Giters

nccgroup / ScoutSuite

Multi-Cloud Security Auditing Tool

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Scoutsuite fails to enumerate buckets on OCI tenancies

WhiteThePanda opened this issue · comments

commented

ScoutSuite bucket enumeration fails to execute on an OCI tenancy. The Object Storage namespace is not parsed correctly.

Please provide:

  • A clear and concise description of what the bug is.
    ScoutSuite fails to enumerate buckets on an OCI tenancy. The reason is that it fails to get the objectstorage namespace.

  • Console output using the --debug argument.
    "2023-08-30 14:12:40 WSW70VTHW3 scout[851] INFO Launching Scout
    2023-08-30 14:12:40 WSW70VTHW3 scout[851] INFO Authenticating to cloud provider
    2023-08-30 14:12:41 WSW70VTHW3 scout[851] INFO Gathering data from APIs
    2023-08-30 14:12:41 WSW70VTHW3 scout[851] INFO Fetching resources for the Identity service
    2023-08-30 14:12:41 WSW70VTHW3 scout[851] INFO Fetching resources for the Object Storage service
    2023-08-30 14:12:41 WSW70VTHW3 scout[851] INFO Fetching resources for the KMS service
    2023-08-30 14:12:43 WSW70VTHW3 scout[851] ERROR objectstorage.py L16: Failed to get Object Storage namespace: 'str' object has no attribute 'items'
    Traceback (most recent call last):
    File "/home/shanly/.local/lib/python3.10/site-packages/ScoutSuite/providers/oci/facade/objectstorage.py", line 16, in get_namespace
    response = await run_concurrently(
    File "/home/shanly/.local/lib/python3.10/site-packages/ScoutSuite/providers/utils.py", line 27, in run_concurrently
    return await run_function_concurrently(function)
    File "/usr/lib/python3.10/concurrent/futures/thread.py", line 58, in run
    result = self.fn(*self.args, **self.kwargs)
    File "/home/shanly/.local/lib/python3.10/site-packages/ScoutSuite/providers/oci/facade/objectstorage.py", line 17, in
    lambda: list_call_get_all_results(self._client.get_namespace))
    File "/usr/local/lib/python3.10/dist-packages/oci/pagination/pagination_utils.py", line 218, in list_call_get_all_results
    else aggregated_results.extend(call_result.data.items)
    AttributeError: 'str' object has no attribute 'items'
    2023-08-30 14:12:43 WSW70VTHW3 scout[851] ERROR objectstorage.py L36: Failed to get Object Storage buckets: Parameter namespaceName cannot be None, whitespace or empty string
    Traceback (most recent call last):
    File "/home/shanly/.local/lib/python3.10/site-packages/ScoutSuite/providers/oci/facade/objectstorage.py", line 36, in get_buckets
    response = await run_concurrently(
    File "/home/shanly/.local/lib/python3.10/site-packages/ScoutSuite/providers/utils.py", line 27, in run_concurrently
    return await run_function_concurrently(function)
    File "/usr/lib/python3.10/concurrent/futures/thread.py", line 58, in run
    result = self.fn(*self.args, **self.kwargs)
    File "/home/shanly/.local/lib/python3.10/site-packages/ScoutSuite/providers/oci/facade/objectstorage.py", line 37, in
    lambda: list_call_get_all_results(self._client.list_buckets, namespace, self._credentials.get_scope()))
    File "/usr/local/lib/python3.10/dist-packages/oci/pagination/pagination_utils.py", line 205, in list_call_get_all_results
    for response in list_call_get_all_results_generator(list_func_ref, 'response', *list_func_args, **list_func_kwargs):
    File "/usr/local/lib/python3.10/dist-packages/oci/pagination/pagination_utils.py", line 274, in list_call_get_all_results_generator
    call_result = retry.DEFAULT_RETRY_STRATEGY.make_retrying_call(list_func_ref, *list_func_args, **list_func_kwargs)
    File "/usr/local/lib/python3.10/dist-packages/oci/retry/retry.py", line 308, in make_retrying_call
    response = func_ref(*func_args, **func_kwargs)
    File "/usr/local/lib/python3.10/dist-packages/oci/object_storage/object_storage_client.py", line 3325, in list_buckets
    raise ValueError('Parameter {} cannot be None, whitespace or empty string'.format(k))
    ValueError: Parameter namespaceName cannot be None, whitespace or empty string
    2023-08-30 14:12:44 WSW70VTHW3 scout[851] INFO Running pre-processing engine
    2023-08-30 14:12:44 WSW70VTHW3 scout[851] INFO Running rule engine
    2023-08-30 14:12:44 WSW70VTHW3 scout[851] DEBUG Loading ruleset /home/shanly/.local/lib/python3.10/site-packages/ScoutSuite/providers/oci/rules/rulesets/default.json
    2023-08-30 14:12:44 WSW70VTHW3 scout[851] DEBUG Processing Identity rule "Minimum Password Length Too Short" (identity-password-policy-minimum-length.json)
    2023-08-30 14:12:44 WSW70VTHW3 scout[851] DEBUG Processing Identity rule "Password Policy Lacks Lowercase Requirement" (identity-password-policy-no-lowercase-required.json)
    2023-08-30 14:12:44 WSW70VTHW3 scout[851] DEBUG Processing Identity rule "Password Policy Lacks Number Requirement" (identity-password-policy-no-number-required.json)
    2023-08-30 14:12:44 WSW70VTHW3 scout[851] DEBUG Processing Identity rule "Password Policy Lacks Symbol Requirement" (identity-password-policy-no-symbol-required.json)
    2023-08-30 14:12:44 WSW70VTHW3 scout[851] DEBUG Processing Identity rule "Password Policy Lacks Uppercase Requirement" (identity-password-policy-no-uppercase-required.json)
    2023-08-30 14:12:44 WSW70VTHW3 scout[851] DEBUG Processing Identity rule "Policy Affects User" (identity-policy-affects-user.json)
    2023-08-30 14:12:44 WSW70VTHW3 scout[851] DEBUG Processing Identity rule "User with Multiple API Keys" (identity-user-with-multiple-api-keys.json)
    2023-08-30 14:12:44 WSW70VTHW3 scout[851] DEBUG Processing KMS rule "KMS Keys Are Not Being Rotated" (kms-no-key-rotation.json)
    2023-08-30 14:12:44 WSW70VTHW3 scout[851] DEBUG Processing Object Storage rule "Buckets Lacking KMS Encryption" (objectstorage-bucket-lacking-kms-encryption.json)
    2023-08-30 14:12:44 WSW70VTHW3 scout[851] DEBUG Processing Object Storage rule "Public Buckets" (objectstorage-public-bucket.json)
    2023-08-30 14:12:44 WSW70VTHW3 scout[851] INFO Applying display filters
    2023-08-30 14:12:44 WSW70VTHW3 scout[851] DEBUG Loading ruleset /home/shanly/.local/lib/python3.10/site-packages/ScoutSuite/providers/oci/rules/rulesets/filters.json
    2023-08-30 14:12:44 WSW70VTHW3 scout[851] INFO Running post-processing engine
    2023-08-30 14:12:45 WSW70VTHW3 scout[851] INFO Saving data to scoutsuite-report/"

To Reproduce

Please provide:

  • The exact CLI parameters used to run Scout Suite.
    scout oci --profile DEFAULT --debug
  • Any specific configuration within the cloud account which might have lead to the issue.

No specific configuration.