Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(queries): add new aws iam privilege escalation queries #5423

Merged
merged 14 commits into from Aug 22, 2022
Merged

feat(queries): add new aws iam privilege escalation queries #5423

merged 14 commits into from Aug 22, 2022

Conversation

gafnit-lightspin
Copy link
Contributor

Closes #

Proposed Changes

  • Added several new KICS queries for AWS IAM privilege escalation

I submit this contribution under the Apache-2.0 license.

@kicsbot
Copy link
Contributor

kicsbot commented May 31, 2022

Scan submitted to Checkmarx

@kicsbot
Copy link
Contributor

kicsbot commented May 31, 2022

Logo
Checkmarx SAST - Scan Summary & Details

Cx-SAST Summary

Total of 5 vulnerabilities
High 0 High
Medium 0 Medium
Low 5 Low
Info 0 Info

Violation Summary

No policy violation found

@kaplanlior kaplanlior added the community Community contribution label May 31, 2022
rafaela-soares
rafaela-soares suggested changes Jun 2, 2022
View reviewed changes
Copy link
Contributor

@rafaela-soares rafaela-soares left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi, @gafnit-lightspin!

Thank you so much for such an amazing contribution 🚀

I have a few suggestions. Let me know if you need any help 😊

assets/queries/terraform/aws/iam_privilege_escalation/group/glue-UpdateDevEndpoint/query.rego Outdated Show resolved Hide resolved
...ts/queries/terraform/aws/iam_privilege_escalation/group/glue-UpdateDevEndpoint/metadata.json Outdated Show resolved Hide resolved
...ts/queries/terraform/aws/iam_privilege_escalation/group/glue-UpdateDevEndpoint/metadata.json Outdated Show resolved Hide resolved
...ts/queries/terraform/aws/iam_privilege_escalation/group/glue-UpdateDevEndpoint/metadata.json Outdated Show resolved Hide resolved
@rjegoncalves
Copy link

Hi @gafnit-lightspin,

Thank you for the great contributions!

We did a review of the list of proposed queries and since the comments are the same for all the queries, we summarize them here:

  • Category and Severity are adequate. The list of queries belongs to the context of IAM privilege escalation, which fits inside the Access Control category. As for the Severity, regardless of their different type in the likelihood of exploitation, the outcome will be the same, privilege escalation.
  • The Descriptions can be improved to also consider why such permission creates a security issue and that (in this case) it can lead to a privilege escalation. The reference [1] can help better understand and define a more suited approach.
  • The Descriptions URL should point to the respective affected endpoints (the affected policy).

[1] AWS IAM Privilege Escalation – Methods and Mitigation

@rafaela-soares rafaela-soares mentioned this pull request Aug 9, 2022
Merged
@rafaela-soares rafaela-soares added the query New query feature label Aug 19, 2022
rafaela-soares
rafaela-soares approved these changes Aug 22, 2022
View reviewed changes
Copy link
Contributor

@rafaela-soares rafaela-soares left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀

Thank you so much for such an amazing contribution, @gafnit!

@rafaela-soares rafaela-soares merged commit 4006b83 into Checkmarx:master Aug 22, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rafaela-soares rafaela-soares rafaela-soares approved these changes

Assignees
No one assigned
Labels
community Community contribution query New query feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@gafnit-lightspin @kicsbot @rjegoncalves @rafaela-soares @kaplanlior @gafnit