Fix methodName lookups for Cloud Run rules, add tests

panther-labs / panther-analysis

Built-in Panther detection rules and policies

https://panther.com/

Apache License 2.0

339 stars 173 forks source link

Fix methodName lookups for Cloud Run rules, add tests #1296

Closed geoffg-sentry closed 3 months ago

geoffg-sentry commented 3 months ago

Background

This unsafe lookup is triggering AttributeError("'NoneType' object has no attribute 'endswith'") every GCP.AuditLog event that has no event.methodName

Changes

Add a default to the deep_get()

Testing

Test cases without an event.methodName included for both.

ben-githubs commented 3 months ago

We just merged a PR yesterday for the same issue, but we only fixed GCP.Cloud.Run.Set.IAM.Policy. I've updated this PR to use just fix GCP.Cloud.Run.Service.Created, and to match the previous PR in aesthetics.