Skip to content

feat(attack-surfaces): add new endpoints to retrieve overview data #9309

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
vicferpoy merged 15 commits into from
Dec 2, 2025
Merged

feat(attack-surfaces): add new endpoints to retrieve overview data #9309

Show file tree
Hide file tree
Changes from 13 commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
78e23cb
feat(attack-surfaces): add model for overviews
vicferpoy Nov 20, 2025
e909e68
feat(attack-surfaces): add serializer and DRY base classes
vicferpoy Nov 20, 2025
4a028ec
feat(attack-surfaces): add task
vicferpoy Nov 20, 2025
bb3f4be
feat(attack-surfaces): add endpoint to retrieve overview
vicferpoy Nov 20, 2025
511a53c
Merge branch 'master' into PROWLER-382-attack-surface-component-api
vicferpoy Nov 25, 2025
820c79b
fix(tests): tasks unit tests
vicferpoy Nov 25, 2025
d9f83fd
refactor(attack-surfaces): improve view and task logic
vicferpoy Nov 25, 2025
9aec346
test(attack-surfaces): add new unit tests
vicferpoy Nov 25, 2025
e0fdbfa
style: apply ruff
vicferpoy Nov 25, 2025
b731d95
chore: update changelog and API version
vicferpoy Nov 25, 2025
443e5c1
fix(attack-surfaces): view logic
vicferpoy Nov 26, 2025
1362c25
refactor(attack-surfaces): DRY overviews
vicferpoy Nov 26, 2025
a9a66ac
Merge branch 'master' into PROWLER-382-attack-surface-component-api
vicferpoy Nov 26, 2025
eebc056
Merge branch 'master' into PROWLER-382-attack-surface-component-api
vicferpoy Dec 2, 2025
5f3dd44
feat(attack-surfaces): add check ID list to response
vicferpoy Dec 2, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions api/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,13 @@

All notable changes to the **Prowler API** are documented in this file.

## [1.16.0] (Prowler v5.15.0)

### Added
- New endpoint to retrieve an overview of the attack surfaces [(#9309)](https://github.com/prowler-cloud/prowler/pull/9309)

---

## [1.15.1] (Prowler v5.14.1)

### Fixed
Expand Down
2 changes: 1 addition & 1 deletion api/pyproject.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ name = "prowler-api"
package-mode = false
# Needed for the SDK compatibility
requires-python = ">=3.11,<3.13"
version = "1.15.0"
version = "1.16.0"

[project.scripts]
celery = "src.backend.config.settings.celery"
Expand Down
20 changes: 20 additions & 0 deletions api/src/backend/api/filters.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
StatusEnumField,
)
from api.models import (
AttackSurfaceOverview,
ComplianceRequirementOverview,
Finding,
Integration,
Expand Down Expand Up @@ -1021,3 +1022,22 @@ class Meta:
"inserted_at": ["date", "gte", "lte"],
"overall_score": ["exact", "gte", "lte"],
}


class AttackSurfaceOverviewFilter(FilterSet):
"""Filter for attack surface overview aggregations by provider."""

provider_id = UUIDFilter(field_name="scan__provider__id", lookup_expr="exact")
provider_id__in = UUIDInFilter(field_name="scan__provider__id", lookup_expr="in")
provider_type = ChoiceFilter(
field_name="scan__provider__provider", choices=Provider.ProviderChoices.choices
)
provider_type__in = ChoiceInFilter(
field_name="scan__provider__provider",
choices=Provider.ProviderChoices.choices,
lookup_expr="in",
)

class Meta:
model = AttackSurfaceOverview
fields = {}
89 changes: 89 additions & 0 deletions api/src/backend/api/migrations/0060_attack_surface_overview.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,89 @@
# Generated by Django 5.1.14 on 2025-11-19 13:03

import uuid

import django.db.models.deletion
from django.db import migrations, models

import api.rls


class Migration(migrations.Migration):
dependencies = [
("api", "0059_compliance_overview_summary"),
]

