"sns_topics_not_publicly_accessible" check fails on a SNS topic access policy with restriction on conditions with aws:SourceArn attribute #8326
Description
Steps to Reproduce
- What command are you running?
prowler aws --region eu-west-1 --check sns_topics_not_publicly_accessible --verbose
- Cloud provider you are launching
AWS
- Environment you have
AWS Organization
- See error
FAIL eu-west-1: SNS topic <topic_name> is public because its policy allows public access.
Expected behavior
Observation
sns_topics_not_publicly_accessible produces false positives when the SNS access policy statement is restricted to a specific ARN based on aws:SourceArn attribute. An example of resource policy that produces false positive:
{
"Version":"2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Principal":{
"AWS":"*"
},
"Action":"SNS:Publish",
"Resource":"arn:aws:sns:*:*:<topic_name>",
"Condition":{
"ArnLike":{
"aws:SourceArn":"arn:aws:s3:::<bucket_name>"
}
}
}
]
}Expected
Expected sns_topics_not_publicly_accessible to PASS for such SNS topics as such
Actual Result with Screenshots or Logs
FAIL eu-west-1: SNS topic <topic_name> is public because its policy allows public access.
How did you install Prowler?
Docker (docker pull toniblyx/prowler)
Environment Resource
Fargate task
OS used
Docker image
Prowler version
5.7.5
Pip version
25.1.1
Context
No response