ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(extra764): NoSuchBucket error properly handled. (#1094)

Browse Source
This commit is contained in:
Sergio Garcia
2022-03-31 15:35:17 +02:00
committed by GitHub
parent 5de2bf7a83
commit 734331d5bc
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
checks/check_extra764
View File

@@ -32,7 +32,10 @@ extra764(){
TEMP_STP_POLICY_FILE=$(mktemp -t prowler-${ACCOUNT_NUM}-${bucket}.policy.XXXXXXXXXX) TEMP_STP_POLICY_FILE=$(mktemp -t prowler-${ACCOUNT_NUM}-${bucket}.policy.XXXXXXXXXX)
BUCKET_LOCATION=$(${AWSCLI} s3api get-bucket-location ${PROFILE_OPT} --region ${REGION} --bucket ${bucket} --output text 2>&1) BUCKET_LOCATION=$(${AWSCLI} s3api get-bucket-location ${PROFILE_OPT} --region ${REGION} --bucket ${bucket} --output text 2>&1)
if grep -q -E 'AccessDenied|UnauthorizedOperation|AuthorizationError' <<< "${BUCKET_LOCATION}"; then if grep -q -E 'AccessDenied|UnauthorizedOperation|AuthorizationError' <<< "${BUCKET_LOCATION}"; then
textInfo "Access Denied Trying to Get Bucket Location for ${bucket}" textInfo "Access Denied Trying to Get Bucket Location for ${bucket}" "${REGION}" "${bucket}"
continue
elif grep -E 'NoSuchBucket' <<< "${BUCKET_LOCATION}"; then
textInfo "NoSuchBucket error Bucket ${bucket} does not exist" "${REGION}" "${bucket}"
continue continue
fi fi
if [[ "${BUCKET_LOCATION}" == "None" ]]; then if [[ "${BUCKET_LOCATION}" == "None" ]]; then
@@ -44,7 +47,7 @@ extra764(){
# get bucket policy # get bucket policy
TEMP_STP_POLICY_FILE=$(${AWSCLI} s3api get-bucket-policy ${PROFILE_OPT} --bucket ${bucket} --output text --query Policy --region ${BUCKET_LOCATION} 2>&1) TEMP_STP_POLICY_FILE=$(${AWSCLI} s3api get-bucket-policy ${PROFILE_OPT} --bucket ${bucket} --output text --query Policy --region ${BUCKET_LOCATION} 2>&1)
if grep -q -E 'AccessDenied|UnauthorizedOperation|AuthorizationError' <<< "${TEMP_STP_POLICY_FILE}"; then if grep -q -E 'AccessDenied|UnauthorizedOperation|AuthorizationError' <<< "${TEMP_STP_POLICY_FILE}"; then
textInfo "Access Denied Trying to Get Bucket Policy for ${bucket}" textInfo "Access Denied Trying to Get Bucket Policy for ${bucket}" "${REGION}" "${bucket}"
rm -f "${TEMP_STP_POLICY_FILE}" rm -f "${TEMP_STP_POLICY_FILE}"
continue continue
fi fi
@@ -65,7 +68,7 @@ extra764(){
textFail "Bucket ${bucket} allows requests over insecure transport" "${BUCKET_LOCATION}" "${bucket}" textFail "Bucket ${bucket} allows requests over insecure transport" "${BUCKET_LOCATION}" "${bucket}"
fi fi
else else
textInfo "Unknown Error occurred: ${TEMP_STP_POLICY_FILE}" textInfo "Bucket ${bucket} returned an unknown error" "${REGION}" "${bucket}"
fi fi
rm -fr "${TEMP_STP_POLICY_FILE}" rm -fr "${TEMP_STP_POLICY_FILE}"
done done