diff --git a/e2e/fixtures/E2E_CLI_031_RESULT.html b/e2e/fixtures/E2E_CLI_031_RESULT.html index 4894d9a06c5..eecccc9ad87 100644 --- a/e2e/fixtures/E2E_CLI_031_RESULT.html +++ b/e2e/fixtures/E2E_CLI_031_RESULT.html @@ -1,58 +1,876 @@ -KICS Scan Result
KICS REPORT07/05/2021 14:43KICS.IO
Scanned paths: fixtures/samples/terraform.tf -Platforms: Common, TerraformStart time: 14:42:51, Jul 05 2021 -End time: 14:43:00, Jul 05 2021

Vulnerabilities:

6 -HIGH
6 -MEDIUM
0 -LOW
2 -INFO
14 -TOTAL

Passwords And Secrets In Infrastructure Code

Platform: Common -Category: Secret Management
Query to find passwords and secrets in infrastructure code. -https://kics.io/
Results (2)
File: C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\terraform.tf -Line 14
Expected: Hardcoded secret key should not appear in source -Found: Mustbe8characters
13 master_username = "foo"
14 master_password = "Mustbe8characters"
15 node_type = "dc1.large"
File: C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\terraform.tf -Line 5
Expected: Hardcoded secret key should not appear in source -Found: Mustbe8characters
4 master_username = "foo"
5 master_password = "Mustbe8characters"
6 node_type = "dc1.large"

Redshift Not Encrypted

Platform: Terraform -Category: Encryption
Check if 'encrypted' field is false or undefined (default is false) -https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_cluster#encrypted
Results (2)
File: C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\terraform.tf -Line 10
Expected: aws_redshift_cluster.encrypted is defined -Found: aws_redshift_cluster.encrypted is undefined
9
10resource "aws_redshift_cluster" "default1" {
11 cluster_identifier = "tf-redshift-cluster"
File: C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\terraform.tf -Line 1
Expected: aws_redshift_cluster.encrypted is defined -Found: aws_redshift_cluster.encrypted is undefined
1resource "aws_redshift_cluster" "default" {
2 cluster_identifier = "tf-redshift-cluster"
3 database_name = "mydb"

Redshift Publicly Accessible

Platform: Terraform -Category: Insecure Configurations
Check if 'publicly_accessible' field is true or undefined (default is true) -https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_cluster
Results (2)
File: C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\terraform.tf -Line 1
Expected: aws_redshift_cluster.publicly_accessible is defined -Found: aws_redshift_cluster.publicly_accessible is undefined
1resource "aws_redshift_cluster" "default" {
2 cluster_identifier = "tf-redshift-cluster"
3 database_name = "mydb"
File: C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\terraform.tf -Line 17
Expected: aws_redshift_cluster.publicly_accessible is false -Found: aws_redshift_cluster.publicly_accessible is true
16 cluster_type = "single-node"
17 publicly_accessible = true
18}

Redshift Cluster Logging Disabled

Platform: Terraform -Category: Observability
Make sure Logging is enabled for Redshift Cluster -https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_cluster#enable
Results (2)
File: C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\terraform.tf -Line 1
Expected: 'aws_redshift_cluster.logging' is true -Found: 'aws_redshift_cluster.logging' is undefined
1resource "aws_redshift_cluster" "default" {
2 cluster_identifier = "tf-redshift-cluster"
3 database_name = "mydb"
File: C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\terraform.tf -Line 10
Expected: 'aws_redshift_cluster.logging' is true -Found: 'aws_redshift_cluster.logging' is undefined
9
10resource "aws_redshift_cluster" "default1" {
11 cluster_identifier = "tf-redshift-cluster"

Redshift Cluster Without VPC

Platform: Terraform -Category: Insecure Configurations
Redshift Cluster should be configured in VPC (Virtual Private Cloud) -https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_cluster#vpc_security_group_ids
Results (4)
File: C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\terraform.tf -Line 1
Expected: aws_redshift_cluster[default].cluster_subnet_group_name is set -Found: aws_redshift_cluster[default].cluster_subnet_group_name is undefined
1resource "aws_redshift_cluster" "default" {
2 cluster_identifier = "tf-redshift-cluster"
3 database_name = "mydb"
File: C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\terraform.tf -Line 1
Expected: aws_redshift_cluster[default].vpc_security_group_ids is set -Found: aws_redshift_cluster[default].vpc_security_group_ids is undefined
1resource "aws_redshift_cluster" "default" {
2 cluster_identifier = "tf-redshift-cluster"
3 database_name = "mydb"
File: C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\terraform.tf -Line 10
Expected: aws_redshift_cluster[default1].cluster_subnet_group_name is set -Found: aws_redshift_cluster[default1].cluster_subnet_group_name is undefined
9
10resource "aws_redshift_cluster" "default1" {
11 cluster_identifier = "tf-redshift-cluster"
File: C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\terraform.tf -Line 10
Expected: aws_redshift_cluster[default1].vpc_security_group_ids is set -Found: aws_redshift_cluster[default1].vpc_security_group_ids is undefined
9
10resource "aws_redshift_cluster" "default1" {
11 cluster_identifier = "tf-redshift-cluster"

Resource Not Using Tags

Platform: Terraform -Category: Best Practices
AWS services resource tags are an essential part of managing components -https://registry.terraform.io/providers/hashicorp/aws/latest/docs/guides/resource-tagging
Results (2)
File: C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\terraform.tf -Line 1
Expected: aws_redshift_cluster[{{default}}].tags is defined -Found: aws_redshift_cluster[{{default}}].tags is missing
1resource "aws_redshift_cluster" "default" {
2 cluster_identifier = "tf-redshift-cluster"
3 database_name = "mydb"
File: C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\terraform.tf -Line 10
Expected: aws_redshift_cluster[{{default1}}].tags is defined -Found: aws_redshift_cluster[{{default1}}].tags is missing
9
10resource "aws_redshift_cluster" "default1" {
11 cluster_identifier = "tf-redshift-cluster"
KICS is open and will always stay such. Both the scanning engine and the security queries are clear and open for the software development community.
Spread the love:
- - + + + + + + + KICS Scan Result + + + + + +
+
KICS REPORT07/05/2021 14:43KICS.IO
+
Scanned paths: fixtures/samples/terraform.tf + Platforms: Common, TerraformStart time: 14:42:51, Jul 05 2021 + End time: 14:43:00, Jul 05 2021 +
+

Vulnerabilities:

+
+
+
+ + + + + +
6 + HIGH +
+
+
+ + + + + + + + + + +
6 + MEDIUM +
+
+
+ + + + + + + + + + +
0 + LOW +
+
+
+ + + + + + + + + + +
2 + INFO +
+
+
+ + + + + + + + + + +
14 + TOTAL +
+
+
+
+
+
+
+

+
+ + + + + + +
Passwords And Secrets In Infrastructure Code +

Platform: Common + Category: Secret Management +
+
Query to find passwords and secrets in infrastructure code. + https://kics.io/ +
+
+
+ Results (2) +
+
File: + C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\terraform.tf + Line 14 +
+
Expected: Hardcoded secret key should not appear + in source + Found: Mustbe8characters +
+
+
13 master_username = + "foo"
+
14 master_password + = "Mustbe8characters"
+
15 node_type = + "dc1.large"
+
+
+
+
File: + C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\terraform.tf + Line 5 +
+
Expected: Hardcoded secret key should not appear + in source + Found: Mustbe8characters +
+
+
4 master_username = + "foo"
+
5 master_password = + "Mustbe8characters"
+
6 node_type = + "dc1.large"
+
+
+
+
+
+
+
+
+
+
+

+
+ + + + + + +
Redshift Not Encrypted +

Platform: Terraform + Category: Encryption +
+
Check if 'encrypted' field is false or undefined (default is false) + https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_cluster#encrypted +
+
+
+ Results (2) +
+
File: + C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\terraform.tf + Line 10 +
+
Expected: aws_redshift_cluster.encrypted is + defined + Found: aws_redshift_cluster.encrypted is undefined +
+
+
9
+
10resource + "aws_redshift_cluster" "default1" {
+
11 cluster_identifier = + "tf-redshift-cluster"
+
+
+
+
File: + C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\terraform.tf + Line 1 +
+
Expected: aws_redshift_cluster.encrypted is + defined + Found: aws_redshift_cluster.encrypted is undefined +
+
+
1resource + "aws_redshift_cluster" "default" {
+
2 cluster_identifier = + "tf-redshift-cluster"
+
3 database_name = + "mydb"
+
+
+
+
+
+
+
+
+
+
+

+
+ + + + + + +
Redshift Publicly Accessible +

Platform: Terraform + Category: Insecure Configurations +
+
Check if 'publicly_accessible' field is true or undefined (default is + true) + https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_cluster +
+
+
+ Results (2) +
+
File: + C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\terraform.tf + Line 1 +
+
Expected: + aws_redshift_cluster.publicly_accessible is defined + Found: aws_redshift_cluster.publicly_accessible is undefined +
+
+
1resource + "aws_redshift_cluster" "default" {
+
2 cluster_identifier = + "tf-redshift-cluster"
+
3 database_name = + "mydb"
+
+
+
+
File: + C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\terraform.tf + Line 17 +
+
Expected: + aws_redshift_cluster.publicly_accessible is false + Found: aws_redshift_cluster.publicly_accessible is true +
+
+
16 cluster_type = + "single-node"
+
17 + publicly_accessible = true
+
18}
+
+
+
+
+
+
+
+
+
+
+

+
+ + + + + + + + + + +
Redshift Cluster Logging Disabled +

Platform: Terraform + Category: Observability +
+
Make sure Logging is enabled for Redshift Cluster + https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_cluster#enable +
+
+
+ Results (2) +
+
File: + C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\terraform.tf + Line 1 +
+
Expected: 'aws_redshift_cluster.logging' is + true + Found: 'aws_redshift_cluster.logging' is undefined +
+
+
1resource + "aws_redshift_cluster" "default" {
+
2 cluster_identifier = + "tf-redshift-cluster"
+
3 database_name = + "mydb"
+
+
+
+
File: + C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\terraform.tf + Line 10 +
+
Expected: 'aws_redshift_cluster.logging' is + true + Found: 'aws_redshift_cluster.logging' is undefined +
+
+
9
+
10resource + "aws_redshift_cluster" "default1" {
+
11 cluster_identifier = + "tf-redshift-cluster"
+
+
+
+
+
+
+
+
+
+
+

+
+ + + + + + + + + + +
Redshift Cluster Without VPC +

Platform: Terraform + Category: Insecure Configurations +
+
Redshift Cluster should be configured in VPC (Virtual Private Cloud) + https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_cluster#vpc_security_group_ids +
+
+
+ Results (4) +
+
File: + C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\terraform.tf + Line 1 +
+
Expected: + aws_redshift_cluster[default].cluster_subnet_group_name is set + Found: aws_redshift_cluster[default].cluster_subnet_group_name is undefined +
+
+
1resource + "aws_redshift_cluster" "default" {
+
2 cluster_identifier = + "tf-redshift-cluster"
+
3 database_name = + "mydb"
+
+
+
+
File: + C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\terraform.tf + Line 1 +
+
Expected: + aws_redshift_cluster[default].vpc_security_group_ids is set + Found: aws_redshift_cluster[default].vpc_security_group_ids is undefined +
+
+
1resource + "aws_redshift_cluster" "default" {
+
2 cluster_identifier = + "tf-redshift-cluster"
+
3 database_name = + "mydb"
+
+
+
+
File: + C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\terraform.tf + Line 10 +
+
Expected: + aws_redshift_cluster[default1].cluster_subnet_group_name is set + Found: aws_redshift_cluster[default1].cluster_subnet_group_name is undefined +
+
+
9
+
10resource + "aws_redshift_cluster" "default1" {
+
11 cluster_identifier = + "tf-redshift-cluster"
+
+
+
+
File: + C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\terraform.tf + Line 10 +
+
Expected: + aws_redshift_cluster[default1].vpc_security_group_ids is set + Found: aws_redshift_cluster[default1].vpc_security_group_ids is undefined +
+
+
9
+
10resource + "aws_redshift_cluster" "default1" {
+
11 cluster_identifier = + "tf-redshift-cluster"
+
+
+
+
+
+
+
+
+
+
+

+
+ + + + + + + + + + +
Resource Not Using Tags +

Platform: Terraform + Category: Best Practices +
+
AWS services resource tags are an essential part of managing + components + https://registry.terraform.io/providers/hashicorp/aws/latest/docs/guides/resource-tagging +
+
+
+ Results (2) +
+
File: + C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\terraform.tf + Line 1 +
+
Expected: aws_redshift_cluster[{{default}}].tags + is defined + Found: aws_redshift_cluster[{{default}}].tags is missing +
+
+
1resource + "aws_redshift_cluster" "default" {
+
2 cluster_identifier = + "tf-redshift-cluster"
+
3 database_name = + "mydb"
+
+
+
+
File: + C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\terraform.tf + Line 10 +
+
Expected: + aws_redshift_cluster[{{default1}}].tags is defined + Found: aws_redshift_cluster[{{default1}}].tags is missing +
+
+
9
+
10resource + "aws_redshift_cluster" "default1" {
+
11 cluster_identifier = + "tf-redshift-cluster"
+
+
+
+
+
+
+
KICS is open and will always stay such. Both the scanning engine and the security queries + are clear and open for the software development community.
+
Spread the love:
+
The KICS project is powered by Checkmarx, global leader of Application Security Testing
\ No newline at end of file +
+
+
The KICS project is powered by Checkmarx, global + leader of Application Security Testing
+
+ + + diff --git a/e2e/fixtures/E2E_CLI_040_RESULT.html b/e2e/fixtures/E2E_CLI_040_RESULT.html index 1c72f7f22c3..1019864bb8c 100644 --- a/e2e/fixtures/E2E_CLI_040_RESULT.html +++ b/e2e/fixtures/E2E_CLI_040_RESULT.html @@ -1,86 +1,1300 @@ -KICS Scan Result
KICS REPORT07/05/2021 14:44KICS.IO
Scanned paths: fixtures/samples/positive.yaml -Platforms: CloudFormationStart time: 14:44:10, Jul 05 2021 -End time: 14:44:15, Jul 05 2021

Vulnerabilities:

4 -HIGH
12 -MEDIUM
4 -LOW
0 -INFO
20 -TOTAL

ALB Listening on HTTP

Platform: CloudFormation -Category: Networking and Firewall
All Application Load Balancers (ALB) should block connection requests over HTTP -https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-elb-listener.html#cfn-ec2-elb-listener-protocol
Results (1)
File: C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\positive.yaml -Line 104
Expected: 'Resources.ALBListener.Protocol' not equal to 'HTTP' -Found: 'Resources.ALBListener.Protocol' equals to 'HTTP'
103 Port: 80
104 Protocol: HTTP
105 ECSALBListenerRule:

ECS Task Definition Network Mode Not Recommended

Platform: CloudFormation -Category: Insecure Configurations
Network_Mode should be 'awsvpc' in ecs_task_definition. AWS VPCs provides the controls to facilitate a formal process for approving and testing all network connections and changes to the firewall and router configurations -https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-networkmode
Results (1)
File: C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\positive.yaml -Line 48
Expected: 'Resources.TaskDefinition.Properties.NetworkMode' is set and is 'awsvpc' -Found: 'Resources.TaskDefinition.Properties.NetworkMode' is undefined and defaults to 'bridge'
47 Type: AWS::ECS::TaskDefinition
48 Properties:
49 Family: !Join ['', [!Ref 'AWS::StackName', -ecs-demo-app]]

Fully Open Ingress

Platform: CloudFormation -Category: Networking and Firewall
ECS Service's security group should not allow unrestricted access to all ports from all IPv4 addresses -https://docs.aws.amazon.com/AmazonECS/latest/developerguide/get-set-up-for-amazon-ecs.html#create-a-base-security-group
Results (2)
File: C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\positive.yaml -Line 24
Expected: Resource name 'EcsSecurityGroupHTTPinbound02' of type 'AWS::EC2::SecurityGroupIngress' should not accept ingress connections from all IPv4 adresses and to all available ports -Found: Resource name 'EcsSecurityGroupHTTPinbound02' of type 'AWS::EC2::SecurityGroupIngress' should not accept ingress connections from CIDR 0.0.0.0/0 to all available ports
23 ToPort: 0
24 CidrIp: 0.0.0.0/0
25 EcsSecurityGroupSSHinbound:
File: C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\positive.yaml -Line 32
Expected: Resource name 'EcsSecurityGroupSSHinbound' of type 'AWS::EC2::SecurityGroupIngress' should not accept ingress connections from all IPv4 adresses and to all available ports -Found: Resource name 'EcsSecurityGroupSSHinbound' of type 'AWS::EC2::SecurityGroupIngress' should not accept ingress connections from CIDR 0.0.0.0/0 to all available ports
31 ToPort: 0
32 CidrIp: 0.0.0.0/0
33 EcsSecurityGroupALBports:

ALB Is Not Integrated With WAF

Platform: CloudFormation -Category: Networking and Firewall
All Application Load Balancers (ALB) must be protected with Web Application Firewall (WAF) service -https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafregional-webaclassociation.html
Results (1)
File: C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\positive.yaml -Line 86
Expected: 'Resources.ECSALB' does not have an 'internal' scheme and has a 'WebACLAssociation' associated -Found: 'Resources.ECSALB' does not have an 'internal' scheme and a 'WebACLAssociation' associated
85 - Name: my-vol
86 ECSALB:
87 Type: AWS::ElasticLoadBalancingV2::LoadBalancer

Auto Scaling Group With No Associated ELB

Platform: CloudFormation -Category: Availability
AWS Auto Scaling Groups must have associated ELBs to ensure high availability and improve application performance. This means the attribute 'LoadBalancerNames' must be defined and not empty. -https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html
Results (1)
File: C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\positive.yaml -Line 131
Expected: 'Resources.ECSAutoScalingGroup.Properties.LoadBalancerNames' is defined -Found: 'Resources.ECSAutoScalingGroup.Properties.LoadBalancerNames' is not defined
130 Type: AWS::AutoScaling::AutoScalingGroup
131 Properties:
132 VPCZoneIdentifier: !Ref 'SubnetId'

CloudWatch Metrics Disabled

Platform: CloudFormation -Category: Observability
Checks if CloudWatch Metrics is Enabled -https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cw-alarm.html
Results (1)
File: C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\positive.yaml -Line 211
Expected: Resources.ALB500sAlarmScaleUp.Properties.Metrics should be defined -Found: Resources.ALB500sAlarmScaleUp.Properties.Metrics is undefined
210 Type: AWS::CloudWatch::Alarm
211 Properties:
212 EvaluationPeriods: 1

ECS Service Without Running Tasks

Platform: CloudFormation -Category: Availability
ECS Service should have at least 1 task running -https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-deploymentconfiguration
Results (1)
File: C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\positive.yaml -Line 159
Expected: Resources.service.Properties.DeploymentConfiguration is defined -Found: Resources.service.Properties.DeploymentConfiguration is undefined
158 Type: AWS::ECS::Service
159 Properties:
160 Cluster: !Ref 'ECSCluster'

ELB With Security Group Without Inbound Rules

Platform: CloudFormation -Category: Networking and Firewall
An AWS Elastic Load Balancer (ELB) shouldn´t have security groups without outbound rules -https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html#cfn-ec2-securitygroup-securitygroupingress
Results (1)
File: C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\positive.yaml -Line 14
Expected: 'Resources.EcsSecurityGroup.Properties.SecurityGroupIngress' is defined -Found: 'Resources.EcsSecurityGroup.Properties.SecurityGroupIngress' is undefined
13 Type: AWS::EC2::SecurityGroup
14 Properties:
15 GroupDescription: ECS Security Group

ELB With Security Group Without Outbound Rules

Platform: CloudFormation -Category: Networking and Firewall
An AWS Elastic Load Balancer (ELB) shouldn´t have security groups without outbound rules -https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html#cfn-ec2-securitygroup-securitygroupegress
Results (1)
File: C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\positive.yaml -Line 14
Expected: 'Resources.EcsSecurityGroup.Properties.SecurityGroupEgress' is defined -Found: 'Resources.EcsSecurityGroup.Properties.SecurityGroupEgress' is undefined
13 Type: AWS::EC2::SecurityGroup
14 Properties:
15 GroupDescription: ECS Security Group

Empty Roles For ECS Cluster Task Definitions

Platform: CloudFormation -Category: Access Control
Check if any ECS cluster has not defined proper roles for services' task definitions. -https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html
Results (1)
File: C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\positive.yaml -Line 167
Expected: 'Resources.service.Properties.TaskDefinition' refers to a TaskDefinition with Role -Found: 'Resources.service.Properties.TaskDefinition' does not refer to a TaskDefinition with Role
166 Role: !Ref 'ECSServiceRole'
167 TaskDefinition: !Ref 'TaskDefinition'
168 ECSServiceRole:

