Conversation
| object_policy_dict['service'] = service_to_replacement[member_to_replace] | ||
| # If it's a policy with only one member, it'll be parsed as a string, not a list | ||
| elif isinstance(object_policy_dict['service']['member'], str): | ||
| elif isinstance(object_policy_dict['service']['member'], str) and object_policy_dict['service']['member'] in service_to_replacement: |
There was a problem hiding this comment.
Re: and object_policy_dict['service']['member'] in service_to_replacement
I'm concerned for a scenario where there is only a single member, so the value is a string, but not present in the service_to_replacement mapping, and so it wouldn't pass the second condition. What would then happen is that it would then execute the else statement, which would iterate through the value as a string (meaning, iterating through one character at a time).
As such, this seems like this change would introduce a bug. Am I missing something?
There was a problem hiding this comment.
I'm not aware of functionality end-to-end, I got issue in a case where object_policy_dict['service']['member'] was not present in service_to_replacement and the code was breaking on line 146
There was a problem hiding this comment.
I've created a new release with additional debugging. Could you re-run pan_analyzer with --debug appended and paste the object's information from the bottom of the debug file, after the crash that this is intended to fix, so I can see the problematic object?
2 participants
Bug Fix for Issue - #57
Fixes :