Giters

Skyscanner / cfripper

Library and CLI tool for analysing CloudFormation templates and check them for security compliance.

Home Page:https://cfripper.readthedocs.io/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

PrivilegeEscalationRule bypass

destroy-everything opened this issue · comments

commented

I can bypass the PrivilegeEscalationRule by simply changing the case of my IAM policy.

eg this passes

iam:CreateAccessKey

but changing to

IAM:CreateAccessKey

will fail, however in the documentation the correct way to specify an iam policy is with all lower case, so the use of intersection should be changed to be case-insensitive (search for IAM: on this page https://docs.aws.amazon.com/comprehend/latest/dg/access-control-managing-permissions.html

cfripper/cfripper/rules/PrivilegeEscalationRule.py

Line 46 in 83e4a2e

intersection = actions.intersection(self.IAM_BLACKLIST)

commented

Good spot - we are working on fixes and hope to push them shortly!

Thanks for the contribution :)

commented

This should now be fixed - there was an issue with the pycfmodel library we were using where it was not correctly picking up some policy values. Have pushed cfripper 0.5.0 to PyPi. We now force intersection of the two lists to be lower case, so it should catch all cases.

Thanks again for the contribution :D