Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AssumeRole Check leads to "KeyError: ARN" #54

Open
sushi2k opened this issue Nov 14, 2021 · 2 comments
Open

AssumeRole Check leads to "KeyError: ARN" #54

sushi2k opened this issue Nov 14, 2021 · 2 comments

Comments

@sushi2k
Copy link

sushi2k commented Nov 14, 2021
edited

Hi,

I am assessing an AWS account with the following command sudo awspx ingest --services IAM

 INFO     Searching for attack (03/21): AssumeRole (iteration: 1 of max: 5)                                      
 DEBUG    [REDACTED]   
 DEBUG    Added:              (arn:aws:iam::<ID>:root)-->(arn:aws:iam::<ID>:role/CompanyAccountAccessRole)
╭─────────────────────────────── Traceback (most recent call last) ────────────────────────────────╮
│ /opt/awspx/cli.py:398 in main                                                                    │
│                                                                                                  │
│   395 │   │   console.start()                                                                    │
│   396 │                                                                                          │
│   397 │   try:                                                                                   │
│ ❱ 398 │   │   args.func(args)                                                                    │
│   399 │                                                                                          │
│   400 │   except (KeyboardInterrupt, SystemExit):                                                │
│   401 │   │   console.stop()                                                                     │
│                                                                                                  │
│ /opt/awspx/cli.py:157 in handle_ingest                                                           │
│                                                                                                  │
│   154 │   handle_db(args, console=console.item("Creating Database"))                             │
│   155 │                                                                                          │
│   156 │   if not (args.skip_attacks_all or args.skip_actions_all):                               │
│ ❱ 157 │   │   handle_attacks(args, console=console.item("Updating Attack paths"))                │
│   158                                                                                            │
│   159                                                                                            │
│   160 def handle_attacks(args, console=console):                                                 │
│                                                                                                  │
│ /opt/awspx/cli.py:172 in handle_attacks                                                          │
│                                                                                                  │
│   169 │   │   │   │   │   │   │   │   │   │      else ""),                                       │
│   170 │   │   │   │   │     console=console)                                                     │
│   171 │                                                                                          │
│ ❱ 172 │   attacks.compute(max_iterations=args.max_attack_iterations)                             │
│   173                                                                                            │
│   174                                                                                            │
│   175 def handle_db(args, console=console):                                                      │
│                                                                                                  │
│ /opt/awspx/lib/aws/attacks.py:1285 in compute                                                    │
│                                                                                                  │
│   1282 │   │   │   results = db.run(self.queries[pattern])                                       │
│   1283 │   │   │                                                                                 │
│   1284 │   │   │   for r in results:                                                             │
│ ❱ 1285 │   │   │   │   self.console.debug(f"Added: ({r['source']['Arn']})-->"                    │
│   1286 │   │   │   │   │   │   │   │      f"({r['grant']['Arn']})")                              │
│   1287 │   │   │                                                                                 │
│   1288 │   │   │   self.stats.append({                                                           │
╰──────────────────────────────────────────────────────────────────────────────────────────────────╯
KeyError: 'Arn'

If I skip the check AssumeRole with --skip-checks AssumeRole awspx is running without errors.

Any idea how I could further debug this?
@hmussana
Copy link

hmussana commented Jan 3, 2022 

╭─────────────────────────────── Traceback (most recent call last) ────────────────────────────────╮
│ /opt/awspx/cli.py:398 in main                                                                    │
│                                                                                                  │
│   395 │   │   console.start()                                                                    │
│   396 │                                                                                          │
│   397 │   try:                                                                                   │
│ ❱ 398 │   │   args.func(args)                                                                    │
│   399 │                                                                                          │
│   400 │   except (KeyboardInterrupt, SystemExit):                                                │
│   401 │   │   console.stop()                                                                     │
│                                                                                                  │
│ /opt/awspx/cli.py:172 in handle_attacks                                                          │
│                                                                                                  │
│   169 │   │   │   │   │   │   │   │   │   │      else ""),                                       │
│   170 │   │   │   │   │     console=console)                                                     │
│   171 │                                                                                          │
│ ❱ 172 │   attacks.compute(max_iterations=args.max_attack_iterations)                             │
│   173                                                                                            │
│   174                                                                                            │
│   175 def handle_db(args, console=console):                                                      │
│                                                                                                  │
│ /opt/awspx/lib/aws/attacks.py:1285 in compute                                                    │
│                                                                                                  │
│   1282 │   │   │   results = db.run(self.queries[pattern])                                       │
│   1283 │   │   │                                                                                 │
│   1284 │   │   │   for r in results:                                                             │
│ ❱ 1285 │   │   │   │   self.console.debug(f"Added: ({r['source']['Arn']})-->"                    │
│   1286 │   │   │   │   │   │   │   │      f"({r['grant']['Arn']})")                              │
│   1287 │   │   │                                                                                 │
│   1288 │   │   │   self.stats.append({                                                           │
╰──────────────────────────────────────────────────────────────────────────────────────────────────╯
KeyError: 'Arn'

Running into the same issue.

@newlog
Copy link

newlog commented Jan 10, 2022

@hmussana you can patch that one so it keeps going (attaching yourself to the container running awspx). After patching it, I got more results afterwards. However, not sure if I'm just silencing the root cause of the problem.

self.console.debug(f"Added: ({r['source'].get('Arn')})-->"
                                 f"({r['grant'].get('Arn')})")

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@newlog @sushi2k @hmussana