IndexError: List index out of range

[jorlebarPTP]

Trying to run AWSPX against a profile created - the ingestor seems to run fine until it gets to the end, then I'm receiving a "List index out of range" error.

I tried limiting the ingestor to only IAM, EC2, Lambda - then also IAM, EC2 (with --services) but still get the same error.

Installed via INSTALL script with docker on Kali linux (Linux kali 4.19.0-kali4-amd64 #1 SMP Debian 4.19.28-2kali1 (2019-03-18) x86_64 GNU/Linux)

Traceback (most recent call last):

│ File "/opt/awspx/cli.py", line 385, in main │ │ 382 console.start() │ │ 383 │ │ 384 try: │ │ ❱ 385 args.func(args) │ │ 386 │ │ 387 except (KeyboardInterrupt, SystemExit): │ │ 388 console.stop() │ │ File "/opt/awspx/cli.py", line 145, in handle_ingest │ │ 142 ingestor = IngestionManager(session=session, console=console, services=arg│ │ 143 db=args.database, quick=args.quick, skip_actio│ │ 144 only_types=args.only_types, skip_types=args.sk│ │ ❱ 145 only_arns=args.only_arns, skiparns=args.skip│ │ 146 │ │ 147 assert ingestor.zip is not None, "Ingestion failed" │ │ 148 │ │ File "/opt/awspx/lib/aws/ingestor.py", line 79, in init │ │ 76 self.load_transitives() │ │ 77 │ │ 78 if not skip_actions: │ │ ❱ 79 self.load_actions() │ │ 80 │ │ 81 self.zip = self.save(db) │ │ 82 │ │ File "/opt/awspx/lib/aws/ingestor.py", line 241, in load_actions │ │ 238 │ │ 239 # Skip AWS::Domain principals │ │ 240 self.update(Elements(principal │ │ ❱ 241 for principal in resource_based_policy.p│ │ 242 if not principal.type("AWS::Domain"))) │ │ 243 │ │ 244 # Only actions beginning with sts:AssumeRole are valid │ │ File "/opt/awspx/lib/aws/ingestor.py", line 382, in update │ │ 379 def update(self, elements): │ │ 380 │ │ 381 for element in elements: │ │ ❱ 382 self.add(element) │ │ 383 │ │ 384 def add(self, element): │ │ 385 │ │ File "/opt/awspx/lib/aws/ingestor.py", line 401, in add │ │ 398 pass │ │ 399 │ │ 400 else: │ │ ❱ 401 self.console.info(f"Added {element.label()}: ({element})") │ │ 402 │ │ 403 │ │ 404 class SessionClientWrapper(object): │ │ File "/opt/awspx/lib/graph/base.py", line 61, in label │ │ 58 return [l for l in self.labels() │ │ 59 if l != self.class.name │ │ 60 ][0] │ │ ❱ 61 │ │ 62 def labels(self): │ │ 63 return sorted(list(self._labels)) │ │ 64 │ ╰──────────────────────────────────────────────────────────────────────────────────────╯ IndexError: list index out of range

[beatro0t]

Hi @jorlebarPTP, thanks for reporting this!

I ran into the same thing not too long ago and thought I had fixed it with b667ff9f31893b2d4665dc159bf266a9d6a0f8cb :see_no_evil: Would you mind just double checking you're running the latest version with awspx update.

If it reports that awspx has now been updated, please try again with awspx ingest --services IAM --quick --verbose (it looks the error is being caused when trying to resolve an AssumeRolePolicyDocument) and confirm that issue has been resolved.

Otherwise, if you are already running the latest version and are still encountering this issue, then we are going to need the specific policy document that is causing it to fail, which will require making some changes to awspx since this information is not logged. Please let us know if this is the case and we will provide additional information :)

[jorlebarPTP]

So I had the same error again, then realised my VM was about a month out of date, apt update/upgrade then it starting running fine.

Sorry for the fuss - If there's any other info that could help though let me know.

As a side note - when starting the neo4j db - the screen was completely blank - Clearing the browser cache has fixed that in case anyone has that issue too.

[beatro0t]

That's great to hear! No stress at all, thanks a bunch for getting back to us on this and for taking the time to log the issue in the first place :)

Thanks, thats very interesting and not something I've personally run into but ill be sure to make a note of it