Merge branch 'master' into AST-40641

Dockerfile

@@ -1,4 +1,4 @@
-FROM --platform=linux/amd64 cgr.dev/chainguard/go@sha256:4d51574ef33b4edc57a22da062fe335a500eda30a1f1315cb39b4977bf2aef5f as build_env
+FROM --platform=linux/amd64 cgr.dev/chainguard/go@sha256:6011c1778c16972f52b9c840bf668b23973e5cdfa5ad09ce24af6c76673bc492 as build_env
 
 # Copy the source from the current directory to the Working Directory inside the container
 WORKDIR /app
@@ -31,7 +31,7 @@ USER nonroot
 # Runtime image
 # Ignore no User Cmd since KICS container is stopped afer scan
 # kics-scan ignore-line
-FROM --platform=linux/amd64 cgr.dev/chainguard/git@sha256:de87d065b0efb4332080a55ccf45015891fce6aa9ee6101730779850d4634a56
+FROM --platform=linux/amd64 cgr.dev/chainguard/git@sha256:8332cf36bb4cd9412f4a66eb6f2b8ae5c473d64f5c9aeffec4fd950310dc241e
 
 ENV TERM xterm-256color
 

assets/libraries/cloudformation.rego

@@ -258,3 +258,11 @@ getPath(path) = result {
 	count(path) == 0
 	result := ""
 }
+
+createSearchKey(elem) = search {
+	not elem.Name.Ref
+	search := sprintf("=%s", [elem.Name])
+} else = search {
+	elem.Name.Ref
+	search := sprintf(".Ref=%s", [elem.Name.Ref])
+}

assets/queries/cloudFormation/aws/ecs_task_definition_healthcheck_missing/query.rego

@@ -9,14 +9,17 @@ CxPolicy[result] {
 	contDef := resource.Properties.ContainerDefinitions[idx]
 	not common_lib.valid_key(contDef, "HealthCheck")
 
+    getkey := cf_lib.createSearchKey(contDef)
+    searchkey := sprintf("Resources.%s.Properties.ContainerDefinitions.%v.Name%s", [name,idx,getkey])
+
 	result := {
 		"documentId": input.document[i].id,
 		"resourceType": resource.Type,
 		"resourceName": cf_lib.get_resource_name(resource, name),
-		"searchKey": sprintf("Resources.%s.Properties.ContainerDefinitions", [name]),
+        "searchKey": searchkey,
 		"issueType": "MissingAttribute",
 		"keyExpectedValue": sprintf("'Resources.%s.Properties.ContainerDefinitions' should contain 'HealthCheck' property", [name]),
 		"keyActualValue": sprintf("'Resources.%s.Properties.ContainerDefinitions' doesn't contain 'HealthCheck' property", [name]),
-		"searchLine": common_lib.build_search_line(["Resources", name, "Properties", "ContainerDefinitions"], [idx]),
+		"searchLine": common_lib.build_search_line(["Resources", name, "Properties", "ContainerDefinitions"], [idx, "Name","Ref" ]),
 	}
 }

assets/queries/cloudFormation/aws/ecs_task_definition_healthcheck_missing/test/positive_expected_result.json

@@ -3,10 +3,10 @@
     "fileName": "positive1.yaml",
     "queryName": "ECS Task Definition HealthCheck Missing",
     "severity": "LOW",
-    "line": 47
+    "line": 48
   },
   {
-    "line": 29,
+    "line": 55,
     "fileName": "positive2.json",
     "queryName": "ECS Task Definition HealthCheck Missing",
     "severity": "LOW"

assets/queries/cloudFormation/aws/ecs_task_definition_invalid_cpu_or_memory/query.rego

@@ -19,7 +19,9 @@ CxPolicy[result] {
 	}
 
 	checkMemory(taskDef, memory) == true
-	searchkey := createSearchKey(name2, taskDef.Properties.ContainerDefinitions[_])
+
+    getkey := cf_lib.createSearchKey(taskDef.Properties.ContainerDefinitions[_])
+    searchkey = sprintf("Resources.%s.Properties.ContainerDefinitions.Name%s", [name2, getkey])
 
 	result := {
 		"documentId": input.document[i].id,
@@ -41,7 +43,8 @@ CxPolicy[result] {
 	cpuMem := {256, 512, 1024, 2048, 4096}
 	cpu := taskDef.Properties.ContainerDefinitions[_].Cpu
 	not commonLib.inArray(cpuMem, cpu)
-	searchkey := createSearchKey(name2, taskDef.Properties.ContainerDefinitions[_])
+	getkey := cf_lib.createSearchKey(taskDef.Properties.ContainerDefinitions[_])
+    searchkey := sprintf("Resources.%s.Properties.ContainerDefinitions.Name%s", [name2, getkey])
 
 	result := {
 		"documentId": input.document[i].id,
@@ -75,12 +78,4 @@ checkRemainder(mem, cpu) {
 	not mem % 1024 == 0
 }
 
-createSearchKey(a, b) = search {
-	not b.Name.Ref
-	search := sprintf("Resources.%s.Properties.ContainerDefinitions.Name=%s", [a, b.Name])
-}
 
-createSearchKey(a, b) = search {
-	b.Name.Ref
-	search := sprintf("Resources.%s.Properties.ContainerDefinitions.Name.Ref=%s", [a, b.Name.Ref])
-}