Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(s3): add new fixer s3_bucket_public_write_acl_fixer #5855

Merged
merged 3 commits into from
Dec 12, 2024
Merged

feat(s3): add new fixer s3_bucket_public_write_acl_fixer #5855

merged 3 commits into from
Dec 12, 2024

Conversation

danibarranqueroo
Copy link
Member

Context

Develop a fixer that removes public write access from the ACLs of S3 buckets. The fixer will ensure that only authorized users or IAM roles can write to the bucket, preventing unauthorized modifications and protecting sensitive data stored in S3.

This fixer is already done and tested in moto but I don’t want to test it on real infra until I discuss with someone else because for creating a bucket with public write access it’s needed to change the “BlockPublicAcls” parameter at bucket and account level and this could affect to the other s3 buckets that are currently on our AWS ProwlerDev account. So, for this reason, I'll left this PR in draft.

Description

Added a new fixer s3_bucket_public_write_acl_fixer with its unit tests.

Checklist

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@github-actions github-actions bot added the provider/aws Issues/PRs related with the AWS provider label Nov 21, 2024
@codecov Codecov
Copy link

codecov bot commented Nov 21, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 90.00%. Comparing base (2e20d52) to head (ff4e514).
Report is 743 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #5855      +/-   ##
==========================================
+ Coverage   89.86%   90.00%   +0.14%     
==========================================
  Files        1136     1154      +18     
  Lines       35452    35711     +259     
==========================================
+ Hits        31858    32142     +284     
+ Misses       3594     3569      -25
Flag Coverage Δ
prowler 90.00% <100.00%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

Components Coverage Δ
prowler 90.00% <100.00%> (+0.14%) ⬆️
api ∅ <ø> (∅)

@danibarranqueroo danibarranqueroo marked this pull request as ready for review December 12, 2024 12:58
@danibarranqueroo danibarranqueroo requested review from a team as code owners December 12, 2024 12:58
@danibarranqueroo
Copy link
Member Author

I have now my personal account working and I've been able to test on real infrastructure the fixer, as it works as expected this PR is now ready for review.

@MrCloudSec MrCloudSec merged commit 26c7097 into master Dec 12, 2024
11 checks passed
@MrCloudSec MrCloudSec deleted the PRWLR-5338-restrict-access-write-to-everyone-or-any-aws-customer-on-s-3-buckets branch December 12, 2024 15:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MrCloudSec MrCloudSec MrCloudSec approved these changes

Assignees
No one assigned
Labels
provider/aws Issues/PRs related with the AWS provider
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@danibarranqueroo @MrCloudSec