prowler-cloud
fix(apigateway): retrieve correct `logingLevel` status
Context
If AWS API Gateway logs were previously enabled and the logging level was set in the stage properties, but then later changed to logging_level = "OFF", Prowler will not detect this in the current logic. This is because it only checks for the presence of the logging property, not its actual value. Therefore, Prowler needs an additional validation to ensure that logging is truly enabled.
Description
This PR adds a single additional condition to the existing if logic.
Steps to review
Review the changes in the modified logic.
Checklist
Are there new checks included in this PR? No
License
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
✅ Conflict Markers Resolved
All conflict markers have been successfully resolved in this pull request.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hi @bota4go,
Thanks for this contribution! Feel free to solve the comments. In case you don't want to I'll handle it myself as soon as possible.
Codecov Report
:white_check_mark: All modified and coverable lines are covered by tests.
:white_check_mark: Project coverage is 3.06%. Comparing base (0e9ba4b) to head (75f7026).
:warning: Report is 6 commits behind head on master.
:exclamation: There is a different number of reports uploaded between BASE (0e9ba4b) and HEAD (75f7026). Click for more details.
HEAD has 1 upload less than BASE
Flag BASE (0e9ba4b) HEAD (75f7026) api 1 0
Additional details and impacted files
@@ Coverage Diff @@
## master #9304 +/- ##
==========================================
- Coverage 92.39% 3.06% -89.34%
==========================================
Files 157 830 +673
Lines 22290 23443 +1153
==========================================
- Hits 20595 718 -19877
- Misses 1695 22725 +21030
| Flag | Coverage Δ | |
|---|---|---|
| api | ? |
|
| prowler-py3.10-aws | 3.06% <100.00%> (?) |
|
| prowler-py3.11-aws | 3.06% <100.00%> (?) |
|
| prowler-py3.12-aws | 3.06% <100.00%> (?) |
|
| prowler-py3.9-aws | 3.06% <100.00%> (?) |
Flags with carried forward coverage won't be shown. Click here to find out more.
| Components | Coverage Δ | |
|---|---|---|
| prowler | 3.06% <100.00%> (∅) |
|
| api | ∅ <ø> (∅) |
:rocket: New features to boost your workflow:
- :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
- :package: JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hi @bota4go,
Thanks for this contribution! Feel free to solve the comments. In case you don't want to I'll handle it myself as soon as possible.
Hey, mate.
-
Changelog added. Pls have a look.
-
Do You have any case testing examples handy? I can provide screenshots for API gateway stage with loggingLevel turned off and Prowler active alert on that, but I am not sure if it is a right way?
Hi @bota4go,
Sorry for the big delay on the reply. Yes, the screenshots you're referring to should be enough. In addition to that, we can verify it trough boto3: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/apigateway/client/get_stages.html
Since I didn't reply to you quickly, the changelog is now outdated. I'll update it for you to merge this right away.
Sorry again for the late response.
💚 All backports created successfully
| Status | Branch | Result |
|---|---|---|
| ✅ | v5.15 |  |
Questions ?
Please refer to the Backport tool documentation and see the Github Action logs for details
