattr(resource, "id", getattr(resource, "resource_id", ""))
         self.subscription = ""
-        self.location = getattr(resource_metadata, "location", "global")
+        self.location = getattr(resource, "location", "global")
 
 
 @dataclass
@@ -515,26 +492,26 @@
 
     def __init__(
         self,
-        metadata,
-        resource_metadata,
+        metadata: Dict,
+        resource: Any,
         location=None,
         resource_name=None,
         resource_id=None,
         project_id=None,
-    ):
-        super().__init__(metadata, resource_metadata)
+    ) -> None:
+        super().__init__(metadata, resource)
         self.resource_id = (
             resource_id
-            or getattr(resource_metadata, "id", None)
-            or getattr(resource_metadata, "name", None)
+            or getattr(resource, "id", None)
+            or getattr(resource, "name", None)
             or ""
         )
-        self.resource_name = resource_name or getattr(resource_metadata, "name", "")
-        self.project_id = project_id or getattr(resource_metadata, "project_id", "")
+        self.resource_name = resource_name or getattr(resource, "name", "")
+        self.project_id = project_id or getattr(resource, "project_id", "")
         self.location = (
             location
-            or getattr(resource_metadata, "location", "")
-            or getattr(resource_metadata, "region", "")
+            or getattr(resource, "location", "")
+            or getattr(resource, "region", "")
         )
 
 
@@ -547,15 +524,13 @@
     resource_id: str
     namespace: str
 
-    def __init__(self, metadata, resource_metadata):
-        super().__init__(metadata, resource_metadata)
+    def __init__(self, metadata: Dict, resource: Any) -> None:
+        super().__init__(metadata, resource)
         self.resource_id = (
-            getattr(resource_metadata, "uid", None)
-            or getattr(resource_metadata, "name", None)
-            or ""
+            getattr(resource, "uid", None) or getattr(resource, "name", None) or ""
         )
-        self.resource_name = getattr(resource_metadata, "name", "")
-        self.namespace = getattr(resource_metadata, "namespace", "cluster-wide")
+        self.resource_name = getattr(resource, "name", "")
+        self.namespace = getattr(resource, "namespace", "cluster-wide")
         if not self.namespace:
             self.namespace = "cluster-wide"
 

prowler/lib/outputs/common.py

@@ -14,7 +14,7 @@ def fill_common_finding_data(finding: dict, unix_timestamp: bool) -> dict:
         "status_extended": finding.status_extended,
         "muted": finding.muted,
         "resource_details": finding.resource_details,
-        # "resource_metadata": finding.resource_metadata, TODO: add resource_metadata to the finding
+        "resource": finding.resource,
         "resource_tags": unroll_tags(finding.resource_tags),
     }
     return finding_data

prowler/lib/outputs/finding.py

@@ -35,7 +35,7 @@ class Finding(BaseModel):
     status_extended: str
     muted: bool = False
     resource_uid: str
-    # resource_metadata: dict = Field(default_factory=dict) TODO: add resource_metadata to the finding
+    resource_metadata: dict = Field(default_factory=dict)
     resource_name: str
     resource_details: str
     resource_tags: dict = Field(default_factory=dict)
@@ -121,6 +121,7 @@ def generate_output(
         )
         try:
             output_data["provider"] = provider.type
+            output_data["resource_metadata"] = check_output.resource
 
             if provider.type == "aws":
                 output_data["account_uid"] = get_nested_attribute(

prowler/lib/outputs/ocsf/ocsf.py

@@ -113,7 +113,7 @@ def transform(self, findings: List[Finding]) -> None:
                                 region=finding.region,
                                 data={
                                     "details": finding.resource_details,
-                                    # "metadata": finding.resource_metadata, TODO: add the resource_metadata to the finding
+                                    "metadata": finding.resource_metadata,
                                 },
                             )
                         ]
@@ -127,7 +127,7 @@ def transform(self, findings: List[Finding]) -> None:
                                 type=finding.metadata.ResourceType,
                                 data={
                                     "details": finding.resource_details,
-                                    # "metadata": finding.resource_metadata, TODO: add the resource_metadata to the finding
+                                    "metadata": finding.resource_metadata,
                                 },
                                 namespace=finding.region.replace("namespace: ", ""),
                             )
@@ -193,10 +193,15 @@ def batch_write_data_to_file(self) -> None:
             ):
                 self._file_descriptor.write("[")
                 for finding in self._data:
-                    self._file_descriptor.write(
-                        finding.json(exclude_none=True, indent=4)
-                    )
-                    self._file_descriptor.write(",")
+                    try:
+                        self._file_descriptor.write(
+                            finding.json(exclude_none=True, indent=4)
+                        )
+                        self._file_descriptor.write(",")
+                    except Exception as error:
+                        logger.error(
+                            f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
+                        )
                 if self._file_descriptor.tell() > 0:
                     if self._file_descriptor.tell() != 1:
                         self._file_descriptor.seek(

prowler/providers/aws/services/accessanalyzer/accessanalyzer_enabled/accessanalyzer_enabled.py

@@ -8,9 +8,7 @@ class accessanalyzer_enabled(Check):
     def execute(self):
         findings = []
         for analyzer in accessanalyzer_client.analyzers:
-            report = Check_Report_AWS(
-                metadata=self.metadata(), resource_metadata=analyzer
-            )
+            report = Check_Report_AWS(metadata=self.metadata(), resource=analyzer)
             if analyzer.status == "ACTIVE":
                 report.status = "PASS"
                 report.status_extended = (

prowler/providers/aws/services/accessanalyzer/accessanalyzer_enabled_without_findings/accessanalyzer_enabled_without_findings.py

@@ -8,9 +8,7 @@ class accessanalyzer_enabled_without_findings(Check):
     def execute(self):
         findings = []
         for analyzer in accessanalyzer_client.analyzers:
-            report = Check_Report_AWS(
-                metadata=self.metadata(), resource_metadata=analyzer
-            )
+            report = Check_Report_AWS(metadata=self.metadata(), resource=analyzer)
             if analyzer.status == "ACTIVE":
                 report.status = "PASS"
                 report.status_extended = f"IAM Access Analyzer {analyzer.name} does not have active findings."

prowler/providers/aws/services/account/account_maintain_current_contact_details/account_maintain_current_contact_details.py

@@ -7,7 +7,7 @@
 class account_maintain_current_contact_details(Check):
     def execute(self):
         report = Check_Report_AWS(
-            metadata=self.metadata(), resource_metadata=account_client.contact_base
+            metadata=self.metadata(), resource=account_client.contact_base
         )
         report.region = account_client.region
         report.resource_id = account_client.audited_account

prowler/providers/aws/services/account/account_maintain_different_contact_details_to_security_billing_and_operations/account_maintain_different_contact_details_to_security_billing_and_operations.py

@@ -9,7 +9,7 @@ def execute(self):
         findings = []
         if account_client.contact_base:
             report = Check_Report_AWS(
-                metadata=self.metadata(), resource_metadata=account_client.contact_base
+                metadata=self.metadata(), resource=account_client.contact_base
             )
             report.resource_id = account_client.audited_account
             report.resource_arn = account_client.audited_account_arn

prowler/providers/aws/services/account/account_security_contact_information_is_registered/account_security_contact_information_is_registered.py

@@ -7,7 +7,7 @@
 class account_security_contact_information_is_registered(Check):
     def execute(self):
         report = Check_Report_AWS(
-            metadata=self.metadata(), resource_metadata=account_client.contact_base
+            metadata=self.metadata(), resource=account_client.contact_base
         )
         report.region = account_client.region
         report.resource_id = account_client.audited_account

prowler/providers/aws/services/account/account_security_questions_are_registered_in_the_aws_account/account_security_questions_are_registered_in_the_aws_account.py

@@ -7,7 +7,7 @@
 class account_security_questions_are_registered_in_the_aws_account(Check):
     def execute(self):
         report = Check_Report_AWS(
-            metadata=self.metadata(), resource_metadata=account_client.contacts_security
+            metadata=self.metadata(), resource=account_client.contacts_security
         )
         report.region = account_client.region
         report.resource_id = account_client.audited_account

prowler/providers/aws/services/acm/acm_certificates_expiration_check/acm_certificates_expiration_check.py

@@ -8,7 +8,7 @@ def execute(self):
         for certificate in acm_client.certificates.values():
             if certificate.in_use or acm_client.provider.scan_unused_services:
                 report = Check_Report_AWS(
-                    metadata=self.metadata(), resource_metadata=certificate
+                    metadata=self.metadata(), resource=certificate
                 )
                 if certificate.expiration_days > acm_client.audit_config.get(
                     "days_to_expire_threshold", 7

prowler/providers/aws/services/acm/acm_certificates_transparency_logs_enabled/acm_certificates_transparency_logs_enabled.py

@@ -8,7 +8,7 @@ def execute(self):
         for certificate in acm_client.certificates.values():
             if certificate.in_use or acm_client.provider.scan_unused_services:
                 report = Check_Report_AWS(
-                    metadata=self.metadata(), resource_metadata=certificate
+                    metadata=self.metadata(), resource=certificate
                 )
                 if certificate.type == "IMPORTED":
                     report.status = "PASS"

prowler/providers/aws/services/acm/acm_certificates_with_secure_key_algorithms/acm_certificates_with_secure_key_algorithms.py

@@ -8,7 +8,7 @@ def execute(self):
         for certificate in acm_client.certificates.values():
             if certificate.in_use or acm_client.provider.scan_unused_services:
                 report = Check_Report_AWS(
-                    metadata=self.metadata(), resource_metadata=certificate
+                    metadata=self.metadata(), resource=certificate
                 )
 
                 report.status = "PASS"

prowler/providers/aws/services/apigateway/apigateway_restapi_authorizers_enabled/apigateway_restapi_authorizers_enabled.py

@@ -8,9 +8,7 @@ class apigateway_restapi_authorizers_enabled(Check):
     def execute(self):
         findings = []
         for rest_api in apigateway_client.rest_apis:
-            report = Check_Report_AWS(
-                metadata=self.metadata(), resource_metadata=rest_api
-            )
+            report = Check_Report_AWS(metadata=self.metadata(), resource=rest_api)
             report.resource_id = rest_api.name
 
             # it there are not authorizers at api level and resources without methods (default case) ->

prowler/providers/aws/services/apigateway/apigateway_restapi_cache_encrypted/apigateway_restapi_cache_encrypted.py

@@ -10,9 +10,7 @@ def execute(self):
         for rest_api in apigateway_client.rest_apis:
             for stage in rest_api.stages:
                 if stage.cache_enabled:
-                    report = Check_Report_AWS(
-                        metadata=self.metadata(), resource_metadata=stage
-                    )
+                    report = Check_Report_AWS(metadata=self.metadata(), resource=stage)
                     report.region = rest_api.region
                     report.resource_id = rest_api.name
                     report.status = "PASS"

prowler/providers/aws/services/apigateway/apigateway_restapi_client_certificate_enabled/apigateway_restapi_client_certificate_enabled.py

@@ -9,9 +9,7 @@ def execute(self):
         findings = []
         for rest_api in apigateway_client.rest_apis:
             for stage in rest_api.stages:
-                report = Check_Report_AWS(
-                    metadata=self.metadata(), resource_metadata=stage
-                )
+                report = Check_Report_AWS(metadata=self.metadata(), resource=stage)
                 report.resource_id = rest_api.name
                 report.region = rest_api.region
                 if stage.client_certificate:

prowler/providers/aws/services/apigateway/apigateway_restapi_logging_enabled/apigateway_restapi_logging_enabled.py

@@ -9,9 +9,7 @@ def execute(self):
         findings = []
         for rest_api in apigateway_client.rest_apis:
             for stage in rest_api.stages:
-                report = Check_Report_AWS(
-                    metadata=self.metadata(), resource_metadata=stage
-                )
+                report = Check_Report_AWS(metadata=self.metadata(), resource=stage)
                 report.resource_id = rest_api.name
                 report.region = rest_api.region
                 if stage.logging:

prowler/providers/aws/services/apigateway/apigateway_restapi_public/apigateway_restapi_public.py

@@ -8,9 +8,7 @@ class apigateway_restapi_public(Check):
     def execute(self):
         findings = []
         for rest_api in apigateway_client.rest_apis:
-            report = Check_Report_AWS(
-                metadata=self.metadata(), resource_metadata=rest_api
-            )
+            report = Check_Report_AWS(metadata=self.metadata(), resource=rest_api)
             report.resource_id = rest_api.name
 
             if rest_api.public_endpoint:

prowler/providers/aws/services/apigateway/apigateway_restapi_public_with_authorizer/apigateway_restapi_public_with_authorizer.py

@@ -9,9 +9,7 @@ def execute(self):
         findings = []
         for rest_api in apigateway_client.rest_apis:
             if rest_api.public_endpoint:
-                report = Check_Report_AWS(
-                    metadata=self.metadata(), resource_metadata=rest_api
-                )
+                report = Check_Report_AWS(metadata=self.metadata(), resource=rest_api)
                 report.resource_id = rest_api.name
 
                 report.status = "PASS"