ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add conditions check for extra771

Browse Source 
(cherry picked from commit 805b276578d5afda60b38cffa28fe09b16380799)
This commit is contained in:
Nimrod Kor
2020-02-18 10:01:23 +02:00
parent 9bd54ca30e
commit 5f3293af1e
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
checks/check_extra771
View File

@@ -24,7 +24,7 @@ extra771(){
if [[ $BUCKET_POLICY_STATEMENTS == *GetBucketPolicy* ]]; then if [[ $BUCKET_POLICY_STATEMENTS == *GetBucketPolicy* ]]; then
textInfo "Bucket policy does not exist for bucket $bucket" textInfo "Bucket policy does not exist for bucket $bucket"
else else
BUCKET_POLICY_BAD_STATEMENTS=$(echo $BUCKET_POLICY_STATEMENTS | jq --arg arn "arn:aws:s3:::$bucket" 'fromjson | .Statement[]|select(.Effect=="Allow" and (((.Principal|type == "object") and .Principal.AWS == "*") or ((.Principal|type == "string") and .Principal == "*")) and (.Action|startswith("s3:Put") or startswith("s3:*")))') BUCKET_POLICY_BAD_STATEMENTS=$(echo $BUCKET_POLICY_STATEMENTS | jq --arg arn "arn:aws:s3:::$bucket" 'fromjson | .Statement[]|select(.Effect=="Allow" and (((.Principal|type == "object") and .Principal.AWS == "*") or ((.Principal|type == "string") and .Principal == "*")) and (.Action|startswith("s3:Put") or startswith("s3:*")) and .Condition == null)')
if [[ $BUCKET_POLICY_BAD_STATEMENTS != "" ]]; then if [[ $BUCKET_POLICY_BAD_STATEMENTS != "" ]]; then
textFail "Bucket $bucket allows public write: $BUCKET_POLICY_BAD_STATEMENTS" textFail "Bucket $bucket allows public write: $BUCKET_POLICY_BAD_STATEMENTS"
else else