rieck-srlabs
rieck-srlabs
Adding to this report, the check incorrectly flags any action with `*` in the name as a Owner role, i.e. `Microsoft.Web/certificates/*`. This is because the check [here](https://github.com/nccgroup/ScoutSuite/blob/967ec5476151aa0256e3a37240e354be00a23176/ScoutSuite/providers/azure/resources/rbac/roles.py#L41) checks if `*`...
@jfagoagas I was thinking about how to address this shortcoming myself. It is straightforward to extend the existing checks to also cover `"Inline"` policies, but it seems like in general,...
I likely won't get around to implement this. Happy if you could add this to the backlog for internal development, as has probably already happened, seeing as @sergargar has been...
Chiming in here with a related point: **The current check does not consider if the certificates in question are actually `InUse`**. I've seen a number of AWS accounts with a...
This PR fixes a pretty basic logic bug in the code. @dafthack any plans of looking into this? Please also see the associated issue.
@dafthack any news on this issue and the associated PR?
> @rieck-srlabs We will try to review this tomorrow or next Monday! Thanks for this contribution!! Sounds good. One thing to keep an eye out for: I am not assigning...
Good catch, thanks! With the latest commit, the ARN is included now.
Thanks for the suggestions! I've addressed your comments with my last three commits!
@jfagoagas Might make sense to reopen this while work on PR #4076 is ongoing.