diff --git a/assets/queries/ansible/aws/alb_listening_on_http/test/positive_expected_result.json b/assets/queries/ansible/aws/alb_listening_on_http/test/positive_expected_result.json index 015880ef4eb..40450933989 100644 --- a/assets/queries/ansible/aws/alb_listening_on_http/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/alb_listening_on_http/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "ALB Listening on HTTP", - "severity": "HIGH", + "severity": "MEDIUM", "line": 11 }, { "queryName": "ALB Listening on HTTP", - "severity": "HIGH", + "severity": "MEDIUM", "line": 29 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/ami_not_encrypted/test/positive_expected_result.json b/assets/queries/ansible/aws/ami_not_encrypted/test/positive_expected_result.json index 98c9743b0f1..d31968ad825 100644 --- a/assets/queries/ansible/aws/ami_not_encrypted/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/ami_not_encrypted/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ - { - "queryName": "AMI Not Encrypted", - "severity": "HIGH", - "line": 6 - }, - { - "queryName": "AMI Not Encrypted", - "severity": "HIGH", - "line": 13 - } -] + { + "queryName": "AMI Not Encrypted", + "severity": "MEDIUM", + "line": 6 + }, + { + "queryName": "AMI Not Encrypted", + "severity": "MEDIUM", + "line": 13 + } +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/api_gateway_xray_disabled/test/positive_expected_result.json b/assets/queries/ansible/aws/api_gateway_xray_disabled/test/positive_expected_result.json index f8721f44ce9..dbe97c3a028 100644 --- a/assets/queries/ansible/aws/api_gateway_xray_disabled/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/api_gateway_xray_disabled/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ - { - "queryName": "API Gateway X-Ray Disabled", - "severity": "MEDIUM", - "line": 8 - }, - { - "queryName": "API Gateway X-Ray Disabled", - "severity": "MEDIUM", - "line": 12 - } -] + { + "queryName": "API Gateway X-Ray Disabled", + "severity": "LOW", + "line": 8 + }, + { + "queryName": "API Gateway X-Ray Disabled", + "severity": "LOW", + "line": 12 + } +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/authentication_without_mfa/test/positive_expected_result.json b/assets/queries/ansible/aws/authentication_without_mfa/test/positive_expected_result.json index ac98be77c44..27bfe61de31 100644 --- a/assets/queries/ansible/aws/authentication_without_mfa/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/authentication_without_mfa/test/positive_expected_result.json @@ -1,17 +1,17 @@ [ { "queryName": "Authentication Without MFA", - "severity": "HIGH", + "severity": "LOW", "line": 2 }, { "queryName": "Authentication Without MFA", - "severity": "HIGH", + "severity": "LOW", "line": 9 }, { "queryName": "Authentication Without MFA", - "severity": "HIGH", + "severity": "LOW", "line": 9 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/aws_password_policy_with_unchangeable_passwords/test/positive_expected_result.json b/assets/queries/ansible/aws/aws_password_policy_with_unchangeable_passwords/test/positive_expected_result.json index aca9205526c..858725018b5 100644 --- a/assets/queries/ansible/aws/aws_password_policy_with_unchangeable_passwords/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/aws_password_policy_with_unchangeable_passwords/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "AWS Password Policy With Unchangeable Passwords", - "severity": "MEDIUM", + "severity": "LOW", "line": 9 }, { "queryName": "AWS Password Policy With Unchangeable Passwords", - "severity": "MEDIUM", + "severity": "LOW", "line": 21 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/ca_certificate_identifier_is_outdated/test/positive_expected_result.json b/assets/queries/ansible/aws/ca_certificate_identifier_is_outdated/test/positive_expected_result.json index 65e17c163ba..222b4d17cd8 100644 --- a/assets/queries/ansible/aws/ca_certificate_identifier_is_outdated/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/ca_certificate_identifier_is_outdated/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "CA Certificate Identifier Is Outdated", - "severity": "HIGH", + "severity": "MEDIUM", "line": 10 }, { "queryName": "CA Certificate Identifier Is Outdated", - "severity": "HIGH", + "severity": "MEDIUM", "line": 12 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/cloudfront_without_minimum_protocol_tls_1.2/test/positive_expected_result.json b/assets/queries/ansible/aws/cloudfront_without_minimum_protocol_tls_1.2/test/positive_expected_result.json index b879df631e3..f5d18279262 100644 --- a/assets/queries/ansible/aws/cloudfront_without_minimum_protocol_tls_1.2/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/cloudfront_without_minimum_protocol_tls_1.2/test/positive_expected_result.json @@ -1,17 +1,17 @@ [ { "queryName": "CloudFront Without Minimum Protocol TLS 1.2", - "severity": "HIGH", + "severity": "MEDIUM", "line": 18 }, { "queryName": "CloudFront Without Minimum Protocol TLS 1.2", - "severity": "HIGH", + "severity": "MEDIUM", "line": 37 }, { "line": 40, "queryName": "CloudFront Without Minimum Protocol TLS 1.2", - "severity": "HIGH" + "severity": "MEDIUM" } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/cloudfront_without_waf/test/positive_expected_result.json b/assets/queries/ansible/aws/cloudfront_without_waf/test/positive_expected_result.json index 05a5d641e4e..f4dbbfce596 100644 --- a/assets/queries/ansible/aws/cloudfront_without_waf/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/cloudfront_without_waf/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ - { - "queryName": "CloudFront Without WAF", - "severity": "LOW", - "line": 2 - } -] + { + "queryName": "CloudFront Without WAF", + "severity": "MEDIUM", + "line": 2 + } +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/cloudtrail_logging_disabled/test/positive_expected_result.json b/assets/queries/ansible/aws/cloudtrail_logging_disabled/test/positive_expected_result.json index 21ade381961..8e57b93dc88 100644 --- a/assets/queries/ansible/aws/cloudtrail_logging_disabled/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/cloudtrail_logging_disabled/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ - { - "queryName": "CloudTrail Logging Disabled", - "severity": "HIGH", - "line": 5 - } -] + { + "queryName": "CloudTrail Logging Disabled", + "severity": "MEDIUM", + "line": 5 + } +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/cloudtrail_multi_region_disabled/test/positive_expected_result.json b/assets/queries/ansible/aws/cloudtrail_multi_region_disabled/test/positive_expected_result.json index 399dacea073..c758ab31e37 100644 --- a/assets/queries/ansible/aws/cloudtrail_multi_region_disabled/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/cloudtrail_multi_region_disabled/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ - { - "queryName": "CloudTrail Multi Region Disabled", - "severity": "MEDIUM", - "line": 7 - } -] + { + "queryName": "CloudTrail Multi Region Disabled", + "severity": "LOW", + "line": 7 + } +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/cloudtrail_not_integrated_with_cloudwatch/test/positive_expected_result.json b/assets/queries/ansible/aws/cloudtrail_not_integrated_with_cloudwatch/test/positive_expected_result.json index bd6b20f172c..1a0aa93a791 100644 --- a/assets/queries/ansible/aws/cloudtrail_not_integrated_with_cloudwatch/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/cloudtrail_not_integrated_with_cloudwatch/test/positive_expected_result.json @@ -1,22 +1,22 @@ [ { - "severity": "MEDIUM", + "severity": "LOW", "line": 2, "queryName": "CloudTrail Not Integrated With CloudWatch" }, { - "severity": "MEDIUM", + "severity": "LOW", "line": 2, "queryName": "CloudTrail Not Integrated With CloudWatch" }, { "queryName": "CloudTrail Not Integrated With CloudWatch", - "severity": "MEDIUM", + "severity": "LOW", "line": 14 }, { "queryName": "CloudTrail Not Integrated With CloudWatch", - "severity": "MEDIUM", + "severity": "LOW", "line": 27 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/cloudtrail_sns_topic_name_undefined/test/positive_expected_result.json b/assets/queries/ansible/aws/cloudtrail_sns_topic_name_undefined/test/positive_expected_result.json index c74c9cac61a..37e10fcc489 100644 --- a/assets/queries/ansible/aws/cloudtrail_sns_topic_name_undefined/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/cloudtrail_sns_topic_name_undefined/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ - { - "queryName": "CloudTrail SNS Topic Name Undefined", - "severity": "MEDIUM", - "line": 2 - }, - { - "queryName": "CloudTrail SNS Topic Name Undefined", - "severity": "MEDIUM", - "line": 15 - } -] + { + "queryName": "CloudTrail SNS Topic Name Undefined", + "severity": "INFO", + "line": 2 + }, + { + "queryName": "CloudTrail SNS Topic Name Undefined", + "severity": "INFO", + "line": 15 + } +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/cloudwatch_without_retention_period_specified/test/positive_expected_result.json b/assets/queries/ansible/aws/cloudwatch_without_retention_period_specified/test/positive_expected_result.json index b2d58d5f805..09180c09cd9 100644 --- a/assets/queries/ansible/aws/cloudwatch_without_retention_period_specified/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/cloudwatch_without_retention_period_specified/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "CloudWatch Without Retention Period Specified", - "severity": "MEDIUM", + "severity": "INFO", "line": 2 }, { "queryName": "CloudWatch Without Retention Period Specified", - "severity": "MEDIUM", + "severity": "INFO", "line": 7 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/cmk_rotation_disabled/test/positive_expected_result.json b/assets/queries/ansible/aws/cmk_rotation_disabled/test/positive_expected_result.json index 51a74f8f447..1515aadbc47 100644 --- a/assets/queries/ansible/aws/cmk_rotation_disabled/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/cmk_rotation_disabled/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "CMK Rotation Disabled", - "severity": "HIGH", + "severity": "LOW", "line": 2, "fileName": "positive1.yaml" }, { "queryName": "CMK Rotation Disabled", - "severity": "HIGH", + "severity": "LOW", "line": 7, "fileName": "positive2.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/config_configuration_aggregator_to_all_regions_disabled/test/positive_expected_result.json b/assets/queries/ansible/aws/config_configuration_aggregator_to_all_regions_disabled/test/positive_expected_result.json index d0028566aea..db2fb69850e 100644 --- a/assets/queries/ansible/aws/config_configuration_aggregator_to_all_regions_disabled/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/config_configuration_aggregator_to_all_regions_disabled/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "Configuration Aggregator to All Regions Disabled", - "severity": "MEDIUM", + "severity": "LOW", "line": 10 }, { "queryName": "Configuration Aggregator to All Regions Disabled", - "severity": "MEDIUM", + "severity": "LOW", "line": 24 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/config_rule_for_encrypted_volumes_is_disabled/test/positive_expected_result.json b/assets/queries/ansible/aws/config_rule_for_encrypted_volumes_is_disabled/test/positive_expected_result.json index 51381f1d6f7..8310f19905b 100644 --- a/assets/queries/ansible/aws/config_rule_for_encrypted_volumes_is_disabled/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/config_rule_for_encrypted_volumes_is_disabled/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "Config Rule For Encrypted Volumes Disabled", - "severity": "MEDIUM", + "severity": "HIGH", "line": 2 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/cross_account_iam_assume_role_policy_without_external_id_or_mfa/test/positive_expected_result.json b/assets/queries/ansible/aws/cross_account_iam_assume_role_policy_without_external_id_or_mfa/test/positive_expected_result.json index 7bf080984c7..a68d8c5122c 100644 --- a/assets/queries/ansible/aws/cross_account_iam_assume_role_policy_without_external_id_or_mfa/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/cross_account_iam_assume_role_policy_without_external_id_or_mfa/test/positive_expected_result.json @@ -1,20 +1,20 @@ [ - { - "queryName": "Cross-Account IAM Assume Role Policy Without ExternalId or MFA", - "severity": "MEDIUM", - "line": 4, - "fileName": "positive1.yaml" - }, - { - "queryName": "Cross-Account IAM Assume Role Policy Without ExternalId or MFA", - "severity": "MEDIUM", - "line": 4, - "fileName": "positive2.yaml" - }, - { - "queryName": "Cross-Account IAM Assume Role Policy Without ExternalId or MFA", - "severity": "MEDIUM", - "line": 4, - "fileName": "positive3.yaml" - } -] + { + "queryName": "Cross-Account IAM Assume Role Policy Without ExternalId or MFA", + "severity": "HIGH", + "line": 4, + "fileName": "positive1.yaml" + }, + { + "queryName": "Cross-Account IAM Assume Role Policy Without ExternalId or MFA", + "severity": "HIGH", + "line": 4, + "fileName": "positive2.yaml" + }, + { + "queryName": "Cross-Account IAM Assume Role Policy Without ExternalId or MFA", + "severity": "HIGH", + "line": 4, + "fileName": "positive3.yaml" + } +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/db_security_group_with_public_scope/test/positive_expected_result.json b/assets/queries/ansible/aws/db_security_group_with_public_scope/test/positive_expected_result.json index deb7aabb483..dc66872abf9 100644 --- a/assets/queries/ansible/aws/db_security_group_with_public_scope/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/db_security_group_with_public_scope/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "DB Security Group With Public Scope", - "severity": "HIGH", + "severity": "CRITICAL", "line": 22 }, { "queryName": "DB Security Group With Public Scope", - "severity": "HIGH", + "severity": "CRITICAL", "line": 53 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/ebs_volume_encryption_disabled/test/positive_expected_result.json b/assets/queries/ansible/aws/ebs_volume_encryption_disabled/test/positive_expected_result.json index 24de78277b0..7c506eb099d 100644 --- a/assets/queries/ansible/aws/ebs_volume_encryption_disabled/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/ebs_volume_encryption_disabled/test/positive_expected_result.json @@ -1,22 +1,22 @@ [ { "queryName": "EBS Volume Encryption Disabled", - "severity": "MEDIUM", + "severity": "HIGH", "line": 5 }, { "queryName": "EBS Volume Encryption Disabled", - "severity": "MEDIUM", + "severity": "HIGH", "line": 12 }, { "queryName": "EBS Volume Encryption Disabled", - "severity": "MEDIUM", + "severity": "HIGH", "line": 19 }, { "queryName": "EBS Volume Encryption Disabled", - "severity": "MEDIUM", + "severity": "HIGH", "line": 24 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/ec2_instance_has_public_ip/test/positive_expected_result.json b/assets/queries/ansible/aws/ec2_instance_has_public_ip/test/positive_expected_result.json index 2fee4277017..a9c99cf8b4d 100644 --- a/assets/queries/ansible/aws/ec2_instance_has_public_ip/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/ec2_instance_has_public_ip/test/positive_expected_result.json @@ -1,17 +1,17 @@ [ - { - "queryName": "EC2 Instance Has Public IP", - "severity": "HIGH", - "line": 7 - }, - { - "queryName": "EC2 Instance Has Public IP", - "severity": "HIGH", - "line": 15 - }, - { - "queryName": "EC2 Instance Has Public IP", - "severity": "HIGH", - "line": 24 - } -] + { + "queryName": "EC2 Instance Has Public IP", + "severity": "MEDIUM", + "line": 7 + }, + { + "queryName": "EC2 Instance Has Public IP", + "severity": "MEDIUM", + "line": 15 + }, + { + "queryName": "EC2 Instance Has Public IP", + "severity": "MEDIUM", + "line": 24 + } +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/ec2_instance_using_default_security_group/test/positive_expected_result.json b/assets/queries/ansible/aws/ec2_instance_using_default_security_group/test/positive_expected_result.json index c78ef98ae91..0d4b8742ab6 100644 --- a/assets/queries/ansible/aws/ec2_instance_using_default_security_group/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/ec2_instance_using_default_security_group/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ - { - "queryName": "EC2 Instance Using Default Security Group", - "severity": "LOW", - "line": 7, - "fileName": "positive1.yaml" - }, - { - "queryName": "EC2 Instance Using Default Security Group", - "severity": "LOW", - "line": 8, - "fileName": "positive2.yaml" - } -] + { + "queryName": "EC2 Instance Using Default Security Group", + "severity": "MEDIUM", + "line": 7, + "fileName": "positive1.yaml" + }, + { + "queryName": "EC2 Instance Using Default Security Group", + "severity": "MEDIUM", + "line": 8, + "fileName": "positive2.yaml" + } +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/ecr_repository_is_publicly_accessible/test/positive_expected_result.json b/assets/queries/ansible/aws/ecr_repository_is_publicly_accessible/test/positive_expected_result.json index 29d1e206fe2..5676de08d61 100644 --- a/assets/queries/ansible/aws/ecr_repository_is_publicly_accessible/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/ecr_repository_is_publicly_accessible/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "ECR Repository Is Publicly Accessible", - "severity": "MEDIUM", + "severity": "CRITICAL", "line": 4 }, { "queryName": "ECR Repository Is Publicly Accessible", - "severity": "MEDIUM", + "severity": "CRITICAL", "line": 17 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/ecs_service_without_running_tasks/test/positive_expected_result.json b/assets/queries/ansible/aws/ecs_service_without_running_tasks/test/positive_expected_result.json index d4aaca75152..b8fd110dab6 100644 --- a/assets/queries/ansible/aws/ecs_service_without_running_tasks/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/ecs_service_without_running_tasks/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "ECS Service Without Running Tasks", - "severity": "MEDIUM", + "severity": "LOW", "line": 2 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/ecs_task_definition_network_mode_not_recommended/test/positive_expected_result.json b/assets/queries/ansible/aws/ecs_task_definition_network_mode_not_recommended/test/positive_expected_result.json index 6e7b72df4b1..84a0f173861 100644 --- a/assets/queries/ansible/aws/ecs_task_definition_network_mode_not_recommended/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/ecs_task_definition_network_mode_not_recommended/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "ECS Task Definition Network Mode Not Recommended", - "severity": "HIGH", + "severity": "MEDIUM", "line": 15 }, { "queryName": "ECS Task Definition Network Mode Not Recommended", - "severity": "HIGH", + "severity": "MEDIUM", "line": 31 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/efs_without_kms/test/positive_expected_result.json b/assets/queries/ansible/aws/efs_without_kms/test/positive_expected_result.json index 5c38868c2fc..8995f772a8e 100644 --- a/assets/queries/ansible/aws/efs_without_kms/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/efs_without_kms/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ - { - "queryName": "EFS Without KMS", - "severity": "HIGH", - "line": 3 - } -] + { + "queryName": "EFS Without KMS", + "severity": "LOW", + "line": 3 + } +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/elasticsearch_with_https_disabled/test/positive_expected_result.json b/assets/queries/ansible/aws/elasticsearch_with_https_disabled/test/positive_expected_result.json index cc20990a98c..db63e1ea6e3 100644 --- a/assets/queries/ansible/aws/elasticsearch_with_https_disabled/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/elasticsearch_with_https_disabled/test/positive_expected_result.json @@ -1,20 +1,20 @@ [ - { - "queryName": "Elasticsearch with HTTPS disabled", - "severity": "HIGH", - "line": 11, - "fileName": "positive1.yaml" - }, - { - "queryName": "Elasticsearch with HTTPS disabled", - "severity": "HIGH", - "line": 10, - "fileName": "positive2.yaml" - }, - { - "queryName": "Elasticsearch with HTTPS disabled", - "severity": "HIGH", - "line": 2, - "fileName": "positive3.yaml" - } + { + "queryName": "Elasticsearch with HTTPS disabled", + "severity": "MEDIUM", + "line": 11, + "fileName": "positive1.yaml" + }, + { + "queryName": "Elasticsearch with HTTPS disabled", + "severity": "MEDIUM", + "line": 10, + "fileName": "positive2.yaml" + }, + { + "queryName": "Elasticsearch with HTTPS disabled", + "severity": "MEDIUM", + "line": 2, + "fileName": "positive3.yaml" + } ] \ No newline at end of file diff --git a/assets/queries/ansible/aws/elb_using_insecure_protocols/test/positive_expected_result.json b/assets/queries/ansible/aws/elb_using_insecure_protocols/test/positive_expected_result.json index ef935c66b56..0c3e3ad87ae 100644 --- a/assets/queries/ansible/aws/elb_using_insecure_protocols/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/elb_using_insecure_protocols/test/positive_expected_result.json @@ -1,32 +1,32 @@ [ { "queryName": "ELB Using Insecure Protocols", - "severity": "HIGH", + "severity": "MEDIUM", "line": 3 }, { "queryName": "ELB Using Insecure Protocols", - "severity": "HIGH", + "severity": "MEDIUM", "line": 21 }, { "queryName": "ELB Using Insecure Protocols", - "severity": "HIGH", + "severity": "MEDIUM", "line": 40 }, { "queryName": "ELB Using Insecure Protocols", - "severity": "HIGH", + "severity": "MEDIUM", "line": 52 }, { "queryName": "ELB Using Insecure Protocols", - "severity": "HIGH", + "severity": "MEDIUM", "line": 70 }, { "queryName": "ELB Using Insecure Protocols", - "severity": "HIGH", + "severity": "MEDIUM", "line": 89 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/hardcoded_aws_access_key/test/positive_expected_result.json b/assets/queries/ansible/aws/hardcoded_aws_access_key/test/positive_expected_result.json index 0f3cacd18a6..af7fa0f090a 100644 --- a/assets/queries/ansible/aws/hardcoded_aws_access_key/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/hardcoded_aws_access_key/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "Hardcoded AWS Access Key", - "severity": "MEDIUM", + "severity": "HIGH", "line": 7 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/hardcoded_aws_access_key_in_lambda/test/positive_expected_result.json b/assets/queries/ansible/aws/hardcoded_aws_access_key_in_lambda/test/positive_expected_result.json index 1f2207b0568..e0069607293 100644 --- a/assets/queries/ansible/aws/hardcoded_aws_access_key_in_lambda/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/hardcoded_aws_access_key_in_lambda/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "Hardcoded AWS Access Key In Lambda", - "severity": "MEDIUM", + "severity": "HIGH", "line": 3 }, { "queryName": "Hardcoded AWS Access Key In Lambda", - "severity": "MEDIUM", + "severity": "HIGH", "line": 32 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/http_port_open_to_internet/test/positive_expected_result.json b/assets/queries/ansible/aws/http_port_open_to_internet/test/positive_expected_result.json index 32437f20b8a..094f0bad534 100644 --- a/assets/queries/ansible/aws/http_port_open_to_internet/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/http_port_open_to_internet/test/positive_expected_result.json @@ -1,37 +1,37 @@ [ { "queryName": "HTTP Port Open To Internet", - "severity": "HIGH", + "severity": "MEDIUM", "line": 9 }, { "queryName": "HTTP Port Open To Internet", - "severity": "HIGH", + "severity": "MEDIUM", "line": 23 }, { "queryName": "HTTP Port Open To Internet", - "severity": "HIGH", + "severity": "MEDIUM", "line": 36 }, { "queryName": "HTTP Port Open To Internet", - "severity": "HIGH", + "severity": "MEDIUM", "line": 49 }, { "queryName": "HTTP Port Open To Internet", - "severity": "HIGH", + "severity": "MEDIUM", "line": 64 }, { "queryName": "HTTP Port Open To Internet", - "severity": "HIGH", + "severity": "MEDIUM", "line": 79 }, { "queryName": "HTTP Port Open To Internet", - "severity": "HIGH", + "severity": "MEDIUM", "line": 93 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/iam_database_auth_not_enabled/test/positive_expected_result.json b/assets/queries/ansible/aws/iam_database_auth_not_enabled/test/positive_expected_result.json index 3e5fc329c07..3e10b8cd6a2 100644 --- a/assets/queries/ansible/aws/iam_database_auth_not_enabled/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/iam_database_auth_not_enabled/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "IAM Database Auth Not Enabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 9 }, { "queryName": "IAM Database Auth Not Enabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 22 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/iam_group_without_users/test/positive_expected_result.json b/assets/queries/ansible/aws/iam_group_without_users/test/positive_expected_result.json index 8a9162e226f..476d69ce3c0 100644 --- a/assets/queries/ansible/aws/iam_group_without_users/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/iam_group_without_users/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "IAM Group Without Users", - "severity": "LOW", + "severity": "MEDIUM", "line": 2, "fileName": "positive1.yaml" }, { "queryName": "IAM Group Without Users", - "severity": "LOW", + "severity": "MEDIUM", "line": 2, "fileName": "positive2.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/iam_password_without_minimum_length/test/positive_expected_result.json b/assets/queries/ansible/aws/iam_password_without_minimum_length/test/positive_expected_result.json index 312cd7b0e60..11e6af830a7 100644 --- a/assets/queries/ansible/aws/iam_password_without_minimum_length/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/iam_password_without_minimum_length/test/positive_expected_result.json @@ -1,17 +1,17 @@ [ { "queryName": "IAM Password Without Minimum Length", - "severity": "MEDIUM", + "severity": "LOW", "line": 2 }, { "queryName": "IAM Password Without Minimum Length", - "severity": "MEDIUM", + "severity": "LOW", "line": 16 }, { "queryName": "IAM Password Without Minimum Length", - "severity": "MEDIUM", + "severity": "LOW", "line": 27 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/iam_policies_with_full_privileges/test/positive_expected_result.json b/assets/queries/ansible/aws/iam_policies_with_full_privileges/test/positive_expected_result.json index 9203b408e6f..c8eb04cd6f1 100644 --- a/assets/queries/ansible/aws/iam_policies_with_full_privileges/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/iam_policies_with_full_privileges/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ { "queryName": "IAM Policies With Full Privileges", - "severity": "HIGH", + "severity": "MEDIUM", "line": 4, "fileName": "positive.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/iam_policy_grants_assumerole_permission_across_all_services/test/positive_expected_result.json b/assets/queries/ansible/aws/iam_policy_grants_assumerole_permission_across_all_services/test/positive_expected_result.json index d62415db245..4caf867fb9d 100644 --- a/assets/queries/ansible/aws/iam_policy_grants_assumerole_permission_across_all_services/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/iam_policy_grants_assumerole_permission_across_all_services/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ { "queryName": "IAM Policy Grants 'AssumeRole' Permission Across All Services", - "severity": "LOW", + "severity": "MEDIUM", "line": 4, "fileName": "positive.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/iam_role_allows_all_principals_to_assume/test/positive_expected_result.json b/assets/queries/ansible/aws/iam_role_allows_all_principals_to_assume/test/positive_expected_result.json index 2db510cdfe8..2912bd7c87f 100644 --- a/assets/queries/ansible/aws/iam_role_allows_all_principals_to_assume/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/iam_role_allows_all_principals_to_assume/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ - { - "queryName": "IAM Role Allows All Principals To Assume", - "severity": "LOW", - "line": 4, - "fileName": "positive.yaml" - }, - { - "queryName": "IAM Role Allows All Principals To Assume", - "severity": "LOW", - "line": 17, - "fileName": "positive.yaml" - } -] + { + "queryName": "IAM Role Allows All Principals To Assume", + "severity": "HIGH", + "line": 4, + "fileName": "positive.yaml" + }, + { + "queryName": "IAM Role Allows All Principals To Assume", + "severity": "HIGH", + "line": 17, + "fileName": "positive.yaml" + } +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/instance_with_no_vpc/test/positive_expected_result.json b/assets/queries/ansible/aws/instance_with_no_vpc/test/positive_expected_result.json index f475df3f26a..fa4b4be12f2 100644 --- a/assets/queries/ansible/aws/instance_with_no_vpc/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/instance_with_no_vpc/test/positive_expected_result.json @@ -1,14 +1,12 @@ [ - { - "queryName": "Instance With No VPC", - "severity": "MEDIUM", - "line": 2 - }, - - { - "queryName": "Instance With No VPC", - "severity": "MEDIUM", - "line": 18 - } - -] + { + "queryName": "Instance With No VPC", + "severity": "LOW", + "line": 2 + }, + { + "queryName": "Instance With No VPC", + "severity": "LOW", + "line": 18 + } +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/lambda_function_without_tags/test/positive_expected_result.json b/assets/queries/ansible/aws/lambda_function_without_tags/test/positive_expected_result.json index 5c3ce871bf9..39bea3ef11d 100644 --- a/assets/queries/ansible/aws/lambda_function_without_tags/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/lambda_function_without_tags/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "Lambda Function Without Tags", - "severity": "MEDIUM", + "severity": "LOW", "line": 2 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/misconfigured_password_policy_expiration/test/positive_expected_result.json b/assets/queries/ansible/aws/misconfigured_password_policy_expiration/test/positive_expected_result.json index 1fce86e24c8..16b5f7cbeab 100644 --- a/assets/queries/ansible/aws/misconfigured_password_policy_expiration/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/misconfigured_password_policy_expiration/test/positive_expected_result.json @@ -1,17 +1,17 @@ [ { "queryName": "Misconfigured Password Policy Expiration", - "severity": "MEDIUM", + "severity": "LOW", "line": 2 }, { "queryName": "Misconfigured Password Policy Expiration", - "severity": "MEDIUM", + "severity": "LOW", "line": 21 }, { "queryName": "Misconfigured Password Policy Expiration", - "severity": "MEDIUM", + "severity": "LOW", "line": 33 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/password_without_reuse_prevention/test/positive_expected_result.json b/assets/queries/ansible/aws/password_without_reuse_prevention/test/positive_expected_result.json index 66962ee50e7..1dacba2e48f 100644 --- a/assets/queries/ansible/aws/password_without_reuse_prevention/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/password_without_reuse_prevention/test/positive_expected_result.json @@ -1,17 +1,17 @@ [ { "queryName": "Password Without Reuse Prevention", - "severity": "MEDIUM", + "severity": "LOW", "line": 3 }, { "queryName": "Password Without Reuse Prevention", - "severity": "MEDIUM", + "severity": "LOW", "line": 23 }, { "queryName": "Password Without Reuse Prevention", - "severity": "MEDIUM", + "severity": "LOW", "line": 26 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/rds_associated_with_public_subnet/test/positive_expected_result.json b/assets/queries/ansible/aws/rds_associated_with_public_subnet/test/positive_expected_result.json index 12a68967623..4d438cbfa35 100644 --- a/assets/queries/ansible/aws/rds_associated_with_public_subnet/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/rds_associated_with_public_subnet/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ { "queryName": "RDS Associated with Public Subnet", - "severity": "HIGH", + "severity": "CRITICAL", "line": 9, "fileName": "positive.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/rds_db_instance_publicly_accessible/test/positive_expected_result.json b/assets/queries/ansible/aws/rds_db_instance_publicly_accessible/test/positive_expected_result.json index 56496b07423..75c61207d63 100644 --- a/assets/queries/ansible/aws/rds_db_instance_publicly_accessible/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/rds_db_instance_publicly_accessible/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "RDS DB Instance Publicly Accessible", - "severity": "HIGH", + "severity": "CRITICAL", "line": 12 }, { "queryName": "RDS DB Instance Publicly Accessible", - "severity": "HIGH", + "severity": "CRITICAL", "line": 22 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/s3_bucket_access_to_any_principal/test/positive_expected_result.json b/assets/queries/ansible/aws/s3_bucket_access_to_any_principal/test/positive_expected_result.json index eeb2c65b524..a0c9e642dd8 100644 --- a/assets/queries/ansible/aws/s3_bucket_access_to_any_principal/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/s3_bucket_access_to_any_principal/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ { "queryName": "S3 Bucket Access to Any Principal", - "severity": "HIGH", + "severity": "CRITICAL", "line": 4, "fileName": "positive.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/s3_bucket_allows_delete_action_from_all_principals/test/positive_expected_result.json b/assets/queries/ansible/aws/s3_bucket_allows_delete_action_from_all_principals/test/positive_expected_result.json index 2c7acd77173..06c2ef921aa 100644 --- a/assets/queries/ansible/aws/s3_bucket_allows_delete_action_from_all_principals/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/s3_bucket_allows_delete_action_from_all_principals/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ - { - "queryName": "S3 Bucket Allows Delete Action From All Principals", - "severity": "HIGH", - "line": 6, - "fileName": "positive.yaml" - } -] + { + "queryName": "S3 Bucket Allows Delete Action From All Principals", + "severity": "CRITICAL", + "line": 6, + "fileName": "positive.yaml" + } +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/s3_bucket_allows_put_action_from_all_principals/test/positive_expected_result.json b/assets/queries/ansible/aws/s3_bucket_allows_put_action_from_all_principals/test/positive_expected_result.json index e0c2d09da96..c876ed36f9f 100644 --- a/assets/queries/ansible/aws/s3_bucket_allows_put_action_from_all_principals/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/s3_bucket_allows_put_action_from_all_principals/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ { "queryName": "S3 Bucket Allows Put Action From All Principals", - "severity": "HIGH", + "severity": "CRITICAL", "line": 6, "fileName": "positive.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/s3_bucket_with_all_permissions/test/positive_expected_result.json b/assets/queries/ansible/aws/s3_bucket_with_all_permissions/test/positive_expected_result.json index e2f2e5ab0ab..fafb06cc6bd 100644 --- a/assets/queries/ansible/aws/s3_bucket_with_all_permissions/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/s3_bucket_with_all_permissions/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "S3 Bucket With All Permissions", - "severity": "HIGH", + "severity": "CRITICAL", "line": 5 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/s3_bucket_with_public_access/test/positive_expected_result.json b/assets/queries/ansible/aws/s3_bucket_with_public_access/test/positive_expected_result.json index 0f59a9439f4..aa8f4a2d3a9 100644 --- a/assets/queries/ansible/aws/s3_bucket_with_public_access/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/s3_bucket_with_public_access/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ - { - "queryName": "S3 Bucket With Public Access", - "severity": "MEDIUM", - "line": 6 - }, - { - "queryName": "S3 Bucket With Public Access", - "severity": "MEDIUM", - "line": 11 - } -] + { + "queryName": "S3 Bucket With Public Access", + "severity": "CRITICAL", + "line": 6 + }, + { + "queryName": "S3 Bucket With Public Access", + "severity": "CRITICAL", + "line": 11 + } +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/s3_bucket_with_unsecured_cors_rule/test/positive_expected_result.json b/assets/queries/ansible/aws/s3_bucket_with_unsecured_cors_rule/test/positive_expected_result.json index f097ebeffc2..92201a3d8d4 100644 --- a/assets/queries/ansible/aws/s3_bucket_with_unsecured_cors_rule/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/s3_bucket_with_unsecured_cors_rule/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "S3 Bucket with Unsecured CORS Rule", - "severity": "HIGH", + "severity": "MEDIUM", "line": 5, "fileName": "positive1.yaml" }, { "queryName": "S3 Bucket with Unsecured CORS Rule", - "severity": "HIGH", + "severity": "MEDIUM", "line": 5, "fileName": "positive2.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/secure_ciphers_disabled/test/positive_expected_result.json b/assets/queries/ansible/aws/secure_ciphers_disabled/test/positive_expected_result.json index b68238e8a15..0c32f95eaa3 100644 --- a/assets/queries/ansible/aws/secure_ciphers_disabled/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/secure_ciphers_disabled/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "Secure Ciphers Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 14 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/security_group_with_unrestricted_access_to_ssh/test/positive_expected_result.json b/assets/queries/ansible/aws/security_group_with_unrestricted_access_to_ssh/test/positive_expected_result.json index 92adb519206..0b94f51d2e7 100644 --- a/assets/queries/ansible/aws/security_group_with_unrestricted_access_to_ssh/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/security_group_with_unrestricted_access_to_ssh/test/positive_expected_result.json @@ -1,17 +1,17 @@ [ { "queryName": "Security Group With Unrestricted Access To SSH", - "severity": "HIGH", + "severity": "MEDIUM", "line": 7 }, { "queryName": "Security Group With Unrestricted Access To SSH", - "severity": "HIGH", + "severity": "MEDIUM", "line": 7 }, { "queryName": "Security Group With Unrestricted Access To SSH", - "severity": "HIGH", + "severity": "MEDIUM", "line": 7 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/sqs_policy_allows_all_actions/test/positive_expected_result.json b/assets/queries/ansible/aws/sqs_policy_allows_all_actions/test/positive_expected_result.json index 730d58a8764..c16a93df09f 100644 --- a/assets/queries/ansible/aws/sqs_policy_allows_all_actions/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/sqs_policy_allows_all_actions/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ { "queryName": "SQS Policy Allows All Actions", - "severity": "MEDIUM", + "severity": "HIGH", "line": 10, "fileName": "positive.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/stack_notifications_disabled/test/positive_expected_result.json b/assets/queries/ansible/aws/stack_notifications_disabled/test/positive_expected_result.json index de79d89315f..ef4b887b1d9 100644 --- a/assets/queries/ansible/aws/stack_notifications_disabled/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/stack_notifications_disabled/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "Stack Notifications Disabled", - "severity": "MEDIUM", + "severity": "LOW", "line": 2 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/stack_without_template/test/positive_expected_result.json b/assets/queries/ansible/aws/stack_without_template/test/positive_expected_result.json index 9d3842e6860..45c13d3d70f 100644 --- a/assets/queries/ansible/aws/stack_without_template/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/stack_without_template/test/positive_expected_result.json @@ -1,22 +1,22 @@ [ { "queryName": "Stack Without Template", - "severity": "MEDIUM", + "severity": "LOW", "line": 2 }, { "queryName": "Stack Without Template", - "severity": "MEDIUM", + "severity": "LOW", "line": 15 }, { "queryName": "Stack Without Template", - "severity": "MEDIUM", + "severity": "LOW", "line": 30 }, { "queryName": "Stack Without Template", - "severity": "MEDIUM", + "severity": "LOW", "line": 40 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/user_data_shell_script_is_encoded/test/positive_expected_result.json b/assets/queries/ansible/aws/user_data_shell_script_is_encoded/test/positive_expected_result.json index af51b0420cc..6d1794972a0 100644 --- a/assets/queries/ansible/aws/user_data_shell_script_is_encoded/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/user_data_shell_script_is_encoded/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "User Data Shell Script Is Encoded", - "severity": "HIGH", + "severity": "LOW", "line": 9 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/viewer_protocol_policy_allows_http/test/positive_expected_result.json b/assets/queries/ansible/aws/viewer_protocol_policy_allows_http/test/positive_expected_result.json index dec2141849e..7a3f75db184 100644 --- a/assets/queries/ansible/aws/viewer_protocol_policy_allows_http/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/viewer_protocol_policy_allows_http/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "Cloudfront Viewer Protocol Policy Allows HTTP", - "severity": "HIGH", + "severity": "MEDIUM", "line": 20 }, { "queryName": "Cloudfront Viewer Protocol Policy Allows HTTP", - "severity": "HIGH", + "severity": "MEDIUM", "line": 50 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/aws/vulnerable_default_ssl_certificate/test/positive_expected_result.json b/assets/queries/ansible/aws/vulnerable_default_ssl_certificate/test/positive_expected_result.json index 16b095cd32e..a319e98250d 100644 --- a/assets/queries/ansible/aws/vulnerable_default_ssl_certificate/test/positive_expected_result.json +++ b/assets/queries/ansible/aws/vulnerable_default_ssl_certificate/test/positive_expected_result.json @@ -1,17 +1,17 @@ [ { "queryName": "Vulnerable Default SSL Certificate", - "severity": "HIGH", + "severity": "MEDIUM", "line": 6 }, { "queryName": "Vulnerable Default SSL Certificate", - "severity": "HIGH", + "severity": "MEDIUM", "line": 15 }, { "queryName": "Vulnerable Default SSL Certificate", - "severity": "HIGH", + "severity": "MEDIUM", "line": 15 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/azure/ad_admin_not_configured_for_sql_server/test/positive_expected_result.json b/assets/queries/ansible/azure/ad_admin_not_configured_for_sql_server/test/positive_expected_result.json index 3c60e68e36c..85e34b71da8 100644 --- a/assets/queries/ansible/azure/ad_admin_not_configured_for_sql_server/test/positive_expected_result.json +++ b/assets/queries/ansible/azure/ad_admin_not_configured_for_sql_server/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "AD Admin Not Configured For SQL Server", - "severity": "HIGH", + "severity": "MEDIUM", "line": 3 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/azure/admin_user_enabled_for_container_registry/test/positive_expected_result.json b/assets/queries/ansible/azure/admin_user_enabled_for_container_registry/test/positive_expected_result.json index d826dc98fcd..8db54668eed 100644 --- a/assets/queries/ansible/azure/admin_user_enabled_for_container_registry/test/positive_expected_result.json +++ b/assets/queries/ansible/azure/admin_user_enabled_for_container_registry/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "Admin User Enabled For Container Registry", - "severity": "HIGH", + "severity": "MEDIUM", "line": 7 }, { "queryName": "Admin User Enabled For Container Registry", - "severity": "HIGH", + "severity": "MEDIUM", "line": 17 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/azure/aks_network_policy_misconfigured/test/positive_expected_result.json b/assets/queries/ansible/azure/aks_network_policy_misconfigured/test/positive_expected_result.json index ad9ffa08e44..a9f6033dbaa 100644 --- a/assets/queries/ansible/azure/aks_network_policy_misconfigured/test/positive_expected_result.json +++ b/assets/queries/ansible/azure/aks_network_policy_misconfigured/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "AKS Network Policy Misconfigured", - "severity": "MEDIUM", + "severity": "LOW", "line": 10 }, { "queryName": "AKS Network Policy Misconfigured", - "severity": "MEDIUM", + "severity": "LOW", "line": 24 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/azure/azure_instance_using_basic_authentication/test/positive_expected_result.json b/assets/queries/ansible/azure/azure_instance_using_basic_authentication/test/positive_expected_result.json index 3ff2dfcec46..7f2e13b5a90 100644 --- a/assets/queries/ansible/azure/azure_instance_using_basic_authentication/test/positive_expected_result.json +++ b/assets/queries/ansible/azure/azure_instance_using_basic_authentication/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ - { - "queryName": "Azure Instance Using Basic Authentication", - "severity": "HIGH", - "line": 1, - "fileName": "positive.yaml" - } -] + { + "queryName": "Azure Instance Using Basic Authentication", + "severity": "MEDIUM", + "line": 1, + "fileName": "positive.yaml" + } +] \ No newline at end of file diff --git a/assets/queries/ansible/azure/cosmosdb_account_ip_range_filter_not_set/test/positive_expected_result.json b/assets/queries/ansible/azure/cosmosdb_account_ip_range_filter_not_set/test/positive_expected_result.json index 13452ce7e1d..0d8570fd156 100644 --- a/assets/queries/ansible/azure/cosmosdb_account_ip_range_filter_not_set/test/positive_expected_result.json +++ b/assets/queries/ansible/azure/cosmosdb_account_ip_range_filter_not_set/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "CosmosDB Account IP Range Filter Not Set", - "severity": "HIGH", + "severity": "CRITICAL", "line": 2 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/azure/cosmosdb_account_without_tags/test/positive_expected_result.json b/assets/queries/ansible/azure/cosmosdb_account_without_tags/test/positive_expected_result.json index ac6164d85d3..a1ef5db4746 100644 --- a/assets/queries/ansible/azure/cosmosdb_account_without_tags/test/positive_expected_result.json +++ b/assets/queries/ansible/azure/cosmosdb_account_without_tags/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "Cosmos DB Account Without Tags", - "severity": "MEDIUM", + "severity": "LOW", "line": 3 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/azure/default_azure_storage_account_network_access_is_too_permissive/test/positive_expected_result.json b/assets/queries/ansible/azure/default_azure_storage_account_network_access_is_too_permissive/test/positive_expected_result.json index 139bae6c3a7..0a1c0773b32 100644 --- a/assets/queries/ansible/azure/default_azure_storage_account_network_access_is_too_permissive/test/positive_expected_result.json +++ b/assets/queries/ansible/azure/default_azure_storage_account_network_access_is_too_permissive/test/positive_expected_result.json @@ -1,20 +1,20 @@ [ { "queryName": "Default Azure Storage Account Network Access Is Too Permissive", - "severity": "MEDIUM", + "severity": "HIGH", "line": 3, "fileName": "positive1.yaml" }, { "queryName": "Default Azure Storage Account Network Access Is Too Permissive", - "severity": "MEDIUM", + "severity": "HIGH", "line": 3, "fileName": "positive2.yaml" }, { "queryName": "Default Azure Storage Account Network Access Is Too Permissive", - "severity": "MEDIUM", + "severity": "HIGH", "line": 3, "fileName": "positive3.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/azure/mysql_ssl_connection_disabled/test/positive_expected_result.json b/assets/queries/ansible/azure/mysql_ssl_connection_disabled/test/positive_expected_result.json index 5b1fe4d0c30..a9e5e06cdb7 100644 --- a/assets/queries/ansible/azure/mysql_ssl_connection_disabled/test/positive_expected_result.json +++ b/assets/queries/ansible/azure/mysql_ssl_connection_disabled/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "MySQL SSL Connection Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 3 }, { "queryName": "MySQL SSL Connection Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 23 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/azure/redis_entirely_accessible/test/positive_expected_result.json b/assets/queries/ansible/azure/redis_entirely_accessible/test/positive_expected_result.json index 3927309888d..f04cd803160 100644 --- a/assets/queries/ansible/azure/redis_entirely_accessible/test/positive_expected_result.json +++ b/assets/queries/ansible/azure/redis_entirely_accessible/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "Redis Entirely Accessible", - "severity": "HIGH", + "severity": "CRITICAL", "line": 7 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/azure/redis_publicly_accessible/test/positive_expected_result.json b/assets/queries/ansible/azure/redis_publicly_accessible/test/positive_expected_result.json index 214751629df..bc5829b31c7 100644 --- a/assets/queries/ansible/azure/redis_publicly_accessible/test/positive_expected_result.json +++ b/assets/queries/ansible/azure/redis_publicly_accessible/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "Redis Publicly Accessible", - "severity": "HIGH", + "severity": "CRITICAL", "line": 7 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/azure/security_group_is_not_configured/test/positive_expected_result.json b/assets/queries/ansible/azure/security_group_is_not_configured/test/positive_expected_result.json index 0c600ca0f39..d0ea6a501f6 100644 --- a/assets/queries/ansible/azure/security_group_is_not_configured/test/positive_expected_result.json +++ b/assets/queries/ansible/azure/security_group_is_not_configured/test/positive_expected_result.json @@ -1,27 +1,27 @@ [ { "queryName": "Security Group is Not Configured", - "severity": "MEDIUM", + "severity": "HIGH", "line": 3 }, { "queryName": "Security Group is Not Configured", - "severity": "MEDIUM", + "severity": "HIGH", "line": 9 }, { "queryName": "Security Group is Not Configured", - "severity": "MEDIUM", + "severity": "HIGH", "line": 16 }, { "queryName": "Security Group is Not Configured", - "severity": "MEDIUM", + "severity": "HIGH", "line": 28 }, { "queryName": "Security Group is Not Configured", - "severity": "MEDIUM", + "severity": "HIGH", "line": 35 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/azure/small_activity_log_retention_period/test/positive_expected_result.json b/assets/queries/ansible/azure/small_activity_log_retention_period/test/positive_expected_result.json index a110f3aad64..5282ba8c326 100644 --- a/assets/queries/ansible/azure/small_activity_log_retention_period/test/positive_expected_result.json +++ b/assets/queries/ansible/azure/small_activity_log_retention_period/test/positive_expected_result.json @@ -1,17 +1,17 @@ [ { "queryName": "Small Activity Log Retention Period", - "severity": "MEDIUM", + "severity": "LOW", "line": 13 }, { "queryName": "Small Activity Log Retention Period", - "severity": "MEDIUM", + "severity": "LOW", "line": 20 }, { "queryName": "Small Activity Log Retention Period", - "severity": "MEDIUM", + "severity": "LOW", "line": 46 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/azure/sql_server_ingress_from_any_ip/test/positive_expected_result.json b/assets/queries/ansible/azure/sql_server_ingress_from_any_ip/test/positive_expected_result.json index 193b0f46468..31a8c77cc01 100644 --- a/assets/queries/ansible/azure/sql_server_ingress_from_any_ip/test/positive_expected_result.json +++ b/assets/queries/ansible/azure/sql_server_ingress_from_any_ip/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "SQLServer Ingress From Any IP", - "severity": "HIGH", + "severity": "CRITICAL", "line": 8 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/azure/sql_server_predictable_active_directory_admin_account_name/test/positive_expected_result.json b/assets/queries/ansible/azure/sql_server_predictable_active_directory_admin_account_name/test/positive_expected_result.json index 60141c937a0..abfcd251cad 100644 --- a/assets/queries/ansible/azure/sql_server_predictable_active_directory_admin_account_name/test/positive_expected_result.json +++ b/assets/queries/ansible/azure/sql_server_predictable_active_directory_admin_account_name/test/positive_expected_result.json @@ -1,17 +1,17 @@ [ { "queryName": "SQL Server Predictable Active Directory Account Name", - "severity": "MEDIUM", + "severity": "LOW", "line": 7 }, { "queryName": "SQL Server Predictable Active Directory Account Name", - "severity": "MEDIUM", + "severity": "LOW", "line": 13 }, { "queryName": "SQL Server Predictable Active Directory Account Name", - "severity": "MEDIUM", + "severity": "LOW", "line": 19 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/azure/sql_server_predictable_admin_account_name/test/positive_expected_result.json b/assets/queries/ansible/azure/sql_server_predictable_admin_account_name/test/positive_expected_result.json index 03d926e9957..ce8105939d3 100644 --- a/assets/queries/ansible/azure/sql_server_predictable_admin_account_name/test/positive_expected_result.json +++ b/assets/queries/ansible/azure/sql_server_predictable_admin_account_name/test/positive_expected_result.json @@ -1,17 +1,17 @@ [ { "queryName": "SQL Server Predictable Admin Account Name", - "severity": "MEDIUM", + "severity": "LOW", "line": 7 }, { "queryName": "SQL Server Predictable Admin Account Name", - "severity": "MEDIUM", + "severity": "LOW", "line": 14 }, { "queryName": "SQL Server Predictable Admin Account Name", - "severity": "MEDIUM", + "severity": "LOW", "line": 21 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/azure/ssl_enforce_is_disabled/test/positive_expected_result.json b/assets/queries/ansible/azure/ssl_enforce_is_disabled/test/positive_expected_result.json index 0a013a643c6..a0427e72698 100644 --- a/assets/queries/ansible/azure/ssl_enforce_is_disabled/test/positive_expected_result.json +++ b/assets/queries/ansible/azure/ssl_enforce_is_disabled/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "SSL Enforce Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 2 }, { "queryName": "SSL Enforce Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 21 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/azure/storage_account_not_forcing_https/test/positive_expected_result.json b/assets/queries/ansible/azure/storage_account_not_forcing_https/test/positive_expected_result.json index 66671d98cd5..571578e12dc 100644 --- a/assets/queries/ansible/azure/storage_account_not_forcing_https/test/positive_expected_result.json +++ b/assets/queries/ansible/azure/storage_account_not_forcing_https/test/positive_expected_result.json @@ -1,47 +1,47 @@ [ { "queryName": "Storage Account Not Forcing HTTPS", - "severity": "HIGH", + "severity": "MEDIUM", "line": 3 }, { "queryName": "Storage Account Not Forcing HTTPS", - "severity": "HIGH", + "severity": "MEDIUM", "line": 15 }, { "queryName": "Storage Account Not Forcing HTTPS", - "severity": "HIGH", + "severity": "MEDIUM", "line": 24 }, { "queryName": "Storage Account Not Forcing HTTPS", - "severity": "HIGH", + "severity": "MEDIUM", "line": 33 }, { "queryName": "Storage Account Not Forcing HTTPS", - "severity": "HIGH", + "severity": "MEDIUM", "line": 42 }, { "queryName": "Storage Account Not Forcing HTTPS", - "severity": "HIGH", + "severity": "MEDIUM", "line": 51 }, { "queryName": "Storage Account Not Forcing HTTPS", - "severity": "HIGH", + "severity": "MEDIUM", "line": 60 }, { "queryName": "Storage Account Not Forcing HTTPS", - "severity": "HIGH", + "severity": "MEDIUM", "line": 69 }, { "queryName": "Storage Account Not Forcing HTTPS", - "severity": "HIGH", + "severity": "MEDIUM", "line": 78 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/azure/trusted_microsoft_services_not_enabled/test/positive_expected_result.json b/assets/queries/ansible/azure/trusted_microsoft_services_not_enabled/test/positive_expected_result.json index 34ff466a9cd..3d9d3360063 100644 --- a/assets/queries/ansible/azure/trusted_microsoft_services_not_enabled/test/positive_expected_result.json +++ b/assets/queries/ansible/azure/trusted_microsoft_services_not_enabled/test/positive_expected_result.json @@ -1,17 +1,17 @@ [ - { - "queryName": "Trusted Microsoft Services Not Enabled", - "severity": "HIGH", - "line": 7 - }, - { - "queryName": "Trusted Microsoft Services Not Enabled", - "severity": "HIGH", - "line": 24 - }, - { - "queryName": "Trusted Microsoft Services Not Enabled", - "severity": "HIGH", - "line": 40 - } -] + { + "queryName": "Trusted Microsoft Services Not Enabled", + "severity": "MEDIUM", + "line": 7 + }, + { + "queryName": "Trusted Microsoft Services Not Enabled", + "severity": "MEDIUM", + "line": 24 + }, + { + "queryName": "Trusted Microsoft Services Not Enabled", + "severity": "MEDIUM", + "line": 40 + } +] \ No newline at end of file diff --git a/assets/queries/ansible/azure/unrestricted_sql_server_acess/test/positive_expected_result.json b/assets/queries/ansible/azure/unrestricted_sql_server_acess/test/positive_expected_result.json index ebbe3631a49..44cefe27131 100644 --- a/assets/queries/ansible/azure/unrestricted_sql_server_acess/test/positive_expected_result.json +++ b/assets/queries/ansible/azure/unrestricted_sql_server_acess/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "Unrestricted SQL Server Access", - "severity": "MEDIUM", + "severity": "CRITICAL", "line": 3 }, { "queryName": "Unrestricted SQL Server Access", - "severity": "MEDIUM", + "severity": "CRITICAL", "line": 10 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/azure/vm_not_attached_to_network/test/positive_expected_result.json b/assets/queries/ansible/azure/vm_not_attached_to_network/test/positive_expected_result.json index c56e6d92817..0c333d3f99e 100644 --- a/assets/queries/ansible/azure/vm_not_attached_to_network/test/positive_expected_result.json +++ b/assets/queries/ansible/azure/vm_not_attached_to_network/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "VM Not Attached To Network", - "severity": "HIGH", + "severity": "MEDIUM", "line": 3 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/azure/web_app_accepting_traffic_other_than_https/test/positive_expected_result.json b/assets/queries/ansible/azure/web_app_accepting_traffic_other_than_https/test/positive_expected_result.json index 24a8897dcda..fe2ba76306d 100644 --- a/assets/queries/ansible/azure/web_app_accepting_traffic_other_than_https/test/positive_expected_result.json +++ b/assets/queries/ansible/azure/web_app_accepting_traffic_other_than_https/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "Web App Accepting Traffic Other Than HTTPS", - "severity": "HIGH", + "severity": "MEDIUM", "line": 5 }, { "queryName": "Web App Accepting Traffic Other Than HTTPS", - "severity": "HIGH", + "severity": "MEDIUM", "line": 12 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/gcp/cloud_storage_anonymous_or_publicly_accessible/test/positive_expected_result.json b/assets/queries/ansible/gcp/cloud_storage_anonymous_or_publicly_accessible/test/positive_expected_result.json index 5f83e4313c4..e0ee2d2a9d5 100644 --- a/assets/queries/ansible/gcp/cloud_storage_anonymous_or_publicly_accessible/test/positive_expected_result.json +++ b/assets/queries/ansible/gcp/cloud_storage_anonymous_or_publicly_accessible/test/positive_expected_result.json @@ -1,17 +1,17 @@ [ - { - "queryName": "Cloud Storage Anonymous or Publicly Accessible", - "severity": "HIGH", - "line": 11 - }, - { - "queryName": "Cloud Storage Anonymous or Publicly Accessible", - "severity": "HIGH", - "line": 22 - }, - { - "queryName": "Cloud Storage Anonymous or Publicly Accessible", - "severity": "HIGH", - "line": 28 - } -] + { + "queryName": "Cloud Storage Anonymous or Publicly Accessible", + "severity": "CRITICAL", + "line": 11 + }, + { + "queryName": "Cloud Storage Anonymous or Publicly Accessible", + "severity": "CRITICAL", + "line": 22 + }, + { + "queryName": "Cloud Storage Anonymous or Publicly Accessible", + "severity": "CRITICAL", + "line": 28 + } +] \ No newline at end of file diff --git a/assets/queries/ansible/gcp/cloud_storage_bucket_logging_not_enabled/test/positive_expected_result.json b/assets/queries/ansible/gcp/cloud_storage_bucket_logging_not_enabled/test/positive_expected_result.json index 35d34b5ea78..1d61cc30951 100644 --- a/assets/queries/ansible/gcp/cloud_storage_bucket_logging_not_enabled/test/positive_expected_result.json +++ b/assets/queries/ansible/gcp/cloud_storage_bucket_logging_not_enabled/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ - { - "queryName": "Cloud Storage Bucket Logging Not Enabled", - "severity": "HIGH", - "line": 3 - } -] + { + "queryName": "Cloud Storage Bucket Logging Not Enabled", + "severity": "MEDIUM", + "line": 3 + } +] \ No newline at end of file diff --git a/assets/queries/ansible/gcp/cloud_storage_bucket_versioning_disabled/test/positive_expected_result.json b/assets/queries/ansible/gcp/cloud_storage_bucket_versioning_disabled/test/positive_expected_result.json index faf5f8bb122..8cefe4e1d11 100644 --- a/assets/queries/ansible/gcp/cloud_storage_bucket_versioning_disabled/test/positive_expected_result.json +++ b/assets/queries/ansible/gcp/cloud_storage_bucket_versioning_disabled/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ - { - "queryName": "Cloud Storage Bucket Versioning Disabled", - "severity": "HIGH", - "line": 3 - }, - { - "queryName": "Cloud Storage Bucket Versioning Disabled", - "severity": "HIGH", - "line": 17 - } -] + { + "queryName": "Cloud Storage Bucket Versioning Disabled", + "severity": "LOW", + "line": 3 + }, + { + "queryName": "Cloud Storage Bucket Versioning Disabled", + "severity": "LOW", + "line": 17 + } +] \ No newline at end of file diff --git a/assets/queries/ansible/gcp/cluster_labels_disabled/test/positive_expected_result.json b/assets/queries/ansible/gcp/cluster_labels_disabled/test/positive_expected_result.json index 14b4d4c1d8e..8c1a8dc644d 100644 --- a/assets/queries/ansible/gcp/cluster_labels_disabled/test/positive_expected_result.json +++ b/assets/queries/ansible/gcp/cluster_labels_disabled/test/positive_expected_result.json @@ -1,17 +1,17 @@ [ { "queryName": "Cluster Labels Disabled", - "severity": "HIGH", + "severity": "LOW", "line": 2 }, { "queryName": "Cluster Labels Disabled", - "severity": "HIGH", + "severity": "LOW", "line": 17 }, { "queryName": "Cluster Labels Disabled", - "severity": "HIGH", + "severity": "LOW", "line": 47 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/gcp/cluster_master_authentication_disabled/test/positive_expected_result.json b/assets/queries/ansible/gcp/cluster_master_authentication_disabled/test/positive_expected_result.json index 3ecdcda29f5..06b3b7a82fa 100644 --- a/assets/queries/ansible/gcp/cluster_master_authentication_disabled/test/positive_expected_result.json +++ b/assets/queries/ansible/gcp/cluster_master_authentication_disabled/test/positive_expected_result.json @@ -1,27 +1,27 @@ [ { "queryName": "Cluster Master Authentication Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 3 }, { "queryName": "Cluster Master Authentication Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 18 }, { "queryName": "Cluster Master Authentication Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 32 }, { "queryName": "Cluster Master Authentication Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 46 }, { "queryName": "Cluster Master Authentication Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 61 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/gcp/compute_instance_is_publicly_accessible/test/positive_expected_result.json b/assets/queries/ansible/gcp/compute_instance_is_publicly_accessible/test/positive_expected_result.json index ab47b43b293..77e4bef3293 100644 --- a/assets/queries/ansible/gcp/compute_instance_is_publicly_accessible/test/positive_expected_result.json +++ b/assets/queries/ansible/gcp/compute_instance_is_publicly_accessible/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ - { - "queryName": "Compute Instance Is Publicly Accessible", - "severity": "HIGH", - "line": 6 - } -] + { + "queryName": "Compute Instance Is Publicly Accessible", + "severity": "MEDIUM", + "line": 6 + } +] \ No newline at end of file diff --git a/assets/queries/ansible/gcp/cos_node_image_not_used/test/positive_expected_result.json b/assets/queries/ansible/gcp/cos_node_image_not_used/test/positive_expected_result.json index 4f65c66860d..7749e1bcee8 100644 --- a/assets/queries/ansible/gcp/cos_node_image_not_used/test/positive_expected_result.json +++ b/assets/queries/ansible/gcp/cos_node_image_not_used/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ - { - "queryName": "COS Node Image Not Used", - "severity": "MEDIUM", - "line": 13 - } -] + { + "queryName": "COS Node Image Not Used", + "severity": "LOW", + "line": 13 + } +] \ No newline at end of file diff --git a/assets/queries/ansible/gcp/dnssec_using_rsasha1/test/positive_expected_result.json b/assets/queries/ansible/gcp/dnssec_using_rsasha1/test/positive_expected_result.json index 62f9b8b6cd6..e0b836b45d2 100644 --- a/assets/queries/ansible/gcp/dnssec_using_rsasha1/test/positive_expected_result.json +++ b/assets/queries/ansible/gcp/dnssec_using_rsasha1/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ - { - "queryName": "DNSSEC Using RSASHA1", - "severity": "HIGH", - "line": 13 - } + { + "queryName": "DNSSEC Using RSASHA1", + "severity": "MEDIUM", + "line": 13 + } ] \ No newline at end of file diff --git a/assets/queries/ansible/gcp/gke_basic_authentication_enabled/test/positive_expected_result.json b/assets/queries/ansible/gcp/gke_basic_authentication_enabled/test/positive_expected_result.json index 12e1c84b2f8..7d0d7d53ef2 100644 --- a/assets/queries/ansible/gcp/gke_basic_authentication_enabled/test/positive_expected_result.json +++ b/assets/queries/ansible/gcp/gke_basic_authentication_enabled/test/positive_expected_result.json @@ -1,27 +1,27 @@ [ { "queryName": "GKE Basic Authentication Enabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 3 }, { "queryName": "GKE Basic Authentication Enabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 18 }, { "queryName": "GKE Basic Authentication Enabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 32 }, { "queryName": "GKE Basic Authentication Enabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 47 }, { "queryName": "GKE Basic Authentication Enabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 63 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/gcp/gke_master_authorized_networks_disabled/test/positive_expected_result.json b/assets/queries/ansible/gcp/gke_master_authorized_networks_disabled/test/positive_expected_result.json index 14713dcf33a..5535f921553 100644 --- a/assets/queries/ansible/gcp/gke_master_authorized_networks_disabled/test/positive_expected_result.json +++ b/assets/queries/ansible/gcp/gke_master_authorized_networks_disabled/test/positive_expected_result.json @@ -1,17 +1,17 @@ [ - { - "queryName": "GKE Master Authorized Networks Disabled", - "severity": "HIGH", - "line": 10 - }, - { - "queryName": "GKE Master Authorized Networks Disabled", - "severity": "HIGH", - "line": 17 - }, - { - "queryName": "GKE Master Authorized Networks Disabled", - "severity": "HIGH", - "line": 22 - } -] + { + "queryName": "GKE Master Authorized Networks Disabled", + "severity": "MEDIUM", + "line": 10 + }, + { + "queryName": "GKE Master Authorized Networks Disabled", + "severity": "MEDIUM", + "line": 17 + }, + { + "queryName": "GKE Master Authorized Networks Disabled", + "severity": "MEDIUM", + "line": 22 + } +] \ No newline at end of file diff --git a/assets/queries/ansible/gcp/ip_aliasing_disabled/test/positive_expected_result.json b/assets/queries/ansible/gcp/ip_aliasing_disabled/test/positive_expected_result.json index 9b4166ec2c4..515f5894a3c 100644 --- a/assets/queries/ansible/gcp/ip_aliasing_disabled/test/positive_expected_result.json +++ b/assets/queries/ansible/gcp/ip_aliasing_disabled/test/positive_expected_result.json @@ -1,17 +1,17 @@ [ { "queryName": "IP Aliasing Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 2 }, { "queryName": "IP Aliasing Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 31 }, { "queryName": "IP Aliasing Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 50 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/gcp/network_policy_disabled/test/positive_expected_result.json b/assets/queries/ansible/gcp/network_policy_disabled/test/positive_expected_result.json index 1400f19e828..422a04267dc 100644 --- a/assets/queries/ansible/gcp/network_policy_disabled/test/positive_expected_result.json +++ b/assets/queries/ansible/gcp/network_policy_disabled/test/positive_expected_result.json @@ -1,27 +1,27 @@ [ { "queryName": "Network Policy Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 3 }, { "queryName": "Network