Export of exceptions for ACLS allow all egress fails

[museadmin]

Hi I am trying to create exceptions for NACLS allowing all egress and all ingress but when I export the exceptions, I get an empty list in the json file, e.g.

exceptions = { "vpc": { "vpc-default-network-acls-allow-all-egress": [ "" ] } }

I don't think this is me, but to be fair I should admit that I've pulled Cloud Security Suite and swapped out Scout2 for Scout Suite on my laptop. So there's an outside chance I've broken something.

However the report looks healthy and gives me an amber warning for these. If I click on them I get the opportunity to create the exceptions.

I've also successfully created and exported exceptions for versioned buckets without mfa delete like so:

"s3.buckets.feb0a275b7877e07e6dc209cf336fc720ab98d.mfa_delete",

Also, I am also only seeing the amber warnings in Safari, Chrome and FF print them in black and do not offer to create an exception if I try to click on them.

I'm also seeing an empty set for:

"ec2": { "ec2-security-group-whitelists-aws": [] },

Can you try to reproduce this and confirm that its a bug?

Failing that could you post some examples of the correct format and I'll add the data manually.

Thanks

Brad

[x4v13r64]

Thanks for this:

• I confirm that exceptions on NACLs generate an empty list. Haven't reproduced the issue for "Security group whitelists AWS CIDRs" atm.
• Regarding amber warnings / exception on click this works for me on Chromium and FF

[museadmin]

Thanks,

I revisited the amber warnings issue and can't reproduce it either. I'm also getting the whitelist ok now. This is from exactly the same report file. So perhaps this was an environmental issue on my MAC?

One thing I have noticed is that this time I had to hit ok twice for each item as I worked my way down the page. And now I have a complete list of exceptions for "ec2-security-group-whitelists-aws"

Thanks for looking at this.

[museadmin]

I have been going through the ScoutSuite report and building up a list of filters for things we're not concerned about and I'm seeing these empty sets so far:

"vpc": {
        "vpc-default-network-acls-allow-all-ingress": [
            ""
        ],
        "vpc-default-network-acls-allow-all-egress": [
            ""
        ]
    }

"iam-assume-role-lacks-external-id-and-mfa": [],

"rds": {
        "rds-instance-no-minor-upgrade": []
    }

I'll post this here rather than raise an issue for each as they are probably related under the hood

[x4v13r64]

Thanks @museadmin, please edit the above with the instances you identify and we'll look into this.

[museadmin]

Hi j4v

Sorry, I'm not sure what you mean. What I'm reporting is that I get empty arrays in the exported exclusions for the four types I mention above:

rds-instance-no-minor-upgrade iam-assume-role-lacks-external-id-and-mfa vpc-default-network-acls-allow-all-egress vpc-default-network-acls-allow-all-ingress

Not sure what you mean by, "the instances". Do you mean examples from the report in the UI?

[x4v13r64]

I just meant the cases of this issue that you've identified. Thanks for sharing, we'll look into this.

[x4v13r64]

iam-assume-role-lacks-external-id-and-mfa

I've tested this one out and it looks like a FP to me - I'm getting a value in the exception and it filters correctly.

rds-instance-no-minor-upgrade

Same for this one, I get:

exceptions = 
{
    "rds": {
        "rds-instance-no-minor-upgrade": [
            "rds.regions.eu-west-2.vpcs.vpc-c7fe65af.instances.<id>.AutoMinorVersionUpgrade"
        ]
    }
}

And using the exception file works correctly.

vpc-default-network-acls-allow-all-egress vpc-default-network-acls-allow-all-ingress

Confirmed and working on a fix.

ec2-security-group-whitelists-aws

Looks like an FP

[x4v13r64]

@museadmin this should now have been resolved by https://github.com/nccgroup/ScoutSuite/pull/387. Sorry for the delay.

Closing as fixed in develop.