diff --git a/assets/libraries/cloudformation.rego b/assets/libraries/cloudformation.rego index 716be2bb5f0..bdd6e6541c7 100644 --- a/assets/libraries/cloudformation.rego +++ b/assets/libraries/cloudformation.rego @@ -258,3 +258,11 @@ getPath(path) = result { count(path) == 0 result := "" } + +createSearchKey(elem) = search { + not elem.Name.Ref + search := sprintf("=%s", [elem.Name]) +} else = search { + elem.Name.Ref + search := sprintf(".Ref=%s", [elem.Name.Ref]) +} diff --git a/assets/queries/cloudFormation/aws/ecs_task_definition_healthcheck_missing/query.rego b/assets/queries/cloudFormation/aws/ecs_task_definition_healthcheck_missing/query.rego index ed9ce11fe10..3f7ddd2b527 100644 --- a/assets/queries/cloudFormation/aws/ecs_task_definition_healthcheck_missing/query.rego +++ b/assets/queries/cloudFormation/aws/ecs_task_definition_healthcheck_missing/query.rego @@ -9,14 +9,17 @@ CxPolicy[result] { contDef := resource.Properties.ContainerDefinitions[idx] not common_lib.valid_key(contDef, "HealthCheck") + getkey := cf_lib.createSearchKey(contDef) + searchkey := sprintf("Resources.%s.Properties.ContainerDefinitions.%v.Name%s", [name,idx,getkey]) + result := { "documentId": input.document[i].id, "resourceType": resource.Type, "resourceName": cf_lib.get_resource_name(resource, name), - "searchKey": sprintf("Resources.%s.Properties.ContainerDefinitions", [name]), + "searchKey": searchkey, "issueType": "MissingAttribute", "keyExpectedValue": sprintf("'Resources.%s.Properties.ContainerDefinitions' should contain 'HealthCheck' property", [name]), "keyActualValue": sprintf("'Resources.%s.Properties.ContainerDefinitions' doesn't contain 'HealthCheck' property", [name]), - "searchLine": common_lib.build_search_line(["Resources", name, "Properties", "ContainerDefinitions"], [idx]), + "searchLine": common_lib.build_search_line(["Resources", name, "Properties", "ContainerDefinitions"], [idx, "Name","Ref" ]), } } diff --git a/assets/queries/cloudFormation/aws/ecs_task_definition_healthcheck_missing/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/ecs_task_definition_healthcheck_missing/test/positive_expected_result.json index d0cfba41746..803ab1f8440 100644 --- a/assets/queries/cloudFormation/aws/ecs_task_definition_healthcheck_missing/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/ecs_task_definition_healthcheck_missing/test/positive_expected_result.json @@ -3,10 +3,10 @@ "fileName": "positive1.yaml", "queryName": "ECS Task Definition HealthCheck Missing", "severity": "LOW", - "line": 47 + "line": 48 }, { - "line": 29, + "line": 55, "fileName": "positive2.json", "queryName": "ECS Task Definition HealthCheck Missing", "severity": "LOW" diff --git a/assets/queries/cloudFormation/aws/ecs_task_definition_invalid_cpu_or_memory/query.rego b/assets/queries/cloudFormation/aws/ecs_task_definition_invalid_cpu_or_memory/query.rego index bd6897656a1..92d905524ae 100644 --- a/assets/queries/cloudFormation/aws/ecs_task_definition_invalid_cpu_or_memory/query.rego +++ b/assets/queries/cloudFormation/aws/ecs_task_definition_invalid_cpu_or_memory/query.rego @@ -19,7 +19,9 @@ CxPolicy[result] { } checkMemory(taskDef, memory) == true - searchkey := createSearchKey(name2, taskDef.Properties.ContainerDefinitions[_]) + + getkey := cf_lib.createSearchKey(taskDef.Properties.ContainerDefinitions[_]) + searchkey = sprintf("Resources.%s.Properties.ContainerDefinitions.Name%s", [name2, getkey]) result := { "documentId": input.document[i].id, @@ -41,7 +43,8 @@ CxPolicy[result] { cpuMem := {256, 512, 1024, 2048, 4096} cpu := taskDef.Properties.ContainerDefinitions[_].Cpu not commonLib.inArray(cpuMem, cpu) - searchkey := createSearchKey(name2, taskDef.Properties.ContainerDefinitions[_]) + getkey := cf_lib.createSearchKey(taskDef.Properties.ContainerDefinitions[_]) + searchkey := sprintf("Resources.%s.Properties.ContainerDefinitions.Name%s", [name2, getkey]) result := { "documentId": input.document[i].id, @@ -75,12 +78,4 @@ checkRemainder(mem, cpu) { not mem % 1024 == 0 } -createSearchKey(a, b) = search { - not b.Name.Ref - search := sprintf("Resources.%s.Properties.ContainerDefinitions.Name=%s", [a, b.Name]) -} -createSearchKey(a, b) = search { - b.Name.Ref - search := sprintf("Resources.%s.Properties.ContainerDefinitions.Name.Ref=%s", [a, b.Name.Ref]) -} diff --git a/e2e/fixtures/E2E_CLI_032_RESULT.json b/e2e/fixtures/E2E_CLI_032_RESULT.json index 4a87b7372c4..0b6133c6424 100644 --- a/e2e/fixtures/E2E_CLI_032_RESULT.json +++ b/e2e/fixtures/E2E_CLI_032_RESULT.json @@ -1,576 +1,576 @@ { - "kics_version": "development", - "files_scanned": 1, - "lines_scanned": 289, - "files_parsed": 1, - "lines_parsed": 289, - "lines_ignored": 0, - "files_failed_to_scan": 0, - "queries_total": 504, - "queries_failed_to_execute": 0, - "queries_failed_to_compute_similarity_id": 0, - "scan_id": "console", - "severity_counters": { - "CRITICAL": 0, - "HIGH": 6, - "INFO": 3, - "LOW": 5, - "MEDIUM": 10, - "TRACE": 0 - }, - "total_counter": 24, - "total_bom_resources": 0, - "start": "2024-03-27T11:20:55.9300641Z", - "end": "2024-03-27T11:21:00.380059Z", - "paths": [ - "/path/e2e/fixtures/samples/positive.yaml" - ], - "queries": [ - { - "query_name": "Fully Open Ingress", - "query_id": "e415f8d3-fc2b-4f52-88ab-1129e8c8d3f5", - "query_url": "https://docs.aws.amazon.com/AmazonECS/latest/developerguide/get-set-up-for-amazon-ecs.html#create-a-base-security-group", - "severity": "HIGH", - "platform": "CloudFormation", - "cloud_provider": "AWS", - "category": "Networking and Firewall", - "experimental": false, - "description": "ECS Service's security group should not allow unrestricted access to all ports from all IPv4 addresses", - "description_id": "747f49ac", - "files": [ - { - "file_name": "/path/e2e/fixtures/samples/positive.yaml", - "similarity_id": "5f39aa8e63613a7e8bfd7641ccfb931fa0225e95b3449bc1210b50329d65d713", - "line": 32, - "resource_type": "AWS::EC2::SecurityGroupIngress", - "resource_name": "EcsSecurityGroupSSHinbound", - "issue_type": "IncorrectValue", - "search_key": "Resources.EcsSecurityGroupSSHinbound.Properties.CidrIp", - "search_line": -1, - "search_value": "", - "expected_value": "Resource name 'EcsSecurityGroupSSHinbound' of type 'AWS::EC2::SecurityGroupIngress' should not accept ingress connections from all IPv4 adresses and to all available ports", - "actual_value": "Resource name 'EcsSecurityGroupSSHinbound' of type 'AWS::EC2::SecurityGroupIngress' should not accept ingress connections from CIDR 0.0.0.0/0 to all available ports" - }, - { - "file_name": "/path/e2e/fixtures/samples/positive.yaml", - "similarity_id": "88653ab159ca0a15095afc685f98da24685fa547bb5f1ca7c95ef468f209387c", - "line": 24, - "resource_type": "AWS::EC2::SecurityGroupIngress", - "resource_name": "EcsSecurityGroupHTTPinbound02", - "issue_type": "IncorrectValue", - "search_key": "Resources.EcsSecurityGroupHTTPinbound02.Properties.CidrIp", - "search_line": -1, - "search_value": "", - "expected_value": "Resource name 'EcsSecurityGroupHTTPinbound02' of type 'AWS::EC2::SecurityGroupIngress' should not accept ingress connections from all IPv4 adresses and to all available ports", - "actual_value": "Resource name 'EcsSecurityGroupHTTPinbound02' of type 'AWS::EC2::SecurityGroupIngress' should not accept ingress connections from CIDR 0.0.0.0/0 to all available ports" - } - ] - }, - { - "query_name": "Passwords And Secrets - CloudFormation Secret Template", - "query_id": "e0f01838-b1c2-4669-b84b-981949ebe5ed", - "query_url": "https://docs.kics.io/latest/secrets/", - "severity": "HIGH", - "platform": "Common", - "cloud_provider": "COMMON", - "category": "Secret Management", - "experimental": false, - "description": "Query to find passwords and