MCPcopy
hub / github.com/sa7mon/S3Scanner / checkPermissionsWithAuth

Function checkPermissionsWithAuth

provider/aws.go:194–261  ·  view source on GitHub ↗
(anonClient *s3.Client, authClient *s3.Client, b *bucket.Bucket, doDestructiveChecks bool)

Source from the content-addressed store, hash-verified

192}
193
194func checkPermissionsWithAuth(anonClient *s3.Client, authClient *s3.Client, b *bucket.Bucket, doDestructiveChecks bool) error {
195 /*
196 // 1. Check if b exists
197 // 2. Check for READ_ACP
198 // 3. If FullControl is allowed for either AllUsers or AuthorizedUsers, skip the remainder of those tests
199 // 4. Check for READ
200 // 5. If doing destructive checks:
201 // 5a. Check for Write
202 // 5b. Check for WriteACP
203 */
204
205 b.DateScanned = time.Now()
206
207 // Check for anon READ_ACP permission. If allowed, exit
208 anonReadACL, err := permission.CheckPermReadACL(anonClient, b)
209 if err != nil {
210 return fmt.Errorf("error occurred while checking for anon ReadACL: %v", err.Error())
211 }
212 b.PermAllUsersReadACL = bucket.Permission(anonReadACL)
213 if b.PermAllUsersReadACL == bucket.PermissionAllowed {
214 return nil
215 }
216
217 // Check for auth READ_ACP permission. If allowed, exit
218 if authClient != nil {
219 authReadACL, authACLErr := permission.CheckPermReadACL(authClient, b)
220 if authACLErr != nil {
221 return fmt.Errorf("error occurred while checking for auth ReadACL: %v", authACLErr.Error())
222 }
223 b.PermAuthUsersReadACL = bucket.Permission(authReadACL)
224 if b.PermAuthUsersReadACL == bucket.PermissionAllowed {
225 return nil
226 }
227 }
228
229 // Check for anon READ
230 canRead, err := permission.CheckPermRead(anonClient, b)
231 if err != nil {
232 return fmt.Errorf("error occurred while checking for anon READ: %v", err.Error())
233 }
234 b.PermAllUsersRead = bucket.Permission(canRead)
235
236 // Check for auth READ
237 if authClient != nil {
238 authCanRead, authReadErr := permission.CheckPermRead(authClient, b)
239 if authReadErr != nil {
240 return fmt.Errorf("error occurred while checking for auth READ: %v", authReadErr.Error())
241 }
242 b.PermAuthUsersRead = bucket.Permission(authCanRead)
243 }
244
245 if doDestructiveChecks {
246 // Check for WRITE permission
247 permWrite, writeErr := permission.CheckPermWrite(anonClient, b)
248 if writeErr != nil {
249 return fmt.Errorf("%v | error occurred while checking for WRITE: %v", b.Name, writeErr.Error())
250 }
251 b.PermAllUsersWrite = bucket.Permission(permWrite)

Callers 1

ScanMethod · 0.85

Calls 5

CheckPermReadACLFunction · 0.92
PermissionFunction · 0.92
CheckPermReadFunction · 0.92
CheckPermWriteFunction · 0.92
CheckPermWriteACLFunction · 0.92

Tested by

no test coverage detected