Merge pull request #6559 from Checkmarx/kics-782-alicloud-terraform

fix(query): alicloud rds instance address publicly accessible terraform query refactor
Checkmarx · Aug 11, 2023 · b8f4ff1 · b8f4ff1
2 parents 9107466 + 91cb4ed
commit b8f4ff1
Show file tree

Hide file tree

Showing 8 changed files with 4 additions and 4 deletions.
diff --git a/...nstance_publicly_accessible/metadata.json → ...address_publicly_accessible/metadata.json b/...nstance_publicly_accessible/metadata.json → ...address_publicly_accessible/metadata.json
@@ -1,6 +1,6 @@
 {
   "id": "faaefc15-51a5-419e-bb5e-51a4b5ab3485",
-  "queryName": "DB Instance Publicly Accessible",
+  "queryName": "RDS DB Instance Publicly Accessible",
   "severity": "HIGH",
   "category": "Insecure Configurations",
   "descriptionText": "The field 'address' should not be set to '0.0.0.0/0'",

diff --git a/...b_instance_publicly_accessible/query.rego → ...ce_address_publicly_accessible/query.rego b/...b_instance_publicly_accessible/query.rego → ...ce_address_publicly_accessible/query.rego
diff --git a/...nce_publicly_accessible/test/negative1.tf → ...ess_publicly_accessible/test/negative1.tf b/...nce_publicly_accessible/test/negative1.tf → ...ess_publicly_accessible/test/negative1.tf
diff --git a/...nce_publicly_accessible/test/negative2.tf → ...ess_publicly_accessible/test/negative2.tf b/...nce_publicly_accessible/test/negative2.tf → ...ess_publicly_accessible/test/negative2.tf
diff --git a/...nce_publicly_accessible/test/positive1.tf → ...ess_publicly_accessible/test/positive1.tf b/...nce_publicly_accessible/test/positive1.tf → ...ess_publicly_accessible/test/positive1.tf
diff --git a/...ssible/test/positive_expected_result.json → ...ssible/test/positive_expected_result.json b/...ssible/test/positive_expected_result.json → ...ssible/test/positive_expected_result.json
@@ -1,6 +1,6 @@
 [
 	{
-		"queryName": "DB Instance Publicly Accessible",
+		"queryName": "RDS DB Instance Publicly Accessible",
 		"severity": "HIGH",
 		"line": 10,
 		"fileName": "positive1.tf"

diff --git a/assets/queries/terraform/alicloud/rds_instance_publicly_accessible/query.rego b/assets/queries/terraform/alicloud/rds_instance_publicly_accessible/query.rego
@@ -17,7 +17,7 @@ CxPolicy[result] {
 		"documentId": input.document[i].id,
 		"resourceType": "alicloud_db_instance",
 		"resourceName": tf_lib.get_resource_name(resource, name),
-		"searchKey": sprintf("alicloud_db_instance[%s].security_ips.%s", [name,x]),
+		"searchKey": sprintf("alicloud_db_instance[%s].security_ips[%v]", [name,x]),
 		"issueType": "IncorrectValue",
 		"keyExpectedValue": sprintf("'%s' should not be in 'security_ips' list", [sec_ip]),
 		"keyActualValue": sprintf("'%s' is in 'security_ips' list", [sec_ip]),

diff --git a/assets/queries/terraform/alicloud/rds_instance_ssl_action_disabled/query.rego b/assets/queries/terraform/alicloud/rds_instance_ssl_action_disabled/query.rego
@@ -35,7 +35,7 @@ CxPolicy[result] {
 		"documentId": input.document[i].id,
 		"resourceType": "alicloud_db_instance",
 		"resourceName": tf_lib.get_resource_name(resource, name),
-		"searchKey": sprintf("alicloud_db_instance[%s]]", [name]),
+		"searchKey": sprintf("alicloud_db_instance[%s]", [name]),
 		"issueType": "MissingAttribute",
 		"keyExpectedValue": "'ssl_action' value should be 'Open'",
 		"keyActualValue": "'ssl_action' is not defined",