Merge pull request #7206 from Checkmarx/AST-50621

update(nifcloud): update nifcloud queries metadata and functionality

assets/queries/terraform/nifcloud/computing_instance_has_common_private/metadata.json

@@ -1,6 +1,6 @@
 {
   "id": "df58dd45-8009-43c2-90f7-c90eb9d53ed9",
-  "queryName": "Beta - Nifcloud Computing Has Common Private Network",
+  "queryName": "Nifcloud Computing Has Common Private Network",
   "severity": "LOW",
   "category": "Networking and Firewall",
   "descriptionText": "The instance has common private network",

assets/queries/terraform/nifcloud/computing_instance_has_common_private/test/positive_expected_result.json

@@ -1,12 +1,12 @@
 [
 	{
-		"queryName": "Beta - Nifcloud Computing Has Common Private Network",
+		"queryName": "Nifcloud Computing Has Common Private Network",
 		"severity": "LOW",
 		"line": 1,
 		"fileName": "positive1.tf"
 	},
 	{
-		"queryName": "Beta - Nifcloud Computing Has Common Private Network",
+		"queryName": "Nifcloud Computing Has Common Private Network",
 		"severity": "LOW",
 		"line": 1,
 		"fileName": "positive2.tf"

assets/queries/terraform/nifcloud/computing_instance_has_public_ingress_sgr/metadata.json

@@ -1,6 +1,6 @@
 {
   "id": "b2ea2367-8dc9-4231-a035-d0b28bfa3dde",
-  "queryName": "Beta - Nifcloud Computing Has Public Ingress Security Group Rule",
+  "queryName": "Nifcloud Computing Has Public Ingress Security Group Rule",
   "severity": "HIGH",
   "category": "Networking and Firewall",
   "descriptionText": "An ingress security group rule allows traffic from /0",

assets/queries/terraform/nifcloud/computing_instance_has_public_ingress_sgr/test/positive_expected_result.json

@@ -1,6 +1,6 @@
 [
 	{
-		"queryName": "Beta - Nifcloud Computing Has Public Ingress Security Group Rule",
+		"queryName": "Nifcloud Computing Has Public Ingress Security Group Rule",
 		"severity": "HIGH",
 		"line": 1,
 		"fileName": "positive.tf"

assets/queries/terraform/nifcloud/computing_instance_security_group_undefined/metadata.json

@@ -1,6 +1,6 @@
 {
   "id": "89218b48-75c9-4cb3-aaba-5299e852e8bc",
-  "queryName": "Beta - Nifcloud Computing Undefined Security Group To Instance",
+  "queryName": "Nifcloud Computing Undefined Security Group To Instance",
   "severity": "HIGH",
   "category": "Networking and Firewall",
   "descriptionText": "Missing security group for instance",

assets/queries/terraform/nifcloud/computing_instance_security_group_undefined/test/positive_expected_result.json

@@ -1,6 +1,6 @@
 [
 	{
-		"queryName": "Beta - Nifcloud Computing Undefined Security Group To Instance",
+		"queryName": "Nifcloud Computing Undefined Security Group To Instance",
 		"severity": "HIGH",
 		"line": 1,
 		"fileName": "positive.tf"

assets/queries/terraform/nifcloud/computing_security_group_description_undefined/metadata.json

@@ -1,9 +1,9 @@
 {
   "id": "41c127a9-3a85-4bc3-a333-ed374eb9c3e4",
-  "queryName": "Beta - Nifcloud Computing Undefined Description To Security Group",
-  "severity": "LOW",
-  "category": "Networking and Firewall",
-  "descriptionText": "Missing description for security group",
+  "queryName": "Nifcloud Computing Undefined Description To Security Group",
+  "severity": "INFO",
+  "category": "Best Practices",
+  "descriptionText": "It's considered a best practice for Security Group to have a description",
   "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/security_group#description",
   "platform": "Terraform",
   "descriptionID": "dedce967",

assets/queries/terraform/nifcloud/computing_security_group_description_undefined/test/positive_expected_result.json

