Security groups rules inaccuracy

[rubtoa]

I just noticed that the function that checks specific ports ingress rules will fire when u have an allow 0.0.0.0-> any rule.
This means that ALL the specific port ranges rules will fire on top of the ec2_securitygroup_allow_ingress_from_internet_to_any_port

From my perspective, this causes redundant noise - the way i see it only the ec2_securitygroup_allow_ingress_from_internet_to_any_port should fire (and maybe be flagged as critical and not high)

WDYT

[MrCloudSec]

Hi @rubtoa, this is a great idea!
However, since Prowler executes independently all the checks, the checks do not have context between them so we cannot avoid to fire the rest of security groups checks if ec2_securitygroup_allow_ingress_from_internet_to_any_port fires.

Whenever we create dependencies between the checks we will add this case for sure.

[rubtoa]

You don't really need dependencies to solve it - the def check_security_group method returns True if the protocol is any and ip range is 0.0.0.0/0.
This method is used for all security-group related checks, I think there should be a separate logic when checking for specific port rules.