Add grantless tag

iann0036 · iann0036 · commit b1ea3a3c1af5 · 2024-09-22T15:14:24.000+10:00
diff --git a/assets/js/aws.permissions.cloud.js b/assets/js/aws.permissions.cloud.js
@@ -199,7 +199,7 @@ function readable_date(str) {
 function processManagedPolicy(policy_data, iam_def) {
     effective_policy_table_content = '';
 
-    $('#managedpolicytags').html((policy_data['data_access'] ? ' <span class="badge badge-info">data access</span>' : '') + (policy_data['resource_exposure'] ? ' <span class="badge badge-info">resource exposure</span>' : '') + (policy_data['credentials_exposure'] ? ' <span class="badge badge-info">credentials exposure</span>' : '') + (policy_data['unknown_actions'].length ? ' <span class="badge badge-warning">unknown actions</span>' : '') + (policy_data['privesc'] ? ' <span class="badge badge-warning">possible privesc</span>' : '') + (policy_data['malformed'] ? ' <span class="badge badge-danger">malformed</span>' : '') + (policy_data['deprecated'] ? ' <span class="badge badge-danger">deprecated</span>' : '') + (policy_data['undocumented_actions'] ? ' <span class="badge badge-danger">undocumented actions</span>' : ''));
+    $('#managedpolicytags').html((policy_data['data_access'] ? ' <span class="badge badge-info">data access</span>' : '') + (policy_data['resource_exposure'] ? ' <span class="badge badge-info">resource exposure</span>' : '') + (policy_data['credentials_exposure'] ? ' <span class="badge badge-info">credentials exposure</span>' : '') + (policy_data['unknown_actions'].length ? ' <span class="badge badge-warning">unknown actions</span>' : '') + (policy_data['privesc'] ? ' <span class="badge badge-warning">possible privesc</span>' : '') + (policy_data['grantless'] ? ' <span class="badge badge-warning">grantless</span>' : '') + (policy_data['malformed'] ? ' <span class="badge badge-danger">malformed</span>' : '') + (policy_data['deprecated'] ? ' <span class="badge badge-danger">deprecated</span>' : '') + (policy_data['undocumented_actions'] ? ' <span class="badge badge-danger">undocumented actions</span>' : ''));
     $('#managedpolicyarn').html(policy_data['arn']);
     $('#managedpolicyversion').html(policy_data['version']);
 
@@ -1041,7 +1041,7 @@ async function processReferencePage() {
         }
 
         managedpolicies_table_content += '<tr>\
-            <td class="tx-medium"><a href="/managedpolicies/' + managedpolicy['name'] + '">' + managedpolicy['name'] + "</a>" + (managedpolicy['data_access'] ? ' <span class="badge badge-info">data access</span>' : '') + (managedpolicy['resource_exposure'] ? ' <span class="badge badge-info">resource exposure</span>' : '') + (managedpolicy['credentials_exposure'] ? ' <span class="badge badge-info">credentials exposure</span>' : '') + (managedpolicy['unknown_actions'] ? ' <span class="badge badge-warning">unknown actions</span>' : '') + (managedpolicy['privesc'] ? ' <span class="badge badge-warning">possible privesc</span>' : '') + (managedpolicy['malformed'] ? ' <span class="badge badge-danger">malformed</span>' : '') + (managedpolicy['deprecated'] ? ' <span class="badge badge-danger">deprecated</span>' : '') + (managedpolicy['undocumented_actions'] ? ' <span class="badge badge-danger">undocumented actions</span>' : '') + '</td>\
+            <td class="tx-medium"><a href="/managedpolicies/' + managedpolicy['name'] + '">' + managedpolicy['name'] + "</a>" + (managedpolicy['data_access'] ? ' <span class="badge badge-info">data access</span>' : '') + (managedpolicy['resource_exposure'] ? ' <span class="badge badge-info">resource exposure</span>' : '') + (managedpolicy['credentials_exposure'] ? ' <span class="badge badge-info">credentials exposure</span>' : '') + (managedpolicy['unknown_actions'] ? ' <span class="badge badge-warning">unknown actions</span>' : '') + (managedpolicy['privesc'] ? ' <span class="badge badge-warning">possible privesc</span>' : '') + (managedpolicy['grantless'] ? ' <span class="badge badge-warning">grantless</span>' : '') + (managedpolicy['malformed'] ? ' <span class="badge badge-danger">malformed</span>' : '') + (managedpolicy['deprecated'] ? ' <span class="badge badge-danger">deprecated</span>' : '') + (managedpolicy['undocumented_actions'] ? ' <span class="badge badge-danger">undocumented actions</span>' : '') + '</td>\
             <td class="tx-normal">' + managedpolicy['access_levels'].join(", ") + '</td>\
             <td class="tx-normal">' + managedpolicy['version'] + '</td>\
             <td class="tx-normal" style="text-decoration-line: underline; text-decoration-style: dotted;">' + readable_date(managedpolicy['createdate']) + '</td>\
diff --git a/index.html b/index.html
@@ -514,6 +514,10 @@ <h4 class="mg-b-10">Using Managed Policies</h4>
                         <td><span class="badge badge-warning">possible privesc</span></td>
                         <td>A managed policy or managed policy action tag that indicates the presence of an action that could potentially lead to a privilege escalation.</td>
                       </tr>
+                      <tr>
+                        <td><span class="badge badge-warning">grantless</span></td>
+                        <td>A managed policy tag that indicates the policy does not explicitely allow actions. These policies are typically used as Service Control Policies.</td>
+                      </tr>
                       <tr>
                         <td><span class="badge badge-danger">undocumented actions</span></td>
                         <td>A managed policy tag that indicates the presence of undocumented actions within the policy.</td>