@@ -1,7 +1,7 @@
 [
 	{
-		"queryName": "Beta - Nifcloud Computing Undefined Description To Security Group",
-		"severity": "LOW",
+		"queryName": "Nifcloud Computing Undefined Description To Security Group",
+		"severity": "INFO",
 		"line": 1,
 		"fileName": "positive.tf"
 	}

assets/queries/terraform/nifcloud/computing_security_group_rule_description_undefined/metadata.json

@@ -1,9 +1,9 @@
 {
   "id": "e4610872-0b1c-4fb7-ab57-d81c0afdb291",
-  "queryName": "Beta - Nifcloud Computing Undefined Description To Security Group Rule",
-  "severity": "LOW",
-  "category": "Networking and Firewall",
-  "descriptionText": "Missing description for security group rule",
+  "queryName": "Nifcloud Computing Undefined Description To Security Group Rule",
+  "severity": "INFO",
+  "category": "Best Practices",
+  "descriptionText": "It's considered a best practice for Security Group Rules to have a description",
   "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/security_group_rule#description",
   "platform": "Terraform",
   "descriptionID": "66ed83ab",

assets/queries/terraform/nifcloud/computing_security_group_rule_description_undefined/test/positive_expected_result.json

@@ -1,7 +1,7 @@
 [
 	{
-		"queryName": "Beta - Nifcloud Computing Undefined Description To Security Group Rule",
-		"severity": "LOW",
+		"queryName": "Nifcloud Computing Undefined Description To Security Group Rule",
+		"severity": "INFO",
 		"line": 1,
 		"fileName": "positive.tf"
 	}

assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/metadata.json

@@ -1,9 +1,9 @@
 {
   "id": "e5071f76-cbe7-468d-bb2b-d10f02d2b713",
-  "queryName": "Beta - Nifcloud RDB Has Backup Retention Less Than 2 Day",
-  "severity": "MEDIUM",
+  "queryName": "Nifcloud Low RDB Backup Retention Period",
+  "severity": "LOW",
   "category": "Backup",
-  "descriptionText": "The rdb has backup retention less than 2 day",
+  "descriptionText": "Nifcloud RDB backup retention should be at least 7 days",
   "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/db_instance#backup_retention_period",
   "platform": "Terraform",
   "descriptionID": "5fadf94a",

assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/query.rego

@@ -14,23 +14,23 @@ CxPolicy[result] {
 		"resourceName": tf_lib.get_resource_name(dbInstance, name),
 		"searchKey": sprintf("nifcloud_db_instance[%s]", [name]),
 		"issueType": "MissingAttribute",
-		"keyExpectedValue": sprintf("'nifcloud_db_instance[%s]' should have backup retention longer than 1 day", [name]),
-		"keyActualValue": sprintf("'nifcloud_db_instance[%s]' does not have backup retention period", [name]),
+		"keyExpectedValue": sprintf("'nifcloud_db_instance[%s]' should have backup retention of at least 7 days", [name]),
+		"keyActualValue": sprintf("'nifcloud_db_instance[%s]' doesn't have a backup retention period defined", [name]),
 	}
 }
 
 CxPolicy[result] {
 
 	dbInstance := input.document[i].resource.nifcloud_db_instance[name]
-	dbInstance.backup_retention_period < 2
+	dbInstance.backup_retention_period < 7
 
 	result := {
 		"documentId": input.document[i].id,
 		"resourceType": "nifcloud_db_instance",
 		"resourceName": tf_lib.get_resource_name(dbInstance, name),
 		"searchKey": sprintf("nifcloud_db_instance[%s]", [name]),
 		"issueType": "IncorrectValue",
-		"keyExpectedValue": sprintf("'nifcloud_db_instance[%s]' should have backup retention longer than 1 day", [name]),
-		"keyActualValue": sprintf("'nifcloud_db_instance[%s]' has 1 day backup retention period", [name]),
+		"keyExpectedValue": sprintf("'nifcloud_db_instance[%s]' should have backup retention of at least 7 days", [name]),
+		"keyActualValue": sprintf("'nifcloud_db_instance[%s]' has backup retention period of '%s' which is less than minimum of 7 days", [name, dbInstance.backup_retention_period]),
 	}
 }

assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/test/negative.tf

@@ -1,5 +1,5 @@
 resource "nifcloud_db_instance" "negative" {
   identifier              = "example"
   instance_class          = "db.large8"
-  backup_retention_period = 5
+  backup_retention_period = 7
 }

assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/test/positive2.tf

@@ -1,5 +1,5 @@
 resource "nifcloud_db_instance" "positive" {
   identifier              = "example"
   instance_class          = "db.large8"
-  backup_retention_period = 1
+  backup_retention_period = 5
 }

assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/test/positive_expected_result.json

@@ -1,13 +1,13 @@
 [
 	{
-		"queryName": "Beta - Nifcloud RDB Has Backup Retention Less Than 2 Day",
-		"severity": "MEDIUM",
+		"queryName": "Nifcloud Low RDB Backup Retention Period",
+		"severity": "LOW",
 		"line": 1,
 		"fileName": "positive1.tf"
 	},
 	{
-		"queryName": "Beta - Nifcloud RDB Has Backup Retention Less Than 2 Day",
-		"severity": "MEDIUM",
+		"queryName": "Nifcloud Low RDB Backup Retention Period",
+		"severity": "LOW",
 		"line": 1,
 		"fileName": "positive2.tf"
 	}

assets/queries/terraform/nifcloud/db_has_public_access/metadata.json

@@ -1,12 +1,12 @@
 {
-  "id": "fb387023-e4bb-42a8-9a70-6708aa7ff21b",
-  "queryName": "Beta - Nifcloud RDB Has Public DB Access",
-  "severity": "HIGH",
-  "category": "Networking and Firewall",
-  "descriptionText": "The rdb has public db access",
-  "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/db_instance#publicly_accessible",
-  "platform": "Terraform",
-  "descriptionID": "e4ce28b6",
-  "cloudProvider": "nifcloud",
-  "cwe": "732"
-}
+    "id": "fb387023-e4bb-42a8-9a70-6708aa7ff21b",
+    "queryName": "Nifcloud RDB Has Public DB Access",
+    "severity": "HIGH",
+    "category": "Access Control",
+    "descriptionText": "The RDB has public DB access",
+    "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/db_instance#publicly_accessible",
+    "platform": "Terraform",
+    "descriptionID": "e4ce28b6",
+    "cloudProvider": "nifcloud",
+    "cwe": "732"
+  }

assets/queries/terraform/nifcloud/db_has_public_access/query.rego

@@ -4,17 +4,31 @@ import data.generic.terraform as tf_lib
 import data.generic.common as common_lib
 
 CxPolicy[result] {
-
 	dbInstance := input.document[i].resource.nifcloud_db_instance[name]
     dbInstance.publicly_accessible == true
-
 	result := {
 		"documentId": input.document[i].id,
 		"resourceType": "nifcloud_db_instance",
 		"resourceName": tf_lib.get_resource_name(dbInstance, name),
 		"searchKey": sprintf("nifcloud_db_instance[%s]", [name]),
 		"issueType": "IncorrectValue",
-		"keyExpectedValue": sprintf("'nifcloud_db_instance[%s]' should not use publicly available. You should limit all access to the minimum that is required for your application to function.", [name]),
-		"keyActualValue": sprintf("'nifcloud_db_instance[%s]' use publicly available", [name]),
+		"keyExpectedValue": sprintf("'nifcloud_db_instance[%s]' should not use publicly accessible set to true. You should limit all access to the minimum that is required for your application to function.", [name]),
+		"keyActualValue": sprintf("'nifcloud_db_instance[%s]' has publicly accessible set to true.", [name]),
 	}
 }
+
+CxPolicy[result] {
+
+	dbInstance := input.document[i].resource.nifcloud_db_instance[name]
+    not common_lib.valid_key(dbInstance, "publicly_accessible")
+
+	result := {
+		"documentId": input.document[i].id,
+		"resourceType": "nifcloud_db_instance",
+		"resourceName": tf_lib.get_resource_name(dbInstance, name),
+		"searchKey": sprintf("nifcloud_db_instance[%s]", [name]),
+		"issueType": "MissingAttribute",
+		"keyExpectedValue": sprintf("'nifcloud_db_instance[%s]' should have publicly accessible defined as the default value is set to true. You should limit all access to the minimum that is required for your application to function.", [name]),
+		"keyActualValue": sprintf("'nifcloud_db_instance[%s]' doesn't define publicly accessible.", [name]),
+	}
+}