operations = [
migrations.CreateModel(
name="AttackSurfaceOverview",
fields=[
(
"id",
models.UUIDField(
default=uuid.uuid4,
editable=False,
primary_key=True,
serialize=False,
),
),
("inserted_at", models.DateTimeField(auto_now_add=True)),
(
"attack_surface_type",
models.CharField(
choices=[
("internet-exposed", "Internet Exposed"),
("secrets", "Exposed Secrets"),
("privilege-escalation", "Privilege Escalation"),
("ec2-imdsv1", "EC2 IMDSv1 Enabled"),
],
max_length=50,
),
),
("total_findings", models.IntegerField(default=0)),
("failed_findings", models.IntegerField(default=0)),
("muted_failed_findings", models.IntegerField(default=0)),
],
options={
"db_table": "attack_surface_overviews",
"abstract": False,
},
),
migrations.AddField(
model_name="attacksurfaceoverview",
name="scan",
field=models.ForeignKey(
on_delete=django.db.models.deletion.CASCADE,
related_name="attack_surface_overviews",
related_query_name="attack_surface_overview",
to="api.scan",
),
),
migrations.AddField(
model_name="attacksurfaceoverview",
name="tenant",
field=models.ForeignKey(
on_delete=django.db.models.deletion.CASCADE, to="api.tenant"
),
),
migrations.AddIndex(
model_name="attacksurfaceoverview",
index=models.Index(
fields=["tenant_id", "scan_id"], name="attack_surf_tenant_scan_idx"
),
),
migrations.AddConstraint(
model_name="attacksurfaceoverview",
constraint=models.UniqueConstraint(
fields=("tenant_id", "scan_id", "attack_surface_type"),
name="unique_attack_surface_per_scan",
),
),
migrations.AddConstraint(
model_name="attacksurfaceoverview",
constraint=api.rls.RowLevelSecurityConstraint(
"tenant_id",
name="rls_on_attacksurfaceoverview",
statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
),
),
]
60 changes: 60 additions & 0 deletions api/src/backend/api/models.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2405,3 +2405,63 @@ class Meta(RowLevelSecurityProtectedModel.Meta):

class JSONAPIMeta:
resource_name = "threatscore-snapshots"


class AttackSurfaceOverview(RowLevelSecurityProtectedModel):
"""
Pre-aggregated attack surface metrics per scan.

Stores counts for each attack surface type (internet-exposed, secrets,
privilege-escalation, ec2-imdsv1) to enable fast overview queries.
"""

class AttackSurfaceTypeChoices(models.TextChoices):
INTERNET_EXPOSED = "internet-exposed", _("Internet Exposed")
SECRETS = "secrets", _("Exposed Secrets")
PRIVILEGE_ESCALATION = "privilege-escalation", _("Privilege Escalation")
EC2_IMDSV1 = "ec2-imdsv1", _("EC2 IMDSv1 Enabled")

id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
inserted_at = models.DateTimeField(auto_now_add=True, editable=False)

scan = models.ForeignKey(
Scan,
on_delete=models.CASCADE,
related_name="attack_surface_overviews",
related_query_name="attack_surface_overview",
)

attack_surface_type = models.CharField(
max_length=50,
choices=AttackSurfaceTypeChoices.choices,
)

# Finding counts
total_findings = models.IntegerField(default=0) # All findings (PASS + FAIL)
failed_findings = models.IntegerField(default=0) # Non-muted failed findings
muted_failed_findings = models.IntegerField(default=0) # Muted failed findings

class Meta(RowLevelSecurityProtectedModel.Meta):
db_table = "attack_surface_overviews"

constraints = [
models.UniqueConstraint(
fields=("tenant_id", "scan_id", "attack_surface_type"),
name="unique_attack_surface_per_scan",
),
RowLevelSecurityConstraint(
field="tenant_id",
name="rls_on_%(class)s",
statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
),
]

indexes = [
models.Index(
fields=["tenant_id", "scan_id"],
name="attack_surf_tenant_scan_idx",
),
]

class JSONAPIMeta:
resource_name = "attack-surface-overviews"
4 changes: 2 additions & 2 deletions api/src/backend/api/rbac/permissions.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,11 +65,11 @@ def get_providers(role: Role) -> QuerySet[Provider]:
A QuerySet of Provider objects filtered by the role's provider groups.
If the role has no provider groups, returns an empty queryset.
"""
tenant = role.tenant
tenant_id = role.tenant_id
provider_groups = role.provider_groups.all()
if not provider_groups.exists():
return Provider.objects.none()

return Provider.objects.filter(
tenant=tenant, provider_groups__in=provider_groups
tenant_id=tenant_id, provider_groups__in=provider_groups
).distinct()
Loading
Loading