From f6b2051b5248d4df3c97671542a6463e7ef63e01 Mon Sep 17 00:00:00 2001 From: Artur Ribeiro Date: Thu, 18 Jul 2024 17:50:37 +0100 Subject: [PATCH 1/4] update(nifcloud): update nifcloud queries metadata and functionality --- .../metadata.json | 2 +- .../test/positive_expected_result.json | 4 ++-- .../metadata.json | 2 +- .../test/positive_expected_result.json | 2 +- .../metadata.json | 2 +- .../test/positive_expected_result.json | 2 +- .../metadata.json | 8 ++++---- .../test/positive_expected_result.json | 4 ++-- .../metadata.json | 8 ++++---- .../test/positive_expected_result.json | 4 ++-- .../metadata.json | 6 +++--- .../query.rego | 10 +++++----- .../test/negative.tf | 2 +- .../test/positive2.tf | 2 +- .../test/positive_expected_result.json | 8 ++++---- .../db_has_public_access/metadata.json | 6 +++--- .../nifcloud/db_has_public_access/query.rego | 20 +++++++++++++++++-- .../test/{positive.tf => positive1.tf} | 0 .../db_has_public_access/test/positive2.tf | 4 ++++ .../test/positive_expected_result.json | 10 ++++++++-- .../metadata.json | 4 ++-- .../test/positive_expected_result.json | 2 +- .../metadata.json | 8 ++++---- .../query.rego | 4 ++-- .../test/positive_expected_result.json | 4 ++-- .../metadata.json | 4 ++-- .../test/positive_expected_result.json | 2 +- .../dns_has_verified_record/metadata.json | 4 ++-- .../dns_has_verified_record/query.rego | 4 ++-- .../test/positive_expected_result.json | 4 ++-- .../elb_has_common_private/metadata.json | 4 ++-- .../test/positive_expected_result.json | 4 ++-- .../elb_listener_use_http/metadata.json | 8 ++++---- .../test/positive_expected_result.json | 8 ++++---- .../nifcloud/elb_use_http/metadata.json | 8 ++++---- .../test/positive_expected_result.json | 8 ++++---- .../metadata.json | 8 ++++---- .../test/positive_expected_result.json | 4 ++-- .../load_balancer_use_http/metadata.json | 8 ++++---- .../test/positive_expected_result.json | 4 ++-- .../metadata.json | 8 ++++---- .../test/positive_expected_result.json | 8 ++++---- .../metadata.json | 6 +++--- .../test/positive_expected_result.json | 8 ++++---- .../metadata.json | 4 ++-- .../test/positive_expected_result.json | 2 +- .../metadata.json | 8 ++++---- .../test/positive_expected_result.json | 4 ++-- .../metadata.json | 4 ++-- .../test/positive_expected_result.json | 2 +- .../router_has_common_private/metadata.json | 2 +- .../test/positive_expected_result.json | 4 ++-- .../metadata.json | 4 ++-- .../test/positive_expected_result.json | 2 +- .../metadata.json | 4 ++-- .../test/positive_expected_result.json | 2 +- 56 files changed, 154 insertions(+), 128 deletions(-) rename assets/queries/terraform/nifcloud/db_has_public_access/test/{positive.tf => positive1.tf} (100%) create mode 100644 assets/queries/terraform/nifcloud/db_has_public_access/test/positive2.tf diff --git a/assets/queries/terraform/nifcloud/computing_instance_has_common_private/metadata.json b/assets/queries/terraform/nifcloud/computing_instance_has_common_private/metadata.json index 377d505f8be..c214dcfa7f0 100644 --- a/assets/queries/terraform/nifcloud/computing_instance_has_common_private/metadata.json +++ b/assets/queries/terraform/nifcloud/computing_instance_has_common_private/metadata.json @@ -1,6 +1,6 @@ { "id": "df58dd45-8009-43c2-90f7-c90eb9d53ed9", - "queryName": "(Beta) Nifcloud Computing Has Common Private Network", + "queryName": "Nifcloud Computing Has Common Private Network", "severity": "LOW", "category": "Networking and Firewall", "descriptionText": "The instance has common private network", diff --git a/assets/queries/terraform/nifcloud/computing_instance_has_common_private/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/computing_instance_has_common_private/test/positive_expected_result.json index 005b6d9d25e..3b339c90f90 100644 --- a/assets/queries/terraform/nifcloud/computing_instance_has_common_private/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/computing_instance_has_common_private/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { - "queryName": "(Beta) Nifcloud Computing Has Common Private Network", + "queryName": "Nifcloud Computing Has Common Private Network", "severity": "LOW", "line": 1, "fileName": "positive1.tf" }, { - "queryName": "(Beta) Nifcloud Computing Has Common Private Network", + "queryName": "Nifcloud Computing Has Common Private Network", "severity": "LOW", "line": 1, "fileName": "positive2.tf" diff --git a/assets/queries/terraform/nifcloud/computing_instance_has_public_ingress_sgr/metadata.json b/assets/queries/terraform/nifcloud/computing_instance_has_public_ingress_sgr/metadata.json index 4339fdf8008..36526a5d242 100644 --- a/assets/queries/terraform/nifcloud/computing_instance_has_public_ingress_sgr/metadata.json +++ b/assets/queries/terraform/nifcloud/computing_instance_has_public_ingress_sgr/metadata.json @@ -1,6 +1,6 @@ { "id": "b2ea2367-8dc9-4231-a035-d0b28bfa3dde", - "queryName": "(Beta) Nifcloud Computing Has Public Ingress Security Group Rule", + "queryName": "Nifcloud Computing Has Public Ingress Security Group Rule", "severity": "HIGH", "category": "Networking and Firewall", "descriptionText": "An ingress security group rule allows traffic from /0", diff --git a/assets/queries/terraform/nifcloud/computing_instance_has_public_ingress_sgr/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/computing_instance_has_public_ingress_sgr/test/positive_expected_result.json index 8c06e21dffa..c155888d657 100644 --- a/assets/queries/terraform/nifcloud/computing_instance_has_public_ingress_sgr/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/computing_instance_has_public_ingress_sgr/test/positive_expected_result.json @@ -1,6 +1,6 @@ [ { - "queryName": "(Beta) Nifcloud Computing Has Public Ingress Security Group Rule", + "queryName": "Nifcloud Computing Has Public Ingress Security Group Rule", "severity": "HIGH", "line": 1, "fileName": "positive.tf" diff --git a/assets/queries/terraform/nifcloud/computing_instance_security_group_undefined/metadata.json b/assets/queries/terraform/nifcloud/computing_instance_security_group_undefined/metadata.json index 5d7f718ed86..402e4d64303 100644 --- a/assets/queries/terraform/nifcloud/computing_instance_security_group_undefined/metadata.json +++ b/assets/queries/terraform/nifcloud/computing_instance_security_group_undefined/metadata.json @@ -1,6 +1,6 @@ { "id": "89218b48-75c9-4cb3-aaba-5299e852e8bc", - "queryName": "(Beta) Nifcloud Computing Undefined Security Group To Instance", + "queryName": "Nifcloud Computing Undefined Security Group To Instance", "severity": "HIGH", "category": "Networking and Firewall", "descriptionText": "Missing security group for instance", diff --git a/assets/queries/terraform/nifcloud/computing_instance_security_group_undefined/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/computing_instance_security_group_undefined/test/positive_expected_result.json index d7a177748f7..9aa880cd9a9 100644 --- a/assets/queries/terraform/nifcloud/computing_instance_security_group_undefined/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/computing_instance_security_group_undefined/test/positive_expected_result.json @@ -1,6 +1,6 @@ [ { - "queryName": "(Beta) Nifcloud Computing Undefined Security Group To Instance", + "queryName": "Nifcloud Computing Undefined Security Group To Instance", "severity": "HIGH", "line": 1, "fileName": "positive.tf" diff --git a/assets/queries/terraform/nifcloud/computing_security_group_description_undefined/metadata.json b/assets/queries/terraform/nifcloud/computing_security_group_description_undefined/metadata.json index 462d13ee61f..855f8cc8fff 100644 --- a/assets/queries/terraform/nifcloud/computing_security_group_description_undefined/metadata.json +++ b/assets/queries/terraform/nifcloud/computing_security_group_description_undefined/metadata.json @@ -1,9 +1,9 @@ { "id": "41c127a9-3a85-4bc3-a333-ed374eb9c3e4", - "queryName": "(Beta) Nifcloud Computing Undefined Description To Security Group", - "severity": "LOW", - "category": "Networking and Firewall", - "descriptionText": "Missing description for security group", + "queryName": "Nifcloud Computing Undefined Description To Security Group", + "severity": "INFO", + "category": "Best Practices", + "descriptionText": "It's considered a best practice for Security Group to have a description", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/security_group#description", "platform": "Terraform", "descriptionID": "dedce967", diff --git a/assets/queries/terraform/nifcloud/computing_security_group_description_undefined/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/computing_security_group_description_undefined/test/positive_expected_result.json index 6c0795acbe7..1b4ae154932 100644 --- a/assets/queries/terraform/nifcloud/computing_security_group_description_undefined/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/computing_security_group_description_undefined/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { - "queryName": "(Beta) Nifcloud Computing Undefined Description To Security Group", - "severity": "LOW", + "queryName": "Nifcloud Computing Undefined Description To Security Group", + "severity": "INFO", "line": 1, "fileName": "positive.tf" } diff --git a/assets/queries/terraform/nifcloud/computing_security_group_rule_description_undefined/metadata.json b/assets/queries/terraform/nifcloud/computing_security_group_rule_description_undefined/metadata.json index 2b90ae92f1a..5519b8e8341 100644 --- a/assets/queries/terraform/nifcloud/computing_security_group_rule_description_undefined/metadata.json +++ b/assets/queries/terraform/nifcloud/computing_security_group_rule_description_undefined/metadata.json @@ -1,9 +1,9 @@ { "id": "e4610872-0b1c-4fb7-ab57-d81c0afdb291", - "queryName": "(Beta) Nifcloud Computing Undefined Description To Security Group Rule", - "severity": "LOW", - "category": "Networking and Firewall", - "descriptionText": "Missing description for security group rule", + "queryName": "Nifcloud Computing Undefined Description To Security Group Rule", + "severity": "INFO", + "category": "Best Practices", + "descriptionText": "It's considered a best practice for Security Group Rules to have a description", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/security_group_rule#description", "platform": "Terraform", "descriptionID": "66ed83ab", diff --git a/assets/queries/terraform/nifcloud/computing_security_group_rule_description_undefined/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/computing_security_group_rule_description_undefined/test/positive_expected_result.json index a809cccbd29..9bd94917eb8 100644 --- a/assets/queries/terraform/nifcloud/computing_security_group_rule_description_undefined/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/computing_security_group_rule_description_undefined/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { - "queryName": "(Beta) Nifcloud Computing Undefined Description To Security Group Rule", - "severity": "LOW", + "queryName": "Nifcloud Computing Undefined Description To Security Group Rule", + "severity": "INFO", "line": 1, "fileName": "positive.tf" } diff --git a/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/metadata.json b/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/metadata.json index 3b3138bb773..f037dfb4e04 100644 --- a/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/metadata.json +++ b/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/metadata.json @@ -1,9 +1,9 @@ { "id": "e5071f76-cbe7-468d-bb2b-d10f02d2b713", - "queryName": "(Beta) Nifcloud RDB Has Backup Retention Less Than 2 Day", - "severity": "MEDIUM", + "queryName": "Nifcloud RDB Has Low Backup Retention", + "severity": "LOW", "category": "Backup", - "descriptionText": "The rdb has backup retention less than 2 day", + "descriptionText": "Nifcloud RDB backup retention should be atleast 7 days", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/db_instance#backup_retention_period", "platform": "Terraform", "descriptionID": "5fadf94a", diff --git a/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/query.rego b/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/query.rego index 5c6e1692de5..3b6da3c1cac 100644 --- a/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/query.rego +++ b/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/query.rego @@ -14,15 +14,15 @@ CxPolicy[result] { "resourceName": tf_lib.get_resource_name(dbInstance, name), "searchKey": sprintf("nifcloud_db_instance[%s]", [name]), "issueType": "MissingAttribute", - "keyExpectedValue": sprintf("'nifcloud_db_instance[%s]' should have backup retention longer than 1 day", [name]), - "keyActualValue": sprintf("'nifcloud_db_instance[%s]' does not have backup retention period", [name]), + "keyExpectedValue": sprintf("'nifcloud_db_instance[%s]' should have backup retention of at least 7 days", [name]), + "keyActualValue": sprintf("'nifcloud_db_instance[%s]' doesn't define a backup retention period", [name]), } } CxPolicy[result] { dbInstance := input.document[i].resource.nifcloud_db_instance[name] - dbInstance.backup_retention_period < 2 + dbInstance.backup_retention_period < 7 result := { "documentId": input.document[i].id, @@ -30,7 +30,7 @@ CxPolicy[result] { "resourceName": tf_lib.get_resource_name(dbInstance, name), "searchKey": sprintf("nifcloud_db_instance[%s]", [name]), "issueType": "IncorrectValue", - "keyExpectedValue": sprintf("'nifcloud_db_instance[%s]' should have backup retention longer than 1 day", [name]), - "keyActualValue": sprintf("'nifcloud_db_instance[%s]' has 1 day backup retention period", [name]), + "keyExpectedValue": sprintf("'nifcloud_db_instance[%s]' should have backup retention of at least 7 days", [name]), + "keyActualValue": sprintf("'nifcloud_db_instance[%s]' has backup retention period of '%s' which is less than minimum of 7 days", [name, dbInstance.backup_retention_period]), } } diff --git a/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/test/negative.tf b/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/test/negative.tf index 8d8d3ce3fbb..ecd9ef57106 100644 --- a/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/test/negative.tf +++ b/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/test/negative.tf @@ -1,5 +1,5 @@ resource "nifcloud_db_instance" "negative" { identifier = "example" instance_class = "db.large8" - backup_retention_period = 5 + backup_retention_period = 7 } diff --git a/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/test/positive2.tf b/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/test/positive2.tf index 032bb4bd814..2ff6aade499 100644 --- a/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/test/positive2.tf +++ b/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/test/positive2.tf @@ -1,5 +1,5 @@ resource "nifcloud_db_instance" "positive" { identifier = "example" instance_class = "db.large8" - backup_retention_period = 1 + backup_retention_period = 5 } diff --git a/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/test/positive_expected_result.json index edc06a1bd4b..59dd8d1cdda 100644 --- a/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/test/positive_expected_result.json @@ -1,13 +1,13 @@ [ { - "queryName": "(Beta) Nifcloud RDB Has Backup Retention Less Than 2 Day", - "severity": "MEDIUM", + "queryName": "Nifcloud RDB Has Low Backup Retention", + "severity": "LOW", "line": 1, "fileName": "positive1.tf" }, { - "queryName": "(Beta) Nifcloud RDB Has Backup Retention Less Than 2 Day", - "severity": "MEDIUM", + "queryName": "Nifcloud RDB Has Low Backup Retention", + "severity": "LOW", "line": 1, "fileName": "positive2.tf" } diff --git a/assets/queries/terraform/nifcloud/db_has_public_access/metadata.json b/assets/queries/terraform/nifcloud/db_has_public_access/metadata.json index 2b7ff892620..129bdb47cd9 100644 --- a/assets/queries/terraform/nifcloud/db_has_public_access/metadata.json +++ b/assets/queries/terraform/nifcloud/db_has_public_access/metadata.json @@ -1,9 +1,9 @@ { "id": "fb387023-e4bb-42a8-9a70-6708aa7ff21b", - "queryName": "(Beta) Nifcloud RDB Has Public DB Access", + "queryName": "Nifcloud RDB Has Public DB Access", "severity": "HIGH", - "category": "Networking and Firewall", - "descriptionText": "The rdb has public db access", + "category": "Access Control", + "descriptionText": "The RDB has public DB access", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/db_instance#publicly_accessible", "platform": "Terraform", "descriptionID": "e4ce28b6", diff --git a/assets/queries/terraform/nifcloud/db_has_public_access/query.rego b/assets/queries/terraform/nifcloud/db_has_public_access/query.rego index 7096649a477..aaab86324fd 100644 --- a/assets/queries/terraform/nifcloud/db_has_public_access/query.rego +++ b/assets/queries/terraform/nifcloud/db_has_public_access/query.rego @@ -14,7 +14,23 @@ CxPolicy[result] { "resourceName": tf_lib.get_resource_name(dbInstance, name), "searchKey": sprintf("nifcloud_db_instance[%s]", [name]), "issueType": "IncorrectValue", - "keyExpectedValue": sprintf("'nifcloud_db_instance[%s]' should not use publicly available. You should limit all access to the minimum that is required for your application to function.", [name]), - "keyActualValue": sprintf("'nifcloud_db_instance[%s]' use publicly available", [name]), + "keyExpectedValue": sprintf("'nifcloud_db_instance[%s]' should not use publicly accessible set to true. You should limit all access to the minimum that is required for your application to function.", [name]), + "keyActualValue": sprintf("'nifcloud_db_instance[%s]' has publicly accessible set to true.", [name]), + } +} + +CxPolicy[result] { + + dbInstance := input.document[i].resource.nifcloud_db_instance[name] + not common_lib.valid_key(dbInstance, "publicly_accessible") + + result := { + "documentId": input.document[i].id, + "resourceType": "nifcloud_db_instance", + "resourceName": tf_lib.get_resource_name(dbInstance, name), + "searchKey": sprintf("nifcloud_db_instance[%s]", [name]), + "issueType": "MissingAttribute", + "keyExpectedValue": sprintf("'nifcloud_db_instance[%s]' should have publicly accessible defined as the default value is set to true. You should limit all access to the minimum that is required for your application to function.", [name]), + "keyActualValue": sprintf("'nifcloud_db_instance[%s]' doesn't define publicly accessible.", [name]), } } diff --git a/assets/queries/terraform/nifcloud/db_has_public_access/test/positive.tf b/assets/queries/terraform/nifcloud/db_has_public_access/test/positive1.tf similarity index 100% rename from assets/queries/terraform/nifcloud/db_has_public_access/test/positive.tf rename to assets/queries/terraform/nifcloud/db_has_public_access/test/positive1.tf diff --git a/assets/queries/terraform/nifcloud/db_has_public_access/test/positive2.tf b/assets/queries/terraform/nifcloud/db_has_public_access/test/positive2.tf new file mode 100644 index 00000000000..5d4970c8143 --- /dev/null +++ b/assets/queries/terraform/nifcloud/db_has_public_access/test/positive2.tf @@ -0,0 +1,4 @@ +resource "nifcloud_db_instance" "positive" { + identifier = "example" + instance_class = "db.large8" +} diff --git a/assets/queries/terraform/nifcloud/db_has_public_access/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/db_has_public_access/test/positive_expected_result.json index 2377a8da06d..c00e393f423 100644 --- a/assets/queries/terraform/nifcloud/db_has_public_access/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/db_has_public_access/test/positive_expected_result.json @@ -1,8 +1,14 @@ [ { - "queryName": "(Beta) Nifcloud RDB Has Public DB Access", + "queryName": "Nifcloud RDB Has Public DB Access", "severity": "HIGH", "line": 1, - "fileName": "positive.tf" + "fileName": "positive1.tf" + }, + { + "queryName": "Nifcloud RDB Has Public DB Access", + "severity": "HIGH", + "line": 1, + "fileName": "positive2.tf" } ] diff --git a/assets/queries/terraform/nifcloud/db_instance_has_common_private/metadata.json b/assets/queries/terraform/nifcloud/db_instance_has_common_private/metadata.json index 6bd87e0a76c..523227150c6 100644 --- a/assets/queries/terraform/nifcloud/db_instance_has_common_private/metadata.json +++ b/assets/queries/terraform/nifcloud/db_instance_has_common_private/metadata.json @@ -1,9 +1,9 @@ { "id": "9bf57c23-fbab-4222-85f3-3f207a53c6a8", - "queryName": "(Beta) Nifcloud RDB Has Common Private Network", + "queryName": "Nifcloud RDB Has Common Private Network", "severity": "LOW", "category": "Networking and Firewall", - "descriptionText": "The rdb has common private network", + "descriptionText": "The RDB has common private network", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/db_instance#network_id", "platform": "Terraform", "descriptionID": "89f1ff38", diff --git a/assets/queries/terraform/nifcloud/db_instance_has_common_private/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/db_instance_has_common_private/test/positive_expected_result.json index a0282f06b17..0c41e6b1eb8 100644 --- a/assets/queries/terraform/nifcloud/db_instance_has_common_private/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/db_instance_has_common_private/test/positive_expected_result.json @@ -1,6 +1,6 @@ [ { - "queryName": "(Beta) Nifcloud RDB Has Common Private Network", + "queryName": "Nifcloud RDB Has Common Private Network", "severity": "LOW", "line": 1, "fileName": "positive.tf" diff --git a/assets/queries/terraform/nifcloud/db_security_group_description_undefined/metadata.json b/assets/queries/terraform/nifcloud/db_security_group_description_undefined/metadata.json index 348aa4e079e..9cf41672603 100644 --- a/assets/queries/terraform/nifcloud/db_security_group_description_undefined/metadata.json +++ b/assets/queries/terraform/nifcloud/db_security_group_description_undefined/metadata.json @@ -1,9 +1,9 @@ { "id": "940ddce2-26bd-4e31-a9b4-382714f73231", - "queryName": "(Beta) Nifcloud RDB Undefined Description To DB Security Group", - "severity": "LOW", - "category": "Networking