Multiple findings based on single query for one terraform resource #5950
-
Greetings!
I noticed, that when I scan my code this query produces multiple findings for the same piece of code. When I checked positive_expected_result.json for this query, I saw that it is expected to create multiple results. For example, for this piece of code:
this query is expected to produce 3 finding, according to positive_expected_result.json. And for this one:
it will produce 126 findings! It hardly seems useful since 126 messages related to one resource convey the same message as 1. And 126 identical messages pollute report and make it harder to use. Am I missing something here or it can be considered a bug? |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments
-
Hello @kazaker Thank you so much for using KICS and reaching us! This query iterates over all the ports that KICS considers sensitive (63 ports). You can find them here. For each one, KICS will verify the ingress of the security group and it will evaluate if the sensitive port is being targeted under TCP or UDP protocol. That's why it returns many results. The first sample defines the ingress from ports 20 to 22 under TCP protocol, which means that covers ports 20, 21 e 22 (KICS considers all sensitive). That's why the query produces 3 findings.
On the other hand, the second sample defines the ingress from port 0 to port 0 under any protocol (-1 means all). That means that covers all suitable port numbers. In this case, returns 126 findings (63 TCP + 63 UDP).
The JSON report provides more detailed information compared to the CLI result, such as the expected value and the actual value. You can generate the JSON report by using the flag Let me know if it helped and/or if you have further questions 😊 |
Beta Was this translation helpful? Give feedback.
-
Hello @rafaela-soares ,
However, since this an intended behaviour, I guess nothing we can do here. |
Beta Was this translation helpful? Give feedback.
-
Hello @kazaker, I totally understand your point. I will bring this question to the team in order to discuss a workaround to avoid so much noise. Maybe we Meanwhile, if you do not want to get this query results, you can use the flag If you have any further questions, do not hesitate to ask 😊 |
Beta Was this translation helpful? Give feedback.
Hello @kazaker
Thank you so much for using KICS and reaching us!
This query iterates over all the ports that KICS considers sensitive (63 ports). You can find them here. For each one, KICS will verify the ingress of the security group and it will evaluate if the sensitive port is being targeted under TCP or UDP protocol. That's why it returns many results.
The first sample defines the ingress from ports 20 to 22 under TCP protocol, which means that covers ports 20, 21 e 22 (KICS considers all sensitive). That's why the query produces 3 findings.