From 844d2c2dc0c63a8fbdb5bb8c29a7ff604c3a7796 Mon Sep 17 00:00:00 2001
From: jcj <jcj@mz.co.kr>
Date: Thu, 10 Oct 2024 15:35:33 +0900
Subject: [PATCH] feat: add kisa_isms_p_2023_aws, kisa_isms_p_2023_korean_aws
 compliance framework, and updated prowler version to 4.4

Signed-off-by: jcj <jcj@mz.co.kr>
---
 pkg/pip_requirements.txt                      |  2 +-
 src/plugin/conf/collector_conf.py             |  5 +++++
 src/plugin/manager/prowler_manager.py         | 21 +++++++++----------
 src/plugin/metadata/prowler.yaml              |  3 +++
 .../Prowler/Compliance/compliance_count.yaml  |  3 ++-
 src/setup.py                                  |  2 +-
 6 files changed, 22 insertions(+), 14 deletions(-)

diff --git a/pkg/pip_requirements.txt b/pkg/pip_requirements.txt
index d92b8bc..a40a58a 100644
--- a/pkg/pip_requirements.txt
+++ b/pkg/pip_requirements.txt
@@ -1,4 +1,4 @@
 spaceone-core
 spaceone-api
-prowler==4.3.3
+prowler==4.4
 natsort
\ No newline at end of file
diff --git a/src/plugin/conf/collector_conf.py b/src/plugin/conf/collector_conf.py
index 005366a..cfb9806 100644
--- a/src/plugin/conf/collector_conf.py
+++ b/src/plugin/conf/collector_conf.py
@@ -78,6 +78,8 @@
         "FedRamp-Moderate-Revision-4": "fedramp_moderate_revision_4_aws",
         "FedRAMP-Low-Revision-4": "fedramp_low_revision_4_aws",
         "ISO27001-2013": "iso27001_2013_aws",
+        "KISA-ISMS-P-2023": "kisa_isms_p_2023_aws",
+        "KISA-ISMS-P-2023-korean": "kisa_isms_p_2023_korean_aws"
     },
     "google_cloud": {
         "CIS-2.0": "cis_2.0_gcp",
@@ -106,6 +108,7 @@
         "ap-southeast-2",
         "ap-southeast-3",
         "ap-southeast-4",
+        "ap-southeast-5",
         "ca-central-1",
         "ca-west-1",
         "cn-north-1",
@@ -153,6 +156,7 @@
         "ConfigService": "config",
         "DirectoryService": "directoryservice",
         "Data Lifecycle Manager": "dlm",
+        "Database Migration Service": "dms",
         "DocumentDB": "documentdb",
         "DRS": "drs",
         "DynamoDB": "dynamodb",
@@ -219,6 +223,7 @@
         "AKS (Azure Kubernetes Service)": "aks",
         "App": "app",
         "AppInsights": "appinsights",
+        "ContainerRegistry": "containerregistry",
         "CosmosDB": "cosmosdb",
         "Defender": "defender",
         "Entra": "entra",
diff --git a/src/plugin/manager/prowler_manager.py b/src/plugin/manager/prowler_manager.py
index 44395be..624094d 100644
--- a/src/plugin/manager/prowler_manager.py
+++ b/src/plugin/manager/prowler_manager.py
@@ -7,7 +7,8 @@
 from typing import Generator, List
 
 from natsort import natsorted
-from prowler.lib.check.check import bulk_load_compliance_frameworks, bulk_load_checks_metadata
+from prowler.lib.check.compliance_models import Compliance
+from prowler.lib.check.models import CheckMetadata
 from spaceone.inventory.plugin.collector.lib import make_cloud_service, make_error_response
 
 from plugin.error.custom import *
@@ -166,7 +167,7 @@ def _convert_results(self, compliance_results):
                 total_check_count += 1
                 if check["status"] == "FAIL":
                     fail_check_count += 1
-                elif check["status"] == "INFO":
+                elif check["status"] == "INFO" or check["status"] == "MANUAL":
                     info_check_count += 1
                 else:
                     pass_check_count += 1
@@ -302,7 +303,7 @@ def _update_check_status_and_stats(check: dict, status: str, score: int) -> dict
             check["status"] = "FAIL"
             check["stats"]["score"]["fail"] += score
             check["stats"]["findings"]["fail"] += 1
-        elif status == "INFO":
+        elif status == "INFO" or status == "MANUAL":
             if check["status"] != "FAIL":
                 check["status"] = "INFO"
             check["stats"]["findings"]["info"] += 1
@@ -322,7 +323,7 @@ def _update_compliance_status_and_stats(
             compliance_result_data["status"] = "FAIL"
             compliance_result_data["stats"]["score"]["fail"] += score
             compliance_result_data["stats"]["findings"]["fail"] += 1
-        elif status == "INFO":
+        elif status == "INFO" or status == "MANUAL":
             if compliance_result_data["status"] != "FAIL":
                 compliance_result_data["status"] = "INFO"
 
