schubergphilis · costastf · Jul 26, 2024 · Jul 25, 2024 · Jul 25, 2024 · Jul 25, 2024
diff --git a/awsfindingsmanagerlib/awsfindingsmanagerlib.py b/awsfindingsmanagerlib/awsfindingsmanagerlib.py
@@ -723,7 +723,11 @@ def _get_findings(self, query_filter: Dict):
         regions_to_retrieve = [aggregating_region] if aggregating_region else self.regions
         for region in regions_to_retrieve:
             self._logger.debug(f'Trying to get findings for region {region}')
-            iterator = self._get_security_hub_paginator_iterator(region, 'get_findings', query_filter)
+            iterator = self._get_security_hub_paginator_iterator(
+                region=region,
+                operation_name='get_findings',
+                query_filter=query_filter
+            )
             try:
                 for page in iterator:
                     for finding_data in page['Findings']:

diff --git a/tests/fixtures/batch_update_findings_full.json b/tests/fixtures/batch_update_findings_full.json
@@ -0,0 +1,63 @@
+[
+  {
+    "FindingIdentifiers": [
+      {
+        "Id": "arn:aws:securityhub:eu-west-1:988763490897:security-control/S3.9/finding/180e73dc-a807-4ddd-a36a-14696c85ba9e",
+        "ProductArn": "arn:aws:securityhub:eu-west-1::product/aws/securityhub"
+      },
+      {
+        "Id": "arn:aws:securityhub:eu-west-1:988763490897:security-control/S3.9/finding/71a625e2-1a57-4fee-bc3f-22cf3f9f9e57",
+        "ProductArn": "arn:aws:securityhub:eu-west-1::product/aws/securityhub"
+      }
+    ],
+    "Workflow": {
+      "Status": "SUPPRESSED"
+    },
+    "Note": {
+      "Text": "Too expensive on non-prod",
+      "UpdatedBy": "FindingsManager"
+    }
+  },
+  {
+    "FindingIdentifiers": [
+      {
+        "Id": "arn:aws:securityhub:eu-west-1:988763490897:security-control/S3.14/finding/e27c3ee5-4616-4d32-9eaf-adcf01921246",
+        "ProductArn": "arn:aws:securityhub:eu-west-1::product/aws/securityhub"
+      },
+      {
+        "Id": "arn:aws:securityhub:eu-west-1:988763490897:security-control/S3.14/finding/db101219-4b19-4176-a660-490d30b7945d",
+        "ProductArn": "arn:aws:securityhub:eu-west-1::product/aws/securityhub"
+      }
+    ],
+    "Workflow": {
+      "Status": "SUPPRESSED"
+    },
+    "Note": {
+      "Text": "Config as code",
+      "UpdatedBy": "FindingsManager"
+    }
+  },
+  {
+    "FindingIdentifiers": [
+      {
+        "Id": "arn:aws:securityhub:eu-west-1:988763490897:security-control/S3.20/finding/45fee04a-22ed-4242-a316-ebaecd5a1b36",
+        "ProductArn": "arn:aws:securityhub:eu-west-1::product/aws/securityhub"
+      },
+      {
+        "Id": "arn:aws:securityhub:eu-west-1:988763490897:security-control/S3.20/finding/2e14352c-2bb5-4dfc-88af-71467172d92f",
+        "ProductArn": "arn:aws:securityhub:eu-west-1::product/aws/securityhub"
+      },
+      {
+        "Id": "arn:aws:securityhub:eu-west-1:988763490897:security-control/S3.20/finding/c9403a5e-0f03-45f6-a85e-754f043a6b10",
+        "ProductArn": "arn:aws:securityhub:eu-west-1::product/aws/securityhub"
+      }
+    ],
+    "Workflow": {
+      "Status": "SUPPRESSED"
+    },
+    "Note": {
+      "Text": "MF-Neigh",
+      "UpdatedBy": "FindingsManager"
+    }
+  }
+]
diff --git a/tests/fixtures/findings/full/S3.14/acc.json b/tests/fixtures/findings/full/S3.14/acc.json
