Add number of muted findings in HTML report

[OlesYudin]

New feature motivation

When you work with the muted list feature it will be really informative to know how many muted findings you have. Because now even if you mute specific checks they will be marked as failed or passed in the "Assessment Overview" dashboard.

Solution Proposed

I would like to see more information in the "Assessment Overview" block. For example:
Total findings: 1859
Passed: 697
Passed (muted): 2
Failed: 1162
Failed (muted): 5
Total Resources: 616

Describe alternatives you've considered

For now, using bash scripts I parse all muted findings and then output the number of all findings, passed, muted, etc..

Additional context

No response

[jfagoagas]

Hello @OlesYudin, that is a great idea, we will think about it and get back to you once the team has an update.

Thanks for using Prowler 🚀

[abant07]

Hi @jfagoagas

Would I be able to work on this issue

[pedrooot]

Hey! @abant07
Of course! Let me know if you need something

[jfagoagas]

Hello @abant07 please, go ahead!

As we did in the previous time, please before start coding I think it'd be great if you can do an analysis of what's needed to be done to be discussed in this issue. Then once we get to an agreement you can start coding. What do you think?

Thanks!

[abant07]

Sounds good. Will get to it right away

[abant07]

Ok,

So from what I am understanding @jfagoagas and @tmonk42 , there is a feature muted findings on Prowler, which allows a user to specify a yaml file with all the checks they want to disregard (or "ignore") regardless if it passes or fails. Currently, Prowler has it so that on the dashboard a customer is able to see the granularity of which tests have failed, passed, muted (passed), and muted( failed).

However, tmonk would like these muted (passed and failed) checks to be shown as separate from the total passed and total failed checks on the assessment overview. By my understanding, Prowler already has it so that a user can see how many muted checks have passed or failed on a different page, however we would also like these muted tests to show up on the assessment overview.

If I understood this correctly, the coding should not be too hard. I looked at the codebase, and it seems that the file that is controlling the dashboard that tmonk had suggested a change to is the html.py file. Specifically, in the write_header(). This write_header() method has a parameter called stats, which is a dictionary containing the keys "findings_count", total_pass, total_fail, "total_fail", "all_fails_are_muted", and "resources_count".

If we want to include keys like "muted_fail" and "muted_pass", we will need to edit the output.py file, specifically the extract_findings_statisticsmethod. Inside this method, it takes a parameter "findings", and we can find muted findings by finding.muted to see if its muted in combination with finding.status == PASS or FAIL.

def extract_findings_statistics(findings: list) -> dict:
    """
    extract_findings_statistics takes a list of findings and returns the following dict with the aggregated statistics
    {
        "total_pass": 0,
        "total_fail": 0,
        "resources_count": 0,
        "findings_count": 0,
    }
    """
    logger.info("Extracting audit statistics...")
    stats = {}
    total_pass = 0
    total_fail = 0
    resources = set()
    findings_count = 0
    all_fails_are_muted = True

    for finding in findings:
        # Save the resource_id
        resources.add(finding.resource_id)
        if finding.status == "PASS":
            total_pass += 1
            findings_count += 1
        if finding.status == "FAIL":
            total_fail += 1
            findings_count += 1
            if not finding.muted and all_fails_are_muted:
                all_fails_are_muted = False

    stats["total_pass"] = total_pass
    stats["total_fail"] = total_fail
    stats["resources_count"] = len(resources)
    stats["findings_count"] = findings_count
    stats["all_fails_are_muted"] = all_fails_are_muted

    return stats

[abant07]

@jfagoagas

Does this all look correct to you? If so, can I start coding it?

[jfagoagas]

That's right, you can go ahead! @abant07

So the work will be:

• Modify the extract_findings_statistics to include two new keys muted_fail and muted_pass.
• Then, update the HTML header to show both new values.
• Add/Update unit tests.

[abant07]

Yes thats correct

[jfagoagas]

Hello @OlesYudin the feature you requested was just merged to the master branch. Please give it a try and let us know if there is something else you consider.

Thanks for using Prowler 🚀