feat(stepfunctions): add stepfunctions service and check stepfunctions_statemachine_logging_enabled

[AdriiiPRodri]

Context

To cover the checks for the Step Functions service, in this PR we have added that service and have also included the logging enabled check: [StepFunctions.1] Step Functions state machines should have logging turned on

Description

This PR adds:

• Step Functions service.
• Step Functions client.
• stepfunctions_statemachine_logging_enabled check.
• Unittest for service, check and config.
• Config file parameter to check log level (the check will only pass if the state machine has the specified logging level enabled).

Checklist

• Are there new checks included in this PR? Yes
  • If so, do we need to update permissions for the provider? Please review this carefully.
• Review if the code is being covered by tests.
• Review if code is being documented following this specification https://github.com/google/styleguide/blob/gh-pages/pyguide.md#38-comments-and-docstrings
• Review if backport is needed.

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[github-actions]

You can check the documentation for this PR here -> Prowler Documentation

[github-actions]

You can check the documentation for this PR here -> Prowler Documentation

[codecov]

Codecov Report

Attention: Patch coverage is 98.54015% with 2 lines in your changes missing coverage. Please review.

Project coverage is 89.92%. Comparing base (f53a887) to head (c70626e).
Report is 15 commits behind head on master.

Files with missing lines	Patch %	Lines
...ws/services/stepfunctions/stepfunctions_service.py	98.24%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #5466      +/-   ##
==========================================
+ Coverage   89.88%   89.92%   +0.03%     
==========================================
  Files        1132     1136       +4     
  Lines       35275    35450     +175     
==========================================
+ Hits        31706    31877     +171     
- Misses       3569     3573       +4     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

---

🚨 Try these New Features:

• Flaky Tests Detection - Detect and resolve failed and flaky tests
• JS Bundle Analysis - Avoid shipping oversized bundles

[github-actions]

You can check the documentation for this PR here -> Prowler Documentation

[github-actions]

You can check the documentation for this PR here -> Prowler Documentation

[github-actions]

You can check the documentation for this PR here -> Prowler Documentation

[github-actions]

You can check the documentation for this PR here -> Prowler Documentation

[MrCloudSec]

@AdriiiPRodri, to simplify the check, please ensure it only verifies whether the state machine has logging enabled, regardless of the log level (similar to how other logging checks in Prowler work). Additionally, include only the necessary attributes and functions required to verify logging, avoiding any extra details that Prowler doesn't currently use. This approach will help minimize potential errors in unused attributes or functions.

Thanks for your work on this! 😊

[AdriiiPRodri]

@AdriiiPRodri, to simplify the check, please ensure it only verifies whether the state machine has logging enabled, regardless of the log level (similar to how other logging checks in Prowler work). Additionally, include only the necessary attributes and functions required to verify logging, avoiding any extra details that Prowler doesn't currently use. This approach will help minimize potential errors in unused attributes or functions.

Thanks for your work on this! 😊

In this case I have added the logic to check the logging level enabled since it seems that SecurityHub does the same, so I replicated the behavior to make it work like SecurityHub: https://docs.aws.amazon.com/securityhub/latest/userguide/stepfunctions-controls.html#stepfunctions-1

If this is not really necessary I will remove that logic, I would need confirmation as this logging check is not like other services.

[AdriiiPRodri]

As agreed, the specific logging level check has been removed. Now it is ready for review @MrCloudSec @puchy22

[MrCloudSec]

Please @AdriiiPRodri, review my comments.

[MrCloudSec]

Could you update the tests to use Moto? It’s important to ensure the responses match AWS API behavior as closely as possible. Let me know if you need help with it!