Policy Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 21 }, { "queryName": "Network Policy Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 54 }, { "queryName": "Network Policy Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 73 }, { "queryName": "Network Policy Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 96 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/gcp/node_auto_upgrade_disabled/test/positive_expected_result.json b/assets/queries/ansible/gcp/node_auto_upgrade_disabled/test/positive_expected_result.json index 526d8cf5924..1e8d4e0b4e8 100644 --- a/assets/queries/ansible/gcp/node_auto_upgrade_disabled/test/positive_expected_result.json +++ b/assets/queries/ansible/gcp/node_auto_upgrade_disabled/test/positive_expected_result.json @@ -1,17 +1,17 @@ [ { "queryName": "Node Auto Upgrade Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 3 }, { "queryName": "Node Auto Upgrade Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 22 }, { "queryName": "Node Auto Upgrade Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 36 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/gcp/postgresql_log_connections_disabled/test/positive_expected_result.json b/assets/queries/ansible/gcp/postgresql_log_connections_disabled/test/positive_expected_result.json index c6321ca319a..6cd81a17bd4 100644 --- a/assets/queries/ansible/gcp/postgresql_log_connections_disabled/test/positive_expected_result.json +++ b/assets/queries/ansible/gcp/postgresql_log_connections_disabled/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "PostgreSQL Log Connections Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 5 }, { "queryName": "PostgreSQL Log Connections Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 16 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/gcp/postgresql_logging_of_temporary_files_disabled/test/positive_expected_result.json b/assets/queries/ansible/gcp/postgresql_logging_of_temporary_files_disabled/test/positive_expected_result.json index 369a0518af1..176293e62bf 100644 --- a/assets/queries/ansible/gcp/postgresql_logging_of_temporary_files_disabled/test/positive_expected_result.json +++ b/assets/queries/ansible/gcp/postgresql_logging_of_temporary_files_disabled/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "PostgreSQL Logging Of Temporary Files Disabled", - "severity": "HIGH", + "severity": "LOW", "line": 10 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/gcp/postgresql_misconfigured_log_messages_flag/test/positive_expected_result.json b/assets/queries/ansible/gcp/postgresql_misconfigured_log_messages_flag/test/positive_expected_result.json index 94687abad00..58a65f3141f 100644 --- a/assets/queries/ansible/gcp/postgresql_misconfigured_log_messages_flag/test/positive_expected_result.json +++ b/assets/queries/ansible/gcp/postgresql_misconfigured_log_messages_flag/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "PostgreSQL Misconfigured Log Messages Flag", - "severity": "MEDIUM", + "severity": "LOW", "line": 11 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/gcp/postgresql_misconfigured_logging_duration_flag/test/positive_expected_result.json b/assets/queries/ansible/gcp/postgresql_misconfigured_logging_duration_flag/test/positive_expected_result.json index d4fed2bb85f..2032e1d2680 100644 --- a/assets/queries/ansible/gcp/postgresql_misconfigured_logging_duration_flag/test/positive_expected_result.json +++ b/assets/queries/ansible/gcp/postgresql_misconfigured_logging_duration_flag/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "PostgreSQL Misconfigured Logging Duration Flag", - "severity": "HIGH", + "severity": "LOW", "line": 10 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/gcp/private_cluster_disabled/test/positive_expected_result.json b/assets/queries/ansible/gcp/private_cluster_disabled/test/positive_expected_result.json index 41ceb5573ac..689ed5ffc81 100644 --- a/assets/queries/ansible/gcp/private_cluster_disabled/test/positive_expected_result.json +++ b/assets/queries/ansible/gcp/private_cluster_disabled/test/positive_expected_result.json @@ -1,27 +1,27 @@ [ { "queryName": "Private Cluster Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 2 }, { "queryName": "Private Cluster Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 31 }, { "queryName": "Private Cluster Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 48 }, { "queryName": "Private Cluster Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 66 }, { "queryName": "Private Cluster Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 85 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/gcp/rdp_access_is_not_restricted/test/positive_expected_result.json b/assets/queries/ansible/gcp/rdp_access_is_not_restricted/test/positive_expected_result.json index 52dabe1d446..54fdcecba5f 100644 --- a/assets/queries/ansible/gcp/rdp_access_is_not_restricted/test/positive_expected_result.json +++ b/assets/queries/ansible/gcp/rdp_access_is_not_restricted/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "RDP Access Is Not Restricted", - "severity": "MEDIUM", + "severity": "HIGH", "line": 8 }, { "queryName": "RDP Access Is Not Restricted", - "severity": "MEDIUM", + "severity": "HIGH", "line": 29 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/gcp/sql_db_instance_backup_disabled/test/positive_expected_result.json b/assets/queries/ansible/gcp/sql_db_instance_backup_disabled/test/positive_expected_result.json index 6cd52387362..4beca497fd1 100644 --- a/assets/queries/ansible/gcp/sql_db_instance_backup_disabled/test/positive_expected_result.json +++ b/assets/queries/ansible/gcp/sql_db_instance_backup_disabled/test/positive_expected_result.json @@ -1,22 +1,22 @@ [ { "queryName": "SQL DB Instance Backup Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 3 }, { "queryName": "SQL DB Instance Backup Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 13 }, { "queryName": "SQL DB Instance Backup Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 24 }, { "queryName": "SQL DB Instance Backup Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 38 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/gcp/sql_db_instance_is_publicly_accessible/test/positive_expected_result.json b/assets/queries/ansible/gcp/sql_db_instance_is_publicly_accessible/test/positive_expected_result.json index e149656ff37..895e3ab0522 100644 --- a/assets/queries/ansible/gcp/sql_db_instance_is_publicly_accessible/test/positive_expected_result.json +++ b/assets/queries/ansible/gcp/sql_db_instance_is_publicly_accessible/test/positive_expected_result.json @@ -1,17 +1,17 @@ [ { "queryName": "SQL DB Instance Publicly Accessible", - "severity": "HIGH", + "severity": "CRITICAL", "line": 12 }, { "queryName": "SQL DB Instance Publicly Accessible", - "severity": "HIGH", + "severity": "CRITICAL", "line": 24 }, { "queryName": "SQL DB Instance Publicly Accessible", - "severity": "HIGH", + "severity": "CRITICAL", "line": 34 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/gcp/stackdriver_logging_disabled/test/positive_expected_result.json b/assets/queries/ansible/gcp/stackdriver_logging_disabled/test/positive_expected_result.json index 3183633dbab..73738c59a3a 100644 --- a/assets/queries/ansible/gcp/stackdriver_logging_disabled/test/positive_expected_result.json +++ b/assets/queries/ansible/gcp/stackdriver_logging_disabled/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "Stackdriver Logging Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 3 }, { "queryName": "Stackdriver Logging Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 32 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/gcp/stackdriver_monitoring_disabled/test/positive_expected_result.json b/assets/queries/ansible/gcp/stackdriver_monitoring_disabled/test/positive_expected_result.json index 8c872275e7b..325445d9111 100644 --- a/assets/queries/ansible/gcp/stackdriver_monitoring_disabled/test/positive_expected_result.json +++ b/assets/queries/ansible/gcp/stackdriver_monitoring_disabled/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "Stackdriver Monitoring Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 3 }, { "queryName": "Stackdriver Monitoring Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 32 } -] +] \ No newline at end of file diff --git a/assets/queries/ansible/gcp/vm_with_full_cloud_access/test/positive_expected_result.json b/assets/queries/ansible/gcp/vm_with_full_cloud_access/test/positive_expected_result.json index e2ec18f1135..ace8a7b988f 100644 --- a/assets/queries/ansible/gcp/vm_with_full_cloud_access/test/positive_expected_result.json +++ b/assets/queries/ansible/gcp/vm_with_full_cloud_access/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ - { - "queryName": "VM With Full Cloud Access", - "severity": "HIGH", - "line": 7 - } -] + { + "queryName": "VM With Full Cloud Access", + "severity": "MEDIUM", + "line": 7 + } +] \ No newline at end of file diff --git a/assets/queries/azureResourceManager/aks_cluster_rbac_disabled/test/positive_expected_result.json b/assets/queries/azureResourceManager/aks_cluster_rbac_disabled/test/positive_expected_result.json index 2402f734a64..4044e4f5294 100644 --- a/assets/queries/azureResourceManager/aks_cluster_rbac_disabled/test/positive_expected_result.json +++ b/assets/queries/azureResourceManager/aks_cluster_rbac_disabled/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "AKS Cluster RBAC Disabled", - "severity": "MEDIUM", + "severity": "HIGH", "line": 14, "fileName": "positive1.json" }, { "queryName": "AKS Cluster RBAC Disabled", - "severity": "MEDIUM", + "severity": "HIGH", "line": 36, "fileName": "positive2.json" }, { "queryName": "AKS Cluster RBAC Disabled", - "severity": "MEDIUM", + "severity": "HIGH", "line": 16, "fileName": "positive3.json" }, { "queryName": "AKS Cluster RBAC Disabled", - "severity": "MEDIUM", + "severity": "HIGH", "line": 38, "fileName": "positive4.json" } -] +] \ No newline at end of file diff --git a/assets/queries/azureResourceManager/aks_with_authorized_ip_ranges_disabled/test/positive_expected_result.json b/assets/queries/azureResourceManager/aks_with_authorized_ip_ranges_disabled/test/positive_expected_result.json index db839ba6c8d..07da9b40775 100644 --- a/assets/queries/azureResourceManager/aks_with_authorized_ip_ranges_disabled/test/positive_expected_result.json +++ b/assets/queries/azureResourceManager/aks_with_authorized_ip_ranges_disabled/test/positive_expected_result.json @@ -1,62 +1,62 @@ [ { "queryName": "AKS With Authorized IP Ranges Disabled", - "severity": "MEDIUM", + "severity": "LOW", "line": 8, "filename": "positive1.json" }, { "queryName": "AKS With Authorized IP Ranges Disabled", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive2.json" }, { "queryName": "AKS With Authorized IP Ranges Disabled", - "severity": "MEDIUM", + "severity": "LOW", "line": 36, "filename": "positive3.json" }, { "queryName": "AKS With Authorized IP Ranges Disabled", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive4.json" }, { "queryName": "AKS With Authorized IP Ranges Disabled", - "severity": "MEDIUM", + "severity": "LOW", "line": 37, "filename": "positive5.json" }, { "queryName": "AKS With Authorized IP Ranges Disabled", - "severity": "MEDIUM", + "severity": "LOW", "line": 10, "filename": "positive6.json" }, { "queryName": "AKS With Authorized IP Ranges Disabled", - "severity": "MEDIUM", + "severity": "LOW", "line": 8, "filename": "positive7.json" }, { "queryName": "AKS With Authorized IP Ranges Disabled", - "severity": "MEDIUM", + "severity": "LOW", "line": 38, "filename": "positive8.json" }, { "queryName": "AKS With Authorized IP Ranges Disabled", - "severity": "MEDIUM", + "severity": "LOW", "line": 8, "filename": "positive9.json" }, { "queryName": "AKS With Authorized IP Ranges Disabled", - "severity": "MEDIUM", + "severity": "LOW", "line": 39, "filename": "positive10.json" } -] +] \ No newline at end of file diff --git a/assets/queries/azureResourceManager/app_service_authentication_not_set/test/positive_expected_result.json b/assets/queries/azureResourceManager/app_service_authentication_not_set/test/positive_expected_result.json index bdd5d9b8ccd..62411c91ec7 100644 --- a/assets/queries/azureResourceManager/app_service_authentication_not_set/test/positive_expected_result.json +++ b/assets/queries/azureResourceManager/app_service_authentication_not_set/test/positive_expected_result.json @@ -1,50 +1,50 @@ [ { "queryName": "App Service Authentication Is Not Set", - "severity": "INFO", + "severity": "MEDIUM", "line": 37, "fileName": "positive1.json" }, { "queryName": "App Service Authentication Is Not Set", - "severity": "INFO", + "severity": "MEDIUM", "line": 33, "fileName": "positive2.json" }, { "queryName": "App Service Authentication Is Not Set", - "severity": "INFO", + "severity": "MEDIUM", "line": 44, "fileName": "positive3.json" }, { "queryName": "App Service Authentication Is Not Set", - "severity": "INFO", + "severity": "MEDIUM", "line": 40, "fileName": "positive4.json" }, { "queryName": "App Service Authentication Is Not Set", - "severity": "INFO", + "severity": "MEDIUM", "line": 39, "fileName": "positive5.json" }, { "queryName": "App Service Authentication Is Not Set", - "severity": "INFO", + "severity": "MEDIUM", "line": 35, "fileName": "positive6.json" }, { "queryName": "App Service Authentication Is Not Set", - "severity": "INFO", + "severity": "MEDIUM", "line": 46, "fileName": "positive7.json" }, { "queryName": "App Service Authentication Is Not Set", - "severity": "INFO", + "severity": "MEDIUM", "line": 42, "fileName": "positive8.json" } -] +] \ No newline at end of file diff --git a/assets/queries/azureResourceManager/azure_instance_using_basic_authentication/test/positive_expected_result.json b/assets/queries/azureResourceManager/azure_instance_using_basic_authentication/test/positive_expected_result.json index e53bb4fd325..90610f903ce 100644 --- a/assets/queries/azureResourceManager/azure_instance_using_basic_authentication/test/positive_expected_result.json +++ b/assets/queries/azureResourceManager/azure_instance_using_basic_authentication/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "Azure Instance Using Basic Authentication", - "severity": "HIGH", + "severity": "MEDIUM", "line": 53, "filename": "positive1.json" }, { "queryName": "Azure Instance Using Basic Authentication", - "severity": "HIGH", + "severity": "MEDIUM", "line": 40, "filename": "positive2.json" }, { "queryName": "Azure Instance Using Basic Authentication", - "severity": "HIGH", + "severity": "MEDIUM", "line": 55, "filename": "positive3.json" }, { "queryName": "Azure Instance Using Basic Authentication", - "severity": "HIGH", + "severity": "MEDIUM", "line": 42, "filename": "positive4.json" } -] +] \ No newline at end of file diff --git a/assets/queries/azureResourceManager/default_azure_storage_account_network_access_is_too_permissive/test/positive_expected_result.json b/assets/queries/azureResourceManager/default_azure_storage_account_network_access_is_too_permissive/test/positive_expected_result.json index 6c2351abf28..bd1b964727d 100644 --- a/assets/queries/azureResourceManager/default_azure_storage_account_network_access_is_too_permissive/test/positive_expected_result.json +++ b/assets/queries/azureResourceManager/default_azure_storage_account_network_access_is_too_permissive/test/positive_expected_result.json @@ -1,20 +1,20 @@ [ { "queryName": "Default Azure Storage Account Network Access Is Too Permissive", - "severity": "MEDIUM", + "severity": "HIGH", "line": 13, "fileName": "positive1.json" }, { "queryName": "Default Azure Storage Account Network Access Is Too Permissive", - "severity": "MEDIUM", + "severity": "HIGH", "line": 11, "fileName": "positive2.json" }, { "queryName": "Default Azure Storage Account Network Access Is Too Permissive", - "severity": "MEDIUM", + "severity": "HIGH", "line": 12, "fileName": "positive3.json" } -] +] \ No newline at end of file diff --git a/assets/queries/azureResourceManager/hardcoded_securestring_parameter_default_value/test/positive_expected_result.json b/assets/queries/azureResourceManager/hardcoded_securestring_parameter_default_value/test/positive_expected_result.json index 7e42b306e26..8ee8524f96f 100644 --- a/assets/queries/azureResourceManager/hardcoded_securestring_parameter_default_value/test/positive_expected_result.json +++ b/assets/queries/azureResourceManager/hardcoded_securestring_parameter_default_value/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "Hardcoded SecureString Parameter Default Value", - "severity": "MEDIUM", + "severity": "HIGH", "line": 7, "fileName": "positive1.json" }, { "queryName": "Hardcoded SecureString Parameter Default Value", - "severity": "MEDIUM", + "severity": "HIGH", "line": 9, "fileName": "positive2.json" } -] +] \ No newline at end of file diff --git a/assets/queries/azureResourceManager/log_profile_incorrect_category/test/positive_expected_result.json b/assets/queries/azureResourceManager/log_profile_incorrect_category/test/positive_expected_result.json index b0075dc0907..d6d8fd0dca2 100644 --- a/assets/queries/azureResourceManager/log_profile_incorrect_category/test/positive_expected_result.json +++ b/assets/queries/azureResourceManager/log_profile_incorrect_category/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "Log Profile Incorrect Category", - "severity": "MEDIUM", + "severity": "LOW", "line": 22, "fileName": "positive1.json" }, { "queryName": "Log Profile Incorrect Category", - "severity": "MEDIUM", + "severity": "LOW", "line": 24, "fileName": "positive2.json" } -] +] \ No newline at end of file diff --git a/assets/queries/azureResourceManager/mysql_server_ssl_enforcement_disabled/test/positive_expected_result.json b/assets/queries/azureResourceManager/mysql_server_ssl_enforcement_disabled/test/positive_expected_result.json index 5752c329a26..e9aa5d90167 100644 --- a/assets/queries/azureResourceManager/mysql_server_ssl_enforcement_disabled/test/positive_expected_result.json +++ b/assets/queries/azureResourceManager/mysql_server_ssl_enforcement_disabled/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "MySQL Server SSL Enforcement Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 16, "fileName": "positive1.json" }, { "queryName": "MySQL Server SSL Enforcement Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 18, "fileName": "positive2.json" }, { "queryName": "MySQL Server SSL Enforcement Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 18, "fileName": "positive3.json" }, { "queryName": "MySQL Server SSL Enforcement Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 20, "fileName": "positive4.json" } -] +] \ No newline at end of file diff --git a/assets/queries/azureResourceManager/network_security_group_with_unrestricted_access_to_ssh/test/positive_expected_result.json b/assets/queries/azureResourceManager/network_security_group_with_unrestricted_access_to_ssh/test/positive_expected_result.json index 2ff5ffd1ce3..a2a2afda9bc 100644 --- a/assets/queries/azureResourceManager/network_security_group_with_unrestricted_access_to_ssh/test/positive_expected_result.json +++ b/assets/queries/azureResourceManager/network_security_group_with_unrestricted_access_to_ssh/test/positive_expected_result.json @@ -1,38 +1,38 @@ [ { "queryName": "Network Security Group With Unrestricted Access To SSH", - "severity": "HIGH", + "severity": "MEDIUM", "line": 19, "fileName": "positive1.json" }, { "queryName": "Network Security Group With Unrestricted Access To SSH", - "severity": "HIGH", + "severity": "MEDIUM", "line": 13, "fileName": "positive2.json" }, { "queryName": "Network Security Group With Unrestricted Access To SSH", - "severity": "HIGH", + "severity": "MEDIUM", "line": 20, "fileName": "positive3.json" }, { "queryName": "Network Security Group With Unrestricted Access To SSH", - "severity": "HIGH", + "severity": "MEDIUM", "line": 21, "fileName": "positive4.json" }, { "queryName": "Network Security Group With Unrestricted Access To SSH", - "severity": "HIGH", + "severity": "MEDIUM", "line": 15, "fileName": "positive5.json" }, { "queryName": "Network Security Group With Unrestricted Access To SSH", - "severity": "HIGH", + "severity": "MEDIUM", "line": 22, "fileName": "positive6.json" } -] +] \ No newline at end of file diff --git a/assets/queries/azureResourceManager/postgres_sql_server_ssl_disabled/test/positive_expected_result.json b/assets/queries/azureResourceManager/postgres_sql_server_ssl_disabled/test/positive_expected_result.json index 4abbbc922ba..ca8b3e0d43a 100644 --- a/assets/queries/azureResourceManager/postgres_sql_server_ssl_disabled/test/positive_expected_result.json +++ b/assets/queries/azureResourceManager/postgres_sql_server_ssl_disabled/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "PostgreSQL Database Server SSL Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 14, "fileName": "positive1.json" }, { "queryName": "PostgreSQL Database Server SSL Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 13, "fileName": "positive2.json" }, { "queryName": "PostgreSQL Database Server SSL Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 16, "fileName": "positive3.json" }, { "queryName": "PostgreSQL Database Server SSL Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 15, "fileName": "positive4.json" } -] +] \ No newline at end of file diff --git a/assets/queries/azureResourceManager/role_definitions_allow_custom_subscription_role_creation/test/positive_expected_result.json b/assets/queries/azureResourceManager/role_definitions_allow_custom_subscription_role_creation/test/positive_expected_result.json index b3ebea7b408..848b2a462bd 100644 --- a/assets/queries/azureResourceManager/role_definitions_allow_custom_subscription_role_creation/test/positive_expected_result.json +++ b/assets/queries/azureResourceManager/role_definitions_allow_custom_subscription_role_creation/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "Role Definitions Allow Custom Subscription Role Creation", - "severity": "MEDIUM", + "severity": "HIGH", "line": 18, "fileName": "positive1.json" }, { "queryName": "Role Definitions Allow Custom Subscription Role Creation", - "severity": "MEDIUM", + "severity": "HIGH", "line": 18, "fileName": "positive2.json" }, { "queryName": "Role Definitions Allow Custom Subscription Role Creation", - "severity": "MEDIUM", + "severity": "HIGH", "line": 20, "fileName": "positive3.json" }, { "queryName": "Role Definitions Allow Custom Subscription Role Creation", - "severity": "MEDIUM", + "severity": "HIGH", "line": 20, "fileName": "positive4.json" } -] +] \ No newline at end of file diff --git a/assets/queries/azureResourceManager/secret_without_expiration_date/test/positive_expected_result.json b/assets/queries/azureResourceManager/secret_without_expiration_date/test/positive_expected_result.json index 67d241c5292..cc8fef2be57 100644 --- a/assets/queries/azureResourceManager/secret_without_expiration_date/test/positive_expected_result.json +++ b/assets/queries/azureResourceManager/secret_without_expiration_date/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "Secret Without Expiration Date", - "severity": "HIGH", + "severity": "MEDIUM", "line": 49, "filename": "positive1.json" }, { "queryName": "Secret Without Expiration Date", - "severity": "HIGH", + "severity": "MEDIUM", "line": 54, "filename": "positive2.json" }, { "queryName": "Secret Without Expiration Date", - "severity": "HIGH", + "severity": "MEDIUM", "line": 51, "filename": "positive3.json" }, { "queryName": "Secret Without Expiration Date", - "severity": "HIGH", + "severity": "MEDIUM", "line": 56, "filename": "positive4.json" } -] +] \ No newline at end of file diff --git a/assets/queries/azureResourceManager/sql_database_server_firewall_allows_all_ips/test/positive_expected_result.json b/assets/queries/azureResourceManager/sql_database_server_firewall_allows_all_ips/test/positive_expected_result.json index 9ea17fc8685..b6fe1a7f551 100644 --- a/assets/queries/azureResourceManager/sql_database_server_firewall_allows_all_ips/test/positive_expected_result.json +++ b/assets/queries/azureResourceManager/sql_database_server_firewall_allows_all_ips/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "SQL Database Server Firewall Allows All IPS", - "severity": "HIGH", + "severity": "CRITICAL", "line": 31, "filename": "positive1.json" }, { "queryName": "SQL Database Server Firewall Allows All IPS", - "severity": "HIGH", + "severity": "CRITICAL", "line": 14, "filename": "positive2.json" }, { "queryName": "SQL Database Server Firewall Allows All IPS", - "severity": "HIGH", + "severity": "CRITICAL", "line": 33, "filename": "positive3.json" }, { "queryName": "SQL Database Server Firewall Allows All IPS", - "severity": "HIGH", + "severity": "CRITICAL", "line": 16, "filename": "positive4.json" } -] +] \ No newline at end of file diff --git a/assets/queries/azureResourceManager/sql_server_database_with_low_retention_days/test/positive_expected_result.json b/assets/queries/azureResourceManager/sql_server_database_with_low_retention_days/test/positive_expected_result.json index e7baac94d1a..7b48bb96d7a 100644 --- a/assets/queries/azureResourceManager/sql_server_database_with_low_retention_days/test/positive_expected_result.json +++ b/assets/queries/azureResourceManager/sql_server_database_with_low_retention_days/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "SQL Server Database With Unrecommended Retention Days", - "severity": "MEDIUM", + "severity": "LOW", "line": 48, "filename": "positive1.json" }, { "queryName": "SQL Server Database With Unrecommended Retention Days", - "severity": "MEDIUM", + "severity": "LOW", "line": 43, "filename": "positive2.json" }, { "queryName": "SQL Server Database With Unrecommended Retention Days", - "severity": "MEDIUM", + "severity": "LOW", "line": 50, "filename": "positive3.json" }, { "queryName": "SQL Server Database With Unrecommended Retention Days", - "severity": "MEDIUM", + "severity": "LOW", "line": 45, "filename": "positive4.json" } -] +] \ No newline at end of file diff --git a/assets/queries/azureResourceManager/standard_price_not_selected/test/positive_expected_result.json b/assets/queries/azureResourceManager/standard_price_not_selected/test/positive_expected_result.json index 70f77cfe6cb..1bdd4945792 100644 --- a/assets/queries/azureResourceManager/standard_price_not_selected/test/positive_expected_result.json +++ b/assets/queries/azureResourceManager/standard_price_not_selected/test/positive_expected_result.json @@ -1,20 +1,20 @@ [ { "queryName": "Standard Price Is Not Selected", - "severity": "MEDIUM", + "severity": "LOW", "line": 27, "filename": "positive1.json" }, { "queryName": "Standard Price Is Not Selected", - "severity": "MEDIUM", + "severity": "LOW", "line": 29, "filename": "positive2.json" }, { "queryName": "Standard Price Is Not Selected", - "severity": "MEDIUM", + "severity": "LOW", "line": 23, "filename": "positive3.json" } -] +] \ No newline at end of file diff --git a/assets/queries/azureResourceManager/storage_account_allows_unsecure_transfer/test/positive_expected_result.json b/assets/queries/azureResourceManager/storage_account_allows_unsecure_transfer/test/positive_expected_result.json index 1eee804352c..b610df4a795 100644 --- a/assets/queries/azureResourceManager/storage_account_allows_unsecure_transfer/test/positive_expected_result.json +++ b/assets/queries/azureResourceManager/storage_account_allows_unsecure_transfer/test/positive_expected_result.json @@ -1,38 +1,38 @@ [ { "queryName": "Storage Account Allows Unsecure Transfer", - "severity": "HIGH", + "severity": "MEDIUM", "line": 19, "fileName": "positive1.json" }, { "queryName": "Storage Account Allows Unsecure Transfer", - "severity": "HIGH", + "severity": "MEDIUM", "line": 6, "fileName": "positive2.json" }, { "queryName": "Storage Account Allows Unsecure Transfer", - "severity": "HIGH", + "severity": "MEDIUM", "line": 18, "fileName": "positive3.json" }, { "queryName": "Storage Account Allows Unsecure Transfer", - "severity": "HIGH", + "severity": "MEDIUM", "line": 21, "fileName": "positive4.json" }, { "queryName": "Storage Account Allows Unsecure Transfer", - "severity": "HIGH", + "severity": "MEDIUM", "line": 8, "fileName": "positive5.json" }, { "queryName": "Storage Account Allows Unsecure Transfer", - "severity": "HIGH", + "severity": "MEDIUM", "line": 20, "fileName": "positive6.json" } -] +] \ No newline at end of file diff --git a/assets/queries/azureResourceManager/trusted_microsoft_services_not_enabled/test/positive_expected_result.json b/assets/queries/azureResourceManager/trusted_microsoft_services_not_enabled/test/positive_expected_result.json index e2eb42c909e..aa83a1091b1 100644 --- a/assets/queries/azureResourceManager/trusted_microsoft_services_not_enabled/test/positive_expected_result.json +++ b/assets/queries/azureResourceManager/trusted_microsoft_services_not_enabled/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "Trusted Microsoft Services Not Enabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 21, "fileName": "positive1.json" }, { "queryName": "Trusted Microsoft Services Not Enabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 21, "fileName": "positive2.json" }, { "queryName": "Trusted Microsoft Services Not Enabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 23, "fileName": "positive3.json" }, { "queryName": "Trusted Microsoft Services Not Enabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 23, "fileName": "positive4.json" } -] +] \ No newline at end of file diff --git a/assets/queries/azureResourceManager/unrecommended_log_profile_retention_policy/test/positive_expected_result.json b/assets/queries/azureResourceManager/unrecommended_log_profile_retention_policy/test/positive_expected_result.json index 684355bdbc8..b2162149cd8 100644 --- a/assets/queries/azureResourceManager/unrecommended_log_profile_retention_policy/test/positive_expected_result.json +++ b/assets/queries/azureResourceManager/unrecommended_log_profile_retention_policy/test/positive_expected_result.json @@ -1,38 +1,38 @@ [ { "queryName": "Unrecommended Log Profile Retention Policy", - "severity": "MEDIUM", + "severity": "LOW", "line": 26, "fileName": "positive1.json" }, { "queryName": "Unrecommended Log Profile Retention Policy", - "severity": "MEDIUM", + "severity": "LOW", "line": 25, "fileName": "positive2.json" }, { "queryName": "Unrecommended Log Profile Retention Policy", - "severity": "MEDIUM", + "severity": "LOW", "line": 26, "fileName": "positive2.json" }, { "queryName": "Unrecommended Log Profile Retention Policy", - "severity": "MEDIUM", + "severity": "LOW", "line": 28, "fileName": "positive3.json" }, { "queryName": "Unrecommended Log Profile Retention Policy", - "severity": "MEDIUM", + "severity": "LOW", "line": 27, "fileName": "positive4.json" }, { "queryName": "Unrecommended Log Profile Retention Policy", - "severity": "MEDIUM", + "severity": "LOW", "line": 28, "fileName": "positive4.json" } -] +] \ No newline at end of file diff --git a/assets/queries/azureResourceManager/unrecommended_network_watcher_flow_log_retention_policy/test/positive_expected_result.json b/assets/queries/azureResourceManager/unrecommended_network_watcher_flow_log_retention_policy/test/positive_expected_result.json index 3576a1fb827..5b9f8ed8b13 100644 --- a/assets/queries/azureResourceManager/unrecommended_network_watcher_flow_log_retention_policy/test/positive_expected_result.json +++ b/assets/queries/azureResourceManager/unrecommended_network_watcher_flow_log_retention_policy/test/positive_expected_result.json @@ -1,74 +1,74 @@ [ { "queryName": "Unrecommended Network Watcher Flow Log Retention Policy", - "severity": "MEDIUM", + "severity": "LOW", "line": 20, "fileName": "positive1.json" }, { "queryName": "Unrecommended Network Watcher Flow Log Retention Policy", - "severity": "MEDIUM", + "severity": "LOW", "line": 21, "fileName": "positive1.json" }, { "queryName": "Unrecommended Network Watcher Flow Log Retention Policy", - "severity": "MEDIUM", + "severity": "LOW", "line": 19, "fileName": "positive2.json" }, { "queryName": "Unrecommended Network Watcher Flow Log Retention Policy", - "severity": "MEDIUM", + "severity": "LOW", "line": 20, "fileName": "positive2.json" }, { "queryName": "Unrecommended Network Watcher Flow Log Retention Policy", - "severity": "MEDIUM", + "severity": "LOW", "line": 15, "fileName": "positive3.json" }, { "queryName": "Unrecommended Network Watcher Flow Log Retention Policy", - "severity": "MEDIUM", + "severity": "LOW", "line": 15, "fileName": "positive4.json" }, { "queryName": "Unrecommended Network Watcher Flow Log Retention Policy", - "severity": "MEDIUM", + "severity": "LOW", "line": 22, "fileName": "positive5.json" }, { "queryName": "Unrecommended Network Watcher Flow Log Retention Policy", - "severity": "MEDIUM", + "severity": "LOW", "line": 23, "fileName": "positive5.json" }, { "queryName": "Unrecommended Network Watcher Flow Log Retention Policy", - "severity": "MEDIUM", + "severity": "LOW", "line": 21, "fileName": "positive6.json" }, { "queryName": "Unrecommended Network Watcher Flow Log Retention Policy", - "severity": "MEDIUM", + "severity": "LOW", "line": 22, "fileName": "positive6.json" }, { "queryName": "Unrecommended Network Watcher Flow Log Retention Policy", - "severity": "MEDIUM", + "severity": "LOW", "line": 17, "fileName": "positive7.json" }, { "queryName": "Unrecommended Network Watcher Flow Log Retention Policy", - "severity": "MEDIUM", + "severity": "LOW", "line": 17, "fileName": "positive8.json" } -] +] \ No newline at end of file diff --git a/assets/queries/azureResourceManager/web_app_not_using_tls_last_version/test/positive_expected_result.json b/assets/queries/azureResourceManager/web_app_not_using_tls_last_version/test/positive_expected_result.json index 7661af76f3a..d0e889f2cb6 100644 --- a/assets/queries/azureResourceManager/web_app_not_using_tls_last_version/test/positive_expected_result.json +++ b/assets/queries/azureResourceManager/web_app_not_using_tls_last_version/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "Web App Not Using TLS Last Version", - "severity": "HIGH", + "severity": "MEDIUM", "line": 12, "filename": "positive1.json" }, { "queryName": "Web App Not Using TLS Last Version", - "severity": "HIGH", + "severity": "MEDIUM", "line": 8, "filename": "positive2.json" }, { "queryName": "Web App Not Using TLS Last Version", - "severity": "HIGH", + "severity": "MEDIUM", "line": 14, "filename": "positive3.json" }, { "queryName": "Web App Not Using TLS Last Version", - "severity": "HIGH", + "severity": "MEDIUM", "line": 10, "filename": "positive4.json" } -] +] \ No newline at end of file diff --git a/assets/queries/azureResourceManager/website_not_forcing_https/test/positive_expected_result.json b/assets/queries/azureResourceManager/website_not_forcing_https/test/positive_expected_result.json index a9abe024579..85d5eb855d9 100644 --- a/assets/queries/azureResourceManager/website_not_forcing_https/test/positive_expected_result.json +++ b/assets/queries/azureResourceManager/website_not_forcing_https/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "Website Not Forcing HTTPS", - "severity": "HIGH", + "severity": "MEDIUM", "line": 15, "fileName": "positive1.json" }, { "queryName": "Website Not Forcing HTTPS", - "severity": "HIGH", + "severity": "MEDIUM", "line": 17, "fileName": "positive2.json" }, { "queryName": "Website Not Forcing HTTPS", - "severity": "HIGH", + "severity": "MEDIUM", "line": 17, "fileName": "positive3.json" }, { "queryName": "Website Not Forcing HTTPS", - "severity": "HIGH", + "severity": "MEDIUM", "line": 19, "fileName": "positive4.json" } -] +] \ No newline at end of file diff --git a/assets/queries/azureResourceManager/website_with_client_certificate_auth_disabled/test/positive_expected_result.json b/assets/queries/azureResourceManager/website_with_client_certificate_auth_disabled/test/positive_expected_result.json index 0530692dcae..e6c734aee1f 100644 --- a/assets/queries/azureResourceManager/website_with_client_certificate_auth_disabled/test/positive_expected_result.json +++ b/assets/queries/azureResourceManager/website_with_client_certificate_auth_disabled/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "Website with Client Certificate Auth Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 15, "fileName": "positive1.json" }, { "queryName": "Website with Client Certificate Auth Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 17, "fileName": "positive2.json" }, { "queryName": "Website with Client Certificate Auth Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 17, "fileName": "positive3.json" }, { "queryName": "Website with Client Certificate Auth Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 19, "fileName": "positive4.json" } -] +] \ No newline at end of file diff --git a/assets/queries/buildah/run_using_apt/test/positive_expected_result.json b/assets/queries/buildah/run_using_apt/test/positive_expected_result.json index 4651428b74b..b170be0f78e 100644 --- a/assets/queries/buildah/run_using_apt/test/positive_expected_result.json +++ b/assets/queries/buildah/run_using_apt/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ - { - "queryName": "Run Using apt", - "severity": "MEDIUM", - "line": 3, - "fileName": "positive.sh" - } -] + { + "queryName": "Run Using apt", + "severity": "LOW", + "line": 3, + "fileName": "positive.sh" + } +] \ No newline at end of file diff --git a/assets/queries/cicd/github/run_block_injection/test/positive_expected_result.json b/assets/queries/cicd/github/run_block_injection/test/positive_expected_result.json index dcf339d9a2f..a2f5199dc20 100644 --- a/assets/queries/cicd/github/run_block_injection/test/positive_expected_result.json +++ b/assets/queries/cicd/github/run_block_injection/test/positive_expected_result.json @@ -1,50 +1,50 @@ [ - { - "queryName": "Run Block Injection", - "severity": "HIGH", - "line": 10, - "fileName": "positive1.yaml" - }, - { - "queryName": "Run Block Injection", - "severity": "HIGH", - "line": 10, - "fileName": "positive1.yaml" - }, - { - "queryName": "Run Block Injection", - "severity": "HIGH", - "line": 13, - "fileName": "positive2.yaml" - }, - { - "queryName": "Run Block Injection", - "severity": "HIGH", - "line": 13, - "fileName": "positive3.yaml" - }, - { - "queryName": "Run Block Injection", - "severity": "HIGH", - "line": 13, - "fileName": "positive4.yaml" - }, - { - "queryName": "Run Block Injection", - "severity": "HIGH", - "line": 13, - "fileName": "positive5.yaml" - }, - { - "queryName": "Run Block Injection", - "severity": "HIGH", - "line": 13, - "fileName": "positive6.yaml" - }, - { - "queryName": "Run Block Injection", - "severity": "HIGH", - "line": 13, - "fileName": "positive7.yaml" - } -] + { + "queryName": "Run Block Injection", + "severity": "MEDIUM", + "line": 10, + "fileName": "positive1.yaml" + }, + { + "queryName": "Run Block Injection", + "severity": "MEDIUM", + "line": 10, + "fileName": "positive1.yaml" + }, + { + "queryName": "Run Block Injection", + "severity": "MEDIUM", + "line": 13, + "fileName": "positive2.yaml" + }, + { + "queryName": "Run Block Injection", + "severity": "MEDIUM", + "line": 13, + "fileName": "positive3.yaml" + }, + { + "queryName": "Run Block Injection", + "severity": "MEDIUM", + "line": 13, + "fileName": "positive4.yaml" + }, + { + "queryName": "Run Block Injection", + "severity": "MEDIUM", + "line": 13, + "fileName": "positive5.yaml" + }, + { + "queryName": "Run Block Injection", + "severity": "MEDIUM", + "line": 13, + "fileName": "positive6.yaml" + }, + { + "queryName": "Run Block Injection", + "severity": "MEDIUM", + "line": 13, + "fileName": "positive7.yaml" + } +] \ No newline at end of file diff --git a/assets/queries/cicd/github/unpinned_actions_full_length_commit_sha/test/positive_expected_result.json b/assets/queries/cicd/github/unpinned_actions_full_length_commit_sha/test/positive_expected_result.json index 1bdbb46253b..239e93bff3d 100644 --- a/assets/queries/cicd/github/unpinned_actions_full_length_commit_sha/test/positive_expected_result.json +++ b/assets/queries/cicd/github/unpinned_actions_full_length_commit_sha/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ - { - "queryName": "Unpinned Actions Full Length Commit SHA", - "severity": "MEDIUM", - "line": 12, - "fileName": "positive1.yaml" - } -] + { + "queryName": "Unpinned Actions Full Length Commit SHA", + "severity": "LOW", + "line": 12, + "fileName": "positive1.yaml" + } +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/alb_listening_on_http/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/alb_listening_on_http/test/positive_expected_result.json index f7e1c2a149c..04e2f4531a9 100644 --- a/assets/queries/cloudFormation/aws/alb_listening_on_http/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/alb_listening_on_http/test/positive_expected_result.json @@ -2,31 +2,31 @@ { "fileName": "positive1.yaml", "queryName": "ALB Listening on HTTP", - "severity": "HIGH", + "severity": "MEDIUM", "line": 25 }, { "fileName": "positive1.yaml", "queryName": "ALB Listening on HTTP", - "severity": "HIGH", + "severity": "MEDIUM", "line": 13 }, { "line": 35, "fileName": "positive2.json", "queryName": "ALB Listening on HTTP", - "severity": "HIGH" + "severity": "MEDIUM" }, { "line": 9, "fileName": "positive2.json", "queryName": "ALB Listening on HTTP", - "severity": "HIGH" + "severity": "MEDIUM" }, { "queryName": "ALB Listening on HTTP", - "severity": "HIGH", + "severity": "MEDIUM", "line": 16, "fileName": "positive3.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/amazon_dms_replication_instance_is_publicly_accessible/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/amazon_dms_replication_instance_is_publicly_accessible/test/positive_expected_result.json index 8edae381f94..9cd21fa1c91 100644 --- a/assets/queries/cloudFormation/aws/amazon_dms_replication_instance_is_publicly_accessible/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/amazon_dms_replication_instance_is_publicly_accessible/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ - { - "queryName": "Amazon DMS Replication Instance Is Publicly Accessible", - "severity": "HIGH", - "line": 9, - "fileName": "positive1.yaml" - }, - { - "queryName": "Amazon DMS Replication Instance Is Publicly Accessible", - "severity": "HIGH", - "line": 4, - "fileName": "positive2.yaml" - } + { + "queryName": "Amazon DMS Replication Instance Is Publicly Accessible", + "severity": "CRITICAL", + "line": 9, + "fileName": "positive1.yaml" + }, + { + "queryName": "Amazon DMS Replication Instance Is Publicly Accessible", + "severity": "CRITICAL", + "line": 4, + "fileName": "positive2.yaml" + } ] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/amazon_mq_broker_encryption_disabled/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/amazon_mq_broker_encryption_disabled/test/positive_expected_result.json index d0440ddeb88..23eaadc63ed 100644 --- a/assets/queries/cloudFormation/aws/amazon_mq_broker_encryption_disabled/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/amazon_mq_broker_encryption_disabled/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "AmazonMQ Broker Encryption Disabled", - "severity": "MEDIUM", + "severity": "HIGH", "line": 6, "fileName": "positive1.yaml" }, { "queryName": "AmazonMQ Broker Encryption Disabled", - "severity": "MEDIUM", + "severity": "HIGH", "line": 7, "fileName": "positive2.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/amplify_app_access_token_exposed/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/amplify_app_access_token_exposed/test/positive_expected_result.json index 0d789b687ea..15c356f85c1 100644 --- a/assets/queries/cloudFormation/aws/amplify_app_access_token_exposed/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/amplify_app_access_token_exposed/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "Amplify App Access Token Exposed", - "severity": "MEDIUM", + "severity": "HIGH", "line": 6, "fileName": "positive2.yaml" }, @@ -9,30 +9,30 @@ "line": 10, "fileName": "positive3.yaml", "queryName": "Amplify App Access Token Exposed", - "severity": "MEDIUM" + "severity": "HIGH" }, { "fileName": "positive1.yaml", "queryName": "Amplify App Access Token Exposed", - "severity": "MEDIUM", + "severity": "HIGH", "line": 6 }, { "line": 11, "fileName": "positive4.json", "queryName": "Amplify App Access Token Exposed", - "severity": "MEDIUM" + "severity": "HIGH" }, { "queryName": "Amplify App Access Token Exposed", - "severity": "MEDIUM", + "severity": "HIGH", "line": 7, "fileName": "positive5.json" }, { "queryName": "Amplify App Access Token Exposed", - "severity": "MEDIUM", + "severity": "HIGH", "line": 9, "fileName": "positive6.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/amplify_app_basic_auth_config_password_exposed/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/amplify_app_basic_auth_config_password_exposed/test/positive_expected_result.json index 1ba9f3f61a0..9cb64105d2b 100644 --- a/assets/queries/cloudFormation/aws/amplify_app_basic_auth_config_password_exposed/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/amplify_app_basic_auth_config_password_exposed/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "Amplify App Basic Auth Config Password Exposed", - "severity": "MEDIUM", + "severity": "HIGH", "line": 6, "fileName": "positive2.yaml" }, @@ -9,18 +9,18 @@ "line": 16, "fileName": "positive1.yaml", "queryName": "Amplify App Basic Auth Config Password Exposed", - "severity": "MEDIUM" + "severity": "HIGH" }, { "queryName": "Amplify App Basic Auth Config Password Exposed", - "severity": "MEDIUM", + "severity": "HIGH", "line": 12, "fileName": "positive3.json" }, { "queryName": "Amplify App Basic Auth Config Password Exposed", - "severity": "MEDIUM", + "severity": "HIGH", "line": 12, "fileName": "positive4.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/amplify_app_oauth_token_exposed/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/amplify_app_oauth_token_exposed/test/positive_expected_result.json index 3eeec7d0394..e205140998d 100644 --- a/assets/queries/cloudFormation/aws/amplify_app_oauth_token_exposed/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/amplify_app_oauth_token_exposed/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "Amplify App OAuth Token Exposed", - "severity": "MEDIUM", + "severity": "HIGH", "line": 5, "fileName": "positive2.yaml" }, @@ -9,18 +9,18 @@ "line": 4, "fileName": "positive1.yaml", "queryName": "Amplify App OAuth Token Exposed", - "severity": "MEDIUM" + "severity": "HIGH" }, { "queryName": "Amplify App OAuth Token Exposed", - "severity": "MEDIUM", + "severity": "HIGH", "line": 5, "fileName": "positive3.json" }, { "queryName": "Amplify App OAuth Token Exposed", - "severity": "MEDIUM", + "severity": "HIGH", "line": 11, "fileName": "positive4.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/amplify_branch_basic_auth_config_password_exposed/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/amplify_branch_basic_auth_config_password_exposed/test/positive_expected_result.json index ae55041b5af..cf0cb7cc13a 100644 --- a/assets/queries/cloudFormation/aws/amplify_branch_basic_auth_config_password_exposed/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/amplify_branch_basic_auth_config_password_exposed/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "Amplify Branch Basic Auth Config Password Exposed", - "severity": "MEDIUM", + "severity": "HIGH", "line": 5, "fileName": "positive2.yaml" }, { - "severity": "MEDIUM", + "severity": "HIGH", "line": 18, "fileName": "positive1.yaml", "queryName": "Amplify Branch Basic Auth Config Password Exposed" @@ -14,13 +14,13 @@ { "fileName": "positive3.json", "queryName": "Amplify Branch Basic Auth Config Password Exposed", - "severity": "MEDIUM", + "severity": "HIGH", "line": 19 }, { "queryName": "Amplify Branch Basic Auth Config Password Exposed", - "severity": "MEDIUM", + "severity": "HIGH", "line": 35, "fileName": "positive4.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/api_gateway_with_invalid_compression/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/api_gateway_with_invalid_compression/test/positive_expected_result.json index e52bef4deca..476b31885dd 100644 --- a/assets/queries/cloudFormation/aws/api_gateway_with_invalid_compression/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/api_gateway_with_invalid_compression/test/positive_expected_result.json @@ -1,38 +1,38 @@ [ { "queryName": "API Gateway With Invalid Compression", - "severity": "MEDIUM", + "severity": "LOW", "line": 17, "fileName": "positive1.yaml" }, { "queryName": "API Gateway With Invalid Compression", - "severity": "MEDIUM", + "severity": "LOW", "line": 22, "fileName": "positive4.json" }, { "queryName": "API Gateway With Invalid Compression", - "severity": "MEDIUM", + "severity": "LOW", "line": 17, "fileName": "positive2.yaml" }, { "queryName": "API Gateway With Invalid Compression", - "severity": "MEDIUM", + "severity": "LOW", "line": 22, "fileName": "positive5.json" }, { "queryName": "API Gateway With Invalid Compression", - "severity": "MEDIUM", + "severity": "LOW", "line": 5, "fileName": "positive3.yaml" }, { "queryName": "API Gateway With Invalid Compression", - "severity": "MEDIUM", + "severity": "LOW", "line": 5, "fileName": "positive6.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/api_gateway_without_security_policy/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/api_gateway_without_security_policy/test/positive_expected_result.json index f3d568861a0..b41df1f3039 100644 --- a/assets/queries/cloudFormation/aws/api_gateway_without_security_policy/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/api_gateway_without_security_policy/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "API Gateway Without Security Policy", - "severity": "HIGH", + "severity": "MEDIUM", "line": 13, "fileName": "positive2.yaml" }, { "queryName": "API Gateway Without Security Policy", - "severity": "HIGH", + "severity": "MEDIUM", "line": 20, "fileName": "positive1.yaml" }, { "queryName": "API Gateway Without Security Policy", - "severity": "HIGH", + "severity": "MEDIUM", "line": 26, "fileName": "positive3.json" }, { "fileName": "positive4.json", "queryName": "API Gateway Without Security Policy", - "severity": "HIGH", + "severity": "MEDIUM", "line": 15 } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/api_gateway_xray_disabled/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/api_gateway_xray_disabled/test/positive_expected_result.json index 40c9fa10d7b..254e8a93f37 100644 --- a/assets/queries/cloudFormation/aws/api_gateway_xray_disabled/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/api_gateway_xray_disabled/test/positive_expected_result.json @@ -3,24 +3,24 @@ "line": 13, "fileName": "positive1.yaml", "queryName": "API Gateway X-Ray Disabled", - "severity": "MEDIUM" + "severity": "LOW" }, { "line": 6, "fileName": "positive2.yaml", "queryName": "API Gateway X-Ray Disabled", - "severity": "MEDIUM" + "severity": "LOW" }, { "queryName": "API Gateway X-Ray Disabled", - "severity": "MEDIUM", + "severity": "LOW", "line": 23, "fileName": "positive3.json" }, { "queryName": "API Gateway X-Ray Disabled", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "fileName": "positive4.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/cloudformation_specifying_credentials_not_safe/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/cloudformation_specifying_credentials_not_safe/test/positive_expected_result.json index f31de584e48..8ce4013218e 100644 --- a/assets/queries/cloudFormation/aws/cloudformation_specifying_credentials_not_safe/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/cloudformation_specifying_credentials_not_safe/test/positive_expected_result.json @@ -1,25 +1,25 @@ [ { - "severity": "HIGH", + "severity": "MEDIUM", "line": 33, "fileName": "positive1.yaml", "queryName": "CloudFormation Specifying Credentials Not Safe" }, { "queryName": "CloudFormation Specifying Credentials Not Safe", - "severity": "HIGH", + "severity": "MEDIUM", "line": 35, "fileName": "positive1.yaml" }, { "queryName": "CloudFormation Specifying Credentials Not Safe", - "severity": "HIGH", + "severity": "MEDIUM", "line": 71, "fileName": "positive1.yaml" }, { "queryName": "CloudFormation Specifying Credentials Not Safe", - "severity": "HIGH", + "severity": "MEDIUM", "line": 48, "fileName": "positive2.json" }, @@ -27,12 +27,12 @@ "line": 51, "fileName": "positive2.json", "queryName": "CloudFormation Specifying Credentials Not Safe", - "severity": "HIGH" + "severity": "MEDIUM" }, { "queryName": "CloudFormation Specifying Credentials Not Safe", - "severity": "HIGH", + "severity": "MEDIUM", "line": 112, "fileName": "positive2.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/cloudfront_viewer_protocol_policy_allows_http/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/cloudfront_viewer_protocol_policy_allows_http/test/positive_expected_result.json index 9196b4ac65b..6d69099acae 100644 --- a/assets/queries/cloudFormation/aws/cloudfront_viewer_protocol_policy_allows_http/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/cloudfront_viewer_protocol_policy_allows_http/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "Cloudfront Viewer Protocol Policy Allows HTTP", - "severity": "HIGH", + "severity": "MEDIUM", "line": 13, "fileName": "positive1.yaml" }, { - "severity": "HIGH", + "severity": "MEDIUM", "line": 30, "fileName": "positive1.yaml", "queryName": "Cloudfront Viewer Protocol Policy Allows HTTP" }, { "queryName": "Cloudfront Viewer Protocol Policy Allows HTTP", - "severity": "HIGH", + "severity": "MEDIUM", "line": 10, "fileName": "positive2.json" }, { "fileName": "positive2.json", "queryName": "Cloudfront Viewer Protocol Policy Allows HTTP", - "severity": "HIGH", + "severity": "MEDIUM", "line": 50 } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/cloudfront_without_minimum_protocol_tls_1.2/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/cloudfront_without_minimum_protocol_tls_1.2/test/positive_expected_result.json index 9146a439bde..53cec9a0d72 100644 --- a/assets/queries/cloudFormation/aws/cloudfront_without_minimum_protocol_tls_1.2/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/cloudfront_without_minimum_protocol_tls_1.2/test/positive_expected_result.json @@ -1,13 +1,13 @@ [ { "queryName": "CloudFront Without Minimum Protocol TLS 1.2", - "severity": "HIGH", + "severity": "MEDIUM", "line": 25, "fileName": "positive1.yaml" }, { "queryName": "CloudFront Without Minimum Protocol TLS 1.2", - "severity": "HIGH", + "severity": "MEDIUM", "line": 33, "fileName": "positive1.yaml" }, @@ -15,12 +15,12 @@ "line": 55, "fileName": "positive2.json", "queryName": "CloudFront Without Minimum Protocol TLS 1.2", - "severity": "HIGH" + "severity": "MEDIUM" }, { - "severity": "HIGH", + "severity": "MEDIUM", "line": 11, "fileName": "positive2.json", "queryName": "CloudFront Without Minimum Protocol TLS 1.2" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/cloudfront_without_waf/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/cloudfront_without_waf/test/positive_expected_result.json index 57c6b1fd24d..ed9820e4c0b 100644 --- a/assets/queries/cloudFormation/aws/cloudfront_without_waf/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/cloudfront_without_waf/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "CloudFront Without WAF", - "severity": "LOW", + "severity": "MEDIUM", "line": 6, "fileName": "positive1.yaml" }, { "fileName": "positive2.json", "queryName": "CloudFront Without WAF", - "severity": "LOW", + "severity": "MEDIUM", "line": 13 }, { "fileName": "positive3.yaml", "queryName": "CloudFront Without WAF", - "severity": "LOW", + "severity": "MEDIUM", "line": 21 }, { "fileName": "positive4.json", "queryName": "CloudFront Without WAF", - "severity": "LOW", + "severity": "MEDIUM", "line": 36 } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/cloudtrail_log_files_not_encrypted_with_kms/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/cloudtrail_log_files_not_encrypted_with_kms/test/positive_expected_result.json index 375a4ef63c8..0c9a19e668c 100644 --- a/assets/queries/cloudFormation/aws/cloudtrail_log_files_not_encrypted_with_kms/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/cloudtrail_log_files_not_encrypted_with_kms/test/positive_expected_result.json @@ -1,20 +1,20 @@ [ { "queryName": "CloudTrail Log Files Not Encrypted With KMS", - "severity": "MEDIUM", + "severity": "LOW", "line": 62, "fileName": "positive1.yaml" }, { "queryName": "CloudTrail Log Files Not Encrypted With KMS", - "severity": "MEDIUM", + "severity": "LOW", "line": 53, "fileName": "positive2.json" }, { "queryName": "CloudTrail Log Files Not Encrypted With KMS", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "fileName": "positive3.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/cloudtrail_logging_disabled/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/cloudtrail_logging_disabled/test/positive_expected_result.json index fb35f3382a7..8963c2ee9b2 100644 --- a/assets/queries/cloudFormation/aws/cloudtrail_logging_disabled/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/cloudtrail_logging_disabled/test/positive_expected_result.json @@ -1,13 +1,13 @@ [ { "queryName": "CloudTrail Logging Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 69, "fileName": "positive1.yaml" }, { "queryName": "CloudTrail Logging Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 84, "fileName": "positive1.yaml" }, @@ -15,12 +15,12 @@ "line": 98, "fileName": "positive2.json", "queryName": "CloudTrail Logging Disabled", - "severity": "HIGH" + "severity": "MEDIUM" }, { "queryName": "CloudTrail Logging Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 118, "fileName": "positive2.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/cloudtrail_multi_region_disabled/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/cloudtrail_multi_region_disabled/test/positive_expected_result.json index effb4f12779..136a82682e8 100644 --- a/assets/queries/cloudFormation/aws/cloudtrail_multi_region_disabled/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/cloudtrail_multi_region_disabled/test/positive_expected_result.json @@ -3,24 +3,24 @@ "line": 70, "fileName": "positive1.yaml", "queryName": "CloudTrail Multi Region Disabled", - "severity": "MEDIUM" + "severity": "LOW" }, { - "severity": "MEDIUM", + "severity": "LOW", "line": 76, "fileName": "positive1.yaml", "queryName": "CloudTrail Multi Region Disabled" }, { "queryName": "CloudTrail Multi Region Disabled", - "severity": "MEDIUM", + "severity": "LOW", "line": 17, "fileName": "positive2.json" }, { - "severity": "MEDIUM", + "severity": "LOW", "line": 32, "fileName": "positive2.json", "queryName": "CloudTrail Multi Region Disabled" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/cloudtrail_not_integrated_with_cloudwatch/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/cloudtrail_not_integrated_with_cloudwatch/test/positive_expected_result.json index c2402717c8b..309385fe204 100644 --- a/assets/queries/cloudFormation/aws/cloudtrail_not_integrated_with_cloudwatch/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/cloudtrail_not_integrated_with_cloudwatch/test/positive_expected_result.json @@ -1,50 +1,50 @@ [ { - "severity": "MEDIUM", + "severity": "LOW", "line": 62, "fileName": "positive1.yaml", "queryName": "CloudTrail Not Integrated With CloudWatch" }, { - "severity": "MEDIUM", + "severity": "LOW", "line": 62, "fileName": "positive1.yaml", "queryName": "CloudTrail Not Integrated With CloudWatch" }, { - "severity": "MEDIUM", + "severity": "LOW", "line": 62, "fileName": "positive2.yaml", "queryName": "CloudTrail Not Integrated With CloudWatch" }, { - "severity": "MEDIUM", + "severity": "LOW", "line": 62, "fileName": "positive3.yaml", "queryName": "CloudTrail Not Integrated With CloudWatch" }, { "queryName": "CloudTrail Not Integrated With CloudWatch", - "severity": "MEDIUM", + "severity": "LOW", "line": 82, "fileName": "positive4.json" }, { "queryName": "CloudTrail Not Integrated With CloudWatch", - "severity": "MEDIUM", + "severity": "LOW", "line": 82, "fileName": "positive4.json" }, { "queryName": "CloudTrail Not Integrated With CloudWatch", - "severity": "MEDIUM", + "severity": "LOW", "line": 82, "fileName": "positive5.json" }, { "queryName": "CloudTrail Not Integrated With CloudWatch", - "severity": "MEDIUM", + "severity": "LOW", "line": 82, "fileName": "positive6.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/cloudtrail_sns_topic_name_undefined/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/cloudtrail_sns_topic_name_undefined/test/positive_expected_result.json index 64255127aa1..94cba9dfaed 100644 --- a/assets/queries/cloudFormation/aws/cloudtrail_sns_topic_name_undefined/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/cloudtrail_sns_topic_name_undefined/test/positive_expected_result.json @@ -1,13 +1,13 @@ [ { "queryName": "CloudTrail SNS Topic Name Undefined", - "severity": "MEDIUM", + "severity": "INFO", "line": 12, "fileName": "positive1.yaml" }, { "queryName": "CloudTrail SNS Topic Name Undefined", - "severity": "MEDIUM", + "severity": "INFO", "line": 22, "fileName": "positive1.yaml" }, @@ -15,12 +15,12 @@ "line": 9, "fileName": "positive2.json", "queryName": "CloudTrail SNS Topic Name Undefined", - "severity": "MEDIUM" + "severity": "INFO" }, { "queryName": "CloudTrail SNS Topic Name Undefined", - "severity": "MEDIUM", + "severity": "INFO", "line": 23, "fileName": "positive2.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/cmk_rotation_disabled/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/cmk_rotation_disabled/test/positive_expected_result.json index 7895056ae03..d7a8b5a42a1 100644 --- a/assets/queries/cloudFormation/aws/cmk_rotation_disabled/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/cmk_rotation_disabled/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "CMK Rotation Disabled", - "severity": "HIGH", + "severity": "LOW", "line": 5, "fileName": "positive1.yaml" }, { "fileName": "positive1.yaml", "queryName": "CMK Rotation Disabled", - "severity": "HIGH", + "severity": "LOW", "line": 31 }, { "fileName": "positive2.json", "queryName": "CMK Rotation Disabled", - "severity": "HIGH", + "severity": "LOW", "line": 5 }, { "queryName": "CMK Rotation Disabled", - "severity": "HIGH", + "severity": "LOW", "line": 49, "fileName": "positive2.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/cognito_userpool_without_mfa/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/cognito_userpool_without_mfa/test/positive_expected_result.json index 728a45e664e..ae5f99ba86a 100644 --- a/assets/queries/cloudFormation/aws/cognito_userpool_without_mfa/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/cognito_userpool_without_mfa/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "Cognito UserPool Without MFA", - "severity": "MEDIUM", + "severity": "LOW", "line": 14, "fileName": "positive1.yaml" }, { "queryName": "Cognito UserPool Without MFA", - "severity": "MEDIUM", + "severity": "LOW", "line": 8, "fileName": "positive1.yaml" }, { "queryName": "Cognito UserPool Without MFA", - "severity": "MEDIUM", + "severity": "LOW", "line": 19, "fileName": "positive2.json" }, { - "severity": "MEDIUM", + "severity": "LOW", "line": 10, "fileName": "positive2.json", "queryName": "Cognito UserPool Without MFA" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/config_configuration_aggregator_to_all_regions_disabled/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/config_configuration_aggregator_to_all_regions_disabled/test/positive_expected_result.json index 94736951b70..8bd33bbad86 100644 --- a/assets/queries/cloudFormation/aws/config_configuration_aggregator_to_all_regions_disabled/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/config_configuration_aggregator_to_all_regions_disabled/test/positive_expected_result.json @@ -1,50 +1,50 @@ [ { "queryName": "Configuration Aggregator to All Regions Disabled", - "severity": "MEDIUM", + "severity": "LOW", "line": 10, "fileName": "positive1.yaml" }, { "queryName": "Configuration Aggregator to All Regions Disabled", - "severity": "MEDIUM", + "severity": "LOW", "line": 21, "fileName": "positive1.yaml" }, { "queryName": "Configuration Aggregator to All Regions Disabled", - "severity": "MEDIUM", + "severity": "LOW", "line": 33, "fileName": "positive1.yaml" }, { "queryName": "Configuration Aggregator to All Regions Disabled", - "severity": "MEDIUM", + "severity": "LOW", "line": 49, "fileName": "positive1.yaml" }, { "queryName": "Configuration Aggregator to All Regions Disabled", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "fileName": "positive2.json" }, { "queryName": "Configuration Aggregator to All Regions Disabled", - "severity": "MEDIUM", + "severity": "LOW", "line": 24, "fileName": "positive2.json" }, { "queryName": "Configuration Aggregator to All Regions Disabled", - "severity": "MEDIUM", + "severity": "LOW", "line": 43, "fileName": "positive2.json" }, { "queryName": "Configuration Aggregator to All Regions Disabled", - "severity": "MEDIUM", + "severity": "LOW", "line": 62, "fileName": "positive2.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/config_rule_for_encryption_volumes_disabled/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/config_rule_for_encryption_volumes_disabled/test/positive_expected_result.json index eec50110eb2..695b9f2ccc9 100644 --- a/assets/queries/cloudFormation/aws/config_rule_for_encryption_volumes_disabled/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/config_rule_for_encryption_volumes_disabled/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "Config Rule For Encrypted Volumes Disabled", - "severity": "MEDIUM", + "severity": "HIGH", "line": 2, "fileName": "positive1.yaml" }, { "fileName": "positive2.json", "queryName": "Config Rule For Encrypted Volumes Disabled", - "severity": "MEDIUM", + "severity": "HIGH", "line": 3 } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/connection_between_cloudfront_origin_not_encrypted/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/connection_between_cloudfront_origin_not_encrypted/test/positive_expected_result.json index 6f4db242add..acd66f251b2 100644 --- a/assets/queries/cloudFormation/aws/connection_between_cloudfront_origin_not_encrypted/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/connection_between_cloudfront_origin_not_encrypted/test/positive_expected_result.json @@ -3,24 +3,24 @@ "line": 13, "fileName": "positive1.yaml", "queryName": "Connection Between CloudFront Origin Not Encrypted", - "severity": "HIGH" + "severity": "MEDIUM" }, { "queryName": "Connection Between CloudFront Origin Not Encrypted", - "severity": "HIGH", + "severity": "MEDIUM", "line": 30, "fileName": "positive1.yaml" }, { "queryName": "Connection Between CloudFront Origin Not Encrypted", - "severity": "HIGH", + "severity": "MEDIUM", "line": 19, "fileName": "positive2.json" }, { - "severity": "HIGH", + "severity": "MEDIUM", "line": 56, "fileName": "positive2.json", "queryName": "Connection Between CloudFront Origin Not Encrypted" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/cross_account_iam_assume_role_policy_without_external_id_or_mfa/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/cross_account_iam_assume_role_policy_without_external_id_or_mfa/test/positive_expected_result.json index 844cd398215..efb66945b4a 100644 --- a/assets/queries/cloudFormation/aws/cross_account_iam_assume_role_policy_without_external_id_or_mfa/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/cross_account_iam_assume_role_policy_without_external_id_or_mfa/test/positive_expected_result.json @@ -1,38 +1,38 @@ [ { "queryName": "Cross-Account IAM Assume Role Policy Without ExternalId or MFA", - "severity": "MEDIUM", + "severity": "HIGH", "line": 6, "fileName": "positive1.yaml" }, { "queryName": "Cross-Account IAM Assume Role Policy Without ExternalId or MFA", - "severity": "MEDIUM", + "severity": "HIGH", "line": 7, "fileName": "positive2.json" }, { "queryName": "Cross-Account IAM Assume Role Policy Without ExternalId or MFA", - "severity": "MEDIUM", + "severity": "HIGH", "line": 6, "fileName": "positive3.yaml" }, { "queryName": "Cross-Account IAM Assume Role Policy Without ExternalId or MFA", - "severity": "MEDIUM", + "severity": "HIGH", "line": 7, "fileName": "positive4.json" }, { "queryName": "Cross-Account IAM Assume Role Policy Without ExternalId or MFA", - "severity": "MEDIUM", + "severity": "HIGH", "line": 6, "fileName": "positive5.yaml" }, { "queryName": "Cross-Account IAM Assume Role Policy Without ExternalId or MFA", - "severity": "MEDIUM", + "severity": "HIGH", "line": 7, "fileName": "positive6.