ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 06:45:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(s3_bucket_policy_public_write_access): look at account and bucket-level public access block settings (#2715)

Browse Source
This commit is contained in:
Chris Farris
2023-08-11 19:46:24 -04:00
committed by GitHub
parent 4454d9115e
commit 9055dbafe3
1 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
prowler/providers/aws/services/s3/s3_bucket_policy_public_write_access/s3_bucket_policy_public_write_access.py
View File

@@ -1,5 +1,6 @@
from prowler.lib.check.models import Check, Check_Report_AWS
from prowler.providers.aws.services.s3.s3_client import s3_client
from prowler.providers.aws.services.s3.s3control_client import s3control_client
class s3_bucket_policy_public_write_access(Check):
@@ -17,6 +18,22 @@ class s3_bucket_policy_public_write_access(Check):
report.status_extended = (
f"S3 Bucket {bucket.name} does not have a bucket policy."
)
elif (
s3control_client.account_public_access_block
and s3control_client.account_public_access_block.restrict_public_buckets
):
report.status = "PASS"
report.status_extended = (
"All S3 public access blocked at account level."
)
elif (
bucket.public_access_block
and bucket.public_access_block.restrict_public_buckets
):
report.status = "PASS"
report.status_extended = (
f"S3 public access blocked at bucket level for {bucket.name}."
)
else:
report.status = "PASS"
report.status_extended = f"S3 Bucket {bucket.name} does not allow public write access in the bucket policy."