Stop more checks if invalid resources are found #159
Conversation
|
|
|
Great project by the way! Glad I could try to contribute like @danielpops and @piax93, small world. |
| @@ -41,7 +41,7 @@ This example is showing that the action s3:GetObject requires a resource matchin | |||
| The different input types allowed include: | |||
| - --file: Filename | |||
| - --directory: A directory path, for exmaple: `--directory . --include_policy_extension json --exclude_pattern ".*venv.*"` | |||
| - --aws-managed-policies: For use specifically with the repo https://github.com/SummitRoute/aws_managed_policies | |||
| - --aws-managed-policies: For use specifically with the repo https://github.com/z0ph/aws_managed_policies | |||
There was a problem hiding this comment.
Good call since I don't update my repo anymore.
| for setting, settting_value in settings.items(): | ||
| config[finding_type][setting] = settting_value | ||
| for setting, setting_value in settings.items(): | ||
| config[finding_type][setting] = setting_value |
There was a problem hiding this comment.
Nice catch on the spelling issue
| @@ -641,7 +642,7 @@ def analyze_statement(self): | |||
| """ | |||
| Given a statement, look for problems and extract out the parts. | |||
|
|
|||
| If it is maformed, return False | |||
| If it is malformed, return False | |||
There was a problem hiding this comment.
Nice spelling catch again
| @@ -955,4 +955,4 @@ def analyze_statement(self): | |||
| "RESOURCE_STAR", detail=sorted(self.resource_star), location=self.stmt | |||
| ) | |||
|
|
|||
| return True | |||
| return not has_malformed_resource | |||
There was a problem hiding this comment.
I think this line is the only change the PR mentioned?
There was a problem hiding this comment.
Yup, I added a couple of lines about the 2 other commits now, let me know if you'd prefer I mention it in the PR title.
|
Thank you @KevinHock! Looks like your PR includes a lot of additional changes. I like the spelling changes and the link change, but I'd rather keep my for loop logic as is, as opposed to using |
|
sgtm @0xdabbad00 :) Made the changes |
|
LGTM. This can be merged @steiza |
Analyzing a policy with an INVALID_ARN gives exceptions from all of the community auditors
e.g.
{ "Version":"2012-10-17", "Statement":[ { "Sid":"AddPerm", "Effect":"Allow", "Principal": "*", "Action":["ssm:PutParameter"], "Resource":[{"Fn::Sub": "arn:aws:ssm:*:${AWS::AccountId}:*"}] } ] }from test_resources.py
Also:
Update managed policies repo link to @z0ph's
Fix some spelling