From 6e83afb58061c754797529c2ae6da6e1328d4024 Mon Sep 17 00:00:00 2001 From: Kay Agahd Date: Mon, 6 Nov 2023 08:24:51 +0000 Subject: [PATCH] fix(s3 race condition): catch error if a bucket does not exist any longer (#3000) --- .../providers/aws/services/s3/s3_service.py | 68 ++++++++++--------- 1 file changed, 36 insertions(+), 32 deletions(-) diff --git a/prowler/providers/aws/services/s3/s3_service.py b/prowler/providers/aws/services/s3/s3_service.py index 4c0e1d91..841f152c 100644 --- a/prowler/providers/aws/services/s3/s3_service.py +++ b/prowler/providers/aws/services/s3/s3_service.py @@ -43,45 +43,49 @@ class S3(AWSService): try: list_buckets = self.client.list_buckets() for bucket in list_buckets["Buckets"]: - bucket_region = self.client.get_bucket_location(Bucket=bucket["Name"])[ - "LocationConstraint" - ] - if bucket_region == "EU": # If EU, bucket_region is eu-west-1 - bucket_region = "eu-west-1" - if not bucket_region: # If None, bucket_region is us-east-1 - bucket_region = "us-east-1" - # Arn - arn = f"arn:{self.audited_partition}:s3:::{bucket['Name']}" - if not self.audit_resources or ( - is_resource_filtered(arn, self.audit_resources) - ): - self.regions_with_buckets.append(bucket_region) - # Check if there are filter regions - if audit_info.audited_regions: - if bucket_region in audit_info.audited_regions: + try: + bucket_region = self.client.get_bucket_location( + Bucket=bucket["Name"] + )["LocationConstraint"] + if bucket_region == "EU": # If EU, bucket_region is eu-west-1 + bucket_region = "eu-west-1" + if not bucket_region: # If None, bucket_region is us-east-1 + bucket_region = "us-east-1" + # Arn + arn = f"arn:{self.audited_partition}:s3:::{bucket['Name']}" + if not self.audit_resources or ( + is_resource_filtered(arn, self.audit_resources) + ): + self.regions_with_buckets.append(bucket_region) + # Check if there are filter regions + if audit_info.audited_regions: + if bucket_region in audit_info.audited_regions: + buckets.append( + Bucket( + name=bucket["Name"], + arn=arn, + region=bucket_region, + ) + ) + else: buckets.append( Bucket( name=bucket["Name"], arn=arn, region=bucket_region ) ) - else: - buckets.append( - Bucket(name=bucket["Name"], arn=arn, region=bucket_region) + except ClientError as error: + if error.response["Error"]["Code"] == "NoSuchBucket": + logger.warning( + f"{bucket['Name']} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" ) - except ClientError as error: - if error.response["Error"]["Code"] == "NoSuchBucket": - logger.warning( - f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" - ) + except Exception as error: + logger.error( + f"{bucket['Name']} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + ) except Exception as error: - if bucket: - logger.error( - f"{bucket['Name']} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" - ) - else: - logger.error( - f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" - ) + logger.error( + f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + ) return buckets def __get_bucket_versioning__(self, bucket):