Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(python-option): Make it possible to run Prowler from Python as a library #2134

Closed
wants to merge 1 commit into from
Closed

feat(python-option): Make it possible to run Prowler from Python as a library #2134

wants to merge 1 commit into from

Conversation

meowmeowxw
Copy link

@meowmeowxw meowmeowxw commented Mar 26, 2023
edited

The --python option enable prowler to be called by a python program to manipulate findings directly

Context

Hello, It would be nice to be able to use prowler from python. In this way it's possible to have the type hint of the checks and manipulate them on the fly. Maybe with an additional PR we could also change the code to return the findings with a yield keyword and get them in real time.

To run prowler from python:

# inside the root directory of the project
pip install .

And then with a script:

from prowler import __main__
from prowler.lib.check.models import Check_Report_AWS
from typing import List

arguments = ["aws", "--region", "eu-west-1", "--python", "-c", "account_maintain_current_contact_details"]
findings: List[Check_Report_AWS] = __main__.prowler(args=arguments)
for finding in findings:
    print(finding.status)
    print(finding.check_metadata)

Description

No dependencies are required for this PR. The PR make it possible to run prowler directly from python. Let me know if it's something that you think is useful for your project, or I'll close the PR. A redesign of the main.py would be needed to make it a bit cleaner :D

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@meowmeowxw
Add option to run prowler from python
37572a6 
The --python option enable prowler to be called by a python program to manipulate findings directly
@meowmeowxw meowmeowxw requested a review from a team as a code owner March 26, 2023 20:54
@meowmeowxw meowmeowxw changed the title Add option to run prowler from python feat(python option) Make it possible to run prowler from python Mar 26, 2023
@jfagoagas
Copy link
Member

jfagoagas commented Mar 27, 2023
edited

Hi @meowmeowxw, this is a great addition to Prowler but I'm concerned about all the places where if we catch a critical error Prowler exits the execution, since it will cause to exit the father Python process usign Prowler as a library, causing some abrupt errors instead of the ability to catch the exception.

What do you think?

Also, as I can see this option does not provide a full compatibility with all Prowler's features right?

Thanks for using Prowler.

@meowmeowxw
Copy link
Author

Hello @jfagoagas ,
Thank you for the reply.

Also, as I can see this option does not provide a full compatibility with all Prowler's features right?

Yes just some of them, but I think the most important one is the ability to collect findings. The other flags of prowler are mostly just to get a list of checks/services/options right?

I'm concerned about all the places where if we catch a critical error Prowler exits the execution, since it will cause to exit the father Python process usign Prowler as a library, causing some abrupt errors instead of the ability to catch the exception.

I'll check better the codebase and see what I can do.

What do you think if I focus only on the findings gathering part? Would it suits you or would you like to enable python for everything? (It would require a major refactoring for most of the functions to not print results directly)

@jfagoagas jfagoagas changed the title feat(python option) Make it possible to run prowler from python feat(python-option): Make it possible to run prowler from python Mar 27, 2023
@jfagoagas jfagoagas changed the title feat(python-option): Make it possible to run prowler from python feat(python-option): Make it possible to run Prowler from Python Mar 27, 2023
@jfagoagas
Copy link
Member

jfagoagas commented Mar 27, 2023
edited

Also, as I can see this option does not provide a full compatibility with all Prowler's features right?

Yes just some of them, but I think the most important one is the ability to collect findings. The other flags of prowler are mostly just to get a list of checks/services/options right?

There are flags to export findings to Security Hub, to select the output format you want, etc. You can check it running prowler aws/azure/gcp --help.

What do you think if I focus only on the findings gathering part? Would it suits you or would you like to enable python for everything? (It would require a major refactoring for most of the functions to not print results directly)

I think focusing only on the findings gathering part would be great as a first approach to this new feature, I think the yield part can be really useful here at least to give it a try.

Thanks!

@jfagoagas jfagoagas self-assigned this Mar 27, 2023
@toniblyx
Copy link
Member

hi @meowmeowxw, if I may ask, what is the use case for this feature? Is it by any chance to run it as a Lambda function?

@meowmeowxw
Copy link
Author

Hi @toniblyx ,
Yes it would enable an easier integration into lambda instead of using subprocesses.
It would also be possible to manipulate the findings in real time, and add type hinting (in this way you don't have to load the json and convert it back to Check_Report_AWS)

@toniblyx toniblyx added evaluating severity/low Bug won't result in any noticeable breakdown of the execution. severity/informational Cosmetic or nice-to-have. and removed severity/low Bug won't result in any noticeable breakdown of the execution. labels Apr 13, 2023
@toniblyx toniblyx changed the title feat(python-option): Make it possible to run Prowler from Python feat(python-option): Make it possible to run Prowler from Python as a library Apr 26, 2023
@jfagoagas jfagoagas self-requested a review July 18, 2023 09:04
@jfagoagas jfagoagas added the no-merge Please, DO NOT MERGE this PR. label Aug 25, 2023
@sergargar sergargar added the backport-v3 Pending to port to Prowler v3 branch label Mar 14, 2024
@jfagoagas jfagoagas changed the base branch from master-v3 to v3 April 8, 2024 06:36
@jfagoagas jfagoagas removed the backport-v3 Pending to port to Prowler v3 branch label Apr 19, 2024
@jfagoagas
Copy link
Member

Hi @meowmeowxw, I apologize for not having answered sooner. Actually we are working towards having a way to call Prowler as a library, this is in our roadmap. Do you want to leave this PR opened until that or we can close it?

Thanks for your time 🙌

@meowmeowxw
Copy link
Author

meowmeowxw commented May 2, 2024
edited

Hi,
I will close this PR since I don't have time.
Thanks for the ping 😄

@meowmeowxw meowmeowxw closed this May 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jfagoagas jfagoagas Awaiting requested review from jfagoagas

Assignees
No one assigned
Labels
evaluating no-merge Please, DO NOT MERGE this PR. severity/informational Cosmetic or nice-to-have.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@meowmeowxw @jfagoagas @toniblyx @sergargar