Skip to content

Commit

Permalink
Merge branch 'master' into feat/ignore-terraform-cahce-files
Browse files Browse the repository at this point in the history
  • Loading branch information
@gabriel-cx
gabriel-cx authored Feb 19, 2024
2 parents 94ebf93 + b1e248d commit cb7a7f6
Show file tree
Hide file tree
Showing 5 changed files with 146 additions and 42 deletions.
23 changes: 22 additions & 1 deletion assets/queries/cloudFormation/aws/cloudfront_without_waf/query.rego
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,4 +22,25 @@ CxPolicy[result] {
"keyExpectedValue": sprintf("Resources.%s.Properties.DistributionConfig.WebACLId should be defined", [name]),
"keyActualValue": sprintf("Resources.%s.Properties.DistributionConfig.WebACLId is undefined", [name]),
}
}
}

CxPolicy[result] {
docs := input.document[i]
[path, Resources] := walk(docs)
resource := Resources[name]
resource.Type == "AWS::CloudFront::Distribution"
distributionConfig := resource.Properties.DistributionConfig

not cf_lib.isCloudFormationFalse(distributionConfig.Enabled)
distributionConfig.WebACLId == ""

result := {
"documentId": input.document[i].id,
"resourceType": resource.Type,
"resourceName": cf_lib.get_resource_name(resource, name),
"searchKey": sprintf("%s%s.Properties.DistributionConfig.WebACLId", [cf_lib.getPath(path), name]),
"issueType": "IncorrectValue",
"keyExpectedValue": sprintf("Resources.%s.Properties.DistributionConfig.WebACLId should be properly defined", [distributionConfig.WebACLId]),
"keyActualValue": sprintf("Resources.%s.Properties.DistributionConfig.WebACLId contains invalid value", [distributionConfig.WebACLId]),
}
}
24 changes: 24 additions & 0 deletions assets/queries/cloudFormation/aws/cloudfront_without_waf/test/positive3.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
AWSTemplateFormatVersion: 2010-09-09
Resources:
cloudfrontdistribution:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
Enabled: true
CacheBehaviors:
- LambdaFunctionAssociations:
- EventType: string-value
LambdaFunctionARN: string-value
DefaultCacheBehavior:
LambdaFunctionAssociations:
- EventType: string-value
LambdaFunctionARN: string-value
IPV6Enabled: boolean-value
Origins:
- CustomOriginConfig:
OriginKeepaliveTimeout: integer-value
OriginReadTimeout: integer-value
WebACLId: ""
Tags:
- Key: string-value
Value: string-value
47 changes: 47 additions & 0 deletions assets/queries/cloudFormation/aws/cloudfront_without_waf/test/positive4.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
{
"AWSTemplateFormatVersion": "2010-09-09T00:00:00Z",
"Resources": {
"cloudfrontdistribution": {
"Type": "AWS::CloudFront::Distribution",
"Properties": {
"DistributionConfig": {
"Enabled": true,
"CacheBehaviors": [
{
"LambdaFunctionAssociations": [
{
"EventType": "string-value",
"LambdaFunctionARN": "string-value"
}
]
}
],
"DefaultCacheBehavior": {
"LambdaFunctionAssociations": [
{
"EventType": "string-value",
"LambdaFunctionARN": "string-value"
}
]
},
"IPV6Enabled": "boolean-value",
"Origins": [
{
"CustomOriginConfig": {
"OriginKeepaliveTimeout": "integer-value",
"OriginReadTimeout": "integer-value"
}
}
],
"WebACLId": ""
},
"Tags": [
{
"Value": "string-value",
"Key": "string-value"
}
]
}
}
}
}
12 changes: 12 additions & 0 deletions assets/queries/cloudFormation/aws/cloudfront_without_waf/test/positive_expected_result.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,5 +10,17 @@
"queryName": "CloudFront Without WAF",
"severity": "LOW",
"line": 13
},
{
"fileName": "positive3.yaml",
"queryName": "CloudFront Without WAF",
"severity": "LOW",
"line": 21
},
{
"fileName": "positive4.json",
"queryName": "CloudFront Without WAF",
"severity": "LOW",
"line": 36
}
]
82 changes: 41 additions & 41 deletions test/main_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,47 +30,47 @@ import (

