Scoutsuite fails to enumerate buckets on OCI tenancies
WhiteThePanda opened this issue · comments
ScoutSuite bucket enumeration fails to execute on an OCI tenancy. The Object Storage namespace is not parsed correctly.
Please provide:
-
A clear and concise description of what the bug is.
ScoutSuite fails to enumerate buckets on an OCI tenancy. The reason is that it fails to get the objectstorage namespace. -
Console output using the
--debug
argument.
"2023-08-30 14:12:40 WSW70VTHW3 scout[851] INFO Launching Scout
2023-08-30 14:12:40 WSW70VTHW3 scout[851] INFO Authenticating to cloud provider
2023-08-30 14:12:41 WSW70VTHW3 scout[851] INFO Gathering data from APIs
2023-08-30 14:12:41 WSW70VTHW3 scout[851] INFO Fetching resources for the Identity service
2023-08-30 14:12:41 WSW70VTHW3 scout[851] INFO Fetching resources for the Object Storage service
2023-08-30 14:12:41 WSW70VTHW3 scout[851] INFO Fetching resources for the KMS service
2023-08-30 14:12:43 WSW70VTHW3 scout[851] ERROR objectstorage.py L16: Failed to get Object Storage namespace: 'str' object has no attribute 'items'
Traceback (most recent call last):
File "/home/shanly/.local/lib/python3.10/site-packages/ScoutSuite/providers/oci/facade/objectstorage.py", line 16, in get_namespace
response = await run_concurrently(
File "/home/shanly/.local/lib/python3.10/site-packages/ScoutSuite/providers/utils.py", line 27, in run_concurrently
return await run_function_concurrently(function)
File "/usr/lib/python3.10/concurrent/futures/thread.py", line 58, in run
result = self.fn(*self.args, **self.kwargs)
File "/home/shanly/.local/lib/python3.10/site-packages/ScoutSuite/providers/oci/facade/objectstorage.py", line 17, in
lambda: list_call_get_all_results(self._client.get_namespace))
File "/usr/local/lib/python3.10/dist-packages/oci/pagination/pagination_utils.py", line 218, in list_call_get_all_results
else aggregated_results.extend(call_result.data.items)
AttributeError: 'str' object has no attribute 'items'
2023-08-30 14:12:43 WSW70VTHW3 scout[851] ERROR objectstorage.py L36: Failed to get Object Storage buckets: Parameter namespaceName cannot be None, whitespace or empty string
Traceback (most recent call last):
File "/home/shanly/.local/lib/python3.10/site-packages/ScoutSuite/providers/oci/facade/objectstorage.py", line 36, in get_buckets
response = await run_concurrently(
File "/home/shanly/.local/lib/python3.10/site-packages/ScoutSuite/providers/utils.py", line 27, in run_concurrently
return await run_function_concurrently(function)
File "/usr/lib/python3.10/concurrent/futures/thread.py", line 58, in run
result = self.fn(*self.args, **self.kwargs)
File "/home/shanly/.local/lib/python3.10/site-packages/ScoutSuite/providers/oci/facade/objectstorage.py", line 37, in
lambda: list_call_get_all_results(self._client.list_buckets, namespace, self._credentials.get_scope()))
File "/usr/local/lib/python3.10/dist-packages/oci/pagination/pagination_utils.py", line 205, in list_call_get_all_results
for response in list_call_get_all_results_generator(list_func_ref, 'response', *list_func_args, **list_func_kwargs):
File "/usr/local/lib/python3.10/dist-packages/oci/pagination/pagination_utils.py", line 274, in list_call_get_all_results_generator
call_result = retry.DEFAULT_RETRY_STRATEGY.make_retrying_call(list_func_ref, *list_func_args, **list_func_kwargs)
File "/usr/local/lib/python3.10/dist-packages/oci/retry/retry.py", line 308, in make_retrying_call
response = func_ref(*func_args, **func_kwargs)
File "/usr/local/lib/python3.10/dist-packages/oci/object_storage/object_storage_client.py", line 3325, in list_buckets
raise ValueError('Parameter {} cannot be None, whitespace or empty string'.format(k))
ValueError: Parameter namespaceName cannot be None, whitespace or empty string
2023-08-30 14:12:44 WSW70VTHW3 scout[851] INFO Running pre-processing engine
2023-08-30 14:12:44 WSW70VTHW3 scout[851] INFO Running rule engine
2023-08-30 14:12:44 WSW70VTHW3 scout[851] DEBUG Loading ruleset /home/shanly/.local/lib/python3.10/site-packages/ScoutSuite/providers/oci/rules/rulesets/default.json
2023-08-30 14:12:44 WSW70VTHW3 scout[851] DEBUG Processing Identity rule "Minimum Password Length Too Short" (identity-password-policy-minimum-length.json)
2023-08-30 14:12:44 WSW70VTHW3 scout[851] DEBUG Processing Identity rule "Password Policy Lacks Lowercase Requirement" (identity-password-policy-no-lowercase-required.json)
2023-08-30 14:12:44 WSW70VTHW3 scout[851] DEBUG Processing Identity rule "Password Policy Lacks Number Requirement" (identity-password-policy-no-number-required.json)
2023-08-30 14:12:44 WSW70VTHW3 scout[851] DEBUG Processing Identity rule "Password Policy Lacks Symbol Requirement" (identity-password-policy-no-symbol-required.json)
2023-08-30 14:12:44 WSW70VTHW3 scout[851] DEBUG Processing Identity rule "Password Policy Lacks Uppercase Requirement" (identity-password-policy-no-uppercase-required.json)
2023-08-30 14:12:44 WSW70VTHW3 scout[851] DEBUG Processing Identity rule "Policy Affects User" (identity-policy-affects-user.json)
2023-08-30 14:12:44 WSW70VTHW3 scout[851] DEBUG Processing Identity rule "User with Multiple API Keys" (identity-user-with-multiple-api-keys.json)
2023-08-30 14:12:44 WSW70VTHW3 scout[851] DEBUG Processing KMS rule "KMS Keys Are Not Being Rotated" (kms-no-key-rotation.json)
2023-08-30 14:12:44 WSW70VTHW3 scout[851] DEBUG Processing Object Storage rule "Buckets Lacking KMS Encryption" (objectstorage-bucket-lacking-kms-encryption.json)
2023-08-30 14:12:44 WSW70VTHW3 scout[851] DEBUG Processing Object Storage rule "Public Buckets" (objectstorage-public-bucket.json)
2023-08-30 14:12:44 WSW70VTHW3 scout[851] INFO Applying display filters
2023-08-30 14:12:44 WSW70VTHW3 scout[851] DEBUG Loading ruleset /home/shanly/.local/lib/python3.10/site-packages/ScoutSuite/providers/oci/rules/rulesets/filters.json
2023-08-30 14:12:44 WSW70VTHW3 scout[851] INFO Running post-processing engine
2023-08-30 14:12:45 WSW70VTHW3 scout[851] INFO Saving data to scoutsuite-report/"
To Reproduce
Please provide:
- The exact CLI parameters used to run Scout Suite.
scout oci --profile DEFAULT --debug - Any specific configuration within the cloud account which might have lead to the issue.
No specific configuration.