diff --git a/prowler/providers/aws/services/acm/acm_service.py b/prowler/providers/aws/services/acm/acm_service.py index 56ac98b1..c038a4c1 100644 --- a/prowler/providers/aws/services/acm/acm_service.py +++ b/prowler/providers/aws/services/acm/acm_service.py @@ -59,9 +59,12 @@ class ACM: CertificateArn=certificate.arn )["Certificate"] certificate.type = response["Type"] - certificate.expiration_days = ( - response["NotAfter"] - timestamp_utc - ).days + if "NotAfter" in response: + certificate.expiration_days = ( + response["NotAfter"] - timestamp_utc + ).days + else: + certificate.expiration_days = 0 if ( response["Options"]["CertificateTransparencyLoggingPreference"] == "ENABLED" diff --git a/prowler/providers/aws/services/codebuild/codebuild_service.py b/prowler/providers/aws/services/codebuild/codebuild_service.py index 10c95fff..90e75766 100644 --- a/prowler/providers/aws/services/codebuild/codebuild_service.py +++ b/prowler/providers/aws/services/codebuild/codebuild_service.py @@ -1,6 +1,7 @@ import datetime import threading from dataclasses import dataclass +from typing import Optional from prowler.lib.logger import logger from prowler.providers.aws.aws_provider import generate_regional_clients @@ -63,12 +64,16 @@ class Codebuild: "endTime" ] - project.buildspec = client.batch_get_projects( - names=[project.name] - )["projects"][0]["source"]["buildspec"] + projects = client.batch_get_projects(names=[project.name])[ + "projects" + ][0]["source"] + if "buildspec" in projects: + project.buildspec = projects["buildspec"] except Exception as error: - logger.error(f"{client.region} -- {error.__class__.__name__}: {error}") + logger.error( + f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + ) @dataclass @@ -76,7 +81,7 @@ class CodebuildProject: name: str region: str last_invoked_time: datetime - buildspec: str + buildspec: Optional[str] def __init__(self, name, region, last_invoked_time, buildspec): self.name = name diff --git a/prowler/providers/aws/services/efs/efs_service.py b/prowler/providers/aws/services/efs/efs_service.py index ae1d8562..8d3c940a 100644 --- a/prowler/providers/aws/services/efs/efs_service.py +++ b/prowler/providers/aws/services/efs/efs_service.py @@ -62,7 +62,7 @@ class EFS: FileSystemId=filesystem.id )["BackupPolicy"]["Status"] except ClientError as e: - if e.response["ErrorCode"] == "PolicyNotFound": + if e.response["Error"]["Code"] == "PolicyNotFound": filesystem.backup_policy = "DISABLED" try: fs_policy = client.describe_file_system_policy( @@ -71,7 +71,7 @@ class EFS: if "Policy" in fs_policy: filesystem.policy = fs_policy["Policy"] except ClientError as e: - if e.response["ErrorCode"] == "PolicyNotFound": + if e.response["Error"]["Code"] == "PolicyNotFound": filesystem.policy = {} except Exception as error: logger.error( diff --git a/prowler/providers/aws/services/iam/iam_no_custom_policy_permissive_role_assumption/iam_no_custom_policy_permissive_role_assumption.py b/prowler/providers/aws/services/iam/iam_no_custom_policy_permissive_role_assumption/iam_no_custom_policy_permissive_role_assumption.py index 03925e53..a473ed40 100644 --- a/prowler/providers/aws/services/iam/iam_no_custom_policy_permissive_role_assumption/iam_no_custom_policy_permissive_role_assumption.py +++ b/prowler/providers/aws/services/iam/iam_no_custom_policy_permissive_role_assumption/iam_no_custom_policy_permissive_role_assumption.py @@ -15,6 +15,7 @@ class iam_no_custom_policy_permissive_role_assumption(Check): for statement in policy_document["Statement"]: if ( statement["Effect"] == "Allow" + and "Action" in statement and ( "sts:AssumeRole" in statement["Action"] or "sts:*" in statement["Action"] diff --git a/prowler/providers/aws/services/iam/iam_policy_allows_privilege_escalation/iam_policy_allows_privilege_escalation.py b/prowler/providers/aws/services/iam/iam_policy_allows_privilege_escalation/iam_policy_allows_privilege_escalation.py index c4a43792..bcd40bf0 100644 --- a/prowler/providers/aws/services/iam/iam_policy_allows_privilege_escalation/iam_policy_allows_privilege_escalation.py +++ b/prowler/providers/aws/services/iam/iam_policy_allows_privilege_escalation/iam_policy_allows_privilege_escalation.py @@ -75,10 +75,11 @@ class iam_policy_allows_privilege_escalation(Check): for statements in policy["PolicyDocument"]["Statement"]: # Recover allowed actions if statements["Effect"] == "Allow": - if type(statements["Action"]) is str: - allowed_actions = {statements["Action"]} - if type(statements["Action"]) is list: - allowed_actions = set(statements["Action"]) + if "Action" in statements: + if type(statements["Action"]) is str: + allowed_actions = {statements["Action"]} + if type(statements["Action"]) is list: + allowed_actions = set(statements["Action"]) # Recover denied actions if statements["Effect"] == "Deny": diff --git a/prowler/providers/aws/services/iam/iam_policy_no_administrative_privileges/iam_policy_no_administrative_privileges.py b/prowler/providers/aws/services/iam/iam_policy_no_administrative_privileges/iam_policy_no_administrative_privileges.py index f3232a45..44fb98c2 100644 --- a/prowler/providers/aws/services/iam/iam_policy_no_administrative_privileges/iam_policy_no_administrative_privileges.py +++ b/prowler/providers/aws/services/iam/iam_policy_no_administrative_privileges/iam_policy_no_administrative_privileges.py @@ -16,6 +16,7 @@ class iam_policy_no_administrative_privileges(Check): for statement in policy_document["Statement"]: if ( statement["Effect"] == "Allow" + and "Action" in statement and "*" in statement["Action"] and "*" in statement["Resource"] ):