Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(IAM): Add inline policies checks and improve custom policy checks #4255

Open
wants to merge 25 commits into
base: master
Choose a base branch
from
Open

feat(IAM): Add inline policies checks and improve custom policy checks #4255

wants to merge 25 commits into from
+2,558 −227

Conversation

puchy22
Copy link
Contributor

@puchy22 puchy22 commented Jun 17, 2024
edited
Loading

Context

This PR is due to #3833

There are some checks related to custom policies that should be covered with inline policies too.

Description

Added new inline checks and changed custom checks to reuse functions inside new checks. The new checks are:

  • iam_policy_no_full_access_to_cloudtrail
  • iam_policy_no_full_access_to_kms
  • iam_policy_allows_privilege_escalation

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@puchy22
chore(policy): Add generic function about policies
4cba0ac
@puchy22
feat(policy): Add new privilege escalation policies utils
1d7f4f1
@puchy22
chore(policy): Use new general functions for priv escalation
61184ee
@puchy22
feat(iam): New check related to priv escalation with inline policies
aae658a
@puchy22
tests(iam): Testing new check related with priv esc for inline policies
6465eb2
@puchy22
chore(iam): Change priv escalatioon function
eff8454
@puchy22
chore(iam): Add new generic function to check full access policy
dfed6b7
@puchy22
chore(iam): Delete moved comments
85b8ef4
@puchy22
feat(iam): New full access to cloudtrail with inline policies
44f3921
@puchy22
chore(iam): Change repeated cons
26b29dc
@puchy22
chore(iam): Remove unnecesary for loop and change status extended
9796db6
@puchy22
tests(iam): Testing new check related with full access to cloudtrail …
de8adc9 
…with inline policies
@github-actions github-actions bot added the provider/aws Issues/PRs related with the AWS provider label Jun 17, 2024
@codecov Codecov
Copy link

codecov bot commented Jun 18, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 94.41341% with 10 lines in your changes missing coverage. Please review.

Project coverage is 86.71%. Comparing base (6fec855) to head (7300463).
Report is 18 commits behind head on master.

Files Patch % Lines
...iders/aws/services/iam/lib/privilege_escalation.py 89.85% 7 Missing ⚠️
prowler/providers/aws/services/iam/lib/policy.py 92.59% 2 Missing ⚠️
...n/iam_inline_policy_allows_privilege_escalation.py 96.42% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #4255      +/-   ##
==========================================
+ Coverage   86.65%   86.71%   +0.06%     
==========================================
  Files         818      822       +4     
  Lines       25703    25806     +103     
==========================================
+ Hits        22272    22378     +106     
+ Misses       3431     3428       -3

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@puchy22 puchy22 marked this pull request as ready for review June 18, 2024 11:57
@puchy22 puchy22 requested a review from a team as a code owner June 18, 2024 11:57
@puchy22 puchy22 requested a review from a team as a code owner June 18, 2024 11:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
documentation provider/aws Issues/PRs related with the AWS provider
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@puchy22