[Bug]: False Positive on check s3_bucket_public_access when Conditions in Policy #4257
Labels
backport-v3
Pending to port to Prowler v3 branch
bug
provider/aws
Issues/PRs related with the AWS provider
severity/medium
Results in some unexpected or undesired behavior.
Steps to Reproduce
Expected behavior
S3 Bucket sample-restricted-bucket should have passed the check.
Actual Result with Screenshots or Logs
Failed check: S3 Bucket sample-restricted-bucket has public access due to bucket policy.
How did you install Prowler?
From pip package (pip install prowler)
Environment Resource
OS used
Prowler version
Prowler 4.2.4
Pip version
pip 22.0.2 from /usr/lib/python3/dist-packages/pip (python 3.10)
Context
The check only looks for Principal = "*" and Effect = "Allow" without investigating other contexts to the statement, such as Conditions or Resources.
prowler/prowler/providers/aws/services/s3/s3_bucket_public_access/s3_bucket_public_access.py
Line 51 in 61b9ecc
EX. For this policy, the check should pass as the condition restricts public access:
{ "Sid": "AllowVPCAccess", "Effect": "Allow", "Principal": "*", "Action": "s3:*", "Resource": [ "arn:aws:s3:::sample-restricted-bucket/*", "arn:aws:s3:::sample-restricted-bucket" ], "Condition": { "StringEquals": { "aws:sourceVpc": "vpc-12345678abcdef" } } }
The text was updated successfully, but these errors were encountered: