Closed Rackme closed 3 years ago
It seems grab_resource_policy
might be added to the argparse and parsed_args.resource
settled to None by default (in _argquerycli.py and _querycli.py) or you would get :
"/PMapper/principalmapper/querying/query_actions.py", line 208, in argquery
raise ValueError('For the privesc preset query, the --resource parameter should not be set.')
I could do a PR if you want.
I'll patch this tonight. I goofed and pushed a broken build, trying to change --grab-resource-policy
to --with-resource-policy
(which will automagically include resource policies for queries involving said resources).
Took a shot at a fix in 629d47f .
Nice, query
works for any query and preset now !
I was also able to query with argquery
, the only error I could got was on the privesc preset with the condition on the resource_param not Null.
principalmapper/querying/query_actions.py L207
PMapper sbu$ python3 ./pmapper.py --profile dev_keycloack argquery --preset privesc
Traceback (most recent call last):
File "/PMapper/./pmapper.py", line 28, in <module>
sys.exit(main())
File "/PMapper/principalmapper/__main__.py", line 151, in main
return argquery_cli.process_arguments(parsed_args)
File "/PMapper/principalmapper/querying/argquery_cli.py", line 139, in process_arguments
query_actions.argquery(graph, parsed_args.principal, parsed_args.action, parsed_args.resource, conditions,
File "/PMapper/principalmapper/querying/query_actions.py", line 208, in argquery
raise ValueError('For the privesc preset query, the --resource parameter should not be set.')
ValueError: For the privesc preset query, the --resource parameter should not be set.
A little more work in 1a75f47
It works perfectly, thanks 👍
Describe the bug I was not able to use an
argquery
or aquery
using the "v1.1.0-dev" version.To Reproduce
Use any query on the graph previously fetched :
I supposed this is normal because it's still in development ;).