ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-12 15:55:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(kms): handle empty principal error (#2192)

Browse Source
This commit is contained in:
Sergio Garcia
2023-04-11 16:59:29 +02:00
committed by GitHub
parent e75022763c
commit 9104d2e89e
2 changed files with 52 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
prowler/providers/aws/services/kms/kms_key_not_publicly_accessible/kms_key_not_publicly_accessible.py
View File

@@ -20,14 +20,17 @@ class kms_key_not_publicly_accessible(Check):
if key.policy and "Statement" in key.policy:
for statement in key.policy["Statement"]:
if (
"*" == statement["Principal"]
"Principal" in statement
and "*" == statement["Principal"]
and "Condition" not in statement
):
report.status = "FAIL"
report.status_extended = (
f"KMS key {key.id} may be publicly accessible!"
)
elif "AWS" in statement["Principal"]:
elif (
"Principal" in statement and "AWS" in statement["Principal"]
):
if type(statement["Principal"]["AWS"]) == str:
principals = [statement["Principal"]["AWS"]]
else: