org.sonar.l10n.py.rules.python.S6302.html Maven / Gradle / Ivy
A policy that grants all permissions may indicate an improper access control, which violates the principle of least privilege. Suppose an identity is granted full
permissions to a resource even though it only requires read permission to work as expected. In this case, an unintentional overwriting of resources
may occur and therefore result in loss of information.
Ask Yourself Whether
Identities obtaining all the permissions:
- only require a subset of these permissions to perform the intended function.
- have monitored activity showing that only a subset of these permissions is actually used.
There is a risk if you answered yes to any of those questions.
Recommended Secure Coding Practices
It’s recommended to apply the least privilege principle, i.e. by only granting the necessary permissions to identities. A good practice is to start
with the very minimum set of permissions and to refine the policy over time. In order to fix overly permissive policies already deployed in
production, a strategy could be to review the monitored activity in order to reduce the set of permissions to those most used.
Sensitive Code Example
A customer-managed policy that grants all permissions by using the wildcard (*) in the Action
property:
from aws_cdk.aws_iam import PolicyStatement, Effect
PolicyStatement(
effect=Effect.ALLOW,
actions=["*"], # Sensitive
resources=["arn:aws:iam:::user/*"]
)
Compliant Solution
A customer-managed policy that grants only the required permissions:
from aws_cdk.aws_iam import PolicyStatement, Effect
PolicyStatement(
effect=Effect.ALLOW,
actions=["iam:GetAccountSummary"],
resources=["arn:aws:iam:::user/*"]
)
See
- AWS Documentation - Grant least
privilege
- Google Cloud Documentation - Understanding roles
- CWE - CWE-732 - Incorrect Permission Assignment for Critical Resource
- CWE - CWE-284 - Improper Access Control