Security Group Ingress With Port Range

Platform: CloudFormation -Category: Networking and Firewall
AWS Security Group Ingress should have a single port -https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group-ingress.html
Results (3)
File: C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\positive.yaml -Line 27
Expected: Resources.EcsSecurityGroupSSHinbound.Properties.FromPort is equal to Resources.EcsSecurityGroupSSHinbound.Properties.ToPort -Found: Resources.EcsSecurityGroupSSHinbound.Properties.FromPort is not equal to Resources.EcsSecurityGroupSSHinbound.Properties.ToPort
26 Type: AWS::EC2::SecurityGroupIngress
27 Properties:
28 GroupId: !Ref 'EcsSecurityGroup'
File: C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\positive.yaml -Line 19
Expected: Resources.EcsSecurityGroupHTTPinbound02.Properties.FromPort is equal to Resources.EcsSecurityGroupHTTPinbound02.Properties.ToPort -Found: Resources.EcsSecurityGroupHTTPinbound02.Properties.FromPort is not equal to Resources.EcsSecurityGroupHTTPinbound02.Properties.ToPort
18 Type: AWS::EC2::SecurityGroupIngress
19 Properties:
20 GroupId: !Ref 'EcsSecurityGroup'
File: C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\positive.yaml -Line 35
Expected: Resources.EcsSecurityGroupALBports.Properties.FromPort is equal to Resources.EcsSecurityGroupALBports.Properties.ToPort -Found: Resources.EcsSecurityGroupALBports.Properties.FromPort is not equal to Resources.EcsSecurityGroupALBports.Properties.ToPort
34 Type: AWS::EC2::SecurityGroupIngress
35 Properties:
36 GroupId: !Ref 'EcsSecurityGroup'

Unrestricted Security Group Ingress

Platform: CloudFormation -Category: Networking and Firewall
AWS Security Group Ingress CIDR should not be open to the world -https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group-ingress.html
Results (2)
File: C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\positive.yaml -Line 24
Expected: Resources.EcsSecurityGroupHTTPinbound02.Properties.CidrIp is not open to the world (0.0.0.0/0) -Found: Resources.EcsSecurityGroupHTTPinbound02.Properties.CidrIp is open to the world (0.0.0.0/0)
23 ToPort: 0
24 CidrIp: 0.0.0.0/0
25 EcsSecurityGroupSSHinbound:
File: C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\positive.yaml -Line 32
Expected: Resources.EcsSecurityGroupSSHinbound.Properties.CidrIp is not open to the world (0.0.0.0/0) -Found: Resources.EcsSecurityGroupSSHinbound.Properties.CidrIp is open to the world (0.0.0.0/0)
31 ToPort: 0
32 CidrIp: 0.0.0.0/0
33 EcsSecurityGroupALBports:

ECS Task Definition HealthCheck Missing

Platform: CloudFormation -Category: Observability
Amazon ECS must have the HealthCheck property defined to give more control over monitoring the health of tasks -https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-healthcheck.html
Results (1)
File: C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\positive.yaml -Line 50
Expected: 'Resources.TaskDefinition.Properties.ContainerDefinitions' contains 'HealthCheck' property -Found: 'Resources.TaskDefinition.Properties.ContainerDefinitions' doesn't contain 'HealthCheck' property
49 Family: !Join ['', [!Ref 'AWS::StackName', -ecs-demo-app]]
50 ContainerDefinitions:
51 - Name: simple-app

Security Group Rule Without Description

Platform: CloudFormation -Category: Best Practices
AWS Security Group Rule should have description defined -https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html
Results (3)
File: C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\positive.yaml -Line 35
Expected: Resources.EcsSecurityGroupALBports.Properties.Description is set -Found: Resources.EcsSecurityGroupALBports.Properties.Description is undefined
34 Type: AWS::EC2::SecurityGroupIngress
35 Properties:
36 GroupId: !Ref 'EcsSecurityGroup'
File: C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\positive.yaml -Line 27
Expected: Resources.EcsSecurityGroupSSHinbound.Properties.Description is set -Found: Resources.EcsSecurityGroupSSHinbound.Properties.Description is undefined
26 Type: AWS::EC2::SecurityGroupIngress
27 Properties:
28 GroupId: !Ref 'EcsSecurityGroup'
File: C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\positive.yaml -Line 19
Expected: Resources.EcsSecurityGroupHTTPinbound02.Properties.Description is set -Found: Resources.EcsSecurityGroupHTTPinbound02.Properties.Description is undefined
18 Type: AWS::EC2::SecurityGroupIngress
19 Properties:
20 GroupId: !Ref 'EcsSecurityGroup'
KICS is open and will always stay such. Both the scanning engine and the security queries are clear and open for the software development community.
Spread the love:
- - + + + + + + + KICS Scan Result + + + + + +
+
KICS REPORT07/05/2021 14:44KICS.IO
+
Scanned paths: fixtures/samples/positive.yaml + Platforms: CloudFormationStart time: 14:44:10, Jul 05 2021 + End time: 14:44:15, Jul 05 2021 +
+

Vulnerabilities:

+
+
+
+ + + + + +
4 + HIGH +
+
+
+ + + + + + + + + + +
12 + MEDIUM +
+
+
+ + + + + + + + + + +
4 + LOW +
+
+
+ + + + + + + + + + +
0 + INFO +
+
+
+ + + + + + + + + + +
20 + TOTAL +
+
+
+
+
+
+
+

+
+ + + + + + +
ALB Listening on HTTP +

Platform: CloudFormation + Category: Networking and Firewall +
+
All Application Load Balancers (ALB) should block connection requests over + HTTP + https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-elb-listener.html#cfn-ec2-elb-listener-protocol +
+
+
+ Results (1) +
+
File: + C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\positive.yaml + Line 104 +
+
Expected: 'Resources.ALBListener.Protocol' not + equal to 'HTTP' + Found: 'Resources.ALBListener.Protocol' equals to 'HTTP' +
+
+
103 Port: 80
+
104 Protocol: + HTTP
+
105 + ECSALBListenerRule:
+
+
+
+
+
+
+
+
+
+
+

+
+ + + + + + +
ECS Task Definition Network Mode Not Recommended +

Platform: CloudFormation + Category: Insecure Configurations +
+
Network_Mode should be 'awsvpc' in ecs_task_definition. AWS VPCs provides the + controls to facilitate a formal process for approving and testing all network connections and changes to + the firewall and router configurations + https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-networkmode +
+
+
+ Results (1) +
+
File: + C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\positive.yaml + Line 48 +
+
Expected: + 'Resources.TaskDefinition.Properties.NetworkMode' is set and is 'awsvpc' + Found: 'Resources.TaskDefinition.Properties.NetworkMode' is undefined and defaults + to 'bridge' +
+
+
47 Type: + AWS::ECS::TaskDefinition
+
48 + Properties:
+
49 Family: !Join ['', + [!Ref 'AWS::StackName', -ecs-demo-app]]
+
+
+
+
+
+
+
+
+
+
+

+
+ + + + + + +
Fully Open Ingress +

Platform: CloudFormation + Category: Networking and Firewall +
+
ECS Service's security group should not allow unrestricted access to all + ports from all IPv4 addresses + https://docs.aws.amazon.com/AmazonECS/latest/developerguide/get-set-up-for-amazon-ecs.html#create-a-base-security-group +
+
+
+ Results (2) +
+
File: + C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\positive.yaml + Line 24 +
+
Expected: Resource name + 'EcsSecurityGroupHTTPinbound02' of type 'AWS::EC2::SecurityGroupIngress' should not accept ingress + connections from all IPv4 adresses and to all available ports + Found: Resource name 'EcsSecurityGroupHTTPinbound02' of type + 'AWS::EC2::SecurityGroupIngress' should not accept ingress connections from CIDR 0.0.0.0/0 to all + available ports +
+
+
23 ToPort: 0
+
24 CidrIp: + 0.0.0.0/0
+
25 + EcsSecurityGroupSSHinbound:
+
+
+
+
File: + C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\positive.yaml + Line 32 +
+
Expected: Resource name + 'EcsSecurityGroupSSHinbound' of type 'AWS::EC2::SecurityGroupIngress' should not accept ingress + connections from all IPv4 adresses and to all available ports + Found: Resource name 'EcsSecurityGroupSSHinbound' of type + 'AWS::EC2::SecurityGroupIngress' should not accept ingress connections from CIDR 0.0.0.0/0 to all + available ports +
+
+
31 ToPort: 0
+
32 CidrIp: + 0.0.0.0/0
+
33 + EcsSecurityGroupALBports:
+
+
+
+
+
+
+
+
+
+
+

+
+ + + + + + + + + + +
ALB Is Not Integrated With WAF +

Platform: CloudFormation + Category: Networking and Firewall +
+
All Application Load Balancers (ALB) must be protected with Web Application + Firewall (WAF) service + https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafregional-webaclassociation.html +
+
+
+ Results (1) +
+
File: + C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\positive.yaml + Line 86 +
+
Expected: 'Resources.ECSALB' does not have an + 'internal' scheme and has a 'WebACLAssociation' associated + Found: 'Resources.ECSALB' does not have an 'internal' scheme and a + 'WebACLAssociation' associated +
+
+
85 - Name: my-vol +
+
86 ECSALB: +
+
87 Type: + AWS::ElasticLoadBalancingV2::LoadBalancer
+
+
+
+
+
+
+
+
+
+
+

+
+ + + + + + + + + + +
Auto Scaling Group With No Associated ELB +

Platform: CloudFormation + Category: Availability +
+
AWS Auto Scaling Groups must have associated ELBs to ensure high availability + and improve application performance. This means the attribute 'LoadBalancerNames' must be defined and not + empty. + https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html +
+
+
+ Results (1) +
+
File: + C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\positive.yaml + Line 131 +
+
Expected: + 'Resources.ECSAutoScalingGroup.Properties.LoadBalancerNames' is defined + Found: 'Resources.ECSAutoScalingGroup.Properties.LoadBalancerNames' is not + defined +
+
+
130 Type: + AWS::AutoScaling::AutoScalingGroup
+
131 + Properties:
+
132 VPCZoneIdentifier: + !Ref 'SubnetId'
+
+
+
+
+
+
+
+
+
+
+

+
+ + + + + + + + + + +
CloudWatch Metrics Disabled +

Platform: CloudFormation + Category: Observability +
+
Checks if CloudWatch Metrics is Enabled + https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cw-alarm.html +
+
+
+ Results (1) +
+
File: + C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\positive.yaml + Line 211 +
+
Expected: + Resources.ALB500sAlarmScaleUp.Properties.Metrics should be defined + Found: Resources.ALB500sAlarmScaleUp.Properties.Metrics is undefined +
+
+
210 Type: + AWS::CloudWatch::Alarm
+
211 + Properties:
+
212 EvaluationPeriods: + 1
+
+
+
+
+
+
+
+
+
+
+

+
+ + + + + + + + + + +
ECS Service Without Running Tasks +

Platform: CloudFormation + Category: Availability +
+
ECS Service should have at least 1 task running + https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-deploymentconfiguration +
+
+
+ Results (1) +
+
File: + C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\positive.yaml + Line 159 +
+
Expected: + Resources.service.Properties.DeploymentConfiguration is defined + Found: Resources.service.Properties.DeploymentConfiguration is undefined +
+
+
158 Type: + AWS::ECS::Service
+
159 + Properties:
+
160 Cluster: !Ref + 'ECSCluster'
+
+
+
+
+
+
+
+
+
+
+

+
+ + + + + + + + + + +
ELB With Security Group Without Inbound Rules +

Platform: CloudFormation + Category: Networking and Firewall +
+
An AWS Elastic Load Balancer (ELB) shouldn´t have security groups without + outbound rules + https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html#cfn-ec2-securitygroup-securitygroupingress +
+
+
+ Results (1) +
+
File: + C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\positive.yaml + Line 14 +
+
Expected: + 'Resources.EcsSecurityGroup.Properties.SecurityGroupIngress' is defined + Found: 'Resources.EcsSecurityGroup.Properties.SecurityGroupIngress' is + undefined +
+
+
13 Type: + AWS::EC2::SecurityGroup
+
14 + Properties:
+
15 GroupDescription: ECS + Security Group
+
+
+
+
+
+
+
+
+
+
+

+
+ + + + + + + + + + +
ELB With Security Group Without Outbound Rules +

Platform: CloudFormation + Category: Networking and Firewall +
+
An AWS Elastic Load Balancer (ELB) shouldn´t have security groups without + outbound rules + https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html#cfn-ec2-securitygroup-securitygroupegress +
+
+
+ Results (1) +
+
File: + C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\positive.yaml + Line 14 +
+
Expected: + 'Resources.EcsSecurityGroup.Properties.SecurityGroupEgress' is defined + Found: 'Resources.EcsSecurityGroup.Properties.SecurityGroupEgress' is + undefined +
+
+
13 Type: + AWS::EC2::SecurityGroup
+
14 + Properties:
+
15 GroupDescription: ECS + Security Group
+
+
+
+
+
+
+
+
+
+
+

+
+ + + + + + + + + + +
Empty Roles For ECS Cluster Task Definitions +

Platform: CloudFormation + Category: Access Control +
+
Check if any ECS cluster has not defined proper roles for services' task + definitions. + https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html +
+
+
+ Results (1) +
+
File: + C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\positive.yaml + Line 167 +
+
Expected: + 'Resources.service.Properties.TaskDefinition' refers to a TaskDefinition with Role + Found: 'Resources.service.Properties.TaskDefinition' does not refer to a + TaskDefinition with Role +
+
+
166 Role: !Ref + 'ECSServiceRole'
+
167 TaskDefinition: + !Ref 'TaskDefinition'
+
168 + ECSServiceRole:
+
+
+
+
+
+
+
+
+
+
+

+
+ + + + + + + + + + +
Security Group Ingress With Port Range +

Platform: CloudFormation + Category: Networking and Firewall +
+
AWS Security Group Ingress should have a single port + https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group-ingress.html +
+
+
+ Results (3) +
+
File: + C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\positive.yaml + Line 27 +
+
Expected: + Resources.EcsSecurityGroupSSHinbound.Properties.FromPort is equal to + Resources.EcsSecurityGroupSSHinbound.Properties.ToPort + Found: Resources.EcsSecurityGroupSSHinbound.Properties.FromPort is not equal to + Resources.EcsSecurityGroupSSHinbound.Properties.ToPort +
+
+
26 Type: + AWS::EC2::SecurityGroupIngress
+
27 + Properties:
+
28 GroupId: !Ref + 'EcsSecurityGroup'
+
+
+
+
File: + C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\positive.yaml + Line 19 +
+
Expected: + Resources.EcsSecurityGroupHTTPinbound02.Properties.FromPort is equal to + Resources.EcsSecurityGroupHTTPinbound02.Properties.ToPort + Found: Resources.EcsSecurityGroupHTTPinbound02.Properties.FromPort is not equal to + Resources.EcsSecurityGroupHTTPinbound02.Properties.ToPort +
+
+
18 Type: + AWS::EC2::SecurityGroupIngress
+
19 + Properties:
+
20 GroupId: !Ref + 'EcsSecurityGroup'
+
+
+
+
File: + C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\positive.yaml + Line 35 +
+
Expected: + Resources.EcsSecurityGroupALBports.Properties.FromPort is equal to + Resources.EcsSecurityGroupALBports.Properties.ToPort + Found: Resources.EcsSecurityGroupALBports.Properties.FromPort is not equal to + Resources.EcsSecurityGroupALBports.Properties.ToPort +
+
+
34 Type: + AWS::EC2::SecurityGroupIngress
+
35 + Properties:
+
36 GroupId: !Ref + 'EcsSecurityGroup'
+
+
+
+
+
+
+
+
+
+
+

+
+ + + + + + + + + + +
Unrestricted Security Group Ingress +

Platform: CloudFormation + Category: Networking and Firewall +
+
AWS Security Group Ingress CIDR should not be open to the world + https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group-ingress.html +
+
+
+ Results (2) +
+
File: + C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\positive.yaml + Line 24 +
+
Expected: + Resources.EcsSecurityGroupHTTPinbound02.Properties.CidrIp is not open to the world (0.0.0.0/0) + Found: Resources.EcsSecurityGroupHTTPinbound02.Properties.CidrIp is open to the + world (0.0.0.0/0) +
+
+
23 ToPort: 0
+
24 CidrIp: + 0.0.0.0/0
+
25 + EcsSecurityGroupSSHinbound:
+
+
+
+
File: + C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\positive.yaml + Line 32 +
+
Expected: + Resources.EcsSecurityGroupSSHinbound.Properties.CidrIp is not open to the world (0.0.0.0/0) + Found: Resources.EcsSecurityGroupSSHinbound.Properties.CidrIp is open to the world + (0.0.0.0/0) +
+
+
31 ToPort: 0
+
32 CidrIp: + 0.0.0.0/0
+
33 + EcsSecurityGroupALBports:
+
+
+
+
+
+
+
+
+
+
+

