Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(awslambda): Enhance function public access check called from other resource #4679

Merged
merged 22 commits into from
Aug 19, 2024
Merged

chore(awslambda): Enhance function public access check called from other resource #4679

merged 22 commits into from
Aug 19, 2024

Conversation

puchy22
Copy link
Member

@puchy22 puchy22 commented Aug 7, 2024
edited
Loading

Context

Include the scenario where a function is exposed via other AWS resources (ALB and API Gateway). For now check only ensures that policies were not permissive in general cases, now it checks that it cannot be invoked by other resources.

Description

  • Update logic to verify policies correctly.
  • Updated metadata to fit better with the new check behaviour.
  • Add unit tests to cover all this new functionalities.

Checklist

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@github-actions github-actions bot added the provider/aws Issues/PRs related with the AWS provider label Aug 7, 2024
@codecov Codecov
Copy link

codecov bot commented Aug 7, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 89.13%. Comparing base (59acd30) to head (bdb9d77).
Report is 591 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #4679      +/-   ##
==========================================
+ Coverage   89.09%   89.13%   +0.04%     
==========================================
  Files         913      921       +8     
  Lines       27913    28156     +243     
==========================================
+ Hits        24869    25098     +229     
- Misses       3044     3058      +14

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Aug 8, 2024

You can check the documentation for this PR here -> Prowler Documentation

@puchy22 puchy22 force-pushed the PRWLR-4354-enhance-aws-lambda-public-access-check branch from a75e605 to d50c5c2 Compare August 8, 2024 11:30
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Aug 8, 2024

You can check the documentation for this PR here -> Prowler Documentation

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Aug 8, 2024

You can check the documentation for this PR here -> Prowler Documentation

@puchy22 puchy22 marked this pull request as ready for review August 8, 2024 13:21
@puchy22 puchy22 requested review from a team as code owners August 8, 2024 13:21
@puchy22 puchy22 changed the title chore(awslambda): Enhance function public access check chore(awslambda): Enhance function public access check called from other resource Aug 14, 2024
MrCloudSec
MrCloudSec approved these changes Aug 19, 2024
View reviewed changes
Copy link
Member

@MrCloudSec MrCloudSec left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👏🏼

@MrCloudSec MrCloudSec added backport-to-v3 Backport PR to the v3 branch backport-to-v4.3 labels Aug 19, 2024
@MrCloudSec MrCloudSec merged commit 5cc9554 into master Aug 19, 2024
13 checks passed
@MrCloudSec MrCloudSec deleted the PRWLR-4354-enhance-aws-lambda-public-access-check branch August 19, 2024 17:03
@github-actions github-actions bot mentioned this pull request Aug 19, 2024
Merged
@github-actions github-actions bot added the was-backported The PR was successfully backported to the target branch label Aug 19, 2024
@github-actions github-actions bot mentioned this pull request Aug 19, 2024
Merged
@github-actions GitHub Actions
Copy link
Contributor

💚 All backports created successfully

Status Branch Result
v3
v4.3

Questions ?

Please refer to the Backport tool documentation and see the Github Action logs for details

MrCloudSec pushed a commit that referenced this pull request Aug 19, 2024
@puchy22 @MrCloudSec
chore(awslambda): Enhance function public access check called from ot…
b7f47c5 
…her resource (#4679)

Co-authored-by: Sergio Garcia <[email protected]>
(cherry picked from commit 5cc9554)
MrCloudSec pushed a commit that referenced this pull request Aug 19, 2024
@puchy22 @MrCloudSec
chore(awslambda): Enhance function public access check called from ot…
1754c90 
…her resource (#4679)

Co-authored-by: Sergio Garcia <[email protected]>
(cherry picked from commit 5cc9554)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MrCloudSec MrCloudSec MrCloudSec approved these changes

Assignees
No one assigned
Labels
backport-to-v3 Backport PR to the v3 branch documentation provider/aws Issues/PRs related with the AWS provider was-backported The PR was successfully backported to the target branch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@puchy22 @MrCloudSec