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/db_security_group_with_public_scope/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/db_security_group_with_public_scope/test/positive_expected_result.json index e2decffae02..8eeea186111 100644 --- a/assets/queries/cloudFormation/aws/db_security_group_with_public_scope/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/db_security_group_with_public_scope/test/positive_expected_result.json @@ -1,31 +1,31 @@ [ { - "severity": "HIGH", + "severity": "CRITICAL", "line": 6, "fileName": "positive1.yaml", "queryName": "DB Security Group With Public Scope" }, { "queryName": "DB Security Group With Public Scope", - "severity": "HIGH", + "severity": "CRITICAL", "line": 6, "fileName": "positive3.yaml" }, { "queryName": "DB Security Group With Public Scope", - "severity": "HIGH", + "severity": "CRITICAL", "line": 19, "fileName": "positive2.yaml" }, { "queryName": "DB Security Group With Public Scope", - "severity": "HIGH", + "severity": "CRITICAL", "line": 6, "fileName": "positive4.json" }, { "queryName": "DB Security Group With Public Scope", - "severity": "HIGH", + "severity": "CRITICAL", "line": 24, "fileName": "positive5.json" }, @@ -33,6 +33,6 @@ "line": 15, "fileName": "positive6.json", "queryName": "DB Security Group With Public Scope", - "severity": "HIGH" + "severity": "CRITICAL" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/directory_service_microsoft_ad_password_set_to_plaintext_or_default_ref/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/directory_service_microsoft_ad_password_set_to_plaintext_or_default_ref/test/positive_expected_result.json index bbf081398b8..208eae633ff 100644 --- a/assets/queries/cloudFormation/aws/directory_service_microsoft_ad_password_set_to_plaintext_or_default_ref/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/directory_service_microsoft_ad_password_set_to_plaintext_or_default_ref/test/positive_expected_result.json @@ -1,38 +1,38 @@ [ { "queryName": "Directory Service Microsoft AD Password Set to Plaintext or Default Ref", - "severity": "MEDIUM", + "severity": "HIGH", "line": 5, "fileName": "positive3.yaml" }, { "queryName": "Directory Service Microsoft AD Password Set to Plaintext or Default Ref", - "severity": "MEDIUM", + "severity": "HIGH", "line": 9, "fileName": "positive2.yaml" }, { "queryName": "Directory Service Microsoft AD Password Set to Plaintext or Default Ref", - "severity": "MEDIUM", + "severity": "HIGH", "line": 14, "fileName": "positive1.yaml" }, { "queryName": "Directory Service Microsoft AD Password Set to Plaintext or Default Ref", - "severity": "MEDIUM", + "severity": "HIGH", "line": 17, "fileName": "positive4.json" }, { - "severity": "MEDIUM", + "severity": "HIGH", "line": 11, "queryName": "Directory Service Microsoft AD Password Set to Plaintext or Default Ref", "fileName": "positive5.json" }, { "queryName": "Directory Service Microsoft AD Password Set to Plaintext or Default Ref", - "severity": "MEDIUM", + "severity": "HIGH", "line": 5, "fileName": "positive6.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/directory_service_simple_ad_password_exposed/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/directory_service_simple_ad_password_exposed/test/positive_expected_result.json index 68fe8ff99e4..8df12a589f9 100644 --- a/assets/queries/cloudFormation/aws/directory_service_simple_ad_password_exposed/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/directory_service_simple_ad_password_exposed/test/positive_expected_result.json @@ -2,23 +2,23 @@ { "fileName": "positive3.yaml", "queryName": "Directory Service Simple AD Password Exposed", - "severity": "MEDIUM", + "severity": "HIGH", "line": 5 }, { - "severity": "MEDIUM", + "severity": "HIGH", "line": 9, "fileName": "positive2.yaml", "queryName": "Directory Service Simple AD Password Exposed" }, { "queryName": "Directory Service Simple AD Password Exposed", - "severity": "MEDIUM", + "severity": "HIGH", "line": 18, "fileName": "positive1.yaml" }, { - "severity": "MEDIUM", + "severity": "HIGH", "line": 20, "fileName": "positive4.json", "queryName": "Directory Service Simple AD Password Exposed" @@ -26,13 +26,13 @@ { "fileName": "positive5.json", "queryName": "Directory Service Simple AD Password Exposed", - "severity": "MEDIUM", + "severity": "HIGH", "line": 12 }, { "queryName": "Directory Service Simple AD Password Exposed", - "severity": "MEDIUM", + "severity": "HIGH", "line": 6, "fileName": "positive6.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/dms_endpoint_mongo_db_settings_password_exposed/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/dms_endpoint_mongo_db_settings_password_exposed/test/positive_expected_result.json index 3aaf25f7ed6..cb7f890e5bb 100644 --- a/assets/queries/cloudFormation/aws/dms_endpoint_mongo_db_settings_password_exposed/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/dms_endpoint_mongo_db_settings_password_exposed/test/positive_expected_result.json @@ -3,36 +3,36 @@ "line": 13, "fileName": "positive1.yaml", "queryName": "DMS Endpoint MongoDB Settings Password Exposed", - "severity": "MEDIUM" + "severity": "HIGH" }, { "line": 24, "fileName": "positive2.yaml", "queryName": "DMS Endpoint MongoDB Settings Password Exposed", - "severity": "MEDIUM" + "severity": "HIGH" }, { - "severity": "MEDIUM", + "severity": "HIGH", "line": 35, "fileName": "positive3.yaml", "queryName": "DMS Endpoint MongoDB Settings Password Exposed" }, { "queryName": "DMS Endpoint MongoDB Settings Password Exposed", - "severity": "MEDIUM", + "severity": "HIGH", "line": 16, "fileName": "positive4.json" }, { "queryName": "DMS Endpoint MongoDB Settings Password Exposed", - "severity": "MEDIUM", + "severity": "HIGH", "line": 26, "fileName": "positive5.json" }, { "queryName": "DMS Endpoint MongoDB Settings Password Exposed", - "severity": "MEDIUM", + "severity": "HIGH", "line": 38, "fileName": "positive6.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/dms_endpoint_password_exposed/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/dms_endpoint_password_exposed/test/positive_expected_result.json index 046695cfc7a..f309b51052e 100644 --- a/assets/queries/cloudFormation/aws/dms_endpoint_password_exposed/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/dms_endpoint_password_exposed/test/positive_expected_result.json @@ -1,38 +1,38 @@ [ { "queryName": "DMS Endpoint Password Exposed", - "severity": "MEDIUM", + "severity": "HIGH", "line": 5, "fileName": "positive2.yaml" }, { "queryName": "DMS Endpoint Password Exposed", - "severity": "MEDIUM", + "severity": "HIGH", "line": 20, "fileName": "positive1.yaml" }, { "queryName": "DMS Endpoint Password Exposed", - "severity": "MEDIUM", + "severity": "HIGH", "line": 25, "fileName": "positive3.yaml" }, { "queryName": "DMS Endpoint Password Exposed", - "severity": "MEDIUM", + "severity": "HIGH", "line": 23, "fileName": "positive4.json" }, { "queryName": "DMS Endpoint Password Exposed", - "severity": "MEDIUM", + "severity": "HIGH", "line": 6, "fileName": "positive5.json" }, { "queryName": "DMS Endpoint Password Exposed", - "severity": "MEDIUM", + "severity": "HIGH", "line": 26, "fileName": "positive6.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/docdb_cluster_master_password_in_plaintext/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/docdb_cluster_master_password_in_plaintext/test/positive_expected_result.json index 507f577f45c..da879bc197f 100644 --- a/assets/queries/cloudFormation/aws/docdb_cluster_master_password_in_plaintext/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/docdb_cluster_master_password_in_plaintext/test/positive_expected_result.json @@ -1,38 +1,38 @@ [ { - "severity": "MEDIUM", + "severity": "HIGH", "line": 5, "fileName": "positive2.yaml", "queryName": "DocDB Cluster Master Password In Plaintext" }, { "queryName": "DocDB Cluster Master Password In Plaintext", - "severity": "MEDIUM", + "severity": "HIGH", "line": 12, "fileName": "positive1.yaml" }, { "queryName": "DocDB Cluster Master Password In Plaintext", - "severity": "MEDIUM", + "severity": "HIGH", "line": 12, "fileName": "positive3.yaml" }, { - "severity": "MEDIUM", + "severity": "HIGH", "line": 17, "fileName": "positive4.json", "queryName": "DocDB Cluster Master Password In Plaintext" }, { "queryName": "DocDB Cluster Master Password In Plaintext", - "severity": "MEDIUM", + "severity": "HIGH", "line": 6, "fileName": "positive5.json" }, { "queryName": "DocDB Cluster Master Password In Plaintext", - "severity": "MEDIUM", + "severity": "HIGH", "line": 18, "fileName": "positive6.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/docdb_logging_disabled/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/docdb_logging_disabled/test/positive_expected_result.json index 5aecc61468a..ffbae5321d4 100644 --- a/assets/queries/cloudFormation/aws/docdb_logging_disabled/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/docdb_logging_disabled/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "DocDB Logging Is Disabled", - "severity": "LOW", + "severity": "MEDIUM", "line": 6, "filename": "positive1.json" }, { "queryName": "DocDB Logging Is Disabled", - "severity": "LOW", + "severity": "MEDIUM", "line": 15, "filename": "positive2.yaml" }, { "queryName": "DocDB Logging Is Disabled", - "severity": "LOW", + "severity": "MEDIUM", "line": 15, "filename": "positive3.yaml" }, { "queryName": "DocDB Logging Is Disabled", - "severity": "LOW", + "severity": "MEDIUM", "line": 14, "filename": "positive4.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/dynamodb_table_not_encrypted/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/dynamodb_table_not_encrypted/test/positive_expected_result.json index 20b4b351fe7..962480b72f8 100644 --- a/assets/queries/cloudFormation/aws/dynamodb_table_not_encrypted/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/dynamodb_table_not_encrypted/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "DynamoDB Table Not Encrypted", - "severity": "MEDIUM", + "severity": "HIGH", "line": 18, "filename": "positive1.yaml" }, { "queryName": "DynamoDB Table Not Encrypted", - "severity": "MEDIUM", + "severity": "HIGH", "line": 17, "filename": "positive2.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/ebs_volume_encryption_disabled/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/ebs_volume_encryption_disabled/test/positive_expected_result.json index c5899cfcd80..598107a6aaf 100644 --- a/assets/queries/cloudFormation/aws/ebs_volume_encryption_disabled/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/ebs_volume_encryption_disabled/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "EBS Volume Encryption Disabled", - "severity": "MEDIUM", + "severity": "HIGH", "line": 6, "fileName": "positive2.yaml" }, { "queryName": "EBS Volume Encryption Disabled", - "severity": "MEDIUM", + "severity": "HIGH", "line": 8, "fileName": "positive1.yaml" }, { "queryName": "EBS Volume Encryption Disabled", - "severity": "MEDIUM", + "severity": "HIGH", "line": 15, "fileName": "positive3.json" }, { "queryName": "EBS Volume Encryption Disabled", - "severity": "MEDIUM", + "severity": "HIGH", "line": 6, "fileName": "positive4.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/ebs_volume_not_attached_to_instances/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/ebs_volume_not_attached_to_instances/test/positive_expected_result.json index b8430cdc4a1..f16e1565d8e 100644 --- a/assets/queries/cloudFormation/aws/ebs_volume_not_attached_to_instances/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/ebs_volume_not_attached_to_instances/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "EBS Volume Not Attached To Instances", - "severity": "MEDIUM", + "severity": "LOW", "line": 3, "fileName": "positive1.yaml" }, { "queryName": "EBS Volume Not Attached To Instances", - "severity": "MEDIUM", + "severity": "LOW", "line": 4, "fileName": "positive2.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/ebs_volume_without_kms_key_id/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/ebs_volume_without_kms_key_id/test/positive_expected_result.json index 7a3030e0675..fffab5be473 100644 --- a/assets/queries/cloudFormation/aws/ebs_volume_without_kms_key_id/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/ebs_volume_without_kms_key_id/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "EBS Volume Without KmsKeyId", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "fileName": "positive1.yaml" }, @@ -9,6 +9,6 @@ "line": 7, "fileName": "positive2.json", "queryName": "EBS Volume Without KmsKeyId", - "severity": "MEDIUM" + "severity": "LOW" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/ec2_instance_monitoring_disabled/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/ec2_instance_monitoring_disabled/test/positive_expected_result.json index 02a6b1ad775..106fefb6f4e 100644 --- a/assets/queries/cloudFormation/aws/ec2_instance_monitoring_disabled/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/ec2_instance_monitoring_disabled/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "EC2 Instance Monitoring Disabled", - "severity": "INFO", + "severity": "MEDIUM", "line": 7, "fileName": "positive1.yaml" }, { "queryName": "EC2 Instance Monitoring Disabled", - "severity": "INFO", + "severity": "MEDIUM", "line": 4, "fileName": "positive2.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/ec2_instance_subnet_has_public_ip_mapping_on_launch/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/ec2_instance_subnet_has_public_ip_mapping_on_launch/test/positive_expected_result.json index 4da8f6d1cac..d1d6f013930 100644 --- a/assets/queries/cloudFormation/aws/ec2_instance_subnet_has_public_ip_mapping_on_launch/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/ec2_instance_subnet_has_public_ip_mapping_on_launch/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "EC2 Instance Subnet Has Public IP Mapping On Launch", - "severity": "HIGH", + "severity": "MEDIUM", "line": 7, "fileName": "positive1.yaml" }, { "queryName": "EC2 Instance Subnet Has Public IP Mapping On Launch", - "severity": "HIGH", + "severity": "MEDIUM", "line": 8, "fileName": "positive2.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/ec2_instance_using_default_security_group/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/ec2_instance_using_default_security_group/test/positive_expected_result.json index f1225e82f7c..21e8b9adb1c 100644 --- a/assets/queries/cloudFormation/aws/ec2_instance_using_default_security_group/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/ec2_instance_using_default_security_group/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "EC2 Instance Using Default Security Group", - "severity": "LOW", + "severity": "MEDIUM", "line": 8, "fileName": "positive1.yaml" }, { "queryName": "EC2 Instance Using Default Security Group", - "severity": "LOW", + "severity": "MEDIUM", "line": 23, "fileName": "positive2.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/ec2_network_acl_duplicate_rule/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/ec2_network_acl_duplicate_rule/test/positive_expected_result.json index 4728ff7920c..76b37110772 100644 --- a/assets/queries/cloudFormation/aws/ec2_network_acl_duplicate_rule/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/ec2_network_acl_duplicate_rule/test/positive_expected_result.json @@ -1,25 +1,25 @@ [ { - "severity": "LOW", + "severity": "INFO", "line": 12, "fileName": "positive1.yaml", "queryName": "EC2 Network ACL Duplicate Rule" }, { - "severity": "LOW", + "severity": "INFO", "line": 25, "fileName": "positive1.yaml", "queryName": "EC2 Network ACL Duplicate Rule" }, { "queryName": "EC2 Network ACL Duplicate Rule", - "severity": "LOW", + "severity": "INFO", "line": 39, "fileName": "positive1.yaml" }, { "queryName": "EC2 Network ACL Duplicate Rule", - "severity": "LOW", + "severity": "INFO", "line": 52, "fileName": "positive1.yaml" }, @@ -27,24 +27,24 @@ "line": 33, "fileName": "positive2.json", "queryName": "EC2 Network ACL Duplicate Rule", - "severity": "LOW" + "severity": "INFO" }, { "queryName": "EC2 Network ACL Duplicate Rule", - "severity": "LOW", + "severity": "INFO", "line": 71, "fileName": "positive2.json" }, { "queryName": "EC2 Network ACL Duplicate Rule", - "severity": "LOW", + "severity": "INFO", "line": 23, "fileName": "positive2.json" }, { "queryName": "EC2 Network ACL Duplicate Rule", - "severity": "LOW", + "severity": "INFO", "line": 57, "fileName": "positive2.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/ec2_network_acl_overlapping_ports/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/ec2_network_acl_overlapping_ports/test/positive_expected_result.json index 8072f2f838a..07ad254cb0d 100644 --- a/assets/queries/cloudFormation/aws/ec2_network_acl_overlapping_ports/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/ec2_network_acl_overlapping_ports/test/positive_expected_result.json @@ -1,43 +1,43 @@ [ { "queryName": "EC2 Network ACL Overlapping Ports", - "severity": "HIGH", + "severity": "MEDIUM", "line": 78, "fileName": "positive1.yaml" }, { "queryName": "EC2 Network ACL Overlapping Ports", - "severity": "HIGH", + "severity": "MEDIUM", "line": 90, "fileName": "positive1.yaml" }, { "queryName": "EC2 Network ACL Overlapping Ports", - "severity": "HIGH", + "severity": "MEDIUM", "line": 18, "fileName": "positive1.yaml" }, { "fileName": "positive1.yaml", "queryName": "EC2 Network ACL Overlapping Ports", - "severity": "HIGH", + "severity": "MEDIUM", "line": 30 }, { - "severity": "HIGH", + "severity": "MEDIUM", "line": 42, "fileName": "positive1.yaml", "queryName": "EC2 Network ACL Overlapping Ports" }, { "queryName": "EC2 Network ACL Overlapping Ports", - "severity": "HIGH", + "severity": "MEDIUM", "line": 54, "fileName": "positive1.yaml" }, { "queryName": "EC2 Network ACL Overlapping Ports", - "severity": "HIGH", + "severity": "MEDIUM", "line": 73, "fileName": "positive2.json" }, @@ -45,11 +45,11 @@ "line": 116, "fileName": "positive2.json", "queryName": "EC2 Network ACL Overlapping Ports", - "severity": "HIGH" + "severity": "MEDIUM" }, { "queryName": "EC2 Network ACL Overlapping Ports", - "severity": "HIGH", + "severity": "MEDIUM", "line": 22, "fileName": "positive2.json" }, @@ -57,18 +57,18 @@ "line": 82, "fileName": "positive2.json", "queryName": "EC2 Network ACL Overlapping Ports", - "severity": "HIGH" + "severity": "MEDIUM" }, { "line": 105, "fileName": "positive2.json", "queryName": "EC2 Network ACL Overlapping Ports", - "severity": "HIGH" + "severity": "MEDIUM" }, { "queryName": "EC2 Network ACL Overlapping Ports", - "severity": "HIGH", + "severity": "MEDIUM", "line": 38, "fileName": "positive2.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/ec2_public_instance_exposed_through_subnet/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/ec2_public_instance_exposed_through_subnet/test/positive_expected_result.json index 946d37c18f2..5f3620a8431 100644 --- a/assets/queries/cloudFormation/aws/ec2_public_instance_exposed_through_subnet/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/ec2_public_instance_exposed_through_subnet/test/positive_expected_result.json @@ -2,13 +2,13 @@ { "fileName": "positive1.yaml", "queryName": "EC2 Public Instance Exposed Through Subnet", - "severity": "HIGH", + "severity": "MEDIUM", "line": 28 }, { "queryName": "EC2 Public Instance Exposed Through Subnet", - "severity": "HIGH", + "severity": "MEDIUM", "line": 3, "fileName": "positive2.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/ecr_repository_is_publicly_accessible/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/ecr_repository_is_publicly_accessible/test/positive_expected_result.json index 2072ae24eb0..9118d4b848e 100644 --- a/assets/queries/cloudFormation/aws/ecr_repository_is_publicly_accessible/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/ecr_repository_is_publicly_accessible/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "ECR Repository Is Publicly Accessible", - "severity": "MEDIUM", + "severity": "CRITICAL", "line": 6, "fileName": "positive1.yaml" }, { "queryName": "ECR Repository Is Publicly Accessible", - "severity": "MEDIUM", + "severity": "CRITICAL", "line": 7, "fileName": "positive2.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/ecs_service_without_running_tasks/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/ecs_service_without_running_tasks/test/positive_expected_result.json index 7d41ad2e1f3..565c78ce282 100644 --- a/assets/queries/cloudFormation/aws/ecs_service_without_running_tasks/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/ecs_service_without_running_tasks/test/positive_expected_result.json @@ -2,13 +2,13 @@ { "fileName": "positive1.yaml", "queryName": "ECS Service Without Running Tasks", - "severity": "MEDIUM", + "severity": "LOW", "line": 64 }, { "queryName": "ECS Service Without Running Tasks", - "severity": "MEDIUM", + "severity": "LOW", "line": 152, "fileName": "positive2.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/ecs_task_definition_network_mode_not_recommended/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/ecs_task_definition_network_mode_not_recommended/test/positive_expected_result.json index 1a72b1e565a..3ee7e3ba995 100644 --- a/assets/queries/cloudFormation/aws/ecs_task_definition_network_mode_not_recommended/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/ecs_task_definition_network_mode_not_recommended/test/positive_expected_result.json @@ -2,13 +2,13 @@ { "fileName": "positive1.yaml", "queryName": "ECS Task Definition Network Mode Not Recommended", - "severity": "HIGH", + "severity": "MEDIUM", "line": 7 }, { "line": 7, "fileName": "positive2.json", "queryName": "ECS Task Definition Network Mode Not Recommended", - "severity": "HIGH" + "severity": "MEDIUM" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/efs_volume_with_disabled_transit_encryption/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/efs_volume_with_disabled_transit_encryption/test/positive_expected_result.json index ce5e8817dcb..14bd4033600 100644 --- a/assets/queries/cloudFormation/aws/efs_volume_with_disabled_transit_encryption/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/efs_volume_with_disabled_transit_encryption/test/positive_expected_result.json @@ -1,15 +1,14 @@ [ - { - "queryName": "EFS Volume With Disabled Transit Encryption", - "severity": "HIGH", - "line": 64, - "fileName": "positive1.json" - }, - { - "queryName": "EFS Volume With Disabled Transit Encryption", - "severity": "HIGH", - "line": 59, - "fileName": "positive2.json" - } - ] - \ No newline at end of file + { + "queryName": "EFS Volume With Disabled Transit Encryption", + "severity": "MEDIUM", + "line": 64, + "fileName": "positive1.json" + }, + { + "queryName": "EFS Volume With Disabled Transit Encryption", + "severity": "MEDIUM", + "line": 59, + "fileName": "positive2.json" + } +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/efs_without_kms/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/efs_without_kms/test/positive_expected_result.json index 84ae1b9fed9..7e00866f933 100644 --- a/assets/queries/cloudFormation/aws/efs_without_kms/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/efs_without_kms/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "EFS Without KMS", - "severity": "HIGH", + "severity": "LOW", "line": 82, "fileName": "positive1.yaml" }, { "queryName": "EFS Without KMS", - "severity": "HIGH", + "severity": "LOW", "line": 157, "fileName": "positive2.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/eks_node_group_remote_access/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/eks_node_group_remote_access/test/positive_expected_result.json index bf982f46702..facfe6cd979 100644 --- a/assets/queries/cloudFormation/aws/eks_node_group_remote_access/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/eks_node_group_remote_access/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "EKS node group remote access", - "severity": "HIGH", + "severity": "MEDIUM", "line": 17, "fileName": "positive1.yaml" }, { "queryName": "EKS node group remote access", - "severity": "HIGH", + "severity": "MEDIUM", "line": 21, "fileName": "positive2.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/elasticache_with_disabled_transit_encryption/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/elasticache_with_disabled_transit_encryption/test/positive_expected_result.json index 81edb48abbf..596b60304b4 100644 --- a/assets/queries/cloudFormation/aws/elasticache_with_disabled_transit_encryption/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/elasticache_with_disabled_transit_encryption/test/positive_expected_result.json @@ -2,11 +2,11 @@ { "fileName": "positive2.yaml", "queryName": "ElastiCache With Disabled Transit Encryption", - "severity": "HIGH", + "severity": "MEDIUM", "line": 26 }, { - "severity": "HIGH", + "severity": "MEDIUM", "line": 6, "fileName": "positive1.yaml", "queryName": "ElastiCache With Disabled Transit Encryption" @@ -15,12 +15,12 @@ "line": 4, "fileName": "positive3.json", "queryName": "ElastiCache With Disabled Transit Encryption", - "severity": "HIGH" + "severity": "MEDIUM" }, { "queryName": "ElastiCache With Disabled Transit Encryption", - "severity": "HIGH", + "severity": "MEDIUM", "line": 18, "fileName": "positive4.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/elasticsearch_domain_encryption_with_kms_disabled/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/elasticsearch_domain_encryption_with_kms_disabled/test/positive_expected_result.json index 96881dc4d57..c1b2e200ba8 100644 --- a/assets/queries/cloudFormation/aws/elasticsearch_domain_encryption_with_kms_disabled/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/elasticsearch_domain_encryption_with_kms_disabled/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "ElasticSearch Encryption With KMS Disabled", - "severity": "MEDIUM", + "severity": "HIGH", "line": 15, "fileName": "positive1.yaml" }, @@ -9,18 +9,18 @@ "line": 7, "fileName": "positive2.json", "queryName": "ElasticSearch Encryption With KMS Disabled", - "severity": "MEDIUM" + "severity": "HIGH" }, { "line": 6, "fileName": "positive3.yaml", "queryName": "ElasticSearch Encryption With KMS Disabled", - "severity": "MEDIUM" + "severity": "HIGH" }, { "line": 6, "fileName": "positive4.json", "queryName": "ElasticSearch Encryption With KMS Disabled", - "severity": "MEDIUM" + "severity": "HIGH" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/elasticsearch_not_encrypted_at_rest/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/elasticsearch_not_encrypted_at_rest/test/positive_expected_result.json index e1c1ce25bb1..e8b566a38f5 100644 --- a/assets/queries/cloudFormation/aws/elasticsearch_not_encrypted_at_rest/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/elasticsearch_not_encrypted_at_rest/test/positive_expected_result.json @@ -1,13 +1,13 @@ [ { "queryName": "ElasticSearch Not Encrypted At Rest", - "severity": "MEDIUM", + "severity": "HIGH", "line": 6, "fileName": "positive2.yaml" }, { "queryName": "ElasticSearch Not Encrypted At Rest", - "severity": "MEDIUM", + "severity": "HIGH", "line": 16, "fileName": "positive1.yaml" }, @@ -15,12 +15,12 @@ "line": 8, "fileName": "positive3.json", "queryName": "ElasticSearch Not Encrypted At Rest", - "severity": "MEDIUM" + "severity": "HIGH" }, { "queryName": "ElasticSearch Not Encrypted At Rest", - "severity": "MEDIUM", + "severity": "HIGH", "line": 5, "fileName": "positive4.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/elasticsearch_with_https_disabled/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/elasticsearch_with_https_disabled/test/positive_expected_result.json index d8ad1f326eb..957c16e928b 100644 --- a/assets/queries/cloudFormation/aws/elasticsearch_with_https_disabled/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/elasticsearch_with_https_disabled/test/positive_expected_result.json @@ -1,20 +1,20 @@ [ - { - "queryName": "Elasticsearch with HTTPS disabled", - "severity": "HIGH", - "line": 15, - "fileName": "positive1.yaml" - }, - { - "queryName": "Elasticsearch with HTTPS disabled", - "severity": "HIGH", - "line": 24, - "fileName": "positive2.yaml" - }, - { - "queryName": "Elasticsearch with HTTPS disabled", - "severity": "HIGH", - "line": 6, - "fileName": "positive3.yaml" - } + { + "queryName": "Elasticsearch with HTTPS disabled", + "severity": "MEDIUM", + "line": 15, + "fileName": "positive1.yaml" + }, + { + "queryName": "Elasticsearch with HTTPS disabled", + "severity": "MEDIUM", + "line": 24, + "fileName": "positive2.yaml" + }, + { + "queryName": "Elasticsearch with HTTPS disabled", + "severity": "MEDIUM", + "line": 6, + "fileName": "positive3.yaml" + } ] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/elasticsearch_without_slow_logs/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/elasticsearch_without_slow_logs/test/positive_expected_result.json index 21ad326b473..bf83521a0fb 100644 --- a/assets/queries/cloudFormation/aws/elasticsearch_without_slow_logs/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/elasticsearch_without_slow_logs/test/positive_expected_result.json @@ -1,38 +1,38 @@ [ { "queryName": "ElasticSearch Without Slow Logs", - "severity": "MEDIUM", + "severity": "LOW", "line": 34, "fileName": "positive1.yaml" }, { "queryName": "ElasticSearch Without Slow Logs", - "severity": "MEDIUM", + "severity": "LOW", "line": 30, "fileName": "positive2.yaml" }, { "queryName": "ElasticSearch Without Slow Logs", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "fileName": "positive3.yaml" }, { "queryName": "ElasticSearch Without Slow Logs", - "severity": "MEDIUM", + "severity": "LOW", "line": 44, "fileName": "positive4.json" }, { "queryName": "ElasticSearch Without Slow Logs", - "severity": "MEDIUM", + "severity": "LOW", "line": 42, "fileName": "positive5.json" }, { "queryName": "ElasticSearch Without Slow Logs", - "severity": "MEDIUM", + "severity": "LOW", "line": 7, "fileName": "positive6.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/elb_using_insecure_protocols/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/elb_using_insecure_protocols/test/positive_expected_result.json index 6e5699b4e70..d13bf54bd5e 100644 --- a/assets/queries/cloudFormation/aws/elb_using_insecure_protocols/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/elb_using_insecure_protocols/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "ELB Using Insecure Protocols", - "severity": "HIGH", + "severity": "MEDIUM", "line": 27, "fileName": "positive1.yaml" }, { "queryName": "ELB Using Insecure Protocols", - "severity": "HIGH", + "severity": "MEDIUM", "line": 34, "fileName": "positive1.yaml" }, { "queryName": "ELB Using Insecure Protocols", - "severity": "HIGH", + "severity": "MEDIUM", "line": 35, "fileName": "positive2.json" }, { "queryName": "ELB Using Insecure Protocols", - "severity": "HIGH", + "severity": "MEDIUM", "line": 50, "fileName": "positive2.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/elb_without_secure_protocol/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/elb_without_secure_protocol/test/positive_expected_result.json index 21af13cc26b..f4a043eaacb 100644 --- a/assets/queries/cloudFormation/aws/elb_without_secure_protocol/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/elb_without_secure_protocol/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "ELB Without Secure Protocol", - "severity": "HIGH", + "severity": "MEDIUM", "line": 11, "fileName": "positive1.yaml" }, { "queryName": "ELB Without Secure Protocol", - "severity": "HIGH", + "severity": "MEDIUM", "line": 13, "fileName": "positive1.yaml" }, { "queryName": "ELB Without Secure Protocol", - "severity": "HIGH", + "severity": "MEDIUM", "line": 9, "fileName": "positive2.json" }, { "queryName": "ELB Without Secure Protocol", - "severity": "HIGH", + "severity": "MEDIUM", "line": 11, "fileName": "positive2.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/hardcoded_aws_access_key_in_lambda/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/hardcoded_aws_access_key_in_lambda/test/positive_expected_result.json index 4d36b587cab..522d250589f 100644 --- a/assets/queries/cloudFormation/aws/hardcoded_aws_access_key_in_lambda/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/hardcoded_aws_access_key_in_lambda/test/positive_expected_result.json @@ -1,13 +1,13 @@ [ { "queryName": "Hardcoded AWS Access Key In Lambda", - "severity": "MEDIUM", + "severity": "HIGH", "line": 10, "fileName": "positive1.yaml" }, { "queryName": "Hardcoded AWS Access Key In Lambda", - "severity": "MEDIUM", + "severity": "HIGH", "line": 10, "fileName": "positive2.yaml" }, @@ -15,12 +15,12 @@ "line": 29, "fileName": "positive3.json", "queryName": "Hardcoded AWS Access Key In Lambda", - "severity": "MEDIUM" + "severity": "HIGH" }, { "queryName": "Hardcoded AWS Access Key In Lambda", - "severity": "MEDIUM", + "severity": "HIGH", "line": 29, "fileName": "positive4.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/http_port_open/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/http_port_open/test/positive_expected_result.json index e417982e9b2..f915d703e47 100644 --- a/assets/queries/cloudFormation/aws/http_port_open/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/http_port_open/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "HTTP Port Open To Internet", - "severity": "HIGH", + "severity": "MEDIUM", "line": 10, "fileName": "positive1.yaml" }, { "queryName": "HTTP Port Open To Internet", - "severity": "HIGH", + "severity": "MEDIUM", "line": 11, "fileName": "positive1.yaml" }, { "fileName": "positive2.json", "queryName": "HTTP Port Open To Internet", - "severity": "HIGH", + "severity": "MEDIUM", "line": 13 }, { "fileName": "positive2.json", "queryName": "HTTP Port Open To Internet", - "severity": "HIGH", + "severity": "MEDIUM", "line": 14 } ] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/iam_database_auth_not_enabled/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/iam_database_auth_not_enabled/test/positive_expected_result.json index a699b0fd955..09d1d7f20e2 100644 --- a/assets/queries/cloudFormation/aws/iam_database_auth_not_enabled/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/iam_database_auth_not_enabled/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "IAM Database Auth Not Enabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 19, "fileName": "positive1.yaml" }, { "queryName": "IAM Database Auth Not Enabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 31, "fileName": "positive2.json" }, { "queryName": "IAM Database Auth Not Enabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 13, "fileName": "positive3.yaml" }, { "fileName": "positive4.json", "queryName": "IAM Database Auth Not Enabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 18 } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/iam_group_without_users/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/iam_group_without_users/test/positive_expected_result.json index 53869d56cec..f5bbc9440fb 100644 --- a/assets/queries/cloudFormation/aws/iam_group_without_users/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/iam_group_without_users/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "IAM Group Without Users", - "severity": "LOW", + "severity": "MEDIUM", "line": 4, "fileName": "positive1.yaml" }, { "queryName": "IAM Group Without Users", - "severity": "LOW", + "severity": "MEDIUM", "line": 5, "fileName": "positive2.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/iam_password_without_minimum_length/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/iam_password_without_minimum_length/test/positive_expected_result.json index 6fc6aea9dd0..a5765e9f98e 100644 --- a/assets/queries/cloudFormation/aws/iam_password_without_minimum_length/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/iam_password_without_minimum_length/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "IAM Password Without Minimum Length", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "fileName": "positive1.yaml" }, { "queryName": "IAM Password Without Minimum Length", - "severity": "MEDIUM", + "severity": "LOW", "line": 10, "fileName": "positive2.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/iam_policies_with_full_privileges/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/iam_policies_with_full_privileges/test/positive_expected_result.json index 7af373ee22a..19b16708d30 100644 --- a/assets/queries/cloudFormation/aws/iam_policies_with_full_privileges/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/iam_policies_with_full_privileges/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "IAM Policies With Full Privileges", - "severity": "HIGH", + "severity": "MEDIUM", "line": 8, "fileName": "positive1.yaml" }, { "queryName": "IAM Policies With Full Privileges", - "severity": "HIGH", + "severity": "MEDIUM", "line": 21, "fileName": "positive1.yaml" }, { "queryName": "IAM Policies With Full Privileges", - "severity": "HIGH", + "severity": "MEDIUM", "line": 9, "fileName": "positive2.json" }, { "queryName": "IAM Policies With Full Privileges", - "severity": "HIGH", + "severity": "MEDIUM", "line": 31, "fileName": "positive2.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/iam_policy_grants_assumerole_permission_across_all_services/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/iam_policy_grants_assumerole_permission_across_all_services/test/positive_expected_result.json index 0e1b9e76365..f40195f228b 100644 --- a/assets/queries/cloudFormation/aws/iam_policy_grants_assumerole_permission_across_all_services/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/iam_policy_grants_assumerole_permission_across_all_services/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "IAM Policy Grants 'AssumeRole' Permission Across All Services", - "severity": "LOW", + "severity": "MEDIUM", "line": 8, "fileName": "positive1.yaml" }, { "queryName": "IAM Policy Grants 'AssumeRole' Permission Across All Services", - "severity": "LOW", + "severity": "MEDIUM", "line": 8, "fileName": "positive2.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/iam_role_allows_all_principals_to_assume/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/iam_role_allows_all_principals_to_assume/test/positive_expected_result.json index c09ba310853..34ce38c062b 100644 --- a/assets/queries/cloudFormation/aws/iam_role_allows_all_principals_to_assume/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/iam_role_allows_all_principals_to_assume/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "IAM Role Allows All Principals To Assume", - "severity": "LOW", + "severity": "HIGH", "line": 6, "fileName": "positive1.yaml" }, { "queryName": "IAM Role Allows All Principals To Assume", - "severity": "LOW", + "severity": "HIGH", "line": 7, "fileName": "positive2.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/iam_user_login_profile_password_is_in_plaintext/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/iam_user_login_profile_password_is_in_plaintext/test/positive_expected_result.json index 0f3ce7f51b7..8b39e8ea169 100644 --- a/assets/queries/cloudFormation/aws/iam_user_login_profile_password_is_in_plaintext/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/iam_user_login_profile_password_is_in_plaintext/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { - "severity": "MEDIUM", + "severity": "HIGH", "line": 9, "fileName": "positive1.yaml", "queryName": "IAM User LoginProfile Password Is In Plaintext" }, { "queryName": "IAM User LoginProfile Password Is In Plaintext", - "severity": "MEDIUM", + "severity": "HIGH", "line": 9, "fileName": "positive2.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/inline_policies_are_attached_to_ecs_service/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/inline_policies_are_attached_to_ecs_service/test/positive_expected_result.json index 5e17e9e7824..00a1ef6c9c0 100644 --- a/assets/queries/cloudFormation/aws/inline_policies_are_attached_to_ecs_service/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/inline_policies_are_attached_to_ecs_service/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "Inline Policies Are Attached To ECS Service", - "severity": "MEDIUM", + "severity": "LOW", "line": 7, "fileName": "positive1.yaml" }, { "queryName": "Inline Policies Are Attached To ECS Service", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "fileName": "positive2.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/instance_with_no_vpc/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/instance_with_no_vpc/test/positive_expected_result.json index ae8a868c72f..3def28cba7c 100644 --- a/assets/queries/cloudFormation/aws/instance_with_no_vpc/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/instance_with_no_vpc/test/positive_expected_result.json @@ -3,24 +3,24 @@ "line": 21, "fileName": "positive1.yaml", "queryName": "Instance With No VPC", - "severity": "MEDIUM" + "severity": "LOW" }, { "queryName": "Instance With No VPC", - "severity": "MEDIUM", + "severity": "LOW", "line": 4, "fileName": "positive2.yaml" }, { "queryName": "Instance With No VPC", - "severity": "MEDIUM", + "severity": "LOW", "line": 35, "fileName": "positive3.json" }, { "fileName": "positive4.json", "queryName": "Instance With No VPC", - "severity": "MEDIUM", + "severity": "LOW", "line": 5 } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/lambda_function_without_tags/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/lambda_function_without_tags/test/positive_expected_result.json index 50a2716adab..544806fff4a 100644 --- a/assets/queries/cloudFormation/aws/lambda_function_without_tags/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/lambda_function_without_tags/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "Lambda Function Without Tags", - "severity": "MEDIUM", + "severity": "LOW", "line": 52, "fileName": "positive1.yaml" }, { "fileName": "positive2.json", "queryName": "Lambda Function Without Tags", - "severity": "MEDIUM", + "severity": "LOW", "line": 75 } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/lambda_functions_without_unique_iam_roles/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/lambda_functions_without_unique_iam_roles/test/positive_expected_result.json index 5f87e9c6994..ca510107e97 100644 --- a/assets/queries/cloudFormation/aws/lambda_functions_without_unique_iam_roles/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/lambda_functions_without_unique_iam_roles/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { - "severity": "MEDIUM", + "severity": "HIGH", "line": 8, "fileName": "positive1.yaml", "queryName": "Lambda Functions Without Unique IAM Roles" }, { - "severity": "MEDIUM", + "severity": "HIGH", "line": 41, "fileName": "positive1.yaml", "queryName": "Lambda Functions Without Unique IAM Roles" @@ -15,12 +15,12 @@ "line": 7, "fileName": "positive2.json", "queryName": "Lambda Functions Without Unique IAM Roles", - "severity": "MEDIUM" + "severity": "HIGH" }, { "fileName": "positive2.json", "queryName": "Lambda Functions Without Unique IAM Roles", - "severity": "MEDIUM", + "severity": "HIGH", "line": 24 } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/low_rds_backup_retention_period/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/low_rds_backup_retention_period/test/positive_expected_result.json index 8c58e03a502..623b33cff0b 100644 --- a/assets/queries/cloudFormation/aws/low_rds_backup_retention_period/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/low_rds_backup_retention_period/test/positive_expected_result.json @@ -3,48 +3,48 @@ "line": 52, "fileName": "positive1.yaml", "queryName": "Low RDS Backup Retention Period", - "severity": "MEDIUM" + "severity": "LOW" }, { "fileName": "positive4.yaml", "queryName": "Low RDS Backup Retention Period", - "severity": "MEDIUM", + "severity": "LOW", "line": 43 }, { "queryName": "Low RDS Backup Retention Period", - "severity": "MEDIUM", + "severity": "LOW", "line": 22, "fileName": "positive3.yaml" }, { "queryName": "Low RDS Backup Retention Period", - "severity": "MEDIUM", + "severity": "LOW", "line": 35, "fileName": "positive2.yaml" }, { "queryName": "Low RDS Backup Retention Period", - "severity": "MEDIUM", + "severity": "LOW", "line": 113, "fileName": "positive5.json" }, { "queryName": "Low RDS Backup Retention Period", - "severity": "MEDIUM", + "severity": "LOW", "line": 55, "fileName": "positive6.json" }, { "queryName": "Low RDS Backup Retention Period", - "severity": "MEDIUM", + "severity": "LOW", "line": 26, "fileName": "positive7.json" }, { "queryName": "Low RDS Backup Retention Period", - "severity": "MEDIUM", + "severity": "LOW", "line": 54, "fileName": "positive8.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/mq_broker_is_publicly_accessible/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/mq_broker_is_publicly_accessible/test/positive_expected_result.json index 978580abecc..28e66f7364d 100644 --- a/assets/queries/cloudFormation/aws/mq_broker_is_publicly_accessible/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/mq_broker_is_publicly_accessible/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "MQ Broker Is Publicly Accessible", - "severity": "MEDIUM", + "severity": "HIGH", "line": 15, "fileName": "positive1.yaml" }, { "queryName": "MQ Broker Is Publicly Accessible", - "severity": "MEDIUM", + "severity": "HIGH", "line": 31, "fileName": "positive2.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/neptune_cluster_with_iam_database_authentication_disabled/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/neptune_cluster_with_iam_database_authentication_disabled/test/positive_expected_result.json index cc393f08a6f..d7aff56cde1 100644 --- a/assets/queries/cloudFormation/aws/neptune_cluster_with_iam_database_authentication_disabled/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/neptune_cluster_with_iam_database_authentication_disabled/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { - "severity": "MEDIUM", + "severity": "HIGH", "line": 7, "fileName": "positive1.yaml", "queryName": "Neptune Cluster With IAM Database Authentication Disabled" }, { - "severity": "MEDIUM", + "severity": "HIGH", "line": 12, "fileName": "positive1.yaml", "queryName": "Neptune Cluster With IAM Database Authentication Disabled" @@ -15,12 +15,12 @@ "line": 8, "fileName": "positive2.json", "queryName": "Neptune Cluster With IAM Database Authentication Disabled", - "severity": "MEDIUM" + "severity": "HIGH" }, { "line": 15, "fileName": "positive2.json", "queryName": "Neptune Cluster With IAM Database Authentication Disabled", - "severity": "MEDIUM" + "severity": "HIGH" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/neptune_database_cluster_encryption_disabled/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/neptune_database_cluster_encryption_disabled/test/positive_expected_result.json index 5e15f74477a..a489ef90893 100644 --- a/assets/queries/cloudFormation/aws/neptune_database_cluster_encryption_disabled/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/neptune_database_cluster_encryption_disabled/test/positive_expected_result.json @@ -1,6 +1,6 @@ [ { - "severity": "MEDIUM", + "severity": "HIGH", "line": 27, "fileName": "positive1.yaml", "queryName": "Neptune Database Cluster Encryption Disabled" @@ -9,6 +9,6 @@ "line": 21, "fileName": "positive2.json", "queryName": "Neptune Database Cluster Encryption Disabled", - "severity": "MEDIUM" + "severity": "HIGH" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/rds_associated_with_public_subnet/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/rds_associated_with_public_subnet/test/positive_expected_result.json index a3e10831fae..7f80c9865ef 100644 --- a/assets/queries/cloudFormation/aws/rds_associated_with_public_subnet/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/rds_associated_with_public_subnet/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "RDS Associated with Public Subnet", - "severity": "HIGH", + "severity": "CRITICAL", "line": 12, "fileName": "positive1.yaml" }, { "queryName": "RDS Associated with Public Subnet", - "severity": "HIGH", + "severity": "CRITICAL", "line": 9, "fileName": "positive2.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/rds_db_instance_publicly_accessible/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/rds_db_instance_publicly_accessible/test/positive_expected_result.json index bac1d6d8dc5..16573eb7012 100644 --- a/assets/queries/cloudFormation/aws/rds_db_instance_publicly_accessible/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/rds_db_instance_publicly_accessible/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "RDS DB Instance Publicly Accessible", - "severity": "HIGH", + "severity": "CRITICAL", "line": 69, "fileName": "positive1.yaml" }, { "queryName": "RDS DB Instance Publicly Accessible", - "severity": "HIGH", + "severity": "CRITICAL", "line": 61, "fileName": "positive2.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/rds_storage_encryption_disabled/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/rds_storage_encryption_disabled/test/positive_expected_result.json index afa012acc6d..595b5a6a0b1 100644 --- a/assets/queries/cloudFormation/aws/rds_storage_encryption_disabled/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/rds_storage_encryption_disabled/test/positive_expected_result.json @@ -1,32 +1,32 @@ [ { "queryName": "RDS Storage Encryption Disabled", - "severity": "MEDIUM", + "severity": "HIGH", "line": 12, "fileName": "positive1.yaml" }, { "queryName": "RDS Storage Encryption Disabled", - "severity": "MEDIUM", + "severity": "HIGH", "line": 5, "fileName": "positive2.yaml" }, { "queryName": "RDS Storage Encryption Disabled", - "severity": "MEDIUM", + "severity": "HIGH", "line": 9, "fileName": "positive3.json" }, { "fileName": "positive4.json", "queryName": "RDS Storage Encryption Disabled", - "severity": "MEDIUM", + "severity": "HIGH", "line": 59 }, { "fileName": "positive5.yaml", "queryName": "RDS Storage Encryption Disabled", - "severity": "MEDIUM", + "severity": "HIGH", "line": 5 } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/redshift_cluster_without_kms_cmk/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/redshift_cluster_without_kms_cmk/test/positive_expected_result.json index 4c24be40966..bcfc24fec54 100644 --- a/assets/queries/cloudFormation/aws/redshift_cluster_without_kms_cmk/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/redshift_cluster_without_kms_cmk/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "Redshift Cluster Without KMS CMK", - "severity": "HIGH", + "severity": "MEDIUM", "line": 6, "fileName": "positive1.yaml" }, { "fileName": "positive2.json", "queryName": "Redshift Cluster Without KMS CMK", - "severity": "HIGH", + "severity": "MEDIUM", "line": 12 } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/redshift_publicly_accessible/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/redshift_publicly_accessible/test/positive_expected_result.json index c77c482dda8..6af346d4fbe 100644 --- a/assets/queries/cloudFormation/aws/redshift_publicly_accessible/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/redshift_publicly_accessible/test/positive_expected_result.json @@ -1,25 +1,25 @@ [ { "queryName": "Redshift Publicly Accessible", - "severity": "HIGH", + "severity": "MEDIUM", "line": 4, "fileName": "positive1.yaml" }, { "queryName": "Redshift Publicly Accessible", - "severity": "HIGH", + "severity": "MEDIUM", "line": 17, "fileName": "positive1.yaml" }, { "queryName": "Redshift Publicly Accessible", - "severity": "HIGH", + "severity": "MEDIUM", "line": 5, "fileName": "positive2.json" }, { "queryName": "Redshift Publicly Accessible", - "severity": "HIGH", + "severity": "MEDIUM", "line": 30, "fileName": "positive2.json" } diff --git a/assets/queries/cloudFormation/aws/refresh_token_is_exposed/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/refresh_token_is_exposed/test/positive_expected_result.json index 0a7d7e2c2ae..7bd2a1e12fc 100644 --- a/assets/queries/cloudFormation/aws/refresh_token_is_exposed/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/refresh_token_is_exposed/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "RefreshToken Is Exposed", - "severity": "MEDIUM", + "severity": "HIGH", "line": 18, "fileName": "positive1.yaml" }, { "fileName": "positive2.json", "queryName": "RefreshToken Is Exposed", - "severity": "MEDIUM", + "severity": "HIGH", "line": 26 } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/routertable_with_default_routing/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/routertable_with_default_routing/test/positive_expected_result.json index 0dc3781943b..04d3a665aad 100644 --- a/assets/queries/cloudFormation/aws/routertable_with_default_routing/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/routertable_with_default_routing/test/positive_expected_result.json @@ -1,24 +1,24 @@ [ { - "severity": "MEDIUM", + "severity": "LOW", "line": 54, "fileName": "positive1.yaml", "queryName": "RouterTable with Default Routing" }, { "queryName": "RouterTable with Default Routing", - "severity": "MEDIUM", + "severity": "LOW", "line": 66, "fileName": "positive1.yaml" }, { "queryName": "RouterTable with Default Routing", - "severity": "MEDIUM", + "severity": "LOW", "line": 61, "fileName": "positive1.yaml" }, { - "severity": "MEDIUM", + "severity": "LOW", "line": 37, "fileName": "positive2.json", "queryName": "RouterTable with Default Routing" @@ -27,12 +27,12 @@ "line": 108, "fileName": "positive2.json", "queryName": "RouterTable with Default Routing", - "severity": "MEDIUM" + "severity": "LOW" }, { "queryName": "RouterTable with Default Routing", - "severity": "MEDIUM", + "severity": "LOW", "line": 43, "fileName": "positive2.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/s3_bucket_access_to_any_principal/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/s3_bucket_access_to_any_principal/test/positive_expected_result.json index 519846fc4c3..fe0aa886194 100644 --- a/assets/queries/cloudFormation/aws/s3_bucket_access_to_any_principal/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/s3_bucket_access_to_any_principal/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "S3 Bucket Access to Any Principal", - "severity": "HIGH", + "severity": "CRITICAL", "line": 2, "fileName": "positive1.yaml" }, { "queryName": "S3 Bucket Access to Any Principal", - "severity": "HIGH", + "severity": "CRITICAL", "line": 27, "fileName": "positive1.yaml" }, { "queryName": "S3 Bucket Access to Any Principal", - "severity": "HIGH", + "severity": "CRITICAL", "line": 3, "fileName": "positive2.json" }, { "queryName": "S3 Bucket Access to Any Principal", - "severity": "HIGH", + "severity": "CRITICAL", "line": 42, "fileName": "positive2.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/s3_bucket_acl_allows_read_or_write_to_all_users/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/s3_bucket_acl_allows_read_or_write_to_all_users/test/positive_expected_result.json index d03237e171b..8b30d277c16 100644 --- a/assets/queries/cloudFormation/aws/s3_bucket_acl_allows_read_or_write_to_all_users/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/s3_bucket_acl_allows_read_or_write_to_all_users/test/positive_expected_result.json @@ -1,50 +1,50 @@ [ { "queryName": "S3 Bucket ACL Allows Read Or Write to All Users", - "severity": "HIGH", + "severity": "CRITICAL", "line": 7, "fileName": "positive1.yaml" }, { "queryName": "S3 Bucket ACL Allows Read Or Write to All Users", - "severity": "HIGH", + "severity": "CRITICAL", "line": 7, "fileName": "positive2.yaml" }, { "fileName": "positive3.yaml", "queryName": "S3 Bucket ACL Allows Read Or Write to All Users", - "severity": "HIGH", + "severity": "CRITICAL", "line": 7 }, { "queryName": "S3 Bucket ACL Allows Read Or Write to All Users", - "severity": "HIGH", + "severity": "CRITICAL", "line": 7, "fileName": "positive4.yaml" }, { "queryName": "S3 Bucket ACL Allows Read Or Write to All Users", - "severity": "HIGH", + "severity": "CRITICAL", "line": 13, "fileName": "positive5.json" }, { "queryName": "S3 Bucket ACL Allows Read Or Write to All Users", - "severity": "HIGH", + "severity": "CRITICAL", "line": 8, "fileName": "positive6.json" }, { "queryName": "S3 Bucket ACL Allows Read Or Write to All Users", - "severity": "HIGH", + "severity": "CRITICAL", "line": 8, "fileName": "positive7.json" }, { "queryName": "S3 Bucket ACL Allows Read Or Write to All Users", - "severity": "HIGH", + "severity": "CRITICAL", "line": 8, "fileName": "positive8.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/s3_bucket_allows_delete_actions_from_all_principals/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/s3_bucket_allows_delete_actions_from_all_principals/test/positive_expected_result.json index e06bc1e59d9..e1a3f16266e 100644 --- a/assets/queries/cloudFormation/aws/s3_bucket_allows_delete_actions_from_all_principals/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/s3_bucket_allows_delete_actions_from_all_principals/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "S3 Bucket Allows Delete Action From All Principals", - "severity": "HIGH", + "severity": "CRITICAL", "line": 7, "fileName": "positive1.yaml" }, { "queryName": "S3 Bucket Allows Delete Action From All Principals", - "severity": "HIGH", + "severity": "CRITICAL", "line": 22, "fileName": "positive1.yaml" }, { "queryName": "S3 Bucket Allows Delete Action From All Principals", - "severity": "HIGH", + "severity": "CRITICAL", "line": 9, "fileName": "positive2.json" }, { "queryName": "S3 Bucket Allows Delete Action From All Principals", - "severity": "HIGH", + "severity": "CRITICAL", "line": 35, "fileName": "positive2.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/s3_bucket_allows_put_actions_from_all_principals/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/s3_bucket_allows_put_actions_from_all_principals/test/positive_expected_result.json index e7e153b3adf..f503b3c7a06 100644 --- a/assets/queries/cloudFormation/aws/s3_bucket_allows_put_actions_from_all_principals/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/s3_bucket_allows_put_actions_from_all_principals/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "S3 Bucket Allows Put Action From All Principals", - "severity": "HIGH", + "severity": "CRITICAL", "line": 7, "fileName": "positive1.yaml" }, { "queryName": "S3 Bucket Allows Put Action From All Principals", - "severity": "HIGH", + "severity": "CRITICAL", "line": 22, "fileName": "positive1.yaml" }, { "queryName": "S3 Bucket Allows Put Action From All Principals", - "severity": "HIGH", + "severity": "CRITICAL", "line": 9, "fileName": "positive2.json" }, { "queryName": "S3 Bucket Allows Put Action From All Principals", - "severity": "HIGH", + "severity": "CRITICAL", "line": 35, "fileName": "positive2.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/s3_bucket_cloudtrail_logging_disabled/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/s3_bucket_cloudtrail_logging_disabled/test/positive_expected_result.json index 02541ee6057..d1c0f50951b 100644 --- a/assets/queries/cloudFormation/aws/s3_bucket_cloudtrail_logging_disabled/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/s3_bucket_cloudtrail_logging_disabled/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { - "severity": "HIGH", + "severity": "MEDIUM", "line": 7, "fileName": "positive1.yaml", "queryName": "S3 Bucket CloudTrail Logging Disabled" }, { "queryName": "S3 Bucket CloudTrail Logging Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 67, "fileName": "positive2.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/s3_bucket_should_have_bucket_policy/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/s3_bucket_should_have_bucket_policy/test/positive_expected_result.json index 924ac5a2d09..66e29ec3c19 100644 --- a/assets/queries/cloudFormation/aws/s3_bucket_should_have_bucket_policy/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/s3_bucket_should_have_bucket_policy/test/positive_expected_result.json @@ -1,50 +1,50 @@ [ { "queryName": "S3 Bucket Should Have Bucket Policy", - "severity": "MEDIUM", + "severity": "LOW", "line": 4, "fileName": "positive1.yaml" }, { "queryName": "S3 Bucket Should Have Bucket Policy", - "severity": "MEDIUM", + "severity": "LOW", "line": 31, "fileName": "positive1.yaml" }, { "queryName": "S3 Bucket Should Have Bucket Policy", - "severity": "MEDIUM", + "severity": "LOW", "line": 56, "fileName": "positive1.yaml" }, { "queryName": "S3 Bucket Should Have Bucket Policy", - "severity": "MEDIUM", + "severity": "LOW", "line": 42, "fileName": "positive2.json" }, { "queryName": "S3 Bucket Should Have Bucket Policy", - "severity": "MEDIUM", + "severity": "LOW", "line": 88, "fileName": "positive2.json" }, { "queryName": "S3 Bucket Should Have Bucket Policy", - "severity": "MEDIUM", + "severity": "LOW", "line": 130, "fileName": "positive2.json" }, { "queryName": "S3 Bucket Should Have Bucket Policy", - "severity": "MEDIUM", + "severity": "LOW", "line": 4, "fileName": "positive3.yaml" }, { "queryName": "S3 Bucket Should Have Bucket Policy", - "severity": "MEDIUM", + "severity": "LOW", "line": 5, "fileName": "positive4.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/s3_bucket_with_all_permissions/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/s3_bucket_with_all_permissions/test/positive_expected_result.json index 688c20995e4..932ba9931df 100644 --- a/assets/queries/cloudFormation/aws/s3_bucket_with_all_permissions/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/s3_bucket_with_all_permissions/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "S3 Bucket With All Permissions", - "severity": "HIGH", + "severity": "CRITICAL", "line": 7, "fileName": "positive1.yaml" }, { "queryName": "S3 Bucket With All Permissions", - "severity": "HIGH", + "severity": "CRITICAL", "line": 9, "fileName": "positive2.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/s3_bucket_with_unsecured_cors_rule/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/s3_bucket_with_unsecured_cors_rule/test/positive_expected_result.json index 894bdc43a70..0c0f8839d5a 100644 --- a/assets/queries/cloudFormation/aws/s3_bucket_with_unsecured_cors_rule/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/s3_bucket_with_unsecured_cors_rule/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "S3 Bucket With Unsecured CORS Rule", - "severity": "HIGH", + "severity": "MEDIUM", "line": 8, "fileName": "positive1.yaml" }, { "queryName": "S3 Bucket With Unsecured CORS Rule", - "severity": "HIGH", + "severity": "MEDIUM", "line": 9, "fileName": "positive2.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/s3_bucket_without_ignore_public_acl/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/s3_bucket_without_ignore_public_acl/test/positive_expected_result.json index de44034f89e..69cfe9bac7c 100755 --- a/assets/queries/cloudFormation/aws/s3_bucket_without_ignore_public_acl/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/s3_bucket_without_ignore_public_acl/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "S3 Bucket Without Ignore Public ACL", - "severity": "LOW", + "severity": "MEDIUM", "line": 4, "filename": "positive1.yaml" }, { "queryName": "S3 Bucket Without Ignore Public ACL", - "severity": "LOW", + "severity": "MEDIUM", "line": 10, "filename": "positive1.yaml" }, { "queryName": "S3 Bucket Without Ignore Public ACL", - "severity": "LOW", + "severity": "MEDIUM", "line": 21, "filename": "positive1.yaml" }, { "queryName": "S3 Bucket Without Ignore Public ACL", - "severity": "LOW", + "severity": "MEDIUM", "line": 9, "filename": "positive2.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/s3_bucket_without_restriction_of_public_bucket/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/s3_bucket_without_restriction_of_public_bucket/test/positive_expected_result.json index e3726e1f152..a27fd0546b0 100755 --- a/assets/queries/cloudFormation/aws/s3_bucket_without_restriction_of_public_bucket/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/s3_bucket_without_restriction_of_public_bucket/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "S3 Bucket Without Restriction Of Public Bucket", - "severity": "HIGH", + "severity": "MEDIUM", "line": 4, "filename": "positive1.yaml" }, { "queryName": "S3 Bucket Without Restriction Of Public Bucket", - "severity": "HIGH", + "severity": "MEDIUM", "line": 10, "filename": "positive1.yaml" }, { "queryName": "S3 Bucket Without Restriction Of Public Bucket", - "severity": "HIGH", + "severity": "MEDIUM", "line": 21, "filename": "positive1.yaml" }, { "queryName": "S3 Bucket Without Restriction Of Public Bucket", - "severity": "HIGH", + "severity": "MEDIUM", "line": 10, "filename": "positive2.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/s3_bucket_without_ssl_in_write_actions/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/s3_bucket_without_ssl_in_write_actions/test/positive_expected_result.json index 430a77c959e..e068512fc2a 100644 --- a/assets/queries/cloudFormation/aws/s3_bucket_without_ssl_in_write_actions/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/s3_bucket_without_ssl_in_write_actions/test/positive_expected_result.json @@ -1,80 +1,80 @@ [ { "queryName": "S3 Bucket Without SSL In Write Actions", - "severity": "HIGH", + "severity": "MEDIUM", "line": 3, "fileName": "positive1.yaml" }, { "queryName": "S3 Bucket Without SSL In Write Actions", - "severity": "HIGH", + "severity": "MEDIUM", "line": 3, "fileName": "positive2.yaml" }, { "queryName": "S3 Bucket Without SSL In Write Actions", - "severity": "HIGH", + "severity": "MEDIUM", "line": 3, "fileName": "positive3.yaml" }, { "queryName": "S3 Bucket Without SSL In Write Actions", - "severity": "HIGH", + "severity": "MEDIUM", "line": 12, "fileName": "positive3.yaml" }, { "fileName": "positive4.yaml", "queryName": "S3 Bucket Without SSL In Write Actions", - "severity": "HIGH", + "severity": "MEDIUM", "line": 3 }, { "queryName": "S3 Bucket Without SSL In Write Actions", - "severity": "HIGH", + "severity": "MEDIUM", "line": 12, "fileName": "positive4.yaml" }, { "fileName": "positive5.json", "queryName": "S3 Bucket Without SSL In Write Actions", - "severity": "HIGH", + "severity": "MEDIUM", "line": 30 }, { "queryName": "S3 Bucket Without SSL In Write Actions", - "severity": "HIGH", + "severity": "MEDIUM", "line": 4, "fileName": "positive6.json" }, { "queryName": "S3 Bucket Without SSL In Write Actions", - "severity": "HIGH", + "severity": "MEDIUM", "line": 47, "fileName": "positive7.json" }, { "queryName": "S3 Bucket Without SSL In Write Actions", - "severity": "HIGH", + "severity": "MEDIUM", "line": 4, "fileName": "positive8.json" }, { "queryName": "S3 Bucket Without SSL In Write Actions", - "severity": "HIGH", + "severity": "MEDIUM", "line": 15, "fileName": "positive8.json" }, { "queryName": "S3 Bucket Without SSL In Write Actions", - "severity": "HIGH", + "severity": "MEDIUM", "line": 3, "fileName": "positive9.yaml" }, { "queryName": "S3 Bucket Without SSL In Write Actions", - "severity": "HIGH", + "severity": "MEDIUM", "line": 34, "fileName": "positive10.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/sagemaker_notebook_not_placed_in_vpc/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/sagemaker_notebook_not_placed_in_vpc/test/positive_expected_result.json index c9a9c1a1ff1..30ff20916eb 100644 --- a/assets/queries/cloudFormation/aws/sagemaker_notebook_not_placed_in_vpc/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/sagemaker_notebook_not_placed_in_vpc/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "SageMaker Notebook Not Placed In VPC", - "severity": "HIGH", + "severity": "MEDIUM", "line": 7, "fileName": "positive1.yaml" }, { "queryName": "SageMaker Notebook Not Placed In VPC", - "severity": "HIGH", + "severity": "MEDIUM", "line": 27, "fileName": "positive2.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/secrets_manager_should_specify_kms_key_id/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/secrets_manager_should_specify_kms_key_id/test/positive_expected_result.json index 4968ad027bb..d5e3ef62efc 100644 --- a/assets/queries/cloudFormation/aws/secrets_manager_should_specify_kms_key_id/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/secrets_manager_should_specify_kms_key_id/test/positive_expected_result.json @@ -1,6 +1,6 @@ [ { - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "fileName": "positive1.yaml", "queryName": "Secrets Manager Should Specify KmsKeyId" @@ -9,6 +9,6 @@ "line": 7, "fileName": "positive2.json", "queryName": "Secrets Manager Should Specify KmsKeyId", - "severity": "MEDIUM" + "severity": "LOW" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/secure_ciphers_disabled/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/secure_ciphers_disabled/test/positive_expected_result.json index eba98bb260f..66ce13e9eb7 100644 --- a/assets/queries/cloudFormation/aws/secure_ciphers_disabled/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/secure_ciphers_disabled/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "Secure Ciphers Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 26, "fileName": "positive1.yaml" }, { "queryName": "Secure Ciphers Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 44, "fileName": "positive2.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/security_groups_allows_unrestricted_outbound_traffic/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/security_groups_allows_unrestricted_outbound_traffic/test/positive_expected_result.json index f42dbdd0b0a..85acb6a7e9c 100644 --- a/assets/queries/cloudFormation/aws/security_groups_allows_unrestricted_outbound_traffic/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/security_groups_allows_unrestricted_outbound_traffic/test/positive_expected_result.json @@ -3,12 +3,12 @@ "line": 16, "fileName": "positive1.yaml", "queryName": "Security Groups Allows Unrestricted Outbound Traffic", - "severity": "HIGH" + "severity": "MEDIUM" }, { "queryName": "Security Groups Allows Unrestricted Outbound Traffic", - "severity": "HIGH", + "severity": "MEDIUM", "line": 21, "fileName": "positive2.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/security_groups_with_unrestricted_access_to_ssh/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/security_groups_with_unrestricted_access_to_ssh/test/positive_expected_result.json index 92a2a1d5248..b3559424a21 100644 --- a/assets/queries/cloudFormation/aws/security_groups_with_unrestricted_access_to_ssh/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/security_groups_with_unrestricted_access_to_ssh/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "Security Group With Unrestricted Access To SSH", - "severity": "HIGH", + "severity": "MEDIUM", "line": 15, "fileName": "positive1.yaml" }, { "queryName": "Security Group With Unrestricted Access To SSH", - "severity": "HIGH", + "severity": "MEDIUM", "line": 27, "fileName": "positive2.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/security_groups_without_vpc_attached/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/security_groups_without_vpc_attached/test/positive_expected_result.json index 9217ae261d8..ef3f5cfa119 100644 --- a/assets/queries/cloudFormation/aws/security_groups_without_vpc_attached/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/security_groups_without_vpc_attached/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "Security Groups Without VPC Attached", - "severity": "MEDIUM", + "severity": "LOW", "line": 16, "fileName": "positive1.yaml" }, { "queryName": "Security Groups Without VPC Attached", - "severity": "MEDIUM", + "severity": "LOW", "line": 22, "fileName": "positive2.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/sns_topic_is_publicly_accessible/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/sns_topic_is_publicly_accessible/test/positive_expected_result.json index eb621b16955..9262a272217 100644 --- a/assets/queries/cloudFormation/aws/sns_topic_is_publicly_accessible/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/sns_topic_is_publicly_accessible/test/positive_expected_result.json @@ -3,12 +3,12 @@ "line": 7, "fileName": "positive1.yaml", "queryName": "SNS Topic is Publicly Accessible", - "severity": "HIGH" + "severity": "CRITICAL" }, { "queryName": "SNS Topic is Publicly Accessible", - "severity": "HIGH", + "severity": "CRITICAL", "line": 8, "fileName": "positive2.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/sns_topic_without_kms_master_key_id/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/sns_topic_without_kms_master_key_id/test/positive_expected_result.json index dd72182cf72..295f0751270 100644 --- a/assets/queries/cloudFormation/aws/sns_topic_without_kms_master_key_id/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/sns_topic_without_kms_master_key_id/test/positive_expected_result.json @@ -3,12 +3,12 @@ "line": 5, "fileName": "positive1.yaml", "queryName": "SNS Topic Without KmsMasterKeyId", - "severity": "MEDIUM" + "severity": "LOW" }, { "fileName": "positive2.json", "queryName": "SNS Topic Without KmsMasterKeyId", - "severity": "MEDIUM", + "severity": "LOW", "line": 6 } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/stack_notifications_disabled/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/stack_notifications_disabled/test/positive_expected_result.json index d8050baf632..9d68ba1ee6c 100644 --- a/assets/queries/cloudFormation/aws/stack_notifications_disabled/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/stack_notifications_disabled/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "Stack Notifications Disabled", - "severity": "MEDIUM", + "severity": "LOW", "line": 5, "fileName": "positive1.yaml" }, { "queryName": "Stack Notifications Disabled", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "fileName": "positive2.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/unscanned_ecr_image/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/unscanned_ecr_image/test/positive_expected_result.json index dedeff63ff9..e970eb66f59 100644 --- a/assets/queries/cloudFormation/aws/unscanned_ecr_image/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/unscanned_ecr_image/test/positive_expected_result.json @@ -1,19 +1,19 @@ [ { "queryName": "Unscanned ECR Image", - "severity": "MEDIUM", + "severity": "LOW", "line": 5, "fileName": "positive1.yaml" }, { "fileName": "positive2.yaml", "queryName": "Unscanned ECR Image", - "severity": "MEDIUM", + "severity": "LOW", "line": 8 }, { "queryName": "Unscanned ECR Image", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "fileName": "positive3.json" }, @@ -21,6 +21,6 @@ "line": 9, "fileName": "positive4.json", "queryName": "Unscanned ECR Image", - "severity": "MEDIUM" + "severity": "LOW" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/user_data_shell_script_is_encoded/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/user_data_shell_script_is_encoded/test/positive_expected_result.json index 3e3fe79afea..43701376f03 100644 --- a/assets/queries/cloudFormation/aws/user_data_shell_script_is_encoded/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/user_data_shell_script_is_encoded/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "User Data Shell Script Is Encoded", - "severity": "HIGH", + "severity": "LOW", "line": 33, "fileName": "positive2.json" }, { "queryName": "User Data Shell Script Is Encoded", - "severity": "HIGH", + "severity": "LOW", "line": 19, "fileName": "positive1.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/vpc_flowlogs_disabled/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/vpc_flowlogs_disabled/test/positive_expected_result.json index 104abd30dc2..bfe28c75d9c 100644 --- a/assets/queries/cloudFormation/aws/vpc_flowlogs_disabled/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/vpc_flowlogs_disabled/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "VPC FlowLogs Disabled", - "severity": "LOW", + "severity": "MEDIUM", "line": 34, "fileName": "positive1.yaml" }, { "queryName": "VPC FlowLogs Disabled", - "severity": "LOW", + "severity": "MEDIUM", "line": 52, "fileName": "positive2.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/vulnerable_default_ssl_certificate/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/vulnerable_default_ssl_certificate/test/positive_expected_result.json index 5c700e34418..1907f878ba1 100644 --- a/assets/queries/cloudFormation/aws/vulnerable_default_ssl_certificate/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/vulnerable_default_ssl_certificate/test/positive_expected_result.json @@ -2,37 +2,37 @@ { "fileName": "positive2.yaml", "queryName": "Vulnerable Default SSL Certificate", - "severity": "HIGH", + "severity": "MEDIUM", "line": 7 }, { "fileName": "positive2.yaml", "queryName": "Vulnerable Default SSL Certificate", - "severity": "HIGH", + "severity": "MEDIUM", "line": 7 }, { "fileName": "positive3.yaml", "queryName": "Vulnerable Default SSL Certificate", - "severity": "HIGH", + "severity": "MEDIUM", "line": 8 }, { "queryName": "Vulnerable Default SSL Certificate", - "severity": "HIGH", + "severity": "MEDIUM", "line": 8, "fileName": "positive5.json" }, { "queryName": "Vulnerable Default SSL Certificate", - "severity": "HIGH", + "severity": "MEDIUM", "line": 8, "fileName": "positive5.json" }, { "queryName": "Vulnerable Default SSL Certificate", - "severity": "HIGH", + "severity": "MEDIUM", "line": 9, "fileName": "positive6.json" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/workspace_without_encryption/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/workspace_without_encryption/test/positive_expected_result.json index 4825fe05cbf..69d5a610e77 100644 --- a/assets/queries/cloudFormation/aws/workspace_without_encryption/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/workspace_without_encryption/test/positive_expected_result.json @@ -3,24 +3,24 @@ "line": 14, "fileName": "positive2.yaml", "queryName": "Workspace Without Encryption", - "severity": "MEDIUM" + "severity": "HIGH" }, { "fileName": "positive1.yaml", "queryName": "Workspace Without Encryption", - "severity": "MEDIUM", + "severity": "HIGH", "line": 4 }, { "queryName": "Workspace Without Encryption", - "severity": "MEDIUM", + "severity": "HIGH", "line": 5, "fileName": "positive3.json" }, { - "severity": "MEDIUM", + "severity": "HIGH", "line": 17, "fileName": "positive4.json", "queryName": "Workspace Without Encryption" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws_sam/serverless_api_without_content_encoding/test/positive_expected_result.json b/assets/queries/cloudFormation/aws_sam/serverless_api_without_content_encoding/test/positive_expected_result.json index f9b7b243aba..7c2c2079915 100644 --- a/assets/queries/cloudFormation/aws_sam/serverless_api_without_content_encoding/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws_sam/serverless_api_without_content_encoding/test/positive_expected_result.json @@ -1,20 +1,20 @@ [ { "queryName": "Serverless API Without Content Encoding", - "severity": "MEDIUM", + "severity": "LOW", "line": 7, "fileName": "positive1.yaml" }, { "queryName": "Serverless API Without Content Encoding", - "severity": "MEDIUM", + "severity": "LOW", "line": 19, "fileName": "positive2.yaml" }, { "queryName": "Serverless API Without Content Encoding", - "severity": "MEDIUM", + "severity": "LOW", "line": 19, "fileName": "positive3.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws_sam/serverless_function_environment_variables_not_encrypted/test/positive_expected_result.json b/assets/queries/cloudFormation/aws_sam/serverless_function_environment_variables_not_encrypted/test/positive_expected_result.json index 5d075e056b4..90ecf9fd811 100644 --- a/assets/queries/cloudFormation/aws_sam/serverless_function_environment_variables_not_encrypted/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws_sam/serverless_function_environment_variables_not_encrypted/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ { "queryName": "Serverless Function Environment Variables Not Encrypted", - "severity": "HIGH", + "severity": "MEDIUM", "line": 7, "fileName": "positive1.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws_sam/serverless_function_without_tags/test/positive_expected_result.json b/assets/queries/cloudFormation/aws_sam/serverless_function_without_tags/test/positive_expected_result.json index 2b2a2222094..52d67c40a52 100644 --- a/assets/queries/cloudFormation/aws_sam/serverless_function_without_tags/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws_sam/serverless_function_without_tags/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ { "queryName": "Serverless Function Without Tags", - "severity": "MEDIUM", + "severity": "LOW", "line": 7, "fileName": "positive1.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws_sam/serverless_function_without_unique_iam_role/test/positive_expected_result.json b/assets/queries/cloudFormation/aws_sam/serverless_function_without_unique_iam_role/test/positive_expected_result.json index 8e159612e77..97fa6f898f5 100644 --- a/assets/queries/cloudFormation/aws_sam/serverless_function_without_unique_iam_role/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws_sam/serverless_function_without_unique_iam_role/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "Serverless Function Without Unique IAM Role", - "severity": "MEDIUM", + "severity": "HIGH", "line": 19, "fileName": "positive1.yaml" }, { "queryName": "Serverless Function Without Unique IAM Role", - "severity": "MEDIUM", + "severity": "HIGH", "line": 34, "fileName": "positive1.yaml" }, { "queryName": "Serverless Function Without Unique IAM Role", - "severity": "MEDIUM", + "severity": "HIGH", "line": 19, "fileName": "positive2.yaml" }, { "queryName": "Serverless Function Without Unique IAM Role", - "severity": "MEDIUM", + "severity": "HIGH", "line": 34, "fileName": "positive2.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/crossplane/aws/cloudfront_without_minimum_protocol_tls_1.2/test/positive_expected_result.json b/assets/queries/crossplane/aws/cloudfront_without_minimum_protocol_tls_1.2/test/positive_expected_result.json index e184ed6e57a..7147bac5f34 100644 --- a/assets/queries/crossplane/aws/cloudfront_without_minimum_protocol_tls_1.2/test/positive_expected_result.json +++ b/assets/queries/crossplane/aws/cloudfront_without_minimum_protocol_tls_1.2/test/positive_expected_result.json @@ -1,39 +1,38 @@ [ { "queryName": "CloudFront Without Minimum Protocol TLS 1.2", - "severity": "HIGH", + "severity": "MEDIUM", "line": 14, "fileName": "positive.yaml" }, { "queryName": "CloudFront Without Minimum Protocol TLS 1.2", - "severity": "HIGH", + "severity": "MEDIUM", "line": 54, "fileName": "positive.yaml" }, { "queryName": "CloudFront Without Minimum Protocol TLS 1.2", - "severity": "HIGH", + "severity": "MEDIUM", "line": 8, "fileName": "positive2.yaml" }, { "queryName": "CloudFront Without Minimum Protocol TLS 1.2", - "severity": "HIGH", + "severity": "MEDIUM", "line": 44, "fileName": "positive2.yaml" }, { "queryName": "CloudFront Without Minimum Protocol TLS 1.2", - "severity": "HIGH", + "severity": "MEDIUM", "line": 11, "fileName": "positive3.yaml" }, { "queryName": "CloudFront Without Minimum Protocol TLS 1.2", - "severity": "HIGH", + "severity": "MEDIUM", "line": 50, "fileName": "positive3.yaml" } - -] +] \ No newline at end of file diff --git a/assets/queries/crossplane/aws/cloudfront_without_waf/test/positive_expected_result.json b/assets/queries/crossplane/aws/cloudfront_without_waf/test/positive_expected_result.json index 3a23c177bbc..89078c0250b 100644 --- a/assets/queries/crossplane/aws/cloudfront_without_waf/test/positive_expected_result.json +++ b/assets/queries/crossplane/aws/cloudfront_without_waf/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "CloudFront Without WAF", - "severity": "LOW", + "severity": "MEDIUM", "line": 8, "fileName": "positive.yaml" }, { "queryName": "CloudFront Without WAF", - "severity": "LOW", + "severity": "MEDIUM", "line": 48, "fileName": "positive.yaml" - } -] + } +] \ No newline at end of file diff --git a/assets/queries/crossplane/aws/cloudwatch_without_retention_period_specified/test/positive_expected_result.json b/assets/queries/crossplane/aws/cloudwatch_without_retention_period_specified/test/positive_expected_result.json index e5802a9f8ff..077082aa587 100644 --- a/assets/queries/crossplane/aws/cloudwatch_without_retention_period_specified/test/positive_expected_result.json +++ b/assets/queries/crossplane/aws/cloudwatch_without_retention_period_specified/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "CloudWatch Without Retention Period Specified", - "severity": "MEDIUM", + "severity": "INFO", "line": 9, "fileName": "positive.yaml" }, { "queryName": "CloudWatch Without Retention Period Specified", - "severity": "MEDIUM", + "severity": "INFO", "line": 38, "fileName": "positive.yaml" }, { "queryName": "CloudWatch Without Retention Period Specified", - "severity": "MEDIUM", + "severity": "INFO", "line": 6, "fileName": "positive2.yaml" }, { "queryName": "CloudWatch Without Retention Period Specified", - "severity": "MEDIUM", + "severity": "INFO", "line": 34, "fileName": "positive2.yaml" - } -] + } +] \ No newline at end of file diff --git a/assets/queries/crossplane/aws/docdb_logging_disabled/test/positive_expected_result.json b/assets/queries/crossplane/aws/docdb_logging_disabled/test/positive_expected_result.json index 2fdeeac0d75..c683dbe070f 100644 --- a/assets/queries/crossplane/aws/docdb_logging_disabled/test/positive_expected_result.json +++ b/assets/queries/crossplane/aws/docdb_logging_disabled/test/positive_expected_result.json @@ -1,20 +1,20 @@ [ { "queryName": "DocDB Logging Is Disabled", - "severity": "LOW", + "severity": "MEDIUM", "line": 6, "filename": "positive1.yaml" }, { "queryName": "DocDB Logging Is Disabled", - "severity": "LOW", + "severity": "MEDIUM", "line": 26, "filename": "positive2.yaml" }, { "queryName": "DocDB Logging Is Disabled", - "severity": "LOW", + "severity": "MEDIUM", "line": 26, "filename": "positive3.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/crossplane/aws/efs_without_kms/test/positive_expected_result.json b/assets/queries/crossplane/aws/efs_without_kms/test/positive_expected_result.json index ed13bfab430..d4dd72b8200 100644 --- a/assets/queries/crossplane/aws/efs_without_kms/test/positive_expected_result.json +++ b/assets/queries/crossplane/aws/efs_without_kms/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "EFS Without KMS", - "severity": "HIGH", + "severity": "LOW", "line": 6, "fileName": "positive.yaml" }, { "queryName": "EFS Without KMS", - "severity": "HIGH", + "severity": "LOW", "line": 36, "fileName": "positive.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/crossplane/aws/neptune_database_cluster_encryption_disabled/test/positive_expected_result.json b/assets/queries/crossplane/aws/neptune_database_cluster_encryption_disabled/test/positive_expected_result.json index 8a81e6421d4..a9b0dca7046 100644 --- a/assets/queries/crossplane/aws/neptune_database_cluster_encryption_disabled/test/positive_expected_result.json +++ b/assets/queries/crossplane/aws/neptune_database_cluster_encryption_disabled/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "Neptune Database Cluster Encryption Disabled", - "severity": "MEDIUM", + "severity": "HIGH", "line": 6, "fileName": "positive.yaml" }, { "queryName": "Neptune Database Cluster Encryption Disabled", - "severity": "MEDIUM", + "severity": "HIGH", "line": 40, "fileName": "positive.yaml" }, { "queryName": "Neptune Database Cluster Encryption Disabled", - "severity": "MEDIUM", + "severity": "HIGH", "line": 15, "fileName": "positive2.yaml" }, { "queryName": "Neptune Database Cluster Encryption Disabled", - "severity": "MEDIUM", + "severity": "HIGH", "line": 50, "fileName": "positive2.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/crossplane/aws/rds_db_instance_publicly_accessible/test/positive_expected_result.json b/assets/queries/crossplane/aws/rds_db_instance_publicly_accessible/test/positive_expected_result.json index 3f0018ea5da..e0bb80488c8 100644 --- a/assets/queries/crossplane/aws/rds_db_instance_publicly_accessible/test/positive_expected_result.json +++ b/assets/queries/crossplane/aws/rds_db_instance_publicly_accessible/test/positive_expected_result.json @@ -1,15 +1,14 @@ [ - { - "queryName": "RDS DB Instance Publicly Accessible", - "severity": "HIGH", - "line": 7, - "fileName": "positive1.yaml" - }, - { - "queryName": "RDS DB Instance Publicly Accessible", - "severity": "HIGH", - "line": 11, - "fileName": "positive2.yaml" - } - ] - \ No newline at end of file + { + "queryName": "RDS DB Instance Publicly Accessible", + "severity": "MEDIUM", + "line": 7, + "fileName": "positive1.yaml" + }, + { + "queryName": "RDS DB Instance Publicly Accessible", + "severity": "MEDIUM", + "line": 11, + "fileName": "positive2.yaml" + } +] \ No newline at end of file diff --git a/assets/queries/crossplane/gcp/cloud_storage_bucket_logging_not_enabled/test/positive_expected_result.json b/assets/queries/crossplane/gcp/cloud_storage_bucket_logging_not_enabled/test/positive_expected_result.json index ed241dccf3e..011456b8a0d 100644 --- a/assets/queries/crossplane/gcp/cloud_storage_bucket_logging_not_enabled/test/positive_expected_result.json +++ b/assets/queries/crossplane/gcp/cloud_storage_bucket_logging_not_enabled/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ { "queryName": "Cloud Storage Bucket Logging Not Enabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 5, "fileName": "positive.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/dockerCompose/container_capabilities_unrestricted/test/positive_expected_result.json b/assets/queries/dockerCompose/container_capabilities_unrestricted/test/positive_expected_result.json index 71ac393d5d0..5f365ee057b 100644 --- a/assets/queries/dockerCompose/container_capabilities_unrestricted/test/positive_expected_result.json +++ b/assets/queries/dockerCompose/container_capabilities_unrestricted/test/positive_expected_result.json @@ -1,32 +1,32 @@ [ - { - "queryName": "Container Capabilities Unrestricted", - "severity": "LOW", - "line": 13, - "filename": "positive1.yaml" - }, - { - "queryName": "Container Capabilities Unrestricted", - "severity": "LOW", - "line": 4, - "filename": "positive1.yaml" - }, - { - "queryName": "Container Capabilities Unrestricted", - "severity": "LOW", - "line": 13, - "filename": "positive2.yaml" - }, - { - "queryName": "Container Capabilities Unrestricted", - "severity": "LOW", - "line": 13, - "filename": "positive3.yaml" - }, - { - "queryName": "Container Capabilities Unrestricted", - "severity": "LOW", - "line": 4, - "filename": "positive4.yaml" - } -] + { + "queryName": "Container Capabilities Unrestricted", + "severity": "HIGH", + "line": 13, + "filename": "positive1.yaml" + }, + { + "queryName": "Container Capabilities Unrestricted", + "severity": "HIGH", + "line": 4, + "filename": "positive1.yaml" + }, + { + "queryName": "Container Capabilities Unrestricted", + "severity": "HIGH", + "line": 13, + "filename": "positive2.yaml" + }, + { + "queryName": "Container Capabilities Unrestricted", + "severity": "HIGH", + "line": 13, + "filename": "positive3.yaml" + }, + { + "queryName": "Container Capabilities Unrestricted", + "severity": "HIGH", + "line": 4, + "filename": "positive4.yaml" + } +] \ No newline at end of file diff --git a/assets/queries/dockerfile/apt_get_missing_yes_flag_to_avoid_manual_input/test/positive_expected_result.json b/assets/queries/dockerfile/apt_get_missing_yes_flag_to_avoid_manual_input/test/positive_expected_result.json index e6c228d396f..4ea58870642 100644 --- a/assets/queries/dockerfile/apt_get_missing_yes_flag_to_avoid_manual_input/test/positive_expected_result.json +++ b/assets/queries/dockerfile/apt_get_missing_yes_flag_to_avoid_manual_input/test/positive_expected_result.json @@ -1,44 +1,44 @@ [ { "queryName": "APT-GET Missing '-y' To Avoid Manual Input", - "severity": "MEDIUM", + "severity": "LOW", "line": 2, "filename": "positive1.dockerfile" }, { "queryName": "APT-GET Missing '-y' To Avoid Manual Input", - "severity": "MEDIUM", + "severity": "LOW", "line": 3, "filename": "positive1.dockerfile" }, { "queryName": "APT-GET Missing '-y' To Avoid Manual Input", - "severity": "MEDIUM", + "severity": "LOW", "line": 4, "filename": "positive1.dockerfile" }, { "queryName": "APT-GET Missing '-y' To Avoid Manual Input", - "severity": "MEDIUM", + "severity": "LOW", "line": 2, "filename": "positive2.dockerfile" }, { "queryName": "APT-GET Missing '-y' To Avoid Manual Input", - "severity": "MEDIUM", + "severity": "LOW", "line": 3, "filename": "positive2.dockerfile" }, { "queryName": "APT-GET Missing '-y' To Avoid Manual Input", - "severity": "MEDIUM", + "severity": "LOW", "line": 4, "filename": "positive2.dockerfile" }, { "queryName": "APT-GET Missing '-y' To Avoid Manual Input", - "severity": "MEDIUM", + "severity": "LOW", "line": 2, "filename": "positive3.dockerfile" } -] +] \ No newline at end of file diff --git a/assets/queries/dockerfile/copy_from_references_current_from_alias/test/positive_expected_result.json b/assets/queries/dockerfile/copy_from_references_current_from_alias/test/positive_expected_result.json index 19f8972c208..0a577a86177 100644 --- a/assets/queries/dockerfile/copy_from_references_current_from_alias/test/positive_expected_result.json +++ b/assets/queries/dockerfile/copy_from_references_current_from_alias/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ - { - "queryName": "COPY '--from' References Current FROM Alias", - "severity": "HIGH", - "line": 2 - } -] + { + "queryName": "COPY '--from' References Current FROM Alias", + "severity": "LOW", + "line": 2 + } +] \ No newline at end of file diff --git a/assets/queries/dockerfile/copy_with_more_than_two_arguments_not_ending_with_slash/test/positive_expected_result.json b/assets/queries/dockerfile/copy_with_more_than_two_arguments_not_ending_with_slash/test/positive_expected_result.json index 91db25da54b..2774ad6013d 100644 --- a/assets/queries/dockerfile/copy_with_more_than_two_arguments_not_ending_with_slash/test/positive_expected_result.json +++ b/assets/queries/dockerfile/copy_with_more_than_two_arguments_not_ending_with_slash/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ { "queryName": "Copy With More Than Two Arguments Not Ending With Slash", - "severity": "HIGH", + "severity": "LOW", "fileName": "positive.dockerfile", "line": 2 } -] +] \ No newline at end of file diff --git a/assets/queries/dockerfile/last_user_is_root/test/positive_expected_result.json b/assets/queries/dockerfile/last_user_is_root/test/positive_expected_result.json index c8a58deeb6f..751442ed373 100644 --- a/assets/queries/dockerfile/last_user_is_root/test/positive_expected_result.json +++ b/assets/queries/dockerfile/last_user_is_root/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ - { - "queryName": "Last User Is 'root'", - "severity": "MEDIUM", - "line": 2 - } -] + { + "queryName": "Last User Is 'root'", + "severity": "HIGH", + "line": 2 + } +] \ No newline at end of file diff --git a/assets/queries/dockerfile/missing_dnf_clean_all/test/positive_expected_result.json b/assets/queries/dockerfile/missing_dnf_clean_all/test/positive_expected_result.json index b70fe8a54e8..0c521996f67 100644 --- a/assets/queries/dockerfile/missing_dnf_clean_all/test/positive_expected_result.json +++ b/assets/queries/dockerfile/missing_dnf_clean_all/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ - { - "queryName": "Missing Dnf Clean All", - "severity": "MEDIUM", - "line": 2 - } -] + { + "queryName": "Missing Dnf Clean All", + "severity": "LOW", + "line": 2 + } +] \ No newline at end of file diff --git a/assets/queries/dockerfile/missing_flag_from_dnf_install/test/positive_expected_result.json b/assets/queries/dockerfile/missing_flag_from_dnf_install/test/positive_expected_result.json index 66b293beedc..f88c836d03a 100644 --- a/assets/queries/dockerfile/missing_flag_from_dnf_install/test/positive_expected_result.json +++ b/assets/queries/dockerfile/missing_flag_from_dnf_install/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ - { - "queryName": "Missing Flag From Dnf Install", - "severity": "MEDIUM", - "line": 2, - "fileName": "positive.dockerfile" - }, - { - "queryName": "Missing Flag From Dnf Install", - "severity": "MEDIUM", - "line": 10, - "fileName": "positive.dockerfile" - }, - { - "queryName": "Missing Flag From Dnf Install", - "severity": "MEDIUM", - "line": 2, - "fileName": "positive2.dockerfile" - }, - { - "queryName": "Missing Flag From Dnf Install", - "severity": "MEDIUM", - "line": 10, - "fileName": "positive2.dockerfile" - } -] + { + "queryName": "Missing Flag From Dnf Install", + "severity": "LOW", + "line": 2, + "fileName": "positive.dockerfile" + }, + { + "queryName": "Missing Flag From Dnf Install", + "severity": "LOW", + "line": 10, + "fileName": "positive.dockerfile" + }, + { + "queryName": "Missing Flag From Dnf Install", + "severity": "LOW", + "line": 2, + "fileName": "positive2.dockerfile" + }, + { + "queryName": "Missing Flag From Dnf Install", + "severity": "LOW", + "line": 10, + "fileName": "positive2.dockerfile" + } +] \ No newline at end of file diff --git a/assets/queries/dockerfile/missing_zypper_clean/test/positive_expected_result.json b/assets/queries/dockerfile/missing_zypper_clean/test/positive_expected_result.json index 3bc7dc2ef7b..5570f022802 100644 --- a/assets/queries/dockerfile/missing_zypper_clean/test/positive_expected_result.json +++ b/assets/queries/dockerfile/missing_zypper_clean/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ - { - "queryName": "Missing Zypper Clean", - "severity": "MEDIUM", - "line": 2 - } -] + { + "queryName": "Missing Zypper Clean", + "severity": "LOW", + "line": 2 + } +] \ No newline at end of file diff --git a/assets/queries/dockerfile/multiple_cmd_instructions_listed/test/positive_expected_result.json b/assets/queries/dockerfile/multiple_cmd_instructions_listed/test/positive_expected_result.json index dbf8c4f238f..5110e6420af 100644 --- a/assets/queries/dockerfile/multiple_cmd_instructions_listed/test/positive_expected_result.json +++ b/assets/queries/dockerfile/multiple_cmd_instructions_listed/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ - { - "queryName": "Multiple CMD Instructions Listed", - "severity": "MEDIUM", - "line": 11, - "fileName": "positive.dockerfile" - } -] + { + "queryName": "Multiple CMD Instructions Listed", + "severity": "LOW", + "line": 11, + "fileName": "positive.dockerfile" + } +] \ No newline at end of file diff --git a/assets/queries/dockerfile/multiple_entrypoint_instructions_listed/test/positive_expected_result.json b/assets/queries/dockerfile/multiple_entrypoint_instructions_listed/test/positive_expected_result.json index 408b265adb4..c1c67a870ea 100644 --- a/assets/queries/dockerfile/multiple_entrypoint_instructions_listed/test/positive_expected_result.json +++ b/assets/queries/dockerfile/multiple_entrypoint_instructions_listed/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ - { - "queryName": "Multiple ENTRYPOINT Instructions Listed", - "severity": "HIGH", - "line": 11, - "fileName": "positive.dockerfile" - } -] + { + "queryName": "Multiple ENTRYPOINT Instructions Listed", + "severity": "LOW", + "line": 11, + "fileName": "positive.dockerfile" + } +] \ No newline at end of file diff --git a/assets/queries/dockerfile/pip_install_keeping_cached_packages/test/positive_expected_result.json b/assets/queries/dockerfile/pip_install_keeping_cached_packages/test/positive_expected_result.json index b2cd64fb0b7..727c06aeff6 100644 --- a/assets/queries/dockerfile/pip_install_keeping_cached_packages/test/positive_expected_result.json +++ b/assets/queries/dockerfile/pip_install_keeping_cached_packages/test/positive_expected_result.json @@ -1,27 +1,27 @@ [ { "queryName": "Pip install Keeping Cached Packages", - "severity": "MEDIUM", + "severity": "LOW", "line": 2 }, { "queryName": "Pip install Keeping Cached Packages", - "severity": "MEDIUM", + "severity": "LOW", "line": 8 }, { "queryName": "Pip install Keeping Cached Packages", - "severity": "MEDIUM", + "severity": "LOW", "line": 9 }, { "queryName": "Pip install Keeping Cached Packages", - "severity": "MEDIUM", + "severity": "LOW", "line": 10 }, { "queryName": "Pip install Keeping Cached Packages", - "severity": "MEDIUM", + "severity": "LOW", "line": 11 } -] +] \ No newline at end of file diff --git a/assets/queries/dockerfile/run_command_cd_instead_of_workdir/test/positive_expected_result.json b/assets/queries/dockerfile/run_command_cd_instead_of_workdir/test/positive_expected_result.json index 81f43312460..4cba6c72f3f 100644 --- a/assets/queries/dockerfile/run_command_cd_instead_of_workdir/test/positive_expected_result.json +++ b/assets/queries/dockerfile/run_command_cd_instead_of_workdir/test/positive_expected_result.json @@ -1,20 +1,20 @@ [ - { - "queryName": "RUN Instruction Using 'cd' Instead of WORKDIR", - "severity": "MEDIUM", - "line": 3, - "fileName": "positive.dockerfile" - }, - { - "queryName": "RUN Instruction Using 'cd' Instead of WORKDIR", - "severity": "MEDIUM", - "line": 9, - "fileName": "positive.dockerfile" - }, - { - "queryName": "RUN Instruction Using 'cd' Instead of WORKDIR", - "severity": "MEDIUM", - "line": 15, - "fileName": "positive.dockerfile" - } -] + { + "queryName": "RUN Instruction Using 'cd' Instead of WORKDIR", + "severity": "LOW", + "line": 3, + "fileName": "positive.dockerfile" + }, + { + "queryName": "RUN Instruction Using 'cd' Instead of WORKDIR", + "severity": "LOW", + "line": 9, + "fileName": "positive.dockerfile" + }, + { + "queryName": "RUN Instruction Using 'cd' Instead of WORKDIR", + "severity": "LOW", + "line": 15, + "fileName": "positive.dockerfile" + } +] \ No newline at end of file diff --git a/assets/queries/dockerfile/run_using_apt/test/positive_expected_result.json b/assets/queries/dockerfile/run_using_apt/test/positive_expected_result.json index 8192f4d0e83..c6a5e011847 100644 --- a/assets/queries/dockerfile/run_using_apt/test/positive_expected_result.json +++ b/assets/queries/dockerfile/run_using_apt/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ - { - "queryName": "Run Using apt", - "severity": "MEDIUM", - "line": 2 - } -] + { + "queryName": "Run Using apt", + "severity": "LOW", + "line": 2 + } +] \ No newline at end of file diff --git a/assets/queries/dockerfile/run_using_sudo/test/positive_expected_result.json b/assets/queries/dockerfile/run_using_sudo/test/positive_expected_result.json index 603c964bd18..581fa52051a 100644 --- a/assets/queries/dockerfile/run_using_sudo/test/positive_expected_result.json +++ b/assets/queries/dockerfile/run_using_sudo/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ - { - "queryName": "Run Using Sudo", - "severity": "HIGH", - "line": 3 - } -] + { + "queryName": "Run Using Sudo", + "severity": "MEDIUM", + "line": 3 + } +] \ No newline at end of file diff --git a/assets/queries/dockerfile/run_using_wget_and_curl/test/positive_expected_result.json b/assets/queries/dockerfile/run_using_wget_and_curl/test/positive_expected_result.json index 85ead6ab5b6..82340b752d6 100644 --- a/assets/queries/dockerfile/run_using_wget_and_curl/test/positive_expected_result.json +++ b/assets/queries/dockerfile/run_using_wget_and_curl/test/positive_expected_result.json @@ -1,17 +1,17 @@ [ { "queryName": "Run Using 'wget' and 'curl'", - "severity": "MEDIUM", + "severity": "LOW", "line": 3 }, { "queryName": "Run Using 'wget' and 'curl'", - "severity": "MEDIUM", + "severity": "LOW", "line": 7 }, { "queryName": "Run Using 'wget' and 'curl'", - "severity": "MEDIUM", + "severity": "LOW", "line": 8 } -] +] \ No newline at end of file diff --git a/assets/queries/dockerfile/same_alias_in_different_froms/test/positive_expected_result.json b/assets/queries/dockerfile/same_alias_in_different_froms/test/positive_expected_result.json index 1697904af50..9e65369181b 100644 --- a/assets/queries/dockerfile/same_alias_in_different_froms/test/positive_expected_result.json +++ b/assets/queries/dockerfile/same_alias_in_different_froms/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ - { - "queryName": "Same Alias In Different Froms", - "severity": "HIGH", - "line": 4 - } -] + { + "queryName": "Same Alias In Different Froms", + "severity": "LOW", + "line": 4 + } +] \ No newline at end of file diff --git a/assets/queries/dockerfile/shell_running_a_pipe_without_pipefail_flag/test/positive_expected_result.json b/assets/queries/dockerfile/shell_running_a_pipe_without_pipefail_flag/test/positive_expected_result.json index 6b99dfe688b..66769b07386 100644 --- a/assets/queries/dockerfile/shell_running_a_pipe_without_pipefail_flag/test/positive_expected_result.json +++ b/assets/queries/dockerfile/shell_running_a_pipe_without_pipefail_flag/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ - { - "queryName": "Shell Running A Pipe Without Pipefail Flag", - "severity": "MEDIUM", - "line": 2 - }, - { - "queryName": "Shell Running A Pipe Without Pipefail Flag", - "severity": "MEDIUM", - "line": 3 - } -] + { + "queryName": "Shell Running A Pipe Without Pipefail Flag", + "severity": "LOW", + "line": 2 + }, + { + "queryName": "Shell Running A Pipe Without Pipefail Flag", + "severity": "LOW", + "line": 3 + } +] \ No newline at end of file diff --git a/assets/queries/dockerfile/unix_ports_out_of_range/test/positive_expected_result.json b/assets/queries/dockerfile/unix_ports_out_of_range/test/positive_expected_result.json index f96ea84a531..5d57ac73d0c 100644 --- a/assets/queries/dockerfile/unix_ports_out_of_range/test/positive_expected_result.json +++ b/assets/queries/dockerfile/unix_ports_out_of_range/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ - { - "queryName": "UNIX Ports Out Of Range", - "severity": "HIGH", - "line": 3 - } -] + { + "queryName": "UNIX Ports Out Of Range", + "severity": "INFO", + "line": 3 + } +] \ No newline at end of file diff --git a/assets/queries/dockerfile/update_instruction_alone/test/positive_expected_result.json b/assets/queries/dockerfile/update_instruction_alone/test/positive_expected_result.json index 0b6c8f27df4..64b7e65cd1f 100644 --- a/assets/queries/dockerfile/update_instruction_alone/test/positive_expected_result.json +++ b/assets/queries/dockerfile/update_instruction_alone/test/positive_expected_result.json @@ -1,44 +1,44 @@ [ { "queryName": "Update Instruction Alone", - "severity": "MEDIUM", + "severity": "LOW", "line": 3, "fileName": "positive1.dockerfile" }, { "queryName": "Update Instruction Alone", - "severity": "MEDIUM", + "severity": "LOW", "line": 3, "fileName": "positive2.dockerfile" }, { "queryName": "Update Instruction Alone", - "severity": "MEDIUM", + "severity": "LOW", "line": 3, "fileName": "positive3.dockerfile" }, { "queryName": "Update Instruction Alone", - "severity": "MEDIUM", + "severity": "LOW", "line": 3, "fileName": "positive4.dockerfile" }, { "queryName": "Update Instruction Alone", - "severity": "MEDIUM", + "severity": "LOW", "line": 3, "fileName": "positive5.dockerfile" }, { "queryName": "Update Instruction Alone", - "severity": "MEDIUM", + "severity": "LOW", "line": 3, "fileName": "positive6.dockerfile" }, { "queryName": "Update Instruction Alone", - "severity": "MEDIUM", + "severity": "LOW", "line": 3, "fileName": "positive7.dockerfile" } -] +] \ No newline at end of file diff --git a/assets/queries/dockerfile/using_platform_with_from/test/positive_expected_result.json b/assets/queries/dockerfile/using_platform_with_from/test/positive_expected_result.json index e3e9ef864b0..62086246cba 100644 --- a/assets/queries/dockerfile/using_platform_with_from/test/positive_expected_result.json +++ b/assets/queries/dockerfile/using_platform_with_from/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ - { - "queryName": "Using Platform Flag with FROM Command", - "severity": "INFO", - "line": 6 - } -] + { + "queryName": "Using Platform Flag with FROM Command", + "severity": "LOW", + "line": 6 + } +] \ No newline at end of file diff --git a/assets/queries/dockerfile/workdir_path_not_absolute/test/positive_expected_result.json b/assets/queries/dockerfile/workdir_path_not_absolute/test/positive_expected_result.json index 27bb7e84dde..ece07faaf7f 100644 --- a/assets/queries/dockerfile/workdir_path_not_absolute/test/positive_expected_result.json +++ b/assets/queries/dockerfile/workdir_path_not_absolute/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ - { - "queryName": "WORKDIR Path Not Absolute", - "severity": "HIGH", - "line": 5 - } + { + "queryName": "WORKDIR Path Not Absolute", + "severity": "LOW", + "line": 5 + } ] \ No newline at end of file diff --git a/assets/queries/dockerfile/yum_clean_all_missing/test/positive_expected_result.json b/assets/queries/dockerfile/yum_clean_all_missing/test/positive_expected_result.json index 0337622d5e2..f4e28bb33cf 100644 --- a/assets/queries/dockerfile/yum_clean_all_missing/test/positive_expected_result.json +++ b/assets/queries/dockerfile/yum_clean_all_missing/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ { "queryName": "Yum Clean All Missing", - "severity": "MEDIUM", + "severity": "LOW", "line": 12, "fileName": "positive.dockerfile" } -] +] \ No newline at end of file diff --git a/assets/queries/dockerfile/yum_install_allows_manual_input/test/positive_expected_result.json b/assets/queries/dockerfile/yum_install_allows_manual_input/test/positive_expected_result.json index f7cbbd5650d..c6fa582d3aa 100644 --- a/assets/queries/dockerfile/yum_install_allows_manual_input/test/positive_expected_result.json +++ b/assets/queries/dockerfile/yum_install_allows_manual_input/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "Yum Install Allows Manual Input", - "severity": "MEDIUM", + "severity": "LOW", "line": 3 }, { "queryName": "Yum Install Allows Manual Input", - "severity": "MEDIUM", + "severity": "LOW", "line": 4 } -] +] \ No newline at end of file diff --git a/assets/queries/dockerfile/zypper_install_without_version/test/positive_expected_result.json b/assets/queries/dockerfile/zypper_install_without_version/test/positive_expected_result.json index 6646174abe3..7d64d6a1109 100644 --- a/assets/queries/dockerfile/zypper_install_without_version/test/positive_expected_result.json +++ b/assets/queries/dockerfile/zypper_install_without_version/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "Zypper Install Without Version", - "severity": "MEDIUM", + "severity": "LOW", "line": 2 }, { "queryName": "Zypper Install Without Version", - "severity": "MEDIUM", + "severity": "LOW", "line": 3 } -] +] \ No newline at end of file diff --git a/assets/queries/googleDeploymentManager/gcp/cloud_storage_anonymous_or_publicly_accessible/test/positive_expected_result.json b/assets/queries/googleDeploymentManager/gcp/cloud_storage_anonymous_or_publicly_accessible/test/positive_expected_result.json index d19507f14cb..bd96fd1b8e3 100644 --- a/assets/queries/googleDeploymentManager/gcp/cloud_storage_anonymous_or_publicly_accessible/test/positive_expected_result.json +++ b/assets/queries/googleDeploymentManager/gcp/cloud_storage_anonymous_or_publicly_accessible/test/positive_expected_result.json @@ -1,38 +1,38 @@ [ { "queryName": "Cloud Storage Anonymous or Publicly Accessible", - "severity": "HIGH", + "severity": "CRITICAL", "line": 4, "filename": "positive1.yaml" }, { "queryName": "Cloud Storage Anonymous or Publicly Accessible", - "severity": "HIGH", + "severity": "CRITICAL", "line": 4, "filename": "positive1.yaml" }, { "queryName": "Cloud Storage Anonymous or Publicly Accessible", - "severity": "HIGH", + "severity": "CRITICAL", "line": 7, "filename": "positive2.yaml" }, { "queryName": "Cloud Storage Anonymous or Publicly Accessible", - "severity": "HIGH", + "severity": "CRITICAL", "line": 4, "filename": "positive2.yaml" }, { "queryName": "Cloud Storage Anonymous or Publicly Accessible", - "severity": "HIGH", + "severity": "CRITICAL", "line": 7, "filename": "positive3.yaml" }, { "queryName": "Cloud Storage Anonymous or Publicly Accessible", - "severity": "HIGH", + "severity": "CRITICAL", "line": 10, "filename": "positive3.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/googleDeploymentManager/gcp/cloud_storage_bucket_is_publicly_accessible/test/positive_expected_result.json b/assets/queries/googleDeploymentManager/gcp/cloud_storage_bucket_is_publicly_accessible/test/positive_expected_result.json index ceab8fd9382..d42c2587d0d 100644 --- a/assets/queries/googleDeploymentManager/gcp/cloud_storage_bucket_is_publicly_accessible/test/positive_expected_result.json +++ b/assets/queries/googleDeploymentManager/gcp/cloud_storage_bucket_is_publicly_accessible/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "Cloud Storage Bucket Is Publicly Accessible", - "severity": "HIGH", + "severity": "MEDIUM", "line": 5, "filename": "positive1.yaml" }, { "queryName": "Cloud Storage Bucket Is Publicly Accessible", - "severity": "HIGH", + "severity": "MEDIUM", "line": 5, "filename": "positive2.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/googleDeploymentManager/gcp/cloud_storage_bucket_versioning_disabled/test/positive_expected_result.json b/assets/queries/googleDeploymentManager/gcp/cloud_storage_bucket_versioning_disabled/test/positive_expected_result.json index 12d80183b47..a055acd79af 100644 --- a/assets/queries/googleDeploymentManager/gcp/cloud_storage_bucket_versioning_disabled/test/positive_expected_result.json +++ b/assets/queries/googleDeploymentManager/gcp/cloud_storage_bucket_versioning_disabled/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "Cloud Storage Bucket Versioning Disabled", - "severity": "HIGH", + "severity": "LOW", "line": 4, "filename": "positive1.yaml" }, { "queryName": "Cloud Storage Bucket Versioning Disabled", - "severity": "HIGH", + "severity": "LOW", "line": 8, "filename": "positive2.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/googleDeploymentManager/gcp/cluster_labels_disabled/test/positive_expected_result.json b/assets/queries/googleDeploymentManager/gcp/cluster_labels_disabled/test/positive_expected_result.json index 32224a4b1fc..6dad84347c3 100644 --- a/assets/queries/googleDeploymentManager/gcp/cluster_labels_disabled/test/positive_expected_result.json +++ b/assets/queries/googleDeploymentManager/gcp/cluster_labels_disabled/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ { "queryName": "Cluster Labels Disabled", - "severity": "HIGH", + "severity": "LOW", "line": 4, "filename": "positive1.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/googleDeploymentManager/gcp/cluster_master_authentication_disabled/test/positive_expected_result.json b/assets/queries/googleDeploymentManager/gcp/cluster_master_authentication_disabled/test/positive_expected_result.json index ddfe7fc3a5c..37ca92ffb33 100644 --- a/assets/queries/googleDeploymentManager/gcp/cluster_master_authentication_disabled/test/positive_expected_result.json +++ b/assets/queries/googleDeploymentManager/gcp/cluster_master_authentication_disabled/test/positive_expected_result.json @@ -1,20 +1,20 @@ [ { "queryName": "Cluster Master Authentication Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 4, "filename": "positive1.yaml" }, { "queryName": "Cluster Master Authentication Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 5, "filename": "positive2.yaml" }, { "queryName": "Cluster Master Authentication Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 5, "filename": "positive3.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/googleDeploymentManager/gcp/compute_instance_is_publicly_accessible/test/positive_expected_result.json b/assets/queries/googleDeploymentManager/gcp/compute_instance_is_publicly_accessible/test/positive_expected_result.json index 541e8ddda2d..7e5816b6e71 100644 --- a/assets/queries/googleDeploymentManager/gcp/compute_instance_is_publicly_accessible/test/positive_expected_result.json +++ b/assets/queries/googleDeploymentManager/gcp/compute_instance_is_publicly_accessible/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ { "queryName": "Compute Instance Is Publicly Accessible", - "severity": "HIGH", + "severity": "MEDIUM", "line": 8, "filename": "positive1.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/googleDeploymentManager/gcp/cos_node_image_not_used/test/positive_expected_result.json b/assets/queries/googleDeploymentManager/gcp/cos_node_image_not_used/test/positive_expected_result.json index 0e6d3563e62..46de3aa0e69 100644 --- a/assets/queries/googleDeploymentManager/gcp/cos_node_image_not_used/test/positive_expected_result.json +++ b/assets/queries/googleDeploymentManager/gcp/cos_node_image_not_used/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ { "queryName": "COS Node Image Not Used", - "severity": "MEDIUM", + "severity": "LOW", "line": 7, "filename": "positive1.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/googleDeploymentManager/gcp/dnssec_using_rsasha1/test/positive_expected_result.json b/assets/queries/googleDeploymentManager/gcp/dnssec_using_rsasha1/test/positive_expected_result.json index 781389fd1ff..f40a3d8a8a0 100644 --- a/assets/queries/googleDeploymentManager/gcp/dnssec_using_rsasha1/test/positive_expected_result.json +++ b/assets/queries/googleDeploymentManager/gcp/dnssec_using_rsasha1/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ { "queryName": "DNSSEC Using RSASHA1", - "severity": "HIGH", + "severity": "MEDIUM", "line": 9, "filename": "positive1.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/googleDeploymentManager/gcp/gke_master_authorized_networks_disabled/test/positive_expected_result.json b/assets/queries/googleDeploymentManager/gcp/gke_master_authorized_networks_disabled/test/positive_expected_result.json index 66d0f462f08..c2a87118b33 100644 --- a/assets/queries/googleDeploymentManager/gcp/gke_master_authorized_networks_disabled/test/positive_expected_result.json +++ b/assets/queries/googleDeploymentManager/gcp/gke_master_authorized_networks_disabled/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "GKE Master Authorized Networks Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 4, "filename": "positive1.yaml" }, { "queryName": "GKE Master Authorized Networks Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 7, "filename": "positive2.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/googleDeploymentManager/gcp/google_storage_bucket_level_access_disabled/test/positive_expected_result.json b/assets/queries/googleDeploymentManager/gcp/google_storage_bucket_level_access_disabled/test/positive_expected_result.json index b0e7e82bfee..c73e8f724a2 100644 --- a/assets/queries/googleDeploymentManager/gcp/google_storage_bucket_level_access_disabled/test/positive_expected_result.json +++ b/assets/queries/googleDeploymentManager/gcp/google_storage_bucket_level_access_disabled/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ { "queryName": "Google Storage Bucket Level Access Disabled", - "severity": "MEDIUM", + "severity": "HIGH", "line": 11, "filename": "positive1.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/googleDeploymentManager/gcp/ip_aliasing_disabled/test/positive_expected_result.json b/assets/queries/googleDeploymentManager/gcp/ip_aliasing_disabled/test/positive_expected_result.json index 40fdecfd38d..db68ada83e5 100644 --- a/assets/queries/googleDeploymentManager/gcp/ip_aliasing_disabled/test/positive_expected_result.json +++ b/assets/queries/googleDeploymentManager/gcp/ip_aliasing_disabled/test/positive_expected_result.json @@ -1,20 +1,20 @@ [ { "queryName": "IP Aliasing Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 4, "filename": "positive1.yaml" }, { "queryName": "IP Aliasing Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 6, "filename": "positive2.yaml" }, { "queryName": "IP Aliasing Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 8, "filename": "positive3.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/googleDeploymentManager/gcp/network_policy_disabled/test/positive_expected_result.json b/assets/queries/googleDeploymentManager/gcp/network_policy_disabled/test/positive_expected_result.json index fc36d1b44a5..3d252b3cbfc 100644 --- a/assets/queries/googleDeploymentManager/gcp/network_policy_disabled/test/positive_expected_result.json +++ b/assets/queries/googleDeploymentManager/gcp/network_policy_disabled/test/positive_expected_result.json @@ -1,50 +1,50 @@ [ { "queryName": "Network Policy Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 4, "filename": "positive1.yaml" }, { "queryName": "Network Policy Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 4, "filename": "positive1.yaml" }, { "queryName": "Network Policy Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 4, "filename": "positive2.yaml" }, { "queryName": "Network Policy Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 7, "filename": "positive2.yaml" }, { "queryName": "Network Policy Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 8, "filename": "positive3.yaml" }, { "queryName": "Network Policy Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 4, "filename": "positive3.yaml" }, { "queryName": "Network Policy Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 10, "filename": "positive4.yaml" }, { "queryName": "Network Policy Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 7, "filename": "positive4.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/googleDeploymentManager/gcp/node_auto_upgrade_disabled/test/positive_expected_result.json b/assets/queries/googleDeploymentManager/gcp/node_auto_upgrade_disabled/test/positive_expected_result.json index 78f82812539..41f14f2827f 100644 --- a/assets/queries/googleDeploymentManager/gcp/node_auto_upgrade_disabled/test/positive_expected_result.json +++ b/assets/queries/googleDeploymentManager/gcp/node_auto_upgrade_disabled/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "Node Auto Upgrade Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 4, "filename": "positive1.yaml" }, { "queryName": "Node Auto Upgrade Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 6, "filename": "positive2.yaml" }, { "queryName": "Node Auto Upgrade Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 8, "filename": "positive3.yaml" }, { "queryName": "Node Auto Upgrade Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 9, "filename": "positive4.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/googleDeploymentManager/gcp/not_proper_email_account_in_use/test/positive_expected_result.json b/assets/queries/googleDeploymentManager/gcp/not_proper_email_account_in_use/test/positive_expected_result.json index 7e4565f306c..d8a159bff9b 100644 --- a/assets/queries/googleDeploymentManager/gcp/not_proper_email_account_in_use/test/positive_expected_result.json +++ b/assets/queries/googleDeploymentManager/gcp/not_proper_email_account_in_use/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ { "queryName": "Not Proper Email Account In Use", - "severity": "HIGH", + "severity": "LOW", "line": 9, "filename": "positive1.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/googleDeploymentManager/gcp/private_cluster_disabled/test/positive_expected_result.json b/assets/queries/googleDeploymentManager/gcp/private_cluster_disabled/test/positive_expected_result.json index 806065da51f..a9805abe4bb 100644 --- a/assets/queries/googleDeploymentManager/gcp/private_cluster_disabled/test/positive_expected_result.json +++ b/assets/queries/googleDeploymentManager/gcp/private_cluster_disabled/test/positive_expected_result.json @@ -1,20 +1,20 @@ [ { "queryName": "Private Cluster Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 4, "filename": "positive1.yaml" }, { "queryName": "Private Cluster Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 6, "filename": "positive2.yaml" }, { "queryName": "Private Cluster Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 7, "filename": "positive2.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/googleDeploymentManager/gcp/rdp_access_is_not_restricted/test/positive_expected_result.json b/assets/queries/googleDeploymentManager/gcp/rdp_access_is_not_restricted/test/positive_expected_result.json index 78e20161286..cc92fb60bc4 100644 --- a/assets/queries/googleDeploymentManager/gcp/rdp_access_is_not_restricted/test/positive_expected_result.json +++ b/assets/queries/googleDeploymentManager/gcp/rdp_access_is_not_restricted/test/positive_expected_result.json @@ -1,20 +1,20 @@ [ { "queryName": "RDP Access Is Not Restricted", - "severity": "MEDIUM", + "severity": "HIGH", "line": 14, "filename": "positive1.yaml" }, { "queryName": "RDP Access Is Not Restricted", - "severity": "MEDIUM", + "severity": "HIGH", "line": 14, "filename": "positive2.yaml" }, { "queryName": "RDP Access Is Not Restricted", - "severity": "MEDIUM", + "severity": "HIGH", "line": 9, "filename": "positive3.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/googleDeploymentManager/gcp/sql_db_instance_backup_disabled/test/positive_expected_result.json b/assets/queries/googleDeploymentManager/gcp/sql_db_instance_backup_disabled/test/positive_expected_result.json index 2276327e446..98d4feb7317 100644 --- a/assets/queries/googleDeploymentManager/gcp/sql_db_instance_backup_disabled/test/positive_expected_result.json +++ b/assets/queries/googleDeploymentManager/gcp/sql_db_instance_backup_disabled/test/positive_expected_result.json @@ -1,20 +1,20 @@ [ { "queryName": "SQL DB Instance Backup Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 5, "filename": "positive1.yaml" }, { "queryName": "SQL DB Instance Backup Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 7, "filename": "positive2.yaml" }, { "queryName": "SQL DB Instance Backup Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 8, "filename": "positive3.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/googleDeploymentManager/gcp/stackdriver_logging_disabled/test/positive_expected_result.json b/assets/queries/googleDeploymentManager/gcp/stackdriver_logging_disabled/test/positive_expected_result.json index e39cef41f7d..54222d9059a 100644 --- a/assets/queries/googleDeploymentManager/gcp/stackdriver_logging_disabled/test/positive_expected_result.json +++ b/assets/queries/googleDeploymentManager/gcp/stackdriver_logging_disabled/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "Stackdriver Logging Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 4, "filename": "positive1.yaml" }, { "queryName": "Stackdriver Logging Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 6, "filename": "positive2.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/googleDeploymentManager/gcp/stackdriver_monitoring_disabled/test/positive_expected_result.json b/assets/queries/googleDeploymentManager/gcp/stackdriver_monitoring_disabled/test/positive_expected_result.json index 5100c30b170..26074b13c9b 100644 --- a/assets/queries/googleDeploymentManager/gcp/stackdriver_monitoring_disabled/test/positive_expected_result.json +++ b/assets/queries/googleDeploymentManager/gcp/stackdriver_monitoring_disabled/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "Stackdriver Monitoring Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 4, "filename": "positive1.yaml" }, { "queryName": "Stackdriver Monitoring Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 6, "filename": "positive2.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/grpc/enum_name_not_camel_case/test/positive_expected_result.json b/assets/queries/grpc/enum_name_not_camel_case/test/positive_expected_result.json index 82b74357333..abf536df43f 100644 --- a/assets/queries/grpc/enum_name_not_camel_case/test/positive_expected_result.json +++ b/assets/queries/grpc/enum_name_not_camel_case/test/positive_expected_result.json @@ -1,17 +1,17 @@ [ { "queryName": "Enum Name Not CamelCase", - "severity": "LOW", + "severity": "INFO", "line": 3 }, { "queryName": "Enum Name Not CamelCase", - "severity": "LOW", + "severity": "INFO", "line": 10 }, { "queryName": "Enum Name Not CamelCase", - "severity": "LOW", + "severity": "INFO", "line": 18 } -] +] \ No newline at end of file diff --git a/assets/queries/k8s/always_admit_admission_control_plugin_set/test/positive_expected_result.json b/assets/queries/k8s/always_admit_admission_control_plugin_set/test/positive_expected_result.json index d65d01d4355..31ba5cb355b 100644 --- a/assets/queries/k8s/always_admit_admission_control_plugin_set/test/positive_expected_result.json +++ b/assets/queries/k8s/always_admit_admission_control_plugin_set/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ - { - "queryName": "Always Admit Admission Control Plugin Set", - "severity": "HIGH", - "line": 11, - "fileName": "positive1.yaml" - } -] + { + "queryName": "Always Admit Admission Control Plugin Set", + "severity": "MEDIUM", + "line": 11, + "fileName": "positive1.yaml" + } +] \ No newline at end of file diff --git a/assets/queries/k8s/authorization_mode_rbac_not_set/test/positive_expected_result.json b/assets/queries/k8s/authorization_mode_rbac_not_set/test/positive_expected_result.json index 88c82f0741b..76b738ce26b 100644 --- a/assets/queries/k8s/authorization_mode_rbac_not_set/test/positive_expected_result.json +++ b/assets/queries/k8s/authorization_mode_rbac_not_set/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "Authorization Mode RBAC Not Set", - "severity": "MEDIUM", + "severity": "LOW", "line": 11, "filename": "positive1.yaml" }, { "queryName": "Authorization Mode RBAC Not Set", - "severity": "MEDIUM", + "severity": "LOW", "line": 11, "filename": "positive2.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/k8s/authorization_mode_set_to_always_allow/test/positive_expected_result.json b/assets/queries/k8s/authorization_mode_set_to_always_allow/test/positive_expected_result.json index 0896aa5a201..174d3224c48 100644 --- a/assets/queries/k8s/authorization_mode_set_to_always_allow/test/positive_expected_result.json +++ b/assets/queries/k8s/authorization_mode_set_to_always_allow/test/positive_expected_result.json @@ -1,37 +1,37 @@ [ { "queryName": "Authorization Mode Set To Always Allow", - "severity": "MEDIUM", + "severity": "HIGH", "line": 11, "filename": "positive1.yaml" }, { "queryName": "Authorization Mode Set To Always Allow", - "severity": "MEDIUM", + "severity": "HIGH", "line": 11, "filename": "positive2.yaml" }, { "queryName": "Authorization Mode Set To Always Allow", - "severity": "MEDIUM", + "severity": "HIGH", "line": 11, "filename": "positive3.yaml" }, { "queryName": "Authorization Mode Set To Always Allow", - "severity": "MEDIUM", + "severity": "HIGH", "line": 11, "filename": "positive4.yaml" }, { "queryName": "Authorization Mode Set To Always Allow", - "severity": "MEDIUM", + "severity": "HIGH", "line": 11, "filename": "positive5.yaml" }, { "queryName": "Authorization Mode Set To Always Allow", - "severity": "MEDIUM", + "severity": "HIGH", "line": 6, "filename": "positive6.json" } diff --git a/assets/queries/k8s/auto_tls_set_to_true/test/positive_expected_result.json b/assets/queries/k8s/auto_tls_set_to_true/test/positive_expected_result.json index efb72a3fc05..e34115cbfc9 100644 --- a/assets/queries/k8s/auto_tls_set_to_true/test/positive_expected_result.json +++ b/assets/queries/k8s/auto_tls_set_to_true/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ - { - "queryName": "Auto TLS Set To True", - "severity": "HIGH", - "line": 21, - "fileName": "positive1.yaml" - } -] + { + "queryName": "Auto TLS Set To True", + "severity": "MEDIUM", + "line": 21, + "fileName": "positive1.yaml" + } +] \ No newline at end of file diff --git a/assets/queries/k8s/bind_address_not_properly_set/test/positive_expected_result.json b/assets/queries/k8s/bind_address_not_properly_set/test/positive_expected_result.json index 18e2eb689dd..1c89b1571fc 100644 --- a/assets/queries/k8s/bind_address_not_properly_set/test/positive_expected_result.json +++ b/assets/queries/k8s/bind_address_not_properly_set/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ - { - "queryName": "Bind Address Not Properly Set", - "severity": "HIGH", - "line": 11, - "fileName": "positive1.yaml" - }, - { - "queryName": "Bind Address Not Properly Set", - "severity": "HIGH", - "line": 11, - "fileName": "positive2.yaml" - }, - { - "queryName": "Bind Address Not Properly Set", - "severity": "HIGH", - "line": 20, - "fileName": "positive3.yaml" - }, - { - "queryName": "Bind Address Not Properly Set", - "severity": "HIGH", - "line": 20, - "fileName": "positive4.yaml" - } -] + { + "queryName": "Bind Address Not Properly Set", + "severity": "LOW", + "line": 11, + "fileName": "positive1.yaml" + }, + { + "queryName": "Bind Address Not Properly Set", + "severity": "LOW", + "line": 11, + "fileName": "positive2.yaml" + }, + { + "queryName": "Bind Address Not Properly Set", + "severity": "LOW", + "line": 20, + "fileName": "positive3.yaml" + }, + { + "queryName": "Bind Address Not Properly Set", + "severity": "LOW", + "line": 20, + "fileName": "positive4.yaml" + } +] \ No newline at end of file diff --git a/assets/queries/k8s/container_runs_unmasked/test/positive_expected_result.json b/assets/queries/k8s/container_runs_unmasked/test/positive_expected_result.json index 68f28a0b3f4..1d2470f17f5 100644 --- a/assets/queries/k8s/container_runs_unmasked/test/positive_expected_result.json +++ b/assets/queries/k8s/container_runs_unmasked/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ - { - "queryName": "Container Runs Unmasked", - "severity": "MEDIUM", - "line": 12 - } -] + { + "queryName": "Container Runs Unmasked", + "severity": "HIGH", + "line": 12 + } +] \ No newline at end of file diff --git a/assets/queries/k8s/containers_with_sys_admin_capabilities/test/positive_expected_result.json b/assets/queries/k8s/containers_with_sys_admin_capabilities/test/positive_expected_result.json index 0918d90347c..6882f8cf635 100644 --- a/assets/queries/k8s/containers_with_sys_admin_capabilities/test/positive_expected_result.json +++ b/assets/queries/k8s/containers_with_sys_admin_capabilities/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "Containers With Sys Admin Capabilities", - "severity": "MEDIUM", + "severity": "HIGH", "line": 12 } -] +] \ No newline at end of file diff --git a/assets/queries/k8s/cpu_limits_not_set/test/positive_expected_result.json b/assets/queries/k8s/cpu_limits_not_set/test/positive_expected_result.json index 8dc4c4506fa..3b9e5802174 100644 --- a/assets/queries/k8s/cpu_limits_not_set/test/positive_expected_result.json +++ b/assets/queries/k8s/cpu_limits_not_set/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "CPU Limits Not Set", - "severity": "MEDIUM", + "severity": "LOW", "line": 10, "fineName": "positive.yaml" }, { "queryName": "CPU Limits Not Set", - "severity": "MEDIUM", + "severity": "LOW", "line": 14, "fineName": "positive.yaml" }, { "queryName": "CPU Limits Not Set", - "severity": "MEDIUM", + "severity": "LOW", "line": 31, "fineName": "positive.yaml" }, { "queryName": "CPU Limits Not Set", - "severity": "MEDIUM", + "severity": "LOW", "line": 35, "fineName": "positive.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/k8s/cpu_requests_not_set/test/positive_expected_result.json b/assets/queries/k8s/cpu_requests_not_set/test/positive_expected_result.json index edcc5a575aa..f86d8bd749f 100644 --- a/assets/queries/k8s/cpu_requests_not_set/test/positive_expected_result.json +++ b/assets/queries/k8s/cpu_requests_not_set/test/positive_expected_result.json @@ -1,22 +1,22 @@ [ { "queryName": "CPU Requests Not Set", - "severity": "MEDIUM", + "severity": "LOW", "line": 10 }, { "queryName": "CPU Requests Not Set", - "severity": "MEDIUM", + "severity": "LOW", "line": 17 }, { "queryName": "CPU Requests Not Set", - "severity": "MEDIUM", + "severity": "LOW", "line": 34 }, { "queryName": "CPU Requests Not Set", - "severity": "MEDIUM", + "severity": "LOW", "line": 41 } -] +] \ No newline at end of file diff --git a/assets/queries/k8s/docker_daemon_socket_is_exposed_to_containers/test/positive_expected_result.json b/assets/queries/k8s/docker_daemon_socket_is_exposed_to_containers/test/positive_expected_result.json index a38ab3c305d..73bb660a314 100644 --- a/assets/queries/k8s/docker_daemon_socket_is_exposed_to_containers/test/positive_expected_result.json +++ b/assets/queries/k8s/docker_daemon_socket_is_exposed_to_containers/test/positive_expected_result.json @@ -1,17 +1,17 @@ [ - { - "queryName": "Docker Daemon Socket is Exposed to Containers", - "severity": "LOW", - "line": 15 - }, - { - "queryName": "Docker Daemon Socket is Exposed to Containers", - "severity": "LOW", - "line": 43 - }, - { - "queryName": "Docker Daemon Socket is Exposed to Containers", - "severity": "LOW", - "line": 67 - } -] + { + "queryName": "Docker Daemon Socket is Exposed to Containers", + "severity": "HIGH", + "line": 15 + }, + { + "queryName": "Docker Daemon Socket is Exposed to Containers", + "severity": "HIGH", + "line": 43 + }, + { + "queryName": "Docker Daemon Socket is Exposed to Containers", + "severity": "HIGH", + "line": 67 + } +] \ No newline at end of file diff --git a/assets/queries/k8s/etcd_tls_certificate_files_not_properly_set/test/positive_expected_result.json b/assets/queries/k8s/etcd_tls_certificate_files_not_properly_set/test/positive_expected_result.json index 884af0e6ba3..94b2f7aac34 100644 --- a/assets/queries/k8s/etcd_tls_certificate_files_not_properly_set/test/positive_expected_result.json +++ b/assets/queries/k8s/etcd_tls_certificate_files_not_properly_set/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ - { - "queryName": "Etcd TLS Certificate Files Not Properly Set", - "severity": "HIGH", - "line": 21, - "fileName": "positive1.yaml" - }, - { - "queryName": "Etcd TLS Certificate Files Not Properly Set", - "severity": "HIGH", - "line": 21, - "fileName": "positive2.yaml" - } -] + { + "queryName": "Etcd TLS Certificate Files Not Properly Set", + "severity": "MEDIUM", + "line": 21, + "fileName": "positive1.yaml" + }, + { + "queryName": "Etcd TLS Certificate Files Not Properly Set", + "severity": "MEDIUM", + "line": 21, + "fileName": "positive2.yaml" + } +] \ No newline at end of file diff --git a/assets/queries/k8s/etcd_tls_certificate_not_properly_configured/test/positive_expected_result.json b/assets/queries/k8s/etcd_tls_certificate_not_properly_configured/test/positive_expected_result.json index ba69942e5de..2c6c8ecd158 100644 --- a/assets/queries/k8s/etcd_tls_certificate_not_properly_configured/test/positive_expected_result.json +++ b/assets/queries/k8s/etcd_tls_certificate_not_properly_configured/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ - { - "queryName": "Etcd TLS Certificate Not Properly Configured", - "severity": "HIGH", - "line": 11, - "fileName": "positive1.yaml" - }, - { - "queryName": "Etcd TLS Certificate Not Properly Configured", - "severity": "HIGH", - "line": 11, - "fileName": "positive2.yaml" - } -] + { + "queryName": "Etcd TLS Certificate Not Properly Configured", + "severity": "MEDIUM", + "line": 11, + "fileName": "positive1.yaml" + }, + { + "queryName": "Etcd TLS Certificate Not Properly Configured", + "severity": "MEDIUM", + "line": 11, + "fileName": "positive2.yaml" + } +] \ No newline at end of file diff --git a/assets/queries/k8s/hpa_targeted_deployments_with_configured_replica_count/test/positive_expected_result.json b/assets/queries/k8s/hpa_targeted_deployments_with_configured_replica_count/test/positive_expected_result.json index 30d8699245b..d1981d9c340 100644 --- a/assets/queries/k8s/hpa_targeted_deployments_with_configured_replica_count/test/positive_expected_result.json +++ b/assets/queries/k8s/hpa_targeted_deployments_with_configured_replica_count/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ - { - "queryName": "HPA Targeted Deployments With Configured Replica Count", - "severity": "LOW", - "line": 10 - } -] + { + "queryName": "HPA Targeted Deployments With Configured Replica Count", + "severity": "INFO", + "line": 10 + } +] \ No newline at end of file diff --git a/assets/queries/k8s/kubelet_https_set_to_false/test/positive_expected_result.json b/assets/queries/k8s/kubelet_https_set_to_false/test/positive_expected_result.json index 89fd26c6303..d63831fc18f 100644 --- a/assets/queries/k8s/kubelet_https_set_to_false/test/positive_expected_result.json +++ b/assets/queries/k8s/kubelet_https_set_to_false/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ - { - "queryName": "Kubelet HTTPS Set To False", - "severity": "HIGH", - "line": 11, - "fileName": "positive1.yaml" - } -] + { + "queryName": "Kubelet HTTPS Set To False", + "severity": "MEDIUM", + "line": 11, + "fileName": "positive1.yaml" + } +] \ No newline at end of file diff --git a/assets/queries/k8s/liveness_probe_is_not_defined/test/positive_expected_result.json b/assets/queries/k8s/liveness_probe_is_not_defined/test/positive_expected_result.json index dfa40882289..81ec960d567 100644 --- a/assets/queries/k8s/liveness_probe_is_not_defined/test/positive_expected_result.json +++ b/assets/queries/k8s/liveness_probe_is_not_defined/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ - { - "queryName": "Liveness Probe Is Not Defined", - "severity": "LOW", - "line": 9, - "fileName": "positive.yaml" - } -] + { + "queryName": "Liveness Probe Is Not Defined", + "severity": "INFO", + "line": 9, + "fileName": "positive.yaml" + } +] \ No newline at end of file diff --git a/assets/queries/k8s/metadata_label_is_invalid/test/positive_expected_result.json b/assets/queries/k8s/metadata_label_is_invalid/test/positive_expected_result.json index a1aee9199a6..fc075f65a86 100644 --- a/assets/queries/k8s/metadata_label_is_invalid/test/positive_expected_result.json +++ b/assets/queries/k8s/metadata_label_is_invalid/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ - { - "queryName": "Metadata Label Is Invalid", - "severity": "LOW", - "line": 6 - } -] + { + "queryName": "Metadata Label Is Invalid", + "severity": "INFO", + "line": 6 + } +] \ No newline at end of file diff --git a/assets/queries/k8s/network_policy_is_not_targeting_any_pod/test/positive_expected_result.json b/assets/queries/k8s/network_policy_is_not_targeting_any_pod/test/positive_expected_result.json index 73e8dc83b5e..bb09f21ab6f 100644 --- a/assets/queries/k8s/network_policy_is_not_targeting_any_pod/test/positive_expected_result.json +++ b/assets/queries/k8s/network_policy_is_not_targeting_any_pod/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ - { - "queryName": "Network Policy Is Not Targeting Any Pod", - "severity": "MEDIUM", - "line": 22 - } -] + { + "queryName": "Network Policy Is Not Targeting Any Pod", + "severity": "LOW", + "line": 22 + } +] \ No newline at end of file diff --git a/assets/queries/k8s/node_restriction_admission_control_plugin_not_set/test/positive_expected_result.json b/assets/queries/k8s/node_restriction_admission_control_plugin_not_set/test/positive_expected_result.json index 74e8d25aebe..1a40d67c3d1 100644 --- a/assets/queries/k8s/node_restriction_admission_control_plugin_not_set/test/positive_expected_result.json +++ b/assets/queries/k8s/node_restriction_admission_control_plugin_not_set/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ - { - "queryName": "Node Restriction Admission Control Plugin Not Set", - "severity": "HIGH", - "line": 11, - "fileName": "positive1.yaml" - } -] + { + "queryName": "Node Restriction Admission Control Plugin Not Set", + "severity": "MEDIUM", + "line": 11, + "fileName": "positive1.yaml" + } +] \ No newline at end of file diff --git a/assets/queries/k8s/non_kube_system_pod_with_host_mount/test/positive_expected_result.json b/assets/queries/k8s/non_kube_system_pod_with_host_mount/test/positive_expected_result.json index 110ac4758cb..860b273c2d4 100644 --- a/assets/queries/k8s/non_kube_system_pod_with_host_mount/test/positive_expected_result.json +++ b/assets/queries/k8s/non_kube_system_pod_with_host_mount/test/positive_expected_result.json @@ -1,47 +1,47 @@ [ - { - "queryName": "Non Kube System Pod With Host Mount", - "severity": "MEDIUM", - "line": 40 - }, - { - "queryName": "Non Kube System Pod With Host Mount", - "severity": "MEDIUM", - "line": 43 - }, - { - "queryName": "Non Kube System Pod With Host Mount", - "severity": "MEDIUM", - "line": 59 - }, - { - "queryName": "Non Kube System Pod With Host Mount", - "severity": "MEDIUM", - "line": 76 - }, - { - "queryName": "Non Kube System Pod With Host Mount", - "severity": "MEDIUM", - "line": 106 - }, - { - "queryName": "Non Kube System Pod With Host Mount", - "severity": "MEDIUM", - "line": 136 - }, - { - "queryName": "Non Kube System Pod With Host Mount", - "severity": "MEDIUM", - "line": 153 - }, - { - "queryName": "Non Kube System Pod With Host Mount", - "severity": "MEDIUM", - "line": 168 - }, - { - "queryName": "Non Kube System Pod With Host Mount", - "severity": "MEDIUM", - "line": 185 - } -] + { + "queryName": "Non Kube System Pod With Host Mount", + "severity": "HIGH", + "line": 40 + }, + { + "queryName": "Non Kube System Pod With Host Mount", + "severity": "HIGH", + "line": 43 + }, + { + "queryName": "Non Kube System Pod With Host Mount", + "severity": "HIGH", + "line": 59 + }, + { + "queryName": "Non Kube System Pod With Host Mount", + "severity": "HIGH", + "line": 76 + }, + { + "queryName": "Non Kube System Pod With Host Mount", + "severity": "HIGH", + "line": 106 + }, + { + "queryName": "Non Kube System Pod With Host Mount", + "severity": "HIGH", + "line": 136 + }, + { + "queryName": "Non Kube System Pod With Host Mount", + "severity": "HIGH", + "line": 153 + }, + { + "queryName": "Non Kube System Pod With Host Mount", + "severity": "HIGH", + "line": 168 + }, + { + "queryName": "Non Kube System Pod With Host Mount", + "severity": "HIGH", + "line": 185 + } +] \ No newline at end of file diff --git a/assets/queries/k8s/not_limited_capabilities_for_container/test/positive_expected_result.json b/assets/queries/k8s/not_limited_capabilities_for_container/test/positive_expected_result.json index 08676ab5784..a00578de6b6 100644 --- a/assets/queries/k8s/not_limited_capabilities_for_container/test/positive_expected_result.json +++ b/assets/queries/k8s/not_limited_capabilities_for_container/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "Not Limited Capabilities For Container", - "severity": "MEDIUM", + "severity": "INFO", "line": 11 }, { "queryName": "Not Limited Capabilities For Container", - "severity": "MEDIUM", + "severity": "INFO", "line": 34 } -] +] \ No newline at end of file diff --git a/assets/queries/k8s/not_limited_capabilities_for_pod_security_policy/test/positive_expected_result.json b/assets/queries/k8s/not_limited_capabilities_for_pod_security_policy/test/positive_expected_result.json index 559fe8a61fd..9bddecf306a 100644 --- a/assets/queries/k8s/not_limited_capabilities_for_pod_security_policy/test/positive_expected_result.json +++ b/assets/queries/k8s/not_limited_capabilities_for_pod_security_policy/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ - { - "queryName": "Not Limited Capabilities For Pod Security Policy", - "severity": "HIGH", - "line": 10 - } -] + { + "queryName": "Not Limited Capabilities For Pod Security Policy", + "severity": "INFO", + "line": 10 + } +] \ No newline at end of file diff --git a/assets/queries/k8s/peer_auto_tls_set_to_true/test/positive_expected_result.json b/assets/queries/k8s/peer_auto_tls_set_to_true/test/positive_expected_result.json index a2621572db5..a13287dd345 100644 --- a/assets/queries/k8s/peer_auto_tls_set_to_true/test/positive_expected_result.json +++ b/assets/queries/k8s/peer_auto_tls_set_to_true/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ - { - "queryName": "Peer Auto TLS Set To True", - "severity": "HIGH", - "line": 21, - "fileName": "positive1.yaml" - } -] + { + "queryName": "Peer Auto TLS Set To True", + "severity": "MEDIUM", + "line": 21, + "fileName": "positive1.yaml" + } +] \ No newline at end of file diff --git a/assets/queries/k8s/psp_allows_privilege_escalation/test/positive_expected_result.json b/assets/queries/k8s/psp_allows_privilege_escalation/test/positive_expected_result.json index 3ba5d02b7aa..86ec9f078d3 100644 --- a/assets/queries/k8s/psp_allows_privilege_escalation/test/positive_expected_result.json +++ b/assets/queries/k8s/psp_allows_privilege_escalation/test/positive_expected_result.json @@ -1,13 +1,12 @@ [ - { - "queryName": "PSP Allows Privilege Escalation", - "severity": "MEDIUM", - "line": 9 - }, - - { - "queryName": "PSP Allows Privilege Escalation", - "severity": "MEDIUM", - "line": 32 - } -] + { + "queryName": "PSP Allows Privilege Escalation", + "severity": "HIGH", + "line": 9 + }, + { + "queryName": "PSP Allows Privilege Escalation", + "severity": "HIGH", + "line": 32 + } +] \ No newline at end of file diff --git a/assets/queries/k8s/psp_allows_sharing_host_ipc/test/positive_expected_result.json b/assets/queries/k8s/psp_allows_sharing_host_ipc/test/positive_expected_result.json index 47755039641..e5f72bb23f2 100644 --- a/assets/queries/k8s/psp_allows_sharing_host_ipc/test/positive_expected_result.json +++ b/assets/queries/k8s/psp_allows_sharing_host_ipc/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ - { - "queryName": "PSP Allows Sharing Host IPC", - "severity": "MEDIUM", - "line": 6 - } -] + { + "queryName": "PSP Allows Sharing Host IPC", + "severity": "HIGH", + "line": 6 + } +] \ No newline at end of file diff --git a/assets/queries/k8s/psp_set_to_privileged/test/positive_expected_result.json b/assets/queries/k8s/psp_set_to_privileged/test/positive_expected_result.json index 6fb37b07357..18055bdda6c 100644 --- a/assets/queries/k8s/psp_set_to_privileged/test/positive_expected_result.json +++ b/assets/queries/k8s/psp_set_to_privileged/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "PSP Set To Privileged", - "severity": "MEDIUM", + "severity": "HIGH", "line": 6 } -] +] \ No newline at end of file diff --git a/assets/queries/k8s/psp_with_added_capabilities/test/positive_expected_result.json b/assets/queries/k8s/psp_with_added_capabilities/test/positive_expected_result.json index c79ea26f7ac..c9d9361f647 100644 --- a/assets/queries/k8s/psp_with_added_capabilities/test/positive_expected_result.json +++ b/assets/queries/k8s/psp_with_added_capabilities/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ - { - "queryName": "PSP With Added Capabilities", - "severity": "MEDIUM", - "line": 10 - } -] + { + "queryName": "PSP With Added Capabilities", + "severity": "HIGH", + "line": 10 + } +] \ No newline at end of file diff --git a/assets/queries/k8s/role_binding_to_default_service_account/test/positive_expected_result.json b/assets/queries/k8s/role_binding_to_default_service_account/test/positive_expected_result.json index ef00a34c6eb..d9effcde718 100644 --- a/assets/queries/k8s/role_binding_to_default_service_account/test/positive_expected_result.json +++ b/assets/queries/k8s/role_binding_to_default_service_account/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ - { - "queryName": "Role Binding To Default Service Account", - "severity": "HIGH", - "line": 11 - } -] + { + "queryName": "Role Binding To Default Service Account", + "severity": "MEDIUM", + "line": 11 + } +] \ No newline at end of file diff --git a/assets/queries/k8s/service_account_private_key_file_not_defined/test/positive_expected_result.json b/assets/queries/k8s/service_account_private_key_file_not_defined/test/positive_expected_result.json index 0f5d7448e2a..f27099284e0 100644 --- a/assets/queries/k8s/service_account_private_key_file_not_defined/test/positive_expected_result.json +++ b/assets/queries/k8s/service_account_private_key_file_not_defined/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ - { - "queryName": "Service Account Private Key File Not Defined", - "severity": "HIGH", - "line": 11, - "fileName": "positive1.yaml" - } -] + { + "queryName": "Service Account Private Key File Not Defined", + "severity": "LOW", + "line": 11, + "fileName": "positive1.yaml" + } +] \ No newline at end of file diff --git a/assets/queries/k8s/tls_connection_certificate_not_setup/test/positive_expected_result.json b/assets/queries/k8s/tls_connection_certificate_not_setup/test/positive_expected_result.json index 9ad4cabf54e..218162bc4d2 100644 --- a/assets/queries/k8s/tls_connection_certificate_not_setup/test/positive_expected_result.json +++ b/assets/queries/k8s/tls_connection_certificate_not_setup/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ - { - "queryName": "TSL Connection Certificate Not Setup", - "severity": "HIGH", - "line": 11, - "filename": "positive1.yaml" - }, - { - "queryName": "TSL Connection Certificate Not Setup", - "severity": "HIGH", - "line": 11, - "filename": "positive1.yaml" - }, - { - "queryName": "TSL Connection Certificate Not Setup", - "severity": "HIGH", - "line": 2, - "filename": "positive2.yaml" - }, - { - "queryName": "TSL Connection Certificate Not Setup", - "severity": "HIGH", - "line": 2, - "filename": "positive2.yaml" - } -] + { + "queryName": "TSL Connection Certificate Not Setup", + "severity": "MEDIUM", + "line": 11, + "filename": "positive1.yaml" + }, + { + "queryName": "TSL Connection Certificate Not Setup", + "severity": "MEDIUM", + "line": 11, + "filename": "positive1.yaml" + }, + { + "queryName": "TSL Connection Certificate Not Setup", + "severity": "MEDIUM", + "line": 2, + "filename": "positive2.yaml" + }, + { + "queryName": "TSL Connection Certificate Not Setup", + "severity": "MEDIUM", + "line": 2, + "filename": "positive2.yaml" + } +] \ No newline at end of file diff --git a/assets/queries/k8s/use_service_account_credentials_not_set_to_true/test/positive_expected_result.json b/assets/queries/k8s/use_service_account_credentials_not_set_to_true/test/positive_expected_result.json index a871aaa3207..5d48942e668 100644 --- a/assets/queries/k8s/use_service_account_credentials_not_set_to_true/test/positive_expected_result.json +++ b/assets/queries/k8s/use_service_account_credentials_not_set_to_true/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ - { - "queryName": "Use Service Account Credentials Not Set To True", - "severity": "HIGH", - "line": 11, - "fileName": "positive1.yaml" - }, - { - "queryName": "Use Service Account Credentials Not Set To True", - "severity": "HIGH", - "line": 11, - "fileName": "positive2.yaml" - } -] + { + "queryName": "Use Service Account Credentials Not Set To True", + "severity": "MEDIUM", + "line": 11, + "fileName": "positive1.yaml" + }, + { + "queryName": "Use Service Account Credentials Not Set To True", + "severity": "MEDIUM", + "line": 11, + "fileName": "positive2.yaml" + } +] \ No newline at end of file diff --git a/assets/queries/k8s/volume_mount_with_os_directory_write_permissions/test/positive_expected_result.json b/assets/queries/k8s/volume_mount_with_os_directory_write_permissions/test/positive_expected_result.json index 7a9b20ea769..0145bc72b36 100644 --- a/assets/queries/k8s/volume_mount_with_os_directory_write_permissions/test/positive_expected_result.json +++ b/assets/queries/k8s/volume_mount_with_os_directory_write_permissions/test/positive_expected_result.json @@ -1,22 +1,22 @@ [ { "queryName": "Volume Mount With OS Directory Write Permissions", - "severity": "MEDIUM", + "severity": "HIGH", "line": 14 }, { "queryName": "Volume Mount With OS Directory Write Permissions", - "severity": "MEDIUM", + "severity": "HIGH", "line": 40 }, { "queryName": "Volume Mount With OS Directory Write Permissions", - "severity": "MEDIUM", + "severity": "HIGH", "line": 11 }, { "queryName": "Volume Mount With OS Directory Write Permissions", - "severity": "MEDIUM", + "severity": "HIGH", "line": 37 } -] +] \ No newline at end of file diff --git a/assets/queries/k8s/workload_mounting_with_sensitive_os_directory/test/positive_expected_result.json b/assets/queries/k8s/workload_mounting_with_sensitive_os_directory/test/positive_expected_result.json index 5a11a0bba16..459bc1f3e8a 100644 --- a/assets/queries/k8s/workload_mounting_with_sensitive_os_directory/test/positive_expected_result.json +++ b/assets/queries/k8s/workload_mounting_with_sensitive_os_directory/test/positive_expected_result.json @@ -1,67 +1,67 @@ [ { "queryName": "Workload Mounting With Sensitive OS Directory", - "severity": "MEDIUM", + "severity": "HIGH", "line": 66 }, { "queryName": "Workload Mounting With Sensitive OS Directory", - "severity": "MEDIUM", + "severity": "HIGH", "line": 112 }, { "queryName": "Workload Mounting With Sensitive OS Directory", - "severity": "MEDIUM", + "severity": "HIGH", "line": 115 }, { "queryName": "Workload Mounting With Sensitive OS Directory", - "severity": "MEDIUM", + "severity": "HIGH", "line": 145 }, { "queryName": "Workload Mounting With Sensitive OS Directory", - "severity": "MEDIUM", + "severity": "HIGH", "line": 175 }, { "queryName": "Workload Mounting With Sensitive OS Directory", - "severity": "MEDIUM", + "severity": "HIGH", "line": 193 }, { "queryName": "Workload Mounting With Sensitive OS Directory", - "severity": "MEDIUM", + "severity": "HIGH", "line": 203 }, { "queryName": "Workload Mounting With Sensitive OS Directory", - "severity": "MEDIUM", + "severity": "HIGH", "line": 229 }, { "queryName": "Workload Mounting With Sensitive OS Directory", - "severity": "MEDIUM", + "severity": "HIGH", "line": 250 }, { "queryName": "Workload Mounting With Sensitive OS Directory", - "severity": "MEDIUM", + "severity": "HIGH", "line": 265 }, { "queryName": "Workload Mounting With Sensitive OS Directory", - "severity": "MEDIUM", + "severity": "HIGH", "line": 280 }, { "queryName": "Workload Mounting With Sensitive OS Directory", - "severity": "MEDIUM", + "severity": "HIGH", "line": 70 }, { "queryName": "Workload Mounting With Sensitive OS Directory", - "severity": "MEDIUM", + "severity": "HIGH", "line": 299 } -] +] \ No newline at end of file diff --git a/assets/queries/openAPI/2.0/non_oauth2_security_requirement_defining_oauth2_scopes/test/positive_expected_result.json b/assets/queries/openAPI/2.0/non_oauth2_security_requirement_defining_oauth2_scopes/test/positive_expected_result.json index d7d487aee41..ead08115961 100644 --- a/assets/queries/openAPI/2.0/non_oauth2_security_requirement_defining_oauth2_scopes/test/positive_expected_result.json +++ b/assets/queries/openAPI/2.0/non_oauth2_security_requirement_defining_oauth2_scopes/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "Non OAuth2 Security Requirement Defining OAuth2 Scopes", - "severity": "HIGH", + "severity": "MEDIUM", "line": 33, "filename": "positive1.json" }, { "queryName": "Non OAuth2 Security Requirement Defining OAuth2 Scopes", - "severity": "HIGH", + "severity": "MEDIUM", "line": 21, "filename": "positive2.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/openAPI/2.0/operation_summary_too_long/test/positive_expected_result.json b/assets/queries/openAPI/2.0/operation_summary_too_long/test/positive_expected_result.json index 9af20c842f0..75ea2ac2f3d 100644 --- a/assets/queries/openAPI/2.0/operation_summary_too_long/test/positive_expected_result.json +++ b/assets/queries/openAPI/2.0/operation_summary_too_long/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "Operation Summary Too Long", - "severity": "LOW", + "severity": "INFO", "line": 11, "filename": "positive1.json" }, { "queryName": "Operation Summary Too Long", - "severity": "LOW", + "severity": "INFO", "line": 9, "filename": "positive2.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/openAPI/2.0/operation_using_basic_auth/test/positive_expected_result.json b/assets/queries/openAPI/2.0/operation_using_basic_auth/test/positive_expected_result.json index cb89428d4b9..ed4f148d15e 100644 --- a/assets/queries/openAPI/2.0/operation_using_basic_auth/test/positive_expected_result.json +++ b/assets/queries/openAPI/2.0/operation_using_basic_auth/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "Operation Using Basic Auth", - "severity": "LOW", + "severity": "MEDIUM", "line": 22, "filename": "positive1.json" }, { "queryName": "Operation Using Basic Auth", - "severity": "LOW", + "severity": "MEDIUM", "line": 16, "filename": "positive2.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/openAPI/2.0/operation_using_implicit_flow/test/positive_expected_result.json b/assets/queries/openAPI/2.0/operation_using_implicit_flow/test/positive_expected_result.json index f1add8194ec..ac32c231303 100644 --- a/assets/queries/openAPI/2.0/operation_using_implicit_flow/test/positive_expected_result.json +++ b/assets/queries/openAPI/2.0/operation_using_implicit_flow/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "Operation Using Implicit Flow", - "severity": "LOW", + "severity": "MEDIUM", "line": 22, "filename": "positive1.json" }, { "queryName": "Operation Using Implicit Flow", - "severity": "LOW", + "severity": "MEDIUM", "line": 16, "filename": "positive2.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/openAPI/2.0/security_definitions_using_basic_auth/test/positive_expected_result.json b/assets/queries/openAPI/2.0/security_definitions_using_basic_auth/test/positive_expected_result.json index 4f5aad9d620..ec44a6d6bd7 100644 --- a/assets/queries/openAPI/2.0/security_definitions_using_basic_auth/test/positive_expected_result.json +++ b/assets/queries/openAPI/2.0/security_definitions_using_basic_auth/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "Security Definitions Using Basic Auth", - "severity": "LOW", + "severity": "MEDIUM", "line": 25, "filename": "positive1.json" }, { "queryName": "Security Definitions Using Basic Auth", - "severity": "LOW", + "severity": "MEDIUM", "line": 17, "filename": "positive2.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/openAPI/3.0/additional_properties_too_permissive/test/positive_expected_result.json b/assets/queries/openAPI/3.0/additional_properties_too_permissive/test/positive_expected_result.json index 93682448c9b..663fbbc97d9 100644 --- a/assets/queries/openAPI/3.0/additional_properties_too_permissive/test/positive_expected_result.json +++ b/assets/queries/openAPI/3.0/additional_properties_too_permissive/test/positive_expected_result.json @@ -1,38 +1,38 @@ [ { "queryName": "Additional Properties Too Permissive", - "severity": "MEDIUM", + "severity": "LOW", "line": 24, "filename": "positive1.json" }, { "queryName": "Additional Properties Too Permissive", - "severity": "MEDIUM", + "severity": "LOW", "line": 34, "filename": "positive3.json" }, { "queryName": "Additional Properties Too Permissive", - "severity": "MEDIUM", + "severity": "LOW", "line": 14, "filename": "positive5.json" }, { "queryName": "Additional Properties Too Permissive", - "severity": "MEDIUM", + "severity": "LOW", "line": 19, "filename": "positive2.yaml" }, { "queryName": "Additional Properties Too Permissive", - "severity": "MEDIUM", + "severity": "LOW", "line": 23, "filename": "positive4.yaml" }, { "queryName": "Additional Properties Too Permissive", - "severity": "MEDIUM", + "severity": "LOW", "line": 12, "filename": "positive6.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/openAPI/3.0/additional_properties_too_restrective/test/positive_expected_result.json b/assets/queries/openAPI/3.0/additional_properties_too_restrective/test/positive_expected_result.json index 51c9099b9e7..9abd489058a 100644 --- a/assets/queries/openAPI/3.0/additional_properties_too_restrective/test/positive_expected_result.json +++ b/assets/queries/openAPI/3.0/additional_properties_too_restrective/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "Additional Properties Too Restrictive", - "severity": "MEDIUM", + "severity": "LOW", "line": 41, "filename": "positive1.json" }, { "queryName": "Additional Properties Too Restrictive", - "severity": "MEDIUM", + "severity": "LOW", "line": 15, "filename": "positive3.json" }, { "queryName": "Additional Properties Too Restrictive", - "severity": "MEDIUM", + "severity": "LOW", "line": 25, "filename": "positive2.yaml" }, { "queryName": "Additional Properties Too Restrictive", - "severity": "MEDIUM", + "severity": "LOW", "line": 13, "filename": "positive4.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/openAPI/3.0/api_key_exposed_in_global_security_scheme/test/positive_expected_result.json b/assets/queries/openAPI/3.0/api_key_exposed_in_global_security_scheme/test/positive_expected_result.json index fc00995ec35..97e2934c563 100644 --- a/assets/queries/openAPI/3.0/api_key_exposed_in_global_security_scheme/test/positive_expected_result.json +++ b/assets/queries/openAPI/3.0/api_key_exposed_in_global_security_scheme/test/positive_expected_result.json @@ -1,38 +1,38 @@ [ { "queryName": "API Key Exposed In Global Security Scheme", - "severity": "LOW", + "severity": "HIGH", "line": 52, "filename": "positive1.json" }, { "queryName": "API Key Exposed In Global Security Scheme", - "severity": "LOW", + "severity": "HIGH", "line": 57, "filename": "positive1.json" }, { "queryName": "API Key Exposed In Global Security Scheme", - "severity": "LOW", + "severity": "HIGH", "line": 62, "filename": "positive1.json" }, { "queryName": "API Key Exposed In Global Security Scheme", - "severity": "LOW", + "severity": "HIGH", "line": 31, "filename": "positive2.yaml" }, { "queryName": "API Key Exposed In Global Security Scheme", - "severity": "LOW", + "severity": "HIGH", "line": 35, "filename": "positive2.yaml" }, { "queryName": "API Key Exposed In Global Security Scheme", - "severity": "LOW", + "severity": "HIGH", "line": 39, "filename": "positive2.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/openAPI/3.0/cleartext_credentials_with_basic_auth_for_operation/test/positive_expected_result.json b/assets/queries/openAPI/3.0/cleartext_credentials_with_basic_auth_for_operation/test/positive_expected_result.json index 94d728bacd7..684dadd9441 100644 --- a/assets/queries/openAPI/3.0/cleartext_credentials_with_basic_auth_for_operation/test/positive_expected_result.json +++ b/assets/queries/openAPI/3.0/cleartext_credentials_with_basic_auth_for_operation/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "Cleartext Credentials With Basic Authentication For Operation", - "severity": "HIGH", + "severity": "MEDIUM", "line": 28, "filename": "positive1.json" }, { "queryName": "Cleartext Credentials With Basic Authentication For Operation", - "severity": "HIGH", + "severity": "MEDIUM", "line": 19, "filename": "positive2.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/openAPI/3.0/global_security_scheme_using_basic_authentication/test/positive_expected_result.json b/assets/queries/openAPI/3.0/global_security_scheme_using_basic_authentication/test/positive_expected_result.json index d8aff9faf58..4d40c6ecaee 100644 --- a/assets/queries/openAPI/3.0/global_security_scheme_using_basic_authentication/test/positive_expected_result.json +++ b/assets/queries/openAPI/3.0/global_security_scheme_using_basic_authentication/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "Global Security Scheme Using Basic Authentication", - "severity": "LOW", + "severity": "MEDIUM", "line": 51, "filename": "positive1.json" }, { "queryName": "Global Security Scheme Using Basic Authentication", - "severity": "LOW", + "severity": "MEDIUM", "line": 30, "filename": "positive2.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/openAPI/3.0/security_scheme_undefined/test/positive_expected_result.json b/assets/queries/openAPI/3.0/security_scheme_undefined/test/positive_expected_result.json index 0b8d4450a09..7fe97f3cda0 100644 --- a/assets/queries/openAPI/3.0/security_scheme_undefined/test/positive_expected_result.json +++ b/assets/queries/openAPI/3.0/security_scheme_undefined/test/positive_expected_result.json @@ -1,38 +1,38 @@ [ { "queryName": "Field 'securityScheme' On Components Is Undefined", - "severity": "HIGH", + "severity": "MEDIUM", "line": 2, "filename": "positive1.json" }, { "queryName": "Field 'securityScheme' On Components Is Undefined", - "severity": "HIGH", + "severity": "MEDIUM", "line": 43, "filename": "positive2.json" }, { "queryName": "Field 'securityScheme' On Components Is Undefined", - "severity": "HIGH", + "severity": "MEDIUM", "line": 44, "filename": "positive3.json" }, { "queryName": "Field 'securityScheme' On Components Is Undefined", - "severity": "HIGH", + "severity": "MEDIUM", "line": 1, "filename": "positive4.yaml" }, { "queryName": "Field 'securityScheme' On Components Is Undefined", - "severity": "HIGH", + "severity": "MEDIUM", "line": 25, "filename": "positive5.yaml" }, { "queryName": "Field 'securityScheme' On Components Is Undefined", - "severity": "HIGH", + "severity": "MEDIUM", "line": 26, "filename": "positive6.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/openAPI/3.0/security_scheme_using_http_basic/test/positive_expected_result.json b/assets/queries/openAPI/3.0/security_scheme_using_http_basic/test/positive_expected_result.json index 7e781d6ad16..aa4a27d8581 100644 --- a/assets/queries/openAPI/3.0/security_scheme_using_http_basic/test/positive_expected_result.json +++ b/assets/queries/openAPI/3.0/security_scheme_using_http_basic/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "Security Scheme Using HTTP Basic", - "severity": "MEDIUM", + "severity": "LOW", "line": 57, "filename": "positive1.json" }, { "queryName": "Security Scheme Using HTTP Basic", - "severity": "MEDIUM", + "severity": "LOW", "line": 33, "filename": "positive2.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/openAPI/3.0/security_scheme_using_http_digest/test/positive_expected_result.json b/assets/queries/openAPI/3.0/security_scheme_using_http_digest/test/positive_expected_result.json index bef3bfbcb33..22356392f89 100644 --- a/assets/queries/openAPI/3.0/security_scheme_using_http_digest/test/positive_expected_result.json +++ b/assets/queries/openAPI/3.0/security_scheme_using_http_digest/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "Security Scheme Using HTTP Digest", - "severity": "MEDIUM", + "severity": "LOW", "line": 57, "filename": "positive1.json" }, { "queryName": "Security Scheme Using HTTP Digest", - "severity": "MEDIUM", + "severity": "LOW", "line": 33, "filename": "positive2.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/openAPI/3.0/security_scheme_using_http_negotiate/test/positive_expected_result.json b/assets/queries/openAPI/3.0/security_scheme_using_http_negotiate/test/positive_expected_result.json index fd8f6d8e464..fe5a5c177ac 100644 --- a/assets/queries/openAPI/3.0/security_scheme_using_http_negotiate/test/positive_expected_result.json +++ b/assets/queries/openAPI/3.0/security_scheme_using_http_negotiate/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "Security Scheme Using HTTP Negotiate", - "severity": "MEDIUM", + "severity": "LOW", "line": 57, "filename": "positive1.json" }, { "queryName": "Security Scheme Using HTTP Negotiate", - "severity": "MEDIUM", + "severity": "LOW", "line": 33, "filename": "positive2.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/openAPI/3.0/success_response_code_undefined_trace_operation/test/positive_expected_result.json b/assets/queries/openAPI/3.0/success_response_code_undefined_trace_operation/test/positive_expected_result.json index dd0f08ca460..a975a9d09db 100644 --- a/assets/queries/openAPI/3.0/success_response_code_undefined_trace_operation/test/positive_expected_result.json +++ b/assets/queries/openAPI/3.0/success_response_code_undefined_trace_operation/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "Success Response Code Undefined for Trace Operation", - "severity": "MEDIUM", + "severity": "INFO", "line": 12, "filename": "positive1.json" }, { "queryName": "Success Response Code Undefined for Trace Operation", - "severity": "MEDIUM", + "severity": "INFO", "line": 10, "filename": "positive2.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/openAPI/general/api_key_exposed_in_global_security/test/positive_expected_result.json b/assets/queries/openAPI/general/api_key_exposed_in_global_security/test/positive_expected_result.json index cc8ad2fbe15..a0df7221cb4 100644 --- a/assets/queries/openAPI/general/api_key_exposed_in_global_security/test/positive_expected_result.json +++ b/assets/queries/openAPI/general/api_key_exposed_in_global_security/test/positive_expected_result.json @@ -1,62 +1,62 @@ [ { "queryName": "API Key Exposed In Global Security (v3)", - "severity": "MEDIUM", + "severity": "HIGH", "line": 45, "filename": "positive1.json" }, { "queryName": "API Key Exposed In Global Security (v3)", - "severity": "MEDIUM", + "severity": "HIGH", "line": 46, "filename": "positive1.json" }, { "queryName": "API Key Exposed In Global Security (v3)", - "severity": "MEDIUM", + "severity": "HIGH", "line": 47, "filename": "positive1.json" }, { "queryName": "API Key Exposed In Global Security (v3)", - "severity": "MEDIUM", + "severity": "HIGH", "line": 26, "filename": "positive2.yaml" }, { "queryName": "API Key Exposed In Global Security (v3)", - "severity": "MEDIUM", + "severity": "HIGH", "line": 27, "filename": "positive2.yaml" }, { "queryName": "API Key Exposed In Global Security (v3)", - "severity": "MEDIUM", + "severity": "HIGH", "line": 28, "filename": "positive2.yaml" }, { "queryName": "API Key Exposed In Global Security (v2)", - "severity": "MEDIUM", + "severity": "HIGH", "line": 22, "filename": "positive3.json" }, { "queryName": "API Key Exposed In Global Security (v2)", - "severity": "MEDIUM", + "severity": "HIGH", "line": 23, "filename": "positive3.json" }, { "queryName": "API Key Exposed In Global Security (v2)", - "severity": "MEDIUM", + "severity": "HIGH", "line": 14, "filename": "positive4.yaml" }, { "queryName": "API Key Exposed In Global Security (v2)", - "severity": "MEDIUM", + "severity": "HIGH", "line": 15, "filename": "positive4.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/openAPI/general/api_key_exposed_in_operation_security/test/positive_expected_result.json b/assets/queries/openAPI/general/api_key_exposed_in_operation_security/test/positive_expected_result.json index 284cb823536..ec4d9e692a3 100644 --- a/assets/queries/openAPI/general/api_key_exposed_in_operation_security/test/positive_expected_result.json +++ b/assets/queries/openAPI/general/api_key_exposed_in_operation_security/test/positive_expected_result.json @@ -1,62 +1,62 @@ [ { "queryName": "API Key Exposed In Operation Security (v3)", - "severity": "LOW", + "severity": "HIGH", "line": 14, "filename": "positive1.json" }, { "queryName": "API Key Exposed In Operation Security (v3)", - "severity": "LOW", + "severity": "HIGH", "line": 15, "filename": "positive1.json" }, { "queryName": "API Key Exposed In Operation Security (v3)", - "severity": "LOW", + "severity": "HIGH", "line": 16, "filename": "positive1.json" }, { "queryName": "API Key Exposed In Operation Security (v3)", - "severity": "LOW", + "severity": "HIGH", "line": 11, "filename": "positive2.yaml" }, { "queryName": "API Key Exposed In Operation Security (v3)", - "severity": "LOW", + "severity": "HIGH", "line": 12, "filename": "positive2.yaml" }, { "queryName": "API Key Exposed In Operation Security (v3)", - "severity": "LOW", + "severity": "HIGH", "line": 13, "filename": "positive2.yaml" }, { "queryName": "API Key Exposed In Operation Security (v2)", - "severity": "LOW", + "severity": "HIGH", "line": 14, "filename": "positive3.json" }, { "queryName": "API Key Exposed In Operation Security (v2)", - "severity": "LOW", + "severity": "HIGH", "line": 15, "filename": "positive3.json" }, { "queryName": "API Key Exposed In Operation Security (v2)", - "severity": "LOW", + "severity": "HIGH", "line": 11, "filename": "positive4.yaml" }, { "queryName": "API Key Exposed In Operation Security (v2)", - "severity": "LOW", + "severity": "HIGH", "line": 12, "filename": "positive4.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/openAPI/general/array_items_has_no_type/test/positive_expected_result.json b/assets/queries/openAPI/general/array_items_has_no_type/test/positive_expected_result.json index 3500413594f..55fcc467565 100644 --- a/assets/queries/openAPI/general/array_items_has_no_type/test/positive_expected_result.json +++ b/assets/queries/openAPI/general/array_items_has_no_type/test/positive_expected_result.json @@ -1,50 +1,50 @@ [ { "queryName": "Array Items Has No Type (v3)", - "severity": "HIGH", + "severity": "LOW", "line": 65, "filename": "positive1.json" }, { "queryName": "Array Items Has No Type (v3)", - "severity": "HIGH", + "severity": "LOW", "line": 22, "filename": "positive2.json" }, { "queryName": "Array Items Has No Type (v3)", - "severity": "HIGH", + "severity": "LOW", "line": 21, "filename": "positive3.json" }, { "queryName": "Array Items Has No Type (v3)", - "severity": "HIGH", + "severity": "LOW", "line": 42, "filename": "positive4.yaml" }, { "queryName": "Array Items Has No Type (v3)", - "severity": "HIGH", + "severity": "LOW", "line": 19, "filename": "positive5.yaml" }, { "queryName": "Array Items Has No Type (v3)", - "severity": "HIGH", + "severity": "LOW", "line": 19, "filename": "positive6.yaml" }, { "queryName": "Array Items Has No Type (v2)", - "severity": "HIGH", + "severity": "LOW", "line": 25, "filename": "positive7.json" }, { "queryName": "Array Items Has No Type (v2)", - "severity": "HIGH", + "severity": "LOW", "line": 20, "filename": "positive8.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/openAPI/general/array_without_maximum_number_items/test/positive_expected_result.json b/assets/queries/openAPI/general/array_without_maximum_number_items/test/positive_expected_result.json index 99cebc6803b..656fed9e496 100644 --- a/assets/queries/openAPI/general/array_without_maximum_number_items/test/positive_expected_result.json +++ b/assets/queries/openAPI/general/array_without_maximum_number_items/test/positive_expected_result.json @@ -1,38 +1,38 @@ [ { "queryName": "Array Without Maximum Number of Items (v3)", - "severity": "HIGH", + "severity": "MEDIUM", "line": 56, "filename": "positive1.json" }, { "queryName": "Array Without Maximum Number of Items (v3)", - "severity": "HIGH", + "severity": "MEDIUM", "line": 28, "filename": "positive2.json" }, { "queryName": "Array Without Maximum Number of Items (v3)", - "severity": "HIGH", + "severity": "MEDIUM", "line": 32, "filename": "positive3.yaml" }, { "queryName": "Array Without Maximum Number of Items (v3)", - "severity": "HIGH", + "severity": "MEDIUM", "line": 20, "filename": "positive4.yaml" }, { "queryName": "Array Without Maximum Number of Items (v2)", - "severity": "HIGH", + "severity": "MEDIUM", "line": 31, "filename": "positive5.json" }, { "queryName": "Array Without Maximum Number of Items (v2)", - "severity": "HIGH", + "severity": "MEDIUM", "line": 23, "filename": "positive6.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/openAPI/general/default_response_undefined_operations/test/positive_expected_result.json b/assets/queries/openAPI/general/default_response_undefined_operations/test/positive_expected_result.json index d11750beea8..4808f4bf872 100644 --- a/assets/queries/openAPI/general/default_response_undefined_operations/test/positive_expected_result.json +++ b/assets/queries/openAPI/general/default_response_undefined_operations/test/positive_expected_result.json @@ -1,62 +1,62 @@ [ { "queryName": "Default Response Undefined On Operations (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 12, "filename": "positive1.json" }, { "queryName": "Default Response Undefined On Operations (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 12, "filename": "positive2.json" }, { "queryName": "Default Response Undefined On Operations (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 21, "filename": "positive2.json" }, { "queryName": "Default Response Undefined On Operations (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 10, "filename": "positive3.yaml" }, { "queryName": "Default Response Undefined On Operations (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 10, "filename": "positive4.yaml" }, { "queryName": "Default Response Undefined On Operations (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 16, "filename": "positive4.yaml" }, { "queryName": "Default Response Undefined On Operations (v2)", - "severity": "MEDIUM", + "severity": "INFO", "line": 12, "filename": "positive5.json" }, { "queryName": "Default Response Undefined On Operations (v2)", - "severity": "MEDIUM", + "severity": "INFO", "line": 21, "filename": "positive5.json" }, { "queryName": "Default Response Undefined On Operations (v2)", - "severity": "MEDIUM", + "severity": "INFO", "line": 10, "filename": "positive6.yaml" }, { "queryName": "Default Response Undefined On Operations (v2)", - "severity": "MEDIUM", + "severity": "INFO", "line": 16, "filename": "positive6.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/openAPI/general/maximum_length_undefined/test/positive_expected_result.json b/assets/queries/openAPI/general/maximum_length_undefined/test/positive_expected_result.json index eba63f44043..5db48637405 100644 --- a/assets/queries/openAPI/general/maximum_length_undefined/test/positive_expected_result.json +++ b/assets/queries/openAPI/general/maximum_length_undefined/test/positive_expected_result.json @@ -1,128 +1,128 @@ [ { "queryName": "Maximum Length Undefined (v3)", - "severity": "MEDIUM", + "severity": "LOW", "line": 58, "filename": "positive1.json" }, { "queryName": "Maximum Length Undefined (v3)", - "severity": "MEDIUM", + "severity": "LOW", "line": 62, "filename": "positive1.json" }, { "queryName": "Maximum Length Undefined (v3)", - "severity": "MEDIUM", + "severity": "LOW", "line": 77, "filename": "positive1.json" }, { "queryName": "Maximum Length Undefined (v3)", - "severity": "MEDIUM", + "severity": "LOW", "line": 77, "filename": "positive1.json" }, { "queryName": "Maximum Length Undefined (v3)", - "severity": "MEDIUM", + "severity": "LOW", "line": 27, "filename": "positive2.json" }, { "queryName": "Maximum Length Undefined (v3)", - "severity": "MEDIUM", + "severity": "LOW", "line": 31, "filename": "positive2.json" }, { "queryName": "Maximum Length Undefined (v3)", - "severity": "MEDIUM", + "severity": "LOW", "line": 34, "filename": "positive3.yaml" }, { "queryName": "Maximum Length Undefined (v3)", - "severity": "MEDIUM", + "severity": "LOW", "line": 37, "filename": "positive3.yaml" }, { "queryName": "Maximum Length Undefined (v3)", - "severity": "MEDIUM", + "severity": "LOW", "line": 47, "filename": "positive3.yaml" }, { "queryName": "Maximum Length Undefined (v3)", - "severity": "MEDIUM", + "severity": "LOW", "line": 47, "filename": "positive3.yaml" }, { "queryName": "Maximum Length Undefined (v3)", - "severity": "MEDIUM", + "severity": "LOW", "line": 22, "filename": "positive4.yaml" }, { "queryName": "Maximum Length Undefined (v3)", - "severity": "MEDIUM", + "severity": "LOW", "line": 25, "filename": "positive4.yaml" }, { "queryName": "Maximum Length Undefined (v2)", - "severity": "MEDIUM", + "severity": "LOW", "line": 23, "filename": "positive5.json" }, { "queryName": "Maximum Length Undefined (v2)", - "severity": "MEDIUM", + "severity": "LOW", "line": 27, "filename": "positive5.json" }, { "queryName": "Maximum Length Undefined (v2)", - "severity": "MEDIUM", + "severity": "LOW", "line": 19, "filename": "positive6.yaml" }, { "queryName": "Maximum Length Undefined (v2)", - "severity": "MEDIUM", + "severity": "LOW", "line": 22, "filename": "positive6.yaml" }, { "queryName": "Maximum Length Undefined (v2)", - "severity": "MEDIUM", + "severity": "LOW", "line": 23, "filename": "positive7.json" }, { "queryName": "Maximum Length Undefined (v2)", - "severity": "MEDIUM", + "severity": "LOW", "line": 28, "filename": "positive7.json" }, { "queryName": "Maximum Length Undefined (v2)", - "severity": "MEDIUM", + "severity": "LOW", "line": 28, "filename": "positive8.json" }, { "queryName": "Maximum Length Undefined (v3)", - "severity": "MEDIUM", + "severity": "LOW", "line": 46, "filename": "positive9.json" }, { "queryName": "Maximum Length Undefined (v3)", - "severity": "MEDIUM", + "severity": "LOW", "line": 55, "filename": "positive9.json" } -] +] \ No newline at end of file diff --git a/assets/queries/openAPI/general/numeric_schema_without_format/test/positive_expected_result.json b/assets/queries/openAPI/general/numeric_schema_without_format/test/positive_expected_result.json index 8e533ed5bfa..86c83d955eb 100644 --- a/assets/queries/openAPI/general/numeric_schema_without_format/test/positive_expected_result.json +++ b/assets/queries/openAPI/general/numeric_schema_without_format/test/positive_expected_result.json @@ -1,50 +1,50 @@ [ { "queryName": "Numeric Schema Without Format (v3)", - "severity": "MEDIUM", + "severity": "LOW", "line": 58, "filename": "positive1.json" }, { "queryName": "Numeric Schema Without Format (v3)", - "severity": "MEDIUM", + "severity": "LOW", "line": 75, "filename": "positive1.json" }, { "queryName": "Numeric Schema Without Format (v3)", - "severity": "MEDIUM", + "severity": "LOW", "line": 27, "filename": "positive2.json" }, { "queryName": "Numeric Schema Without Format (v3)", - "severity": "MEDIUM", + "severity": "LOW", "line": 34, "filename": "positive3.yaml" }, { "queryName": "Numeric Schema Without Format (v3)", - "severity": "MEDIUM", + "severity": "LOW", "line": 46, "filename": "positive3.yaml" }, { "queryName": "Numeric Schema Without Format (v3)", - "severity": "MEDIUM", + "severity": "LOW", "line": 22, "filename": "positive4.yaml" }, { "queryName": "Numeric Schema Without Format (v2)", - "severity": "MEDIUM", + "severity": "LOW", "line": 23, "filename": "positive5.json" }, { "queryName": "Numeric Schema Without Format (v2)", - "severity": "MEDIUM", + "severity": "LOW", "line": 20, "filename": "positive6.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/openAPI/general/numeric_schema_without_maximum/test/positive_expected_result.json b/assets/queries/openAPI/general/numeric_schema_without_maximum/test/positive_expected_result.json index faded49c72a..544f422d0eb 100644 --- a/assets/queries/openAPI/general/numeric_schema_without_maximum/test/positive_expected_result.json +++ b/assets/queries/openAPI/general/numeric_schema_without_maximum/test/positive_expected_result.json @@ -1,50 +1,50 @@ [ { "queryName": "Numeric Schema Without Maximum (v3)", - "severity": "MEDIUM", + "severity": "LOW", "line": 58, "filename": "positive1.json" }, { "queryName": "Numeric Schema Without Maximum (v3)", - "severity": "MEDIUM", + "severity": "LOW", "line": 75, "filename": "positive1.json" }, { "queryName": "Numeric Schema Without Maximum (v3)", - "severity": "MEDIUM", + "severity": "LOW", "line": 27, "filename": "positive2.json" }, { "queryName": "Numeric Schema Without Maximum (v3)", - "severity": "MEDIUM", + "severity": "LOW", "line": 34, "filename": "positive3.yaml" }, { "queryName": "Numeric Schema Without Maximum (v3)", - "severity": "MEDIUM", + "severity": "LOW", "line": 46, "filename": "positive3.yaml" }, { "queryName": "Numeric Schema Without Maximum (v3)", - "severity": "MEDIUM", + "severity": "LOW", "line": 22, "filename": "positive4.yaml" }, { "queryName": "Numeric Schema Without Maximum (v2)", - "severity": "MEDIUM", + "severity": "LOW", "line": 23, "filename": "positive5.json" }, { "queryName": "Numeric Schema Without Maximum (v2)", - "severity": "MEDIUM", + "severity": "LOW", "line": 20, "filename": "positive6.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/openAPI/general/numeric_schema_without_minimum/test/positive_expected_result.json b/assets/queries/openAPI/general/numeric_schema_without_minimum/test/positive_expected_result.json index 81137b2a6c5..d33e3fd50ff 100644 --- a/assets/queries/openAPI/general/numeric_schema_without_minimum/test/positive_expected_result.json +++ b/assets/queries/openAPI/general/numeric_schema_without_minimum/test/positive_expected_result.json @@ -1,50 +1,50 @@ [ { "queryName": "Numeric Schema Without Minimum (v3)", - "severity": "MEDIUM", + "severity": "LOW", "line": 58, "filename": "positive1.json" }, { "queryName": "Numeric Schema Without Minimum (v3)", - "severity": "MEDIUM", + "severity": "LOW", "line": 74, "filename": "positive1.json" }, { "queryName": "Numeric Schema Without Minimum (v3)", - "severity": "MEDIUM", + "severity": "LOW", "line": 27, "filename": "positive2.json" }, { "queryName": "Numeric Schema Without Minimum (v3)", - "severity": "MEDIUM", + "severity": "LOW", "line": 34, "filename": "positive3.yaml" }, { "queryName": "Numeric Schema Without Minimum (v3)", - "severity": "MEDIUM", + "severity": "LOW", "line": 45, "filename": "positive3.yaml" }, { "queryName": "Numeric Schema Without Minimum (v3)", - "severity": "MEDIUM", + "severity": "LOW", "line": 22, "filename": "positive4.yaml" }, { "queryName": "Numeric Schema Without Minimum (v2)", - "severity": "MEDIUM", + "severity": "LOW", "line": 23, "filename": "positive5.json" }, { "queryName": "Numeric Schema Without Minimum (v2)", - "severity": "MEDIUM", + "severity": "LOW", "line": 20, "filename": "positive6.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/openAPI/general/response_code_missing/test/positive_expected_result.json b/assets/queries/openAPI/general/response_code_missing/test/positive_expected_result.json index 02e71b162e1..a7f6b9657be 100644 --- a/assets/queries/openAPI/general/response_code_missing/test/positive_expected_result.json +++ b/assets/queries/openAPI/general/response_code_missing/test/positive_expected_result.json @@ -1,158 +1,158 @@ [ { "queryName": "Response Code Missing (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 12, "filename": "positive1.json" }, { "queryName": "Response Code Missing (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 12, "filename": "positive1.json" }, { "queryName": "Response Code Missing (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 12, "filename": "positive1.json" }, { "queryName": "Response Code Missing (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 12, "filename": "positive1.json" }, { "queryName": "Response Code Missing (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 12, "filename": "positive1.json" }, { "queryName": "Response Code Missing (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 21, "filename": "positive1.json" }, { "queryName": "Response Code Missing (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 21, "filename": "positive1.json" }, { "queryName": "Response Code Missing (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 21, "filename": "positive1.json" }, { "queryName": "Response Code Missing (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 21, "filename": "positive1.json" }, { "queryName": "Response Code Missing (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 12, "filename": "positive2.json" }, { "queryName": "Response Code Missing (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 12, "filename": "positive2.json" }, { "queryName": "Response Code Missing (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 10, "filename": "positive3.yaml" }, { "queryName": "Response Code Missing (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 10, "filename": "positive3.yaml" }, { "queryName": "Response Code Missing (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 10, "filename": "positive3.yaml" }, { "queryName": "Response Code Missing (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 10, "filename": "positive3.yaml" }, { "queryName": "Response Code Missing (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 10, "filename": "positive3.yaml" }, { "queryName": "Response Code Missing (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 16, "filename": "positive3.yaml" }, { "queryName": "Response Code Missing (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 16, "filename": "positive3.yaml" }, { "queryName": "Response Code Missing (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 16, "filename": "positive3.yaml" }, { "queryName": "Response Code Missing (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 16, "filename": "positive3.yaml" }, { "queryName": "Response Code Missing (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 10, "filename": "positive4.yaml" }, { "queryName": "Response Code Missing (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 10, "filename": "positive4.yaml" }, { "queryName": "Response Code Missing (v2)", - "severity": "MEDIUM", + "severity": "INFO", "line": 12, "filename": "positive5.json" }, { "queryName": "Response Code Missing (v2)", - "severity": "MEDIUM", + "severity": "INFO", "line": 12, "filename": "positive5.json" }, { "queryName": "Response Code Missing (v2)", - "severity": "MEDIUM", + "severity": "INFO", "line": 10, "filename": "positive6.yaml" }, { "queryName": "Response Code Missing (v2)", - "severity": "MEDIUM", + "severity": "INFO", "line": 10, "filename": "positive6.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/openAPI/general/response_operations_body_schema_incorrect_defined/test/positive_expected_result.json b/assets/queries/openAPI/general/response_operations_body_schema_incorrect_defined/test/positive_expected_result.json index 175679b2077..d01f8367844 100644 --- a/assets/queries/openAPI/general/response_operations_body_schema_incorrect_defined/test/positive_expected_result.json +++ b/assets/queries/openAPI/general/response_operations_body_schema_incorrect_defined/test/positive_expected_result.json @@ -1,38 +1,38 @@ [ { "queryName": "Response on operations that should not have a body has declared content (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 29, "filename": "positive1.json" }, { "queryName": "Response on operations that should not have a body has declared content (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 20, "filename": "positive2.json" }, { "queryName": "Response on operations that should not have a body has declared content (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 23, "filename": "positive3.yaml" }, { "queryName": "Response on operations that should not have a body has declared content (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 17, "filename": "positive4.yaml" }, { "queryName": "Response on operations that should not have a body has declared content (v2)", - "severity": "MEDIUM", + "severity": "INFO", "line": 13, "filename": "positive5.yaml" }, { "queryName": "Response on operations that should not have a body has declared content (v2)", - "severity": "MEDIUM", + "severity": "INFO", "line": 15, "filename": "positive6.json" } -] +] \ No newline at end of file diff --git a/assets/queries/openAPI/general/string_schema_with_broad_pattern/test/positive_expected_result.json b/assets/queries/openAPI/general/string_schema_with_broad_pattern/test/positive_expected_result.json index a4bb6ec93d8..a74d7ffee20 100644 --- a/assets/queries/openAPI/general/string_schema_with_broad_pattern/test/positive_expected_result.json +++ b/assets/queries/openAPI/general/string_schema_with_broad_pattern/test/positive_expected_result.json @@ -1,50 +1,50 @@ [ { "queryName": "String Schema with Broad Pattern (v3)", - "severity": "MEDIUM", + "severity": "LOW", "line": 61, "filename": "positive1.json" }, { "queryName": "String Schema with Broad Pattern (v3)", - "severity": "MEDIUM", + "severity": "LOW", "line": 81, "filename": "positive1.json" }, { "queryName": "String Schema with Broad Pattern (v3)", - "severity": "MEDIUM", + "severity": "LOW", "line": 30, "filename": "positive2.json" }, { "queryName": "String Schema with Broad Pattern (v3)", - "severity": "MEDIUM", + "severity": "LOW", "line": 37, "filename": "positive3.yaml" }, { "queryName": "String Schema with Broad Pattern (v3)", - "severity": "MEDIUM", + "severity": "LOW", "line": 51, "filename": "positive3.yaml" }, { "queryName": "String Schema with Broad Pattern (v3)", - "severity": "MEDIUM", + "severity": "LOW", "line": 25, "filename": "positive4.yaml" }, { "queryName": "String Schema with Broad Pattern (v2)", - "severity": "MEDIUM", + "severity": "LOW", "line": 30, "filename": "positive6.json" }, { "queryName": "String Schema with Broad Pattern (v2)", - "severity": "MEDIUM", + "severity": "LOW", "line": 26, "filename": "positive5.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/openAPI/general/success_response_code_undefined_delete_operation/test/positive_expected_result.json b/assets/queries/openAPI/general/success_response_code_undefined_delete_operation/test/positive_expected_result.json index d395a4beb48..62d15e974a5 100644 --- a/assets/queries/openAPI/general/success_response_code_undefined_delete_operation/test/positive_expected_result.json +++ b/assets/queries/openAPI/general/success_response_code_undefined_delete_operation/test/positive_expected_result.json @@ -1,38 +1,38 @@ [ { "queryName": "Success Response Code Undefined for Delete Operation (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 12, "filename": "positive1.json" }, { "queryName": "Success Response Code Undefined for Delete Operation (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 12, "filename": "positive2.json" }, { "queryName": "Success Response Code Undefined for Delete Operation (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 10, "filename": "positive3.yaml" }, { "queryName": "Success Response Code Undefined for Delete Operation (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 10, "filename": "positive4.yaml" }, { "queryName": "Success Response Code Undefined for Delete Operation (v2)", - "severity": "MEDIUM", + "severity": "INFO", "line": 12, "filename": "positive5.json" }, { "queryName": "Success Response Code Undefined for Delete Operation (v2)", - "severity": "MEDIUM", + "severity": "INFO", "line": 10, "filename": "positive6.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/openAPI/general/success_response_code_undefined_get_operation/test/positive_expected_result.json b/assets/queries/openAPI/general/success_response_code_undefined_get_operation/test/positive_expected_result.json index 195a28e7fdc..2c348f015b6 100644 --- a/assets/queries/openAPI/general/success_response_code_undefined_get_operation/test/positive_expected_result.json +++ b/assets/queries/openAPI/general/success_response_code_undefined_get_operation/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "Success Response Code Undefined for Get Operation (v2)", - "severity": "MEDIUM", + "severity": "INFO", "line": 12, "filename": "positive1.json" }, { "queryName": "Success Response Code Undefined for Get Operation (v2)", - "severity": "MEDIUM", + "severity": "INFO", "line": 10, "filename": "positive2.yaml" }, { "queryName": "Success Response Code Undefined for Get Operation (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 12, "filename": "positive3.json" }, { "queryName": "Success Response Code Undefined for Get Operation (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 10, "filename": "positive4.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/openAPI/general/success_response_code_undefined_head_operation/test/positive_expected_result.json b/assets/queries/openAPI/general/success_response_code_undefined_head_operation/test/positive_expected_result.json index 006e3bb0fbb..15556bb556e 100644 --- a/assets/queries/openAPI/general/success_response_code_undefined_head_operation/test/positive_expected_result.json +++ b/assets/queries/openAPI/general/success_response_code_undefined_head_operation/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "Success Response Code Undefined for Head Operation (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 12, "filename": "positive1.json" }, { "queryName": "Success Response Code Undefined for Head Operation (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 10, "filename": "positive2.yaml" }, { "queryName": "Success Response Code Undefined for Head Operation (v2)", - "severity": "MEDIUM", + "severity": "INFO", "line": 12, "filename": "positive3.json" }, { "queryName": "Success Response Code Undefined for Head Operation (v2)", - "severity": "MEDIUM", + "severity": "INFO", "line": 10, "filename": "positive4.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/openAPI/general/success_response_code_undefined_patch_operation/test/positive_expected_result.json b/assets/queries/openAPI/general/success_response_code_undefined_patch_operation/test/positive_expected_result.json index 0b319581598..2794beb2fc5 100644 --- a/assets/queries/openAPI/general/success_response_code_undefined_patch_operation/test/positive_expected_result.json +++ b/assets/queries/openAPI/general/success_response_code_undefined_patch_operation/test/positive_expected_result.json @@ -1,38 +1,38 @@ [ { "queryName": "Success Response Code Undefined for Patch Operation (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 12, "filename": "positive1.json" }, { "queryName": "Success Response Code Undefined for Patch Operation (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 24, "filename": "positive2.json" }, { "queryName": "Success Response Code Undefined for Patch Operation (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 10, "filename": "positive3.yaml" }, { "queryName": "Success Response Code Undefined for Patch Operation (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 18, "filename": "positive4.yaml" }, { "queryName": "Success Response Code Undefined for Patch Operation (v2)", - "severity": "MEDIUM", + "severity": "INFO", "line": 24, "filename": "positive5.json" }, { "queryName": "Success Response Code Undefined for Patch Operation (v2)", - "severity": "MEDIUM", + "severity": "INFO", "line": 18, "filename": "positive6.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/openAPI/general/success_response_code_undefined_post_operation/test/positive_expected_result.json b/assets/queries/openAPI/general/success_response_code_undefined_post_operation/test/positive_expected_result.json index 7fab652ec63..4f3d83b0af7 100644 --- a/assets/queries/openAPI/general/success_response_code_undefined_post_operation/test/positive_expected_result.json +++ b/assets/queries/openAPI/general/success_response_code_undefined_post_operation/test/positive_expected_result.json @@ -1,38 +1,38 @@ [ { "queryName": "Success Response Code Undefined for Post Operation (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 12, "filename": "positive1.json" }, { "queryName": "Success Response Code Undefined for Post Operation (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 24, "filename": "positive2.json" }, { "queryName": "Success Response Code Undefined for Post Operation (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 10, "filename": "positive3.yaml" }, { "queryName": "Success Response Code Undefined for Post Operation (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 18, "filename": "positive4.yaml" }, { "queryName": "Success Response Code Undefined for Post Operation (v2)", - "severity": "MEDIUM", + "severity": "INFO", "line": 24, "filename": "positive5.json" }, { "queryName": "Success Response Code Undefined for Post Operation (v2)", - "severity": "MEDIUM", + "severity": "INFO", "line": 18, "filename": "positive6.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/openAPI/general/success_response_code_undefined_put_operation/test/positive_expected_result.json b/assets/queries/openAPI/general/success_response_code_undefined_put_operation/test/positive_expected_result.json index d952ebce74e..140d784e325 100644 --- a/assets/queries/openAPI/general/success_response_code_undefined_put_operation/test/positive_expected_result.json +++ b/assets/queries/openAPI/general/success_response_code_undefined_put_operation/test/positive_expected_result.json @@ -1,38 +1,38 @@ [ { "queryName": "Success Response Code Undefined for Put Operation (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 12, "filename": "positive1.json" }, { "queryName": "Success Response Code Undefined for Put Operation (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 24, "filename": "positive2.json" }, { "queryName": "Success Response Code Undefined for Put Operation (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 10, "filename": "positive3.yaml" }, { "queryName": "Success Response Code Undefined for Put Operation (v3)", - "severity": "MEDIUM", + "severity": "INFO", "line": 18, "filename": "positive4.yaml" }, { "queryName": "Success Response Code Undefined for Put Operation (v2)", - "severity": "MEDIUM", + "severity": "INFO", "line": 24, "filename": "positive5.json" }, { "queryName": "Success Response Code Undefined for Put Operation (v2)", - "severity": "MEDIUM", + "severity": "INFO", "line": 18, "filename": "positive6.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/pulumi/aws/amazon_dms_replication_instance_is_publicly_accessible/test/positive_expected_result.json b/assets/queries/pulumi/aws/amazon_dms_replication_instance_is_publicly_accessible/test/positive_expected_result.json index f51372f2b14..6618f3802ee 100644 --- a/assets/queries/pulumi/aws/amazon_dms_replication_instance_is_publicly_accessible/test/positive_expected_result.json +++ b/assets/queries/pulumi/aws/amazon_dms_replication_instance_is_publicly_accessible/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ - { - "queryName": "Amazon DMS Replication Instance Is Publicly Accessible", - "severity": "HIGH", - "line": 44, - "fileName": "positive1.yaml" - }, - { - "queryName": "Amazon DMS Replication Instance Is Publicly Accessible", - "severity": "HIGH", - "line": 35, - "fileName": "positive2.yaml" - } + { + "queryName": "Amazon DMS Replication Instance Is Publicly Accessible", + "severity": "CRITICAL", + "line": 44, + "fileName": "positive1.yaml" + }, + { + "queryName": "Amazon DMS Replication Instance Is Publicly Accessible", + "severity": "CRITICAL", + "line": 35, + "fileName": "positive2.yaml" + } ] \ No newline at end of file diff --git a/assets/queries/pulumi/aws/docdb_logging_disabled/test/positive_expected_result.json b/assets/queries/pulumi/aws/docdb_logging_disabled/test/positive_expected_result.json index d7e1cf210aa..ec989d87754 100644 --- a/assets/queries/pulumi/aws/docdb_logging_disabled/test/positive_expected_result.json +++ b/assets/queries/pulumi/aws/docdb_logging_disabled/test/positive_expected_result.json @@ -1,20 +1,20 @@ [ { "queryName": "DocDB Logging Is Disabled", - "severity": "LOW", + "severity": "MEDIUM", "line": 10, "filename": "positive1.yaml" }, { "queryName": "DocDB Logging Is Disabled", - "severity": "LOW", + "severity": "MEDIUM", "line": 18, "filename": "positive2.yaml" }, { "queryName": "DocDB Logging Is Disabled", - "severity": "LOW", + "severity": "MEDIUM", "line": 18, "filename": "positive3.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/pulumi/aws/dynamodb_table_not_encrypted/test/positive_expected_result.json b/assets/queries/pulumi/aws/dynamodb_table_not_encrypted/test/positive_expected_result.json index 39701161329..e6fa49800c1 100644 --- a/assets/queries/pulumi/aws/dynamodb_table_not_encrypted/test/positive_expected_result.json +++ b/assets/queries/pulumi/aws/dynamodb_table_not_encrypted/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ - { - "queryName": "DynamoDB Table Not Encrypted", - "severity": "MEDIUM", - "line": 7, - "fileName": "positive.yaml" - }, - { - "queryName": "DynamoDB Table Not Encrypted", - "severity": "MEDIUM", - "line": 17, - "fileName": "positive.yaml" - } -] + { + "queryName": "DynamoDB Table Not Encrypted", + "severity": "HIGH", + "line": 7, + "fileName": "positive.yaml" + }, + { + "queryName": "DynamoDB Table Not Encrypted", + "severity": "HIGH", + "line": 17, + "fileName": "positive.yaml" + } +] \ No newline at end of file diff --git a/assets/queries/pulumi/aws/dynamodb_table_point_in_time_recovery_disabled/test/positive_expected_result.json b/assets/queries/pulumi/aws/dynamodb_table_point_in_time_recovery_disabled/test/positive_expected_result.json index e6888622d2d..a258509974c 100644 --- a/assets/queries/pulumi/aws/dynamodb_table_point_in_time_recovery_disabled/test/positive_expected_result.json +++ b/assets/queries/pulumi/aws/dynamodb_table_point_in_time_recovery_disabled/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ - { - "queryName": "DynamoDB Table Point In Time Recovery Disabled", - "severity": "MEDIUM", - "line": 7, - "fileName": "positive.yaml" - }, - { - "queryName": "DynamoDB Table Point In Time Recovery Disabled", - "severity": "MEDIUM", - "line": 21, - "fileName": "positive.yaml" - } -] + { + "queryName": "DynamoDB Table Point In Time Recovery Disabled", + "severity": "INFO", + "line": 7, + "fileName": "positive.yaml" + }, + { + "queryName": "DynamoDB Table Point In Time Recovery Disabled", + "severity": "INFO", + "line": 21, + "fileName": "positive.yaml" + } +] \ No newline at end of file diff --git a/assets/queries/pulumi/aws/ec2_instance_monitoring_disabled/test/positive_expected_result.json b/assets/queries/pulumi/aws/ec2_instance_monitoring_disabled/test/positive_expected_result.json index 2b75734fa1f..50322c323b5 100644 --- a/assets/queries/pulumi/aws/ec2_instance_monitoring_disabled/test/positive_expected_result.json +++ b/assets/queries/pulumi/aws/ec2_instance_monitoring_disabled/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ - { - "queryName": "EC2 Instance Monitoring Disabled", - "severity": "INFO", - "line": 7, - "fileName": "positive.yaml" - }, - { - "queryName": "EC2 Instance Monitoring Disabled", - "severity": "INFO", - "line": 16, - "fileName": "positive.yaml" - } -] + { + "queryName": "EC2 Instance Monitoring Disabled", + "severity": "MEDIUM", + "line": 7, + "fileName": "positive.yaml" + }, + { + "queryName": "EC2 Instance Monitoring Disabled", + "severity": "MEDIUM", + "line": 16, + "fileName": "positive.yaml" + } +] \ No newline at end of file diff --git a/assets/queries/pulumi/aws/elasticsearch_with_https_disabled/test/positive_expected_result.json b/assets/queries/pulumi/aws/elasticsearch_with_https_disabled/test/positive_expected_result.json index 591556e4c1e..4a76d1cc1b0 100644 --- a/assets/queries/pulumi/aws/elasticsearch_with_https_disabled/test/positive_expected_result.json +++ b/assets/queries/pulumi/aws/elasticsearch_with_https_disabled/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ - { - "queryName": "Elasticsearch with HTTPS disabled", - "severity": "HIGH", - "line": 31, - "fileName": "positive1.yaml" - } + { + "queryName": "Elasticsearch with HTTPS disabled", + "severity": "MEDIUM", + "line": 31, + "fileName": "positive1.yaml" + } ] \ No newline at end of file diff --git a/assets/queries/pulumi/aws/iam_password_without_minimum_length/test/positive_expected_result.json b/assets/queries/pulumi/aws/iam_password_without_minimum_length/test/positive_expected_result.json index b2905c121cf..152fb7347ec 100644 --- a/assets/queries/pulumi/aws/iam_password_without_minimum_length/test/positive_expected_result.json +++ b/assets/queries/pulumi/aws/iam_password_without_minimum_length/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ - { - "queryName": "IAM Password Without Minimum Length", - "severity": "MEDIUM", - "line": 7, - "fileName": "positive.yaml" - }, - { - "queryName": "IAM Password Without Minimum Length", - "severity": "MEDIUM", - "line": 16, - "fileName": "positive.yaml" - } -] + { + "queryName": "IAM Password Without Minimum Length", + "severity": "LOW", + "line": 7, + "fileName": "positive.yaml" + }, + { + "queryName": "IAM Password Without Minimum Length", + "severity": "LOW", + "line": 16, + "fileName": "positive.yaml" + } +] \ No newline at end of file diff --git a/assets/queries/pulumi/aws/rds_db_instance_publicly_accessible/test/positive_expected_result.json b/assets/queries/pulumi/aws/rds_db_instance_publicly_accessible/test/positive_expected_result.json index 0a78a43abb3..5a3c3172b50 100644 --- a/assets/queries/pulumi/aws/rds_db_instance_publicly_accessible/test/positive_expected_result.json +++ b/assets/queries/pulumi/aws/rds_db_instance_publicly_accessible/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ { "queryName": "RDS DB Instance Publicly Accessible", - "severity": "HIGH", + "severity": "MEDIUM", "line": 17, "fileName": "positive1.yaml" } -] +] \ No newline at end of file diff --git a/assets/queries/pulumi/azure/storage_account_not_forcing_https/test/positive_expected_result.json b/assets/queries/pulumi/azure/storage_account_not_forcing_https/test/positive_expected_result.json index eae1c8fedaa..c6ab89b625e 100644 --- a/assets/queries/pulumi/azure/storage_account_not_forcing_https/test/positive_expected_result.json +++ b/assets/queries/pulumi/azure/storage_account_not_forcing_https/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ - { - "queryName": "Storage Account Not Forcing HTTPS", - "severity": "HIGH", - "line": 9, - "fileName": "positive.yaml" - } -] + { + "queryName": "Storage Account Not Forcing HTTPS", + "severity": "MEDIUM", + "line": 9, + "fileName": "positive.yaml" + } +] \ No newline at end of file diff --git a/assets/queries/pulumi/gcp/cloud_storage_bucket_logging_not_enabled/test/positive_expected_result.json b/assets/queries/pulumi/gcp/cloud_storage_bucket_logging_not_enabled/test/positive_expected_result.json index 414c92a35ae..cdc97e3eab8 100644 --- a/assets/queries/pulumi/gcp/cloud_storage_bucket_logging_not_enabled/test/positive_expected_result.json +++ b/assets/queries/pulumi/gcp/cloud_storage_bucket_logging_not_enabled/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ - { - "queryName": "Cloud Storage Bucket Logging Not Enabled", - "severity": "HIGH", - "line": 7, - "fileName": "positive.yaml" - } -] + { + "queryName": "Cloud Storage Bucket Logging Not Enabled", + "severity": "MEDIUM", + "line": 7, + "fileName": "positive.yaml" + } +] \ No newline at end of file diff --git a/assets/queries/pulumi/kubernetes/missing_app_armor_config/test/positive_expected_result.json b/assets/queries/pulumi/kubernetes/missing_app_armor_config/test/positive_expected_result.json index d3b4a378383..bb03452d61c 100644 --- a/assets/queries/pulumi/kubernetes/missing_app_armor_config/test/positive_expected_result.json +++ b/assets/queries/pulumi/kubernetes/missing_app_armor_config/test/positive_expected_result.json @@ -1,20 +1,20 @@ [ - { - "queryName": "Missing App Armor Config", - "severity": "LOW", - "line": 8, - "fileName": "positive.yaml" - }, - { - "queryName": "Missing App Armor Config", - "severity": "LOW", - "line": 25, - "fileName": "positive.yaml" - }, - { - "queryName": "Missing App Armor Config", - "severity": "LOW", - "line": 42, - "fileName": "positive.yaml" - } -] + { + "queryName": "Missing App Armor Config", + "severity": "MEDIUM", + "line": 8, + "fileName": "positive.yaml" + }, + { + "queryName": "Missing App Armor Config", + "severity": "MEDIUM", + "line": 25, + "fileName": "positive.yaml" + }, + { + "queryName": "Missing App Armor Config", + "severity": "MEDIUM", + "line": 42, + "fileName": "positive.yaml" + } +] \ No newline at end of file diff --git a/assets/queries/pulumi/kubernetes/psp_set_to_privileged/test/positive_expected_result.json b/assets/queries/pulumi/kubernetes/psp_set_to_privileged/test/positive_expected_result.json index 50c91bfbb58..d68ff20ecd3 100644 --- a/assets/queries/pulumi/kubernetes/psp_set_to_privileged/test/positive_expected_result.json +++ b/assets/queries/pulumi/kubernetes/psp_set_to_privileged/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ - { - "queryName": "PSP Set To Privileged", - "severity": "MEDIUM", - "line": 11, - "fileName": "positive.yaml" - } -] + { + "queryName": "PSP Set To Privileged", + "severity": "HIGH", + "line": 11, + "fileName": "positive.yaml" + } +] \ No newline at end of file diff --git a/assets/queries/serverlessFW/serverless_api_without_content_encoding/test/positive_expected_result.json b/assets/queries/serverlessFW/serverless_api_without_content_encoding/test/positive_expected_result.json index 41bfa18202d..3e2ab32bd5a 100644 --- a/assets/queries/serverlessFW/serverless_api_without_content_encoding/test/positive_expected_result.json +++ b/assets/queries/serverlessFW/serverless_api_without_content_encoding/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "Serverless API Without Content Encoding", - "severity": "MEDIUM", + "severity": "LOW", "line": 5, "fileName": "positive1.yml" }, { "queryName": "Serverless API Without Content Encoding", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "fileName": "positive2.yml" } -] +] \ No newline at end of file diff --git a/assets/queries/serverlessFW/serverless_function_environment_variables_not_encrypted/test/positive_expected_result.json b/assets/queries/serverlessFW/serverless_function_environment_variables_not_encrypted/test/positive_expected_result.json index 1a155e28f03..8cf9e285b5c 100644 --- a/assets/queries/serverlessFW/serverless_function_environment_variables_not_encrypted/test/positive_expected_result.json +++ b/assets/queries/serverlessFW/serverless_function_environment_variables_not_encrypted/test/positive_expected_result.json @@ -1,20 +1,20 @@ [ { "queryName": "Serverless Function Environment Variables Not Encrypted", - "severity": "HIGH", + "severity": "MEDIUM", "line": 6, "fileName": "positive1.yml" }, { "queryName": "Serverless Function Environment Variables Not Encrypted", - "severity": "HIGH", + "severity": "MEDIUM", "line": 12, "fileName": "positive1.yml" }, { "queryName": "Serverless Function Environment Variables Not Encrypted", - "severity": "HIGH", + "severity": "MEDIUM", "line": 6, "fileName": "positive2.yml" } -] +] \ No newline at end of file diff --git a/assets/queries/serverlessFW/serverless_function_without_tags/test/positive_expected_result.json b/assets/queries/serverlessFW/serverless_function_without_tags/test/positive_expected_result.json index 3adb47f6f73..741020c2f46 100644 --- a/assets/queries/serverlessFW/serverless_function_without_tags/test/positive_expected_result.json +++ b/assets/queries/serverlessFW/serverless_function_without_tags/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ { "queryName": "Serverless Function Without Tags", - "severity": "MEDIUM", + "severity": "LOW", "line": 8, "fileName": "positive1.yml" } -] +] \ No newline at end of file diff --git a/assets/queries/serverlessFW/serverless_function_without_unique_iam_role/test/positive_expected_result.json b/assets/queries/serverlessFW/serverless_function_without_unique_iam_role/test/positive_expected_result.json index 893651176a2..ecd2c6cc8e9 100644 --- a/assets/queries/serverlessFW/serverless_function_without_unique_iam_role/test/positive_expected_result.json +++ b/assets/queries/serverlessFW/serverless_function_without_unique_iam_role/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "Serverless Function Without Unique IAM Role", - "severity": "MEDIUM", + "severity": "HIGH", "line": 8, "fileName": "positive1.yml" }, { "queryName": "Serverless Function Without Unique IAM Role", - "severity": "MEDIUM", + "severity": "HIGH", "line": 8, "fileName": "positive2.yml" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/alicloud/alb_listening_on_http/test/positive_expected_result.json b/assets/queries/terraform/alicloud/alb_listening_on_http/test/positive_expected_result.json index cecad1b9afb..04690e063a8 100644 --- a/assets/queries/terraform/alicloud/alb_listening_on_http/test/positive_expected_result.json +++ b/assets/queries/terraform/alicloud/alb_listening_on_http/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ { "queryName": "ALB Listening on HTTP", - "severity": "HIGH", + "severity": "MEDIUM", "line": 3, "fileName": "positive.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/alicloud/api_gateway_api_protocol_not_https/test/positive_expected_result.json b/assets/queries/terraform/alicloud/api_gateway_api_protocol_not_https/test/positive_expected_result.json index a2acef21040..557e90971b5 100644 --- a/assets/queries/terraform/alicloud/api_gateway_api_protocol_not_https/test/positive_expected_result.json +++ b/assets/queries/terraform/alicloud/api_gateway_api_protocol_not_https/test/positive_expected_result.json @@ -1,18 +1,20 @@ [ - { - "queryName": "API Gateway API Protocol Not HTTPS", - "severity": "HIGH", - "line": 14, - "fileName": "positive1.tf" - },{ - "queryName": "API Gateway API Protocol Not HTTPS", - "severity": "HIGH", - "line": 14, - "fileName": "positive2.tf" - },{ - "queryName": "API Gateway API Protocol Not HTTPS", - "severity": "HIGH", - "line": 21, - "fileName": "positive2.tf" - } -] + { + "queryName": "API Gateway API Protocol Not HTTPS", + "severity": "MEDIUM", + "line": 14, + "fileName": "positive1.tf" + }, + { + "queryName": "API Gateway API Protocol Not HTTPS", + "severity": "MEDIUM", + "line": 14, + "fileName": "positive2.tf" + }, + { + "queryName": "API Gateway API Protocol Not HTTPS", + "severity": "MEDIUM", + "line": 21, + "fileName": "positive2.tf" + } +] \ No newline at end of file diff --git a/assets/queries/terraform/alicloud/kubernetes_cluster_without_terway_as_cni_network_plugin/test/positive_expected_result.json b/assets/queries/terraform/alicloud/kubernetes_cluster_without_terway_as_cni_network_plugin/test/positive_expected_result.json index 7b12ddec177..d8a89d699eb 100644 --- a/assets/queries/terraform/alicloud/kubernetes_cluster_without_terway_as_cni_network_plugin/test/positive_expected_result.json +++ b/assets/queries/terraform/alicloud/kubernetes_cluster_without_terway_as_cni_network_plugin/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "Kubernetes Cluster Without Terway as CNI Network Plugin", - "severity": "MEDIUM", + "severity": "LOW", "line": 15, "fileName": "positive1.tf" }, { "queryName": "Kubernetes Cluster Without Terway as CNI Network Plugin", - "severity": "MEDIUM", + "severity": "LOW", "line": 15, "fileName": "positive1.tf" }, { "queryName": "Kubernetes Cluster Without Terway as CNI Network Plugin", - "severity": "MEDIUM", + "severity": "LOW", "line": 15, "fileName": "positive2.tf" }, { "queryName": "Kubernetes Cluster Without Terway as CNI Network Plugin", - "severity": "MEDIUM", + "severity": "LOW", "line": 15, "fileName": "positive3.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/alicloud/log_retention_is_not_greater_than_90_days/test/positive_expected_result.json b/assets/queries/terraform/alicloud/log_retention_is_not_greater_than_90_days/test/positive_expected_result.json index 728f5c8ec44..328dd55e0fd 100644 --- a/assets/queries/terraform/alicloud/log_retention_is_not_greater_than_90_days/test/positive_expected_result.json +++ b/assets/queries/terraform/alicloud/log_retention_is_not_greater_than_90_days/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ - { - "queryName": "Log Retention Is Not Greater Than 90 Days", - "severity": "MEDIUM", - "line": 6, - "fileName": "positive1.tf" - }, - { - "queryName": "Log Retention Is Not Greater Than 90 Days", - "severity": "MEDIUM", - "line": 9, - "fileName": "positive2.tf" - } - ] + { + "queryName": "Log Retention Is Not Greater Than 90 Days", + "severity": "LOW", + "line": 6, + "fileName": "positive1.tf" + }, + { + "queryName": "Log Retention Is Not Greater Than 90 Days", + "severity": "LOW", + "line": 9, + "fileName": "positive2.tf" + } +] \ No newline at end of file diff --git a/assets/queries/terraform/alicloud/oss_bucket_allows_all_actions_from_all_principals/test/positive_expected_result.json b/assets/queries/terraform/alicloud/oss_bucket_allows_all_actions_from_all_principals/test/positive_expected_result.json index a31d03d82e7..505f27742ab 100644 --- a/assets/queries/terraform/alicloud/oss_bucket_allows_all_actions_from_all_principals/test/positive_expected_result.json +++ b/assets/queries/terraform/alicloud/oss_bucket_allows_all_actions_from_all_principals/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ - { - "queryName": "OSS Bucket Allows All Actions From All Principals", - "severity": "HIGH", - "line": 5, - "fileName": "positive1.tf" - } -] + { + "queryName": "OSS Bucket Allows All Actions From All Principals", + "severity": "CRITICAL", + "line": 5, + "fileName": "positive1.tf" + } +] \ No newline at end of file diff --git a/assets/queries/terraform/alicloud/oss_bucket_allows_delete_from_all_principals/test/positive_expected_result.json b/assets/queries/terraform/alicloud/oss_bucket_allows_delete_from_all_principals/test/positive_expected_result.json index 5e29661c6dd..50ab8630f18 100644 --- a/assets/queries/terraform/alicloud/oss_bucket_allows_delete_from_all_principals/test/positive_expected_result.json +++ b/assets/queries/terraform/alicloud/oss_bucket_allows_delete_from_all_principals/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ - { - "queryName": "OSS Bucket Allows Delete Action From All Principals", - "severity": "HIGH", - "line": 5, - "fileName": "positive1.tf" - } -] + { + "queryName": "OSS Bucket Allows Delete Action From All Principals", + "severity": "CRITICAL", + "line": 5, + "fileName": "positive1.tf" + } +] \ No newline at end of file diff --git a/assets/queries/terraform/alicloud/oss_bucket_allows_put_action_from_all_principals/test/positive_expected_result.json b/assets/queries/terraform/alicloud/oss_bucket_allows_put_action_from_all_principals/test/positive_expected_result.json index 329c35a6818..2678e6b27c3 100644 --- a/assets/queries/terraform/alicloud/oss_bucket_allows_put_action_from_all_principals/test/positive_expected_result.json +++ b/assets/queries/terraform/alicloud/oss_bucket_allows_put_action_from_all_principals/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ - { - "queryName": "OSS Bucket Allows Put Action From All Principals", - "severity": "HIGH", - "line": 5, - "fileName": "positive1.tf" - }, - { - "queryName": "OSS Bucket Allows Put Action From All Principals", - "severity": "HIGH", - "line": 5, - "fileName": "positive2.tf" - } -] + { + "queryName": "OSS Bucket Allows Put Action From All Principals", + "severity": "CRITICAL", + "line": 5, + "fileName": "positive1.tf" + }, + { + "queryName": "OSS Bucket Allows Put Action From All Principals", + "severity": "CRITICAL", + "line": 5, + "fileName": "positive2.tf" + } +] \ No newline at end of file diff --git a/assets/queries/terraform/alicloud/oss_buckets_securetransport_disabled/test/positive_expected_result.json b/assets/queries/terraform/alicloud/oss_buckets_securetransport_disabled/test/positive_expected_result.json index 1c77c6f5dca..abd80438ad1 100644 --- a/assets/queries/terraform/alicloud/oss_buckets_securetransport_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/alicloud/oss_buckets_securetransport_disabled/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ - { - "queryName": "OSS Buckets Secure Transport Disabled", - "severity": "HIGH", - "line": 2, - "fileName": "positive1.tf" - }, - { - "queryName": "OSS Buckets Secure Transport Disabled", - "severity": "HIGH", - "line": 5, - "fileName": "positive2.tf" - } - ] + { + "queryName": "OSS Buckets Secure Transport Disabled", + "severity": "MEDIUM", + "line": 2, + "fileName": "positive1.tf" + }, + { + "queryName": "OSS Buckets Secure Transport Disabled", + "severity": "MEDIUM", + "line": 5, + "fileName": "positive2.tf" + } +] \ No newline at end of file diff --git a/assets/queries/terraform/alicloud/public_security_group_rule_unknown_port/test/positive_expected_result.json b/assets/queries/terraform/alicloud/public_security_group_rule_unknown_port/test/positive_expected_result.json index eb2a6570fc4..80a2c2a200c 100644 --- a/assets/queries/terraform/alicloud/public_security_group_rule_unknown_port/test/positive_expected_result.json +++ b/assets/queries/terraform/alicloud/public_security_group_rule_unknown_port/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ - { - "queryName": "Public Security Group Rule Unknown Port", - "severity": "MEDIUM", - "line": 10, - "fileName": "positive1.tf" - }, - { - "queryName": "Public Security Group Rule Unknown Port", - "severity": "MEDIUM", - "line": 10, - "fileName": "positive2.tf" - } -] + { + "queryName": "Public Security Group Rule Unknown Port", + "severity": "HIGH", + "line": 10, + "fileName": "positive1.tf" + }, + { + "queryName": "Public Security Group Rule Unknown Port", + "severity": "HIGH", + "line": 10, + "fileName": "positive2.tf" + } +] \ No newline at end of file diff --git a/assets/queries/terraform/alicloud/ram_account_password_policy_max_login_attempts_unrecommended/test/positive_expected_result.json b/assets/queries/terraform/alicloud/ram_account_password_policy_max_login_attempts_unrecommended/test/positive_expected_result.json index db38e6cc1c5..d14c93ba305 100644 --- a/assets/queries/terraform/alicloud/ram_account_password_policy_max_login_attempts_unrecommended/test/positive_expected_result.json +++ b/assets/queries/terraform/alicloud/ram_account_password_policy_max_login_attempts_unrecommended/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ - { - "queryName": "Ram Account Password Policy Max Login Attempts Unrecommended", - "severity": "HIGH", - "line": 10, - "fileName": "positive1.tf" - } - ] + { + "queryName": "Ram Account Password Policy Max Login Attempts Unrecommended", + "severity": "MEDIUM", + "line": 10, + "fileName": "positive1.tf" + } +] \ No newline at end of file diff --git a/assets/queries/terraform/alicloud/ram_account_password_policy_not_required_minimum_length/test/positive_expected_result.json b/assets/queries/terraform/alicloud/ram_account_password_policy_not_required_minimum_length/test/positive_expected_result.json index 447ab0cee04..8c9c0f8181b 100644 --- a/assets/queries/terraform/alicloud/ram_account_password_policy_not_required_minimum_length/test/positive_expected_result.json +++ b/assets/queries/terraform/alicloud/ram_account_password_policy_not_required_minimum_length/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ - { - "queryName": "Ram Account Password Policy Not Required Minimum Length", - "severity": "HIGH", - "line": 2, - "fileName": "positive1.tf" - }, - { - "queryName": "Ram Account Password Policy Not Required Minimum Length", - "severity": "HIGH", - "line": 1, - "fileName": "positive2.tf" - } - ] + { + "queryName": "Ram Account Password Policy Not Required Minimum Length", + "severity": "LOW", + "line": 2, + "fileName": "positive1.tf" + }, + { + "queryName": "Ram Account Password Policy Not Required Minimum Length", + "severity": "LOW", + "line": 1, + "fileName": "positive2.tf" + } +] \ No newline at end of file diff --git a/assets/queries/terraform/alicloud/ram_account_password_policy_not_required_numbers/test/positive_expected_result.json b/assets/queries/terraform/alicloud/ram_account_password_policy_not_required_numbers/test/positive_expected_result.json index d93ab221e90..de07152d6ee 100644 --- a/assets/queries/terraform/alicloud/ram_account_password_policy_not_required_numbers/test/positive_expected_result.json +++ b/assets/queries/terraform/alicloud/ram_account_password_policy_not_required_numbers/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ - { - "queryName": "Ram Account Password Policy Not Required Numbers", - "severity": "MEDIUM", - "line": 5, - "fileName": "positive1.tf" - } -] + { + "queryName": "Ram Account Password Policy Not Required Numbers", + "severity": "LOW", + "line": 5, + "fileName": "positive1.tf" + } +] \ No newline at end of file diff --git a/assets/queries/terraform/alicloud/ram_account_password_policy_not_required_symbols/test/positive_expected_result.json b/assets/queries/terraform/alicloud/ram_account_password_policy_not_required_symbols/test/positive_expected_result.json index c84da336c39..46255c5cc41 100644 --- a/assets/queries/terraform/alicloud/ram_account_password_policy_not_required_symbols/test/positive_expected_result.json +++ b/assets/queries/terraform/alicloud/ram_account_password_policy_not_required_symbols/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ { "queryName": "RAM Account Password Policy Not Required Symbols", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "fileName": "positive1.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/alicloud/ram_password_security_policy_not_require_at_least_one_lowercase_character/test/positive_expected_result.json b/assets/queries/terraform/alicloud/ram_password_security_policy_not_require_at_least_one_lowercase_character/test/positive_expected_result.json index 59b0d519723..6ff9fbdede7 100644 --- a/assets/queries/terraform/alicloud/ram_password_security_policy_not_require_at_least_one_lowercase_character/test/positive_expected_result.json +++ b/assets/queries/terraform/alicloud/ram_password_security_policy_not_require_at_least_one_lowercase_character/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ { "queryName": "Ram Account Password Policy Not Require At Least one Lowercase Character", - "severity": "MEDIUM", + "severity": "LOW", "line": 3, "fileName": "positive1.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/alicloud/ram_password_security_policy_not_require_at_least_one_uppercase_character/test/positive_expected_result.json b/assets/queries/terraform/alicloud/ram_password_security_policy_not_require_at_least_one_uppercase_character/test/positive_expected_result.json index 54873480417..c1582b50b4a 100644 --- a/assets/queries/terraform/alicloud/ram_password_security_policy_not_require_at_least_one_uppercase_character/test/positive_expected_result.json +++ b/assets/queries/terraform/alicloud/ram_password_security_policy_not_require_at_least_one_uppercase_character/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ { "queryName": "RAM Account Password Policy Not Require at Least one Uppercase Character", - "severity": "MEDIUM", + "severity": "LOW", "line": 4, "fileName": "positive1.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/alicloud/ram_policy_admin_access_not_attached_to_users_groups_roles/test/positive_expected_result.json b/assets/queries/terraform/alicloud/ram_policy_admin_access_not_attached_to_users_groups_roles/test/positive_expected_result.json index 568a10eb3c0..497637249cc 100644 --- a/assets/queries/terraform/alicloud/ram_policy_admin_access_not_attached_to_users_groups_roles/test/positive_expected_result.json +++ b/assets/queries/terraform/alicloud/ram_policy_admin_access_not_attached_to_users_groups_roles/test/positive_expected_result.json @@ -1,20 +1,20 @@ [ { "queryName": "Ram Policy Admin Access Not Attached to Users Groups Roles", - "severity": "HIGH", + "severity": "MEDIUM", "line": 35, "fileName": "positive1.tf" }, { "queryName": "Ram Policy Admin Access Not Attached to Users Groups Roles", - "severity": "HIGH", + "severity": "MEDIUM", "line": 32, "fileName": "positive2.tf" }, { "queryName": "Ram Policy Admin Access Not Attached to Users Groups Roles", - "severity": "HIGH", + "severity": "MEDIUM", "line": 49, "fileName": "positive3.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/alicloud/ram_security_preference_not_enforce_mfa/test/positive_expected_result.json b/assets/queries/terraform/alicloud/ram_security_preference_not_enforce_mfa/test/positive_expected_result.json index 5ec8cf4e355..7215cbff00d 100644 --- a/assets/queries/terraform/alicloud/ram_security_preference_not_enforce_mfa/test/positive_expected_result.json +++ b/assets/queries/terraform/alicloud/ram_security_preference_not_enforce_mfa/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "RAM Security Preference Not Enforce MFA Login", - "severity": "HIGH", + "severity": "LOW", "line": 11, "fileName": "positive1.tf" }, { "queryName": "RAM Security Preference Not Enforce MFA Login", - "severity": "HIGH", + "severity": "LOW", "line": 14, "fileName": "positive2.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/alicloud/rds_instance_address_publicly_accessible/test/positive_expected_result.json b/assets/queries/terraform/alicloud/rds_instance_address_publicly_accessible/test/positive_expected_result.json index a30a8204b25..32a9bcec0b0 100644 --- a/assets/queries/terraform/alicloud/rds_instance_address_publicly_accessible/test/positive_expected_result.json +++ b/assets/queries/terraform/alicloud/rds_instance_address_publicly_accessible/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ - { - "queryName": "RDS DB Instance Publicly Accessible", - "severity": "HIGH", - "line": 10, - "fileName": "positive1.tf" - } -] + { + "queryName": "RDS DB Instance Publicly Accessible", + "severity": "CRITICAL", + "line": 10, + "fileName": "positive1.tf" + } +] \ No newline at end of file diff --git a/assets/queries/terraform/alicloud/rds_instance_events_not_logged/test/positive_expected_result.json b/assets/queries/terraform/alicloud/rds_instance_events_not_logged/test/positive_expected_result.json index b55c877ff9e..d06825af75c 100644 --- a/assets/queries/terraform/alicloud/rds_instance_events_not_logged/test/positive_expected_result.json +++ b/assets/queries/terraform/alicloud/rds_instance_events_not_logged/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "RDS Instance Events Not Logged", - "severity": "HIGH", + "severity": "MEDIUM", "line": 15, "fileName": "positive1.tf" }, { - "queryName": "RDS Instance Events Not Logged", - "severity": "HIGH", - "line": 4, - "fileName": "positive2.tf" + "queryName": "RDS Instance Events Not Logged", + "severity": "MEDIUM", + "line": 4, + "fileName": "positive2.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/alicloud/rds_instance_log_connections_disabled/test/positive_expected_result.json b/assets/queries/terraform/alicloud/rds_instance_log_connections_disabled/test/positive_expected_result.json index 5646d5b8736..ba86d6a30eb 100644 --- a/assets/queries/terraform/alicloud/rds_instance_log_connections_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/alicloud/rds_instance_log_connections_disabled/test/positive_expected_result.json @@ -1,20 +1,20 @@ [ - { - "queryName": "RDS Instance Log Connections Disabled", - "severity": "LOW", - "line": 6, - "fileName": "positive1.tf" - }, - { - "queryName": "RDS Instance Log Connections Disabled", - "severity": "LOW", - "line": 14, - "fileName": "positive2.tf" - }, - { - "queryName": "RDS Instance Log Connections Disabled", - "severity": "LOW", - "line": 1, - "fileName": "positive3.tf" - } - ] + { + "queryName": "RDS Instance Log Connections Disabled", + "severity": "MEDIUM", + "line": 6, + "fileName": "positive1.tf" + }, + { + "queryName": "RDS Instance Log Connections Disabled", + "severity": "MEDIUM", + "line": 14, + "fileName": "positive2.tf" + }, + { + "queryName": "RDS Instance Log Connections Disabled", + "severity": "MEDIUM", + "line": 1, + "fileName": "positive3.tf" + } +] \ No newline at end of file diff --git a/assets/queries/terraform/alicloud/rds_instance_log_disconnections_disabled/test/positive_expected_result.json b/assets/queries/terraform/alicloud/rds_instance_log_disconnections_disabled/test/positive_expected_result.json index 61953fd824d..f75edb57cb9 100644 --- a/assets/queries/terraform/alicloud/rds_instance_log_disconnections_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/alicloud/rds_instance_log_disconnections_disabled/test/positive_expected_result.json @@ -1,20 +1,20 @@ [ { "queryName": "RDS Instance Log Disconnections Disabled", - "severity": "LOW", + "severity": "MEDIUM", "line": 14, "fileName": "positive1.tf" }, { - "queryName": "RDS Instance Log Disconnections Disabled", - "severity": "LOW", - "line": 6, - "fileName": "positive2.tf" + "queryName": "RDS Instance Log Disconnections Disabled", + "severity": "MEDIUM", + "line": 6, + "fileName": "positive2.tf" }, { "queryName": "RDS Instance Log Disconnections Disabled", - "severity": "LOW", + "severity": "MEDIUM", "line": 1, "fileName": "positive3.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/alicloud/rds_instance_log_duration_disabled/test/positive_expected_result.json b/assets/queries/terraform/alicloud/rds_instance_log_duration_disabled/test/positive_expected_result.json index 3773fc7ad7e..fbf1412ab90 100644 --- a/assets/queries/terraform/alicloud/rds_instance_log_duration_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/alicloud/rds_instance_log_duration_disabled/test/positive_expected_result.json @@ -1,20 +1,20 @@ [ { "queryName": "RDS Instance Log Duration Disabled", - "severity": "LOW", + "severity": "MEDIUM", "line": 14, "fileName": "positive1.tf" }, { - "queryName": "RDS Instance Log Duration Disabled", - "severity": "LOW", - "line": 6, - "fileName": "positive2.tf" + "queryName": "RDS Instance Log Duration Disabled", + "severity": "MEDIUM", + "line": 6, + "fileName": "positive2.tf" }, { - "queryName": "RDS Instance Log Duration Disabled", - "severity": "LOW", - "line": 1, - "fileName": "positive3.tf" + "queryName": "RDS Instance Log Duration Disabled", + "severity": "MEDIUM", + "line": 1, + "fileName": "positive3.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/alicloud/rds_instance_publicly_accessible/test/positive_expected_result.json b/assets/queries/terraform/alicloud/rds_instance_publicly_accessible/test/positive_expected_result.json index 1d912bf787d..cd2c1a937b1 100644 --- a/assets/queries/terraform/alicloud/rds_instance_publicly_accessible/test/positive_expected_result.json +++ b/assets/queries/terraform/alicloud/rds_instance_publicly_accessible/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "RDS DB Instance Publicly Accessible", - "severity": "HIGH", + "severity": "MEDIUM", "line": 7, "fileName": "positive1.tf" }, { "queryName": "RDS DB Instance Publicly Accessible", - "severity": "HIGH", + "severity": "MEDIUM", "line": 7, "fileName": "positive2.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/alicloud/rds_instance_retention_not_recommended/test/positive_expected_result.json b/assets/queries/terraform/alicloud/rds_instance_retention_not_recommended/test/positive_expected_result.json index db36d90614b..516ef3469b8 100644 --- a/assets/queries/terraform/alicloud/rds_instance_retention_not_recommended/test/positive_expected_result.json +++ b/assets/queries/terraform/alicloud/rds_instance_retention_not_recommended/test/positive_expected_result.json @@ -1,38 +1,38 @@ [ { "queryName": "RDS Instance Retention Period Not Recommended", - "severity": "MEDIUM", + "severity": "LOW", "line": 1, "fileName": "positive1.tf" }, { "queryName": "RDS Instance Retention Period Not Recommended", - "severity": "MEDIUM", + "severity": "LOW", "line": 1, "fileName": "positive1.tf" }, { "queryName": "RDS Instance Retention Period Not Recommended", - "severity": "MEDIUM", + "severity": "LOW", "line": 1, "fileName": "positive2.tf" }, { "queryName": "RDS Instance Retention Period Not Recommended", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "fileName": "positive2.tf" }, { "queryName": "RDS Instance Retention Period Not Recommended", - "severity": "MEDIUM", + "severity": "LOW", "line": 1, "fileName": "positive3.tf" }, { "queryName": "RDS Instance Retention Period Not Recommended", - "severity": "MEDIUM", + "severity": "LOW", "line": 7, "fileName": "positive4.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/alicloud/rds_instance_ssl_action_disabled/test/positive_expected_result.json b/assets/queries/terraform/alicloud/rds_instance_ssl_action_disabled/test/positive_expected_result.json index b6155bd833c..884e34ebed6 100644 --- a/assets/queries/terraform/alicloud/rds_instance_ssl_action_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/alicloud/rds_instance_ssl_action_disabled/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "RDS Instance SSL Action Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 6, "fileName": "positive1.tf" }, { "queryName": "RDS Instance SSL Action Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 1, "fileName": "positive2.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/alicloud/ros_stack_notifications_disabled/test/positive_expected_result.json b/assets/queries/terraform/alicloud/ros_stack_notifications_disabled/test/positive_expected_result.json index b97c7779f87..8d96395e757 100644 --- a/assets/queries/terraform/alicloud/ros_stack_notifications_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/alicloud/ros_stack_notifications_disabled/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "ROS Stack Notifications Disabled", - "severity": "MEDIUM", + "severity": "LOW", "line": 3, "fileName": "positive.tf" }, { "queryName": "ROS Stack Notifications Disabled", - "severity": "MEDIUM", + "severity": "LOW", "line": 1, "fileName": "positive2.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/alicloud/vpc_flow_logs_disabled/test/positive_expected_result.json b/assets/queries/terraform/alicloud/vpc_flow_logs_disabled/test/positive_expected_result.json index 03ac6e46411..42b4e6f8dec 100644 --- a/assets/queries/terraform/alicloud/vpc_flow_logs_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/alicloud/vpc_flow_logs_disabled/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ { "queryName": "VPC Flow Logs Disabled", - "severity": "LOW", + "severity": "MEDIUM", "line": 1, "fileName": "positive1.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/alb_deletion_protection_disabled/test/positive_expected_result.json b/assets/queries/terraform/aws/alb_deletion_protection_disabled/test/positive_expected_result.json index 656a372e156..e663004ce62 100644 --- a/assets/queries/terraform/aws/alb_deletion_protection_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/alb_deletion_protection_disabled/test/positive_expected_result.json @@ -1,38 +1,38 @@ [ { "queryName": "ALB Deletion Protection Disabled", - "severity": "LOW", + "severity": "MEDIUM", "line": 7, "fileName": "positive1.tf" }, { "queryName": "ALB Deletion Protection Disabled", - "severity": "LOW", + "severity": "MEDIUM", "line": 1, "fileName": "positive2.tf" }, { "queryName": "ALB Deletion Protection Disabled", - "severity": "LOW", + "severity": "MEDIUM", "line": 7, "fileName": "positive3.tf" }, { "queryName": "ALB Deletion Protection Disabled", - "severity": "LOW", + "severity": "MEDIUM", "line": 1, "fileName": "positive4.tf" }, { "queryName": "ALB Deletion Protection Disabled", - "severity": "LOW", + "severity": "MEDIUM", "line": 9, "fileName": "positive5.tf" }, { "queryName": "ALB Deletion Protection Disabled", - "severity": "LOW", + "severity": "MEDIUM", "line": 1, "fileName": "positive6.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/alb_listening_on_http/test/positive_expected_result.json b/assets/queries/terraform/aws/alb_listening_on_http/test/positive_expected_result.json index fa5db9bb181..8a0e258e845 100644 --- a/assets/queries/terraform/aws/alb_listening_on_http/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/alb_listening_on_http/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "ALB Listening on HTTP", - "severity": "HIGH", + "severity": "MEDIUM", "line": 9, "fileName": "positive1.tf" }, { "queryName": "ALB Listening on HTTP", - "severity": "HIGH", + "severity": "MEDIUM", "line": 70, "fileName": "positive2.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/amazon_dms_replication_instance_is_publicly_accessible/test/positive_expected_result.json b/assets/queries/terraform/aws/amazon_dms_replication_instance_is_publicly_accessible/test/positive_expected_result.json index a15124849c8..2497e484f40 100644 --- a/assets/queries/terraform/aws/amazon_dms_replication_instance_is_publicly_accessible/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/amazon_dms_replication_instance_is_publicly_accessible/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "Amazon DMS Replication Instance Is Publicly Accessible", - "severity": "HIGH", + "severity": "CRITICAL", "line": 10, "filename": "positive1.tf" } diff --git a/assets/queries/terraform/aws/amazon_mq_broker_encryption_disabled/test/positive_expected_result.json b/assets/queries/terraform/aws/amazon_mq_broker_encryption_disabled/test/positive_expected_result.json index d76db1f7d98..f2d96094196 100644 --- a/assets/queries/terraform/aws/amazon_mq_broker_encryption_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/amazon_mq_broker_encryption_disabled/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "AmazonMQ Broker Encryption Disabled", - "severity": "MEDIUM", + "severity": "HIGH", "line": 1 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/ami_not_encrypted/test/positive_expected_result.json b/assets/queries/terraform/aws/ami_not_encrypted/test/positive_expected_result.json index 02ccb8ac464..c602b4411df 100644 --- a/assets/queries/terraform/aws/ami_not_encrypted/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/ami_not_encrypted/test/positive_expected_result.json @@ -1,20 +1,20 @@ [ { "queryName": "AMI Not Encrypted", - "severity": "HIGH", + "severity": "MEDIUM", "line": 29, "fileName": "positive.tf" }, { "queryName": "AMI Not Encrypted", - "severity": "HIGH", + "severity": "MEDIUM", "line": 25, "fileName": "positive.tf" }, { "queryName": "AMI Not Encrypted", - "severity": "HIGH", + "severity": "MEDIUM", "line": 7, "fileName": "positive.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/api_gateway_with_invalid_compression/test/positive_expected_result.json b/assets/queries/terraform/aws/api_gateway_with_invalid_compression/test/positive_expected_result.json index e4021c34d72..173ab08fb39 100644 --- a/assets/queries/terraform/aws/api_gateway_with_invalid_compression/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/api_gateway_with_invalid_compression/test/positive_expected_result.json @@ -1,17 +1,17 @@ [ { "queryName": "API Gateway With Invalid Compression", - "severity": "MEDIUM", + "severity": "LOW", "line": 1 }, { "queryName": "API Gateway With Invalid Compression", - "severity": "MEDIUM", + "severity": "LOW", "line": 17 }, { "queryName": "API Gateway With Invalid Compression", - "severity": "MEDIUM", + "severity": "LOW", "line": 28 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/api_gateway_without_security_policy/test/positive_expected_result.json b/assets/queries/terraform/aws/api_gateway_without_security_policy/test/positive_expected_result.json index 9cda1ea1b2c..dabda1db530 100644 --- a/assets/queries/terraform/aws/api_gateway_without_security_policy/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/api_gateway_without_security_policy/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "API Gateway Without Security Policy", - "severity": "HIGH", + "severity": "MEDIUM", "line": 1, "fileName": "positive1.tf" }, { "queryName": "API Gateway Without Security Policy", - "severity": "HIGH", + "severity": "MEDIUM", "line": 3, "fileName": "positive2.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/api_gateway_xray_disabled/test/positive_expected_result.json b/assets/queries/terraform/aws/api_gateway_xray_disabled/test/positive_expected_result.json index 77b90fd8954..1af365e3611 100644 --- a/assets/queries/terraform/aws/api_gateway_xray_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/api_gateway_xray_disabled/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "API Gateway X-Ray Disabled", - "severity": "MEDIUM", + "severity": "LOW", "line": 5 }, { "queryName": "API Gateway X-Ray Disabled", - "severity": "MEDIUM", + "severity": "LOW", "line": 8 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/authentication_without_mfa/test/positive_expected_result.json b/assets/queries/terraform/aws/authentication_without_mfa/test/positive_expected_result.json index aacf9a90899..b19f10f0100 100644 --- a/assets/queries/terraform/aws/authentication_without_mfa/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/authentication_without_mfa/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "Authentication Without MFA", - "severity": "HIGH", + "severity": "LOW", "line": 23, "fileName": "positive1.tf" }, { "queryName": "Authentication Without MFA", - "severity": "HIGH", + "severity": "LOW", "line": 19, "fileName": "positive2.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/aws_password_policy_with_unchangeable_passwords/test/positive_expected_result.json b/assets/queries/terraform/aws/aws_password_policy_with_unchangeable_passwords/test/positive_expected_result.json index cb95466aafa..27c0f9f9aa7 100644 --- a/assets/queries/terraform/aws/aws_password_policy_with_unchangeable_passwords/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/aws_password_policy_with_unchangeable_passwords/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "AWS Password Policy With Unchangeable Passwords", - "severity": "MEDIUM", + "severity": "LOW", "line": 12 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/ca_certificate_identifier_is_outdated/test/positive_expected_result.json b/assets/queries/terraform/aws/ca_certificate_identifier_is_outdated/test/positive_expected_result.json index 3eee129ab8b..245876f319a 100644 --- a/assets/queries/terraform/aws/ca_certificate_identifier_is_outdated/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/ca_certificate_identifier_is_outdated/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ - { - "queryName": "CA Certificate Identifier Is Outdated", - "severity": "HIGH", - "line": 12, - "fileName": "positive1.tf" - }, - { - "queryName": "CA Certificate Identifier Is Outdated", - "severity": "HIGH", - "line": 11, - "fileName": "positive2.tf" - } -] + { + "queryName": "CA Certificate Identifier Is Outdated", + "severity": "MEDIUM", + "line": 12, + "fileName": "positive1.tf" + }, + { + "queryName": "CA Certificate Identifier Is Outdated", + "severity": "MEDIUM", + "line": 11, + "fileName": "positive2.tf" + } +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/cloudfront_viewer_protocol_policy_allows_http/test/positive_expected_result.json b/assets/queries/terraform/aws/cloudfront_viewer_protocol_policy_allows_http/test/positive_expected_result.json index a2f368d66ea..d994045fcec 100644 --- a/assets/queries/terraform/aws/cloudfront_viewer_protocol_policy_allows_http/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/cloudfront_viewer_protocol_policy_allows_http/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "Cloudfront Viewer Protocol Policy Allows HTTP", - "severity": "HIGH", + "severity": "MEDIUM", "line": 27 }, { "queryName": "Cloudfront Viewer Protocol Policy Allows HTTP", - "severity": "HIGH", + "severity": "MEDIUM", "line": 96 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/cloudfront_without_minimum_protocol_tls_1.2/test/positive_expected_result.json b/assets/queries/terraform/aws/cloudfront_without_minimum_protocol_tls_1.2/test/positive_expected_result.json index 7f6a3538124..6885c67a30f 100644 --- a/assets/queries/terraform/aws/cloudfront_without_minimum_protocol_tls_1.2/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/cloudfront_without_minimum_protocol_tls_1.2/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "CloudFront Without Minimum Protocol TLS 1.2", - "severity": "HIGH", + "severity": "MEDIUM", "line": 1, "fileName": "positive1.tf" }, { "queryName": "CloudFront Without Minimum Protocol TLS 1.2", - "severity": "HIGH", + "severity": "MEDIUM", "line": 25, "fileName": "positive2.tf" }, { "queryName": "CloudFront Without Minimum Protocol TLS 1.2", - "severity": "HIGH", + "severity": "MEDIUM", "line": 24, "fileName": "positive3.tf" }, { "queryName": "CloudFront Without Minimum Protocol TLS 1.2", - "severity": "HIGH", + "severity": "MEDIUM", "line": 23, "fileName": "positive4.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/cloudfront_without_waf/test/positive_expected_result.json b/assets/queries/terraform/aws/cloudfront_without_waf/test/positive_expected_result.json index 23fdae79ae5..109793cfe3c 100755 --- a/assets/queries/terraform/aws/cloudfront_without_waf/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/cloudfront_without_waf/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "CloudFront Without WAF", - "severity": "LOW", + "severity": "MEDIUM", "line": 15 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/cloudtrail_log_files_s3_bucket_with_logging_disabled/test/positive_expected_result.json b/assets/queries/terraform/aws/cloudtrail_log_files_s3_bucket_with_logging_disabled/test/positive_expected_result.json index bd5cb0df24e..3a2437a6896 100644 --- a/assets/queries/terraform/aws/cloudtrail_log_files_s3_bucket_with_logging_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/cloudtrail_log_files_s3_bucket_with_logging_disabled/test/positive_expected_result.json @@ -1,20 +1,20 @@ [ { "queryName": "CloudTrail Log Files S3 Bucket with Logging Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 23, "fileName": "positive1.tf" }, { "queryName": "CloudTrail Log Files S3 Bucket with Logging Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 1, "fileName": "positive2.tf" }, { "queryName": "CloudTrail Log Files S3 Bucket with Logging Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 21, "fileName": "positive3.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/cloudtrail_logging_disabled/test/positive_expected_result.json b/assets/queries/terraform/aws/cloudtrail_logging_disabled/test/positive_expected_result.json index 21ade381961..8e57b93dc88 100644 --- a/assets/queries/terraform/aws/cloudtrail_logging_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/cloudtrail_logging_disabled/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ - { - "queryName": "CloudTrail Logging Disabled", - "severity": "HIGH", - "line": 5 - } -] + { + "queryName": "CloudTrail Logging Disabled", + "severity": "MEDIUM", + "line": 5 + } +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/cloudtrail_multi_region_disabled/test/positive_expected_result.json b/assets/queries/terraform/aws/cloudtrail_multi_region_disabled/test/positive_expected_result.json index 8bed6ce9575..64b89e0ab91 100644 --- a/assets/queries/terraform/aws/cloudtrail_multi_region_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/cloudtrail_multi_region_disabled/test/positive_expected_result.json @@ -1,20 +1,20 @@ [ { "queryName": "CloudTrail Multi Region Disabled", - "severity": "MEDIUM", + "severity": "LOW", "line": 2, "fileName": "positive1.tf" }, { "queryName": "CloudTrail Multi Region Disabled", - "severity": "MEDIUM", + "severity": "LOW", "line": 4, "fileName": "positive2.tf" }, { "queryName": "CloudTrail Multi Region Disabled", - "severity": "MEDIUM", + "severity": "LOW", "line": 5, "fileName": "positive3.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/cloudtrail_not_integrated_with_cloudwatch/test/positive_expected_result.json b/assets/queries/terraform/aws/cloudtrail_not_integrated_with_cloudwatch/test/positive_expected_result.json index 8d5fefbecc2..8f79cf0b981 100644 --- a/assets/queries/terraform/aws/cloudtrail_not_integrated_with_cloudwatch/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/cloudtrail_not_integrated_with_cloudwatch/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { - "severity": "MEDIUM", + "severity": "LOW", "line": 1, "queryName": "CloudTrail Not Integrated With CloudWatch" }, { - "severity": "MEDIUM", + "severity": "LOW", "line": 1, "queryName": "CloudTrail Not Integrated With CloudWatch" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/cloudtrail_sns_topic_name_undefined/test/positive_expected_result.json b/assets/queries/terraform/aws/cloudtrail_sns_topic_name_undefined/test/positive_expected_result.json index 32eb8aeea0f..934411e384f 100644 --- a/assets/queries/terraform/aws/cloudtrail_sns_topic_name_undefined/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/cloudtrail_sns_topic_name_undefined/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ - { - "queryName": "CloudTrail SNS Topic Name Undefined", - "severity": "MEDIUM", - "line": 1 - }, - { - "queryName": "CloudTrail SNS Topic Name Undefined", - "severity": "MEDIUM", - "line": 5 - } -] + { + "queryName": "CloudTrail SNS Topic Name Undefined", + "severity": "INFO", + "line": 1 + }, + { + "queryName": "CloudTrail SNS Topic Name Undefined", + "severity": "INFO", + "line": 5 + } +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/cloudwatch_iam_policy_changes_alarm_missing/test/positive_expected_result.json b/assets/queries/terraform/aws/cloudwatch_iam_policy_changes_alarm_missing/test/positive_expected_result.json index 781c6d70cbd..8dcb4abaef3 100644 --- a/assets/queries/terraform/aws/cloudwatch_iam_policy_changes_alarm_missing/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/cloudwatch_iam_policy_changes_alarm_missing/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "CloudWatch IAM Policy Changes Alarm Missing", - "severity": "HIGH", + "severity": "LOW", "line": 1, "fileName": "positive1.tf" }, { "queryName": "CloudWatch IAM Policy Changes Alarm Missing", - "severity": "HIGH", + "severity": "LOW", "line": 1, "fileName": "positive2.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/cloudwatch_logs_destination_with_vulnerable_policy/test/positive_expected_result.json b/assets/queries/terraform/aws/cloudwatch_logs_destination_with_vulnerable_policy/test/positive_expected_result.json index 9a807c50803..98c3bff2732 100644 --- a/assets/queries/terraform/aws/cloudwatch_logs_destination_with_vulnerable_policy/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/cloudwatch_logs_destination_with_vulnerable_policy/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ { "queryName": "CloudWatch Logs Destination With Vulnerable Policy", - "severity": "MEDIUM", + "severity": "LOW", "line": 22, "fileName": "positive.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/cloudwatch_management_console_sign_in_without_mfa_alarm_missing/test/positive_expected_result.json b/assets/queries/terraform/aws/cloudwatch_management_console_sign_in_without_mfa_alarm_missing/test/positive_expected_result.json index 53f7ee22348..66cbc78e523 100644 --- a/assets/queries/terraform/aws/cloudwatch_management_console_sign_in_without_mfa_alarm_missing/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/cloudwatch_management_console_sign_in_without_mfa_alarm_missing/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "CloudWatch Console Sign-in Without MFA Alarm Missing", - "severity": "HIGH", + "severity": "LOW", "line": 1, "fileName": "positive1.tf" }, { "queryName": "CloudWatch Console Sign-in Without MFA Alarm Missing", - "severity": "HIGH", + "severity": "LOW", "line": 1, "fileName": "positive2.tf" }, { "queryName": "CloudWatch Console Sign-in Without MFA Alarm Missing", - "severity": "HIGH", + "severity": "LOW", "line": 1, "fileName": "positive3.tf" }, { "queryName": "CloudWatch Console Sign-in Without MFA Alarm Missing", - "severity": "HIGH", + "severity": "LOW", "line": 1, "fileName": "positive4.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/cloudwatch_root_account_use_alarm_missing/test/positive_expected_result.json b/assets/queries/terraform/aws/cloudwatch_root_account_use_alarm_missing/test/positive_expected_result.json index ef3d15ac0bc..1e6878d363a 100644 --- a/assets/queries/terraform/aws/cloudwatch_root_account_use_alarm_missing/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/cloudwatch_root_account_use_alarm_missing/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "CloudWatch Root Account Use Missing", - "severity": "HIGH", + "severity": "MEDIUM", "line": 1, "fileName": "positive1.tf" }, { "queryName": "CloudWatch Root Account Use Missing", - "severity": "HIGH", + "severity": "MEDIUM", "line": 1, "fileName": "positive2.tf" }, { "queryName": "CloudWatch Root Account Use Missing", - "severity": "HIGH", + "severity": "MEDIUM", "line": 1, "fileName": "positive3.tf" }, { "queryName": "CloudWatch Root Account Use Missing", - "severity": "HIGH", + "severity": "MEDIUM", "line": 1, "fileName": "positive4.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/cloudwatch_unauthorized_access_defined_alarm_missing/test/positive_expected_result.json b/assets/queries/terraform/aws/cloudwatch_unauthorized_access_defined_alarm_missing/test/positive_expected_result.json index 0d33df51a48..a85b9cc9ec1 100644 --- a/assets/queries/terraform/aws/cloudwatch_unauthorized_access_defined_alarm_missing/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/cloudwatch_unauthorized_access_defined_alarm_missing/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "CloudWatch Unauthorized Access Alarm Missing", - "severity": "HIGH", + "severity": "CRITICAL", "line": 1, "fileName": "positive1.tf" }, { "queryName": "CloudWatch Unauthorized Access Alarm Missing", - "severity": "HIGH", + "severity": "CRITICAL", "line": 1, "fileName": "positive2.tf" }, { "queryName": "CloudWatch Unauthorized Access Alarm Missing", - "severity": "HIGH", + "severity": "CRITICAL", "line": 1, "fileName": "positive3.tf" }, { "queryName": "CloudWatch Unauthorized Access Alarm Missing", - "severity": "HIGH", + "severity": "CRITICAL", "line": 1, "fileName": "positive4.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/cloudwatch_without_retention_period_specified/test/positive_expected_result.json b/assets/queries/terraform/aws/cloudwatch_without_retention_period_specified/test/positive_expected_result.json index f3d7af016f8..f2071da151f 100644 --- a/assets/queries/terraform/aws/cloudwatch_without_retention_period_specified/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/cloudwatch_without_retention_period_specified/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "CloudWatch Without Retention Period Specified", - "severity": "MEDIUM", + "severity": "INFO", "line": 1 }, { "queryName": "CloudWatch Without Retention Period Specified", - "severity": "MEDIUM", + "severity": "INFO", "line": 18 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/cmk_rotation_disabled/test/positive_expected_result.json b/assets/queries/terraform/aws/cmk_rotation_disabled/test/positive_expected_result.json index 7ea2cd31610..09a15bd8446 100644 --- a/assets/queries/terraform/aws/cmk_rotation_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/cmk_rotation_disabled/test/positive_expected_result.json @@ -1,32 +1,32 @@ [ { "queryName": "CMK Rotation Disabled", - "severity": "HIGH", + "severity": "LOW", "line": 1, "fileName": "positive1.tf" }, { "queryName": "CMK Rotation Disabled", - "severity": "HIGH", + "severity": "LOW", "line": 1, "fileName": "positive2.tf" }, { "queryName": "CMK Rotation Disabled", - "severity": "HIGH", + "severity": "LOW", "line": 1, "fileName": "positive3.tf" }, { "queryName": "CMK Rotation Disabled", - "severity": "HIGH", + "severity": "LOW", "line": 1, "fileName": "positive4.tf" }, { "queryName": "CMK Rotation Disabled", - "severity": "HIGH", + "severity": "LOW", "line": 1, "fileName": "positive5.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/codebuild_project_encrypted_with_aws_managed_key/test/positive_expected_result.json b/assets/queries/terraform/aws/codebuild_project_encrypted_with_aws_managed_key/test/positive_expected_result.json index 4859dc44db0..7c4547c7354 100644 --- a/assets/queries/terraform/aws/codebuild_project_encrypted_with_aws_managed_key/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/codebuild_project_encrypted_with_aws_managed_key/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "CodeBuild Project Encrypted With AWS Managed Key", - "severity": "HIGH", + "severity": "LOW", "line": 35 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/cognito_userpool_without_mfa/test/positive_expected_result.json b/assets/queries/terraform/aws/cognito_userpool_without_mfa/test/positive_expected_result.json index 41cc653cd6b..0942578b863 100644 --- a/assets/queries/terraform/aws/cognito_userpool_without_mfa/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/cognito_userpool_without_mfa/test/positive_expected_result.json @@ -1,17 +1,17 @@ [ { "queryName": "Cognito UserPool Without MFA", - "severity": "MEDIUM", + "severity": "LOW", "line": 1 }, { "queryName": "Cognito UserPool Without MFA", - "severity": "MEDIUM", + "severity": "LOW", "line": 16 }, { "queryName": "Cognito UserPool Without MFA", - "severity": "MEDIUM", + "severity": "LOW", "line": 32 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/config_configuration_aggregator_to_all_regions_disabled/test/positive_expected_result.json b/assets/queries/terraform/aws/config_configuration_aggregator_to_all_regions_disabled/test/positive_expected_result.json index 7ed12811a6b..66411526a70 100644 --- a/assets/queries/terraform/aws/config_configuration_aggregator_to_all_regions_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/config_configuration_aggregator_to_all_regions_disabled/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "Configuration Aggregator to All Regions Disabled", - "severity": "MEDIUM", + "severity": "LOW", "line": 4, "fileName": "positive.tf" }, { "queryName": "Configuration Aggregator to All Regions Disabled", - "severity": "MEDIUM", + "severity": "LOW", "line": 16, "fileName": "positive.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/config_rule_for_encrypted_volumes_is_disabled/test/positive_expected_result.json b/assets/queries/terraform/aws/config_rule_for_encrypted_volumes_is_disabled/test/positive_expected_result.json index 585949409d2..2130cceed2f 100644 --- a/assets/queries/terraform/aws/config_rule_for_encrypted_volumes_is_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/config_rule_for_encrypted_volumes_is_disabled/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "Config Rule For Encrypted Volumes Disabled", - "severity": "MEDIUM", + "severity": "HIGH", "line": 1 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/cross_account_iam_assume_role_policy_without_external_id_or_mfa/test/positive_expected_result.json b/assets/queries/terraform/aws/cross_account_iam_assume_role_policy_without_external_id_or_mfa/test/positive_expected_result.json index d89bf465437..ba8676020d4 100644 --- a/assets/queries/terraform/aws/cross_account_iam_assume_role_policy_without_external_id_or_mfa/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/cross_account_iam_assume_role_policy_without_external_id_or_mfa/test/positive_expected_result.json @@ -1,20 +1,20 @@ [ { "queryName": "Cross-Account IAM Assume Role Policy Without ExternalId or MFA", - "severity": "MEDIUM", + "severity": "HIGH", "line": 4, "fileName": "positive1.tf" }, { "queryName": "Cross-Account IAM Assume Role Policy Without ExternalId or MFA", - "severity": "MEDIUM", + "severity": "HIGH", "line": 4, "fileName": "positive2.tf" }, { "queryName": "Cross-Account IAM Assume Role Policy Without ExternalId or MFA", - "severity": "MEDIUM", + "severity": "HIGH", "line": 4, "fileName": "positive3.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/db_security_group_with_public_scope/test/positive_expected_result.json b/assets/queries/terraform/aws/db_security_group_with_public_scope/test/positive_expected_result.json index d0cb17244f3..48e1b64a9c2 100644 --- a/assets/queries/terraform/aws/db_security_group_with_public_scope/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/db_security_group_with_public_scope/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "DB Security Group With Public Scope", - "severity": "HIGH", + "severity": "CRITICAL", "line": 5 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/docdb_cluster_encrypted_with_aws_managed_key/test/positive_expected_result.json b/assets/queries/terraform/aws/docdb_cluster_encrypted_with_aws_managed_key/test/positive_expected_result.json index 3c104146b23..8788d51d849 100644 --- a/assets/queries/terraform/aws/docdb_cluster_encrypted_with_aws_managed_key/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/docdb_cluster_encrypted_with_aws_managed_key/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "DOCDB Cluster Encrypted With AWS Managed Key", - "severity": "MEDIUM", + "severity": "LOW", "line": 16 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/docdb_logging_disabled/test/positive_expected_result.json b/assets/queries/terraform/aws/docdb_logging_disabled/test/positive_expected_result.json index 053af0cf422..0c84ccf6804 100644 --- a/assets/queries/terraform/aws/docdb_logging_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/docdb_logging_disabled/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "DocDB Logging Is Disabled", - "severity": "LOW", + "severity": "MEDIUM", "line": 1, "filename": "positive1.tf" }, { "queryName": "DocDB Logging Is Disabled", - "severity": "LOW", + "severity": "MEDIUM", "line": 10, "filename": "positive2.tf" }, { "queryName": "DocDB Logging Is Disabled", - "severity": "LOW", + "severity": "MEDIUM", "line": 10, "filename": "positive3.tf" }, { "queryName": "DocDB Logging Is Disabled", - "severity": "LOW", + "severity": "MEDIUM", "line": 10, "filename": "positive4.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/dynamodb_table_not_encrypted/test/positive_expected_result.json b/assets/queries/terraform/aws/dynamodb_table_not_encrypted/test/positive_expected_result.json index 19ba72b8d7a..4fe338ed241 100644 --- a/assets/queries/terraform/aws/dynamodb_table_not_encrypted/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/dynamodb_table_not_encrypted/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "DynamoDB Table Not Encrypted", - "severity": "MEDIUM", + "severity": "HIGH", "line": 1, "filename": "positive1.tf" }, { "queryName": "DynamoDB Table Not Encrypted", - "severity": "MEDIUM", + "severity": "HIGH", "line": 30, "filename": "positive1.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/dynamodb_table_point_in_time_recovery_disabled/test/positive_expected_result.json b/assets/queries/terraform/aws/dynamodb_table_point_in_time_recovery_disabled/test/positive_expected_result.json index 9f98d2de117..bb0ed6d24e4 100644 --- a/assets/queries/terraform/aws/dynamodb_table_point_in_time_recovery_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/dynamodb_table_point_in_time_recovery_disabled/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "DynamoDB Table Point In Time Recovery Disabled", - "severity": "MEDIUM", + "severity": "INFO", "line": 10, "filename": "positive1.tf" }, { "queryName": "DynamoDB Table Point In Time Recovery Disabled", - "severity": "MEDIUM", + "severity": "INFO", "line": 1, "filename": "positive2.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/dynamodb_vpc_endpoint_wihout_route_table_association/test/positive_expected_result.json b/assets/queries/terraform/aws/dynamodb_vpc_endpoint_wihout_route_table_association/test/positive_expected_result.json index 42172063f1e..2d63fdae815 100644 --- a/assets/queries/terraform/aws/dynamodb_vpc_endpoint_wihout_route_table_association/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/dynamodb_vpc_endpoint_wihout_route_table_association/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "Dynamodb VPC Endpoint Without Route Table Association", - "severity": "MEDIUM", + "severity": "LOW", "line": 31 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/ebs_volume_encryption_disabled/test/positive_expected_result.json b/assets/queries/terraform/aws/ebs_volume_encryption_disabled/test/positive_expected_result.json index 01ef01a4bb9..8ba140c64e7 100644 --- a/assets/queries/terraform/aws/ebs_volume_encryption_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/ebs_volume_encryption_disabled/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "EBS Volume Encryption Disabled", - "severity": "MEDIUM", + "severity": "HIGH", "line": 4, "fileName": "positive1.tf" }, { "queryName": "EBS Volume Encryption Disabled", - "severity": "MEDIUM", + "severity": "HIGH", "line": 1, "fileName": "positive2.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/ec2_instance_has_public_ip/test/positive_expected_result.json b/assets/queries/terraform/aws/ec2_instance_has_public_ip/test/positive_expected_result.json index 42b9450f96c..71d37ca807f 100644 --- a/assets/queries/terraform/aws/ec2_instance_has_public_ip/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/ec2_instance_has_public_ip/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "EC2 Instance Has Public IP", - "severity": "HIGH", + "severity": "MEDIUM", "line": 17, "fileName": "positive1.tf" }, { "queryName": "EC2 Instance Has Public IP", - "severity": "HIGH", + "severity": "MEDIUM", "line": 28, "fileName": "positive1.tf" }, { "queryName": "EC2 Instance Has Public IP", - "severity": "HIGH", + "severity": "MEDIUM", "line": 1, "fileName": "positive2.tf" }, { "queryName": "EC2 Instance Has Public IP", - "severity": "HIGH", + "severity": "MEDIUM", "line": 13, "fileName": "positive3.