Search code examples
dockerscanningcasa

CASA APK Scan - NoCredentialsError: Unable to locate credentials

Edit:

Issue is solved. Please find information here: https://github.com/fluidattacks/makes/issues/1231

Original Post/Issue:

Facing this error while running APK scan:

─────────────────────────────────── Running ────────────────────────────────────

[INFO] Official Documentation: https://docs.fluidattacks.com/tech/scanner/standalone/
[INFO] Namespace: myapp
[ERROR] Computing commit hash: /working-dir 
[INFO] info HEAD is now at: 0000000000000000000000000000000000000000
[INFO] Startup work dir is: /working-dir
[INFO] Moving work dir to: /working-dir
[INFO] Running SAST analysis on specified paths
[WARNING] Function: __main__.cli_scan_wrapped, type in : Unable to locate credentials
Traceback (most recent call last):
  File "/nix/store/g8l3msrrig0gapjzpbajd7n6d58knd98-skims/utils/function.py", line 180, in wrapper
    return function(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/nix/store/g8l3msrrig0gapjzpbajd7n6d58knd98-skims/cli/__init__.py", line 259, in cli_scan_wrapped
    success: tuple[bool, int] = run(core.scan.main())
                                ^^^^^^^^^^^^^^^^^^^^^
  File "/nix/store/55r9nsl17a2addsdh67cns3c75y5n8i4-skims-runtime/lib/python3.11/site-packages/aioextensions/__init__.py", line 292, in run
    return asyncio.run(coroutine, debug=debug)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/nix/store/hx2c957wpwa6i3fz0wiwhg72sfgq62k1-python3-3.11.2/lib/python3.11/asyncio/runners.py", line 190, in run
    return runner.run(main)
           ^^^^^^^^^^^^^^^^
  File "/nix/store/hx2c957wpwa6i3fz0wiwhg72sfgq62k1-python3-3.11.2/lib/python3.11/asyncio/runners.py", line 118, in run
    return self._loop.run_until_complete(task)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/nix/store/hx2c957wpwa6i3fz0wiwhg72sfgq62k1-python3-3.11.2/lib/python3.11/asyncio/base_events.py", line 653, in run_until_complete
    return future.result()
           ^^^^^^^^^^^^^^^
  File "/nix/store/g8l3msrrig0gapjzpbajd7n6d58knd98-skims/core/scan.py", line 413, in main
    stores = await execute_skims()
             ^^^^^^^^^^^^^^^^^^^^^
  File "/nix/store/g8l3msrrig0gapjzpbajd7n6d58knd98-skims/utils/telemetry.py", line 38, in async_wrapper
    result = await _func(*args, **kwargs)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/nix/store/g8l3msrrig0gapjzpbajd7n6d58knd98-skims/core/scan.py", line 176, in execute_skims
    send_metrics_to_cloudwatch(calculate_methods_averages())
  File "/nix/store/g8l3msrrig0gapjzpbajd7n6d58knd98-skims/utils/logs.py", line 145, in send_metrics_to_cloudwatch
    cloudwatch_client.put_metric_data(
  File "/nix/store/55r9nsl17a2addsdh67cns3c75y5n8i4-skims-runtime/lib/python3.11/site-packages/botocore/client.py", line 535, in _api_call
    return self._make_api_call(operation_name, kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/nix/store/55r9nsl17a2addsdh67cns3c75y5n8i4-skims-runtime/lib/python3.11/site-packages/botocore/client.py", line 963, in _make_api_call
    http, parsed_response = self._make_request(
                            ^^^^^^^^^^^^^^^^^^^
  File "/nix/store/55r9nsl17a2addsdh67cns3c75y5n8i4-skims-runtime/lib/python3.11/site-packages/botocore/client.py", line 986, in _make_request
    return self._endpoint.make_request(operation_model, request_dict)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/nix/store/55r9nsl17a2addsdh67cns3c75y5n8i4-skims-runtime/lib/python3.11/site-packages/botocore/endpoint.py", line 119, in make_request
    return self._send_request(request_dict, operation_model)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/nix/store/55r9nsl17a2addsdh67cns3c75y5n8i4-skims-runtime/lib/python3.11/site-packages/botocore/endpoint.py", line 198, in _send_request
    request = self.create_request(request_dict, operation_model)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/nix/store/55r9nsl17a2addsdh67cns3c75y5n8i4-skims-runtime/lib/python3.11/site-packages/botocore/endpoint.py", line 134, in create_request
    self._event_emitter.emit(
  File "/nix/store/55r9nsl17a2addsdh67cns3c75y5n8i4-skims-runtime/lib/python3.11/site-packages/botocore/hooks.py", line 412, in emit
    return self._emitter.emit(aliased_event_name, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/nix/store/55r9nsl17a2addsdh67cns3c75y5n8i4-skims-runtime/lib/python3.11/site-packages/botocore/hooks.py", line 256, in emit
    return self._emit(event_name, kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/nix/store/55r9nsl17a2addsdh67cns3c75y5n8i4-skims-runtime/lib/python3.11/site-packages/botocore/hooks.py", line 239, in _emit
    response = handler(**kwargs)
               ^^^^^^^^^^^^^^^^^
  File "/nix/store/55r9nsl17a2addsdh67cns3c75y5n8i4-skims-runtime/lib/python3.11/site-packages/botocore/signers.py", line 105, in handler
    return self.sign(operation_name, request)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/nix/store/55r9nsl17a2addsdh67cns3c75y5n8i4-skims-runtime/lib/python3.11/site-packages/botocore/signers.py", line 189, in sign
    auth.add_auth(request)
  File "/nix/store/55r9nsl17a2addsdh67cns3c75y5n8i4-skims-runtime/lib/python3.11/site-packages/botocore/auth.py", line 418, in add_auth
    raise NoCredentialsError()
botocore.exceptions.NoCredentialsError: Unable to locate credentials

[INFO] Summary: An error occurred while analyzing your targets.

────────────────────────── 😵 Failed with exit code 1 ──────────────────────────

Here is my exact, as it is command that I am running:

sudo docker run -v /home/kali/casa/mobile/application/:/working-dir ghcr.io/fluidattacks/makes/amd64 m gitlab:fluidattacks/universe@trunk /skims scan ./config.yaml

My directory structure is:

casa
└── mobile
    ├── application
    │   ├── config.yaml
    │   ├── test.apk
    │   └── whatsapp.apk
    └── Dockerfile

Here is my config file:

namespace: myapp
output:
  file_path: ./Fluid-Attacks-Results.csv
  format: CSV
working_dir: /home/kali/casa/mobile/application/
language: EN
apk:
  include:
    - test.apk
debug: true

What is this credentials error I am getting? Documentation is not asking for credentials to be supplied.

I tried editing my config file in different ways, removing content, tried searching for how to add credentials since its a creds error. However, for static scan I really dont need creds as per docs: https://docs.fluidattacks.com/tech/scanner/standalone/casa/

Solution

  • I raised an issue on their Github and they have pushed a new update to the tool. Kindly pull the latest image and run the tool.

    My issue is fixed by pulling the latest docker build and it should fix yours too.

    Here is the issue I raised: https://github.com/fluidattacks/makes/issues/1231