fix(iam): fill resource id with inline policy entity

prowler/providers/aws/services/iam/iam_inline_policy_allows_privilege_escalation/iam_inline_policy_allows_privilege_escalation.py

@@ -12,7 +12,7 @@ def execute(self) -> Check_Report_AWS:
         for policy in iam_client.policies:
             if policy.type == "Inline":
                 report = Check_Report_AWS(self.metadata())
-                report.resource_id = policy.name
+                report.resource_id = f"{policy.entity}/{policy.name}"
                 report.resource_arn = policy.arn
                 report.region = iam_client.region
                 report.resource_tags = policy.tags

prowler/providers/aws/services/iam/iam_inline_policy_no_full_access_to_cloudtrail/iam_inline_policy_no_full_access_to_cloudtrail.py

@@ -15,16 +15,16 @@ def execute(self) -> Check_Report_AWS:
                 report = Check_Report_AWS(self.metadata())
                 report.region = iam_client.region
                 report.resource_arn = policy.arn
-                report.resource_id = policy.name
+                report.resource_id = f"{policy.entity}/{policy.name}"
                 report.resource_tags = policy.tags
                 report.status = "PASS"
-                report.status_extended = f"Inline Policy {policy.name} does not allow '{critical_service}:*' privileges."
+                report.status_extended = f"Inline Policy {report.resource_id} does not allow '{critical_service}:*' privileges."
 
                 if policy.document and check_full_service_access(
                     critical_service, policy.document
                 ):
                     report.status = "FAIL"
-                    report.status_extended = f"Inline Policy {policy.name} allows '{critical_service}:*' privileges to all resources."
+                    report.status_extended = f"Inline Policy {report.resource_id} allows '{critical_service}:*' privileges to all resources."
 
                 findings.append(report)
 

prowler/providers/aws/services/iam/iam_inline_policy_no_full_access_to_kms/iam_inline_policy_no_full_access_to_kms.py

@@ -14,16 +14,16 @@ def execute(self):
                 report = Check_Report_AWS(self.metadata())
                 report.region = iam_client.region
                 report.resource_arn = policy.arn
-                report.resource_id = policy.name
+                report.resource_id = f"{policy.entity}/{policy.name}"
                 report.resource_tags = policy.tags
                 report.status = "PASS"
-                report.status_extended = f"Inline Policy {policy.name} does not allow '{critical_service}:*' privileges."
+                report.status_extended = f"Inline Policy {report.resource_id} does not allow '{critical_service}:*' privileges."
 
                 if policy.document and check_full_service_access(
                     critical_service, policy.document
                 ):
                     report.status = "FAIL"
-                    report.status_extended = f"Inline Policy {policy.name} allows '{critical_service}:*' privileges."
+                    report.status_extended = f"Inline Policy {report.resource_id} allows '{critical_service}:*' privileges."
 
                 findings.append(report)
 

tests/providers/aws/services/iam/iam_inline_policy_allows_privilege_escalation/iam_inline_policy_allows_privilege_escalation_test.py

@@ -106,9 +106,9 @@ def test_iam_inline_role_policy_not_allows_privilege_escalation(self):
             assert result[0].status == "PASS"
             assert (
                 result[0].status_extended
-                == f"Inline Policy '{policy_name}' attached to role {role_arn} does not allow privilege escalation."
+                == f"Inline Policy 'test_role/{policy_name}' attached to role {role_arn} does not allow privilege escalation."
             )
-            assert result[0].resource_id == policy_name
+            assert result[0].resource_id == f"test_role/{policy_name}"
             assert result[0].resource_arn == role_arn
             assert result[0].region == AWS_REGION_US_EAST_1
             assert result[0].resource_tags == []
@@ -162,9 +162,9 @@ def test_iam_inline_user_policy_not_allows_privilege_escalation_glue_GetDevEndpo
             assert result[0].status == "PASS"
             assert (
                 result[0].status_extended
-                == f"Inline Policy '{policy_name}' attached to user {user_arn} does not allow privilege escalation."
+                == f"Inline Policy 'test_user/{policy_name}' attached to user {user_arn} does not allow privilege escalation."
             )
-            assert result[0].resource_id == policy_name
+            assert result[0].resource_id == f"test_user/{policy_name}"
             assert result[0].resource_arn == user_arn
             assert result[0].region == AWS_REGION_US_EAST_1
             assert result[0].resource_tags == []
@@ -228,9 +228,9 @@ def test_iam_inline_group_policy_not_allows_privilege_escalation_dynamodb_PutIte
             assert result[0].status == "PASS"
             assert (
                 result[0].status_extended
-                == f"Inline Policy '{policy_name}' attached to group {group_arn} does not allow privilege escalation."
+                == f"Inline Policy 'test_group/{policy_name}' attached to group {group_arn} does not allow privilege escalation."
             )
-            assert result[0].resource_id == policy_name
+            assert result[0].resource_id == f"test_group/{policy_name}"
             assert result[0].resource_arn == group_arn
             assert result[0].region == AWS_REGION_US_EAST_1
             assert result[0].resource_tags == []
@@ -289,13 +289,13 @@ def test_iam_inline_role_policy_allows_privilege_escalation_iam_all_and_ec2_RunI
             result = check.execute()
             assert len(result) == 1
             assert result[0].status == "FAIL"
-            assert result[0].resource_id == policy_name
+            assert result[0].resource_id == f"test_role/{policy_name}"
             assert result[0].resource_arn == role_arn
             assert result[0].region == AWS_REGION_US_EAST_1
             assert result[0].resource_tags == []
 
             assert search(
-                f"Inline Policy '{policy_name}' attached to role {role_arn} allows privilege escalation using the following actions: ",
+                f"Inline Policy 'test_role/{policy_name}' attached to role {role_arn} allows privilege escalation using the following actions: ",
                 result[0].status_extended,
             )
             assert search("iam:PassRole", result[0].status_extended)
@@ -348,13 +348,13 @@ def test_iam_inline_policy_allows_privilege_escalation_iam_PassRole(
             result = check.execute()
             assert len(result) == 1
             assert result[0].status == "FAIL"
-            assert result[0].resource_id == policy_name
+            assert result[0].resource_id == f"test_role/{policy_name}"
             assert result[0].resource_arn == role_arn
             assert result[0].region == AWS_REGION_US_EAST_1
             assert result[0].resource_tags == []
 
             assert search(
-                f"Inline Policy '{policy_name}' attached to role {role_arn} allows privilege escalation using the following actions: ",
+                f"Inline Policy 'test_role/{policy_name}' attached to role {role_arn} allows privilege escalation using the following actions: ",
                 result[0].status_extended,
             )
             assert search("iam:PassRole", result[0].status_extended)
@@ -425,13 +425,13 @@ def test_iam_inline_policy_allows_privilege_escalation_two_combinations(
             result = check.execute()
             assert len(result) == 1
             assert result[0].status == "FAIL"
-            assert result[0].resource_id == policy_name
+            assert result[0].resource_id == f"test_role/{policy_name}"
             assert result[0].resource_arn == role_arn
             assert result[0].region == AWS_REGION_US_EAST_1
             assert result[0].resource_tags == []
 
             assert search(
-                f"Inline Policy '{policy_name}' attached to role {role_arn} allows privilege escalation using the following actions: ",
+                f"Inline Policy 'test_role/{policy_name}' attached to role {role_arn} allows privilege escalation using the following actions: ",
                 result[0].status_extended,
             )
             assert search("iam:PassRole", result[0].status_extended)
@@ -491,13 +491,13 @@ def test_iam_inline_policy_allows_privilege_escalation_iam_PassRole_and_other_ac
             result = check.execute()
             assert len(result) == 1
             assert result[0].status == "FAIL"
-            assert result[0].resource_id == policy_name
+            assert result[0].resource_id == f"test_role/{policy_name}"
             assert result[0].resource_arn == role_arn
             assert result[0].region == AWS_REGION_US_EAST_1
             assert result[0].resource_tags == []
 
             assert search(
-                f"Inline Policy '{policy_name}' attached to role {role_arn} allows privilege escalation using the following actions: ",
+                f"Inline Policy 'test_role/{policy_name}' attached to role {role_arn} allows privilege escalation using the following actions: ",
                 result[0].status_extended,
             )
             assert search("iam:PassRole", result[0].status_extended)
@@ -551,13 +551,13 @@ def test_iam_inline_policy_allows_privilege_escalation_policies_combination(
                 result = check.execute()
                 assert len(result) == 1
                 assert result[0].status == "FAIL"
-                assert result[0].resource_id == policy_name
+                assert result[0].resource_id == f"test_role/{policy_name}"
                 assert result[0].resource_arn == role_arn
                 assert result[0].region == AWS_REGION_US_EAST_1
                 assert result[0].resource_tags == []
 
                 assert search(
-                    f"Inline Policy '{policy_name}' attached to role {role_arn} allows privilege escalation using the following actions: ",
+                    f"Inline Policy 'test_role/{policy_name}' attached to role {role_arn} allows privilege escalation using the following actions: ",
                     result[0].status_extended,
                 )
 

tests/providers/aws/services/iam/iam_inline_policy_no_full_access_to_cloudtrail/iam_inline_policy_no_full_access_to_cloudtrail_test.py

@@ -54,9 +54,9 @@ def test_policy_full_access_to_cloudtrail_with_actions(self):
             assert result[0].status == "FAIL"
             assert (
                 result[0].status_extended
-                == f"Inline Policy {policy_name} allows 'cloudtrail:*' privileges to all resources."
+                == f"Inline Policy test_role/{policy_name} allows 'cloudtrail:*' privileges to all resources."
             )
-            assert result[0].resource_id == "policy_cloudtrail_full"
+            assert result[0].resource_id == f"test_role/{policy_name}"
             assert result[0].resource_arn == role_arn
             assert result[0].region == "eu-west-1"
 
@@ -101,9 +101,9 @@ def test_policy_no_full_access_to_cloudtrail_with_actions(self):
             assert result[0].status == "PASS"
             assert (
                 result[0].status_extended
-                == f"Inline Policy {policy_name} does not allow 'cloudtrail:*' privileges."
+                == f"Inline Policy test_role/{policy_name} does not allow 'cloudtrail:*' privileges."
             )
-            assert result[0].resource_id == "policy_no_cloudtrail_full"
+            assert result[0].resource_id == f"test_role/{policy_name}"
             assert result[0].resource_arn == role_arn
             assert result[0].region == "eu-west-1"
 
@@ -148,9 +148,9 @@ def test_policy_full_access_to_cloudtrail_with_no_actions(self):
             assert result[0].status == "FAIL"
             assert (
                 result[0].status_extended
-                == f"Inline Policy {policy_name} allows 'cloudtrail:*' privileges to all resources."
+                == f"Inline Policy test_role/{policy_name} allows 'cloudtrail:*' privileges to all resources."
             )
-            assert result[0].resource_id == "policy_cloudtrail_full"
+            assert result[0].resource_id == f"test_role/{policy_name}"
             assert result[0].resource_arn == role_arn
             assert result[0].region == "eu-west-1"
 
@@ -199,9 +199,9 @@ def test_policy_no_full_access_to_cloudtrail_with_no_actions(self):
             assert result[0].status == "PASS"
             assert (
                 result[0].status_extended
-                == f"Inline Policy {policy_name} does not allow 'cloudtrail:*' privileges."
+                == f"Inline Policy test_role/{policy_name} does not allow 'cloudtrail:*' privileges."
             )
-            assert result[0].resource_id == "policy_no_cloudtrail_full"
+            assert result[0].resource_id == f"test_role/{policy_name}"
             assert result[0].resource_arn == role_arn
             assert result[0].region == "eu-west-1"
 