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/ec2_instance_monitoring_disabled/test/positive_expected_result.json b/assets/queries/terraform/aws/ec2_instance_monitoring_disabled/test/positive_expected_result.json index b42a71fd9ba..edc9aa0da27 100644 --- a/assets/queries/terraform/aws/ec2_instance_monitoring_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/ec2_instance_monitoring_disabled/test/positive_expected_result.json @@ -1,32 +1,32 @@ [ { "queryName": "EC2 Instance Monitoring Disabled", - "severity": "INFO", + "severity": "MEDIUM", "line": 17, "fileName": "positive1.tf" }, { "queryName": "EC2 Instance Monitoring Disabled", - "severity": "INFO", + "severity": "MEDIUM", "line": 20, "fileName": "positive2.tf" }, { "queryName": "EC2 Instance Monitoring Disabled", - "severity": "INFO", + "severity": "MEDIUM", "line": 1, "fileName": "positive3.tf" }, { "queryName": "EC2 Instance Monitoring Disabled", - "severity": "INFO", + "severity": "MEDIUM", "line": 10, "fileName": "positive4.tf" }, { "queryName": "EC2 Instance Monitoring Disabled", - "severity": "INFO", + "severity": "MEDIUM", "line": 28, "fileName": "positive5.json" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/ec2_instance_using_default_security_group/test/positive_expected_result.json b/assets/queries/terraform/aws/ec2_instance_using_default_security_group/test/positive_expected_result.json index b99a56e867d..60974d84ff2 100644 --- a/assets/queries/terraform/aws/ec2_instance_using_default_security_group/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/ec2_instance_using_default_security_group/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "EC2 Instance Using Default Security Group", - "severity": "LOW", + "severity": "MEDIUM", "line": 9, "fileName": "positive1.tf" }, { "queryName": "EC2 Instance Using Default Security Group", - "severity": "LOW", + "severity": "MEDIUM", "line": 6, "fileName": "positive2.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/ecr_repository_is_publicly_accessible/test/positive_expected_result.json b/assets/queries/terraform/aws/ecr_repository_is_publicly_accessible/test/positive_expected_result.json index f7fd0df0cf3..6a419b1981b 100644 --- a/assets/queries/terraform/aws/ecr_repository_is_publicly_accessible/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/ecr_repository_is_publicly_accessible/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "ECR Repository Is Publicly Accessible", - "severity": "MEDIUM", + "severity": "CRITICAL", "line": 8 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/ecs_service_without_running_tasks/test/positive_expected_result.json b/assets/queries/terraform/aws/ecs_service_without_running_tasks/test/positive_expected_result.json index c4a512e62f9..038245c2cee 100644 --- a/assets/queries/terraform/aws/ecs_service_without_running_tasks/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/ecs_service_without_running_tasks/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ { "queryName": "ECS Service Without Running Tasks", - "severity": "MEDIUM", + "severity": "LOW", "line": 1, "fileName": "positive.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/ecs_task_definition_network_mode_not_recommended/test/positive_expected_result.json b/assets/queries/terraform/aws/ecs_task_definition_network_mode_not_recommended/test/positive_expected_result.json index 7716cfc67b1..be1f04a0a99 100644 --- a/assets/queries/terraform/aws/ecs_task_definition_network_mode_not_recommended/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/ecs_task_definition_network_mode_not_recommended/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "ECS Task Definition Network Mode Not Recommended", - "severity": "HIGH", + "severity": "MEDIUM", "line": 3 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/efs_with_vulnerable_policy/test/positive_expected_result.json b/assets/queries/terraform/aws/efs_with_vulnerable_policy/test/positive_expected_result.json index c58e4e9104a..c8af7a301f9 100644 --- a/assets/queries/terraform/aws/efs_with_vulnerable_policy/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/efs_with_vulnerable_policy/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ { "queryName": "EFS With Vulnerable Policy", - "severity": "HIGH", + "severity": "MEDIUM", "line": 16, "fileName": "positive.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/efs_without_kms/test/positive_expected_result.json b/assets/queries/terraform/aws/efs_without_kms/test/positive_expected_result.json index 1e86007355c..ba63f84dca0 100644 --- a/assets/queries/terraform/aws/efs_without_kms/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/efs_without_kms/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ - { - "queryName": "EFS Without KMS", - "severity": "HIGH", - "line": 1 - } -] + { + "queryName": "EFS Without KMS", + "severity": "LOW", + "line": 1 + } +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/eks_cluster_has_public_access_cidrs/test/positive_expected_result.json b/assets/queries/terraform/aws/eks_cluster_has_public_access_cidrs/test/positive_expected_result.json index fdd6651549e..fc8b1649bfe 100644 --- a/assets/queries/terraform/aws/eks_cluster_has_public_access_cidrs/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/eks_cluster_has_public_access_cidrs/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "EKS Cluster Has Public Access CIDRs", - "severity": "HIGH", + "severity": "MEDIUM", "line": 8 }, { "queryName": "EKS Cluster Has Public Access CIDRs", - "severity": "HIGH", + "severity": "MEDIUM", "line": 30 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/eks_cluster_log_disabled/test/positive_expected_result.json b/assets/queries/terraform/aws/eks_cluster_log_disabled/test/positive_expected_result.json index 523482dea8f..5f09bd406dd 100644 --- a/assets/queries/terraform/aws/eks_cluster_log_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/eks_cluster_log_disabled/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ { "queryName": "EKS cluster logging is not enabled", - "severity": "LOW", + "severity": "MEDIUM", "line": 6, "filename": "positive1.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/eks_node_group_remote_access_disabled/test/positive_expected_result.json b/assets/queries/terraform/aws/eks_node_group_remote_access_disabled/test/positive_expected_result.json index a1aa7916e01..56ceeded77b 100644 --- a/assets/queries/terraform/aws/eks_node_group_remote_access_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/eks_node_group_remote_access_disabled/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ { "queryName": "EKS node group remote access disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 13, "fileName": "positive.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/elasticache_replication_group_not_encrypted_at_rest/test/positive_expected_result.json b/assets/queries/terraform/aws/elasticache_replication_group_not_encrypted_at_rest/test/positive_expected_result.json index 413fa4d5d61..97de094b1b1 100644 --- a/assets/queries/terraform/aws/elasticache_replication_group_not_encrypted_at_rest/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/elasticache_replication_group_not_encrypted_at_rest/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "ElastiCache Replication Group Not Encrypted At Rest", - "severity": "MEDIUM", + "severity": "HIGH", "line": 1, "fileName": "positive1.tf" }, { "queryName": "ElastiCache Replication Group Not Encrypted At Rest", - "severity": "MEDIUM", + "severity": "HIGH", "line": 9, "fileName": "positive2.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/elasticsearch_encryption_with_kms_is_disabled/test/positive_expected_result.json b/assets/queries/terraform/aws/elasticsearch_encryption_with_kms_is_disabled/test/positive_expected_result.json index ea05dfd849f..35a08640780 100644 --- a/assets/queries/terraform/aws/elasticsearch_encryption_with_kms_is_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/elasticsearch_encryption_with_kms_is_disabled/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ - { - "queryName": "ElasticSearch Encryption With KMS Disabled", - "severity": "MEDIUM", - "line": 5 - } -] + { + "queryName": "ElasticSearch Encryption With KMS Disabled", + "severity": "HIGH", + "line": 5 + } +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/elasticsearch_not_encrypted_at_rest/test/positive_expected_result.json b/assets/queries/terraform/aws/elasticsearch_not_encrypted_at_rest/test/positive_expected_result.json index aca82bcdb6f..7a0f9115878 100644 --- a/assets/queries/terraform/aws/elasticsearch_not_encrypted_at_rest/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/elasticsearch_not_encrypted_at_rest/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ - { - "queryName": "ElasticSearch Not Encrypted At Rest", - "severity": "MEDIUM", - "line": 1 - }, - { - "queryName": "ElasticSearch Not Encrypted At Rest", - "severity": "MEDIUM", - "line": 11 - } -] + { + "queryName": "ElasticSearch Not Encrypted At Rest", + "severity": "HIGH", + "line": 1 + }, + { + "queryName": "ElasticSearch Not Encrypted At Rest", + "severity": "HIGH", + "line": 11 + } +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/elasticsearch_with_https_disabled/test/positive_expected_result.json b/assets/queries/terraform/aws/elasticsearch_with_https_disabled/test/positive_expected_result.json index 215397b7020..982f13b43ec 100644 --- a/assets/queries/terraform/aws/elasticsearch_with_https_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/elasticsearch_with_https_disabled/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ - { - "queryName": "Elasticsearch with HTTPS disabled", - "severity": "HIGH", - "line": 27, - "fileName": "positive1.tf" - } + { + "queryName": "Elasticsearch with HTTPS disabled", + "severity": "MEDIUM", + "line": 27, + "fileName": "positive1.tf" + } ] \ No newline at end of file diff --git a/assets/queries/terraform/aws/elasticsearch_without_slow_logs/test/positive_expected_result.json b/assets/queries/terraform/aws/elasticsearch_without_slow_logs/test/positive_expected_result.json index 17e9a0e9089..023e30233ed 100644 --- a/assets/queries/terraform/aws/elasticsearch_without_slow_logs/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/elasticsearch_without_slow_logs/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ { "queryName": "ElasticSearch Without Slow Logs", - "severity": "MEDIUM", + "severity": "LOW", "line": 4, "filename": "positive1.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/elb_using_insecure_protocols/test/positive_expected_result.json b/assets/queries/terraform/aws/elb_using_insecure_protocols/test/positive_expected_result.json index 39924783c48..d3475be6d2a 100644 --- a/assets/queries/terraform/aws/elb_using_insecure_protocols/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/elb_using_insecure_protocols/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "ELB Using Insecure Protocols", - "severity": "HIGH", + "severity": "MEDIUM", "line": 41 }, { "queryName": "ELB Using Insecure Protocols", - "severity": "HIGH", + "severity": "MEDIUM", "line": 30 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/global_accelerator_flow_logs_disabled/test/positive_expected_result.json b/assets/queries/terraform/aws/global_accelerator_flow_logs_disabled/test/positive_expected_result.json index 0faed1db719..660a6a6953f 100644 --- a/assets/queries/terraform/aws/global_accelerator_flow_logs_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/global_accelerator_flow_logs_disabled/test/positive_expected_result.json @@ -1,20 +1,20 @@ [ { "queryName": "Global Accelerator Flow Logs Disabled", - "severity": "LOW", + "severity": "MEDIUM", "line": 1, "filename": "positive1.tf" }, { "queryName": "Global Accelerator Flow Logs Disabled", - "severity": "LOW", + "severity": "MEDIUM", "line": 6, "filename": "positive2.tf" }, { "queryName": "Global Accelerator Flow Logs Disabled", - "severity": "LOW", + "severity": "MEDIUM", "line": 7, "filename": "positive3.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/hardcoded_aws_access_key/test/positive_expected_result.json b/assets/queries/terraform/aws/hardcoded_aws_access_key/test/positive_expected_result.json index 6c3995f927d..7cfc634073e 100644 --- a/assets/queries/terraform/aws/hardcoded_aws_access_key/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/hardcoded_aws_access_key/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "Hardcoded AWS Access Key", - "severity": "MEDIUM", + "severity": "HIGH", "line": 5, "fileName": "positive2.tf" }, { "queryName": "Hardcoded AWS Access Key", - "severity": "MEDIUM", + "severity": "HIGH", "line": 13, "fileName": "positive1.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/hardcoded_aws_access_key_in_lambda/test/positive_expected_result.json b/assets/queries/terraform/aws/hardcoded_aws_access_key_in_lambda/test/positive_expected_result.json index cd443d6f9bf..f633fc224fd 100644 --- a/assets/queries/terraform/aws/hardcoded_aws_access_key_in_lambda/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/hardcoded_aws_access_key_in_lambda/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "Hardcoded AWS Access Key In Lambda", - "severity": "MEDIUM", + "severity": "HIGH", "line": 57, "fileName": "positive.tf" }, { "queryName": "Hardcoded AWS Access Key In Lambda", - "severity": "MEDIUM", + "severity": "HIGH", "line": 36, "fileName": "positive.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/http_port_open/test/positive_expected_result.json b/assets/queries/terraform/aws/http_port_open/test/positive_expected_result.json index b21243fcdaa..5f11e76f248 100644 --- a/assets/queries/terraform/aws/http_port_open/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/http_port_open/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "HTTP Port Open To Internet", - "severity": "HIGH", + "severity": "MEDIUM", "line": 1 }, { "queryName": "HTTP Port Open To Internet", - "severity": "HIGH", + "severity": "MEDIUM", "line": 14 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/iam_database_auth_not_enabled/test/positive_expected_result.json b/assets/queries/terraform/aws/iam_database_auth_not_enabled/test/positive_expected_result.json index b424b5340b2..be5ed3840b6 100644 --- a/assets/queries/terraform/aws/iam_database_auth_not_enabled/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/iam_database_auth_not_enabled/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ - { - "queryName": "IAM Database Auth Not Enabled", - "severity": "HIGH", - "line": 10, - "fileName": "positive1.tf" - }, - { - "queryName": "IAM Database Auth Not Enabled", - "severity": "HIGH", - "line": 1, - "fileName": "positive2.tf" - }, - { - "queryName": "IAM Database Auth Not Enabled", - "severity": "HIGH", - "line": 1, - "fileName": "positive3.tf" - }, - { - "queryName": "IAM Database Auth Not Enabled", - "severity": "HIGH", - "line": 17, - "fileName": "positive4.tf" - } -] + { + "queryName": "IAM Database Auth Not Enabled", + "severity": "MEDIUM", + "line": 10, + "fileName": "positive1.tf" + }, + { + "queryName": "IAM Database Auth Not Enabled", + "severity": "MEDIUM", + "line": 1, + "fileName": "positive2.tf" + }, + { + "queryName": "IAM Database Auth Not Enabled", + "severity": "MEDIUM", + "line": 1, + "fileName": "positive3.tf" + }, + { + "queryName": "IAM Database Auth Not Enabled", + "severity": "MEDIUM", + "line": 17, + "fileName": "positive4.tf" + } +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/iam_group_without_users/test/positive_expected_result.json b/assets/queries/terraform/aws/iam_group_without_users/test/positive_expected_result.json index 3f30ed930af..c6f93a4d5fb 100644 --- a/assets/queries/terraform/aws/iam_group_without_users/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/iam_group_without_users/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "IAM Group Without Users", - "severity": "LOW", + "severity": "MEDIUM", "line": 12 }, { "queryName": "IAM Group Without Users", - "severity": "LOW", + "severity": "MEDIUM", "line": 33 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/iam_password_without_minimum_length/test/positive_expected_result.json b/assets/queries/terraform/aws/iam_password_without_minimum_length/test/positive_expected_result.json index dbf17023c72..fe66c904973 100644 --- a/assets/queries/terraform/aws/iam_password_without_minimum_length/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/iam_password_without_minimum_length/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "IAM Password Without Minimum Length", - "severity": "MEDIUM", + "severity": "LOW", "line": 1 }, { "queryName": "IAM Password Without Minimum Length", - "severity": "MEDIUM", + "severity": "LOW", "line": 10 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/iam_policies_with_full_privileges/test/positive_expected_result.json b/assets/queries/terraform/aws/iam_policies_with_full_privileges/test/positive_expected_result.json index 68eb4579ac5..fdd7871c6ca 100644 --- a/assets/queries/terraform/aws/iam_policies_with_full_privileges/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/iam_policies_with_full_privileges/test/positive_expected_result.json @@ -1,15 +1,14 @@ [ { "queryName": "IAM Policies With Full Privileges", - "severity": "HIGH", + "severity": "MEDIUM", "line": 5, "fileName": "positive.tf" }, { "queryName": "IAM Policies With Full Privileges", - "severity": "HIGH", + "severity": "MEDIUM", "line": 19, "fileName": "positive.tf" } - -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/iam_policy_grants_assumerole_permission_across_all_services/test/positive_expected_result.json b/assets/queries/terraform/aws/iam_policy_grants_assumerole_permission_across_all_services/test/positive_expected_result.json index 6d9ed8fdc44..ceff30e7ae2 100644 --- a/assets/queries/terraform/aws/iam_policy_grants_assumerole_permission_across_all_services/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/iam_policy_grants_assumerole_permission_across_all_services/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "IAM Policy Grants 'AssumeRole' Permission Across All Services", - "severity": "LOW", + "severity": "MEDIUM", "line": 7 }, { "queryName": "IAM Policy Grants 'AssumeRole' Permission Across All Services", - "severity": "LOW", + "severity": "MEDIUM", "line": 70 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/iam_role_allows_all_principals_to_assume/test/positive_expected_result.json b/assets/queries/terraform/aws/iam_role_allows_all_principals_to_assume/test/positive_expected_result.json index 1a12adcb4e7..2b81677ef91 100644 --- a/assets/queries/terraform/aws/iam_role_allows_all_principals_to_assume/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/iam_role_allows_all_principals_to_assume/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "IAM Role Allows All Principals To Assume", - "severity": "LOW", + "severity": "HIGH", "line": 37 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/iam_user_policy_without_mfa/test/positive_expected_result.json b/assets/queries/terraform/aws/iam_user_policy_without_mfa/test/positive_expected_result.json index 3a1d3ca9c35..9aeb404ff39 100644 --- a/assets/queries/terraform/aws/iam_user_policy_without_mfa/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/iam_user_policy_without_mfa/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "IAM User Policy Without MFA", - "severity": "HIGH", + "severity": "LOW", "line": 18 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/instance_with_no_vpc/test/positive_expected_result.json b/assets/queries/terraform/aws/instance_with_no_vpc/test/positive_expected_result.json index 83cc1aca44c..83a88cc559d 100644 --- a/assets/queries/terraform/aws/instance_with_no_vpc/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/instance_with_no_vpc/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ - { - "queryName": "Instance With No VPC", - "severity": "MEDIUM", - "line": 1, - "fileName": "positive1.tf" - }, - { - "queryName": "Instance With No VPC", - "severity": "MEDIUM", - "line": 1, - "fileName": "positive2.tf" - } -] + { + "queryName": "Instance With No VPC", + "severity": "LOW", + "line": 1, + "fileName": "positive1.tf" + }, + { + "queryName": "Instance With No VPC", + "severity": "LOW", + "line": 1, + "fileName": "positive2.tf" + } +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/kms_key_with_no_deletion_window/test/positive_expected_result.json b/assets/queries/terraform/aws/kms_key_with_no_deletion_window/test/positive_expected_result.json index 6391a1a005b..086ae05195e 100644 --- a/assets/queries/terraform/aws/kms_key_with_no_deletion_window/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/kms_key_with_no_deletion_window/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "KMS Key With No Deletion Window", - "severity": "HIGH", + "severity": "LOW", "line": 1 }, { "queryName": "KMS Key With No Deletion Window", - "severity": "HIGH", + "severity": "LOW", "line": 18 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/lambda_with_vulnerable_policy/test/positive_expected_result.json b/assets/queries/terraform/aws/lambda_with_vulnerable_policy/test/positive_expected_result.json index 7ede7d1ef9d..971cd176054 100644 --- a/assets/queries/terraform/aws/lambda_with_vulnerable_policy/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/lambda_with_vulnerable_policy/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ { "queryName": "Lambda With Vulnerable Policy", - "severity": "MEDIUM", + "severity": "HIGH", "line": 35, "fileName": "positive.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/misconfigured_password_policy_expiration/test/positive_expected_result.json b/assets/queries/terraform/aws/misconfigured_password_policy_expiration/test/positive_expected_result.json index 34324b53535..94deefb61b9 100644 --- a/assets/queries/terraform/aws/misconfigured_password_policy_expiration/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/misconfigured_password_policy_expiration/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "Misconfigured Password Policy Expiration", - "severity": "MEDIUM", + "severity": "LOW", "line": 12 }, { "queryName": "Misconfigured Password Policy Expiration", - "severity": "MEDIUM", + "severity": "LOW", "line": 8 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/missing_cluster_log_types/test/positive_expected_result.json b/assets/queries/terraform/aws/missing_cluster_log_types/test/positive_expected_result.json index 4fac18f4061..137f7b0ae88 100755 --- a/assets/queries/terraform/aws/missing_cluster_log_types/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/missing_cluster_log_types/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "Missing Cluster Log Types", - "severity": "LOW", + "severity": "MEDIUM", "line": 9 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/mq_broker_is_publicly_accessible/test/positive_expected_result.json b/assets/queries/terraform/aws/mq_broker_is_publicly_accessible/test/positive_expected_result.json index fdc2ec63405..144dcfe9c92 100644 --- a/assets/queries/terraform/aws/mq_broker_is_publicly_accessible/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/mq_broker_is_publicly_accessible/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ - { - "queryName": "MQ Broker Is Publicly Accessible", - "severity": "MEDIUM", - "line": 19 - } -] + { + "queryName": "MQ Broker Is Publicly Accessible", + "severity": "HIGH", + "line": 19 + } +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/neptune_cluster_with_iam_database_authentication_disabled/test/positive_expected_result.json b/assets/queries/terraform/aws/neptune_cluster_with_iam_database_authentication_disabled/test/positive_expected_result.json index e24988627c0..b659dde30dd 100644 --- a/assets/queries/terraform/aws/neptune_cluster_with_iam_database_authentication_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/neptune_cluster_with_iam_database_authentication_disabled/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "Neptune Cluster With IAM Database Authentication Disabled", - "severity": "MEDIUM", + "severity": "HIGH", "line": 1 }, { "queryName": "Neptune Cluster With IAM Database Authentication Disabled", - "severity": "MEDIUM", + "severity": "HIGH", "line": 17 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/neptune_database_cluster_encryption_disabled/test/positive_expected_result.json b/assets/queries/terraform/aws/neptune_database_cluster_encryption_disabled/test/positive_expected_result.json index 083e8901ad4..9847f928c55 100644 --- a/assets/queries/terraform/aws/neptune_database_cluster_encryption_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/neptune_database_cluster_encryption_disabled/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "Neptune Database Cluster Encryption Disabled", - "severity": "MEDIUM", + "severity": "HIGH", "line": 1 }, { "queryName": "Neptune Database Cluster Encryption Disabled", - "severity": "MEDIUM", + "severity": "HIGH", "line": 19 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/neptune_logging_disabled/test/positive_expected_result.json b/assets/queries/terraform/aws/neptune_logging_disabled/test/positive_expected_result.json index 56596bbcd72..3fcd0ee99da 100644 --- a/assets/queries/terraform/aws/neptune_logging_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/neptune_logging_disabled/test/positive_expected_result.json @@ -1,20 +1,20 @@ [ { "queryName": "Neptune Logging Is Disabled", - "severity": "INFO", + "severity": "MEDIUM", "line": 1, "filename": "positive1.tf" }, { "queryName": "Neptune Logging Is Disabled", - "severity": "INFO", + "severity": "MEDIUM", "line": 9, "filename": "positive2.tf" }, { "queryName": "Neptune Logging Is Disabled", - "severity": "INFO", + "severity": "MEDIUM", "line": 9, "filename": "positive3.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/network_acl_with_unrestricted_access_to_ssh/test/positive_expected_result.json b/assets/queries/terraform/aws/network_acl_with_unrestricted_access_to_ssh/test/positive_expected_result.json index a7d92da3359..ffe49a69896 100644 --- a/assets/queries/terraform/aws/network_acl_with_unrestricted_access_to_ssh/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/network_acl_with_unrestricted_access_to_ssh/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "Network ACL With Unrestricted Access To SSH", - "severity": "HIGH", + "severity": "MEDIUM", "line": 30, "fileName": "positive1.tf" }, { "queryName": "Network ACL With Unrestricted Access To SSH", - "severity": "HIGH", + "severity": "MEDIUM", "line": 22, "fileName": "positive2.tf" }, { "queryName": "Network ACL With Unrestricted Access To SSH", - "severity": "HIGH", + "severity": "MEDIUM", "line": 26, "fileName": "positive3.tf" }, { "queryName": "Network ACL With Unrestricted Access To SSH", - "severity": "HIGH", + "severity": "MEDIUM", "line": 14, "fileName": "positive4.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/no_password_policy_enabled/test/positive_expected_result.json b/assets/queries/terraform/aws/no_password_policy_enabled/test/positive_expected_result.json index 96400bdd953..1c1519b011a 100644 --- a/assets/queries/terraform/aws/no_password_policy_enabled/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/no_password_policy_enabled/test/positive_expected_result.json @@ -1,27 +1,27 @@ [ { "queryName": "No Password Policy Enabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 5 }, { "queryName": "No Password Policy Enabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 16 }, { "queryName": "No Password Policy Enabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 23 }, { "queryName": "No Password Policy Enabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 30 }, { "queryName": "No Password Policy Enabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 31 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/password_without_reuse_prevention/test/positive_expected_result.json b/assets/queries/terraform/aws/password_without_reuse_prevention/test/positive_expected_result.json index 47dd181af07..14744faebfc 100644 --- a/assets/queries/terraform/aws/password_without_reuse_prevention/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/password_without_reuse_prevention/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "Password Without Reuse Prevention", - "severity": "MEDIUM", + "severity": "LOW", "line": 7 }, { "queryName": "Password Without Reuse Prevention", - "severity": "MEDIUM", + "severity": "LOW", "line": 10 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/rds_associated_with_public_subnet/test/positive_expected_result.json b/assets/queries/terraform/aws/rds_associated_with_public_subnet/test/positive_expected_result.json index cbb2fa7e7fb..3acfce4737d 100644 --- a/assets/queries/terraform/aws/rds_associated_with_public_subnet/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/rds_associated_with_public_subnet/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "RDS Associated with Public Subnet", - "severity": "HIGH", + "severity": "CRITICAL", "line": 11, "fileName": "positive1.tf" }, { "queryName": "RDS Associated with Public Subnet", - "severity": "HIGH", + "severity": "CRITICAL", "line": 11, "fileName": "positive2.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/rds_db_instance_publicly_accessible/test/positive_expected_result.json b/assets/queries/terraform/aws/rds_db_instance_publicly_accessible/test/positive_expected_result.json index e8044854441..a79d457a603 100644 --- a/assets/queries/terraform/aws/rds_db_instance_publicly_accessible/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/rds_db_instance_publicly_accessible/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ - { - "queryName": "RDS DB Instance Publicly Accessible", - "severity": "HIGH", - "line": 10, - "fileName": "positive1.tf" - }, - { - "queryName": "RDS DB Instance Publicly Accessible", - "severity": "HIGH", - "line": 11, - "fileName": "positive2.tf" - } -] + { + "queryName": "RDS DB Instance Publicly Accessible", + "severity": "CRITICAL", + "line": 10, + "fileName": "positive1.tf" + }, + { + "queryName": "RDS DB Instance Publicly Accessible", + "severity": "CRITICAL", + "line": 11, + "fileName": "positive2.tf" + } +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/rds_without_logging/test/positive_expected_result.json b/assets/queries/terraform/aws/rds_without_logging/test/positive_expected_result.json index 197cc5e91c6..9454580d871 100644 --- a/assets/queries/terraform/aws/rds_without_logging/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/rds_without_logging/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "RDS Without Logging", - "severity": "INFO", + "severity": "MEDIUM", "line": 1, "fileName": "positive1.tf" }, { "queryName": "RDS Without Logging", - "severity": "INFO", + "severity": "MEDIUM", "line": 7, "fileName": "positive2.tf" }, { "queryName": "RDS Without Logging", - "severity": "INFO", + "severity": "MEDIUM", "line": 1, "fileName": "positive3.tf" }, { "queryName": "RDS Without Logging", - "severity": "INFO", + "severity": "MEDIUM", "line": 11, "fileName": "positive4.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/redis_disabled/test/positive_expected_result.json b/assets/queries/terraform/aws/redis_disabled/test/positive_expected_result.json index 1af91ab8555..39222e69fa7 100644 --- a/assets/queries/terraform/aws/redis_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/redis_disabled/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ { "queryName": "Redis Disabled", - "severity": "MEDIUM", + "severity": "LOW", "line": 4, "fileName": "positive.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/redshift_cluster_without_vpc/test/positive_expected_result.json b/assets/queries/terraform/aws/redshift_cluster_without_vpc/test/positive_expected_result.json index e628cde55d2..25d75271b2d 100644 --- a/assets/queries/terraform/aws/redshift_cluster_without_vpc/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/redshift_cluster_without_vpc/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "Redshift Cluster Without VPC", - "severity": "MEDIUM", + "severity": "LOW", "line": 1 }, { "queryName": "Redshift Cluster Without VPC", - "severity": "MEDIUM", + "severity": "LOW", "line": 1 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/s3_bucket_access_to_any_principal/test/positive_expected_result.json b/assets/queries/terraform/aws/s3_bucket_access_to_any_principal/test/positive_expected_result.json index 2c97268acd0..6bbb854489c 100644 --- a/assets/queries/terraform/aws/s3_bucket_access_to_any_principal/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/s3_bucket_access_to_any_principal/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "S3 Bucket Access to Any Principal", - "severity": "HIGH", + "severity": "CRITICAL", "line": 4, "fileName": "positive1.tf" }, { "queryName": "S3 Bucket Access to Any Principal", - "severity": "HIGH", + "severity": "CRITICAL", "line": 12, "fileName": "positive2.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/s3_bucket_acl_allows_read_or_write_to_all_users/test/positive_expected_result.json b/assets/queries/terraform/aws/s3_bucket_acl_allows_read_or_write_to_all_users/test/positive_expected_result.json index bb8562e0809..67dc0436485 100644 --- a/assets/queries/terraform/aws/s3_bucket_acl_allows_read_or_write_to_all_users/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/s3_bucket_acl_allows_read_or_write_to_all_users/test/positive_expected_result.json @@ -1,38 +1,38 @@ [ { "queryName": "S3 Bucket ACL Allows Read Or Write to All Users", - "severity": "HIGH", + "severity": "CRITICAL", "line": 15, "fileName": "positive1.tf" }, { "queryName": "S3 Bucket ACL Allows Read Or Write to All Users", - "severity": "HIGH", + "severity": "CRITICAL", "line": 16, "fileName": "positive2.tf" }, { "queryName": "S3 Bucket ACL Allows Read Or Write to All Users", - "severity": "HIGH", + "severity": "CRITICAL", "line": 6, "fileName": "positive3.tf" }, { "queryName": "S3 Bucket ACL Allows Read Or Write to All Users", - "severity": "HIGH", + "severity": "CRITICAL", "line": 6, "fileName": "positive4.tf" }, { "queryName": "S3 Bucket ACL Allows Read Or Write to All Users", - "severity": "HIGH", + "severity": "CRITICAL", "line": 20, "fileName": "positive5.tf" }, { "queryName": "S3 Bucket ACL Allows Read Or Write to All Users", - "severity": "HIGH", + "severity": "CRITICAL", "line": 20, "fileName": "positive6.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/s3_bucket_acl_grants_write_acp_permission/test/positive_expected_result.json b/assets/queries/terraform/aws/s3_bucket_acl_grants_write_acp_permission/test/positive_expected_result.json index c5f5f8c660b..856b0ebf754 100644 --- a/assets/queries/terraform/aws/s3_bucket_acl_grants_write_acp_permission/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/s3_bucket_acl_grants_write_acp_permission/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "S3 Bucket ACL Grants WRITE_ACP Permission", - "severity": "HIGH", + "severity": "CRITICAL", "line": 16, "filename": "positive1.tf" }, { "queryName": "S3 Bucket ACL Grants WRITE_ACP Permission", - "severity": "HIGH", + "severity": "CRITICAL", "line": 23, "filename": "positive2.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/s3_bucket_allows_delete_action_from_all_principals/test/positive_expected_result.json b/assets/queries/terraform/aws/s3_bucket_allows_delete_action_from_all_principals/test/positive_expected_result.json index 94f83a62b46..18e69d4f123 100644 --- a/assets/queries/terraform/aws/s3_bucket_allows_delete_action_from_all_principals/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/s3_bucket_allows_delete_action_from_all_principals/test/positive_expected_result.json @@ -1,20 +1,20 @@ [ { "queryName": "S3 Bucket Allows Delete Action From All Principals", - "severity": "HIGH", + "severity": "CRITICAL", "line": 4, "fileName": "positive1.tf" }, { "queryName": "S3 Bucket Allows Delete Action From All Principals", - "severity": "HIGH", + "severity": "CRITICAL", "line": 4, "fileName": "positive2.tf" }, { "queryName": "S3 Bucket Allows Delete Action From All Principals", - "severity": "HIGH", + "severity": "CRITICAL", "line": 12, "fileName": "positive3.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/s3_bucket_allows_put_action_from_all_principals/test/positive_expected_result.json b/assets/queries/terraform/aws/s3_bucket_allows_put_action_from_all_principals/test/positive_expected_result.json index b865577e04b..0e3bc74d02b 100644 --- a/assets/queries/terraform/aws/s3_bucket_allows_put_action_from_all_principals/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/s3_bucket_allows_put_action_from_all_principals/test/positive_expected_result.json @@ -1,20 +1,20 @@ [ { "queryName": "S3 Bucket Allows Put Action From All Principals", - "severity": "HIGH", + "severity": "CRITICAL", "line": 4, "fileName": "positive1.tf" }, { "queryName": "S3 Bucket Allows Put Action From All Principals", - "severity": "HIGH", + "severity": "CRITICAL", "line": 5, "fileName": "positive2.tf" }, { "queryName": "S3 Bucket Allows Put Action From All Principals", - "severity": "HIGH", + "severity": "CRITICAL", "line": 12, "fileName": "positive3.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/s3_bucket_public_acl_overridden_by_public_access_block/test/positive_expected_result.json b/assets/queries/terraform/aws/s3_bucket_public_acl_overridden_by_public_access_block/test/positive_expected_result.json index 9cac36cd02a..ad88c555262 100644 --- a/assets/queries/terraform/aws/s3_bucket_public_acl_overridden_by_public_access_block/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/s3_bucket_public_acl_overridden_by_public_access_block/test/positive_expected_result.json @@ -1,20 +1,20 @@ [ { "queryName": "S3 Bucket Public ACL Overridden By Public Access Block", - "severity": "LOW", + "severity": "HIGH", "line": 16, "filename": "positive1.tf" }, { "queryName": "S3 Bucket Public ACL Overridden By Public Access Block", - "severity": "LOW", + "severity": "HIGH", "line": 7, "filename": "positive2.tf" }, { "queryName": "S3 Bucket Public ACL Overridden By Public Access Block", - "severity": "LOW", + "severity": "HIGH", "line": 20, "filename": "positive3.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/s3_bucket_with_all_permissions/test/positive_expected_result.json b/assets/queries/terraform/aws/s3_bucket_with_all_permissions/test/positive_expected_result.json index 44ff05eb89a..8d782699d0b 100644 --- a/assets/queries/terraform/aws/s3_bucket_with_all_permissions/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/s3_bucket_with_all_permissions/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "S3 Bucket With All Permissions", - "severity": "HIGH", + "severity": "CRITICAL", "line": 5, "fileName": "positive1.tf" }, { "queryName": "S3 Bucket With All Permissions", - "severity": "HIGH", + "severity": "CRITICAL", "line": 12, "fileName": "positive2.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/s3_bucket_with_unsecured_cors_rule/test/positive_expected_result.json b/assets/queries/terraform/aws/s3_bucket_with_unsecured_cors_rule/test/positive_expected_result.json index 359bbf1abd9..77bc3176924 100644 --- a/assets/queries/terraform/aws/s3_bucket_with_unsecured_cors_rule/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/s3_bucket_with_unsecured_cors_rule/test/positive_expected_result.json @@ -1,32 +1,32 @@ [ { "queryName": "S3 Bucket with Unsecured CORS Rule", - "severity": "HIGH", + "severity": "MEDIUM", "line": 27, "fileName": "positive1.tf" }, { "queryName": "S3 Bucket with Unsecured CORS Rule", - "severity": "HIGH", + "severity": "MEDIUM", "line": 27, "fileName": "positive2.tf" }, { "queryName": "S3 Bucket with Unsecured CORS Rule", - "severity": "HIGH", + "severity": "MEDIUM", "line": 16, "fileName": "positive3.tf" }, { "queryName": "S3 Bucket with Unsecured CORS Rule", - "severity": "HIGH", + "severity": "MEDIUM", "line": 16, "fileName": "positive4.tf" }, { "queryName": "S3 Bucket with Unsecured CORS Rule", - "severity": "HIGH", + "severity": "MEDIUM", "line": 26, "fileName": "positive5.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/s3_bucket_without_enabled_mfa_delete/test/positive_expected_result.json b/assets/queries/terraform/aws/s3_bucket_without_enabled_mfa_delete/test/positive_expected_result.json index 46f89917c14..d6320d44848 100755 --- a/assets/queries/terraform/aws/s3_bucket_without_enabled_mfa_delete/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/s3_bucket_without_enabled_mfa_delete/test/positive_expected_result.json @@ -29,7 +29,6 @@ "line": 23, "fileName": "positive4.tf" }, - { "queryName": "S3 Bucket Without Enabled MFA Delete", "severity": "LOW", @@ -72,4 +71,4 @@ "line": 27, "fileName": "positive10.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/s3_bucket_without_ignore_public_acl/test/positive_expected_result.json b/assets/queries/terraform/aws/s3_bucket_without_ignore_public_acl/test/positive_expected_result.json index f180dcd1bf1..1eaad588316 100755 --- a/assets/queries/terraform/aws/s3_bucket_without_ignore_public_acl/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/s3_bucket_without_ignore_public_acl/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "S3 Bucket Without Ignore Public ACL", - "severity": "LOW", + "severity": "MEDIUM", "line": 10, "filename": "positive1.tf" }, { "queryName": "S3 Bucket Without Ignore Public ACL", - "severity": "LOW", + "severity": "MEDIUM", "line": 7, "filename": "positive2.tf" }, { "queryName": "S3 Bucket Without Ignore Public ACL", - "severity": "LOW", + "severity": "MEDIUM", "line": 1, "filename": "positive3.tf" }, { "queryName": "S3 Bucket Without Ignore Public ACL", - "severity": "LOW", + "severity": "MEDIUM", "line": 5, "filename": "positive4.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/s3_bucket_without_restriction_of_public_bucket/test/positive_expected_result.json b/assets/queries/terraform/aws/s3_bucket_without_restriction_of_public_bucket/test/positive_expected_result.json index ed5cac0c565..b6af99348cc 100755 --- a/assets/queries/terraform/aws/s3_bucket_without_restriction_of_public_bucket/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/s3_bucket_without_restriction_of_public_bucket/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "S3 Bucket Without Restriction Of Public Bucket", - "severity": "HIGH", + "severity": "MEDIUM", "line": 14, "filename": "positive1.tf" }, { "queryName": "S3 Bucket Without Restriction Of Public Bucket", - "severity": "HIGH", + "severity": "MEDIUM", "line": 11, "filename": "positive1.tf" }, { "queryName": "S3 Bucket Without Restriction Of Public Bucket", - "severity": "HIGH", + "severity": "MEDIUM", "line": 1, "filename": "positive3.tf" }, { "queryName": "S3 Bucket Without Restriction Of Public Bucket", - "severity": "HIGH", + "severity": "MEDIUM", "line": 8, "filename": "positive2.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/secrets_manager_with_vulnerable_policy/test/positive_expected_result.json b/assets/queries/terraform/aws/secrets_manager_with_vulnerable_policy/test/positive_expected_result.json index 0ff1f5be772..cf616bbf4f3 100644 --- a/assets/queries/terraform/aws/secrets_manager_with_vulnerable_policy/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/secrets_manager_with_vulnerable_policy/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ { "queryName": "Secrets Manager With Vulnerable Policy", - "severity": "MEDIUM", + "severity": "HIGH", "line": 12, "fileName": "positive.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/secure_ciphers_disabled/test/positive_expected_result.json b/assets/queries/terraform/aws/secure_ciphers_disabled/test/positive_expected_result.json index 046ff69d53c..7de94a38420 100644 --- a/assets/queries/terraform/aws/secure_ciphers_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/secure_ciphers_disabled/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "Secure Ciphers Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 42 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/security_group_with_unrestricted_access_to_ssh/test/positive_expected_result.json b/assets/queries/terraform/aws/security_group_with_unrestricted_access_to_ssh/test/positive_expected_result.json index 79ab3caa428..62a7fa28936 100644 --- a/assets/queries/terraform/aws/security_group_with_unrestricted_access_to_ssh/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/security_group_with_unrestricted_access_to_ssh/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "Security Group With Unrestricted Access To SSH", - "severity": "HIGH", + "severity": "MEDIUM", "line": 11, "fileName": "positive1.tf" }, { "queryName": "Security Group With Unrestricted Access To SSH", - "severity": "HIGH", + "severity": "MEDIUM", "line": 11, "fileName": "positive2.tf" }, { "queryName": "Security Group With Unrestricted Access To SSH", - "severity": "HIGH", + "severity": "MEDIUM", "line": 13, "fileName": "positive3.tf" }, { "queryName": "Security Group With Unrestricted Access To SSH", - "severity": "HIGH", + "severity": "MEDIUM", "line": 13, "fileName": "positive4.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/sensitive_port_is_exposed_to_wide_private_network/test/positive_expected_result.json b/assets/queries/terraform/aws/sensitive_port_is_exposed_to_wide_private_network/test/positive_expected_result.json index fdbc07ab95a..1f3398e5bec 100644 --- a/assets/queries/terraform/aws/sensitive_port_is_exposed_to_wide_private_network/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/sensitive_port_is_exposed_to_wide_private_network/test/positive_expected_result.json @@ -1,1742 +1,1742 @@ [ { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive1.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive1.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive1.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive1.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive1.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive1.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive1.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive1.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive1.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive1.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive1.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive1.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive2.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive2.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive2.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive2.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive2.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive2.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive3.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive3.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive3.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive3.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive3.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive3.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive3.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive3.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive3.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive3.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive4.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive4.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive4.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive5.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive6.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive6.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive6.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive6.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive6.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive7.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "filename": "positive8.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 9, "filename": "positive9.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/ses_policy_with_allowed_iam_actions/test/positive_expected_result.json b/assets/queries/terraform/aws/ses_policy_with_allowed_iam_actions/test/positive_expected_result.json index e88c42d552b..e4ff470c989 100644 --- a/assets/queries/terraform/aws/ses_policy_with_allowed_iam_actions/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/ses_policy_with_allowed_iam_actions/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ { "queryName": "SES Policy With Allowed IAM Actions", - "severity": "MEDIUM", + "severity": "HIGH", "line": 4, "fileName": "positive.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/sns_topic_is_publicly_accessible/test/positive_expected_result.json b/assets/queries/terraform/aws/sns_topic_is_publicly_accessible/test/positive_expected_result.json index 2991efdbc11..6e9d8481aa2 100644 --- a/assets/queries/terraform/aws/sns_topic_is_publicly_accessible/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/sns_topic_is_publicly_accessible/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "SNS Topic is Publicly Accessible", - "severity": "HIGH", + "severity": "CRITICAL", "line": 2 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/sns_topic_not_encrypted/test/positive_expected_result.json b/assets/queries/terraform/aws/sns_topic_not_encrypted/test/positive_expected_result.json index 84e63addd46..3e178210b87 100644 --- a/assets/queries/terraform/aws/sns_topic_not_encrypted/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/sns_topic_not_encrypted/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "SNS Topic Not Encrypted", - "severity": "MEDIUM", + "severity": "HIGH", "line": 3, "fileName": "positive1.tf" }, { "queryName": "SNS Topic Not Encrypted", - "severity": "MEDIUM", + "severity": "HIGH", "line": 5, "fileName": "positive2.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/sqs_policy_allows_all_actions/test/positive_expected_result.json b/assets/queries/terraform/aws/sqs_policy_allows_all_actions/test/positive_expected_result.json index e7f0073cff2..28b216d8473 100644 --- a/assets/queries/terraform/aws/sqs_policy_allows_all_actions/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/sqs_policy_allows_all_actions/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "SQS Policy Allows All Actions", - "severity": "MEDIUM", + "severity": "HIGH", "line": 8, "filename": "positive1.tf" }, { "queryName": "SQS Policy Allows All Actions", - "severity": "MEDIUM", + "severity": "HIGH", "line": 12, "filename": "positive2.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/sqs_vpc_endpoint_without_dns_resolution/test/positive_expected_result.json b/assets/queries/terraform/aws/sqs_vpc_endpoint_without_dns_resolution/test/positive_expected_result.json index cc424a620e6..eb09d54acff 100644 --- a/assets/queries/terraform/aws/sqs_vpc_endpoint_without_dns_resolution/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/sqs_vpc_endpoint_without_dns_resolution/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "SQS VPC Endpoint Without DNS Resolution", - "severity": "MEDIUM", + "severity": "LOW", "line": 95, "fileName": "positive1.tf" }, { "queryName": "SQS VPC Endpoint Without DNS Resolution", - "severity": "MEDIUM", + "severity": "LOW", "line": 13, "fileName": "positive2.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/sso_permission_with_inadequate_user_session_duration/test/positive_expected_result.json b/assets/queries/terraform/aws/sso_permission_with_inadequate_user_session_duration/test/positive_expected_result.json index 91b2fc14f69..2cf5ed333b9 100644 --- a/assets/queries/terraform/aws/sso_permission_with_inadequate_user_session_duration/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/sso_permission_with_inadequate_user_session_duration/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "SSO Permission With Inadequate User Session Duration", - "severity": "MEDIUM", + "severity": "LOW", "line": 6, "fileName": "positive.tf" }, { "queryName": "SSO Permission With Inadequate User Session Duration", - "severity": "MEDIUM", + "severity": "LOW", "line": 14, "fileName": "positive.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/sso_policy_with_full_priveleges copy/test/positive_expected_result.json b/assets/queries/terraform/aws/sso_policy_with_full_priveleges copy/test/positive_expected_result.json index ed67f4f51b8..68cd68bf846 100644 --- a/assets/queries/terraform/aws/sso_policy_with_full_priveleges copy/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/sso_policy_with_full_priveleges copy/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ { "queryName": "SSO Identity User Unsafe Creation", - "severity": "LOW", + "severity": "MEDIUM", "line": 1, "fileName": "positive.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/sso_policy_with_full_priveleges/test/positive_expected_result.json b/assets/queries/terraform/aws/sso_policy_with_full_priveleges/test/positive_expected_result.json index ffdc76669d1..664f7349db6 100644 --- a/assets/queries/terraform/aws/sso_policy_with_full_priveleges/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/sso_policy_with_full_priveleges/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ { "queryName": "SSO Policy with full privileges", - "severity": "HIGH", + "severity": "MEDIUM", "line": 4, "fileName": "positive.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/stack_without_template/test/positive_expected_result.json b/assets/queries/terraform/aws/stack_without_template/test/positive_expected_result.json index e7746243adc..eb17c05fc24 100644 --- a/assets/queries/terraform/aws/stack_without_template/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/stack_without_template/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "Stack Without Template", - "severity": "MEDIUM", + "severity": "LOW", "line": 1 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/unscanned_ecr_image/test/positive_expected_result.json b/assets/queries/terraform/aws/unscanned_ecr_image/test/positive_expected_result.json index a6a908418aa..7b15042be08 100644 --- a/assets/queries/terraform/aws/unscanned_ecr_image/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/unscanned_ecr_image/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "Unscanned ECR Image", - "severity": "MEDIUM", + "severity": "LOW", "line": 1 }, { "queryName": "Unscanned ECR Image", - "severity": "MEDIUM", + "severity": "LOW", "line": 11 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/user_data_shell_script_is_encoded/test/positive_expected_result.json b/assets/queries/terraform/aws/user_data_shell_script_is_encoded/test/positive_expected_result.json index e6aa8a46cf8..7716e3e6594 100644 --- a/assets/queries/terraform/aws/user_data_shell_script_is_encoded/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/user_data_shell_script_is_encoded/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "User Data Shell Script Is Encoded", - "severity": "HIGH", + "severity": "LOW", "line": 5, "fileName": "positive1.tf" }, { "queryName": "User Data Shell Script Is Encoded", - "severity": "HIGH", + "severity": "LOW", "line": 11, "fileName": "positive2.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/vpc_flowlogs_disabled/test/positive_expected_result.json b/assets/queries/terraform/aws/vpc_flowlogs_disabled/test/positive_expected_result.json index 375c50ca046..3785d8deeae 100644 --- a/assets/queries/terraform/aws/vpc_flowlogs_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/vpc_flowlogs_disabled/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ { "queryName": "VPC FlowLogs Disabled", - "severity": "LOW", + "severity": "MEDIUM", "line": 5, "filename": "positive1.tf" }, { "queryName": "VPC FlowLogs Disabled", - "severity": "LOW", + "severity": "MEDIUM", "line": 1, "filename": "positive2.tf" }, { "queryName": "VPC FlowLogs Disabled", - "severity": "LOW", + "severity": "MEDIUM", "line": 14, "filename": "positive3.tf" }, { "queryName": "VPC FlowLogs Disabled", - "severity": "LOW", + "severity": "MEDIUM", "line": 1, "filename": "positive4.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/aws/vulnerable_default_ssl_certificate/test/positive_expected_result.json b/assets/queries/terraform/aws/vulnerable_default_ssl_certificate/test/positive_expected_result.json index 2022b166856..4c65ef315d2 100644 --- a/assets/queries/terraform/aws/vulnerable_default_ssl_certificate/test/positive_expected_result.json +++ b/assets/queries/terraform/aws/vulnerable_default_ssl_certificate/test/positive_expected_result.json @@ -1,22 +1,22 @@ [ { "queryName": "Vulnerable Default SSL Certificate", - "severity": "HIGH", + "severity": "MEDIUM", "line": 5 }, { "queryName": "Vulnerable Default SSL Certificate", - "severity": "HIGH", + "severity": "MEDIUM", "line": 88 }, { "queryName": "Vulnerable Default SSL Certificate", - "severity": "HIGH", + "severity": "MEDIUM", "line": 134 }, { "queryName": "Vulnerable Default SSL Certificate", - "severity": "HIGH", + "severity": "MEDIUM", "line": 134 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/ad_admin_not_configured_for_sql_server/test/positive_expected_result.json b/assets/queries/terraform/azure/ad_admin_not_configured_for_sql_server/test/positive_expected_result.json index cae915feb9d..8ef8308aeee 100644 --- a/assets/queries/terraform/azure/ad_admin_not_configured_for_sql_server/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/ad_admin_not_configured_for_sql_server/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "AD Admin Not Configured For SQL Server", - "severity": "HIGH", + "severity": "MEDIUM", "line": 6 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/admin_user_enabled_for_container_registry/test/positive_expected_result.json b/assets/queries/terraform/azure/admin_user_enabled_for_container_registry/test/positive_expected_result.json index 18a49534cbf..2c7d9931142 100644 --- a/assets/queries/terraform/azure/admin_user_enabled_for_container_registry/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/admin_user_enabled_for_container_registry/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "Admin User Enabled For Container Registry", - "severity": "HIGH", + "severity": "MEDIUM", "line": 11 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/aks_disk_encryption_set_id_undefined/test/positive_expected_result.json b/assets/queries/terraform/azure/aks_disk_encryption_set_id_undefined/test/positive_expected_result.json index b2ea8ec584b..05ecb80f66a 100644 --- a/assets/queries/terraform/azure/aks_disk_encryption_set_id_undefined/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/aks_disk_encryption_set_id_undefined/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ { "queryName": "AKS Disk Encryption Set ID Undefined", - "severity": "MEDIUM", + "severity": "LOW", "line": 1, "fileName": "positive.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/aks_network_policy_misconfigured/test/positive_expected_result.json b/assets/queries/terraform/azure/aks_network_policy_misconfigured/test/positive_expected_result.json index 0b00e49e51c..7006cce495b 100644 --- a/assets/queries/terraform/azure/aks_network_policy_misconfigured/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/aks_network_policy_misconfigured/test/positive_expected_result.json @@ -1,17 +1,17 @@ [ { "queryName": "AKS Network Policy Misconfigured", - "severity": "MEDIUM", + "severity": "LOW", "line": 21 }, { "queryName": "AKS Network Policy Misconfigured", - "severity": "MEDIUM", + "severity": "LOW", "line": 26 }, { "queryName": "AKS Network Policy Misconfigured", - "severity": "MEDIUM", + "severity": "LOW", "line": 69 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/aks_private_cluster_disabled/test/positive_expected_result.json b/assets/queries/terraform/azure/aks_private_cluster_disabled/test/positive_expected_result.json index fe49c585575..96f56ad6e79 100644 --- a/assets/queries/terraform/azure/aks_private_cluster_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/aks_private_cluster_disabled/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "AKS Private Cluster Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 7, "fileName": "positive1.tf" }, { "queryName": "AKS Private Cluster Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 1, "fileName": "positive2.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/app_service_authentication_disabled/test/positive_expected_result.json b/assets/queries/terraform/azure/app_service_authentication_disabled/test/positive_expected_result.json index e9cc07b1052..d7dc1d8ab6d 100644 --- a/assets/queries/terraform/azure/app_service_authentication_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/app_service_authentication_disabled/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "App Service Authentication Disabled", - "severity": "INFO", + "severity": "MEDIUM", "line": 1, "fileName": "positive1.tf" }, { "queryName": "App Service Authentication Disabled", - "severity": "INFO", + "severity": "MEDIUM", "line": 17, "fileName": "positive2.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/app_service_ftps_enforce_disabled/test/positive_expected_result.json b/assets/queries/terraform/azure/app_service_ftps_enforce_disabled/test/positive_expected_result.json index 20fee727315..9129b50350d 100644 --- a/assets/queries/terraform/azure/app_service_ftps_enforce_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/app_service_ftps_enforce_disabled/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ { "queryName": "App Service FTPS Enforce Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 10, "fileName": "positive1.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/app_service_http2_disabled/test/positive_expected_result.json b/assets/queries/terraform/azure/app_service_http2_disabled/test/positive_expected_result.json index 097f838d858..a72e3e6ee34 100644 --- a/assets/queries/terraform/azure/app_service_http2_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/app_service_http2_disabled/test/positive_expected_result.json @@ -1,20 +1,20 @@ [ { "queryName": "App Service HTTP2 Disabled", - "severity": "LOW", + "severity": "MEDIUM", "line": 1, "fileName": "positive1.tf" }, { "queryName": "App Service HTTP2 Disabled", - "severity": "LOW", + "severity": "MEDIUM", "line": 17, "fileName": "positive2.tf" }, { "queryName": "App Service HTTP2 Disabled", - "severity": "LOW", + "severity": "MEDIUM", "line": 21, "fileName": "positive3.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/app_service_managed_identity_disabled/test/positive_expected_result.json b/assets/queries/terraform/azure/app_service_managed_identity_disabled/test/positive_expected_result.json index 04c80f301ed..3a76424c5f1 100644 --- a/assets/queries/terraform/azure/app_service_managed_identity_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/app_service_managed_identity_disabled/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ { "queryName": "App Service Managed Identity Disabled", - "severity": "HIGH", + "severity": "LOW", "line": 1, "fileName": "positive1.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/app_service_not_using_latest_tls_encryption_version/test/positive_expected_result.json b/assets/queries/terraform/azure/app_service_not_using_latest_tls_encryption_version/test/positive_expected_result.json index 0309c2dafaf..7142ab2e113 100644 --- a/assets/queries/terraform/azure/app_service_not_using_latest_tls_encryption_version/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/app_service_not_using_latest_tls_encryption_version/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ { "queryName": "App Service Not Using Latest TLS Encryption Version", - "severity": "HIGH", + "severity": "MEDIUM", "line": 10, "fileName": "positive1.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/azure_app_service_client_certificate_disabled/test/positive_expected_result.json b/assets/queries/terraform/azure/azure_app_service_client_certificate_disabled/test/positive_expected_result.json index 343cc58baf1..ebbe8b4b66b 100644 --- a/assets/queries/terraform/azure/azure_app_service_client_certificate_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/azure_app_service_client_certificate_disabled/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "Azure App Service Client Certificate Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 1, "fileName": "positive1.tf" }, { "queryName": "Azure App Service Client Certificate Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 16, "fileName": "positive2.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/azure_instance_using_basic_authentication/test/positive_expected_result.json b/assets/queries/terraform/azure/azure_instance_using_basic_authentication/test/positive_expected_result.json index 0c5f68a3788..865b379aeb3 100644 --- a/assets/queries/terraform/azure/azure_instance_using_basic_authentication/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/azure_instance_using_basic_authentication/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ - { - "queryName": "Azure Instance Using Basic Authentication", - "severity": "HIGH", - "line": 1, - "fileName": "positive1.tf" - }, - { - "queryName": "Azure Instance Using Basic Authentication", - "severity": "HIGH", - "line": 1, - "fileName": "positive2.tf" - } -] + { + "queryName": "Azure Instance Using Basic Authentication", + "severity": "MEDIUM", + "line": 1, + "fileName": "positive1.tf" + }, + { + "queryName": "Azure Instance Using Basic Authentication", + "severity": "MEDIUM", + "line": 1, + "fileName": "positive2.tf" + } +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/cosmos_db_account_without_tags/test/positive_expected_result.json b/assets/queries/terraform/azure/cosmos_db_account_without_tags/test/positive_expected_result.json index addccfeac0d..e8c803b83b9 100644 --- a/assets/queries/terraform/azure/cosmos_db_account_without_tags/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/cosmos_db_account_without_tags/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "Cosmos DB Account Without Tags", - "severity": "MEDIUM", + "severity": "LOW", "line": 1 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/cosmosdb_account_ip_range_filter_not_set/test/positive_expected_result.json b/assets/queries/terraform/azure/cosmosdb_account_ip_range_filter_not_set/test/positive_expected_result.json index 32adf1283c7..fedbf8ded29 100644 --- a/assets/queries/terraform/azure/cosmosdb_account_ip_range_filter_not_set/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/cosmosdb_account_ip_range_filter_not_set/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "CosmosDB Account IP Range Filter Not Set", - "severity": "HIGH", + "severity": "CRITICAL", "line": 1 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/function_app_authentication_disabled/test/positive_expected_result.json b/assets/queries/terraform/azure/function_app_authentication_disabled/test/positive_expected_result.json index a1754ffdc5e..12684fc8c4e 100644 --- a/assets/queries/terraform/azure/function_app_authentication_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/function_app_authentication_disabled/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "Function App Authentication Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 1, "fileName": "positive1.tf" }, { "queryName": "Function App Authentication Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 10, "fileName": "positive2.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/function_app_ftps_enforce_disabled/test/positive_expected_result.json b/assets/queries/terraform/azure/function_app_ftps_enforce_disabled/test/positive_expected_result.json index d8370194270..81b90db9d90 100644 --- a/assets/queries/terraform/azure/function_app_ftps_enforce_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/function_app_ftps_enforce_disabled/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "Function App FTPS Enforce Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 11, "fileName": "positive1.tf" }, { "queryName": "Function App FTPS Enforce Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 9, "fileName": "positive2.