fix: Solve IAM policy Errors (#1692)

Co-authored-by: sergargar <sergio@verica.io>

prowler/providers/aws/services/codebuild/codebuild_service.py

@@ -58,11 +58,12 @@ class Codebuild:
                     if project.region == region:
                         ids = client.list_builds_for_project(projectName=project.name)
                         if "ids" in ids:
-                            builds = client.batch_get_builds(ids=[ids["ids"][0]])
-                            if "builds" in builds:
-                                project.last_invoked_time = builds["builds"][0][
-                                    "endTime"
-                                ]
+                            if len(ids["ids"]) > 0:
+                                builds = client.batch_get_builds(ids=[ids["ids"][0]])
+                                if "builds" in builds:
+                                    project.last_invoked_time = builds["builds"][0][
+                                        "endTime"
+                                    ]
 
                         projects = client.batch_get_projects(names=[project.name])[
                             "projects"

prowler/providers/aws/services/iam/iam_no_custom_policy_permissive_role_assumption/iam_no_custom_policy_permissive_role_assumption.py

@@ -12,7 +12,11 @@ class iam_no_custom_policy_permissive_role_assumption(Check):
             report.resource_id = iam_client.policies[index]["PolicyName"]
             report.status = "PASS"
             report.status_extended = f"Custom Policy {iam_client.policies[index]['PolicyName']} does not allow permissive STS Role assumption"
-            for statement in policy_document["Statement"]:
+            if type(policy_document["Statement"]) != list:
+                policy_statements = [policy_document["Statement"]]
+            else:
+                policy_statements = policy_document["Statement"]
+            for statement in policy_statements:
                 if (
                     statement["Effect"] == "Allow"
                     and "Action" in statement

prowler/providers/aws/services/iam/iam_policy_allows_privilege_escalation/iam_policy_allows_privilege_escalation.py

@@ -72,7 +72,11 @@ class iam_policy_allows_privilege_escalation(Check):
             denied_not_actions = set()
 
             # Recover all policy actions
-            for statements in policy["PolicyDocument"]["Statement"]:
+            if type(policy["PolicyDocument"]["Statement"]) != list:
+                policy_statements = [policy["PolicyDocument"]["Statement"]]
+            else:
+                policy_statements = policy["PolicyDocument"]["Statement"]
+            for statements in policy_statements:
                 # Recover allowed actions
                 if statements["Effect"] == "Allow":
                     if "Action" in statements:

prowler/providers/aws/services/iam/iam_policy_no_administrative_privileges/iam_policy_no_administrative_privileges.py

@@ -13,7 +13,11 @@ class iam_policy_no_administrative_privileges(Check):
             report.status = "PASS"
             report.status_extended = f"Policy {iam_client.policies[index]['PolicyName']} does not allow '*:*' administrative privileges"
             # Check the statements, if one includes *:* stop iterating over the rest
-            for statement in policy_document["Statement"]:
+            if type(policy_document["Statement"]) != list:
+                policy_statements = [policy_document["Statement"]]
+            else:
+                policy_statements = policy_document["Statement"]
+            for statement in policy_statements:
                 if (
                     statement["Effect"] == "Allow"
                     and "Action" in statement