@@ -0,0 +1,92 @@
+{
+  "SchemaVersion": "2018-10-08",
+  "Id": "arn:aws:securityhub:eu-west-1:988763490897:security-control/S3.14/finding/e27c3ee5-4616-4d32-9eaf-adcf01921246",
+  "ProductArn": "arn:aws:securityhub:eu-west-1::product/aws/securityhub",
+  "ProductName": "Security Hub",
+  "CompanyName": "AWS",
+  "Region": "eu-west-1",
+  "GeneratorId": "security-control/S3.14",
+  "AwsAccountId": "988763490897",
+  "Types": [
+    "Software and Configuration Checks/Industry and Regulatory Standards"
+  ],
+  "FirstObservedAt": "2024-07-24T19:02:50.270Z",
+  "LastObservedAt": "2024-07-24T19:05:18.868Z",
+  "CreatedAt": "2024-07-24T19:02:50.270Z",
+  "UpdatedAt": "2024-07-24T19:05:05.304Z",
+  "Severity": {
+    "Label": "LOW",
+    "Normalized": 1,
+    "Original": "LOW"
+  },
+  "Title": "S3 general purpose buckets should have versioning enabled",
+  "Description": "This control checks whether an Amazon S3 general purpose bucket has versioning enabled. The control fails if versioning is suspended for the bucket.",
+  "Remediation": {
+    "Recommendation": {
+      "Text": "For information on how to correct this issue, consult the AWS Security Hub controls documentation.",
+      "Url": "https://docs.aws.amazon.com/console/securityhub/S3.14/remediation"
+    }
+  },
+  "ProductFields": {
+    "RelatedAWSResources:0/name": "securityhub-s3-bucket-versioning-enabled-a376307d",
+    "RelatedAWSResources:0/type": "AWS::Config::ConfigRule",
+    "aws/securityhub/ProductName": "Security Hub",
+    "aws/securityhub/CompanyName": "AWS",
+    "Resources:0/Id": "arn:aws:s3:::boeket-acc",
+    "aws/securityhub/FindingId": "arn:aws:securityhub:eu-west-1::product/aws/securityhub/arn:aws:securityhub:eu-west-1:988763490897:security-control/S3.14/finding/e27c3ee5-4616-4d32-9eaf-adcf01921246"
+  },
+  "Resources": [
+    {
+      "Type": "AwsS3Bucket",
+      "Id": "arn:aws:s3:::boeket-acc",
+      "Partition": "aws",
+      "Region": "eu-west-1",
+      "Tags": {
+        "ManagedBy": "CFN"
+      },
+      "Details": {
+        "AwsS3Bucket": {
+          "OwnerId": "2240facc0082445db039bc31ec992cbbcbdc1f0f703d4f3dac0f91273a05d33f",
+          "CreatedAt": "2024-07-24T19:02:06.000Z",
+          "Name": "boeket-acc"
+        }
+      }
+    }
+  ],
+  "Compliance": {
+    "Status": "FAILED",
+    "RelatedRequirements": [
+      "NIST.800-53.r5 AU-9(2)",
+      "NIST.800-53.r5 CP-10",
+      "NIST.800-53.r5 CP-6",
+      "NIST.800-53.r5 CP-6(1)",
+      "NIST.800-53.r5 CP-6(2)",
+      "NIST.800-53.r5 CP-9",
+      "NIST.800-53.r5 SC-5(2)",
+      "NIST.800-53.r5 SI-12",
+      "NIST.800-53.r5 SI-13(5)"
+    ],
+    "SecurityControlId": "S3.14",
+    "AssociatedStandards": [
+      {
+        "StandardsId": "standards/nist-800-53/v/5.0.0"
+      }
+    ]
+  },
+  "WorkflowState": "NEW",
+  "Workflow": {
+    "Status": "NEW"
+  },
+  "RecordState": "ACTIVE",
+  "FindingProviderFields": {
+    "Severity": {
+      "Label": "LOW",
+      "Original": "LOW"
+    },
+    "Types": [
+      "Software and Configuration Checks/Industry and Regulatory Standards"
+    ]
+  },
+  "ProcessedAt": "2024-07-24T19:05:21.841Z",
+  "AwsAccountName": "watcher"
+}
diff --git a/tests/fixtures/findings/full/S3.14/dev.json b/tests/fixtures/findings/full/S3.14/dev.json
