pycfmodel
pycfmodel copied to clipboard
False Positives with Deny Actions in IAM Policy
There can be false positives in CFRipper when an IAM policy has specific Actions with Deny Effect.
The issue seems to be caused because in "policy_document.py" the Denys are not taken into account.
The function "allowed_actions_with" is not excluding actions that have a Deny Effect.
https://github.com/Skyscanner/pycfmodel/blob/6a8f3d1d6b56bb0c1bf368f80cda0f330143d447/pycfmodel/model/resources/properties/policy_document.py#L54-L68