search

prowler-cloud / prowler

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
https://prowler.com
Apache License 2.0
9.99k stars 1.46k forks source link

False Positive in iam_sa_no_administrative_privileges Check #4393

Open JOSHUAJEBARAJ opened 1 week ago

JOSHUAJEBARAJ commented 1 week ago

Steps to Reproduce

Hey folks, when I run a Prowler scan on the IAM service in GCP, one of the checks, iam_sa_no_administrative_privileges, produces a false positive.

Steps to Reproduce

Expected behavior

According to the CIS benchmark, for the admin role, we should check if the word is present. For the owner and editor roles, we should look for an exact match. For example only roles/Editor should be considered as the admin role not the Access Approval Config Editor role

Actual Result with Screenshots or Logs

Service account with role that has name editor or owner has marked as the admin privileges

How did you install Prowler?

From pip package (pip install prowler)

Environment Resource

Running Locally

OS used

Ubuntu 22.04.4 LTS

Prowler version

Prowler 4.2.1

Pip version

pip 20.3.4

Context

No response

jfagoagas commented 1 week ago

Hello @JOSHUAJEBARAJ, we will review the issue you mention and get back to you soon.

Thanks for using Prowler 🚀

JOSHUAJEBARAJ commented 2 days ago

Hey folks, just wanted to let you know that I am happy to work on the patch if this issue is valid.

sergargar commented 16 hours ago

Sure @JOSHUAJEBARAJ , that would be awesome! Let us know if you need anything from our side 😄