Checkmarx · joaoReigota1 · Mar 2, 2022 · Feb 21, 2022 · Feb 21, 2022
@@ -351,7 +351,7 @@ get_encryption_if_exists(resource) = encryption {
 	encryption := "unencrypted"
 }
 
-engines := {
+engines = {
 	"aurora": 3306,
 	"aurora-mysql": 3306,
 	"aurora-postgresql": 3306,

@@ -93,7 +93,7 @@ You can also run the command `cdktf synth --json` to display it in the terminal.
 ### Limitations
 
 #### Ansible
-At the moment, KICS does not support a robust approach to identifying Ansible samples. The identification of these samples is done through exclusion. When a YAML sample is not a CloudFormation, Helm, Kubernetes or OpenAPI sample, KICS recognize it as Ansible.
+At the moment, KICS does not support a robust approach to identifying Ansible samples. The identification of these samples is done through exclusion. When a YAML sample is not a CloudFormation, Google Deployment Manager, Helm, Kubernetes or OpenAPI sample, KICS recognize it as Ansible.
 
 Thus, KICS recognize other YAML samples (that are not Ansible) as Ansible, e.g. GitHub Actions samples. However, you can ignore these samples by writing `#kics-scan ignore` on the top of the file. For more details, please read this [documentation](https://github.com/Checkmarx/kics/blob/25b6b703e924ed42067d9ab7772536864aee900b/docs/running-kics.md#using-commands-on-scanned-files-as-comments).
 

@@ -349,11 +349,16 @@ func TestNewInspector(t *testing.T) { // nolint
 	}
 	contentByte, err := os.ReadFile(filepath.FromSlash("./test/fixtures/get_queries_test/content_get_queries.rego"))
 	require.NoError(t, err)
+	contentByte2, err2 := os.ReadFile(filepath.FromSlash("./test/fixtures/get_queries_test/common_query.rego"))
+	require.NoError(t, err2)
 
 	track := &tracker.CITracker{}
 	sources := &mockSource{
-		Source: []string{filepath.FromSlash("./test/fixtures/all_auth_users_get_read_access")},
-		Types:  []string{""},
+		Source: []string{
+			filepath.FromSlash("./test/fixtures/all_auth_users_get_read_access"),
+			filepath.FromSlash("./test/fixtures/common_query_test"),
+		},
+		Types: []string{""},
 	}
 	vbs := DefaultVulnerabilityBuilder
 	opaQueries := make([]*preparedQuery, 0, 1)
@@ -376,6 +381,25 @@ func TestNewInspector(t *testing.T) { // nolint
 			Aggregation: 1,
 		},
 	})
+	opaQueries = append(opaQueries, &preparedQuery{
+		opaQuery: rego.PreparedEvalQuery{},
+		metadata: model.QueryMetadata{
+			Query:     "common_query_test",
+			Content:   string(contentByte2),
+			InputData: "{}",
+			Platform:  "common",
+			Metadata: map[string]interface{}{
+				"id":              "4a3aa2b5-9c87-452c-a3ea-f3e9e3573874",
+				"queryName":       "Common Query Test",
+				"severity":        model.SeverityHigh,
+				"category":        "Best Practices",
+				"descriptionText": "",
+				"descriptionUrl":  "",
+				"platform":        "Common",
+			},
+			Aggregation: 1,
+		},
+	})
 	type args struct {
 		ctx              context.Context
 		source           source.QueriesSource
@@ -432,12 +456,17 @@ func TestNewInspector(t *testing.T) { // nolint
 				t.Errorf("NewInspector() error: got = %v,\n wantErr = %v", err, tt.wantErr)
 				return
 			}
-			gotStrMetadata, err := test.StringifyStruct(got.queries[0].metadata)
-			require.Nil(t, err)
-			wantStrMetadata, err := test.StringifyStruct(tt.want.queries[0].metadata)
-			require.Nil(t, err)
-			if !reflect.DeepEqual(got.queries[0].metadata, tt.want.queries[0].metadata) {
-				t.Errorf("NewInspector() metadata: got = %v,\n want = %v", gotStrMetadata, wantStrMetadata)
+
+			require.Equal(t, len(tt.want.queries), len(got.queries))
+
+			for idx := 0; idx < len(tt.want.queries); idx++ {
+				gotStrMetadata, err := test.StringifyStruct(got.queries[idx].metadata)
+				require.Nil(t, err)
+				wantStrMetadata, err := test.StringifyStruct(tt.want.queries[idx].metadata)
+				require.Nil(t, err)
+				if !reflect.DeepEqual(got.queries[idx].metadata, tt.want.queries[idx].metadata) {
+					t.Errorf("NewInspector() metadata: got = %v,\n want = %v", gotStrMetadata, wantStrMetadata)
+				}
 			}
 
 			gotStrTracker, err := test.StringifyStruct(got.tracker)

@@ -0,0 +1,9 @@
+{
+  "id": "4a3aa2b5-9c87-452c-a3ea-f3e9e3573874",
+  "queryName": "Common Query Test",
+  "severity": "HIGH",
+  "category": "Best Practices",
+  "descriptionText": "",
+  "descriptionUrl": "",
+  "platform": "Common"
+}
@@ -0,0 +1,13 @@
+package Cx
+
+CxPolicy[result] {
+	input.document[i]
+
+	result := {
+		"documentId": input.document[i].id,
+		"searchKey": "",
+		"issueType": "RedundantAttribute",
+		"keyExpectedValue": "",
+		"keyActualValue": "",
+	}
+}
@@ -0,0 +1,13 @@
+package Cx
+
+CxPolicy[result] {
+	input.document[i]
+
+	result := {
+		"documentId": input.document[i].id,
+		"searchKey": "",
+		"issueType": "RedundantAttribute",
+		"keyExpectedValue": "",
+		"keyActualValue": "",
+	}
+}