From 426fb9fe233e378ad4c7b459df923dbea8d46d49 Mon Sep 17 00:00:00 2001
From: "Michael J. Kidd" <linuxkidd@gmail.com>
Date: Wed, 14 Jul 2021 09:09:25 -0400
Subject: [PATCH] Updated Principal regex to be more precise

---
 find_bad_policy_principals.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/find_bad_policy_principals.py b/find_bad_policy_principals.py
index 3cf8fe1..7aa9fab 100644
--- a/find_bad_policy_principals.py
+++ b/find_bad_policy_principals.py
@@ -56,7 +56,7 @@ def test_user(access_key,secret_key):
                 log_output("DEBUG: Policy {0:s}".format(json.dumps(mypolicy)))
 
             for st in mypolicy["Statement"]:
-                if not re.match('^arn:aws:iam:.*:.*:user\/.*$',st["Principal"]["AWS"]):
+                if not re.match('^arn:aws:iam:[^:]*:[^:]*:user\/[^:]*$',st["Principal"]["AWS"]):
                     log_output("Bad policy principal detected on bucket {0:s}: {1:s}".format(bucket.name,json.dumps(st)))
                     badpolicy+=1
                 else: