fix(query): fix terraform query for ingress/egress description

Signed-off-by: Felipe Avelar <felipe.avelar@outlook.com>

assets/queries/terraform/aws/security_group_rules_without_description/query.rego

@@ -6,6 +6,7 @@ CxPolicy[result] {
 	resource := input.document[i].resource.aws_security_group[name]
 	types := {"ingress", "egress"}
 	resourceType := resource[types[y]]
+    not is_array(resourceType)
 	not common_lib.valid_key(resourceType, "description")
 
 	result := {
@@ -14,5 +15,24 @@ CxPolicy[result] {
 		"issueType": "MissingAttribute",
 		"keyExpectedValue": sprintf("aws_security_group[{{%s}}].%s description is defined and not null", [name, types[y]]),
 		"keyActualValue": sprintf("aws_security_group[{{%s}}].%s description is undefined or null", [name, types[y]]),
+		"searchLine": common_lib.build_search_line(["resource", "aws_security_group", name, types[y]], []),
+	}
+}
+
+CxPolicy[result] {
+	resource := input.document[i].resource.aws_security_group[name]
+	types := {"ingress", "egress"}
+	resourceType := resource[types[y]]
+    is_array(resourceType)
+    currentResource := resourceType[resourceIndex]
+	not common_lib.valid_key(currentResource, "description")
+
+	result := {
+		"documentId": input.document[i].id,
+		"searchKey": sprintf("aws_security_group[{{%s}}].%s", [name, types[y]]),
+		"issueType": "MissingAttribute",
+		"keyExpectedValue": sprintf("aws_security_group[{{%s}}].%s description is defined and not null", [name, types[y]]),
+		"keyActualValue": sprintf("aws_security_group[{{%s}}].%s description is undefined or null", [name, types[y]]),
+		"searchLine": common_lib.build_search_line(["resource", "aws_security_group", name, types[y], resourceIndex], []),
 	}
 }

assets/queries/terraform/aws/security_group_rules_without_description/test/negative2.tf

@@ -0,0 +1,27 @@
+resource "aws_security_group" "negative2" {
+  count = min(var.haproxy_external_node_count + var.monitor_node_count, 1)
+
+  name        = "${var.prefix}-external-http-https"
+  description = "Allow main HTTP / HTTPS"
+  vpc_id      = local.vpc_id
+
+  ingress {
+    description = "Enable HTTP access for select VMs"
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    description = "Enable HTTPS access for select VMs"
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  tags = {
+    Name = "${var.prefix}-external-http-https"
+  }
+}

assets/queries/terraform/aws/security_group_rules_without_description/test/positive2.tf

@@ -0,0 +1,26 @@
+resource "aws_security_group" "positive2" {
+  count = min(var.haproxy_external_node_count + var.monitor_node_count, 1)
+
+  name        = "${var.prefix}-external-http-https"
+  description = "Allow main HTTP / HTTPS"
+  vpc_id      = local.vpc_id
+
+  ingress {
+    description = "Enable HTTP access for select VMs"
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  tags = {
+    Name = "${var.prefix}-external-http-https"
+  }
+}

assets/queries/terraform/aws/security_group_rules_without_description/test/positive_expected_result.json

@@ -10,5 +10,11 @@
     "severity": "INFO",
     "line": 14,
     "filename": "positive1.tf"
+  },
+  {
+    "queryName": "Security Group Rules Without Description",
+    "severity": "INFO",
+    "line": 16,
+    "filename": "positive2.tf"
   }
 ]