ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 06:45:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(RDS): Service and missing checks (#1513)

Browse Source
This commit is contained in:
Sergio Garcia
2022-11-23 14:34:51 +01:00
committed by GitHub
parent 9204142eaf
commit 989638a42d
75 changed files with 2293 additions and 494 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
providers/aws/services/iam/iam_no_custom_policy_permissive_role_assumption/iam_no_custom_policy_permissive_role_assumption.py
View File

@@ -16,10 +16,11 @@ class iam_no_custom_policy_permissive_role_assumption(Check):
if (
statement["Effect"] == "Allow"
and (
statement["Action"] == "sts:AssumeRole"
or statement["Action"] == "sts:*"
"sts:AssumeRole" in statement["Action"]
or "sts:*" in statement["Action"]
or "*" in statement["Action"]
)
and statement["Resource"] == "*"
and "*" in statement["Resource"]
):
report.status = "FAIL"
report.status_extended = f"Custom Policy {iam_client.policies[index]['PolicyName']} allows permissive STS Role assumption"

6
providers/aws/services/iam/iam_policy_no_administrative_privileges/iam_policy_no_administrative_privileges.py
View File

@@ -15,9 +15,9 @@ class iam_policy_no_administrative_privileges(Check):
# Check the statements, if one includes *:* stop iterating over the rest
for statement in policy_document["Statement"]:
if (
statement["Action"] == "*"
and statement["Effect"] == "Allow"
and statement["Resource"] == "*"
statement["Effect"] == "Allow"
and "*" in statement["Action"]
and "*" in statement["Resource"]
):
report.status = "FAIL"
report.status_extended = f"Policy {iam_client.policies[index]['PolicyName']} allows '*:*' administrative privileges"