prowler
prowler copied to clipboard
prowler-cloud
feat(cloudflare): Add DNS, Firewall, and WAF services with checks
Context
This PR completes the Cloudflare provider by adding DNS, Firewall, and WAF services. This is part 4 of 4 PRs for complete Cloudflare support.
Depends on: #9425
Description
Adds 3 new services with 4 security checks:
DNS Service (1 check):
| Check | Description |
|---|---|
dns_records_proxied |
Validates DNS records are proxied through Cloudflare |
Firewall Service (2 checks):
| Check | Description |
|---|---|
firewall_has_blocking_rules |
Ensures firewall has blocking rules configured |
firewall_rate_limiting_configured |
Validates rate limiting is configured at firewall level |
WAF Service (1 check):
| Check | Description |
|---|---|
waf_owasp_enabled |
Validates OWASP ruleset is enabled |
Steps to review
- Review DNS service in
prowler/providers/cloudflare/services/dns/ - Review Firewall service in
prowler/providers/cloudflare/services/firewall/ - Review WAF service in
prowler/providers/cloudflare/services/waf/ - Test locally:
prowler cloudflare --api-token <token> --service dns
Checklist
- Are there new checks included in this PR? Yes (4 checks)
- If so, do we need to update permissions for the provider? No
- [x] Review if the code is being covered by tests.
- [x] Review if code is being documented following this specification https://github.com/google/styleguide/blob/gh-pages/pyguide.md#38-comments-and-docstrings
- [ ] Review if backport is needed.
- [ ] Review if is needed to change the Readme.md
- [ ] Ensure new entries are added to CHANGELOG.md, if applicable.
License
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
