search

prowler-cloud / prowler

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
https://prowler.com
Apache License 2.0
10.76k stars 1.53k forks source link

AttributeError during output generation #4740

Closed m0ckuser closed 2 months ago

m0ckuser commented 2 months ago

Steps to Reproduce

  1. Prowler installed in a virtual environment via pip 
virtualenv ~/venvs/prowler
source ~/venvs/prowler/bin/activate
pip install prowler
  1. Run prowler aws
  2. Python errors after successful scan
  3. Output and compliance folders are created but 0 files in them.

Expected behavior

It seems that the scan steps works fine, but it fails to generate the output data.

Actual Result with Screenshots or Logs

prowler aws
# ...
Executing 383 checks, please wait...
-> Scan completed! |▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉| 383/383 [100%] in 3:43:37.0 
Traceback (most recent call last):
  File "/home/user/venvs/prowler/bin/prowler", line 8, in <module>
    sys.exit(prowler())
  File "/home/user/venvs/prowler/lib/python3.9/site-packages/prowler/__main__.py", line 305, in prowler
    finding_outputs = [
  File "/home/user/venvs/prowler/lib/python3.9/site-packages/prowler/__main__.py", line 306, in <listcomp>
    Finding.generate_output(global_provider, finding) for finding in findings
  File "/home/user/venvs/prowler/lib/python3.9/site-packages/prowler/lib/outputs/finding.py", line 106, in generate_output
    common_finding_data = fill_common_finding_data(
  File "/home/user/venvs/prowler/lib/python3.9/site-packages/prowler/lib/outputs/common.py", line 39, in fill_common_finding_data
    "resource_tags": unroll_tags(finding.resource_tags),
  File "/home/user/venvs/prowler/lib/python3.9/site-packages/prowler/lib/outputs/utils.py", line 75, in unroll_tags
    return {key: value for d in tags for key, value in d.items()}
  File "/home/user/venvs/prowler/lib/python3.9/site-packages/prowler/lib/outputs/utils.py", line 75, in <dictcomp>
    return {key: value for d in tags for key, value in d.items()}
AttributeError: 'str' object has no attribute 'items'

How did you install Prowler?

From pip package (pip install prowler)

Environment Resource

PC

OS used

Debian 11

Prowler version

Prowler 4.3.3

Pip version

pip 20.3.4

Context

It might be related to https://github.com/prowler-cloud/prowler/issues/4655

sergargar commented 2 months ago

Thanks @m0ckuser for opening this issue, we are going to take a look at it and get back to you if we need any more information to fix it !

sergargar commented 2 months ago

Would you be able to give us the tags that are failing to be parsed? Or maybe you could join our Slack community so it is easier for discussing and fixing this issue here.

m0ckuser commented 2 months ago

Sure, I added print(tags) before 67 line in utils.py and this is what contains when the error is produced:

['service', 'team']

sergargar commented 2 months ago

@m0ckuser do you know from which service those tags are?

m0ckuser commented 2 months ago

Unfortunately, no.

sergargar commented 2 months ago

@m0ckuser for those tags, would make it sense to format them as {"service" : "team"} ? or they are not a key and value pair?

m0ckuser commented 2 months ago

I tried searching in the tag editor and I think they are not a key-value pair, but I can't be completely sure.

pedrooot commented 2 months ago

Hey! @m0ckuser I made a refactor on the method unroll_tags to handle string tags. In this pr you can find the solution. Tell me if this works for you! 🙏🏼

sergargar commented 2 months ago

Hi @m0ckuser, could you send us the logs with the flag --log-level DEBUG so we can know from which AWS service is this coming from? Thanks!