var (
queriesPaths = map[string]model.QueryConfig{
"../assets/queries/terraform/aws_bom": {FileKind: []model.FileKind{model.KindTerraform, model.KindJSON}, Platform: "terraform"},
"../assets/queries/terraform/aws": {FileKind: []model.FileKind{model.KindTerraform, model.KindJSON}, Platform: "terraform"},
"../assets/queries/terraform/azure": {FileKind: []model.FileKind{model.KindTerraform, model.KindJSON}, Platform: "terraform"},
"../assets/queries/terraform/databricks": {FileKind: []model.FileKind{model.KindTerraform, model.KindJSON}, Platform: "terraform"},
"../assets/queries/terraform/gcp": {FileKind: []model.FileKind{model.KindTerraform, model.KindJSON}, Platform: "terraform"},
"../assets/queries/terraform/gcp_bom": {FileKind: []model.FileKind{model.KindTerraform, model.KindJSON}, Platform: "terraform"},
"../assets/queries/terraform/github": {FileKind: []model.FileKind{model.KindTerraform, model.KindJSON}, Platform: "terraform"},
"../assets/queries/terraform/kubernetes": {FileKind: []model.FileKind{model.KindTerraform, model.KindJSON}, Platform: "terraform"},
"../assets/queries/terraform/general": {FileKind: []model.FileKind{model.KindTerraform, model.KindJSON}, Platform: "terraform"},
"../assets/queries/terraform/alicloud": {FileKind: []model.FileKind{model.KindTerraform, model.KindJSON}, Platform: "terraform"},
"../assets/queries/terraform/nifcloud": {FileKind: []model.FileKind{model.KindTerraform, model.KindJSON}, Platform: "terraform"},
"../assets/queries/crossplane/aws": {FileKind: []model.FileKind{model.KindYAML}, Platform: "crossplane"},
"../assets/queries/crossplane/azure": {FileKind: []model.FileKind{model.KindYAML}, Platform: "crossplane"},
"../assets/queries/crossplane/gcp": {FileKind: []model.FileKind{model.KindYAML}, Platform: "crossplane"},
"../assets/queries/pulumi/aws": {FileKind: []model.FileKind{model.KindYAML}, Platform: "pulumi"},
"../assets/queries/pulumi/gcp": {FileKind: []model.FileKind{model.KindYAML}, Platform: "pulumi"},
"../assets/queries/pulumi/kubernetes": {FileKind: []model.FileKind{model.KindYAML}, Platform: "pulumi"},
"../assets/queries/pulumi/azure": {FileKind: []model.FileKind{model.KindYAML}, Platform: "pulumi"},
"../assets/queries/k8s": {FileKind: []model.FileKind{model.KindYAML, model.KindJSON}, Platform: "k8s"},
"../assets/queries/cloudFormation/aws": {FileKind: []model.FileKind{model.KindYAML, model.KindJSON}, Platform: "cloudFormation"},
"../assets/queries/cloudFormation/aws_bom": {FileKind: []model.FileKind{model.KindYAML, model.KindJSON}, Platform: "cloudFormation"},
"../assets/queries/cloudFormation/aws_sam": {FileKind: []model.FileKind{model.KindYAML}, Platform: "cloudFormation"},
"../assets/queries/ansible/aws": {FileKind: []model.FileKind{model.KindYAML}, Platform: "ansible"},
"../assets/queries/ansible/gcp": {FileKind: []model.FileKind{model.KindYAML}, Platform: "ansible"},
"../assets/queries/ansible/azure": {FileKind: []model.FileKind{model.KindYAML}, Platform: "ansible"},
"../assets/queries/ansible/general": {FileKind: []model.FileKind{model.KindYAML}, Platform: "ansible"},
"../assets/queries/ansible/config": {FileKind: []model.FileKind{model.KindCFG}, Platform: "ansible"},
"../assets/queries/ansible/hosts": {FileKind: []model.FileKind{model.KindINI, model.KindYAML}, Platform: "ansible"},
"../assets/queries/dockerfile": {FileKind: []model.FileKind{model.KindDOCKER}, Platform: "dockerfile"},
"../assets/queries/dockerCompose": {FileKind: []model.FileKind{model.KindYAML}, Platform: "dockerCompose"},
"../assets/queries/openAPI/general": {FileKind: []model.FileKind{model.KindYAML, model.KindJSON}, Platform: "openAPI"},
"../assets/queries/openAPI/3.0": {FileKind: []model.FileKind{model.KindYAML, model.KindJSON}, Platform: "openAPI"},
"../assets/queries/openAPI/2.0": {FileKind: []model.FileKind{model.KindYAML, model.KindJSON}, Platform: "openAPI"},
"../assets/queries/azureResourceManager": {FileKind: []model.FileKind{model.KindJSON}, Platform: "azureResourceManager"},
"../assets/queries/googleDeploymentManager/gcp": {FileKind: []model.FileKind{model.KindYAML}, Platform: "googleDeploymentManager"},
"../assets/queries/googleDeploymentManager/gcp_bom": {FileKind: []model.FileKind{model.KindYAML}, Platform: "googleDeploymentManager"},
"../assets/queries/grpc": {FileKind: []model.FileKind{model.KindPROTO}, Platform: "grpc"},
"../assets/queries/buildah": {FileKind: []model.FileKind{model.KindBUILDAH}, Platform: "buildah"},
"../assets/queries/serverlessFW": {FileKind: []model.FileKind{model.KindYAML, model.KindYML}, Platform: "serverlessFW"},
"../assets/queries/knative": {FileKind: []model.FileKind{model.KindYAML}, Platform: "knative"},
"../assets/queries/cicd/github": {FileKind: []model.FileKind{model.KindYAML}, Platform: "cicd"},
// "../assets/queries/terraform/aws_bom": {FileKind: []model.FileKind{model.KindTerraform, model.KindJSON}, Platform: "terraform"},
// "../assets/queries/terraform/aws": {FileKind: []model.FileKind{model.KindTerraform, model.KindJSON}, Platform: "terraform"},
// "../assets/queries/terraform/azure": {FileKind: []model.FileKind{model.KindTerraform, model.KindJSON}, Platform: "terraform"},
// "../assets/queries/terraform/databricks": {FileKind: []model.FileKind{model.KindTerraform, model.KindJSON}, Platform: "terraform"},
// "../assets/queries/terraform/gcp": {FileKind: []model.FileKind{model.KindTerraform, model.KindJSON}, Platform: "terraform"},
// "../assets/queries/terraform/gcp_bom": {FileKind: []model.FileKind{model.KindTerraform, model.KindJSON}, Platform: "terraform"},
// "../assets/queries/terraform/github": {FileKind: []model.FileKind{model.KindTerraform, model.KindJSON}, Platform: "terraform"},
// "../assets/queries/terraform/kubernetes": {FileKind: []model.FileKind{model.KindTerraform, model.KindJSON}, Platform: "terraform"},
// "../assets/queries/terraform/general": {FileKind: []model.FileKind{model.KindTerraform, model.KindJSON}, Platform: "terraform"},
// "../assets/queries/terraform/alicloud": {FileKind: []model.FileKind{model.KindTerraform, model.KindJSON}, Platform: "terraform"},
// "../assets/queries/terraform/nifcloud": {FileKind: []model.FileKind{model.KindTerraform, model.KindJSON}, Platform: "terraform"},
// "../assets/queries/crossplane/aws": {FileKind: []model.FileKind{model.KindYAML}, Platform: "crossplane"},
// "../assets/queries/crossplane/azure": {FileKind: []model.FileKind{model.KindYAML}, Platform: "crossplane"},
// "../assets/queries/crossplane/gcp": {FileKind: []model.FileKind{model.KindYAML}, Platform: "crossplane"},
// "../assets/queries/pulumi/aws": {FileKind: []model.FileKind{model.KindYAML}, Platform: "pulumi"},
// "../assets/queries/pulumi/gcp": {FileKind: []model.FileKind{model.KindYAML}, Platform: "pulumi"},
// "../assets/queries/pulumi/kubernetes": {FileKind: []model.FileKind{model.KindYAML}, Platform: "pulumi"},
// "../assets/queries/pulumi/azure": {FileKind: []model.FileKind{model.KindYAML}, Platform: "pulumi"},
// "../assets/queries/k8s": {FileKind: []model.FileKind{model.KindYAML, model.KindJSON}, Platform: "k8s"},
"../assets/queries/cloudFormation/aws": {FileKind: []model.FileKind{model.KindYAML, model.KindJSON}, Platform: "cloudFormation"},
// "../assets/queries/cloudFormation/aws_bom": {FileKind: []model.FileKind{model.KindYAML, model.KindJSON}, Platform: "cloudFormation"},
// "../assets/queries/cloudFormation/aws_sam": {FileKind: []model.FileKind{model.KindYAML}, Platform: "cloudFormation"},
// "../assets/queries/ansible/aws": {FileKind: []model.FileKind{model.KindYAML}, Platform: "ansible"},
// "../assets/queries/ansible/gcp": {FileKind: []model.FileKind{model.KindYAML}, Platform: "ansible"},
// "../assets/queries/ansible/azure": {FileKind: []model.FileKind{model.KindYAML}, Platform: "ansible"},
// "../assets/queries/ansible/general": {FileKind: []model.FileKind{model.KindYAML}, Platform: "ansible"},
// "../assets/queries/ansible/config": {FileKind: []model.FileKind{model.KindCFG}, Platform: "ansible"},
// "../assets/queries/ansible/hosts": {FileKind: []model.FileKind{model.KindINI, model.KindYAML}, Platform: "ansible"},
// "../assets/queries/dockerfile": {FileKind: []model.FileKind{model.KindDOCKER}, Platform: "dockerfile"},
// "../assets/queries/dockerCompose": {FileKind: []model.FileKind{model.KindYAML}, Platform: "dockerCompose"},
// "../assets/queries/openAPI/general": {FileKind: []model.FileKind{model.KindYAML, model.KindJSON}, Platform: "openAPI"},
// "../assets/queries/openAPI/3.0": {FileKind: []model.FileKind{model.KindYAML, model.KindJSON}, Platform: "openAPI"},
// "../assets/queries/openAPI/2.0": {FileKind: []model.FileKind{model.KindYAML, model.KindJSON}, Platform: "openAPI"},
// "../assets/queries/azureResourceManager": {FileKind: []model.FileKind{model.KindJSON}, Platform: "azureResourceManager"},
// "../assets/queries/googleDeploymentManager/gcp": {FileKind: []model.FileKind{model.KindYAML}, Platform: "googleDeploymentManager"},
// "../assets/queries/googleDeploymentManager/gcp_bom": {FileKind: []model.FileKind{model.KindYAML}, Platform: "googleDeploymentManager"},
// "../assets/queries/grpc": {FileKind: []model.FileKind{model.KindPROTO}, Platform: "grpc"},
// "../assets/queries/buildah": {FileKind: []model.FileKind{model.KindBUILDAH}, Platform: "buildah"},
// "../assets/queries/serverlessFW": {FileKind: []model.FileKind{model.KindYAML, model.KindYML}, Platform: "serverlessFW"},
// "../assets/queries/knative": {FileKind: []model.FileKind{model.KindYAML}, Platform: "knative"},
// "../assets/queries/cicd/github": {FileKind: []model.FileKind{model.KindYAML}, Platform: "cicd"},
}

issueTypes = map[string]string{
Expand Down

0 comments on commit cb7a7f6

Please sign in to comment.