ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(s3 race condition): catch error if a bucket does not exist any longer (#3000)

Browse Source
This commit is contained in:
Kay Agahd
2023-11-06 08:24:51 +00:00
committed by GitHub
parent 1a5742d4f5
commit 6e83afb580
1 changed files with 36 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
prowler/providers/aws/services/s3/s3_service.py
View File

@@ -43,45 +43,49 @@ class S3(AWSService):
try: try:
list_buckets = self.client.list_buckets() list_buckets = self.client.list_buckets()
for bucket in list_buckets["Buckets"]: for bucket in list_buckets["Buckets"]:
bucket_region = self.client.get_bucket_location(Bucket=bucket["Name"])[ try:
"LocationConstraint" bucket_region = self.client.get_bucket_location(
] Bucket=bucket["Name"]
if bucket_region == "EU": # If EU, bucket_region is eu-west-1 )["LocationConstraint"]
bucket_region = "eu-west-1" if bucket_region == "EU": # If EU, bucket_region is eu-west-1
if not bucket_region: # If None, bucket_region is us-east-1 bucket_region = "eu-west-1"
bucket_region = "us-east-1" if not bucket_region: # If None, bucket_region is us-east-1
# Arn bucket_region = "us-east-1"
arn = f"arn:{self.audited_partition}:s3:::{bucket['Name']}" # Arn
if not self.audit_resources or ( arn = f"arn:{self.audited_partition}:s3:::{bucket['Name']}"
is_resource_filtered(arn, self.audit_resources) if not self.audit_resources or (
): is_resource_filtered(arn, self.audit_resources)
self.regions_with_buckets.append(bucket_region) ):
# Check if there are filter regions self.regions_with_buckets.append(bucket_region)
if audit_info.audited_regions: # Check if there are filter regions
if bucket_region in audit_info.audited_regions: if audit_info.audited_regions:
if bucket_region in audit_info.audited_regions:
buckets.append(
Bucket(
name=bucket["Name"],
arn=arn,
region=bucket_region,
)
)
else:
buckets.append( buckets.append(
Bucket( Bucket(
name=bucket["Name"], arn=arn, region=bucket_region name=bucket["Name"], arn=arn, region=bucket_region
) )
) )
else: except ClientError as error:
buckets.append( if error.response["Error"]["Code"] == "NoSuchBucket":
Bucket(name=bucket["Name"], arn=arn, region=bucket_region) logger.warning(
f"{bucket['Name']} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
) )
except ClientError as error: except Exception as error:
if error.response["Error"]["Code"] == "NoSuchBucket": logger.error(
logger.warning( f"{bucket['Name']} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" )
)
except Exception as error: except Exception as error:
if bucket: logger.error(
logger.error( f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
f"{bucket['Name']} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" )
)
else:
logger.error(
f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
return buckets return buckets
def __get_bucket_versioning__(self, bucket): def __get_bucket_versioning__(self, bucket):