@@ -250,8 +250,8 @@ def test_policy_full_access_to_cloudtrail_with_multiple_actions(self):
             assert result[0].status == "FAIL"
             assert (
                 result[0].status_extended
-                == f"Inline Policy {policy_name} allows 'cloudtrail:*' privileges to all resources."
+                == f"Inline Policy test_role/{policy_name} allows 'cloudtrail:*' privileges to all resources."
             )
-            assert result[0].resource_id == "policy_cloudtrail_full"
+            assert result[0].resource_id == f"test_role/{policy_name}"
             assert result[0].resource_arn == role_arn
             assert result[0].region == "eu-west-1"

tests/providers/aws/services/iam/iam_inline_policy_no_full_access_to_kms/iam_inline_policy_no_full_access_to_kms_test.py

@@ -54,9 +54,9 @@ def test_policy_full_access_to_kms_with_actions(self):
             assert result[0].status == "FAIL"
             assert (
                 result[0].status_extended
-                == f"Inline Policy {policy_name} allows 'kms:*' privileges."
+                == f"Inline Policy test_role/{policy_name} allows 'kms:*' privileges."
             )
-            assert result[0].resource_id == "policy_kms_full"
+            assert result[0].resource_id == f"test_role/{policy_name}"
             assert result[0].resource_arn == role_arn
             assert result[0].region == "eu-west-1"
 
@@ -101,9 +101,9 @@ def test_policy_no_full_access_to_kms_with_actions(self):
             assert result[0].status == "PASS"
             assert (
                 result[0].status_extended
-                == f"Inline Policy {policy_name} does not allow 'kms:*' privileges."
+                == f"Inline Policy test_role/{policy_name} does not allow 'kms:*' privileges."
             )
-            assert result[0].resource_id == "policy_no_kms_full"
+            assert result[0].resource_id == f"test_role/{policy_name}"
             assert result[0].resource_arn == role_arn
             assert result[0].region == "eu-west-1"
 
@@ -148,9 +148,9 @@ def test_policy_full_access_to_kms_with_no_actions(self):
             assert result[0].status == "FAIL"
             assert (
                 result[0].status_extended
-                == f"Inline Policy {policy_name} allows 'kms:*' privileges."
+                == f"Inline Policy test_role/{policy_name} allows 'kms:*' privileges."
             )
-            assert result[0].resource_id == "policy_kms_full"
+            assert result[0].resource_id == f"test_role/{policy_name}"
             assert result[0].resource_arn == role_arn
             assert result[0].region == "eu-west-1"
 
@@ -199,9 +199,9 @@ def test_policy_no_full_access_to_kms_with_no_actions(self):
             assert result[0].status == "PASS"
             assert (
                 result[0].status_extended
-                == f"Inline Policy {policy_name} does not allow 'kms:*' privileges."
+                == f"Inline Policy test_role/{policy_name} does not allow 'kms:*' privileges."
             )
-            assert result[0].resource_id == "policy_no_kms_full"
+            assert result[0].resource_id == f"test_role/{policy_name}"
             assert result[0].resource_arn == role_arn
             assert result[0].region == "eu-west-1"
 
@@ -250,8 +250,8 @@ def test_policy_full_access_to_kms_with_multiple_actions(self):
             assert result[0].status == "FAIL"
             assert (
                 result[0].status_extended
-                == f"Inline Policy {policy_name} allows 'kms:*' privileges."
+                == f"Inline Policy test_role/{policy_name} allows 'kms:*' privileges."
             )
-            assert result[0].resource_id == "policy_kms_full"
+            assert result[0].resource_id == f"test_role/{policy_name}"
             assert result[0].resource_arn == role_arn
             assert result[0].region == "eu-west-1"