Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Potential Failed-by-Default ECR policy test case for resource-based policy scan #18

Closed
1 of 6 tasks
GohEeEn opened this issue Aug 30, 2023 · 2 comments
Closed
1 of 6 tasks

Potential Failed-by-Default ECR policy test case for resource-based policy scan #18

GohEeEn opened this issue Aug 30, 2023 · 2 comments
Assignees
@gockle
Labels
bug Something isn't working triaged Has been triaged by solutions team

Comments

@GohEeEn
Copy link

GohEeEn commented Aug 30, 2023

Describe the bug
The provided mock_data provides a failed-by-default test cases for tests/test_resource_based_policy/test_ecr_policy_for_organizations_dependency.py, due to the limitation of ECR repository name, that are not supposed to contain any capital letter. The following mock data is the cause of this bug on file ./source/lambda/tests/test_resource_based_policy/mock_data.py:189-191 :

    {
        "MockResourceName": "ResourceWithNoPolicy",
    }

To Reproduce
Run the ./source/run-all-tests.sh for custom-build of this solution, without an change to the repository code after exporting a valid AWS_REGION environment value (eg. us-west-1).

Expected behavior
There should not have a false-by-default test case from the given mock_data, but fail by misconfiguration or wrongly modified IaC code.

Example Patch
Add the .lower() function on the following code block to make the resource name into non-capital letter.

# ./source/lambda/tests/test_resource_based_policy/test_ecr_policy_for_organizations_dependency.py:35-37
ecr_client.create_repository(
    repositoryName=policy_object.get('MockResourceName').lower()
)

Please complete the following information about the solution:

  • Version: v1.0.4 [e.g. v1.0.0]

To get the version of the solution, you can look at the description of the created CloudFormation stack.

For example, "(SO0217) - The AWS CloudFormation hub template for deployment of the Account Assessment for AWS Organisations, Version: v1.0.0".

  • Region: us-west-1 [e.g. us-east-1]
  • Was the solution modified from the version published on this repository? No
  • If the answer to the previous question was yes, are the changes available on GitHub? NA
  • Have you checked your service quotas for the sevices this solution uses? NA
  • Were there any errors in the CloudWatch Logs? NA

Screenshots
Screenshot 2023-08-30 at 14 49 23
Screenshot 2023-08-30 at 14 50 30

Additional context
@GohEeEn GohEeEn added the bug Something isn't working label Aug 30, 2023
@gockle
Copy link
Member

gockle commented Sep 5, 2023

Hi @GohEeEn
Thanks for reporting the issue, we were able to replicate this issue, and we will push a fix in the in the next release.

@gockle gockle self-assigned this Sep 5, 2023
@gockle gockle added the triaged Has been triaged by solutions team label Sep 5, 2023
@gockle
Copy link
Member

gockle commented Oct 27, 2023

This issue has been resolved in v1.0.5, closing this issue.

@gockle gockle closed this as completed Oct 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gockle gockle

Labels
bug Something isn't working triaged Has been triaged by solutions team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@GohEeEn @gockle