allocation size overflow in JavaScript console

[andresriancho]

It looks like the JS code is having issues with the large report too. Getting this in the JavaScript console when clicking on one of the S3 findings:

The link I'm trying to follow:

file:///home/eth/tools/Scout2/scout2-report/report.html#services.s3.findings.s3-bucket-world-Put-policy.items

I'm clicking there:

And there are quite a few S3 findings shown in the main report page:

Any ideas on how to solve / workaround this one?

[andresriancho]

This is a known limitation for tools like Jupyter (see the table with the different browsers): https://jupyterlab.readthedocs.io/en/latest/user/file_formats.html#delimiter-separated-values

https://github.com/jupyterlab/jupyterlab/issues/4015

[andresriancho]

Found workaround, will split my assessment in batches by service, eg:

python Scout2.py --services awslambda cloudformation cloudtrail cloudwatch directconnect --report-dir=batch-1 --debug --force

[x4v13r64]

This is most likely because of the size of the json file created by Scout. Not sure how to fix this in the tool per say. I'd recommend splitting the analysis between services/regions.

[andresriancho]

A potential fix to be implemented in the tool (without looking at the code, not sure really) would be to generate various .js files instead of a huge one. Those smaller .js files which contain the output would be loaded only when required:

• Click on EC2 dashboard will only load EC2 data,
• Click on a specific S3 vulnerability will only load the S3 data, etc.

[x4v13r64]

That would work, yes. Although this is really an edge case at this point.

[x4v13r64]

Closing this and labeling as wontfix.

This is a known issue and a limitation of browsers' memory management. In addition, generating such a large report is considered as an edge case.