ROADtools icon indicating copy to clipboard operation
ROADtools copied to clipboard

Published 20 hours ago verified publisher icon dirkjanm

[Policies Plugin] Unsupported criterium type "ServicePrincipalFilterRule"

Open CravateRouge opened this issue 6 months ago • 0 comments

Hi dirkjanm!

I ran into a little issue when trying the policies plugin:

roadrecon plugin policies -p -d roadrecon.db
...
####################
My Policy Name
97e32d76-dbc0-4cfe-b088-9f37b18743e9
{   'Conditions': {   'Applications': {'Include': [{'Applications': ['All']}]},
                      'Locations': {   'Exclude': [   {   'Locations': [   '044cb1b4-75cc-4b71-9f78-094873583a10']}],
                                       'Include': [{'Locations': ['All']}]},
                      'ServicePrincipals': {   'Include': [   {   'ServicePrincipalFilterRule': 'CustomSecurityAttribute.WorkLoadIDAttributeSet_OnlyStr '
                                                                                                '-eq '
                                                                                                '"yes"'}]},
                      'Users': {'Include': [{'Users': ['None']}]}},
    'Controls': [{'Control': ['Block']}],
    'CreatedDateTime': '2024-01-12T20:47:23.9093005Z',
    'EnforceAllPoliciesForEas': True,
    'IncludeOtherLegacyClientTypeForEvaluation': True,
    'ModifiedDateTime': '2024-01-12T21:38:52.4687518Z',
    'State': 'Enabled',
    'Version': 1}

Traceback (most recent call last):
  File "/home/silver/.local/lib/python3.12/site-packages/roadtools/roadrecon/plugins/policies.py", line 190, in _parse_ucrit
    objects = funct[ctype](clist)
              ~~~~~^^^^^^^
KeyError: 'ServicePrincipalFilterRule'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/silver/.local/bin/roadrecon", line 8, in <module>
    sys.exit(main())
             ^^^^^^
  File "/home/silver/.local/lib/python3.12/site-packages/roadtools/roadrecon/main.py", line 130, in main
    plugin_module.main(args)
  File "/home/silver/.local/lib/python3.12/site-packages/roadtools/roadrecon/plugins/policies.py", line 671, in main
    plugin.main(args.print)
  File "/home/silver/.local/lib/python3.12/site-packages/roadtools/roadrecon/plugins/policies.py", line 526, in main
    out['who'] = self._parse_who(conditions)
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/silver/.local/lib/python3.12/site-packages/roadtools/roadrecon/plugins/policies.py", line 371, in _parse_who
    ot += self._parse_ucrit(icrit)
          ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/silver/.local/lib/python3.12/site-packages/roadtools/roadrecon/plugins/policies.py", line 192, in _parse_ucrit
    raise Exception('Unsupported criterium type: {0}'.format(ctype))
Exception: Unsupported criterium type: ServicePrincipalFilterRule

I'm going to holidays now but I may work on a PR later to add this criterium to the plugin

CravateRouge avatar Aug 23 '24 17:08 CravateRouge