assets/queries/terraform/nifcloud/db_has_public_access/test/negative.tf

@@ -2,4 +2,4 @@ resource "nifcloud_db_instance" "negative" {
   identifier          = "example"
   instance_class      = "db.large8"
   publicly_accessible = false
-}
+}

assets/queries/terraform/nifcloud/db_has_public_access/test/positive.tf

@@ -2,4 +2,4 @@ resource "nifcloud_db_instance" "positive" {
   identifier          = "example"
   instance_class      = "db.large8"
   publicly_accessible = true
-}
+}

assets/queries/terraform/nifcloud/db_has_public_access/test/positive_expected_result.json

@@ -1,6 +1,6 @@
 [
 	{
-		"queryName": "Beta - Nifcloud RDB Has Public DB Access",
+		"queryName": "Nifcloud RDB Has Public DB Access",
 		"severity": "HIGH",
 		"line": 1,
 		"fileName": "positive.tf"

assets/queries/terraform/nifcloud/db_instance_has_common_private/metadata.json

@@ -1,9 +1,9 @@
 {
   "id": "9bf57c23-fbab-4222-85f3-3f207a53c6a8",
-  "queryName": "Beta - Nifcloud RDB Has Common Private Network",
+  "queryName": "Nifcloud RDB Has Common Private Network",
   "severity": "LOW",
   "category": "Networking and Firewall",
-  "descriptionText": "The rdb has common private network",
+  "descriptionText": "The RDB has common private network",
   "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/db_instance#network_id",
   "platform": "Terraform",
   "descriptionID": "89f1ff38",

assets/queries/terraform/nifcloud/db_instance_has_common_private/test/positive_expected_result.json

@@ -1,6 +1,6 @@
 [
 	{
-		"queryName": "Beta - Nifcloud RDB Has Common Private Network",
+		"queryName": "Nifcloud RDB Has Common Private Network",
 		"severity": "LOW",
 		"line": 1,
 		"fileName": "positive.tf"

assets/queries/terraform/nifcloud/db_security_group_description_undefined/metadata.json

@@ -1,9 +1,9 @@
 {
   "id": "940ddce2-26bd-4e31-a9b4-382714f73231",
-  "queryName": "Beta - Nifcloud RDB Undefined Description To DB Security Group",
-  "severity": "LOW",
-  "category": "Networking and Firewall",
-  "descriptionText": "Missing description for db security group",
+  "queryName": "Nifcloud RDB Undefined Description To DB Security Group",
+  "severity": "INFO",
+  "category": "Best Practices",
+  "descriptionText": "Missing description for DB security group",
   "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/db_security_group#description",
   "platform": "Terraform",
   "descriptionID": "badc7874",

assets/queries/terraform/nifcloud/db_security_group_description_undefined/query.rego

@@ -14,7 +14,7 @@ CxPolicy[result] {
 		"resourceName": tf_lib.get_resource_name(dbSecurityGroup, name),
 		"searchKey": sprintf("nifcloud_db_security_group[%s]", [name]),
 		"issueType": "MissingAttribute",
-		"keyExpectedValue": sprintf("'nifcloud_db_security_group[%s]' should include a description for auditing purposes", [name]),
-		"keyActualValue": sprintf("'nifcloud_db_security_group[%s]' does not have a description", [name]),
+		"keyExpectedValue": sprintf("'nifcloud_db_security_group[%s]' should include a description for auditing purposes.", [name]),
+		"keyActualValue": sprintf("'nifcloud_db_security_group[%s]' does not have a description.", [name]),
 	}
 }

assets/queries/terraform/nifcloud/db_security_group_description_undefined/test/positive_expected_result.json

@@ -1,7 +1,7 @@
 [
 	{
-		"queryName": "Beta - Nifcloud RDB Undefined Description To DB Security Group",
-		"severity": "LOW",
+		"queryName": "Nifcloud RDB Undefined Description To DB Security Group",
+		"severity": "INFO",
 		"line": 1,
 		"fileName": "positive.tf"
 	}

assets/queries/terraform/nifcloud/db_security_group_has_public_ingress_sgr/metadata.json

