security_monkey
security_monkey copied to clipboard
Netflix
GCP firewall errors
Please make sure that you have checked the boxes:
- [ ] Review the Quickstart guide
- [ ] Search for both open and closed issues regarding the problem you are experiencing
- [X ] For permissions issues (Access Denied and credential related errors), please refer to the requisite docs before submitting an issue: AWS, GCP, OpenStack, GitHub
Description of issue:
Hello security monkey team, first we love this tool, thank you for putting it all together. We have been using on AWS and recently we started to use it on GCP and we noticed that we didn't get any firewall logs or information so we went an look at the logs and we found out:
retval = job.func(*job.args, **job.kwargs)
File "/usr/local/src/security_monkey/security_monkey/scheduler.py", line 135, in _audit_changes
au.audit_objects()
File "/usr/local/src/security_monkey/security_monkey/auditor.py", line 154, in audit_objects
method(item)
File "/usr/local/src/security_monkey/security_monkey/auditors/gcp/gce/firewall.py", line 135, in check_allowed
(ok, errors) = self.inspect_allowed(item)
File "/usr/local/src/security_monkey/security_monkey/auditors/gcp/gce/firewall.py", line 127, in inspect_allowed
err = self._port_range_exists(item.config.get('Allowed'))
File "/usr/local/src/security_monkey/security_monkey/auditors/gcp/gce/firewall.py", line 50, in _port_range_exists
for allowed in allowed_list:
TypeError: 'NoneType' object is not iterable```
Error from above stopped showing up but all of the GCP firewall rules appear as empty on Security Monkey, I dont see any other indication of a failure
Same here: latest develop branch, getting the same error. Any updates on this?
I have the exact same error. Upon debugging found that it was due to a a single firewall rule being added as Action Deny instead of Allow. https://github.com/exenin/security_monkey/commit/d04c912f30408ee143dbf1d0b9f8a81e9de2f6f0
