search

bridgecrewio / prisma-cloud-jetbrains-ide

The Prisma cloud Plugin for Intellij enables developers to get real-time scan results, as well as inline fix suggestions as they develop cloud infrastructure.
Apache License 2.0
1 stars 0 forks source link

403 Forbidden error #150

Open DerDangla opened 3 days ago

DerDangla commented 3 days ago

Hi,

I installed the Prisma Cloud plugin in IntelliJ and set up the keys and API. However, I encountered the following error while scanning a simple TF file on my desktop.

Please note that the token I’m using has only read-only privileges in Prisma, which might be contributing to the issue.

Error while scanning framework terraform, original error message - Error while scanning terraform, exit code - 0, error reason - ERROR] Get fixes request for file /C[--colon--]Users/[user]/Desktop/prisma-test/providers.tf failed with response code 403: Forbidden - skipping fixes for this file . Please check the log file in C:\Users\[user]\AppData\Local\Temp\checkov2839043246234428848\error-terraform--debug-output4596695228787613285.txt. Prisma Cloud result can be found in C:\Users\[user]\AppData\Local\Temp\checkov2839043246234428848\error-terraform--checkov-result15396937086850659782.json. To report: open a issue at https://github.com/bridgecrewio/prisma-cloud-jetbrains-ide/issues

ChananM commented 2 days ago

Hi @DerDangla, Can you please run the checkov scan directly from the terminal? If it also fails, then we will be able to clasify whether this is a Checkov/API issue or an issue with the IDE plugin. To see the exact scan command, you can view the plugin logs by clicking the button next to the scan button on the plugin view in the IDE. Please note the bc API key is censored in the log and you will need to fill it in the terminal

DerDangla commented 2 days ago

It looks like no scan command was invoked apart from checkov.cmd -v. See the logs below:

2024-10-30 17:14:50 [INFO] com.bridgecrew.api.PrismaApiClient - Sending PUT request '/bridgecrew/api/v1/plugins-analytics' to https://api.ca.prismacloud.io
2024-10-30 17:14:50 [INFO] com.bridgecrew.api.PrismaApiClient - Sending POST request '/login' to https://api.ca.prismacloud.io
2024-10-30 17:14:50 [INFO] com.bridgecrew.services.CliService - Running command: C:\Users\[user]\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.12_qbz5n2kfra8p0\LocalCache\local-packages\Python312\Scripts\checkov.cmd -v
2024-10-30 17:14:50 [INFO] com.bridgecrew.api.PrismaApiClient - Successfully sent POST request '/login' to https://api.ca.prismacloud.io
2024-10-30 17:14:50 [ERROR] com.bridgecrew.api.PrismaApiClient - Call to '/bridgecrew/api/v1/plugins-analytics' ended with an error: 403 Forbidden: "<!doctype html><html lang="en"><head><meta charset="UTF-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta http-equiv="X-UA-Compatible" content="ie=edge"/><link rel="shortcut icon" href="/bc-favicon.ico"/><title>Bridgecrew | Console</title><style>#root {<EOL>                height: 100%;<EOL>            }</style><link rel="icon" href="/bc-favicon.ico"></head><body id="body"><div id="root" style="overflow-x: hidden;"></div><script src="/js/main~493df0b3.9761ebd2ce984f2f14a2.bundle.js">
...

When I try to manually run the command: C:\Users\[user]\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.12_qbz5n2kfra8p0\LocalCache\local-packages\Python312\Scripts\checkov.cmd -d . --prisma-api-url {api-url} --bc-api-key {API key}

I receive the error: checkov.cmd: error: --repo-id is required when using a platform API key

I’m scanning a local codebase and wondering if this might be related to the API key or if I’m missing something else?

ChananM commented 2 days ago

@DerDangla

  1. That makes me wonder how you got the Error while scanning framework terraform message. If you don't have any log mentioning a scan, how could it fail? I also expected to find the error you first mentioned in the logs.
  2. As for read only API key, it should still work with Checkov. I can also see from your log you failed to call the analytics API with 403. Please provide any --repo-id for the command and run again to see it it reproduces. The flag should be in the format of <org>/<repo>, but it doesn't matter much. You can put the value extension/jetbrains.
DerDangla commented 1 day ago

My apologies, I might have mixed up two different issues:

  1. The first error was encountered when I was installing checkov with docker. I tried to run the command shown from the logs and here is the result

command (I updated the bc-api-key): docker run --rm -a stdout -a stderr --env BC_SOURCE=jetbrains --env BC_SOURCE_VERSION=1.0.23-203.241 --env PRISMA_API_URL=**-**-**-** --volume C:\Users\[user]\AppData\Local\Temp\checkov1428568393330157666\cdk-checkov-result6600102405031314292.json:/C[--colon--]Users/[user]/AppData/Local/Temp/checkov1428568393330157666/cdk-checkov-result6600102405031314292.json --volume C:/Users/[user]/Desktop/prisma-test:/C[--colon--]Users/[user]/Desktop/prisma-test bridgecrew/checkov -d C[--colon--]Users/edangla/Desktop/prisma-test --skip-path node_modules -s --bc-api-key **-**-**-** --repo-id jetbrains/extension --quiet -o cli -o json --output-file-path console,C[--colon--]Users/[user]/AppData/Local/Temp/checkov1428568393330157666/cdk-checkov-result6600102405031314292.json --prisma-api-url https://api.ca.prismacloud.io --framework cdk

result: docker: Error response from daemon: invalid mode: /Users/[user]/AppData/Local/Temp/checkov1428568393330157666/cdk-checkov-result6600102405031314292.json.

  1. The second error was encountered when I'm installing checkov using python/pip and I this is the python and pip version I have 
    pip 24.3.1 from C:\Users\[user]\AppData\Local\Programs\Python\Python313\Lib\site-packages\pip (python 3.13)
Python 3.13.0