Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(aws): use correct signing region when the endpoint is overridden #4883

Closed
nikpivkin opened this issue Jul 28, 2023 · 1 comment
Closed

fix(aws): use correct signing region when the endpoint is overridden #4883

nikpivkin opened this issue Jul 28, 2023 · 1 comment
Assignees
@nikpivkin
Labels
kind/bug Categorizes issue or PR as related to a bug. scan/misconfiguration Issues relating to misconfiguration scanning target/cloud Issues relating to cloud account scanning
Milestone
v0.44.1

Comments

@nikpivkin
Copy link
Contributor

Trivy cannot get website configuration for a bucket, because an incorrect region is used.

Steps to reproduce:

Replace defsec (fixed configuration for local bucket)

replace github.com/aquasecurity/defsec => github.com/nikpivkin/defsec v0.0.0-20230727120552-23eac5dc734b

Run localstack

docker run \
  --rm -it \
  -p 4566:4566 \
  -p 4510-4559:4510-4559 \
  localstack/localstack

Create a bucket:

aws s3api create-bucket --endpoint http://0.0.0.0:4566 --bucket test-bucket --profile localstack --no-cli-pager
{
    "Location": "/test-bucket"
}

Run Trivy:

...
2023-07-28T17:13:25.174+0600	DEBUG	[defsec] 13:25.174209000 aws-api.scanner.adapt.aws        Error getting website: operation error S3: GetBucketWebsite, exceeded maximum number of attempts, 3, https response error StatusCode: 500, RequestID: 7aa7a34c-3393-4130-bb9e-ffcbd95b7c7c, HostID: s9lzHYrFp76ZVxRcpX9+5cjAnEH2ROuNkd2BHfIa6UkFVdtjf5mKR3/eTPFvsiP/XV/VLi31234=, api error InternalError: exception while calling s3.GetBucketWebsite: 'custom-signing-region' is not a valid AWS region name for s3
...
@nikpivkin nikpivkin self-assigned this Jul 28, 2023
@simar7 simar7 added kind/bug Categorizes issue or PR as related to a bug. scan/misconfiguration Issues relating to misconfiguration scanning target/cloud Issues relating to cloud account scanning labels Aug 1, 2023
@nikpivkin nikpivkin mentioned this issue Aug 2, 2023
Merged
@knqyf263 knqyf263 added this to the v0.44.1 milestone Aug 2, 2023
@simar7
Copy link
Member

simar7 commented Aug 10, 2023

Fixed via aquasecurity/defsec#1411

@simar7 simar7 closed this as completed Aug 10, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nikpivkin nikpivkin

Labels
kind/bug Categorizes issue or PR as related to a bug. scan/misconfiguration Issues relating to misconfiguration scanning target/cloud Issues relating to cloud account scanning
Projects
Trivy Roadmap
Archived in project
Milestone
v0.44.1
Development

No branches or pull requests
3 participants
@simar7 @knqyf263 @nikpivkin