diff --git a/assets/js/aws.permissions.cloud.js b/assets/js/aws.permissions.cloud.js index 2ce3825..c4ccd56 100644 --- a/assets/js/aws.permissions.cloud.js +++ b/assets/js/aws.permissions.cloud.js @@ -295,7 +295,7 @@ function processCustomPolicy(iam_def, tags) { return; } } - + var condition = null; if (statement['Condition']) { condition = statement['Condition']; @@ -627,6 +627,21 @@ async function processReferencePage() { let tags_data = await fetch('https://iann0036.github.io/iam-dataset/aws/tags.json'); let tags = await tags_data.json(); + const managedpolicies_data = await fetch('https://raw.githubusercontent.com/iann0036/iam-dataset/main/aws/managed_policies.json'); + const managedpolicies = await managedpolicies_data.json(); + for (const managedpolicy of managedpolicies['policies']) { + // Enrich for search + managedpolicy['effective_action_names'] = managedpolicy['effective_action_names'].map(a => { + const fullpriv = a.toLowerCase(); + const [prefix, privilege] = fullpriv.split(":"); + return { + fullpriv, + prefix, + privilege, + } + }); + } + $('#actions-table tbody').html(''); iam_def.sort((a, b) => a['service_name'].replace("Amazon ", "").replace("AWS ", "") < b['service_name'].replace("Amazon ", "").replace("AWS ", "") ? -1 : 1) @@ -721,7 +736,7 @@ async function processReferencePage() { html = ''; results = []; for (let managedpolicy of managedpolicies['policies']) { - if (managedpolicy['name'].toLowerCase().includes(searchterm)) { + if (managedpolicy['name'].toLowerCase().includes(searchterm) || managedpolicy['effective_action_names'].some(a => a['fullpriv'].startsWith(searchterm) || a['prefix'].startsWith(searchterm) || a['privilege'].startsWith(searchterm))) { results.push(managedpolicy['name']); } if (results.length >= 10) break; @@ -843,7 +858,7 @@ async function processReferencePage() { } actions_table_content += '