Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(s3): Add checks for publicly listable Buckets or writable buckets by ACL #2628

Merged
merged 7 commits into from
Jul 31, 2023
Merged

feat(s3): Add checks for publicly listable Buckets or writable buckets by ACL #2628

merged 7 commits into from
Jul 31, 2023

Conversation

jchrisfarris
Copy link
Contributor

@jchrisfarris jchrisfarris commented Jul 26, 2023
edited by jfagoagas
Loading

Context

While public buckets and bad, buckets that are either publicly writable or where anyone can list the objects are higher risk. This PR introduces two new checks specific to bucket ACLs that alert on these two use-cases:

  • s3_bucket_public_list_acl
  • s3_bucket_public_write_acl

Description

No dependencies. I did not see an open issue related to his.

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@jchrisfarris jchrisfarris requested a review from a team July 26, 2023 18:00
@jfagoagas jfagoagas added status/waiting-for-revision Waiting for maintainer's revision no-merge Please, DO NOT MERGE this PR. testing-pending provider/aws Issues/PRs related with the AWS provider labels Jul 26, 2023
@jfagoagas
Copy link
Member

Hi @jchrisfarris, thanks a lot for your contribution! We'll review it and let you know if everything is working fine.

We'll include the missing tests but if you can give it a try we can guide you through it.

Thanks for using Prowler 🚀

@jfagoagas jfagoagas self-assigned this Jul 27, 2023
@jfagoagas jfagoagas changed the title Add checks for publicly listable Buckets or writable buckets by ACL feat(s3): Add checks for publicly listable Buckets or writable buckets by ACL Jul 27, 2023
@jfagoagas
Copy link
Member

I've included tests and some fixes in the S3 check's metadata.

@jfagoagas jfagoagas removed status/waiting-for-revision Waiting for maintainer's revision no-merge Please, DO NOT MERGE this PR. testing-pending labels Jul 31, 2023
jfagoagas
jfagoagas approved these changes Jul 31, 2023
View reviewed changes
Copy link
Member

@jfagoagas jfagoagas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for your contribution @jchrisfarris, these new checks were necessary to have it in Prowler!

🚀 🚀 🚀 🚀

@jfagoagas jfagoagas merged commit 03ad403 into prowler-cloud:master Jul 31, 2023
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jfagoagas jfagoagas jfagoagas approved these changes

Assignees

@jfagoagas jfagoagas

Labels
provider/aws Issues/PRs related with the AWS provider
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@jchrisfarris @jfagoagas