fix(iam): handle no arn serial numbers for MFA devices (#4710)

github-actions[bot] · pedrooot · MrCloudSec · web-flow · commit 2de94df15945 · 2024-08-09T14:41:29.000-04:00
Co-authored-by: Pedro Martín &lt;pedromarting3@gmail.com&gt;
Co-authored-by: Sergio &lt;sergio@prowler.com&gt;
diff --git a/prowler/providers/aws/services/iam/iam_service.py b/prowler/providers/aws/services/iam/iam_service.py
@@ -374,9 +374,10 @@ def __list_mfa_devices__(self):
                 for page in list_mfa_devices_paginator.paginate(UserName=user.name):
                     for mfa_device in page["MFADevices"]:
                         mfa_serial_number = mfa_device["SerialNumber"]
-                        mfa_type = (
-                            mfa_device["SerialNumber"].split(":")[5].split("/")[0]
-                        )
+                        try:
+                            mfa_type = mfa_serial_number.split(":")[5].split("/")[0]
+                        except IndexError:
+                            mfa_type = "hardware"
                         mfa_devices.append(
                             MFADevice(serial_number=mfa_serial_number, type=mfa_type)
                         )
diff --git a/tests/providers/aws/services/iam/iam_service_test.py b/tests/providers/aws/services/iam/iam_service_test.py
@@ -424,7 +424,7 @@ def test__get_password_policy__(self):
 
     # Test IAM List MFA Device
     @mock_aws
-    def test__list_mfa_devices__(self):
+    def test__list_mfa_devices_arn__(self):
         # Generate IAM Client
         iam_client = client("iam")
         # Generate IAM user
@@ -455,6 +455,33 @@ def test__list_mfa_devices__(self):
         )
         assert iam.users[0].mfa_devices[0].type == "mfa"
 
+    # Test IAM List MFA Device
+    @mock_aws
+    def test__list_mfa_devices_number__(self):
+        # Generate IAM Client
+        iam_client = client("iam")
+        # Generate IAM user
+        iam_client.create_user(
+            UserName="user1",
+        )
+        # Create Unknown MFA device
+        hardware_mfa_devide = "XXXXXXXXX"
+        iam_client.enable_mfa_device(
+            UserName="user1",
+            SerialNumber=hardware_mfa_devide,
+            AuthenticationCode1="123456",
+            AuthenticationCode2="123456",
+        )
+
+        # IAM client for this test class
+        audit_info = set_mocked_aws_audit_info([AWS_REGION_US_EAST_1])
+        iam = IAM(audit_info)
+
+        assert len(iam.users) == 1
+        assert len(iam.users[0].mfa_devices) == 1
+        assert iam.users[0].mfa_devices[0].serial_number == hardware_mfa_devide
+        assert iam.users[0].mfa_devices[0].type == "hardware"
+
     # Test IAM List Virtual MFA Device
     @mock_aws
     def test__list_virtual_mfa_devices__(self):