+
+ + + + + + + + + + +
ECS Task Definition HealthCheck Missing +

Platform: CloudFormation + Category: Observability +
+
Amazon ECS must have the HealthCheck property defined to give more control + over monitoring the health of tasks + https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-healthcheck.html +
+
+
+ Results (1) +
+
File: + C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\positive.yaml + Line 50 +
+
Expected: + 'Resources.TaskDefinition.Properties.ContainerDefinitions' contains 'HealthCheck' property + Found: 'Resources.TaskDefinition.Properties.ContainerDefinitions' doesn't contain + 'HealthCheck' property +
+
+
49 Family: !Join ['', + [!Ref 'AWS::StackName', -ecs-demo-app]]
+
50 + ContainerDefinitions:
+
51 - Name: + simple-app
+
+
+
+
+
+
+
+
+
+
+

+
+ + + + + + + + + + +
Security Group Rule Without Description +

Platform: CloudFormation + Category: Best Practices +
+
AWS Security Group Rule should have description defined + https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html +
+
+
+ Results (3) +
+
File: + C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\positive.yaml + Line 35 +
+
Expected: + Resources.EcsSecurityGroupALBports.Properties.Description is set + Found: Resources.EcsSecurityGroupALBports.Properties.Description is + undefined +
+
+
34 Type: + AWS::EC2::SecurityGroupIngress
+
35 + Properties:
+
36 GroupId: !Ref + 'EcsSecurityGroup'
+
+
+
+
File: + C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\positive.yaml + Line 27 +
+
Expected: + Resources.EcsSecurityGroupSSHinbound.Properties.Description is set + Found: Resources.EcsSecurityGroupSSHinbound.Properties.Description is + undefined +
+
+
26 Type: + AWS::EC2::SecurityGroupIngress
+
27 + Properties:
+
28 GroupId: !Ref + 'EcsSecurityGroup'
+
+
+
+
File: + C:\Users\lucasm\Documents\golang\kics\kics\e2e\fixtures\samples\positive.yaml + Line 19 +
+
Expected: + Resources.EcsSecurityGroupHTTPinbound02.Properties.Description is set + Found: Resources.EcsSecurityGroupHTTPinbound02.Properties.Description is + undefined +
+
+
18 Type: + AWS::EC2::SecurityGroupIngress
+
19 + Properties:
+
20 GroupId: !Ref + 'EcsSecurityGroup'
+
+
+
+
+
+
+
KICS is open and will always stay such. Both the scanning engine and the security queries + are clear and open for the software development community.
+
Spread the love:
+
The KICS project is powered by Checkmarx, global leader of Application Security Testing
\ No newline at end of file +
+
+
The KICS project is powered by Checkmarx, global + leader of Application Security Testing
+
+ + + diff --git a/internal/console/scan.go b/internal/console/scan.go index 362e8c69f23..08c742aa377 100644 --- a/internal/console/scan.go +++ b/internal/console/scan.go @@ -120,14 +120,7 @@ func run(cmd *cobra.Command) error { return err } if outputPath != "" { - if len(reportFormats) > 0 { - for _, format := range reportFormats { - if format == "all" { - reportFormats = consoleHelpers.ListReportFormats() - break - } - } - } + updateReportFormats() outputName = filepath.Base(outputName) if filepath.Ext(outputPath) != "" { outputPath = filepath.Join(outputPath, string(os.PathSeparator)) @@ -171,6 +164,15 @@ func formatNewError(flag1, flag2 string) error { flag2) } +func updateReportFormats() { + for _, format := range reportFormats { + if format == "all" { + reportFormats = consoleHelpers.ListReportFormats() + break + } + } +} + func validateQuerySelectionFlags() error { if len(includeIDs) > 0 && len(excludeIDs) > 0 { return formatNewError(includeQueriesFlag, excludeQueriesFlag) diff --git a/pkg/report/template/html/report.tmpl b/pkg/report/template/html/report.tmpl index f6a66563354..dffa757fabb 100644 --- a/pkg/report/template/html/report.tmpl +++ b/pkg/report/template/html/report.tmpl @@ -9,13 +9,13 @@
-
KICS REPORT{{ getCurrentTime }}KICS.IO
+
KICS REPORT{{ getCurrentTime }}KICS.IO
- Scanned paths: {{ getPaths .ScannedPaths }} - Platforms: {{ getPlatforms .Queries }} + Scanned paths: {{ getPaths .ScannedPaths }} + Platforms: {{ getPlatforms .Queries }} {{- with .Times -}} - Start time: {{ .Start.Format "15:04:05, Jan 02 2006" }} - End time: {{ .End.Format "15:04:05, Jan 02 2006" }} + Start time: {{ .Start.Format "15:04:05, Jan 02 2006" }} + End time: {{ .End.Format "15:04:05, Jan 02 2006" }} {{- end}}

Vulnerabilities:

@@ -74,7 +74,7 @@
{{ .Description }} - {{ .QueryURI }} + {{ .QueryURI }}
@@ -111,12 +111,12 @@ Spread the love:
- +
{{ includeSVG "github.svg" }}
- The KICS project is powered by Checkmarx, global leader of Application Security Testing + The KICS project is powered by Checkmarx, global leader of Application Security Testing
diff --git a/sonar-project.properties b/sonar-project.properties index 616b70059c4..405590c0dc4 100644 --- a/sonar-project.properties +++ b/sonar-project.properties @@ -5,7 +5,7 @@ sonar.organization=checkmarx # Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows. sonar.sources=. -sonar.exclusions=**/*_test.go, **/vendor/**, pkg/model/sarif_categories.go +sonar.exclusions=**/*_test.go, **/vendor/**, pkg/model/sarif_categories.go, **/e2e/fixtures/** sonar.tests=. sonar.test.inclusions=**/*_test.go