From b5908fc720bf38d3fe81b750cd03656f9e943fc8 Mon Sep 17 00:00:00 2001
From: sethsec-bf <46326948+sethsec-bf@users.noreply.github.com>
Date: Fri, 2 Feb 2024 13:29:33 -0500
Subject: [PATCH] Fixed bug in the role trusts command introduced in 1.13.1
 where cloudfox only shows princiapls with :root trust and not ALL role trusts

---
 aws/role-trusts.go | 45 ++++++++++++++++++++++-----------------------
 1 file changed, 22 insertions(+), 23 deletions(-)

diff --git a/aws/role-trusts.go b/aws/role-trusts.go
index 8295077..493c529 100644
--- a/aws/role-trusts.go
+++ b/aws/role-trusts.go
@@ -241,33 +241,32 @@ func (m *RoleTrustsModule) printPrincipalTrusts(outputDirectory string) ([]strin
 	for _, role := range m.AnalyzedRoles {
 		for _, statement := range role.trustsDoc.Statement {
 			for _, principal := range statement.Principal.AWS {
-				if strings.Contains(principal, ":root") {
-					//check to see if the accountID is known
-					accountID := strings.Split(principal, ":")[4]
-					vendorName := m.vendors.GetVendorNameFromAccountID(accountID)
-					if vendorName != "" {
-						principal = fmt.Sprintf("%s (%s)", principal, vendorName)
-					}
+				//check to see if the accountID is known
+				accountID := strings.Split(principal, ":")[4]
+				vendorName := m.vendors.GetVendorNameFromAccountID(accountID)
+				if vendorName != "" {
+					principal = fmt.Sprintf("%s (%s)", principal, vendorName)
+				}
 
-					RoleTrustRow := RoleTrustRow{
-						RoleARN:          aws.ToString(role.roleARN),
-						RoleName:         GetResourceNameFromArn(aws.ToString(role.roleARN)),
-						TrustedPrincipal: principal,
-						ExternalID:       statement.Condition.StringEquals.StsExternalID,
-						IsAdmin:          role.Admin,
-						CanPrivEsc:       role.CanPrivEsc,
-					}
-					body = append(body, []string{
-						aws.ToString(m.Caller.Account),
-						RoleTrustRow.RoleARN,
-						RoleTrustRow.RoleName,
-						RoleTrustRow.TrustedPrincipal,
-						RoleTrustRow.ExternalID,
-						RoleTrustRow.IsAdmin,
-						RoleTrustRow.CanPrivEsc})
+				RoleTrustRow := RoleTrustRow{
+					RoleARN:          aws.ToString(role.roleARN),
+					RoleName:         GetResourceNameFromArn(aws.ToString(role.roleARN)),
+					TrustedPrincipal: principal,
+					ExternalID:       statement.Condition.StringEquals.StsExternalID,
+					IsAdmin:          role.Admin,
+					CanPrivEsc:       role.CanPrivEsc,
 				}
+				body = append(body, []string{
+					aws.ToString(m.Caller.Account),
+					RoleTrustRow.RoleARN,
+					RoleTrustRow.RoleName,
+					RoleTrustRow.TrustedPrincipal,
+					RoleTrustRow.ExternalID,
+					RoleTrustRow.IsAdmin,
+					RoleTrustRow.CanPrivEsc})
 			}
 		}
+
 	}
 
 	m.sortTrustsTablePerTrustedPrincipal()