@@ -0,0 +1,93 @@
+{
+  "SchemaVersion": "2018-10-08",
+  "Id": "arn:aws:securityhub:eu-west-1:988763490897:security-control/S3.14/finding/4b0d331f-2396-4663-847b-344126c3e780",
+  "ProductArn": "arn:aws:securityhub:eu-west-1::product/aws/securityhub",
+  "ProductName": "Security Hub",
+  "CompanyName": "AWS",
+  "Region": "eu-west-1",
+  "GeneratorId": "security-control/S3.14",
+  "AwsAccountId": "988763490897",
+  "Types": [
+    "Software and Configuration Checks/Industry and Regulatory Standards"
+  ],
+  "FirstObservedAt": "2024-07-24T19:02:50.271Z",
+  "LastObservedAt": "2024-07-24T19:07:24.672Z",
+  "CreatedAt": "2024-07-24T19:02:50.271Z",
+  "UpdatedAt": "2024-07-24T19:07:14.170Z",
+  "Severity": {
+    "Label": "LOW",
+    "Normalized": 1,
+    "Original": "LOW"
+  },
+  "Title": "S3 general purpose buckets should have versioning enabled",
+  "Description": "This control checks whether an Amazon S3 general purpose bucket has versioning enabled. The control fails if versioning is suspended for the bucket.",
+  "Remediation": {
+    "Recommendation": {
+      "Text": "For information on how to correct this issue, consult the AWS Security Hub controls documentation.",
+      "Url": "https://docs.aws.amazon.com/console/securityhub/S3.14/remediation"
+    }
+  },
+  "ProductFields": {
+    "RelatedAWSResources:0/name": "securityhub-s3-bucket-versioning-enabled-a376307d",
+    "RelatedAWSResources:0/type": "AWS::Config::ConfigRule",
+    "aws/securityhub/ProductName": "Security Hub",
+    "aws/securityhub/CompanyName": "AWS",
+    "Resources:0/Id": "arn:aws:s3:::boeket-dev",
+    "aws/securityhub/FindingId": "arn:aws:securityhub:eu-west-1::product/aws/securityhub/arn:aws:securityhub:eu-west-1:988763490897:security-control/S3.14/finding/4b0d331f-2396-4663-847b-344126c3e780"
+  },
+  "Resources": [
+    {
+      "Type": "AwsS3Bucket",
+      "Id": "arn:aws:s3:::boeket-dev",
+      "Partition": "aws",
+      "Region": "eu-west-1",
+      "Tags": {
+        "ManagedBy": "Pulumi",
+        "Terraform": "ManagedBy"
+      },
+      "Details": {
+        "AwsS3Bucket": {
+          "OwnerId": "2240facc0082445db039bc31ec992cbbcbdc1f0f703d4f3dac0f91273a05d33f",
+          "CreatedAt": "2024-07-24T19:01:29.000Z",
+          "Name": "boeket-dev"
+        }
+      }
+    }
+  ],
+  "Compliance": {
+    "Status": "FAILED",
+    "RelatedRequirements": [
+      "NIST.800-53.r5 AU-9(2)",
+      "NIST.800-53.r5 CP-10",
+      "NIST.800-53.r5 CP-6",
+      "NIST.800-53.r5 CP-6(1)",
+      "NIST.800-53.r5 CP-6(2)",
+      "NIST.800-53.r5 CP-9",
+      "NIST.800-53.r5 SC-5(2)",
+      "NIST.800-53.r5 SI-12",
+      "NIST.800-53.r5 SI-13(5)"
+    ],
+    "SecurityControlId": "S3.14",
+    "AssociatedStandards": [
+      {
+        "StandardsId": "standards/nist-800-53/v/5.0.0"
+      }
+    ]
+  },
+  "WorkflowState": "NEW",
+  "Workflow": {
+    "Status": "NEW"
+  },
+  "RecordState": "ACTIVE",
+  "FindingProviderFields": {
+    "Severity": {
+      "Label": "LOW",
+      "Original": "LOW"
+    },
+    "Types": [
+      "Software and Configuration Checks/Industry and Regulatory Standards"
+    ]
+  },
+  "ProcessedAt": "2024-07-24T19:07:28.104Z",
+  "AwsAccountName": "watcher"
+}
diff --git a/tests/fixtures/findings/full/S3.14/prd.json b/tests/fixtures/findings/full/S3.14/prd.json
@@ -0,0 +1,92 @@
+{
+  "SchemaVersion": "2018-10-08",
+  "Id": "arn:aws:securityhub:eu-west-1:988763490897:security-control/S3.14/finding/db101219-4b19-4176-a660-490d30b7945d",
+  "ProductArn": "arn:aws:securityhub:eu-west-1::product/aws/securityhub",
+  "ProductName": "Security Hub",
+  "CompanyName": "AWS",
+  "Region": "eu-west-1",
+  "GeneratorId": "security-control/S3.14",
+  "AwsAccountId": "988763490897",
+  "Types": [
+    "Software and Configuration Checks/Industry and Regulatory Standards"
+  ],
+  "FirstObservedAt": "2024-07-24T19:05:05.304Z",
+  "LastObservedAt": "2024-07-24T19:05:20.186Z",
+  "CreatedAt": "2024-07-24T19:05:05.304Z",
+  "UpdatedAt": "2024-07-24T19:05:05.304Z",
+  "Severity": {
+    "Label": "LOW",
+    "Normalized": 1,
+    "Original": "LOW"
+  },
+  "Title": "S3 general purpose buckets should have versioning enabled",
+  "Description": "This control checks whether an Amazon S3 general purpose bucket has versioning enabled. The control fails if versioning is suspended for the bucket.",
+  "Remediation": {
+    "Recommendation": {
+      "Text": "For information on how to correct this issue, consult the AWS Security Hub controls documentation.",
+      "Url": "https://docs.aws.amazon.com/console/securityhub/S3.14/remediation"
+    }
+  },
+  "ProductFields": {
+    "RelatedAWSResources:0/name": "securityhub-s3-bucket-versioning-enabled-a376307d",
+    "RelatedAWSResources:0/type": "AWS::Config::ConfigRule",
+    "aws/securityhub/ProductName": "Security Hub",
+    "aws/securityhub/CompanyName": "AWS",
+    "Resources:0/Id": "arn:aws:s3:::boeket-prd",
+    "aws/securityhub/FindingId": "arn:aws:securityhub:eu-west-1::product/aws/securityhub/arn:aws:securityhub:eu-west-1:988763490897:security-control/S3.14/finding/db101219-4b19-4176-a660-490d30b7945d"
+  },
+  "Resources": [
+    {
+      "Type": "AwsS3Bucket",
+      "Id": "arn:aws:s3:::boeket-prd",
+      "Partition": "aws",
+      "Region": "eu-west-1",
+      "Tags": {
+        "ManagedBy": "Terraform"
+      },
+      "Details": {
+        "AwsS3Bucket": {
+          "OwnerId": "2240facc0082445db039bc31ec992cbbcbdc1f0f703d4f3dac0f91273a05d33f",
+          "CreatedAt": "2024-07-24T19:02:52.000Z",
+          "Name": "boeket-prd"
+        }
+      }
+    }
+  ],
+  "Compliance": {
+    "Status": "FAILED",
+    "RelatedRequirements": [
+      "NIST.800-53.r5 AU-9(2)",
+      "NIST.800-53.r5 CP-10",
+      "NIST.800-53.r5 CP-6",
+      "NIST.800-53.r5 CP-6(1)",
+      "NIST.800-53.r5 CP-6(2)",
+      "NIST.800-53.r5 CP-9",
+      "NIST.800-53.r5 SC-5(2)",
+      "NIST.800-53.r5 SI-12",
+      "NIST.800-53.r5 SI-13(5)"
+    ],
+    "SecurityControlId": "S3.14",
+    "AssociatedStandards": [
+      {
+        "StandardsId": "standards/nist-800-53/v/5.0.0"
+      }
+    ]
+  },
+  "WorkflowState": "NEW",
+  "Workflow": {
+    "Status": "NEW"
+  },
+  "RecordState": "ACTIVE",
+  "FindingProviderFields": {
+    "Severity": {
+      "Label": "LOW",
+      "Original": "LOW"
+    },
+    "Types": [
+      "Software and Configuration Checks/Industry and Regulatory Standards"
+    ]
+  },
+  "ProcessedAt": "2024-07-24T19:05:23.098Z",
+  "AwsAccountName": "watcher"
+}