@@ -1,9 +1,9 @@
 {
   "id": "a0b846e8-815f-4f15-b660-bc4ab9fa1e1a",
-  "queryName": "Beta - Nifcloud RDB Has Public DB Ingress Security Group Rule",
+  "queryName": "Nifcloud RDB Has Public DB Ingress Security Group Rule",
   "severity": "HIGH",
   "category": "Networking and Firewall",
-  "descriptionText": "An db ingress security group rule allows traffic from /0",
+  "descriptionText": "A DB ingress security group rule allows traffic from /0",
   "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/db_security_group#cidr_ip",
   "platform": "Terraform",
   "descriptionID": "05a9f362",

assets/queries/terraform/nifcloud/db_security_group_has_public_ingress_sgr/test/positive_expected_result.json

@@ -1,6 +1,6 @@
 [
 	{
-		"queryName": "Beta - Nifcloud RDB Has Public DB Ingress Security Group Rule",
+		"queryName": "Nifcloud RDB Has Public DB Ingress Security Group Rule",
 		"severity": "HIGH",
 		"line": 1,
 		"fileName": "positive.tf"

assets/queries/terraform/nifcloud/dns_has_verified_record/metadata.json

@@ -1,7 +1,7 @@
 {
   "id": "a1defcb6-55e8-4511-8c2a-30b615b0e057",
-  "queryName": "Beta - Nifcloud DNS Has Verified Record",
-  "severity": "HIGH",
+  "queryName": "Nifcloud DNS Has Verified Record",
+  "severity": "LOW",
   "category": "Insecure Configurations",
   "descriptionText": "Removing verified record of TXT auth the risk that If the authentication record remains, anyone can register the zone",
   "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/dns_record#record",

assets/queries/terraform/nifcloud/dns_has_verified_record/query.rego

@@ -14,7 +14,7 @@ CxPolicy[result] {
 		"resourceName": tf_lib.get_resource_name(dnsRecord, name),
 		"searchKey": sprintf("nifcloud_dns_record[%s]", [name]),
 		"issueType": "IncorrectValue",
-		"keyExpectedValue": sprintf("'nifcloud_dns_record[%s]' remove verified record", [name]),
-		"keyActualValue": sprintf("'nifcloud_dns_record[%s]' has risk of DNS records be used by others", [name]),
+		"keyExpectedValue": sprintf("Verified records should be removed from 'nifcloud_dns_record[%s]'.", [name]),
+		"keyActualValue": sprintf("'nifcloud_dns_record[%s]' has risk of DNS records being used by others.", [name]),
 	}
 }

assets/queries/terraform/nifcloud/dns_has_verified_record/test/positive_expected_result.json

@@ -1,7 +1,7 @@
 [
 	{
-		"queryName": "Beta - Nifcloud DNS Has Verified Record",
-		"severity": "HIGH",
+		"queryName": "Nifcloud DNS Has Verified Record",
+		"severity": "LOW",
 		"line": 1,
 		"fileName": "positive.tf"
 	}

assets/queries/terraform/nifcloud/elb_has_common_private/metadata.json

@@ -1,9 +1,9 @@
 {
   "id": "5061f84c-ab66-4660-90b9-680c9df346c0",
-  "queryName": "Beta - Nifcloud ELB Has Common Private Network",
+  "queryName": "Nifcloud ELB Has Common Private Network",
   "severity": "LOW",
   "category": "Networking and Firewall",
-  "descriptionText": "The elb has common private network",
+  "descriptionText": "The ELB has common private network",
   "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/elb#network_id",
   "platform": "Terraform",
   "descriptionID": "40e5b2b8",

assets/queries/terraform/nifcloud/elb_has_common_private/test/positive_expected_result.json

@@ -1,12 +1,12 @@
 [
 	{
-		"queryName": "Beta - Nifcloud ELB Has Common Private Network",
+		"queryName": "Nifcloud ELB Has Common Private Network",
 		"severity": "LOW",
 		"line": 1,
 		"fileName": "positive1.tf"
 	},
 	{
-		"queryName": "Beta - Nifcloud ELB Has Common Private Network",
+		"queryName": "Nifcloud ELB Has Common Private Network",
 		"severity": "LOW",
 		"line": 1,
 		"fileName": "positive2.tf"