Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(s3): add s3:Get* case to s3_bucket_policy_public_write_access #3364

Merged
merged 1 commit into from Feb 6, 2024
Merged

fix(s3): add s3:Get* case to s3_bucket_policy_public_write_access #3364

merged 1 commit into from Feb 6, 2024

Conversation

sergargar
Copy link
Member

Context

When scanning a public s3 bucket with an bucket policy like the following, prowler alerts for possible write access.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "Statement", "Effect": "Allow", "Principal": "*", "Action": "s3:Get*", "Resource": "arn:aws:s3:::redacted-bucket-name/*" } ] }

Description

Improve the check's logic by verifying s3:Get* Action.

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@sergargar sergargar requested a review from a team as a code owner February 6, 2024 10:10
@sergargar sergargar linked an issue Feb 6, 2024 that may be closed by this pull request
[Bug]: False positive on s3_bucket_policy_public_write_access #3346
Closed
@sergargar sergargar changed the title fix(s3): add s3:Get* case to s3_bucket_policy_public_write_access fix(s3): add s3:Get* case to s3_bucket_policy_public_write_access Feb 6, 2024
@sergargar sergargar changed the title fix(s3): add s3:Get* case to s3_bucket_policy_public_write_access fix(s3): add s3:Get* case to s3_bucket_policy_public_write_access Feb 6, 2024
@codecov Codecov
Copy link

codecov bot commented Feb 6, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (ac44d4a) 85.85% compared to head (948bce1) 85.90%.
Report is 5 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #3364      +/-   ##
==========================================
+ Coverage   85.85%   85.90%   +0.04%     
==========================================
  Files         578      579       +1     
  Lines       18655    18678      +23     
==========================================
+ Hits        16017    16046      +29     
+ Misses       2638     2632       -6

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@sergargar sergargar added the provider/aws Issues/PRs related with the AWS provider label Feb 6, 2024
jfagoagas
jfagoagas approved these changes Feb 6, 2024
View reviewed changes
Copy link
Member

@jfagoagas jfagoagas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome, great catch @sergargar !

@jfagoagas jfagoagas merged commit 7298f64 into master Feb 6, 2024
8 checks passed
@jfagoagas jfagoagas deleted the 3346-bug-false-positive-on-s3_bucket_policy_public_write_access branch February 6, 2024 12:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jfagoagas jfagoagas jfagoagas approved these changes

Assignees
No one assigned
Labels
provider/aws Issues/PRs related with the AWS provider
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Bug]: False positive on s3_bucket_policy_public_write_access
2 participants
@sergargar @jfagoagas