Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    Kinnaird McQuade
    @kmcquade
    @HenryHoggard - wanted to see if we can take care of your issue. Are you able to pinpoint which policy it failed on? And possibly let me know the policy JSON (feel free to sanitize obviously)
    Kinnaird McQuade
    @kmcquade
    as mentioned in the GitHub issue - never mind!
    ajksharma
    @ajksharma

    @kmcquade - almost the same issue as salesforce/cloudsplaining#119 as well as the steps
    Upgraded cloudsplaining version to latest.
    It starts with,
    Excluded prefix: service-role
    Excluded prefix: service-role

    Excluded prefix: service-role
    Excluded prefix: service-role

    Excluded prefix: service-role
    Excluded prefix: service-role

    Excluded prefix: service-role
    Excluded prefix: service-role

    Excluded prefix: service-role
    Excluded prefix: service-role

    Excluded prefix: service-role
    Excluded prefix: service-role

    Excluded prefix: service-role
    Excluded prefix: service-role

    Excluded prefix: service-role
    Excluded prefix: service-role

    And then it just stops until I break it.

    Kinnaird McQuade
    @kmcquade
    Hey @ajksharma - how long does it run for? Cloudsplaining can take a while sometimes, especially when the policies use a lot of wildcards in their action names, like s3:. I saw one account that had a lot of duplicate roles with :* and it took about 10 min total because it had to expand all of those actions
    I do need to improve the logging mechanism, as it seems that click_log’s config is not being reflected across all modules. @reetasingh - FYI I will open up an issue on that
    ajksharma
    @ajksharma
    Hi @kmcquade I ran it for hours but it’s stuck as mentioned above.
    As there is no movement on the screen I believe it’s stuck. Is there an exception - log file which can be useful for debugging?
    ajksharma
    @ajksharma
    I tried on another account which has a lot less users and policies but git the same result
    Kinnaird McQuade
    @kmcquade
    That is weird. Can you add the arguments -v debug
    Kinnaird McQuade
    @kmcquade
    and does it say that it is evaluating a particular policy when it fails? or just nothing except for those exclusions
    I opened up a GitHub issue to fix the logging, which may help. salesforce/cloudsplaining#130
    Also, does it work for you on a previous version of Cloudsplaining?
    ajksharma
    @ajksharma
    Hi @kmcquade it has generated the report finally.
    Would keep you posted if this happens again. Thanks
    Thanks for a great tool. I would be trying Police-Sentry next
    Kinnaird McQuade
    @kmcquade
    oh wow. how long did that end up taking?
    awesome. yes let me know if you have any feedback
    ajksharma
    @ajksharma
    oh wow. how long did that end up taking?
    about 20 mins. This was windows wsl
    Kinnaird McQuade
    @kmcquade
    ah ok
    ajksharma
    @ajksharma

    I now tried it in Windows 10 and it gives the following error

        Excluded prefix: service-role*
        Excluded prefix: service-role*
        Excluded prefix: service-role*
        Excluded prefix: service-role*
        Excluded prefix: service-role*

    Traceback (most recent call last):
    File "c:\users\espm1855\appdata\local\programs\python\python39\lib\runpy.py", line 197, in _run_module_as_main
    return _run_code(code, main_globals, None,
    File "c:\users\espm1855\appdata\local\programs\python\python39\lib\runpy.py", line 87, in _run_code
    exec(code, run_globals)
    File "C:\Users\ESPM1855\AppData\Local\Programs\Python\Python39\Scripts\cloudsplaining.exe__main.py", line 7, in <module>
    File "c:\users\espm1855\appdata\local\programs\python\python39\lib\site-packages\cloudsplaining\bin\cli.py", line 32, in main
    cloudsplaining()
    File "C:\Users\ESPM1855\AppData\Roaming\Python\Python39\site-packages\click\core.py", line 829, in
    call__
    return self.main(args, kwargs)
    File "C:\Users\ESPM1855\AppData\Roaming\Python\Python39\site-packages\click\core.py", line 782, in main
    rv = self.invoke(ctx)
    File "C:\Users\ESPM1855\AppData\Roaming\Python\Python39\site-packages\click\core.py", line 1259, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
    File "C:\Users\ESPM1855\AppData\Roaming\Python\Python39\site-packages\click\core.py", line 1066, in invoke
    return ctx.invoke(self.callback,
    ctx.params)
    File "C:\Users\ESPM1855\AppData\Roaming\Python\Python39\site-packages\click\core.py", line 610, in invoke
    return callback(
    args, **kwargs)
    File "c:\users\espm1855\appdata\local\programs\python\python39\lib\site-packages\cloudsplaining\command\scan.py", line 93, in scan
    rendered_html_report = scan_account_authorization_details(
    File "c:\users\espm1855\appdata\local\programs\python\python39\lib\site-packages\cloudsplaining\command\scan.py", line 177, in scan_account_authorization_details
    rendered_report = html_report.get_html_report()
    File "c:\users\espm1855\appdata\local\programs\python\python39\lib\site-packages\cloudsplaining\output\report.py", line 53, in get_html_report
    vendor_bundle_js=self.vendor_bundle,
    File "c:\users\espm1855\appdata\local\programs\python\python39\lib\site-packages\cloudsplaining\output\report.py", line 46, in vendor_bundle
    bundle_content = f.read()
    File "c:\users\espm1855\appdata\local\programs\python\python39\lib\encodings\cp1252.py", line 23, in decode
    return codecs.charmap_decode(input,self.errors,decoding_table)[0]
    UnicodeDecodeError: 'charmap' codec can't decode byte 0x81 in position 3981: character maps to <undefined>

    Kinnaird McQuade
    @kmcquade
    hmmm weird. ok. I think I have seen that before, but not in this application. Can you open up a GitHub issue for that?
    that’s a very specific bug and we should track it
    ajksharma
    @ajksharma
    Sure. I see a docker ticket. Do we have a docker image yet?
    Kinnaird McQuade
    @kmcquade
    not yet. I am waiting on our open source people internally to provide access to the GitHub container registry.
    they haven’t enabled it, might be a few weeks.
    ajksharma
    @ajksharma
    ok thanks