From e933a6d450a5433c5dd85adb7b2a90e3aba190f0 Mon Sep 17 00:00:00 2001 From: seanyyan Date: Fri, 14 Jun 2024 18:13:01 +0800 Subject: [PATCH 1/5] add --- .../metadata.json | 12 ++++ .../query.rego | 20 +++++++ .../test/negative1.tf | 45 +++++++++++++++ .../test/negative2.tf | 46 ++++++++++++++++ .../test/positive1.tf | 46 ++++++++++++++++ .../test/positive_expected_result.json | 8 +++ .../metadata.json | 12 ++++ .../query.rego | 36 ++++++++++++ .../test/negative1.tf | 45 +++++++++++++++ .../test/positive1.tf | 45 +++++++++++++++ .../test/positive2.tf | 44 +++++++++++++++ .../test/positive_expected_result.json | 14 +++++ .../metadata.json | 12 ++++ .../query.rego | 26 +++++++++ .../test/negative1.tf | 55 +++++++++++++++++++ .../test/positive1.tf | 45 +++++++++++++++ .../test/positive_expected_result.json | 8 +++ test/assets/auto_remediation_sample.tf | 2 +- 18 files changed, 520 insertions(+), 1 deletion(-) create mode 100644 assets/queries/terraform/tencentcloud/cdb_instance_internet_service_enabled/metadata.json create mode 100644 assets/queries/terraform/tencentcloud/cdb_instance_internet_service_enabled/query.rego create mode 100644 assets/queries/terraform/tencentcloud/cdb_instance_internet_service_enabled/test/negative1.tf create mode 100644 assets/queries/terraform/tencentcloud/cdb_instance_internet_service_enabled/test/negative2.tf create mode 100644 assets/queries/terraform/tencentcloud/cdb_instance_internet_service_enabled/test/positive1.tf create mode 100644 assets/queries/terraform/tencentcloud/cdb_instance_internet_service_enabled/test/positive_expected_result.json create mode 100644 assets/queries/terraform/tencentcloud/cdb_instance_using_default_intranet_port/metadata.json create mode 100644 assets/queries/terraform/tencentcloud/cdb_instance_using_default_intranet_port/query.rego create mode 100644 assets/queries/terraform/tencentcloud/cdb_instance_using_default_intranet_port/test/negative1.tf create mode 100644 assets/queries/terraform/tencentcloud/cdb_instance_using_default_intranet_port/test/positive1.tf create mode 100644 assets/queries/terraform/tencentcloud/cdb_instance_using_default_intranet_port/test/positive2.tf create mode 100644 assets/queries/terraform/tencentcloud/cdb_instance_using_default_intranet_port/test/positive_expected_result.json create mode 100644 assets/queries/terraform/tencentcloud/cdb_instance_without_backup_policy/metadata.json create mode 100644 assets/queries/terraform/tencentcloud/cdb_instance_without_backup_policy/query.rego create mode 100644 assets/queries/terraform/tencentcloud/cdb_instance_without_backup_policy/test/negative1.tf create mode 100644 assets/queries/terraform/tencentcloud/cdb_instance_without_backup_policy/test/positive1.tf create mode 100644 assets/queries/terraform/tencentcloud/cdb_instance_without_backup_policy/test/positive_expected_result.json diff --git a/assets/queries/terraform/tencentcloud/cdb_instance_internet_service_enabled/metadata.json b/assets/queries/terraform/tencentcloud/cdb_instance_internet_service_enabled/metadata.json new file mode 100644 index 00000000000..a21890fa6ac --- /dev/null +++ b/assets/queries/terraform/tencentcloud/cdb_instance_internet_service_enabled/metadata.json @@ -0,0 +1,12 @@ +{ + "id": "5d820574-4a60-4916-b049-0810b8629731", + "queryName": "(Beta) CDB Instance Internet Service Enabled", + "severity": "HIGH", + "category": "Insecure Configurations", + "descriptionText": "CDB Instance Internet should have internet service disabled", + "descriptionUrl": "https://registry.terraform.io/providers/tencentcloudstack/tencentcloud/latest/docs/resources/mysql_instance#internet_service", + "platform": "Terraform", + "descriptionID": "2d49b723", + "cloudProvider": "tencentcloud", + "cwe": "" +} diff --git a/assets/queries/terraform/tencentcloud/cdb_instance_internet_service_enabled/query.rego b/assets/queries/terraform/tencentcloud/cdb_instance_internet_service_enabled/query.rego new file mode 100644 index 00000000000..5586b48b036 --- /dev/null +++ b/assets/queries/terraform/tencentcloud/cdb_instance_internet_service_enabled/query.rego @@ -0,0 +1,20 @@ +package Cx + +import data.generic.common as common_lib +import data.generic.terraform as tf_lib + +CxPolicy[result] { + resource := input.document[i].resource.tencentcloud_mysql_instance[name] + resource.internet_service == 1 + + result := { + "documentId": input.document[i].id, + "resourceType": "tencentcloud_mysql_instance", + "resourceName": tf_lib.get_resource_name(resource, name), + "searchKey": sprintf("tencentcloud_mysql_instance[%s].internet_service", [name]), + "issueType": "IncorrectValue", + "keyExpectedValue": sprintf("[%s] has 'internet_service' set to 0 or undefiend", [name]), + "keyActualValue": sprintf("[%s] has 'internet_service' set to 1", [name]), + "searchLine":common_lib.build_search_line(["resource", "tencentcloud_mysql_instance", name, "internet_service"], []), + } +} diff --git a/assets/queries/terraform/tencentcloud/cdb_instance_internet_service_enabled/test/negative1.tf b/assets/queries/terraform/tencentcloud/cdb_instance_internet_service_enabled/test/negative1.tf new file mode 100644 index 00000000000..66c34b24321 --- /dev/null +++ b/assets/queries/terraform/tencentcloud/cdb_instance_internet_service_enabled/test/negative1.tf @@ -0,0 +1,45 @@ +data "tencentcloud_availability_zones_by_product" "zones" { + product = "cdb" +} + +resource "tencentcloud_vpc" "vpc" { + name = "vpc-mysql" + cidr_block = "10.0.0.0/16" +} + +resource "tencentcloud_subnet" "subnet" { + availability_zone = data.tencentcloud_availability_zones_by_product.zones.zones.0.name + name = "subnet-mysql" + vpc_id = tencentcloud_vpc.vpc.id + cidr_block = "10.0.0.0/16" + is_multicast = false +} + +resource "tencentcloud_security_group" "security_group" { + name = "sg-mysql" + description = "mysql test" +} + +resource "tencentcloud_mysql_instance" "example" { + engine_version = "5.7" + charge_type = "POSTPAID" + slave_deploy_mode = 0 + availability_zone = data.tencentcloud_availability_zones_by_product.zones.zones.0.name + slave_sync_mode = 1 + instance_name = "tf-example-mysql" + mem_size = 4000 + volume_size = 200 + vpc_id = tencentcloud_vpc.vpc.id + subnet_id = tencentcloud_subnet.subnet.id + intranet_port = 3306 + security_groups = [tencentcloud_security_group.security_group.id] + + tags = { + name = "test" + } + + parameters = { + character_set_server = "utf8" + max_connections = "1000" + } +} diff --git a/assets/queries/terraform/tencentcloud/cdb_instance_internet_service_enabled/test/negative2.tf b/assets/queries/terraform/tencentcloud/cdb_instance_internet_service_enabled/test/negative2.tf new file mode 100644 index 00000000000..6d1d1c12f6a --- /dev/null +++ b/assets/queries/terraform/tencentcloud/cdb_instance_internet_service_enabled/test/negative2.tf @@ -0,0 +1,46 @@ +data "tencentcloud_availability_zones_by_product" "zones" { + product = "cdb" +} + +resource "tencentcloud_vpc" "vpc" { + name = "vpc-mysql" + cidr_block = "10.0.0.0/16" +} + +resource "tencentcloud_subnet" "subnet" { + availability_zone = data.tencentcloud_availability_zones_by_product.zones.zones.0.name + name = "subnet-mysql" + vpc_id = tencentcloud_vpc.vpc.id + cidr_block = "10.0.0.0/16" + is_multicast = false +} + +resource "tencentcloud_security_group" "security_group" { + name = "sg-mysql" + description = "mysql test" +} + +resource "tencentcloud_mysql_instance" "example" { + internet_service = 0 + engine_version = "5.7" + charge_type = "POSTPAID" + slave_deploy_mode = 0 + availability_zone = data.tencentcloud_availability_zones_by_product.zones.zones.0.name + slave_sync_mode = 1 + instance_name = "tf-example-mysql" + mem_size = 4000 + volume_size = 200 + vpc_id = tencentcloud_vpc.vpc.id + subnet_id = tencentcloud_subnet.subnet.id + intranet_port = 3306 + security_groups = [tencentcloud_security_group.security_group.id] + + tags = { + name = "test" + } + + parameters = { + character_set_server = "utf8" + max_connections = "1000" + } +} diff --git a/assets/queries/terraform/tencentcloud/cdb_instance_internet_service_enabled/test/positive1.tf b/assets/queries/terraform/tencentcloud/cdb_instance_internet_service_enabled/test/positive1.tf new file mode 100644 index 00000000000..420910781c0 --- /dev/null +++ b/assets/queries/terraform/tencentcloud/cdb_instance_internet_service_enabled/test/positive1.tf @@ -0,0 +1,46 @@ +data "tencentcloud_availability_zones_by_product" "zones" { + product = "cdb" +} + +resource "tencentcloud_vpc" "vpc" { + name = "vpc-mysql" + cidr_block = "10.0.0.0/16" +} + +resource "tencentcloud_subnet" "subnet" { + availability_zone = data.tencentcloud_availability_zones_by_product.zones.zones.0.name + name = "subnet-mysql" + vpc_id = tencentcloud_vpc.vpc.id + cidr_block = "10.0.0.0/16" + is_multicast = false +} + +resource "tencentcloud_security_group" "security_group" { + name = "sg-mysql" + description = "mysql test" +} + +resource "tencentcloud_mysql_instance" "example" { + internet_service = 1 + engine_version = "5.7" + charge_type = "POSTPAID" + slave_deploy_mode = 0 + availability_zone = data.tencentcloud_availability_zones_by_product.zones.zones.0.name + slave_sync_mode = 1 + instance_name = "tf-example-mysql" + mem_size = 4000 + volume_size = 200 + vpc_id = tencentcloud_vpc.vpc.id + subnet_id = tencentcloud_subnet.subnet.id + intranet_port = 3306 + security_groups = [tencentcloud_security_group.security_group.id] + + tags = { + name = "test" + } + + parameters = { + character_set_server = "utf8" + max_connections = "1000" + } +} diff --git a/assets/queries/terraform/tencentcloud/cdb_instance_internet_service_enabled/test/positive_expected_result.json b/assets/queries/terraform/tencentcloud/cdb_instance_internet_service_enabled/test/positive_expected_result.json new file mode 100644 index 00000000000..e94045b6407 --- /dev/null +++ b/assets/queries/terraform/tencentcloud/cdb_instance_internet_service_enabled/test/positive_expected_result.json @@ -0,0 +1,8 @@ +[ + { + "queryName": "(Beta) CDB Instance Internet Service Enabled", + "severity": "HIGH", + "line": 24, + "fileName": "positive1.tf" + } +] diff --git a/assets/queries/terraform/tencentcloud/cdb_instance_using_default_intranet_port/metadata.json b/assets/queries/terraform/tencentcloud/cdb_instance_using_default_intranet_port/metadata.json new file mode 100644 index 00000000000..330b6315553 --- /dev/null +++ b/assets/queries/terraform/tencentcloud/cdb_instance_using_default_intranet_port/metadata.json @@ -0,0 +1,12 @@ +{ + "id": "18d6aa4b-7570-4d95-9c75-90363ef1abd9", + "queryName": "(Beta) CDB Instance Internet Using Default Intranet Port", + "severity": "LOW", + "category": "Insecure Configurations", + "descriptionText": "CDB Instance Internet should not use have default intranet port", + "descriptionUrl": "https://registry.terraform.io/providers/tencentcloudstack/tencentcloud/latest/docs/resources/mysql_instance#intranet_port", + "platform": "Terraform", + "descriptionID": "dd780613", + "cloudProvider": "tencentcloud", + "cwe": "" +} diff --git a/assets/queries/terraform/tencentcloud/cdb_instance_using_default_intranet_port/query.rego b/assets/queries/terraform/tencentcloud/cdb_instance_using_default_intranet_port/query.rego new file mode 100644 index 00000000000..850daa95023 --- /dev/null +++ b/assets/queries/terraform/tencentcloud/cdb_instance_using_default_intranet_port/query.rego @@ -0,0 +1,36 @@ +package Cx + +import data.generic.common as common_lib +import data.generic.terraform as tf_lib + +CxPolicy[result] { + resource := input.document[i].resource.tencentcloud_mysql_instance[name] + resource.intranet_port == 3306 + + result := { + "documentId": input.document[i].id, + "resourceType": "tencentcloud_mysql_instance", + "resourceName": tf_lib.get_resource_name(resource, name), + "searchKey": sprintf("tencentcloud_mysql_instance[%s].intranet_port", [name]), + "issueType": "IncorrectValue", + "keyExpectedValue": sprintf("[%s] has 'intranet_port' set to non 3306", [name]), + "keyActualValue": sprintf("[%s] has 'intranet_port' set to 3306", [name]), + "searchLine":common_lib.build_search_line(["resource", "tencentcloud_mysql_instance", name, "intranet_port"], []), + } +} + +CxPolicy[result] { + resource := input.document[i].resource.tencentcloud_mysql_instance[name] + not common_lib.valid_key(resource, "intranet_port") + + result := { + "documentId": input.document[i].id, + "resourceType": "tencentcloud_mysql_instance", + "resourceName": tf_lib.get_resource_name(resource, name), + "searchKey": sprintf("tencentcloud_mysql_instance[%s]",[name]), + "issueType": "MissingAttribute", + "keyExpectedValue": sprintf("[%s] 'intranet_port' should be set and the value cannot byt 3306",[name]), + "keyActualValue": sprintf("[%s] does not set 'intranet_port'",[name]), + "searchLine":common_lib.build_search_line(["resource", "tencentcloud_mysql_instance", name], []), + } +} diff --git a/assets/queries/terraform/tencentcloud/cdb_instance_using_default_intranet_port/test/negative1.tf b/assets/queries/terraform/tencentcloud/cdb_instance_using_default_intranet_port/test/negative1.tf new file mode 100644 index 00000000000..b66ea2d2eae --- /dev/null +++ b/assets/queries/terraform/tencentcloud/cdb_instance_using_default_intranet_port/test/negative1.tf @@ -0,0 +1,45 @@ +data "tencentcloud_availability_zones_by_product" "zones" { + product = "cdb" +} + +resource "tencentcloud_vpc" "vpc" { + name = "vpc-mysql" + cidr_block = "10.0.0.0/16" +} + +resource "tencentcloud_subnet" "subnet" { + availability_zone = data.tencentcloud_availability_zones_by_product.zones.zones.0.name + name = "subnet-mysql" + vpc_id = tencentcloud_vpc.vpc.id + cidr_block = "10.0.0.0/16" + is_multicast = false +} + +resource "tencentcloud_security_group" "security_group" { + name = "sg-mysql" + description = "mysql test" +} + +resource "tencentcloud_mysql_instance" "example" { + engine_version = "5.7" + charge_type = "POSTPAID" + slave_deploy_mode = 0 + availability_zone = data.tencentcloud_availability_zones_by_product.zones.zones.0.name + slave_sync_mode = 1 + instance_name = "tf-example-mysql" + mem_size = 4000 + volume_size = 200 + vpc_id = tencentcloud_vpc.vpc.id + subnet_id = tencentcloud_subnet.subnet.id + intranet_port = 3307 + security_groups = [tencentcloud_security_group.security_group.id] + + tags = { + name = "test" + } + + parameters = { + character_set_server = "utf8" + max_connections = "1000" + } +} diff --git a/assets/queries/terraform/tencentcloud/cdb_instance_using_default_intranet_port/test/positive1.tf b/assets/queries/terraform/tencentcloud/cdb_instance_using_default_intranet_port/test/positive1.tf new file mode 100644 index 00000000000..66c34b24321 --- /dev/null +++ b/assets/queries/terraform/tencentcloud/cdb_instance_using_default_intranet_port/test/positive1.tf @@ -0,0 +1,45 @@ +data "tencentcloud_availability_zones_by_product" "zones" { + product = "cdb" +} + +resource "tencentcloud_vpc" "vpc" { + name = "vpc-mysql" + cidr_block = "10.0.0.0/16" +} + +resource "tencentcloud_subnet" "subnet" { + availability_zone = data.tencentcloud_availability_zones_by_product.zones.zones.0.name + name = "subnet-mysql" + vpc_id = tencentcloud_vpc.vpc.id + cidr_block = "10.0.0.0/16" + is_multicast = false +} + +resource "tencentcloud_security_group" "security_group" { + name = "sg-mysql" + description = "mysql test" +} + +resource "tencentcloud_mysql_instance" "example" { + engine_version = "5.7" + charge_type = "POSTPAID" + slave_deploy_mode = 0 + availability_zone = data.tencentcloud_availability_zones_by_product.zones.zones.0.name + slave_sync_mode = 1 + instance_name = "tf-example-mysql" + mem_size = 4000 + volume_size = 200 + vpc_id = tencentcloud_vpc.vpc.id + subnet_id = tencentcloud_subnet.subnet.id + intranet_port = 3306 + security_groups = [tencentcloud_security_group.security_group.id] + + tags = { + name = "test" + } + + parameters = { + character_set_server = "utf8" + max_connections = "1000" + } +} diff --git a/assets/queries/terraform/tencentcloud/cdb_instance_using_default_intranet_port/test/positive2.tf b/assets/queries/terraform/tencentcloud/cdb_instance_using_default_intranet_port/test/positive2.tf new file mode 100644 index 00000000000..e346e4ab27e --- /dev/null +++ b/assets/queries/terraform/tencentcloud/cdb_instance_using_default_intranet_port/test/positive2.tf @@ -0,0 +1,44 @@ +data "tencentcloud_availability_zones_by_product" "zones" { + product = "cdb" +} + +resource "tencentcloud_vpc" "vpc" { + name = "vpc-mysql" + cidr_block = "10.0.0.0/16" +} + +resource "tencentcloud_subnet" "subnet" { + availability_zone = data.tencentcloud_availability_zones_by_product.zones.zones.0.name + name = "subnet-mysql" + vpc_id = tencentcloud_vpc.vpc.id + cidr_block = "10.0.0.0/16" + is_multicast = false +} + +resource "tencentcloud_security_group" "security_group" { + name = "sg-mysql" + description = "mysql test" +} + +resource "tencentcloud_mysql_instance" "example" { + engine_version = "5.7" + charge_type = "POSTPAID" + slave_deploy_mode = 0 + availability_zone = data.tencentcloud_availability_zones_by_product.zones.zones.0.name + slave_sync_mode = 1 + instance_name = "tf-example-mysql" + mem_size = 4000 + volume_size = 200 + vpc_id = tencentcloud_vpc.vpc.id + subnet_id = tencentcloud_subnet.subnet.id + security_groups = [tencentcloud_security_group.security_group.id] + + tags = { + name = "test" + } + + parameters = { + character_set_server = "utf8" + max_connections = "1000" + } +} diff --git a/assets/queries/terraform/tencentcloud/cdb_instance_using_default_intranet_port/test/positive_expected_result.json b/assets/queries/terraform/tencentcloud/cdb_instance_using_default_intranet_port/test/positive_expected_result.json new file mode 100644 index 00000000000..48949061e36 --- /dev/null +++ b/assets/queries/terraform/tencentcloud/cdb_instance_using_default_intranet_port/test/positive_expected_result.json @@ -0,0 +1,14 @@ +[ + { + "queryName": "(Beta) CDB Instance Internet Using Default Intranet Port", + "severity": "LOW", + "line": 34, + "fileName": "positive1.tf" + }, + { + "queryName": "(Beta) CDB Instance Internet Using Default Intranet Port", + "severity": "LOW", + "line": 23, + "fileName": "positive2.tf" + } +] diff --git a/assets/queries/terraform/tencentcloud/cdb_instance_without_backup_policy/metadata.json b/assets/queries/terraform/tencentcloud/cdb_instance_without_backup_policy/metadata.json new file mode 100644 index 00000000000..002a77e4fd8 --- /dev/null +++ b/assets/queries/terraform/tencentcloud/cdb_instance_without_backup_policy/metadata.json @@ -0,0 +1,12 @@ +{ + "id": "ca94be07-7de3-4ae7-85ef-67e0462ec694", + "queryName": "(Beta) CDB Instance Without Backup Policy", + "severity": "MEDIUM", + "category": "Backup", + "descriptionText": "CDB Instance should have set Backup Policy", + "descriptionUrl": "https://registry.terraform.io/providers/tencentcloudstack/tencentcloud/latest/docs/resources/mysql_backup_policy", + "platform": "Terraform", + "descriptionID": "f0daf852", + "cloudProvider": "tencentcloud", + "cwe": "" +} diff --git a/assets/queries/terraform/tencentcloud/cdb_instance_without_backup_policy/query.rego b/assets/queries/terraform/tencentcloud/cdb_instance_without_backup_policy/query.rego new file mode 100644 index 00000000000..2a2d1ee3b70 --- /dev/null +++ b/assets/queries/terraform/tencentcloud/cdb_instance_without_backup_policy/query.rego @@ -0,0 +1,26 @@ +package Cx + +import data.generic.common as common_lib +import data.generic.terraform as tf_lib + +CxPolicy[result] { + resource := input.document[i].resource.tencentcloud_mysql_instance[name] + not any_backup_policy_matches_instance(name) + + result := { + "documentId": input.document[i].id, + "resourceType": "tencentcloud_mysql_instance", + "resourceName": tf_lib.get_resource_name(resource, name), + "searchKey": sprintf("tencentcloud_mysql_instance[%s]", [name]), + "issueType": "MissingAttribute", + "keyExpectedValue": sprintf("tencentcloud_mysql_instance[%s] should has 'tencentcloud_mysql_backup_policy'", [name]), + "keyActualValue": sprintf("tencentcloud_mysql_instance[%s] does not have 'tencentcloud_mysql_backup_policy'", [name]), + "searchLine":common_lib.build_search_line(["resource", "tencentcloud_mysql_instance", name], []), + } +} + +any_backup_policy_matches_instance(resource_name) { + backup_policy := input.document[_].resource.tencentcloud_mysql_backup_policy[_] + split_name := split(backup_policy.mysql_id, ".")[1] + split_name == resource_name +} diff --git a/assets/queries/terraform/tencentcloud/cdb_instance_without_backup_policy/test/negative1.tf b/assets/queries/terraform/tencentcloud/cdb_instance_without_backup_policy/test/negative1.tf new file mode 100644 index 00000000000..c27885267cf --- /dev/null +++ b/assets/queries/terraform/tencentcloud/cdb_instance_without_backup_policy/test/negative1.tf @@ -0,0 +1,55 @@ +data "tencentcloud_availability_zones_by_product" "zones" { + product = "cdb" +} + +resource "tencentcloud_vpc" "vpc" { + name = "vpc-mysql" + cidr_block = "10.0.0.0/16" +} + +resource "tencentcloud_subnet" "subnet" { + availability_zone = data.tencentcloud_availability_zones_by_product.zones.zones.0.name + name = "subnet-mysql" + vpc_id = tencentcloud_vpc.vpc.id + cidr_block = "10.0.0.0/16" + is_multicast = false +} + +resource "tencentcloud_security_group" "security_group" { + name = "sg-mysql" + description = "mysql test" +} + +resource "tencentcloud_mysql_instance" "has_backup_policy" { + engine_version = "5.7" + charge_type = "POSTPAID" + slave_deploy_mode = 0 + availability_zone = data.tencentcloud_availability_zones_by_product.zones.zones.0.name + slave_sync_mode = 1 + instance_name = "tf-example-mysql" + mem_size = 4000 + volume_size = 200 + vpc_id = tencentcloud_vpc.vpc.id + subnet_id = tencentcloud_subnet.subnet.id + intranet_port = 3306 + security_groups = [tencentcloud_security_group.security_group.id] + + tags = { + name = "test" + } + + parameters = { + character_set_server = "utf8" + max_connections = "1000" + } +} + +resource "tencentcloud_mysql_backup_policy" "example" { + mysql_id = tencentcloud_mysql_instance.has_backup_policy.id + retention_period = 7 + backup_model = "physical" + backup_time = "22:00-02:00" + binlog_period = 32 + enable_binlog_standby = "off" + binlog_standby_days = 31 +} diff --git a/assets/queries/terraform/tencentcloud/cdb_instance_without_backup_policy/test/positive1.tf b/assets/queries/terraform/tencentcloud/cdb_instance_without_backup_policy/test/positive1.tf new file mode 100644 index 00000000000..07657ebebdd --- /dev/null +++ b/assets/queries/terraform/tencentcloud/cdb_instance_without_backup_policy/test/positive1.tf @@ -0,0 +1,45 @@ +data "tencentcloud_availability_zones_by_product" "zones" { + product = "cdb" +} + +resource "tencentcloud_vpc" "vpc" { + name = "vpc-mysql" + cidr_block = "10.0.0.0/16" +} + +resource "tencentcloud_subnet" "subnet" { + availability_zone = data.tencentcloud_availability_zones_by_product.zones.zones.0.name + name = "subnet-mysql" + vpc_id = tencentcloud_vpc.vpc.id + cidr_block = "10.0.0.0/16" + is_multicast = false +} + +resource "tencentcloud_security_group" "security_group" { + name = "sg-mysql" + description = "mysql test" +} + +resource "tencentcloud_mysql_instance" "none_backup_policy" { + engine_version = "5.7" + charge_type = "POSTPAID" + slave_deploy_mode = 0 + availability_zone = data.tencentcloud_availability_zones_by_product.zones.zones.0.name + slave_sync_mode = 1 + instance_name = "tf-example-mysql" + mem_size = 4000 + volume_size = 200 + vpc_id = tencentcloud_vpc.vpc.id + subnet_id = tencentcloud_subnet.subnet.id + intranet_port = 3306 + security_groups = [tencentcloud_security_group.security_group.id] + + tags = { + name = "test" + } + + parameters = { + character_set_server = "utf8" + max_connections = "1000" + } +} diff --git a/assets/queries/terraform/tencentcloud/cdb_instance_without_backup_policy/test/positive_expected_result.json b/assets/queries/terraform/tencentcloud/cdb_instance_without_backup_policy/test/positive_expected_result.json new file mode 100644 index 00000000000..94d3c472ba5 --- /dev/null +++ b/assets/queries/terraform/tencentcloud/cdb_instance_without_backup_policy/test/positive_expected_result.json @@ -0,0 +1,8 @@ +[ + { + "queryName": "(Beta) CDB Instance Without Backup Policy", + "severity": "MEDIUM", + "line": 23, + "fileName": "positive1.tf" + } +] diff --git a/test/assets/auto_remediation_sample.tf b/test/assets/auto_remediation_sample.tf index 684d4b164ed..1e56fa7e48d 100644 --- a/test/assets/auto_remediation_sample.tf +++ b/test/assets/auto_remediation_sample.tf @@ -12,7 +12,7 @@ resource "alicloud_ram_account_password_policy" "corporate2" { minimum_password_length = 14 require_lowercase_characters = false require_uppercase_characters = false - require_numbers = false + require_numbers = true require_symbols = false hard_expiry = true password_reuse_prevention = 5 From eee33269b1b203a10a5d393469290e3a072d353f Mon Sep 17 00:00:00 2001 From: seanyyan Date: Fri, 14 Jun 2024 18:56:23 +0800 Subject: [PATCH 2/5] add --- test/assets/auto_remediation_sample.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/assets/auto_remediation_sample.tf b/test/assets/auto_remediation_sample.tf index 1e56fa7e48d..684d4b164ed 100644 --- a/test/assets/auto_remediation_sample.tf +++ b/test/assets/auto_remediation_sample.tf @@ -12,7 +12,7 @@ resource "alicloud_ram_account_password_policy" "corporate2" { minimum_password_length = 14 require_lowercase_characters = false require_uppercase_characters = false - require_numbers = true + require_numbers = false require_symbols = false hard_expiry = true password_reuse_prevention = 5 From 3628547fc8c79087064fbb872b10d21875f9eb88 Mon Sep 17 00:00:00 2001 From: Artur Ribeiro <153724638+ArturRibeiro-CX@users.noreply.github.com> Date: Tue, 18 Jun 2024 09:43:19 +0100 Subject: [PATCH 3/5] fix typo on cdb_instance_internet_service_enabled expected value --- .../cdb_instance_internet_service_enabled/query.rego | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/assets/queries/terraform/tencentcloud/cdb_instance_internet_service_enabled/query.rego b/assets/queries/terraform/tencentcloud/cdb_instance_internet_service_enabled/query.rego index 5586b48b036..0f49b3fd3a0 100644 --- a/assets/queries/terraform/tencentcloud/cdb_instance_internet_service_enabled/query.rego +++ b/assets/queries/terraform/tencentcloud/cdb_instance_internet_service_enabled/query.rego @@ -13,7 +13,7 @@ CxPolicy[result] { "resourceName": tf_lib.get_resource_name(resource, name), "searchKey": sprintf("tencentcloud_mysql_instance[%s].internet_service", [name]), "issueType": "IncorrectValue", - "keyExpectedValue": sprintf("[%s] has 'internet_service' set to 0 or undefiend", [name]), + "keyExpectedValue": sprintf("[%s] has 'internet_service' set to 0 or undefined", [name]), "keyActualValue": sprintf("[%s] has 'internet_service' set to 1", [name]), "searchLine":common_lib.build_search_line(["resource", "tencentcloud_mysql_instance", name, "internet_service"], []), } From c89767161c48184effde10d729dfb79fb187f517 Mon Sep 17 00:00:00 2001 From: Artur Ribeiro <153724638+ArturRibeiro-CX@users.noreply.github.com> Date: Tue, 18 Jun 2024 09:44:09 +0100 Subject: [PATCH 4/5] update cdb_instance_using_default_intranet_port expected value phrasing Co-authored-by: Gabriel --- .../cdb_instance_using_default_intranet_port/query.rego | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/assets/queries/terraform/tencentcloud/cdb_instance_using_default_intranet_port/query.rego b/assets/queries/terraform/tencentcloud/cdb_instance_using_default_intranet_port/query.rego index 850daa95023..1a63d48d4f4 100644 --- a/assets/queries/terraform/tencentcloud/cdb_instance_using_default_intranet_port/query.rego +++ b/assets/queries/terraform/tencentcloud/cdb_instance_using_default_intranet_port/query.rego @@ -29,7 +29,7 @@ CxPolicy[result] { "resourceName": tf_lib.get_resource_name(resource, name), "searchKey": sprintf("tencentcloud_mysql_instance[%s]",[name]), "issueType": "MissingAttribute", - "keyExpectedValue": sprintf("[%s] 'intranet_port' should be set and the value cannot byt 3306",[name]), + "keyExpectedValue": sprintf("[%s] 'intranet_port' should be set and the value should not be 3306",[name]), "keyActualValue": sprintf("[%s] does not set 'intranet_port'",[name]), "searchLine":common_lib.build_search_line(["resource", "tencentcloud_mysql_instance", name], []), } From 130e33ffd92e1803927449d7688c5a0d35078466 Mon Sep 17 00:00:00 2001 From: Artur Ribeiro <153724638+ArturRibeiro-CX@users.noreply.github.com> Date: Tue, 18 Jun 2024 09:44:50 +0100 Subject: [PATCH 5/5] update cdb_instance_without_backup_policy expected value phrasing Co-authored-by: Gabriel --- .../tencentcloud/cdb_instance_without_backup_policy/query.rego | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/assets/queries/terraform/tencentcloud/cdb_instance_without_backup_policy/query.rego b/assets/queries/terraform/tencentcloud/cdb_instance_without_backup_policy/query.rego index 2a2d1ee3b70..f865aa77370 100644 --- a/assets/queries/terraform/tencentcloud/cdb_instance_without_backup_policy/query.rego +++ b/assets/queries/terraform/tencentcloud/cdb_instance_without_backup_policy/query.rego @@ -13,7 +13,7 @@ CxPolicy[result] { "resourceName": tf_lib.get_resource_name(resource, name), "searchKey": sprintf("tencentcloud_mysql_instance[%s]", [name]), "issueType": "MissingAttribute", - "keyExpectedValue": sprintf("tencentcloud_mysql_instance[%s] should has 'tencentcloud_mysql_backup_policy'", [name]), + "keyExpectedValue": sprintf("tencentcloud_mysql_instance[%s] should have 'tencentcloud_mysql_backup_policy'", [name]), "keyActualValue": sprintf("tencentcloud_mysql_instance[%s] does not have 'tencentcloud_mysql_backup_policy'", [name]), "searchLine":common_lib.build_search_line(["resource", "tencentcloud_mysql_instance", name], []), }