secrets in infrastructure code.", - "description_id": "d69d8a89", - "files": [ - { - "file_name": "/path/e2e/fixtures/samples/positive.yaml", - "similarity_id": "5f948e5c0c97f3e7c43cd531de50c6c54a2cec221a45f113a34a571165d30553", - "line": 273, - "issue_type": "RedundantAttribute", - "search_key": "", - "search_line": 0, - "search_value": "", - "expected_value": "Hardcoded secret key should not appear in source", - "actual_value": "Hardcoded secret key appears in source" - } - ] - }, - { - "query_name": "Passwords And Secrets - Generic Password", - "query_id": "487f4be7-3fd9-4506-a07a-eae252180c08", - "query_url": "https://docs.kics.io/latest/secrets/", - "severity": "HIGH", - "platform": "Common", - "cloud_provider": "COMMON", - "category": "Secret Management", - "experimental": false, - "description": "Query to find passwords and secrets in infrastructure code.", - "description_id": "d69d8a89", - "files": [ - { - "file_name": "/path/e2e/fixtures/samples/positive.yaml", - "similarity_id": "379b043925f80377f9a5c54a286392202b624f04f71e8d09f87da0ac414a5b04", - "line": 276, - "issue_type": "RedundantAttribute", - "search_key": "", - "search_line": 0, - "search_value": "", - "expected_value": "Hardcoded secret key should not appear in source", - "actual_value": "Hardcoded secret key appears in source" - } - ] - }, - { - "query_name": "Unrestricted Security Group Ingress", - "query_id": "4a1e6b34-1008-4e61-a5f2-1f7c276f8d14", - "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group-ingress.html", - "severity": "HIGH", - "platform": "CloudFormation", - "cloud_provider": "AWS", - "category": "Networking and Firewall", - "experimental": false, - "description": "AWS Security Group Ingress CIDR should not be open to the world", - "description_id": "08256d31", - "files": [ - { - "file_name": "/path/e2e/fixtures/samples/positive.yaml", - "similarity_id": "3c4976bcd6061315525a23a644cb6ed3bc4888794f21e8161a1cd38ea0495f30", - "line": 24, - "resource_type": "AWS::EC2::SecurityGroupIngress", - "resource_name": "EcsSecurityGroupHTTPinbound02", - "issue_type": "IncorrectValue", - "search_key": "Resources.EcsSecurityGroupHTTPinbound02.Properties.CidrIp", - "search_line": -1, - "search_value": "", - "expected_value": "Resources.EcsSecurityGroupHTTPinbound02.Properties.CidrIp should not be open to the world (0.0.0.0/0)", - "actual_value": "Resources.EcsSecurityGroupHTTPinbound02.Properties.CidrIp is open to the world (0.0.0.0/0)" - }, - { - "file_name": "/path/e2e/fixtures/samples/positive.yaml", - "similarity_id": "f1f15967fd4bd2b39610dcbe3c2d641068dc1b409821142f41d179dbc360b3aa", - "line": 32, - "resource_type": "AWS::EC2::SecurityGroupIngress", - "resource_name": "EcsSecurityGroupSSHinbound", - "issue_type": "IncorrectValue", - "search_key": "Resources.EcsSecurityGroupSSHinbound.Properties.CidrIp", - "search_line": -1, - "search_value": "", - "expected_value": "Resources.EcsSecurityGroupSSHinbound.Properties.CidrIp should not be open to the world (0.0.0.0/0)", - "actual_value": "Resources.EcsSecurityGroupSSHinbound.Properties.CidrIp is open to the world (0.0.0.0/0)" - } - ] - }, - { - "query_name": "ALB Is Not Integrated With WAF", - "query_id": "105ba098-1e34-48cd-b0f2-a8a43a51bf9b", - "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafregional-webaclassociation.html", - "severity": "MEDIUM", - "platform": "CloudFormation", - "cloud_provider": "AWS", - "category": "Networking and Firewall", - "experimental": false, - "description": "All Application Load Balancers (ALB) must be protected with Web Application Firewall (WAF) service", - "description_id": "2cad71a7", - "files": [ - { - "file_name": "/path/e2e/fixtures/samples/positive.yaml", - "similarity_id": "d542c20ac3e6177847cf5a565ff82704a5b63ec87332191ded7baca361b611e8", - "line": 