Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make two new checks to discern between egress and ingress SG rules #4945

Open
pedrooot opened this issue Sep 6, 2024 · 10 comments
Open

Make two new checks to discern between egress and ingress SG rules #4945

pedrooot opened this issue Sep 6, 2024 · 10 comments
Labels
feature-request New feature request for Prowler.

Comments

@pedrooot
Copy link
Member

pedrooot commented Sep 6, 2024

New feature motivation

This check: ec2_securitygroup_allow_wide_open_public_ipv4 check if the security group has any rules that allow ingress or egress traffic. It does not differentiate between the two cases.

Solution Proposed

Make two new checks, one for egress and other for ingress.

Describe alternatives you've considered

Additional context

#4936

@pedrooot pedrooot added feature-request New feature request for Prowler. status/needs-triage Issue pending triage good first issue Indicates a good issue for first-time contributors labels Sep 6, 2024
@pedrooot pedrooot removed the good first issue Indicates a good issue for first-time contributors label Sep 6, 2024
@abant07
Copy link
Contributor

abant07 commented Sep 9, 2024

Hey @pedrooot, could I work on this issue

Thanks!

@pedrooot
Copy link
Member Author

pedrooot commented Sep 9, 2024

hey! @abant07 sure! It would be great!

@abant07
Copy link
Contributor

abant07 commented Sep 9, 2024

Sounds good. I will do like I have done before. I will give a write up on the issue and how I intend to implement it.

@abant07
Copy link
Contributor

abant07 commented Sep 9, 2024

Just to clarify, is the issue asking to make two separate checks for ec2_securitygroup_allow_wide_open_public_ipv4. One for ingress and the other for egress. Does the ec2_securitygroup_allow_wide_open_public_ipv4 check currently combine both ingress and egress check in 1 file? Or does it only contain ingress?

@pedrooot
Copy link
Member Author

pedrooot commented Sep 9, 2024

We are not sure about the development of these checks. Would you mind waiting until we decide what to do with them? This way, we won't discard your work. I'll let you know as soon as we make a decision, thanks for all Amogh

@abant07
Copy link
Contributor

abant07 commented Sep 9, 2024

Sure no problem

@abant07
Copy link
Contributor

abant07 commented Sep 9, 2024

Hey @pedrooot

In the meantime could I work on #4638

Thanks,
Amogh

@pedrooot
Copy link
Member Author

Sure! It would be great! @abant07

@puchy22 puchy22 changed the title Make two new checks to discern between egress and igress SG rules Make two new checks to discern between egress and ingress SG rules Sep 13, 2024
@abant07
Copy link
Contributor

abant07 commented Sep 19, 2024

Hey @pedrooot

Am I okay to go forward with this issue?

@pedrooot
Copy link
Member Author

#4945 (comment)

@jfagoagas jfagoagas removed the status/needs-triage Issue pending triage label Nov 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
feature-request New feature request for Prowler.
Projects
None yet
Development

No branches or pull requests

3 participants