Fix(check122): Error when policy name contains commas

[plarso]

Context

AWS IAM policy names allow commas (','), but check 122 does not support the case where there is a comma in the policy name.

Description

• Change the awk command for the POLICY_VERSION variable in the script to get the version number from the last column rather than the second column.
• Change the awk command for the POLICY_ARN variable in the script to get the policy ARN from all columns except the last instead of just the first column.

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[jfagoagas]

Thanks @plarso, please review comments above to merge this PR!

[lazize]

If it has comma, it will break csv output.
If it is allowed by AWS, we should replace it by something else.

[jfagoagas]

If it has comma, it will break csv output. If it is allowed by AWS, we should replace it by something else.

Good point! I'm going to test a initial approach to solve this.

[jfagoagas]

Hi @plarso could you include the following as a replace in line 42?

textFail "$REGION: Policy ${policy//,/[comma]} allows \"*:*\"" "$REGION" "$policy"

This is a valid approach but we are modifying role name in the output.

1. AWS Test Roles

2. Prowler Result

Also @lazize please check this.

Thanks!

[plarso]

I've added the requested changes.

[lazize]

Based on my recent experience, I believe this kind of variable expansion will not be supported by old version of bash, like the one original from macOS.
I will test it tomorrow.

[jfagoagas]

I've added the requested changes.

Cool, thank you @plarso !

[jfagoagas]

Based on my recent experience, I believe this kind of variable expansion will not be supported by old version of bash, like the one original from macOS.

I will test it tomorrow.

All of this changes has been tested with Bash 3.15, this kind of variable expansion is supported in old versions of Bash.

[jfagoagas]

Good job @plarso !!

Thanks 👏