Skip to content
This repository has been archived by the owner on Jan 23, 2025. It is now read-only.

filter iam pass role in policy document to prevent privilege escalations #1259

Merged
merged 14 commits into from
Apr 14, 2023
Merged

filter iam pass role in policy document to prevent privilege escalations #1259

merged 14 commits into from
Apr 14, 2023

Conversation

realwebdev
Copy link
Contributor

prevent privilege escalation.

@simar7
Copy link
Member

simar7 commented Mar 29, 2023

can you run make docs and add the generated files in this commit? also could you add a simple unit test for this rule alongside it?

@realwebdev
Copy link
Contributor Author

can you run make docs and add the generated files in this commit? also could you add a simple unit test for this rule alongside it?

I have added these.

giorod3
giorod3 approved these changes Apr 14, 2023
View reviewed changes
rules/cloud/policies/aws/iam/filter_iam_pass_role.rego Outdated
policy := role.policies[_]
action := policy.document[_]
contains(action, "iam:PassRole")
res = result.new("Warning: 'iam:PassRole' action is present in role", role.name)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
res = result.new("Warning: 'iam:PassRole' action is present in role", role.name)
res = result.new("iam:PassRole action is present in role", role.name)

@giorod3 giorod3 merged commit 3514e46 into aquasecurity:master Apr 14, 2023
aisha-als pushed a commit to aisha-als/defsec that referenced this pull request Apr 17, 2023
@realwebdev @aisha-als
filter iam pass role in policy document to prevent privilege escalati…
b410bef 
…ons (aquasecurity#1259)

* filter iam pass role in policy document to prevent privilege escalations

* fix: metadata fix

* fix

* add: Iam Pass role rule registered with unit test

* fix

* fix

* test case added for iam pass role policy in rego

* fix

* rego fmt error removed

* removed go rules

* rego rule modified
aisha-als pushed a commit to aisha-als/defsec that referenced this pull request Apr 17, 2023
@realwebdev @aisha-als
filter iam pass role in policy document to prevent privilege escalati…
b50217b 
…ons (aquasecurity#1259)

* filter iam pass role in policy document to prevent privilege escalations

* fix: metadata fix

* fix

* add: Iam Pass role rule registered with unit test

* fix

* fix

* test case added for iam pass role policy in rego

* fix

* rego fmt error removed

* removed go rules

* rego rule modified
simar7 added a commit that referenced this pull request May 6, 2023
@simar7
Revert "filter iam pass role in policy document to prevent privilege …
9aa09b0 
…escalations (#1259)"

This reverts commit 3514e46.
@simar7 simar7 mentioned this pull request May 6, 2023
Merged
simar7 added a commit that referenced this pull request May 7, 2023
@simar7
fix: Revert AVD-AWS-0342 policy (#1309)
b5376b0 
* Revert "Added logic to also check statement effect (#1287)"

This reverts commit 8b5e832.

* Revert "filter iam pass role in policy document to prevent privilege escalations (#1259)"

This reverts commit 3514e46.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@giorod3 giorod3 giorod3 approved these changes

@simar7 simar7 Awaiting requested review from simar7 simar7 is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@realwebdev @simar7 @giorod3