and Firewall", - "descriptionText": "Missing description for db security group", + "queryName": "Nifcloud RDB Undefined Description To DB Security Group", + "severity": "INFO", + "category": "Best Practices", + "descriptionText": "Missing description for DB security group", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/db_security_group#description", "platform": "Terraform", "descriptionID": "badc7874", diff --git a/assets/queries/terraform/nifcloud/db_security_group_description_undefined/query.rego b/assets/queries/terraform/nifcloud/db_security_group_description_undefined/query.rego index 1c95b8e2f7d..eb5e8b887df 100644 --- a/assets/queries/terraform/nifcloud/db_security_group_description_undefined/query.rego +++ b/assets/queries/terraform/nifcloud/db_security_group_description_undefined/query.rego @@ -14,7 +14,7 @@ CxPolicy[result] { "resourceName": tf_lib.get_resource_name(dbSecurityGroup, name), "searchKey": sprintf("nifcloud_db_security_group[%s]", [name]), "issueType": "MissingAttribute", - "keyExpectedValue": sprintf("'nifcloud_db_security_group[%s]' should include a description for auditing purposes", [name]), - "keyActualValue": sprintf("'nifcloud_db_security_group[%s]' does not have a description", [name]), + "keyExpectedValue": sprintf("'nifcloud_db_security_group[%s]' should include a description for auditing purposes.", [name]), + "keyActualValue": sprintf("'nifcloud_db_security_group[%s]' does not have a description.", [name]), } } diff --git a/assets/queries/terraform/nifcloud/db_security_group_description_undefined/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/db_security_group_description_undefined/test/positive_expected_result.json index 4c82e57e2ba..547983c13bf 100644 --- a/assets/queries/terraform/nifcloud/db_security_group_description_undefined/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/db_security_group_description_undefined/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { - "queryName": "(Beta) Nifcloud RDB Undefined Description To DB Security Group", - "severity": "LOW", + "queryName": "Nifcloud RDB Undefined Description To DB Security Group", + "severity": "INFO", "line": 1, "fileName": "positive.tf" } diff --git a/assets/queries/terraform/nifcloud/db_security_group_has_public_ingress_sgr/metadata.json b/assets/queries/terraform/nifcloud/db_security_group_has_public_ingress_sgr/metadata.json index 85b42fa0dba..fcff5126c2f 100644 --- a/assets/queries/terraform/nifcloud/db_security_group_has_public_ingress_sgr/metadata.json +++ b/assets/queries/terraform/nifcloud/db_security_group_has_public_ingress_sgr/metadata.json @@ -1,9 +1,9 @@ { "id": "a0b846e8-815f-4f15-b660-bc4ab9fa1e1a", - "queryName": "(Beta) Nifcloud RDB Has Public DB Ingress Security Group Rule", + "queryName": "Nifcloud RDB Has Public DB Ingress Security Group Rule", "severity": "HIGH", "category": "Networking and Firewall", - "descriptionText": "An db ingress security group rule allows traffic from /0", + "descriptionText": "An DB ingress security group rule allows traffic from /0", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/db_security_group#cidr_ip", "platform": "Terraform", "descriptionID": "05a9f362", diff --git a/assets/queries/terraform/nifcloud/db_security_group_has_public_ingress_sgr/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/db_security_group_has_public_ingress_sgr/test/positive_expected_result.json index b7a0afa2366..425cc5d611a 100644 --- a/assets/queries/terraform/nifcloud/db_security_group_has_public_ingress_sgr/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/db_security_group_has_public_ingress_sgr/test/positive_expected_result.json @@ -1,6 +1,6 @@ [ { - "queryName": "(Beta) Nifcloud RDB Has Public DB Ingress Security Group Rule", + "queryName": "Nifcloud RDB Has Public DB Ingress Security Group Rule", "severity": "HIGH", "line": 1, "fileName": "positive.tf" diff --git a/assets/queries/terraform/nifcloud/dns_has_verified_record/metadata.json b/assets/queries/terraform/nifcloud/dns_has_verified_record/metadata.json index b3775f61a4d..4215c6a8529 100644 --- a/assets/queries/terraform/nifcloud/dns_has_verified_record/metadata.json +++ b/assets/queries/terraform/nifcloud/dns_has_verified_record/metadata.json @@ -1,7 +1,7 @@ { "id": "a1defcb6-55e8-4511-8c2a-30b615b0e057", - "queryName": "(Beta) Nifcloud DNS Has Verified Record", - "severity": "HIGH", + "queryName": "Nifcloud DNS Has Verified Record", + "severity": "LOW", "category": "Insecure Configurations", "descriptionText": "Removing verified record of TXT auth the risk that If the authentication record remains, anyone can register the zone", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/dns_record#record", diff --git a/assets/queries/terraform/nifcloud/dns_has_verified_record/query.rego b/assets/queries/terraform/nifcloud/dns_has_verified_record/query.rego index 60fe9c795e1..c1c26a77b2a 100644 --- a/assets/queries/terraform/nifcloud/dns_has_verified_record/query.rego +++ b/assets/queries/terraform/nifcloud/dns_has_verified_record/query.rego @@ -14,7 +14,7 @@ CxPolicy[result] { "resourceName": tf_lib.get_resource_name(dnsRecord, name), "searchKey": sprintf("nifcloud_dns_record[%s]", [name]), "issueType": "IncorrectValue", - "keyExpectedValue": sprintf("'nifcloud_dns_record[%s]' remove verified record", [name]), - "keyActualValue": sprintf("'nifcloud_dns_record[%s]' has risk of DNS records be used by others", [name]), + "keyExpectedValue": sprintf("'nifcloud_dns_record[%s]' should remove verified records.", [name]), + "keyActualValue": sprintf("'nifcloud_dns_record[%s]' has risk of DNS records to be used by others.", [name]), } } diff --git a/assets/queries/terraform/nifcloud/dns_has_verified_record/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/dns_has_verified_record/test/positive_expected_result.json index 4a73bd10d0d..b6523967215 100644 --- a/assets/queries/terraform/nifcloud/dns_has_verified_record/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/dns_has_verified_record/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { - "queryName": "(Beta) Nifcloud DNS Has Verified Record", - "severity": "HIGH", + "queryName": "Nifcloud DNS Has Verified Record", + "severity": "LOW", "line": 1, "fileName": "positive.tf" } diff --git a/assets/queries/terraform/nifcloud/elb_has_common_private/metadata.json b/assets/queries/terraform/nifcloud/elb_has_common_private/metadata.json index e74a65c035e..3373fa1e949 100644 --- a/assets/queries/terraform/nifcloud/elb_has_common_private/metadata.json +++ b/assets/queries/terraform/nifcloud/elb_has_common_private/metadata.json @@ -1,9 +1,9 @@ { "id": "5061f84c-ab66-4660-90b9-680c9df346c0", - "queryName": "(Beta) Nifcloud ELB Has Common Private Network", + "queryName": "Nifcloud ELB Has Common Private Network", "severity": "LOW", "category": "Networking and Firewall", - "descriptionText": "The elb has common private network", + "descriptionText": "The ELB has common private network", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/elb#network_id", "platform": "Terraform", "descriptionID": "40e5b2b8", diff --git a/assets/queries/terraform/nifcloud/elb_has_common_private/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/elb_has_common_private/test/positive_expected_result.json index 67e098f3278..93ef9fa8953 100644 --- a/assets/queries/terraform/nifcloud/elb_has_common_private/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/elb_has_common_private/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { - "queryName": "(Beta) Nifcloud ELB Has Common Private Network", + "queryName": "Nifcloud ELB Has Common Private Network", "severity": "LOW", "line": 1, "fileName": "positive1.tf" }, { - "queryName": "(Beta) Nifcloud ELB Has Common Private Network", + "queryName": "Nifcloud ELB Has Common Private Network", "severity": "LOW", "line": 1, "fileName": "positive2.tf" diff --git a/assets/queries/terraform/nifcloud/elb_listener_use_http/metadata.json b/assets/queries/terraform/nifcloud/elb_listener_use_http/metadata.json index 493f1c1dd82..54553b26fbf 100644 --- a/assets/queries/terraform/nifcloud/elb_listener_use_http/metadata.json +++ b/assets/queries/terraform/nifcloud/elb_listener_use_http/metadata.json @@ -1,9 +1,9 @@ { "id": "afcb0771-4f94-44ed-ad4a-9f73f11ce6e0", - "queryName": "(Beta) Nifcloud ELB Listener Use HTTP Protocol", - "severity": "HIGH", - "category": "Insecure Configurations", - "descriptionText": "The elb listener use http protocol", + "queryName": "Nifcloud ELB Listener Use HTTP Protocol", + "severity": "MEDIUM", + "category": "Networking and Firewall", + "descriptionText": "The ELB listener use http protocol", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/elb_listener#protocol", "platform": "Terraform", "descriptionID": "5a3b83e8", diff --git a/assets/queries/terraform/nifcloud/elb_listener_use_http/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/elb_listener_use_http/test/positive_expected_result.json index 558be99ef9b..f5ba08bf56a 100644 --- a/assets/queries/terraform/nifcloud/elb_listener_use_http/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/elb_listener_use_http/test/positive_expected_result.json @@ -1,13 +1,13 @@ [ { - "queryName": "(Beta) Nifcloud ELB Listener Use HTTP Protocol", - "severity": "HIGH", + "queryName": "Nifcloud ELB Listener Use HTTP Protocol", + "severity": "MEDIUM", "line": 1, "fileName": "positive1.tf" }, { - "queryName": "(Beta) Nifcloud ELB Listener Use HTTP Protocol", - "severity": "HIGH", + "queryName": "Nifcloud ELB Listener Use HTTP Protocol", + "severity": "MEDIUM", "line": 1, "fileName": "positive2.tf" } diff --git a/assets/queries/terraform/nifcloud/elb_use_http/metadata.json b/assets/queries/terraform/nifcloud/elb_use_http/metadata.json index 7025a7679b1..cf015d798d8 100644 --- a/assets/queries/terraform/nifcloud/elb_use_http/metadata.json +++ b/assets/queries/terraform/nifcloud/elb_use_http/metadata.json @@ -1,9 +1,9 @@ { "id": "e2de2b80-2fc2-4502-a764-40930dfcc70a", - "queryName": "(Beta) Nifcloud ELB Use HTTP Protocol", - "severity": "HIGH", - "category": "Insecure Configurations", - "descriptionText": "The elb use http protocol", + "queryName": "Nifcloud ELB Use HTTP Protocol", + "severity": "MEDIUM", + "category": "Networking and Firewall", + "descriptionText": "The ELB use HTTP protocol", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/elb#protocol", "platform": "Terraform", "descriptionID": "051c06d1", diff --git a/assets/queries/terraform/nifcloud/elb_use_http/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/elb_use_http/test/positive_expected_result.json index 7cea218e290..a880f233ae5 100644 --- a/assets/queries/terraform/nifcloud/elb_use_http/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/elb_use_http/test/positive_expected_result.json @@ -1,13 +1,13 @@ [ { - "queryName": "(Beta) Nifcloud ELB Use HTTP Protocol", - "severity": "HIGH", + "queryName": "Nifcloud ELB Use HTTP Protocol", + "severity": "MEDIUM", "line": 1, "fileName": "positive1.tf" }, { - "queryName": "(Beta) Nifcloud ELB Use HTTP Protocol", - "severity": "HIGH", + "queryName": "Nifcloud ELB Use HTTP Protocol", + "severity": "MEDIUM", "line": 1, "fileName": "positive2.tf" } diff --git a/assets/queries/terraform/nifcloud/load_balancer_listener_use_http/metadata.json b/assets/queries/terraform/nifcloud/load_balancer_listener_use_http/metadata.json index 93e6d7d7e15..539b60aaad9 100644 --- a/assets/queries/terraform/nifcloud/load_balancer_listener_use_http/metadata.json +++ b/assets/queries/terraform/nifcloud/load_balancer_listener_use_http/metadata.json @@ -1,9 +1,9 @@ { "id": "9f751a80-31f0-43a3-926c-20772791a038", - "queryName": "(Beta) Nifcloud LB Listener Use HTTP Port", - "severity": "HIGH", - "category": "Insecure Configurations", - "descriptionText": "The lb listener use http port", + "queryName": "Nifcloud LB Listener Use HTTP Port", + "severity": "MEDIUM", + "category": "Networking and Firewall", + "descriptionText": "The LB listener use HTTP port", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/load_balancer_listener#load_balancer_port", "platform": "Terraform", "descriptionID": "c078c492", diff --git a/assets/queries/terraform/nifcloud/load_balancer_listener_use_http/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/load_balancer_listener_use_http/test/positive_expected_result.json index c312bb791f4..07dd3ff57eb 100644 --- a/assets/queries/terraform/nifcloud/load_balancer_listener_use_http/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/load_balancer_listener_use_http/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { - "queryName": "(Beta) Nifcloud LB Listener Use HTTP Port", - "severity": "HIGH", + "queryName": "Nifcloud LB Listener Use HTTP Port", + "severity": "MEDIUM", "line": 1, "fileName": "positive.tf" } diff --git a/assets/queries/terraform/nifcloud/load_balancer_use_http/metadata.json b/assets/queries/terraform/nifcloud/load_balancer_use_http/metadata.json index cc2ba011174..4ae4771417d 100644 --- a/assets/queries/terraform/nifcloud/load_balancer_use_http/metadata.json +++ b/assets/queries/terraform/nifcloud/load_balancer_use_http/metadata.json @@ -1,9 +1,9 @@ { "id": "94e47f3f-b90b-43a1-a36d-521580bae863", - "queryName": "(Beta) Nifcloud LB Use HTTP Port", - "severity": "HIGH", - "category": "Insecure Configurations", - "descriptionText": "The lb use http port", + "queryName": "Nifcloud LB Use HTTP Port", + "severity": "MEDIUM", + "category": "Networking and Firewall", + "descriptionText": "The LB use HTTP port", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/load_balancer#load_balancer_port", "platform": "Terraform", "descriptionID": "fc3831f9", diff --git a/assets/queries/terraform/nifcloud/load_balancer_use_http/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/load_balancer_use_http/test/positive_expected_result.json index d68db05b691..a0f43d79674 100644 --- a/assets/queries/terraform/nifcloud/load_balancer_use_http/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/load_balancer_use_http/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { - "queryName": "(Beta) Nifcloud LB Use HTTP Port", - "severity": "HIGH", + "queryName": "Nifcloud LB Use HTTP Port", + "severity": "MEDIUM", "line": 1, "fileName": "positive.tf" } diff --git a/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_id/metadata.json b/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_id/metadata.json index b8583713e1a..79ba6d139a3 100644 --- a/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_id/metadata.json +++ b/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_id/metadata.json @@ -1,9 +1,9 @@ { "id": "944439c7-b4b8-476a-8f83-14641ea876ba", - "queryName": "(Beta) Nifcloud LB Use Insecure TLS Policy ID", - "severity": "HIGH", - "category": "Insecure Configurations", - "descriptionText": "The lb use insecure tls policy", + "queryName": "Nifcloud LB Use Insecure TLS Policy ID", + "severity": "MEDIUM", + "category": "Encryption", + "descriptionText": "The LB use insecure TLS policy", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/load_balancer#ssl_policy_id", "platform": "Terraform", "descriptionID": "4e6e920b", diff --git a/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_id/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_id/test/positive_expected_result.json index 69817d0016d..4b3ebdfa41f 100644 --- a/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_id/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_id/test/positive_expected_result.json @@ -1,13 +1,13 @@ [ { - "queryName": "(Beta) Nifcloud LB Use Insecure TLS Policy ID", - "severity": "HIGH", + "queryName": "Nifcloud LB Use Insecure TLS Policy ID", + "severity": "MEDIUM", "line": 1, "fileName": "positive1.tf" }, { - "queryName": "(Beta) Nifcloud LB Use Insecure TLS Policy ID", - "severity": "HIGH", + "queryName": "Nifcloud LB Use Insecure TLS Policy ID", + "severity": "MEDIUM", "line": 1, "fileName": "positive2.tf" } diff --git a/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_name/metadata.json b/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_name/metadata.json index 61c44cea34c..bb5d5494f0b 100644 --- a/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_name/metadata.json +++ b/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_name/metadata.json @@ -1,8 +1,8 @@ { "id": "675e8eaa-2754-42b7-bf33-bfa295d1601d", - "queryName": "(Beta) Nifcloud LB Use Insecure TLS Policy Name", - "severity": "HIGH", - "category": "Insecure Configurations", + "queryName": "Nifcloud LB Use Insecure TLS Policy Name", + "severity": "MEDIUM", + "category": "Encryption", "descriptionText": "The lb use insecure tls policy", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/load_balancer#ssl_policy_name", "platform": "Terraform", diff --git a/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_name/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_name/test/positive_expected_result.json index b2a6a1a6945..fd9b6b46905 100644 --- a/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_name/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_name/test/positive_expected_result.json @@ -1,13 +1,13 @@ [ { - "queryName": "(Beta) Nifcloud LB Use Insecure TLS Policy Name", - "severity": "HIGH", + "queryName": "Nifcloud LB Use Insecure TLS Policy Name", + "severity": "MEDIUM", "line": 1, "fileName": "positive1.tf" }, { - "queryName": "(Beta) Nifcloud LB Use Insecure TLS Policy Name", - "severity": "HIGH", + "queryName": "Nifcloud LB Use Insecure TLS Policy Name", + "severity": "MEDIUM", "line": 1, "fileName": "positive2.tf" } diff --git a/assets/queries/terraform/nifcloud/nas_instance_has_common_private/metadata.json b/assets/queries/terraform/nifcloud/nas_instance_has_common_private/metadata.json index 921b06eb1d1..3119e0f7da0 100644 --- a/assets/queries/terraform/nifcloud/nas_instance_has_common_private/metadata.json +++ b/assets/queries/terraform/nifcloud/nas_instance_has_common_private/metadata.json @@ -1,9 +1,9 @@ { "id": "4b801c38-ebb4-4c81-984b-1ba525d43adf", - "queryName": "(Beta) Nifcloud NAS Has Common Private Network", + "queryName": "Nifcloud NAS Has Common Private Network", "severity": "LOW", "category": "Networking and Firewall", - "descriptionText": "The nas has common private network", + "descriptionText": "The NAS has common private network", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/nas_instance#network_id", "platform": "Terraform", "descriptionID": "a54c489c", diff --git a/assets/queries/terraform/nifcloud/nas_instance_has_common_private/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/nas_instance_has_common_private/test/positive_expected_result.json index afea74ba3df..25d43939456 100644 --- a/assets/queries/terraform/nifcloud/nas_instance_has_common_private/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/nas_instance_has_common_private/test/positive_expected_result.json @@ -1,6 +1,6 @@ [ { - "queryName": "(Beta) Nifcloud NAS Has Common Private Network", + "queryName": "Nifcloud NAS Has Common Private Network", "severity": "LOW", "line": 1, "fileName": "positive.tf" diff --git a/assets/queries/terraform/nifcloud/nas_security_group_description_undefined/metadata.json b/assets/queries/terraform/nifcloud/nas_security_group_description_undefined/metadata.json index d24d09f8516..3b5439fcc53 100644 --- a/assets/queries/terraform/nifcloud/nas_security_group_description_undefined/metadata.json +++ b/assets/queries/terraform/nifcloud/nas_security_group_description_undefined/metadata.json @@ -1,9 +1,9 @@ { "id": "e840c54a-7a4c-405f-b8c1-c49a54b87d11", - "queryName": "(Beta) Nifcloud NAS Undefined Description To NAS Security Group", - "severity": "LOW", - "category": "Networking and Firewall", - "descriptionText": "Missing description for nas security group", + "queryName": "Nifcloud NAS Undefined Description To NAS Security Group", + "severity": "INFO", + "category": "Best Practices", + "descriptionText": "It's considered a best practice for NAS Security Group to have a description", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/nas_security_group#description", "platform": "Terraform", "descriptionID": "ae325808", diff --git a/assets/queries/terraform/nifcloud/nas_security_group_description_undefined/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/nas_security_group_description_undefined/test/positive_expected_result.json index b519c074df9..7a29f969aee 100644 --- a/assets/queries/terraform/nifcloud/nas_security_group_description_undefined/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/nas_security_group_description_undefined/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { - "queryName": "(Beta) Nifcloud NAS Undefined Description To NAS Security Group", - "severity": "LOW", + "queryName": "Nifcloud NAS Undefined Description To NAS Security Group", + "severity": "INFO", "line": 1, "fileName": "positive.tf" } diff --git a/assets/queries/terraform/nifcloud/nas_security_group_has_public_ingress_sgr/metadata.json b/assets/queries/terraform/nifcloud/nas_security_group_has_public_ingress_sgr/metadata.json index 0476a23f5c4..3cc15175d38 100644 --- a/assets/queries/terraform/nifcloud/nas_security_group_has_public_ingress_sgr/metadata.json +++ b/assets/queries/terraform/nifcloud/nas_security_group_has_public_ingress_sgr/metadata.json @@ -1,9 +1,9 @@ { "id": "8d7758a7-d9cd-499a-a83e-c9bdcbff728d", - "queryName": "(Beta) Nifcloud NAS Has Public Ingress NAS Security Group Rule", + "queryName": "Nifcloud NAS Has Public Ingress NAS Security Group Rule", "severity": "HIGH", "category": "Networking and Firewall", - "descriptionText": "An ingress nas security group rule allows traffic from /0", + "descriptionText": "An ingress NAS security group rule allows traffic from /0", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/nas_security_group#cidr_ip", "platform": "Terraform", "descriptionID": "5cf1f2e2", diff --git