@@ -346,12 +347,12 @@ def _make_base_compliance_result(
             self, compliance_id: str, requirement_id: str, requirement_seq: int, check_id: str, severity: str,
             check_result: dict
     ) -> dict:
-        requirement_name, automation, requirement_unsupported = next(
-            ((requirement['Description'], requirement['Automation'], requirement['Unsupported'])
+        requirement_name, automation = next(
+            ((requirement['Description'], requirement['Automation'])
              for requirement in self.requirement_info[self.cloud_service_type]['Requirements']
              if requirement['Requirement_Seq'] == requirement_seq
              ),
-            (None, None, None)
+            (None, None)
         )
         account = compliance_id.split(":")[2]
 
@@ -365,7 +366,7 @@ def _make_base_compliance_result(
                 "requirement_seq": requirement_seq,
                 "automation": automation,
                 "description": check_result["finding_info"]["desc"] if check_id else "",
-                "status": "UNSUPPORTED" if requirement_unsupported else ("PASS" if check_id else "UNKNOWN"),
+                "status": "UNSUPPORTED" if not automation else ("PASS" if check_id else "UNKNOWN"),
                 "severity": severity if check_id else "",
                 "service": check_result["resources"][0]["group"]["name"] if check_id else "",
                 "checks": {},
@@ -434,7 +435,7 @@ def _check_compliance_framework(self):
     def _load_requirement_info(self):
         frameworks = {}
         compliance_framework = COMPLIANCE_FRAMEWORKS[self.provider][self.cloud_service_type]
-        compliance_frameworks = bulk_load_compliance_frameworks(
+        compliance_frameworks = Compliance.get_bulk(
             self.provider if self.provider != "google_cloud" else "gcp"
         )
         sorted_requirements = natsorted(compliance_frameworks[compliance_framework].Requirements,
@@ -447,8 +448,6 @@ def _load_requirement_info(self):
             requirement_checks = requirement_json.get('Checks', [])
             requirement_json['Requirement_Seq'] = i + 1
             requirement_json['Automation'] = bool(requirement_checks)
-            requirement_json['Unsupported'] = not requirement_checks or (
-                    bool(self.checklist) and not bool(set(self.checklist) & set(requirement_checks)))
             frameworks[self.cloud_service_type]['Requirements'].append(requirement_json)
 
         self.requirement_info = frameworks
diff --git a/src/plugin/metadata/prowler.yaml b/src/plugin/metadata/prowler.yaml
index ddad2ac..a0ddf04 100644
--- a/src/plugin/metadata/prowler.yaml
+++ b/src/plugin/metadata/prowler.yaml
@@ -7,6 +7,7 @@ search:
         - PASS: "PASS"
         - FAIL: "FAIL"
         - INFO: "INFO"
+        - MANUAL: "MANUAL"
         - UNSUPPORTED: "UNSUPPORTED"
         - UNKNOWN: "UNKNOWN"
     - Compliance Score: data.stats.score.percent
@@ -42,6 +43,8 @@ table:
           type: badge
         - INFO: peacock.500
           type: badge
+        - MANUAL: peacock.500
+          type: badge
         - PASS: indigo.500
           type: badge
         - UNSUPPORTED: peacock.500
diff --git a/src/plugin/metrics/Prowler/Compliance/compliance_count.yaml b/src/plugin/metrics/Prowler/Compliance/compliance_count.yaml
index 9c0e5c4..29e9bbf 100644
--- a/src/plugin/metrics/Prowler/Compliance/compliance_count.yaml
+++ b/src/plugin/metrics/Prowler/Compliance/compliance_count.yaml
@@ -19,6 +19,7 @@ query_options:
   filter:
   - key: cloud_service_group
     value: Prowler
+    operator: eq
 unit: Count
 namespace_id: ns-prowler-compliance
-version: '1.0'
\ No newline at end of file
+version: '1.1'
\ No newline at end of file
diff --git a/src/setup.py b/src/setup.py
index df7676e..d421427 100644
--- a/src/setup.py
+++ b/src/setup.py
@@ -33,7 +33,7 @@
     install_requires=[
         "spaceone-api",
         "spaceone-core",
-        "prowler==4.3.3",
+        "prowler==4.4",
         "natsort"
     ],
     package_data={"plugin": ["metadata/*.yaml", "metrics/**/**/*.yaml"]},