filepath not always returning same ARN that was provided for filepath

[tekdj7]

I have a function where I loop through users, groups, roles, and policies, and run the analyze_policy_string(policy_document, filepath=arn). I pass it the arn of the policy being assessed. In maybe 20% of the policies, the findings returned appear all to be valid, but in some of the findings of a given policy, it will reports some findings with the ARN I passed as filepath, while other findings for same policy, it reports a different ARN for filepath. For now, in my script, I'm doing a check and if filepath returned in finding is not the same as ARN I passed in as filepath, I use the ARN. Please take a look at the code to determine where is filepath being set incorrectly the ARN of a different role/policy for some findings, while actually using the ARN I passed as filepath correctly in other findings.

[tekdj7]

to test loop through user, group, role, and policies in account, using the analyze_policy_string function. Then run code similar to below, and you should see the inconsistencies, and maybe it helps you find where in the code something is going wrong.

if finding.location.get("filepath") == arn:
    filepath = finding.location.get("filepath")
if not location.get("filepath") == arn:
    print(f"WRONG FILEPATH: {finding.location.get('filepath')}")
    filepath = arn
    print(f"FIXED FILEPATH: {filepath}")

[0xdabbad00]

Can you provide an example of which finding had an issue and a sample policy?