a/assets/queries/terraform/nifcloud/nas_security_group_has_public_ingress_sgr/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/nas_security_group_has_public_ingress_sgr/test/positive_expected_result.json index eeb8bb717e7..3aa266359bb 100644 --- a/assets/queries/terraform/nifcloud/nas_security_group_has_public_ingress_sgr/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/nas_security_group_has_public_ingress_sgr/test/positive_expected_result.json @@ -1,6 +1,6 @@ [ { - "queryName": "(Beta) Nifcloud NAS Has Public Ingress NAS Security Group Rule", + "queryName": "Nifcloud NAS Has Public Ingress NAS Security Group Rule", "severity": "HIGH", "line": 1, "fileName": "positive.tf" diff --git a/assets/queries/terraform/nifcloud/router_has_common_private/metadata.json b/assets/queries/terraform/nifcloud/router_has_common_private/metadata.json index 4fa6613dbc2..3dc018cd839 100644 --- a/assets/queries/terraform/nifcloud/router_has_common_private/metadata.json +++ b/assets/queries/terraform/nifcloud/router_has_common_private/metadata.json @@ -1,6 +1,6 @@ { "id": "30c2760c-740e-4672-9d7f-2c29e0cb385d", - "queryName": "(Beta) Nifcloud Router Has Common Private Network", + "queryName": "Nifcloud Router Has Common Private Network", "severity": "LOW", "category": "Networking and Firewall", "descriptionText": "The router has common private network", diff --git a/assets/queries/terraform/nifcloud/router_has_common_private/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/router_has_common_private/test/positive_expected_result.json index 1ec4de4e277..4ee87233b90 100644 --- a/assets/queries/terraform/nifcloud/router_has_common_private/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/router_has_common_private/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { - "queryName": "(Beta) Nifcloud Router Has Common Private Network", + "queryName": "Nifcloud Router Has Common Private Network", "severity": "LOW", "line": 1, "fileName": "positive1.tf" }, { - "queryName": "(Beta) Nifcloud Router Has Common Private Network", + "queryName": "Nifcloud Router Has Common Private Network", "severity": "LOW", "line": 1, "fileName": "positive2.tf" diff --git a/assets/queries/terraform/nifcloud/router_security_group_undefined/metadata.json b/assets/queries/terraform/nifcloud/router_security_group_undefined/metadata.json index 96bd4dbffc2..dc9bc1b5d15 100644 --- a/assets/queries/terraform/nifcloud/router_security_group_undefined/metadata.json +++ b/assets/queries/terraform/nifcloud/router_security_group_undefined/metadata.json @@ -1,9 +1,9 @@ { "id": "e7dada38-af20-4899-8955-dabea84ab1f0", - "queryName": "(Beta) Nifcloud Router Undefined Security Group To Router", + "queryName": "Nifcloud Router Undefined Security Group To Router", "severity": "HIGH", "category": "Networking and Firewall", - "descriptionText": "Missing security group for router", + "descriptionText": "Missing security group for Router", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/router#security_group", "platform": "Terraform", "descriptionID": "4cd22b80", diff --git a/assets/queries/terraform/nifcloud/router_security_group_undefined/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/router_security_group_undefined/test/positive_expected_result.json index c27d67f4b9d..8bb5a2e951b 100644 --- a/assets/queries/terraform/nifcloud/router_security_group_undefined/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/router_security_group_undefined/test/positive_expected_result.json @@ -1,6 +1,6 @@ [ { - "queryName": "(Beta) Nifcloud Router Undefined Security Group To Router", + "queryName": "Nifcloud Router Undefined Security Group To Router", "severity": "HIGH", "line": 1, "fileName": "positive.tf" diff --git a/assets/queries/terraform/nifcloud/vpn_gateway_security_group_undefined/metadata.json b/assets/queries/terraform/nifcloud/vpn_gateway_security_group_undefined/metadata.json index c918f3e5e81..8802f5022e3 100644 --- a/assets/queries/terraform/nifcloud/vpn_gateway_security_group_undefined/metadata.json +++ b/assets/queries/terraform/nifcloud/vpn_gateway_security_group_undefined/metadata.json @@ -1,9 +1,9 @@ { "id": "b3535a48-910c-47f8-8b3b-14222f29ef80", - "queryName": "(Beta) Nifcloud Vpn Gateway Undefined Security Group To Vpn Gateway", + "queryName": "Nifcloud Vpn Gateway Undefined Security Group To Vpn Gateway", "severity": "HIGH", "category": "Networking and Firewall", - "descriptionText": "Missing security group for vpn gateway", + "descriptionText": "Missing security group for Vpn gateway", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/vpn_gateway#security_group", "platform": "Terraform", "descriptionID": "ba50cd20", diff --git a/assets/queries/terraform/nifcloud/vpn_gateway_security_group_undefined/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/vpn_gateway_security_group_undefined/test/positive_expected_result.json index a3eef4a43eb..4ddada348b0 100644 --- a/assets/queries/terraform/nifcloud/vpn_gateway_security_group_undefined/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/vpn_gateway_security_group_undefined/test/positive_expected_result.json @@ -1,6 +1,6 @@ [ { - "queryName": "(Beta) Nifcloud Vpn Gateway Undefined Security Group To Vpn Gateway", + "queryName": "Nifcloud Vpn Gateway Undefined Security Group To Vpn Gateway", "severity": "HIGH", "line": 1, "fileName": "positive.tf" From 7cf695bce8d84ac48e22687648cb6edd1e2e75c3 Mon Sep 17 00:00:00 2001 From: Artur Ribeiro Date: Fri, 19 Jul 2024 15:08:36 +0100 Subject: [PATCH 2/4] refactor naming and phrasing after review --- .../db_does_not_have_long_backup_retention/metadata.json | 4 ++-- .../db_does_not_have_long_backup_retention/query.rego | 2 +- .../test/positive_expected_result.json | 4 ++-- .../metadata.json | 0 .../{db_has_public_access => db_public_access}/query.rego | 8 ++++---- .../test/negative.tf | 0 .../test/positive1.tf | 2 +- .../test/positive2.tf | 2 +- .../test/positive_expected_result.json | 0 .../metadata.json | 2 +- .../terraform/nifcloud/dns_has_verified_record/query.rego | 4 ++-- .../nifcloud/elb_listener_use_http/metadata.json | 4 ++-- .../terraform/nifcloud/elb_listener_use_http/query.rego | 4 ++-- .../test/positive_expected_result.json | 4 ++-- .../queries/terraform/nifcloud/elb_use_http/metadata.json | 4 ++-- assets/queries/terraform/nifcloud/elb_use_http/query.rego | 4 ++-- .../elb_use_http/test/positive_expected_result.json | 4 ++-- .../load_balancer_listener_use_http/metadata.json | 4 ++-- .../nifcloud/load_balancer_listener_use_http/query.rego | 4 ++-- .../test/positive_expected_result.json | 2 +- .../nifcloud/load_balancer_use_http/metadata.json | 4 ++-- .../terraform/nifcloud/load_balancer_use_http/query.rego | 4 ++-- .../test/positive_expected_result.json | 2 +- .../metadata.json | 4 ++-- .../load_balancer_use_insecure_tls_policy_id/query.rego | 4 ++-- .../test/positive_expected_result.json | 4 ++-- .../metadata.json | 4 ++-- .../load_balancer_use_insecure_tls_policy_name/query.rego | 4 ++-- .../test/positive_expected_result.json | 4 ++-- .../nifcloud/router_has_common_private/metadata.json | 2 +- .../nifcloud/router_has_common_private/query.rego | 8 ++++---- .../router_security_group_undefined/metadata.json | 2 +- .../test/positive_expected_result.json | 2 +- .../vpn_gateway_security_group_undefined/metadata.json | 4 ++-- .../vpn_gateway_security_group_undefined/query.rego | 4 ++-- .../test/positive_expected_result.json | 2 +- 36 files changed, 60 insertions(+), 60 deletions(-) rename assets/queries/terraform/nifcloud/{db_has_public_access => db_public_access}/metadata.json (100%) rename assets/queries/terraform/nifcloud/{db_has_public_access => db_public_access}/query.rego (69%) rename assets/queries/terraform/nifcloud/{db_has_public_access => db_public_access}/test/negative.tf (100%) rename assets/queries/terraform/nifcloud/{db_has_public_access => db_public_access}/test/positive1.tf (68%) rename assets/queries/terraform/nifcloud/{db_has_public_access => db_public_access}/test/positive2.tf (61%) rename assets/queries/terraform/nifcloud/{db_has_public_access => db_public_access}/test/positive_expected_result.json (100%) diff --git a/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/metadata.json b/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/metadata.json index f037dfb4e04..6090546a6d0 100644 --- a/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/metadata.json +++ b/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/metadata.json @@ -1,9 +1,9 @@ { "id": "e5071f76-cbe7-468d-bb2b-d10f02d2b713", - "queryName": "Nifcloud RDB Has Low Backup Retention", + "queryName": "Nifcloud Low RDB Backup Retention Period", "severity": "LOW", "category": "Backup", - "descriptionText": "Nifcloud RDB backup retention should be atleast 7 days", + "descriptionText": "Nifcloud RDB backup retention should be at least 7 days", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/db_instance#backup_retention_period", "platform": "Terraform", "descriptionID": "5fadf94a", diff --git a/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/query.rego b/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/query.rego index 3b6da3c1cac..965203d8c44 100644 --- a/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/query.rego +++ b/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/query.rego @@ -15,7 +15,7 @@ CxPolicy[result] { "searchKey": sprintf("nifcloud_db_instance[%s]", [name]), "issueType": "MissingAttribute", "keyExpectedValue": sprintf("'nifcloud_db_instance[%s]' should have backup retention of at least 7 days", [name]), - "keyActualValue": sprintf("'nifcloud_db_instance[%s]' doesn't define a backup retention period", [name]), + "keyActualValue": sprintf("'nifcloud_db_instance[%s]' doesn't have a backup retention period defined", [name]), } } diff --git a/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/test/positive_expected_result.json index 59dd8d1cdda..27c28135d5e 100644 --- a/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { - "queryName": "Nifcloud RDB Has Low Backup Retention", + "queryName": "Nifcloud Low RDB Backup Retention Period", "severity": "LOW", "line": 1, "fileName": "positive1.tf" }, { - "queryName": "Nifcloud RDB Has Low Backup Retention", + "queryName": "Nifcloud Low RDB Backup Retention Period", "severity": "LOW", "line": 1, "fileName": "positive2.tf" diff --git a/assets/queries/terraform/nifcloud/db_has_public_access/metadata.json b/assets/queries/terraform/nifcloud/db_public_access/metadata.json similarity index 100% rename from assets/queries/terraform/nifcloud/db_has_public_access/metadata.json rename to assets/queries/terraform/nifcloud/db_public_access/metadata.json diff --git a/assets/queries/terraform/nifcloud/db_has_public_access/query.rego b/assets/queries/terraform/nifcloud/db_public_access/query.rego similarity index 69% rename from assets/queries/terraform/nifcloud/db_has_public_access/query.rego rename to assets/queries/terraform/nifcloud/db_public_access/query.rego index aaab86324fd..b8d46f69b4a 100644 --- a/assets/queries/terraform/nifcloud/db_has_public_access/query.rego +++ b/assets/queries/terraform/nifcloud/db_public_access/query.rego @@ -14,8 +14,8 @@ CxPolicy[result] { "resourceName": tf_lib.get_resource_name(dbInstance, name), "searchKey": sprintf("nifcloud_db_instance[%s]", [name]), "issueType": "IncorrectValue", - "keyExpectedValue": sprintf("'nifcloud_db_instance[%s]' should not use publicly accessible set to true. You should limit all access to the minimum that is required for your application to function.", [name]), - "keyActualValue": sprintf("'nifcloud_db_instance[%s]' has publicly accessible set to true.", [name]), + "keyExpectedValue": sprintf("publicly_accessible should not be set to true on 'nifcloud_db_instance[%s]'. You should limit all access to the minimum that is required for your application to function.", [name]), + "keyActualValue": sprintf("'nifcloud_db_instance[%s]' has publicly_accessible set to true.", [name]), } } @@ -30,7 +30,7 @@ CxPolicy[result] { "resourceName": tf_lib.get_resource_name(dbInstance, name), "searchKey": sprintf("nifcloud_db_instance[%s]", [name]), "issueType": "MissingAttribute", - "keyExpectedValue": sprintf("'nifcloud_db_instance[%s]' should have publicly accessible defined as the default value is set to true. You should limit all access to the minimum that is required for your application to function.", [name]), - "keyActualValue": sprintf("'nifcloud_db_instance[%s]' doesn't define publicly accessible.", [name]), + "keyExpectedValue": sprintf("'nifcloud_db_instance[%s]' should have publicly_accessible defined as value is set to true by default. You should limit all access to the minimum that is required for your application to function.", [name]), + "keyActualValue": sprintf("'nifcloud_db_instance[%s]' doesn't have publicly_accessible defined.", [name]), } } diff --git a/assets/queries/terraform/nifcloud/db_has_public_access/test/negative.tf b/assets/queries/terraform/nifcloud/db_public_access/test/negative.tf similarity index 100% rename from assets/queries/terraform/nifcloud/db_has_public_access/test/negative.tf rename to assets/queries/terraform/nifcloud/db_public_access/test/negative.tf diff --git a/assets/queries/terraform/nifcloud/db_has_public_access/test/positive1.tf b/assets/queries/terraform/nifcloud/db_public_access/test/positive1.tf similarity index 68% rename from assets/queries/terraform/nifcloud/db_has_public_access/test/positive1.tf rename to assets/queries/terraform/nifcloud/db_public_access/test/positive1.tf index 1b481c93433..921f3abbfaf 100644 --- a/assets/queries/terraform/nifcloud/db_has_public_access/test/positive1.tf +++ b/assets/queries/terraform/nifcloud/db_public_access/test/positive1.tf @@ -1,4 +1,4 @@ -resource "nifcloud_db_instance" "positive" { +resource "nifcloud_db_instance" "positive1" { identifier = "example" instance_class = "db.large8" publicly_accessible = true diff --git a/assets/queries/terraform/nifcloud/db_has_public_access/test/positive2.tf b/assets/queries/terraform/nifcloud/db_public_access/test/positive2.tf similarity index 61% rename from assets/queries/terraform/nifcloud/db_has_public_access/test/positive2.tf rename to assets/queries/terraform/nifcloud/db_public_access/test/positive2.tf index 5d4970c8143..1720b72f681 100644 --- a/assets/queries/terraform/nifcloud/db_has_public_access/test/positive2.tf +++ b/assets/queries/terraform/nifcloud/db_public_access/test/positive2.tf @@ -1,4 +1,4 @@ -resource "nifcloud_db_instance" "positive" { +resource "nifcloud_db_instance" "positive2" { identifier = "example" instance_class = "db.large8" } diff --git a/assets/queries/terraform/nifcloud/db_has_public_access/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/db_public_access/test/positive_expected_result.json similarity index 100% rename from assets/queries/terraform/nifcloud/db_has_public_access/test/positive_expected_result.json rename to assets/queries/terraform/nifcloud/db_public_access/test/positive_expected_result.json diff --git a/assets/queries/terraform/nifcloud/db_security_group_has_public_ingress_sgr/metadata.json b/assets/queries/terraform/nifcloud/db_security_group_has_public_ingress_sgr/metadata.json index fcff5126c2f..c5d97654142 100644 --- a/assets/queries/terraform/nifcloud/db_security_group_has_public_ingress_sgr/metadata.json +++ b/assets/queries/terraform/nifcloud/db_security_group_has_public_ingress_sgr/metadata.json @@ -3,7 +3,7 @@ "queryName": "Nifcloud RDB Has Public DB Ingress Security Group Rule", "severity": "HIGH", "category": "Networking and Firewall", - "descriptionText": "An DB ingress security group rule allows traffic from /0", + "descriptionText": "A DB ingress security group rule allows traffic from /0", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/db_security_group#cidr_ip", "platform": "Terraform", "descriptionID": "05a9f362", diff --git a/assets/queries/terraform/nifcloud/dns_has_verified_record/query.rego b/assets/queries/terraform/nifcloud/dns_has_verified_record/query.rego index c1c26a77b2a..08dfd6e7ccc 100644 --- a/assets/queries/terraform/nifcloud/dns_has_verified_record/query.rego +++ b/assets/queries/terraform/nifcloud/dns_has_verified_record/query.rego @@ -14,7 +14,7 @@ CxPolicy[result] { "resourceName": tf_lib.get_resource_name(dnsRecord, name), "searchKey": sprintf("nifcloud_dns_record[%s]", [name]), "issueType": "IncorrectValue", - "keyExpectedValue": sprintf("'nifcloud_dns_record[%s]' should remove verified records.", [name]), - "keyActualValue": sprintf("'nifcloud_dns_record[%s]' has risk of DNS records to be used by others.", [name]), + "keyExpectedValue": sprintf("Verified records should be removed from 'nifcloud_dns_record[%s]'.", [name]), + "keyActualValue": sprintf("'nifcloud_dns_record[%s]' has risk of DNS records being used by others.", [name]), } } diff --git a/assets/queries/terraform/nifcloud/elb_listener_use_http/metadata.json b/assets/queries/terraform/nifcloud/elb_listener_use_http/metadata.json index 54553b26fbf..cecf4a145c7 100644 --- a/assets/queries/terraform/nifcloud/elb_listener_use_http/metadata.json +++ b/assets/queries/terraform/nifcloud/elb_listener_use_http/metadata.json @@ -1,9 +1,9 @@ { "id": "afcb0771-4f94-44ed-ad4a-9f73f11ce6e0", - "queryName": "Nifcloud ELB Listener Use HTTP Protocol", + "queryName": "Nifcloud ELB Listener Using HTTP Protocol", "severity": "MEDIUM", "category": "Networking and Firewall", - "descriptionText": "The ELB listener use http protocol", + "descriptionText": "The ELB listener using http protocol", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/elb_listener#protocol", "platform": "Terraform", "descriptionID": "5a3b83e8", diff --git a/assets/queries/terraform/nifcloud/elb_listener_use_http/query.rego b/assets/queries/terraform/nifcloud/elb_listener_use_http/query.rego index a4a98c2ec62..f62aec73e0e 100644 --- a/assets/queries/terraform/nifcloud/elb_listener_use_http/query.rego +++ b/assets/queries/terraform/nifcloud/elb_listener_use_http/query.rego @@ -20,8 +20,8 @@ CxPolicy[result] { "resourceName": tf_lib.get_resource_name(elb_listener, name), "searchKey": sprintf("nifcloud_elb_listener[%s]", [name]), "issueType": "IncorrectValue", - "keyExpectedValue": sprintf("'nifcloud_elb_listener[%s]' should switch to HTTPS to benefit from TLS security features", [name]), - "keyActualValue": sprintf("'nifcloud_elb_listener[%s]' use HTTP protocol", [name]), + "keyExpectedValue": sprintf("'nifcloud_elb_listener[%s]' should switch to HTTPS to benefit from TLS security features.", [name]), + "keyActualValue": sprintf("'nifcloud_elb_listener[%s]' using HTTP protocol.", [name]), } } diff --git a/assets/queries/terraform/nifcloud/elb_listener_use_http/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/elb_listener_use_http/test/positive_expected_result.json index f5ba08bf56a..1c910a5b611 100644 --- a/assets/queries/terraform/nifcloud/elb_listener_use_http/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/elb_listener_use_http/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { - "queryName": "Nifcloud ELB Listener Use HTTP Protocol", + "queryName": "Nifcloud ELB Listener Using HTTP Protocol", "severity": "MEDIUM", "line": 1, "fileName": "positive1.tf" }, { - "queryName": "Nifcloud ELB Listener Use HTTP Protocol", + "queryName": "Nifcloud ELB Listener Using HTTP Protocol", "severity": "MEDIUM", "line": 1, "fileName": "positive2.tf" diff --git a/assets/queries/terraform/nifcloud/elb_use_http/metadata.json b/assets/queries/terraform/nifcloud/elb_use_http/metadata.json index cf015d798d8..4be8c89c674 100644 --- a/assets/queries/terraform/nifcloud/elb_use_http/metadata.json +++ b/assets/queries/terraform/nifcloud/elb_use_http/metadata.json @@ -1,9 +1,9 @@ { "id": "e2de2b80-2fc2-4502-a764-40930dfcc70a", - "queryName": "Nifcloud ELB Use HTTP Protocol", + "queryName": "Nifcloud ELB Using HTTP Protocol", "severity": "MEDIUM", "category": "Networking and Firewall", - "descriptionText": "The ELB use HTTP protocol", + "descriptionText": "The ELB using HTTP protocol", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/elb#protocol", "platform": "Terraform", "descriptionID": "051c06d1", diff --git a/assets/queries/terraform/nifcloud/elb_use_http/query.rego b/assets/queries/terraform/nifcloud/elb_use_http/query.rego index 1802d083b95..3fdbf23e575 100644 --- a/assets/queries/terraform/nifcloud/elb_use_http/query.rego +++ b/assets/queries/terraform/nifcloud/elb_use_http/query.rego @@ -40,7 +40,7 @@ CxPolicy[result] { "resourceName": tf_lib.get_resource_name(elb, name), "searchKey": sprintf("nifcloud_elb[%s]", [name]), "issueType": "IncorrectValue", - "keyExpectedValue": sprintf("'nifcloud_elb[%s]' should switch to HTTPS to benefit from TLS security features", [name]), - "keyActualValue": sprintf("'nifcloud_elb[%s]' use HTTP protocol", [name]), + "keyExpectedValue": sprintf("'nifcloud_elb[%s]' should switch to HTTPS to benefit from TLS security features.", [name]), + "keyActualValue": sprintf("'nifcloud_elb[%s]' using HTTP protocol.", [name]), } } diff --git a/assets/queries/terraform/nifcloud/elb_use_http/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/elb_use_http/test/positive_expected_result.json index a880f233ae5..8234db197e2 100644 --- a/assets/queries/terraform/nifcloud/elb_use_http/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/elb_use_http/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { - "queryName": "Nifcloud ELB Use HTTP Protocol", + "queryName": "Nifcloud ELB Using HTTP Protocol", "severity": "MEDIUM", "line": 1, "fileName": "positive1.tf" }, { - "queryName": "Nifcloud ELB Use HTTP Protocol", + "queryName": "Nifcloud ELB Using HTTP Protocol", "severity": "MEDIUM", "line": 1, "fileName": "positive2.tf" diff --git a/assets/queries/terraform/nifcloud/load_balancer_listener_use_http/metadata.json b/assets/queries/terraform/nifcloud/load_balancer_listener_use_http/metadata.json index 539b60aaad9..6e255b13d17 100644 --- a/assets/queries/terraform/nifcloud/load_balancer_listener_use_http/metadata.json +++ b/assets/queries/terraform/nifcloud/load_balancer_listener_use_http/metadata.json @@ -1,9 +1,9 @@ { "id": "9f751a80-31f0-43a3-926c-20772791a038", - "queryName": "Nifcloud LB Listener Use HTTP Port", + "queryName": "Nifcloud LB Listener Using HTTP Port", "severity": "MEDIUM", "category": "Networking and Firewall", - "descriptionText": "The LB listener use HTTP port", + "descriptionText": "The LB listener using HTTP port", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/load_balancer_listener#load_balancer_port", "platform": "Terraform", "descriptionID": "c078c492", diff --git a/assets/queries/terraform/nifcloud/load_balancer_listener_use_http/query.rego b/assets/queries/terraform/nifcloud/load_balancer_listener_use_http/query.rego index 857c05785a6..00045c9c3ba 100644 --- a/assets/queries/terraform/nifcloud/load_balancer_listener_use_http/query.rego +++ b/assets/queries/terraform/nifcloud/load_balancer_listener_use_http/query.rego @@ -14,7 +14,7 @@ CxPolicy[result] { "resourceName": tf_lib.get_resource_name(lb_listener, name), "searchKey": sprintf("nifcloud_load_balancer_listener[%s]", [name]), "issueType": "IncorrectValue", - "keyExpectedValue": sprintf("'nifcloud_load_balancer_listener[%s]' should switch to HTTPS to benefit from TLS security features", [name]), - "keyActualValue": sprintf("'nifcloud_load_balancer_listener[%s]' use HTTP port", [name]), + "keyExpectedValue": sprintf("'nifcloud_load_balancer_listener[%s]' should switch to HTTPS to benefit from TLS security features.", [name]), + "keyActualValue": sprintf("'nifcloud_load_balancer_listener[%s]' using HTTP port.", [name]), } } diff --git a/assets/queries/terraform/nifcloud/load_balancer_listener_use_http/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/load_balancer_listener_use_http/test/positive_expected_result.json index 07dd3ff57eb..2546d14e399 100644 --- a/assets/queries/terraform/nifcloud/load_balancer_listener_use_http/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/load_balancer_listener_use_http/test/positive_expected_result.json @@ -1,6 +1,6 @@ [ { - "queryName": "Nifcloud LB Listener Use HTTP Port", + "queryName": "Nifcloud LB Listener Using HTTP Port", "severity": "MEDIUM", "line": 1, "fileName": "positive.tf" diff --git a/assets/queries/terraform/nifcloud/load_balancer_use_http/metadata.json b/assets/queries/terraform/nifcloud/load_balancer_use_http/metadata.json index 4ae4771417d..aa6d5776116 100644 --- a/assets/queries/terraform/nifcloud/load_balancer_use_http/metadata.json +++ b/assets/queries/terraform/nifcloud/load_balancer_use_http/metadata.json @@ -1,9 +1,9 @@ { "id": "94e47f3f-b90b-43a1-a36d-521580bae863", - "queryName": "Nifcloud LB Use HTTP Port", + "queryName": "Nifcloud LB Using HTTP Port", "severity": "MEDIUM", "category": "Networking and Firewall", - "descriptionText": "The LB use HTTP port", + "descriptionText": "The LB using HTTP port", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/load_balancer#load_balancer_port", "platform": "Terraform", "descriptionID": "fc3831f9", diff --git a/assets/queries/terraform/nifcloud/load_balancer_use_http/query.rego b/assets/queries/terraform/nifcloud/load_balancer_use_http/query.rego index d561621bd1b..0f66222c54c 100644 --- a/assets/queries/terraform/nifcloud/load_balancer_use_http/query.rego +++ b/assets/queries/terraform/nifcloud/load_balancer_use_http/query.rego @@ -14,7 +14,7 @@ CxPolicy[result] { "resourceName": tf_lib.get_resource_name(lb, name), "searchKey": sprintf("nifcloud_load_balancer[%s]", [name]), "issueType": "IncorrectValue", - "keyExpectedValue": sprintf("'nifcloud_load_balancer[%s]' should switch to HTTPS to benefit from TLS security features", [name]), - "keyActualValue": sprintf("'nifcloud_load_balancer[%s]' use HTTP port", [name]), + "keyExpectedValue": sprintf("'nifcloud_load_balancer[%s]' should switch to HTTPS to benefit from TLS security features.", [name]), + "keyActualValue": sprintf("'nifcloud_load_balancer[%s]' using HTTP port.", [name]), } } diff --git a/assets/queries/terraform/nifcloud/load_balancer_use_http/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/load_balancer_use_http/test/positive_expected_result.json index a0f43d79674..9e59261f27a 100644 --- a/assets/queries/terraform/nifcloud/load_balancer_use_http/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/load_balancer_use_http/test/positive_expected_result.json @@ -1,6 +1,6 @@ [ { - "queryName": "Nifcloud LB Use HTTP Port", + "queryName": "Nifcloud LB Using HTTP Port", "severity": "MEDIUM", "line": 1, "fileName": "positive.tf" diff --git a/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_id/metadata.json b/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_id/metadata.json index 79ba6d139a3..c4ea81f8f08 100644 --- a/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_id/metadata.json +++ b/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_id/metadata.json @@ -1,9 +1,9 @@ { "id": "944439c7-b4b8-476a-8f83-14641ea876ba", - "queryName": "Nifcloud LB Use Insecure TLS Policy ID", + "queryName": "Nifcloud LB Using Insecure TLS Policy ID", "severity": "MEDIUM", "category": "Encryption", - "descriptionText": "The LB use insecure TLS policy", + "descriptionText": "The LB using insecure TLS policy", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/load_balancer#ssl_policy_id", "platform": "Terraform", "descriptionID": "4e6e920b", diff --git a/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_id/query.rego b/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_id/query.rego index e0b5c9a5c51..f8d5efe46ae 100644 --- a/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_id/query.rego +++ b/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_id/query.rego @@ -23,7 +23,7 @@ CxPolicy[result] { "searchKey": sprintf("nifcloud_load_balancer[%s]", [name]), "issueType": "MissingAttribute", "keyExpectedValue": sprintf("'nifcloud_load_balancer[%s]' should not use outdated/insecure TLS versions for encryption. You should be using TLS v1.2+.", [name]), - "keyActualValue": sprintf("'nifcloud_load_balancer[%s]' use outdated SSL policy", [name]), + "keyActualValue": sprintf("'nifcloud_load_balancer[%s]' using outdated SSL policy.", [name]), } } @@ -39,6 +39,6 @@ CxPolicy[result] { "searchKey": sprintf("nifcloud_load_balancer[%s]", [name]), "issueType": "IncorrectValue", "keyExpectedValue": sprintf("'nifcloud_load_balancer[%s]' should not use outdated/insecure TLS versions for encryption. You should be using TLS v1.2+.", [name]), - "keyActualValue": sprintf("'nifcloud_load_balancer[%s]' use outdated SSL policy", [name]), + "keyActualValue": sprintf("'nifcloud_load_balancer[%s]' using outdated SSL policy.", [name]), } } diff --git a/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_id/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_id/test/positive_expected_result.json index 4b3ebdfa41f..7cc8afe871c 100644 --- a/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_id/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_id/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { - "queryName": "Nifcloud LB Use Insecure TLS Policy ID", + "queryName": "Nifcloud LB Using Insecure TLS Policy ID", "severity": "MEDIUM", "line": 1, "fileName": "positive1.tf" }, { - "queryName": "Nifcloud LB Use Insecure TLS Policy ID", + "queryName": "Nifcloud LB Using Insecure TLS Policy ID", "severity": "MEDIUM", "line": 1, "fileName": "positive2.tf" diff --git a/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_name/metadata.json b/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_name/metadata.json index bb5d5494f0b..9fb79921521 100644 --- a/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_name/metadata.json +++ b/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_name/metadata.json @@ -1,9 +1,9 @@ { "id": "675e8eaa-2754-42b7-bf33-bfa295d1601d", - "queryName": "Nifcloud LB Use Insecure TLS Policy Name", + "queryName": "Nifcloud LB Using Insecure TLS Policy Name", "severity": "MEDIUM", "category": "Encryption", - "descriptionText": "The lb use insecure tls policy", + "descriptionText": "The LB using insecure TLS policy", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/load_balancer#ssl_policy_name", "platform": "Terraform", "descriptionID": "be14dafb", diff --git a/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_name/query.rego b/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_name/query.rego index ca671d267b7..eb14db07744 100644 --- a/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_name/query.rego +++ b/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_name/query.rego @@ -23,7 +23,7 @@ CxPolicy[result] { "searchKey": sprintf("nifcloud_load_balancer[%s]", [name]), "issueType": "MissingAttribute", "keyExpectedValue": sprintf("'nifcloud_load_balancer[%s]' should not use outdated/insecure TLS versions for encryption. You should be using TLS v1.2+.", [name]), - "keyActualValue": sprintf("'nifcloud_load_balancer[%s]' use outdated SSL policy", [name]), + "keyActualValue": sprintf("'nifcloud_load_balancer[%s]' using outdated SSL policy.", [name]), } } @@ -39,6 +39,6 @@ CxPolicy[result] { "searchKey": sprintf("nifcloud_load_balancer[%s]", [name]), "issueType": "IncorrectValue", "keyExpectedValue": sprintf("'nifcloud_load_balancer[%s]' should not use outdated/insecure TLS versions for encryption. You should be using TLS v1.2+.", [name]), - "keyActualValue": sprintf("'nifcloud_load_balancer[%s]' use outdated SSL policy", [name]), + "keyActualValue": sprintf("'nifcloud_load_balancer[%s]' using outdated SSL policy.", [name]), } } diff --git a/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_name/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_name/test/positive_expected_result.json index fd9b6b46905..7bb192e65b9 100644 --- a/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_name/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_name/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { - "queryName": "Nifcloud LB Use Insecure TLS Policy Name", + "queryName": "Nifcloud LB Using Insecure TLS Policy Name", "severity": "MEDIUM", "line": 1, "fileName": "positive1.tf" }, { - "queryName": "Nifcloud LB Use Insecure TLS Policy Name", + "queryName": "Nifcloud LB Using Insecure TLS Policy Name", "severity": "MEDIUM", "line": 1, "fileName": "positive2.tf" diff --git a/assets/queries/terraform/nifcloud/router_has_common_private/metadata.json b/assets/queries/terraform/nifcloud/router_has_common_private/metadata.json index 3dc018cd839..7424fd51ed4 100644 --- a/assets/queries/terraform/nifcloud/router_has_common_private/metadata.json +++ b/assets/queries/terraform/nifcloud/router_has_common_private/metadata.json @@ -3,7 +3,7 @@ "queryName": "Nifcloud Router Has Common Private Network", "severity": "LOW", "category": "Networking and Firewall", - "descriptionText": "The router has common private network", + "descriptionText": "The Router has common private network", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/router#network_id", "platform": "Terraform", "descriptionID": "ca6704da", diff --git a/assets/queries/terraform/nifcloud/router_has_common_private/query.rego b/assets/queries/terraform/nifcloud/router_has_common_private/query.rego index 0d767d52c6c..1d1165bcc5f 100644 --- a/assets/queries/terraform/nifcloud/router_has_common_private/query.rego +++ b/assets/queries/terraform/nifcloud/router_has_common_private/query.rego @@ -14,8 +14,8 @@ CxPolicy[result] { "resourceName": tf_lib.get_resource_name(router, name), "searchKey": sprintf("nifcloud_router[%s]", [name]), "issueType": "IncorrectValue", - "keyExpectedValue": sprintf("'nifcloud_router[%s]' should use a private LAN to isolate the private side network from the shared network", [name]), - "keyActualValue": sprintf("'nifcloud_router[%s]' has common private network", [name]), + "keyExpectedValue": sprintf("'nifcloud_router[%s]' should use a private LAN to isolate the private side network from the shared network.", [name]), + "keyActualValue": sprintf("'nifcloud_router[%s]' has common private network.", [name]), } } @@ -30,7 +30,7 @@ CxPolicy[result] { "resourceName": tf_lib.get_resource_name(router, name), "searchKey": sprintf("nifcloud_router[%s]", [name]), "issueType": "IncorrectValue", - "keyExpectedValue": sprintf("'nifcloud_router[%s]' should use a private LAN to isolate the private side network from the shared network", [name]), - "keyActualValue": sprintf("'nifcloud_router[%s]' has common private network", [name]), + "keyExpectedValue": sprintf("'nifcloud_router[%s]' should use a private LAN to isolate the private side network from the shared network.", [name]), + "keyActualValue": sprintf("'nifcloud_router[%s]' has common private network.", [name]), } } diff --git a/assets/queries/terraform/nifcloud/router_security_group_undefined/metadata.json b/assets/queries/terraform/nifcloud/router_security_group_undefined/metadata.json index dc9bc1b5d15..a13062f7e0a 100644 --- a/assets/queries/terraform/nifcloud/router_security_group_undefined/metadata.json +++ b/assets/queries/terraform/nifcloud/router_security_group_undefined/metadata.json @@ -1,6 +1,6 @@ { "id": "e7dada38-af20-4899-8955-dabea84ab1f0", - "queryName": "Nifcloud Router Undefined Security Group To Router", + "queryName": "Nifcloud Router Undefined Security Group", "severity": "HIGH", "category": "Networking and Firewall", "descriptionText": "Missing security group for Router", diff --git a/assets/queries/terraform/nifcloud/router_security_group_undefined/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/router_security_group_undefined/test/positive_expected_result.json index 8bb5a2e951b..56e9ea411de 100644 --- a/assets/queries/terraform/nifcloud/router_security_group_undefined/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/router_security_group_undefined/test/positive_expected_result.json @@ -1,6 +1,6 @@ [ { - "queryName": "Nifcloud Router Undefined Security Group To Router", + "queryName": "Nifcloud Router Undefined Security Group", "severity": "HIGH", "line": 1, "fileName": "positive.tf" diff --git a/assets/queries/terraform/nifcloud/vpn_gateway_security_group_undefined/metadata.json b/assets/queries/terraform/nifcloud/vpn_gateway_security_group_undefined/metadata.json index 8802f5022e3..aa00cdaa061 100644 --- a/assets/queries/terraform/nifcloud/vpn_gateway_security_group_undefined/metadata.json +++ b/assets/queries/terraform/nifcloud/vpn_gateway_security_group_undefined/metadata.json @@ -1,9 +1,9 @@ { "id": "b3535a48-910c-47f8-8b3b-14222f29ef80", - "queryName": "Nifcloud Vpn Gateway Undefined Security Group To Vpn Gateway", + "queryName": "Nifcloud VPN Gateway Undefined Security Group", "severity": "HIGH", "category": "Networking and Firewall", - "descriptionText": "Missing security group for Vpn gateway", + "descriptionText": "Missing security group for VPN gateway", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/vpn_gateway#security_group", "platform": "Terraform", "descriptionID": "ba50cd20", diff --git a/assets/queries/terraform/nifcloud/vpn_gateway_security_group_undefined/query.rego b/assets/queries/terraform/nifcloud/vpn_gateway_security_group_undefined/query.rego index 492121d4468..bbba29a4222 100644 --- a/assets/queries/terraform/nifcloud/vpn_gateway_security_group_undefined/query.rego +++ b/assets/queries/terraform/nifcloud/vpn_gateway_security_group_undefined/query.rego @@ -14,7 +14,7 @@ CxPolicy[result] { "resourceName": tf_lib.get_resource_name(vpnGateway, name), "searchKey": sprintf("nifcloud_vpn_gateway[%s]", [name]), "issueType": "MissingAttribute", - "keyExpectedValue": sprintf("'nifcloud_vpn_gateway[%s]' should include a security_group for security purposes", [name]), - "keyActualValue": sprintf("'nifcloud_vpn_gateway[%s]' does not have a security_group", [name]), + "keyExpectedValue": sprintf("'nifcloud_vpn_gateway[%s]' should include a security_group for security purposes.", [name]), + "keyActualValue": sprintf("'nifcloud_vpn_gateway[%s]' does not have a security_group defined.", [name]), } } diff --git a/assets/queries/terraform/nifcloud/vpn_gateway_security_group_undefined/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/vpn_gateway_security_group_undefined/test/positive_expected_result.json index 4ddada348b0..78ad7248b59 100644 --- a/assets/queries/terraform/nifcloud/vpn_gateway_security_group_undefined/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/vpn_gateway_security_group_undefined/test/positive_expected_result.json @@ -1,6 +1,6 @@ [ { - "queryName": "Nifcloud Vpn Gateway Undefined Security Group To Vpn Gateway", + "queryName": "Nifcloud VPN Gateway Undefined Security Group", "severity": "HIGH", "line": 1, "fileName": "positive.tf" From 370636a45ac49d0ab781cd31c2e3c4eee1757b50 Mon Sep 17 00:00:00 2001 From: Artur Ribeiro Date: Fri, 20 Sep 2024 13:11:10 +0100 Subject: [PATCH 3/4] fix merge error conflict --- .../db_has_public_access/metadata.json | 12 +++++++ .../nifcloud/db_has_public_access/query.rego | 34 +++++++++++++++++++ .../db_has_public_access/test/negative.tf | 5 +++ .../db_has_public_access/test/positive.tf | 5 +++ 4 files changed, 56 insertions(+) create mode 100644 assets/queries/terraform/nifcloud/db_has_public_access/metadata.json create mode 100644 assets/queries/terraform/nifcloud/db_has_public_access/query.rego create mode 100644 assets/queries/terraform/nifcloud/db_has_public_access/test/negative.tf create mode 100644 assets/queries/terraform/nifcloud/db_has_public_access/test/positive.tf diff --git a/assets/queries/terraform/nifcloud/db_has_public_access/metadata.json b/assets/queries/terraform/nifcloud/db_has_public_access/metadata.json new file mode 100644 index 00000000000..85eb554d52c --- /dev/null +++ b/assets/queries/terraform/nifcloud/db_has_public_access/metadata.json @@ -0,0 +1,12 @@ +{ + "id": "fb387023-e4bb-42a8-9a70-6708aa7ff21b", + "queryName": "Nifcloud RDB Has Public DB Access", + "severity": "HIGH", + "category": "Access Control", + "descriptionText": "The RDB has public DB access", + "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/db_instance#publicly_accessible", + "platform": "Terraform", + "descriptionID": "e4ce28b6", + "cloudProvider": "nifcloud", + "cwe": "732" + } \ No newline at end of file diff --git a/assets/queries/terraform/nifcloud/db_has_public_access/query.rego b/assets/queries/terraform/nifcloud/db_has_public_access/query.rego new file mode 100644 index 00000000000..7c36874fee8 --- /dev/null +++ b/assets/queries/terraform/nifcloud/db_has_public_access/query.rego @@ -0,0 +1,34 @@ +package Cx + +import data.generic.terraform as tf_lib +import data.generic.common as common_lib + +CxPolicy[result] { + dbInstance := input.document[i].resource.nifcloud_db_instance[name] + dbInstance.publicly_accessible == true + result := { + "documentId": input.document[i].id, + "resourceType": "nifcloud_db_instance", + "resourceName": tf_lib.get_resource_name(dbInstance, name), + "searchKey": sprintf("nifcloud_db_instance[%s]", [name]), + "issueType": "IncorrectValue", + "keyExpectedValue": sprintf("'nifcloud_db_instance[%s]' should not use publicly accessible set to true. You should limit all access to the minimum that is required for your application to function.", [name]), + "keyActualValue": sprintf("'nifcloud_db_instance[%s]' has publicly accessible set to true.", [name]), + } +} + +CxPolicy[result] { + + dbInstance := input.document[i].resource.nifcloud_db_instance[name] + not common_lib.valid_key(dbInstance, "publicly_accessible") + + result := { + "documentId": input.document[i].id, + "resourceType": "nifcloud_db_instance", + "resourceName": tf_lib.get_resource_name(dbInstance, name), + "searchKey": sprintf("nifcloud_db_instance[%s]", [name]), + "issueType": "MissingAttribute", + "keyExpectedValue": sprintf("'nifcloud_db_instance[%s]' should have publicly accessible defined as the default value is set to true. You should limit all access to the minimum that is required for your application to function.", [name]), + "keyActualValue": sprintf("'nifcloud_db_instance[%s]' doesn't define publicly accessible.", [name]), + } +} \ No newline at end of file diff --git a/assets/queries/terraform/nifcloud/db_has_public_access/test/negative.tf b/assets/queries/terraform/nifcloud/db_has_public_access/test/negative.tf new file mode 100644 index 00000000000..caaa6b74a91 --- /dev/null +++ b/assets/queries/terraform/nifcloud/db_has_public_access/test/negative.tf @@ -0,0 +1,5 @@ +resource "nifcloud_db_instance" "negative" { + identifier = "example" + instance_class = "db.large8" + publicly_accessible = false +} \ No newline at end of file diff --git a/assets/queries/terraform/nifcloud/db_has_public_access/test/positive.tf b/assets/queries/terraform/nifcloud/db_has_public_access/test/positive.tf new file mode 100644 index 00000000000..34fc1dfbf9b --- /dev/null +++ b/assets/queries/terraform/nifcloud/db_has_public_access/test/positive.tf @@ -0,0 +1,5 @@ +resource "nifcloud_db_instance" "positive" { + identifier = "example" + instance_class = "db.large8" + publicly_accessible = true +} \ No newline at end of file From 02af7c36f885c1638ce847663eecacfb9ff9f529 Mon Sep 17 00:00:00 2001 From: ArturRibeiro-CX Date: Fri, 27 Sep 2024 17:20:11 +0100 Subject: [PATCH 4/4] change query name from positive expected results --- .../db_has_public_access/test/positive_expected_result.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/assets/queries/terraform/nifcloud/db_has_public_access/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/db_has_public_access/test/positive_expected_result.json index e296e014786..f1c041a3ef5 100644 --- a/assets/queries/terraform/nifcloud/db_has_public_access/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/db_has_public_access/test/positive_expected_result.json @@ -1,6 +1,6 @@ [ { - "queryName": "Beta - Nifcloud RDB Has Public DB Access", + "queryName": "Nifcloud RDB Has Public DB Access", "severity": "HIGH", "line": 1, "fileName": "positive.tf"