fix(key_errors): handle Key Errors in Lambda and EMR (#1871)

Co-authored-by: sergargar <sergargar@users.noreply.github.com>
2026-02-10 06:45:08 +00:00 · 2023-02-09 10:32:00 +01:00
parent 86e27b465a
commit 004b9c95e4
3 changed files with 36 additions and 32 deletions
--- a/prowler/providers/aws/services/awslambda/awslambda_function_no_secrets_in_code/awslambda_function_no_secrets_in_code.py
+++ b/prowler/providers/aws/services/awslambda/awslambda_function_no_secrets_in_code/awslambda_function_no_secrets_in_code.py
@@ -12,31 +12,30 @@ class awslambda_function_no_secrets_in_code(Check):
    def execute(self):
        findings = []
        for function in awslambda_client.functions.values():
-            report = Check_Report_AWS(self.metadata())
-            report.region = function.region
-            report.resource_id = function.name
-            report.resource_arn = function.arn
+            if function.code:
+                report = Check_Report_AWS(self.metadata())
+                report.region = function.region
+                report.resource_id = function.name
+                report.resource_arn = function.arn

-            report.status = "PASS"
-            report.status_extended = (
-                f"No secrets found in Lambda function {function.name} code"
-            )
+                report.status = "PASS"
+                report.status_extended = (
+                    f"No secrets found in Lambda function {function.name} code"
+                )
+                with tempfile.TemporaryDirectory() as tmp_dir_name:
+                    function.code.code_zip.extractall(tmp_dir_name)
+                    # List all files
+                    files_in_zip = next(os.walk(tmp_dir_name))[2]
+                    for file in files_in_zip:
+                        secrets = SecretsCollection()
+                        with default_settings():
+                            secrets.scan_file(f"{tmp_dir_name}/{file}")

-            with tempfile.TemporaryDirectory() as tmp_dir_name:
-                function.code.code_zip.extractall(tmp_dir_name)
-                # List all files
-                files_in_zip = next(os.walk(tmp_dir_name))[2]
-                for file in files_in_zip:
+                        if secrets.json():
+                            report.status = "FAIL"
+                            report.status_extended = f"Potential secret found in Lambda function {function.name} code"
+                            break

-                    secrets = SecretsCollection()
-                    with default_settings():
-                        secrets.scan_file(f"{tmp_dir_name}/{file}")
-
-                    if secrets.json():
-                        report.status = "FAIL"
-                        report.status_extended = f"Potential secret found in Lambda function {function.name} code"
-                        break
-
-            findings.append(report)
+                findings.append(report)

        return findings
--- a/prowler/providers/aws/services/awslambda/awslambda_service.py
+++ b/prowler/providers/aws/services/awslambda/awslambda_service.py
@@ -87,12 +87,13 @@ class Lambda:
                    function_information = regional_client.get_function(
                        FunctionName=function.name
                    )
-                    code_location_uri = function_information["Code"]["Location"]
-                    raw_code_zip = requests.get(code_location_uri).content
-                    self.functions[function.name].code = LambdaCode(
-                        location=code_location_uri,
-                        code_zip=zipfile.ZipFile(io.BytesIO(raw_code_zip)),
-                    )
+                    if "Location" in function_information["Code"]:
+                        code_location_uri = function_information["Code"]["Location"]
+                        raw_code_zip = requests.get(code_location_uri).content
+                        self.functions[function.name].code = LambdaCode(
+                            location=code_location_uri,
+                            code_zip=zipfile.ZipFile(io.BytesIO(raw_code_zip)),
+                        )

        except Exception as error:
            logger.error(
--- a/prowler/providers/aws/services/emr/emr_service.py
+++ b/prowler/providers/aws/services/emr/emr_service.py
@@ -97,9 +97,13 @@ class EMR:
                    slave_node_security_group = cluster_info["Cluster"][
                        "Ec2InstanceAttributes"
                    ]["EmrManagedSlaveSecurityGroup"]
-                    slave_node_additional_security_groups = cluster_info["Cluster"][
-                        "Ec2InstanceAttributes"
-                    ]["AdditionalSlaveSecurityGroups"]
+                    if (
+                        "AdditionalSlaveSecurityGroups"
+                        in cluster_info["Cluster"]["Ec2InstanceAttributes"]
+                    ):
+                        slave_node_additional_security_groups = cluster_info["Cluster"][
+                            "Ec2InstanceAttributes"
+                        ]["AdditionalSlaveSecurityGroups"]
                    self.clusters[cluster.id].slave = Node(
                        security_group_id=slave_node_security_group,
                        additional_security_groups_id=slave_node_additional_security_groups,