fix(api): upgrade Cartography to 0.132.0 to fix exposed_internet on ELB/ELBv2 nodes (#10309)

Co-authored-by: Josema Camacho <josema@prowler.com>

Author: prowler-bot

api/CHANGELOG.md

@@ -15,6 +15,7 @@ All notable changes to the **Prowler API** are documented in this file.
 ### 🐞 Fixed
 
 - Attack Paths: Add missing logging for query execution and exception details in scan error handling [(#10269)](https://github.com/prowler-cloud/prowler/pull/10269)
+- Attack Paths: Upgrade Cartography from 0.129.0 to 0.132.0, fixing `exposed_internet` not set on ELB/ELBv2 nodes [(#10272)](https://github.com/prowler-cloud/prowler/pull/10272)
 
 ---
 

api/Dockerfile

@@ -24,13 +24,6 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     python3-dev \
     && rm -rf /var/lib/apt/lists/*
 
-# Cartography depends on `dockerfile` which has no pre-built arm64 wheel and requires Go to compile
-# hadolint ignore=DL3008
-RUN if [ "$(uname -m)" = "aarch64" ]; then \
-        apt-get update && apt-get install -y --no-install-recommends golang-go \
-        && rm -rf /var/lib/apt/lists/* ; \
-    fi
-
 # Install PowerShell
 RUN ARCH=$(uname -m) && \
     if [ "$ARCH" = "x86_64" ]; then \

api/poetry.lock

@@ -37,7 +37,7 @@ dependencies = [
   "matplotlib (>=3.10.6,<4.0.0)",
   "reportlab (>=4.4.4,<5.0.0)",
   "neo4j (>=6.0.0,<7.0.0)",
-  "cartography (==0.129.0)",
+  "cartography (==0.132.0)",
   "gevent (>=25.9.1,<26.0.0)",
   "werkzeug (>=3.1.4)",
   "sqlparse (>=0.5.4)",

api/pyproject.toml

@@ -43,6 +43,7 @@ def start_aws_ingestion(
         "aws_guardduty_severity_threshold": cartography_config.aws_guardduty_severity_threshold,
         "aws_cloudtrail_management_events_lookback_hours": cartography_config.aws_cloudtrail_management_events_lookback_hours,
         "experimental_aws_inspector_batch": cartography_config.experimental_aws_inspector_batch,
+        "aws_tagging_api_cleanup_batch": cartography_config.aws_tagging_api_cleanup_batch,
     }
 
     boto3_session = get_boto3_session(prowler_api_provider, prowler_sdk_provider)
@@ -116,6 +117,30 @@ def start_aws_ingestion(
         neo4j_session,
         common_job_parameters,
     )
+
+    if all(
+        s in requested_syncs
+        for s in ["ecs", "ec2:load_balancer_v2", "ec2:load_balancer_v2:expose"]
+    ):
+        logger.info(
+            f"Syncing lb_container_exposure scoped analysis for AWS account {prowler_api_provider.uid}"
+        )
+        cartography_aws.run_scoped_analysis_job(
+            "aws_lb_container_exposure.json",
+            neo4j_session,
+            common_job_parameters,
+        )
+
+    if all(s in requested_syncs for s in ["ec2:network_acls", "ec2:load_balancer_v2"]):
+        logger.info(
+            f"Syncing lb_nacl_direct scoped analysis for AWS account {prowler_api_provider.uid}"
+        )
+        cartography_aws.run_scoped_analysis_job(
+            "aws_lb_nacl_direct.json",
+            neo4j_session,
+            common_job_parameters,
+        )
+
     db_utils.update_attack_paths_scan_progress(attack_paths_scan, 91)
 
     logger.info(f"Syncing metadata for AWS account {prowler_api_provider.uid}")