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/function_app_http2_disabled/test/positive_expected_result.json b/assets/queries/terraform/azure/function_app_http2_disabled/test/positive_expected_result.json index 2cecb426bb8..2f23d404c9f 100644 --- a/assets/queries/terraform/azure/function_app_http2_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/function_app_http2_disabled/test/positive_expected_result.json @@ -1,20 +1,20 @@ [ { "queryName": "Function App HTTP2 Disabled", - "severity": "LOW", + "severity": "MEDIUM", "line": 1, "fileName": "positive1.tf" }, { "queryName": "Function App HTTP2 Disabled", - "severity": "LOW", + "severity": "MEDIUM", "line": 9, "fileName": "positive2.tf" }, { "queryName": "Function App HTTP2 Disabled", - "severity": "LOW", + "severity": "MEDIUM", "line": 13, "fileName": "positive3.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/function_app_not_using_latest_tls_encryption_version/test/positive_expected_result.json b/assets/queries/terraform/azure/function_app_not_using_latest_tls_encryption_version/test/positive_expected_result.json index d5860f898e2..3b645f29dba 100644 --- a/assets/queries/terraform/azure/function_app_not_using_latest_tls_encryption_version/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/function_app_not_using_latest_tls_encryption_version/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "Function App Not Using Latest TLS Encryption Version", - "severity": "HIGH", + "severity": "MEDIUM", "line": 12, "fileName": "positive1.tf" }, { "queryName": "Function App Not Using Latest TLS Encryption Version", - "severity": "HIGH", + "severity": "MEDIUM", "line": 12, "fileName": "positive2.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/geo_redundancy_is_disabled/test/positive_expected_result.json b/assets/queries/terraform/azure/geo_redundancy_is_disabled/test/positive_expected_result.json index 457744a83a3..46237c30c6e 100644 --- a/assets/queries/terraform/azure/geo_redundancy_is_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/geo_redundancy_is_disabled/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "Geo Redundancy Is Disabled", - "severity": "HIGH", + "severity": "LOW", "line": 2 }, { "queryName": "Geo Redundancy Is Disabled", - "severity": "HIGH", + "severity": "LOW", "line": 31 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/key_expiration_not_set/test/positive_expected_result.json b/assets/queries/terraform/azure/key_expiration_not_set/test/positive_expected_result.json index cda02bd28f3..d7155771566 100644 --- a/assets/queries/terraform/azure/key_expiration_not_set/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/key_expiration_not_set/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "Key Expiration Not Set", - "severity": "HIGH", + "severity": "MEDIUM", "line": 1 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/key_vault_secrets_content_type_undefined/test/positive_expected_result.json b/assets/queries/terraform/azure/key_vault_secrets_content_type_undefined/test/positive_expected_result.json index 7320d4e8def..ec725ac34b4 100644 --- a/assets/queries/terraform/azure/key_vault_secrets_content_type_undefined/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/key_vault_secrets_content_type_undefined/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ { "queryName": "Key Vault Secrets Content Type Undefined", - "severity": "LOW", + "severity": "MEDIUM", "line": 1, "fileName": "positive.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/mariadb_public_network_access_enabled/test/positive_expected_result.json b/assets/queries/terraform/azure/mariadb_public_network_access_enabled/test/positive_expected_result.json index a711a4f9b13..0501fb48609 100644 --- a/assets/queries/terraform/azure/mariadb_public_network_access_enabled/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/mariadb_public_network_access_enabled/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "MariaDB Server Public Network Access Enabled", - "severity": "MEDIUM", + "severity": "HIGH", "line": 16, "fileName": "positive.tf" }, { "queryName": "MariaDB Server Public Network Access Enabled", - "severity": "MEDIUM", + "severity": "HIGH", "line": 1, "fileName": "positive2.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/mysql_ssl_connection_disabled/test/positive_expected_result.json b/assets/queries/terraform/azure/mysql_ssl_connection_disabled/test/positive_expected_result.json index 98ae11287ab..573fae9c01b 100644 --- a/assets/queries/terraform/azure/mysql_ssl_connection_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/mysql_ssl_connection_disabled/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "MySQL SSL Connection Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 17 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/network_watcher_flow_disabled/test/positive_expected_result.json b/assets/queries/terraform/azure/network_watcher_flow_disabled/test/positive_expected_result.json index d2aca9072de..b287a8f30d5 100644 --- a/assets/queries/terraform/azure/network_watcher_flow_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/network_watcher_flow_disabled/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "Network Watcher Flow Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 7 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/postgresql_server_threat_detection_policy_disabled/test/positive_expected_result.json b/assets/queries/terraform/azure/postgresql_server_threat_detection_policy_disabled/test/positive_expected_result.json index 79b181a2cfe..14af965003f 100644 --- a/assets/queries/terraform/azure/postgresql_server_threat_detection_policy_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/postgresql_server_threat_detection_policy_disabled/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "PostgreSQL Server Threat Detection Policy Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 22, "fileName": "positive1.tf" }, { "queryName": "PostgreSQL Server Threat Detection Policy Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 1, "fileName": "positive2.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/redis_entirely_accessible/test/positive_expected_result.json b/assets/queries/terraform/azure/redis_entirely_accessible/test/positive_expected_result.json index 41c9848e8c9..102713534e5 100644 --- a/assets/queries/terraform/azure/redis_entirely_accessible/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/redis_entirely_accessible/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "Redis Entirely Accessible", - "severity": "HIGH", + "severity": "CRITICAL", "line": 22 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/redis_not_updated_regularly/test/positive_expected_result.json b/assets/queries/terraform/azure/redis_not_updated_regularly/test/positive_expected_result.json index bda02f5bef2..01189c2c454 100644 --- a/assets/queries/terraform/azure/redis_not_updated_regularly/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/redis_not_updated_regularly/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "Redis Not Updated Regularly", - "severity": "HIGH", + "severity": "MEDIUM", "line": 1 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/redis_publicly_accessible/test/positive_expected_result.json b/assets/queries/terraform/azure/redis_publicly_accessible/test/positive_expected_result.json index f7266677b50..9786674c7d7 100644 --- a/assets/queries/terraform/azure/redis_publicly_accessible/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/redis_publicly_accessible/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "Redis Publicly Accessible", - "severity": "HIGH", + "severity": "CRITICAL", "line": 22 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/role_assignment_not_limit_guest_users_permissions/test/positive_expected_result.json b/assets/queries/terraform/azure/role_assignment_not_limit_guest_users_permissions/test/positive_expected_result.json index a5fd4c1e062..f1c73a909a0 100644 --- a/assets/queries/terraform/azure/role_assignment_not_limit_guest_users_permissions/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/role_assignment_not_limit_guest_users_permissions/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "Role Assignment Not Limit Guest User Permissions", - "severity": "HIGH", + "severity": "MEDIUM", "line": 20 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/role_assignment_of_guest_users/test/positive_expected_result.json b/assets/queries/terraform/azure/role_assignment_of_guest_users/test/positive_expected_result.json index 4a6374a7a59..279fb64308f 100644 --- a/assets/queries/terraform/azure/role_assignment_of_guest_users/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/role_assignment_of_guest_users/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "Role Assignment Of Guest Users", - "severity": "HIGH", + "severity": "LOW", "line": 3 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/secret_expiration_not_set/test/positive_expected_result.json b/assets/queries/terraform/azure/secret_expiration_not_set/test/positive_expected_result.json index 335ef71845a..cfc5b5902ae 100644 --- a/assets/queries/terraform/azure/secret_expiration_not_set/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/secret_expiration_not_set/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "Secret Expiration Not Set", - "severity": "HIGH", + "severity": "MEDIUM", "line": 1 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/security_group_is_not_configured/test/positive_expected_result.json b/assets/queries/terraform/azure/security_group_is_not_configured/test/positive_expected_result.json index e86032025ea..ed4b49e11b4 100644 --- a/assets/queries/terraform/azure/security_group_is_not_configured/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/security_group_is_not_configured/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "Security Group is Not Configured", - "severity": "MEDIUM", + "severity": "HIGH", "line": 7 }, { "queryName": "Security Group is Not Configured", - "severity": "MEDIUM", + "severity": "HIGH", "line": 21 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/sensitive_port_is_exposed_to_wide_private_network/test/positive_expected_result.json b/assets/queries/terraform/azure/sensitive_port_is_exposed_to_wide_private_network/test/positive_expected_result.json index 52e0d4bd2b0..39b9174ff5a 100644 --- a/assets/queries/terraform/azure/sensitive_port_is_exposed_to_wide_private_network/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/sensitive_port_is_exposed_to_wide_private_network/test/positive_expected_result.json @@ -1,222 +1,222 @@ [ { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 8 }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 22 }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 22 }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 36 }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 36 }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 36 }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 36 }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 36 }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 36 }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 50 }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 50 }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 64 }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 78 }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 92 }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 92 }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 92 }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 92 }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 106 }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 120 }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 120 }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 134 }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 134 }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 134 }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 134 }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 134 }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 134 }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 134 }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 134 }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 134 }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 134 }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 134 }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 134 }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 134 }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 134 }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 134 }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 134 }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 134 }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 134 }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 134 }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 134 }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 134 }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 134 }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 134 }, { "queryName": "Sensitive Port Is Exposed To Wide Private Network", - "severity": "MEDIUM", + "severity": "LOW", "line": 134 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/small_activity_log_retention_period/test/positive_expected_result.json b/assets/queries/terraform/azure/small_activity_log_retention_period/test/positive_expected_result.json index 39baf827815..25015f4c442 100644 --- a/assets/queries/terraform/azure/small_activity_log_retention_period/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/small_activity_log_retention_period/test/positive_expected_result.json @@ -1,17 +1,17 @@ [ { "queryName": "Small Activity Log Retention Period", - "severity": "MEDIUM", + "severity": "LOW", "line": 20 }, { "queryName": "Small Activity Log Retention Period", - "severity": "MEDIUM", + "severity": "LOW", "line": 41 }, { "queryName": "Small Activity Log Retention Period", - "severity": "MEDIUM", + "severity": "LOW", "line": 64 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/small_msql_server_audit_retention/test/positive_expected_result.json b/assets/queries/terraform/azure/small_msql_server_audit_retention/test/positive_expected_result.json index ddc8a4a8d65..904c4f524c5 100644 --- a/assets/queries/terraform/azure/small_msql_server_audit_retention/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/small_msql_server_audit_retention/test/positive_expected_result.json @@ -1,22 +1,22 @@ [ { "queryName": "Small MSSQL Server Audit Retention", - "severity": "MEDIUM", + "severity": "LOW", "line": 7 }, { "queryName": "Small MSSQL Server Audit Retention", - "severity": "MEDIUM", + "severity": "LOW", "line": 28 }, { "queryName": "Small MSSQL Server Audit Retention", - "severity": "MEDIUM", + "severity": "LOW", "line": 46 }, { "queryName": "Small MSSQL Server Audit Retention", - "severity": "MEDIUM", + "severity": "LOW", "line": 66 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/small_mssql_audit_retention_period/test/positive_expected_result.json b/assets/queries/terraform/azure/small_mssql_audit_retention_period/test/positive_expected_result.json index 60152db4f08..ac111615ad6 100644 --- a/assets/queries/terraform/azure/small_mssql_audit_retention_period/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/small_mssql_audit_retention_period/test/positive_expected_result.json @@ -1,22 +1,22 @@ [ { "queryName": "Small MSSQL Audit Retention Period", - "severity": "MEDIUM", + "severity": "LOW", "line": 11 }, { "queryName": "Small MSSQL Audit Retention Period", - "severity": "MEDIUM", + "severity": "LOW", "line": 29 }, { "queryName": "Small MSSQL Audit Retention Period", - "severity": "MEDIUM", + "severity": "LOW", "line": 47 }, { "queryName": "Small MSSQL Audit Retention Period", - "severity": "MEDIUM", + "severity": "LOW", "line": 67 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/small_postgresql_db_server_log_retention_period/test/positive_expected_result.json b/assets/queries/terraform/azure/small_postgresql_db_server_log_retention_period/test/positive_expected_result.json index d78eea6c31b..5bf802a4381 100644 --- a/assets/queries/terraform/azure/small_postgresql_db_server_log_retention_period/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/small_postgresql_db_server_log_retention_period/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "Small PostgreSQL DB Server Log Retention Period", - "severity": "MEDIUM", + "severity": "LOW", "line": 5 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/sql_database_audit_disabled/test/positive_expected_result.json b/assets/queries/terraform/azure/sql_database_audit_disabled/test/positive_expected_result.json index 1266a4b0580..f29978bdc55 100644 --- a/assets/queries/terraform/azure/sql_database_audit_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/sql_database_audit_disabled/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "SQL Database Audit Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 50 }, { "queryName": "SQL Database Audit Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 34 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/sql_server_ingress_from_any_ip/test/positive_expected_result.json b/assets/queries/terraform/azure/sql_server_ingress_from_any_ip/test/positive_expected_result.json index cf03d9461ab..54b5cf8d868 100644 --- a/assets/queries/terraform/azure/sql_server_ingress_from_any_ip/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/sql_server_ingress_from_any_ip/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "SQLServer Ingress From Any IP", - "severity": "HIGH", + "severity": "CRITICAL", "line": 1 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/sql_server_predictable_active_directory_admin_account_name/test/positive_expected_result.json b/assets/queries/terraform/azure/sql_server_predictable_active_directory_admin_account_name/test/positive_expected_result.json index 80e9a429a94..f1a0a9de803 100644 --- a/assets/queries/terraform/azure/sql_server_predictable_active_directory_admin_account_name/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/sql_server_predictable_active_directory_admin_account_name/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "SQL Server Predictable Active Directory Account Name", - "severity": "MEDIUM", + "severity": "LOW", "line": 21 }, { "queryName": "SQL Server Predictable Active Directory Account Name", - "severity": "MEDIUM", + "severity": "LOW", "line": 29 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/sql_server_predictable_admin_account_name/test/positive_expected_result.json b/assets/queries/terraform/azure/sql_server_predictable_admin_account_name/test/positive_expected_result.json index 93652a37aa2..6c2df2f3069 100644 --- a/assets/queries/terraform/azure/sql_server_predictable_admin_account_name/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/sql_server_predictable_admin_account_name/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "SQL Server Predictable Admin Account Name", - "severity": "MEDIUM", + "severity": "LOW", "line": 20 }, { "queryName": "SQL Server Predictable Admin Account Name", - "severity": "MEDIUM", + "severity": "LOW", "line": 40 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/ssh_is_exposed_to_the_internet/test/positive_expected_result.json b/assets/queries/terraform/azure/ssh_is_exposed_to_the_internet/test/positive_expected_result.json index 9bf1d843367..9eeb99f83f8 100644 --- a/assets/queries/terraform/azure/ssh_is_exposed_to_the_internet/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/ssh_is_exposed_to_the_internet/test/positive_expected_result.json @@ -1,52 +1,52 @@ [ - { - "queryName": "SSH Is Exposed To The Internet", - "severity": "HIGH", - "line": 8 - }, - { - "queryName": "SSH Is Exposed To The Internet", - "severity": "HIGH", - "line": 22 - }, - { - "queryName": "SSH Is Exposed To The Internet", - "severity": "HIGH", - "line": 36 - }, - { - "queryName": "SSH Is Exposed To The Internet", - "severity": "HIGH", - "line": 50 - }, - { - "queryName": "SSH Is Exposed To The Internet", - "severity": "HIGH", - "line": 64 - }, - { - "queryName": "SSH Is Exposed To The Internet", - "severity": "HIGH", - "line": 78 - }, - { - "queryName": "SSH Is Exposed To The Internet", - "severity": "HIGH", - "line": 92 - }, - { - "queryName": "SSH Is Exposed To The Internet", - "severity": "HIGH", - "line": 106 - }, - { - "queryName": "SSH Is Exposed To The Internet", - "severity": "HIGH", - "line": 120 - }, - { - "queryName": "SSH Is Exposed To The Internet", - "severity": "HIGH", - "line": 134 - } + { + "queryName": "SSH Is Exposed To The Internet", + "severity": "MEDIUM", + "line": 8 + }, + { + "queryName": "SSH Is Exposed To The Internet", + "severity": "MEDIUM", + "line": 22 + }, + { + "queryName": "SSH Is Exposed To The Internet", + "severity": "MEDIUM", + "line": 36 + }, + { + "queryName": "SSH Is Exposed To The Internet", + "severity": "MEDIUM", + "line": 50 + }, + { + "queryName": "SSH Is Exposed To The Internet", + "severity": "MEDIUM", + "line": 64 + }, + { + "queryName": "SSH Is Exposed To The Internet", + "severity": "MEDIUM", + "line": 78 + }, + { + "queryName": "SSH Is Exposed To The Internet", + "severity": "MEDIUM", + "line": 92 + }, + { + "queryName": "SSH Is Exposed To The Internet", + "severity": "MEDIUM", + "line": 106 + }, + { + "queryName": "SSH Is Exposed To The Internet", + "severity": "MEDIUM", + "line": 120 + }, + { + "queryName": "SSH Is Exposed To The Internet", + "severity": "MEDIUM", + "line": 134 + } ] \ No newline at end of file diff --git a/assets/queries/terraform/azure/ssl_enforce_is_disabled/test/positive_expected_result.json b/assets/queries/terraform/azure/ssl_enforce_is_disabled/test/positive_expected_result.json index fbec376ea7d..e62b1c19066 100644 --- a/assets/queries/terraform/azure/ssl_enforce_is_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/ssl_enforce_is_disabled/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "SSL Enforce Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 18 }, { "queryName": "SSL Enforce Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 22 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/storage_account_not_forcing_https/test/positive_expected_result.json b/assets/queries/terraform/azure/storage_account_not_forcing_https/test/positive_expected_result.json index 2975df8d281..69f11ea8f69 100644 --- a/assets/queries/terraform/azure/storage_account_not_forcing_https/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/storage_account_not_forcing_https/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "Storage Account Not Forcing HTTPS", - "severity": "HIGH", + "severity": "MEDIUM", "line": 7 }, { "queryName": "Storage Account Not Forcing HTTPS", - "severity": "HIGH", + "severity": "MEDIUM", "line": 10 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/trusted_microsoft_services_not_enabled/test/positive_expected_result.json b/assets/queries/terraform/azure/trusted_microsoft_services_not_enabled/test/positive_expected_result.json index 5b3f15fa23d..923845f4cad 100644 --- a/assets/queries/terraform/azure/trusted_microsoft_services_not_enabled/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/trusted_microsoft_services_not_enabled/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ - { - "queryName": "Trusted Microsoft Services Not Enabled", - "severity": "HIGH", - "line": 8 - }, - { - "queryName": "Trusted Microsoft Services Not Enabled", - "severity": "HIGH", - "line": 21 - } -] + { + "queryName": "Trusted Microsoft Services Not Enabled", + "severity": "MEDIUM", + "line": 8 + }, + { + "queryName": "Trusted Microsoft Services Not Enabled", + "severity": "MEDIUM", + "line": 21 + } +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/unrestricted_sql_server_access/test/positive_expected_result.json b/assets/queries/terraform/azure/unrestricted_sql_server_access/test/positive_expected_result.json index e169e850e1b..9e5ccea8af4 100644 --- a/assets/queries/terraform/azure/unrestricted_sql_server_access/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/unrestricted_sql_server_access/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "Unrestricted SQL Server Access", - "severity": "MEDIUM", + "severity": "CRITICAL", "line": 19 }, { "queryName": "Unrestricted SQL Server Access", - "severity": "MEDIUM", + "severity": "CRITICAL", "line": 27 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/vault_auditing_disabled/test/positive_expected_result.json b/assets/queries/terraform/azure/vault_auditing_disabled/test/positive_expected_result.json index a632e822e7b..5b955eb3023 100644 --- a/assets/queries/terraform/azure/vault_auditing_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/vault_auditing_disabled/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "Vault Auditing Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 16 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/virtual_network_with_ddos_protection_plan_disabled/test/positive_expected_result.json b/assets/queries/terraform/azure/virtual_network_with_ddos_protection_plan_disabled/test/positive_expected_result.json index 16963326028..e47a40f00a2 100644 --- a/assets/queries/terraform/azure/virtual_network_with_ddos_protection_plan_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/virtual_network_with_ddos_protection_plan_disabled/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "Virtual Network with DDoS Protection Plan disabled", - "severity": "MEDIUM", + "severity": "LOW", "line": 18, "fileName": "positive1.tf" }, { "queryName": "Virtual Network with DDoS Protection Plan disabled", - "severity": "MEDIUM", + "severity": "LOW", "line": 27, "fileName": "positive2.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/vm_not_attached_to_network/test/positive_expected_result.json b/assets/queries/terraform/azure/vm_not_attached_to_network/test/positive_expected_result.json index 2f7b33f1ff0..344ed2f15ef 100644 --- a/assets/queries/terraform/azure/vm_not_attached_to_network/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/vm_not_attached_to_network/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ - { - "queryName": "VM Not Attached To Network", - "severity": "HIGH", - "line": 5 - } -] + { + "queryName": "VM Not Attached To Network", + "severity": "MEDIUM", + "line": 5 + } +] \ No newline at end of file diff --git a/assets/queries/terraform/azure/web_app_accepting_traffic_other_than_https/test/positive_expected_result.json b/assets/queries/terraform/azure/web_app_accepting_traffic_other_than_https/test/positive_expected_result.json index a91bd3a1b63..9e8879c9aaa 100644 --- a/assets/queries/terraform/azure/web_app_accepting_traffic_other_than_https/test/positive_expected_result.json +++ b/assets/queries/terraform/azure/web_app_accepting_traffic_other_than_https/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "Web App Accepting Traffic Other Than HTTPS", - "severity": "HIGH", + "severity": "MEDIUM", "line": 28 }, { "queryName": "Web App Accepting Traffic Other Than HTTPS", - "severity": "HIGH", + "severity": "MEDIUM", "line": 37 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/databricks/cluster_aws_attributes/test/positive_expected_result.json b/assets/queries/terraform/databricks/cluster_aws_attributes/test/positive_expected_result.json index 0b396f9b133..93eb7605956 100644 --- a/assets/queries/terraform/databricks/cluster_aws_attributes/test/positive_expected_result.json +++ b/assets/queries/terraform/databricks/cluster_aws_attributes/test/positive_expected_result.json @@ -1,26 +1,26 @@ [ - { - "queryName": "Check Databricks Cluster AWS Attribute Best Practices", - "severity": "MEDIUM", - "line": 11, - "fileName": "positive1.tf" - }, - { - "queryName": "Check Databricks Cluster AWS Attribute Best Practices", - "severity": "MEDIUM", - "line": 13, - "fileName": "positive2.tf" - }, - { - "queryName": "Check Databricks Cluster AWS Attribute Best Practices", - "severity": "MEDIUM", - "line": 10, - "fileName": "positive3.tf" - }, - { - "queryName": "Check Databricks Cluster AWS Attribute Best Practices", - "severity": "MEDIUM", - "line": 12, - "fileName": "positive4.tf" - } -] + { + "queryName": "Check Databricks Cluster AWS Attribute Best Practices", + "severity": "LOW", + "line": 11, + "fileName": "positive1.tf" + }, + { + "queryName": "Check Databricks Cluster AWS Attribute Best Practices", + "severity": "LOW", + "line": 13, + "fileName": "positive2.tf" + }, + { + "queryName": "Check Databricks Cluster AWS Attribute Best Practices", + "severity": "LOW", + "line": 10, + "fileName": "positive3.tf" + }, + { + "queryName": "Check Databricks Cluster AWS Attribute Best Practices", + "severity": "LOW", + "line": 12, + "fileName": "positive4.tf" + } +] \ No newline at end of file diff --git a/assets/queries/terraform/databricks/cluster_azure_attributes/test/positive_expected_result.json b/assets/queries/terraform/databricks/cluster_azure_attributes/test/positive_expected_result.json index 4c2466707c3..3ef88398111 100644 --- a/assets/queries/terraform/databricks/cluster_azure_attributes/test/positive_expected_result.json +++ b/assets/queries/terraform/databricks/cluster_azure_attributes/test/positive_expected_result.json @@ -1,20 +1,20 @@ [ - { - "queryName": "Check Databricks Cluster Azure Attribute Best Practices", - "severity": "MEDIUM", - "line": 11, - "fileName": "positive1.tf" - }, - { - "queryName": "Check Databricks Cluster Azure Attribute Best Practices", - "severity": "MEDIUM", - "line": 12, - "fileName": "positive2.tf" - }, - { - "queryName": "Check Databricks Cluster Azure Attribute Best Practices", - "severity": "MEDIUM", - "line": 10, - "fileName": "positive3.tf" - } -] + { + "queryName": "Check Databricks Cluster Azure Attribute Best Practices", + "severity": "LOW", + "line": 11, + "fileName": "positive1.tf" + }, + { + "queryName": "Check Databricks Cluster Azure Attribute Best Practices", + "severity": "LOW", + "line": 12, + "fileName": "positive2.tf" + }, + { + "queryName": "Check Databricks Cluster Azure Attribute Best Practices", + "severity": "LOW", + "line": 10, + "fileName": "positive3.tf" + } +] \ No newline at end of file diff --git a/assets/queries/terraform/databricks/cluster_gcp_attributes/test/positive_expected_result.json b/assets/queries/terraform/databricks/cluster_gcp_attributes/test/positive_expected_result.json index 7698ad2d938..0b7c36b4172 100644 --- a/assets/queries/terraform/databricks/cluster_gcp_attributes/test/positive_expected_result.json +++ b/assets/queries/terraform/databricks/cluster_gcp_attributes/test/positive_expected_result.json @@ -1,8 +1,8 @@ [ - { - "queryName": "Check Databricks Cluster GCP Attribute Best Practices", - "severity": "MEDIUM", - "line": 11, - "fileName": "positive1.tf" - } -] + { + "queryName": "Check Databricks Cluster GCP Attribute Best Practices", + "severity": "LOW", + "line": 11, + "fileName": "positive1.tf" + } +] \ No newline at end of file diff --git a/assets/queries/terraform/databricks/use_lts_spark_version/test/positive_expected_result.json b/assets/queries/terraform/databricks/use_lts_spark_version/test/positive_expected_result.json index e7ebf35ebf4..a076127c380 100644 --- a/assets/queries/terraform/databricks/use_lts_spark_version/test/positive_expected_result.json +++ b/assets/queries/terraform/databricks/use_lts_spark_version/test/positive_expected_result.json @@ -1,20 +1,20 @@ [ - { - "queryName": "Check use no LTS Spark Version", - "severity": "MEDIUM", - "line": 8, - "fileName": "positive1.tf" - }, - { - "queryName": "Check use no LTS Spark Version", - "severity": "MEDIUM", - "line": 11, - "fileName": "positive2.tf" - }, - { - "queryName": "Check use no LTS Spark Version", - "severity": "MEDIUM", - "line": 10, - "fileName": "positive3.tf" - } -] + { + "queryName": "Check use no LTS Spark Version", + "severity": "LOW", + "line": 8, + "fileName": "positive1.tf" + }, + { + "queryName": "Check use no LTS Spark Version", + "severity": "LOW", + "line": 11, + "fileName": "positive2.tf" + }, + { + "queryName": "Check use no LTS Spark Version", + "severity": "LOW", + "line": 10, + "fileName": "positive3.tf" + } +] \ No newline at end of file diff --git a/assets/queries/terraform/gcp/cloud_storage_anonymous_or_publicly_accessible/test/positive_expected_result.json b/assets/queries/terraform/gcp/cloud_storage_anonymous_or_publicly_accessible/test/positive_expected_result.json index 698a38fd731..37abd5f3a06 100644 --- a/assets/queries/terraform/gcp/cloud_storage_anonymous_or_publicly_accessible/test/positive_expected_result.json +++ b/assets/queries/terraform/gcp/cloud_storage_anonymous_or_publicly_accessible/test/positive_expected_result.json @@ -1,17 +1,17 @@ [ - { - "queryName": "Cloud Storage Anonymous or Publicly Accessible", - "severity": "HIGH", - "line": 5 - }, - { - "queryName": "Cloud Storage Anonymous or Publicly Accessible", - "severity": "HIGH", - "line": 11 - }, - { - "queryName": "Cloud Storage Anonymous or Publicly Accessible", - "severity": "HIGH", - "line": 17 - } -] + { + "queryName": "Cloud Storage Anonymous or Publicly Accessible", + "severity": "CRITICAL", + "line": 5 + }, + { + "queryName": "Cloud Storage Anonymous or Publicly Accessible", + "severity": "CRITICAL", + "line": 11 + }, + { + "queryName": "Cloud Storage Anonymous or Publicly Accessible", + "severity": "CRITICAL", + "line": 17 + } +] \ No newline at end of file diff --git a/assets/queries/terraform/gcp/cloud_storage_bucket_is_publicly_accessible/test/positive_expected_result.json b/assets/queries/terraform/gcp/cloud_storage_bucket_is_publicly_accessible/test/positive_expected_result.json index 731b5bb5199..e6f735ed5d3 100644 --- a/assets/queries/terraform/gcp/cloud_storage_bucket_is_publicly_accessible/test/positive_expected_result.json +++ b/assets/queries/terraform/gcp/cloud_storage_bucket_is_publicly_accessible/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "Cloud Storage Bucket Is Publicly Accessible", - "severity": "HIGH", + "severity": "MEDIUM", "line": 4 }, { "queryName": "Cloud Storage Bucket Is Publicly Accessible", - "severity": "HIGH", + "severity": "MEDIUM", "line": 17 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/gcp/cloud_storage_bucket_logging_not_enabled/test/positive_expected_result.json b/assets/queries/terraform/gcp/cloud_storage_bucket_logging_not_enabled/test/positive_expected_result.json index a9637af5249..01998d13ef7 100644 --- a/assets/queries/terraform/gcp/cloud_storage_bucket_logging_not_enabled/test/positive_expected_result.json +++ b/assets/queries/terraform/gcp/cloud_storage_bucket_logging_not_enabled/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ - { - "queryName": "Cloud Storage Bucket Logging Not Enabled", - "severity": "HIGH", - "line": 1 - } -] + { + "queryName": "Cloud Storage Bucket Logging Not Enabled", + "severity": "MEDIUM", + "line": 1 + } +] \ No newline at end of file diff --git a/assets/queries/terraform/gcp/cloud_storage_bucket_versioning_disabled/test/positive_expected_result.json b/assets/queries/terraform/gcp/cloud_storage_bucket_versioning_disabled/test/positive_expected_result.json index 3f83a9192a9..93dc2cf1bbe 100644 --- a/assets/queries/terraform/gcp/cloud_storage_bucket_versioning_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/gcp/cloud_storage_bucket_versioning_disabled/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ - { - "queryName": "Cloud Storage Bucket Versioning Disabled", - "severity": "HIGH", - "line": 6 - }, - { - "queryName": "Cloud Storage Bucket Versioning Disabled", - "severity": "HIGH", - "line": 10 - } -] + { + "queryName": "Cloud Storage Bucket Versioning Disabled", + "severity": "LOW", + "line": 6 + }, + { + "queryName": "Cloud Storage Bucket Versioning Disabled", + "severity": "LOW", + "line": 10 + } +] \ No newline at end of file diff --git a/assets/queries/terraform/gcp/cluster_labels_disabled/test/positive_expected_result.json b/assets/queries/terraform/gcp/cluster_labels_disabled/test/positive_expected_result.json index 9a89e5c513b..42d70de1c7a 100644 --- a/assets/queries/terraform/gcp/cluster_labels_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/gcp/cluster_labels_disabled/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "Cluster Labels Disabled", - "severity": "HIGH", + "severity": "LOW", "line": 2 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/gcp/cos_node_image_not_used/test/positive_expected_result.json b/assets/queries/terraform/gcp/cos_node_image_not_used/test/positive_expected_result.json index 46d0651f807..893e73a5d31 100644 --- a/assets/queries/terraform/gcp/cos_node_image_not_used/test/positive_expected_result.json +++ b/assets/queries/terraform/gcp/cos_node_image_not_used/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ - { - "queryName": "COS Node Image Not Used", - "severity": "MEDIUM", - "line": 16 - } -] + { + "queryName": "COS Node Image Not Used", + "severity": "LOW", + "line": 16 + } +] \ No newline at end of file diff --git a/assets/queries/terraform/gcp/dnssec_using_rsasha1/test/positive_expected_result.json b/assets/queries/terraform/gcp/dnssec_using_rsasha1/test/positive_expected_result.json index f275919304c..e62c82567da 100644 --- a/assets/queries/terraform/gcp/dnssec_using_rsasha1/test/positive_expected_result.json +++ b/assets/queries/terraform/gcp/dnssec_using_rsasha1/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ - { - "queryName": "DNSSEC Using RSASHA1", - "severity": "HIGH", - "line": 11 - } -] + { + "queryName": "DNSSEC Using RSASHA1", + "severity": "MEDIUM", + "line": 11 + } +] \ No newline at end of file diff --git a/assets/queries/terraform/gcp/google_project_iam_binding_service_account_has_token_creator_or_account_user_role/test/positive_expected_result.json b/assets/queries/terraform/gcp/google_project_iam_binding_service_account_has_token_creator_or_account_user_role/test/positive_expected_result.json index 614d0ffdb77..9879c8c4b8b 100644 --- a/assets/queries/terraform/gcp/google_project_iam_binding_service_account_has_token_creator_or_account_user_role/test/positive_expected_result.json +++ b/assets/queries/terraform/gcp/google_project_iam_binding_service_account_has_token_creator_or_account_user_role/test/positive_expected_result.json @@ -1,22 +1,22 @@ [ - { - "queryName": "Google Project IAM Binding Service Account has Token Creator or Account User Role", - "severity": "MEDIUM", - "line": 3 - }, - { - "queryName": "Google Project IAM Binding Service Account has Token Creator or Account User Role", - "severity": "MEDIUM", - "line": 13 - }, - { - "queryName": "Google Project IAM Binding Service Account has Token Creator or Account User Role", - "severity": "MEDIUM", - "line": 19 - }, - { - "queryName": "Google Project IAM Binding Service Account has Token Creator or Account User Role", - "severity": "MEDIUM", - "line": 29 - } -] + { + "queryName": "Google Project IAM Binding Service Account has Token Creator or Account User Role", + "severity": "HIGH", + "line": 3 + }, + { + "queryName": "Google Project IAM Binding Service Account has Token Creator or Account User Role", + "severity": "HIGH", + "line": 13 + }, + { + "queryName": "Google Project IAM Binding Service Account has Token Creator or Account User Role", + "severity": "HIGH", + "line": 19 + }, + { + "queryName": "Google Project IAM Binding Service Account has Token Creator or Account User Role", + "severity": "HIGH", + "line": 29 + } +] \ No newline at end of file diff --git a/assets/queries/terraform/gcp/google_project_iam_member_service_account_has_admin_role/test/positive_expected_result.json b/assets/queries/terraform/gcp/google_project_iam_member_service_account_has_admin_role/test/positive_expected_result.json index 764952eef2a..74849105787 100644 --- a/assets/queries/terraform/gcp/google_project_iam_member_service_account_has_admin_role/test/positive_expected_result.json +++ b/assets/queries/terraform/gcp/google_project_iam_member_service_account_has_admin_role/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "Google Project IAM Member Service Account Has Admin Role", - "severity": "MEDIUM", + "severity": "HIGH", "line": 3 }, { "queryName": "Google Project IAM Member Service Account Has Admin Role", - "severity": "MEDIUM", + "severity": "HIGH", "line": 9 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/gcp/google_project_iam_member_service_account_has_token_creator_or_account_user_role/test/positive_expected_result.json b/assets/queries/terraform/gcp/google_project_iam_member_service_account_has_token_creator_or_account_user_role/test/positive_expected_result.json index 32bd78af26c..1c8cd5e2d32 100644 --- a/assets/queries/terraform/gcp/google_project_iam_member_service_account_has_token_creator_or_account_user_role/test/positive_expected_result.json +++ b/assets/queries/terraform/gcp/google_project_iam_member_service_account_has_token_creator_or_account_user_role/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ - { - "queryName": "Google Project IAM Member Service Account has Token Creator or Account User Role", - "severity": "MEDIUM", - "line": 3 - }, - { - "queryName": "Google Project IAM Member Service Account has Token Creator or Account User Role", - "severity": "MEDIUM", - "line": 9 - } -] + { + "queryName": "Google Project IAM Member Service Account has Token Creator or Account User Role", + "severity": "HIGH", + "line": 3 + }, + { + "queryName": "Google Project IAM Member Service Account has Token Creator or Account User Role", + "severity": "HIGH", + "line": 9 + } +] \ No newline at end of file diff --git a/assets/queries/terraform/gcp/google_storage_bucket_level_access_disabled/test/positive_expected_result.json b/assets/queries/terraform/gcp/google_storage_bucket_level_access_disabled/test/positive_expected_result.json index f5ce6aa78da..dfbb79594bf 100644 --- a/assets/queries/terraform/gcp/google_storage_bucket_level_access_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/gcp/google_storage_bucket_level_access_disabled/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "Google Storage Bucket Level Access Disabled", - "severity": "MEDIUM", + "severity": "HIGH", "line": 6 }, { "queryName": "Google Storage Bucket Level Access Disabled", - "severity": "MEDIUM", + "severity": "HIGH", "line": 20 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/gcp/iam_audit_not_properly_configured/test/positive_expected_result.json b/assets/queries/terraform/gcp/iam_audit_not_properly_configured/test/positive_expected_result.json index 313519dbdc0..c22fd7d0919 100644 --- a/assets/queries/terraform/gcp/iam_audit_not_properly_configured/test/positive_expected_result.json +++ b/assets/queries/terraform/gcp/iam_audit_not_properly_configured/test/positive_expected_result.json @@ -1,22 +1,22 @@ [ { "queryName": "IAM Audit Not Properly Configured", - "severity": "HIGH", + "severity": "LOW", "line": 3 }, { "queryName": "IAM Audit Not Properly Configured", - "severity": "HIGH", + "severity": "LOW", "line": 9 }, { "queryName": "IAM Audit Not Properly Configured", - "severity": "HIGH", + "severity": "LOW", "line": 19 }, { "queryName": "IAM Audit Not Properly Configured", - "severity": "HIGH", + "severity": "LOW", "line": 23 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/gcp/ip_aliasing_disabled/test/positive_expected_result.json b/assets/queries/terraform/gcp/ip_aliasing_disabled/test/positive_expected_result.json index 41380deb74a..7aeca99b89a 100644 --- a/assets/queries/terraform/gcp/ip_aliasing_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/gcp/ip_aliasing_disabled/test/positive_expected_result.json @@ -1,17 +1,17 @@ [ { "queryName": "IP Aliasing Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 2 }, { "queryName": "IP Aliasing Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 13 }, { "queryName": "IP Aliasing Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 26 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/gcp/legacy_client_certificate_auth_enabled/test/positive_expected_result.json b/assets/queries/terraform/gcp/legacy_client_certificate_auth_enabled/test/positive_expected_result.json index e35ad6956a3..c979a788738 100644 --- a/assets/queries/terraform/gcp/legacy_client_certificate_auth_enabled/test/positive_expected_result.json +++ b/assets/queries/terraform/gcp/legacy_client_certificate_auth_enabled/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "Legacy Client Certificate Auth Enabled", - "severity": "HIGH", + "severity": "LOW", "line": 7, "fileName": "positive.tf" }, { "queryName": "Legacy Client Certificate Auth Enabled", - "severity": "HIGH", + "severity": "LOW", "line": 24, "fileName": "positive.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/gcp/network_policy_disabled/test/positive_expected_result.json b/assets/queries/terraform/gcp/network_policy_disabled/test/positive_expected_result.json index 5279d49f15a..ff7d73107ec 100644 --- a/assets/queries/terraform/gcp/network_policy_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/gcp/network_policy_disabled/test/positive_expected_result.json @@ -1,32 +1,32 @@ [ { "queryName": "Network Policy Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 2 }, { "queryName": "Network Policy Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 16 }, { "queryName": "Network Policy Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 30 }, { "queryName": "Network Policy Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 48 }, { "queryName": "Network Policy Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 63 }, { "queryName": "Network Policy Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 86 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/gcp/node_auto_upgrade_disabled/test/positive_expected_result.json b/assets/queries/terraform/gcp/node_auto_upgrade_disabled/test/positive_expected_result.json index 681cabd0d67..6f474f0d075 100644 --- a/assets/queries/terraform/gcp/node_auto_upgrade_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/gcp/node_auto_upgrade_disabled/test/positive_expected_result.json @@ -1,17 +1,17 @@ [ { "queryName": "Node Auto Upgrade Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 1 }, { "queryName": "Node Auto Upgrade Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 19 }, { "queryName": "Node Auto Upgrade Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 36 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/gcp/not_proper_email_account_in_use/test/positive_expected_result.json b/assets/queries/terraform/gcp/not_proper_email_account_in_use/test/positive_expected_result.json index 4cf1dc7b77c..ef78f29a1c7 100644 --- a/assets/queries/terraform/gcp/not_proper_email_account_in_use/test/positive_expected_result.json +++ b/assets/queries/terraform/gcp/not_proper_email_account_in_use/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "Not Proper Email Account In Use", - "severity": "HIGH", + "severity": "LOW", "line": 6 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/gcp/os_login_disabled/test/positive_expected_result.json b/assets/queries/terraform/gcp/os_login_disabled/test/positive_expected_result.json index 0fb9c29f4d9..f8e4466defc 100644 --- a/assets/queries/terraform/gcp/os_login_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/gcp/os_login_disabled/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "OSLogin Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 3 }, { "queryName": "OSLogin Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 8 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/gcp/pod_security_policy_disabled/test/positive_expected_result.json b/assets/queries/terraform/gcp/pod_security_policy_disabled/test/positive_expected_result.json index d581867240f..bcfcc520208 100644 --- a/assets/queries/terraform/gcp/pod_security_policy_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/gcp/pod_security_policy_disabled/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "Pod Security Policy Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 2 }, { "queryName": "Pod Security Policy Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 18 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/gcp/private_cluster_disabled/test/positive_expected_result.json b/assets/queries/terraform/gcp/private_cluster_disabled/test/positive_expected_result.json index 7434db7da43..c7baabbd4f9 100644 --- a/assets/queries/terraform/gcp/private_cluster_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/gcp/private_cluster_disabled/test/positive_expected_result.json @@ -1,37 +1,37 @@ [ { "queryName": "Private Cluster Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 1 }, { "queryName": "Private Cluster Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 16 }, { "queryName": "Private Cluster Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 30 }, { "queryName": "Private Cluster Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 44 }, { "queryName": "Private Cluster Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 58 }, { "queryName": "Private Cluster Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 73 }, { "queryName": "Private Cluster Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 88 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/gcp/rdp_access_is_not_restricted/test/positive_expected_result.json b/assets/queries/terraform/gcp/rdp_access_is_not_restricted/test/positive_expected_result.json index 662e05d4ac5..4f41a4dff84 100644 --- a/assets/queries/terraform/gcp/rdp_access_is_not_restricted/test/positive_expected_result.json +++ b/assets/queries/terraform/gcp/rdp_access_is_not_restricted/test/positive_expected_result.json @@ -1,17 +1,17 @@ [ { "queryName": "RDP Access Is Not Restricted", - "severity": "MEDIUM", + "severity": "HIGH", "line": 12 }, { "queryName": "RDP Access Is Not Restricted", - "severity": "MEDIUM", + "severity": "HIGH", "line": 25 }, { "queryName": "RDP Access Is Not Restricted", - "severity": "MEDIUM", + "severity": "HIGH", "line": 36 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/gcp/sql_db_instance_backup_disabled/test/positive_expected_result.json b/assets/queries/terraform/gcp/sql_db_instance_backup_disabled/test/positive_expected_result.json index 8e208e3cf6c..393569dc81e 100644 --- a/assets/queries/terraform/gcp/sql_db_instance_backup_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/gcp/sql_db_instance_backup_disabled/test/positive_expected_result.json @@ -1,17 +1,17 @@ [ { "queryName": "SQL DB Instance Backup Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 6 }, { "queryName": "SQL DB Instance Backup Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 18 }, { "queryName": "SQL DB Instance Backup Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 31 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/gcp/sql_db_instance_is_publicly_accessible/test/positive_expected_result.json b/assets/queries/terraform/gcp/sql_db_instance_is_publicly_accessible/test/positive_expected_result.json index fb2081756db..2806d2b8c15 100644 --- a/assets/queries/terraform/gcp/sql_db_instance_is_publicly_accessible/test/positive_expected_result.json +++ b/assets/queries/terraform/gcp/sql_db_instance_is_publicly_accessible/test/positive_expected_result.json @@ -1,22 +1,22 @@ [ { "queryName": "SQL DB Instance Publicly Accessible", - "severity": "HIGH", + "severity": "CRITICAL", "line": 6 }, { "queryName": "SQL DB Instance Publicly Accessible", - "severity": "HIGH", + "severity": "CRITICAL", "line": 24 }, { "queryName": "SQL DB Instance Publicly Accessible", - "severity": "HIGH", + "severity": "CRITICAL", "line": 41 }, { "queryName": "SQL DB Instance Publicly Accessible", - "severity": "HIGH", + "severity": "CRITICAL", "line": 56 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/gcp/stackdriver_logging_disabled/test/positive_expected_result.json b/assets/queries/terraform/gcp/stackdriver_logging_disabled/test/positive_expected_result.json index 65023516a60..6977ed3614c 100644 --- a/assets/queries/terraform/gcp/stackdriver_logging_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/gcp/stackdriver_logging_disabled/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "Stackdriver Logging Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 6, "fileName": "positive.tf" }, { "queryName": "Stackdriver Logging Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 18, "fileName": "positive.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/gcp/stackdriver_monitoring_disabled/test/positive_expected_result.json b/assets/queries/terraform/gcp/stackdriver_monitoring_disabled/test/positive_expected_result.json index 27c77838cf8..c36541dc9e3 100644 --- a/assets/queries/terraform/gcp/stackdriver_monitoring_disabled/test/positive_expected_result.json +++ b/assets/queries/terraform/gcp/stackdriver_monitoring_disabled/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "Stackdriver Monitoring Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 6, "fileName": "positive.tf" }, { "queryName": "Stackdriver Monitoring Disabled", - "severity": "HIGH", + "severity": "MEDIUM", "line": 18, "fileName": "positive.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/gcp/vm_with_full_cloud_access/test/positive_expected_result.json b/assets/queries/terraform/gcp/vm_with_full_cloud_access/test/positive_expected_result.json index d65cf3bd502..ccabae58b6c 100644 --- a/assets/queries/terraform/gcp/vm_with_full_cloud_access/test/positive_expected_result.json +++ b/assets/queries/terraform/gcp/vm_with_full_cloud_access/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "VM With Full Cloud Access", - "severity": "HIGH", + "severity": "MEDIUM", "line": 20 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/kubernetes/container_runs_unmasked/test/positive_expected_result.json b/assets/queries/terraform/kubernetes/container_runs_unmasked/test/positive_expected_result.json index 04817ed407b..5476f5249cd 100644 --- a/assets/queries/terraform/kubernetes/container_runs_unmasked/test/positive_expected_result.json +++ b/assets/queries/terraform/kubernetes/container_runs_unmasked/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ - { - "queryName": "Container Runs Unmasked", - "severity": "MEDIUM", - "line": 8 - } -] + { + "queryName": "Container Runs Unmasked", + "severity": "HIGH", + "line": 8 + } +] \ No newline at end of file diff --git a/assets/queries/terraform/kubernetes/containers_with_sys_admin_capabilities/test/positive_expected_result.json b/assets/queries/terraform/kubernetes/containers_with_sys_admin_capabilities/test/positive_expected_result.json index d6f8a432515..a558434dc5f 100644 --- a/assets/queries/terraform/kubernetes/containers_with_sys_admin_capabilities/test/positive_expected_result.json +++ b/assets/queries/terraform/kubernetes/containers_with_sys_admin_capabilities/test/positive_expected_result.json @@ -1,17 +1,17 @@ [ { "queryName": "Containers With Sys Admin Capabilities", - "severity": "MEDIUM", + "severity": "HIGH", "line": 8 }, { "queryName": "Containers With Sys Admin Capabilities", - "severity": "MEDIUM", + "severity": "HIGH", "line": 8 }, { "queryName": "Containers With Sys Admin Capabilities", - "severity": "MEDIUM", + "severity": "HIGH", "line": 113 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/kubernetes/cpu_limits_not_set/test/positive_expected_result.json b/assets/queries/terraform/kubernetes/cpu_limits_not_set/test/positive_expected_result.json index b0e85158a41..154c766c36f 100644 --- a/assets/queries/terraform/kubernetes/cpu_limits_not_set/test/positive_expected_result.json +++ b/assets/queries/terraform/kubernetes/cpu_limits_not_set/test/positive_expected_result.json @@ -1,17 +1,17 @@ [ { "queryName": "CPU Limits Not Set", - "severity": "MEDIUM", + "severity": "LOW", "line": 8 }, { "queryName": "CPU Limits Not Set", - "severity": "MEDIUM", + "severity": "LOW", "line": 8 }, { "queryName": "CPU Limits Not Set", - "severity": "MEDIUM", + "severity": "LOW", "line": 106 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/kubernetes/cpu_requests_not_set/test/positive_expected_result.json b/assets/queries/terraform/kubernetes/cpu_requests_not_set/test/positive_expected_result.json index ea2356955ab..f0cd7e88f54 100644 --- a/assets/queries/terraform/kubernetes/cpu_requests_not_set/test/positive_expected_result.json +++ b/assets/queries/terraform/kubernetes/cpu_requests_not_set/test/positive_expected_result.json @@ -1,17 +1,17 @@ [ { "queryName": "CPU Requests Not Set", - "severity": "MEDIUM", + "severity": "LOW", "line": 8 }, { "queryName": "CPU Requests Not Set", - "severity": "MEDIUM", + "severity": "LOW", "line": 8 }, { "queryName": "CPU Requests Not Set", - "severity": "MEDIUM", + "severity": "LOW", "line": 105 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/kubernetes/default_service_account_in_use/test/positive_expected_result.json b/assets/queries/terraform/kubernetes/default_service_account_in_use/test/positive_expected_result.json index 9b9ac1e0a6d..d4612a934f1 100644 --- a/assets/queries/terraform/kubernetes/default_service_account_in_use/test/positive_expected_result.json +++ b/assets/queries/terraform/kubernetes/default_service_account_in_use/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "Default Service Account In Use", - "severity": "MEDIUM", + "severity": "LOW", "line": 1 }, { "queryName": "Default Service Account In Use", - "severity": "MEDIUM", + "severity": "LOW", "line": 12 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/kubernetes/docker_daemon_socket_is_exposed_to_containers/test/positive_expected_result.json b/assets/queries/terraform/kubernetes/docker_daemon_socket_is_exposed_to_containers/test/positive_expected_result.json index 66de601559c..275e853ec68 100644 --- a/assets/queries/terraform/kubernetes/docker_daemon_socket_is_exposed_to_containers/test/positive_expected_result.json +++ b/assets/queries/terraform/kubernetes/docker_daemon_socket_is_exposed_to_containers/test/positive_expected_result.json @@ -1,32 +1,32 @@ [ { "queryName": "Docker Daemon Socket is Exposed to Containers", - "severity": "LOW", + "severity": "HIGH", "line": 8 }, { "queryName": "Docker Daemon Socket is Exposed to Containers", - "severity": "LOW", + "severity": "HIGH", "line": 8 }, { "queryName": "Docker Daemon Socket is Exposed to Containers", - "severity": "LOW", + "severity": "HIGH", "line": 98 }, { "queryName": "Docker Daemon Socket is Exposed to Containers", - "severity": "LOW", + "severity": "HIGH", "line": 98 }, { "queryName": "Docker Daemon Socket is Exposed to Containers", - "severity": "LOW", + "severity": "HIGH", "line": 169 }, { "queryName": "Docker Daemon Socket is Exposed to Containers", - "severity": "LOW", + "severity": "HIGH", "line": 169 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/kubernetes/liveness_probe_is_not_defined/test/positive_expected_result.json b/assets/queries/terraform/kubernetes/liveness_probe_is_not_defined/test/positive_expected_result.json index 077220a49a4..85c9711ffc6 100644 --- a/assets/queries/terraform/kubernetes/liveness_probe_is_not_defined/test/positive_expected_result.json +++ b/assets/queries/terraform/kubernetes/liveness_probe_is_not_defined/test/positive_expected_result.json @@ -1,14 +1,14 @@ [ { "queryName": "Liveness Probe Is Not Defined", - "severity": "LOW", + "severity": "INFO", "line": 7, "fileName": "positive1.tf" }, { "queryName": "Liveness Probe Is Not Defined", - "severity": "LOW", + "severity": "INFO", "line": 27, "fileName": "positive2.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/kubernetes/metadata_label_is_invalid/test/positive_expected_result.json b/assets/queries/terraform/kubernetes/metadata_label_is_invalid/test/positive_expected_result.json index 465b4c0e2de..d90d3ff4316 100644 --- a/assets/queries/terraform/kubernetes/metadata_label_is_invalid/test/positive_expected_result.json +++ b/assets/queries/terraform/kubernetes/metadata_label_is_invalid/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "Metadata Label Is Invalid", - "severity": "LOW", + "severity": "INFO", "line": 5 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/kubernetes/missing_app_armor_config/test/positive_expected_result.json b/assets/queries/terraform/kubernetes/missing_app_armor_config/test/positive_expected_result.json index 232327a163f..c43d7e7304b 100644 --- a/assets/queries/terraform/kubernetes/missing_app_armor_config/test/positive_expected_result.json +++ b/assets/queries/terraform/kubernetes/missing_app_armor_config/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "Missing App Armor Config", - "severity": "LOW", + "severity": "MEDIUM", "line": 4 }, { "queryName": "Missing App Armor Config", - "severity": "LOW", + "severity": "MEDIUM", "line": 58 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/kubernetes/network_policy_is_not_targeting_any_pod/test/positive_expected_result.json b/assets/queries/terraform/kubernetes/network_policy_is_not_targeting_any_pod/test/positive_expected_result.json index 7f60061c634..8db62c08375 100644 --- a/assets/queries/terraform/kubernetes/network_policy_is_not_targeting_any_pod/test/positive_expected_result.json +++ b/assets/queries/terraform/kubernetes/network_policy_is_not_targeting_any_pod/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "Network Policy Is Not Targeting Any Pod", - "severity": "MEDIUM", + "severity": "LOW", "line": 14 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/kubernetes/non_kube_system_pod_with_host_mount/test/positive_expected_result.json b/assets/queries/terraform/kubernetes/non_kube_system_pod_with_host_mount/test/positive_expected_result.json index 5646b450a72..be69b39ed6f 100644 --- a/assets/queries/terraform/kubernetes/non_kube_system_pod_with_host_mount/test/positive_expected_result.json +++ b/assets/queries/terraform/kubernetes/non_kube_system_pod_with_host_mount/test/positive_expected_result.json @@ -1,22 +1,22 @@ [ { "queryName": "Non Kube System Pod With Host Mount", - "severity": "MEDIUM", + "severity": "HIGH", "line": 53 }, { "queryName": "Non Kube System Pod With Host Mount", - "severity": "MEDIUM", + "severity": "HIGH", "line": 113 }, { "queryName": "Non Kube System Pod With Host Mount", - "severity": "MEDIUM", + "severity": "HIGH", "line": 173 }, { "queryName": "Non Kube System Pod With Host Mount", - "severity": "MEDIUM", + "severity": "HIGH", "line": 233 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/kubernetes/not_limited_capabilities_for_pod_security_policy/test/positive_expected_result.json b/assets/queries/terraform/kubernetes/not_limited_capabilities_for_pod_security_policy/test/positive_expected_result.json index 8a246a6a246..78548b3b02c 100644 --- a/assets/queries/terraform/kubernetes/not_limited_capabilities_for_pod_security_policy/test/positive_expected_result.json +++ b/assets/queries/terraform/kubernetes/not_limited_capabilities_for_pod_security_policy/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "Not Limited Capabilities For Pod Security Policy", - "severity": "HIGH", + "severity": "INFO", "line": 5 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/kubernetes/psp_allows_privilege_escalation/test/positive_expected_result.json b/assets/queries/terraform/kubernetes/psp_allows_privilege_escalation/test/positive_expected_result.json index bcd5bd29df0..fb790fc97db 100644 --- a/assets/queries/terraform/kubernetes/psp_allows_privilege_escalation/test/positive_expected_result.json +++ b/assets/queries/terraform/kubernetes/psp_allows_privilege_escalation/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "PSP Allows Privilege Escalation", - "severity": "MEDIUM", + "severity": "HIGH", "line": 7 }, { "queryName": "PSP Allows Privilege Escalation", - "severity": "MEDIUM", + "severity": "HIGH", "line": 50 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/kubernetes/psp_allows_sharing_host_ipc/test/positive_expected_result.json b/assets/queries/terraform/kubernetes/psp_allows_sharing_host_ipc/test/positive_expected_result.json index 0437b12403b..65f43ef0cb9 100644 --- a/assets/queries/terraform/kubernetes/psp_allows_sharing_host_ipc/test/positive_expected_result.json +++ b/assets/queries/terraform/kubernetes/psp_allows_sharing_host_ipc/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "PSP Allows Sharing Host IPC", - "severity": "MEDIUM", + "severity": "HIGH", "line": 8 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/kubernetes/psp_set_to_privileged/test/positive_expected_result.json b/assets/queries/terraform/kubernetes/psp_set_to_privileged/test/positive_expected_result.json index 6fb37b07357..18055bdda6c 100644 --- a/assets/queries/terraform/kubernetes/psp_set_to_privileged/test/positive_expected_result.json +++ b/assets/queries/terraform/kubernetes/psp_set_to_privileged/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "PSP Set To Privileged", - "severity": "MEDIUM", + "severity": "HIGH", "line": 6 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/kubernetes/psp_with_added_capabilities/test/positive_expected_result.json b/assets/queries/terraform/kubernetes/psp_with_added_capabilities/test/positive_expected_result.json index 08f137f98f3..9721fb8119a 100644 --- a/assets/queries/terraform/kubernetes/psp_with_added_capabilities/test/positive_expected_result.json +++ b/assets/queries/terraform/kubernetes/psp_with_added_capabilities/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "PSP With Added Capabilities", - "severity": "MEDIUM", + "severity": "HIGH", "line": 6 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/kubernetes/role_binding_to_default_service_account/test/positive_expected_result.json b/assets/queries/terraform/kubernetes/role_binding_to_default_service_account/test/positive_expected_result.json index 68f7c6bca11..72f7c8c2f21 100644 --- a/assets/queries/terraform/kubernetes/role_binding_to_default_service_account/test/positive_expected_result.json +++ b/assets/queries/terraform/kubernetes/role_binding_to_default_service_account/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { "queryName": "Role Binding To Default Service Account", - "severity": "HIGH", + "severity": "MEDIUM", "line": 1 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/kubernetes/using_default_namespace/test/positive_expected_result.json b/assets/queries/terraform/kubernetes/using_default_namespace/test/positive_expected_result.json index c3b4eb4f790..a87047d0ac8 100644 --- a/assets/queries/terraform/kubernetes/using_default_namespace/test/positive_expected_result.json +++ b/assets/queries/terraform/kubernetes/using_default_namespace/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "Using Default Namespace", - "severity": "MEDIUM", + "severity": "LOW", "line": 4 }, { "queryName": "Using Default Namespace", - "severity": "MEDIUM", + "severity": "LOW", "line": 9 } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/kubernetes/volume_mount_with_os_directory_write_permissions/test/positive_expected_result.json b/assets/queries/terraform/kubernetes/volume_mount_with_os_directory_write_permissions/test/positive_expected_result.json index 76f3f758d8c..f81e22c6a21 100644 --- a/assets/queries/terraform/kubernetes/volume_mount_with_os_directory_write_permissions/test/positive_expected_result.json +++ b/assets/queries/terraform/kubernetes/volume_mount_with_os_directory_write_permissions/test/positive_expected_result.json @@ -1,20 +1,20 @@ [ { "queryName": "Volume Mount With OS Directory Write Permissions", - "severity": "MEDIUM", + "severity": "HIGH", "line": 8, "fileName": "positive1.tf" }, { "queryName": "Volume Mount With OS Directory Write Permissions", - "severity": "MEDIUM", + "severity": "HIGH", "line": 11, "fileName": "positive2.tf" }, { "queryName": "Volume Mount With OS Directory Write Permissions", - "severity": "MEDIUM", + "severity": "HIGH", "line": 12, "fileName": "positive3.tf" } -] +] \ No newline at end of file diff --git a/assets/queries/terraform/kubernetes/workload_mounting_with_sensitive_os_directory/test/positive_expected_result.json b/assets/queries/terraform/kubernetes/workload_mounting_with_sensitive_os_directory/test/positive_expected_result.json index 3f5e7555dba..af7be5fa4ba 100644 --- a/assets/queries/terraform/kubernetes/workload_mounting_with_sensitive_os_directory/test/positive_expected_result.json +++ b/assets/queries/terraform/kubernetes/workload_mounting_with_sensitive_os_directory/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { "queryName": "Workload Mounting With Sensitive OS Directory", - "severity": "MEDIUM", + "severity": "HIGH", "line": 53 }, { "queryName": "Workload Mounting With Sensitive OS Directory", - "severity": "MEDIUM", + "severity": "HIGH", "line": 112 } -] +] \ No newline at end of file diff --git a/test/queries_test.go b/test/queries_test.go index 1832785bc52..df65f1dcd94 100644 --- a/test/queries_test.go +++ b/test/queries_test.go @@ -226,7 +226,7 @@ func testQuery(tb testing.TB, entry queryEntry, filesPath []string, expectedVuln ExcludeQueries: source.ExcludeQueries{ByIDs: []string{}, ByCategories: []string{}}, InputDataPath: "", }, - map[string]bool{}, 60, true,true, 1) + map[string]bool{}, 60, false, true, 1) require.Nil(tb, err) require.NotNil(tb, inspector)