fix(s3_bucket_policy_public_write_access): Handle S3 Policy without Principal (#2871)

2026-02-10 14:55:00 +00:00 · 2023-09-27 09:35:26 +02:00
parent 1697e6ad62
commit 7ecb4d7b00
1 changed files with 4 additions and 1 deletions
--- a/prowler/providers/aws/services/s3/s3_bucket_policy_public_write_access/s3_bucket_policy_public_write_access.py
+++ b/prowler/providers/aws/services/s3/s3_bucket_policy_public_write_access/s3_bucket_policy_public_write_access.py
@@ -41,7 +41,10 @@ class s3_bucket_policy_public_write_access(Check):
                    if (
                        statement["Effect"] == "Allow"
                        and "Condition" not in statement
+                        and (
+                            "Principal" in statement
                            and "*" in str(statement["Principal"])
+                        )
                        and (
                            "s3:PutObject" in statement["Action"]
                            or "*" in statement["Action"]