86, - "resource_type": "AWS::ElasticLoadBalancingV2::LoadBalancer", - "resource_name": "ECSALB", - "issue_type": "MissingAttribute", - "search_key": "Resources.ECSALB", - "search_line": -1, - "search_value": "", - "expected_value": "'Resources.ECSALB' should not have an 'internal' scheme and should have a 'WebACLAssociation' associated", - "actual_value": "'Resources.ECSALB' does not have an 'internal' scheme and a 'WebACLAssociation' associated" - } - ] - }, - { - "query_name": "ALB Listening on HTTP", - "query_id": "275a3217-ca37-40c1-a6cf-bb57d245ab32", - "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-elb-listener.html#cfn-ec2-elb-listener-protocol", - "severity": "MEDIUM", - "platform": "CloudFormation", - "cloud_provider": "AWS", - "category": "Networking and Firewall", - "experimental": false, - "description": "AWS Application Load Balancer (alb) should not listen on HTTP", - "description_id": "55f05412", - "files": [ - { - "file_name": "/path/e2e/fixtures/samples/positive.yaml", - "similarity_id": "7d59e0095d8eda260b02394f129910d70d01b55dffb356780166354f9360d848", - "line": 104, - "resource_type": "AWS::ElasticLoadBalancingV2::Listener", - "resource_name": "ALBListener", - "issue_type": "IncorrectValue", - "search_key": "Resources.ALBListener.Properties.Protocol=HTTP", - "search_line": 104, - "search_value": "", - "expected_value": "'Resources.ALBListener.Protocol' should not equal to 'HTTP'", - "actual_value": "'Resources.ALBListener.Protocol' equals to 'HTTP'" - } - ] - }, - { - "query_name": "Auto Scaling Group With No Associated ELB", - "query_id": "ad21e616-5026-4b9d-990d-5b007bfe679c", - "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html", - "severity": "MEDIUM", - "platform": "CloudFormation", - "cloud_provider": "AWS", - "category": "Availability", - "experimental": false, - "description": "AWS Auto Scaling Groups must have associated ELBs to ensure high availability and improve application performance. This means the attribute 'LoadBalancerNames' must be defined and not empty.", - "description_id": "99966f58", - "files": [ - { - "file_name": "/path/e2e/fixtures/samples/positive.yaml", - "similarity_id": "ef5069fb260b351100126334b0ba9b2776f480652d8d4f72c81f387d785d22d2", - "line": 131, - "resource_type": "AWS::AutoScaling::AutoScalingGroup", - "resource_name": "ECSAutoScalingGroup", - "issue_type": "MissingAttribute", - "search_key": "Resources.ECSAutoScalingGroup.Properties", - "search_line": -1, - "search_value": "", - "expected_value": "'Resources.ECSAutoScalingGroup.Properties.LoadBalancerNames' should be defined", - "actual_value": "'Resources.ECSAutoScalingGroup.Properties.LoadBalancerNames' is not defined" - } - ] - }, - { - "query_name": "ECS Task Definition Network Mode Not Recommended", - "query_id": "027a4b7a-8a59-4938-a04f-ed532512cf45", - "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-networkmode", - "severity": "MEDIUM", - "platform": "CloudFormation", - "cloud_provider": "AWS", - "category": "Insecure Configurations", - "experimental": false, - "description": "Network_Mode should be 'awsvpc' in ecs_task_definition. AWS VPCs provides the controls to facilitate a formal process for approving and testing all network connections and changes to the firewall and router configurations", - "description_id": "bded2e99", - "files": [ - { - "file_name": "/path/e2e/fixtures/samples/positive.yaml", - "similarity_id": "dd2585b378b43193cc748c9f68b4c226b6face1e271f07f84dcb9113ff6f7446", - "line": 48, - "resource_type": "AWS::ECS::TaskDefinition", - "resource_name": "TaskDefinition", - "issue_type": "MissingAttribute", - "search_key": "Resources.TaskDefinition.Properties", - "search_line": -1, - "search_value": "", - "expected_value": "'Resources.TaskDefinition.Properties.NetworkMode' should be set and should be 'awsvpc'", - "actual_value": "'Resources.TaskDefinition.Properties.NetworkMode' is undefined and defaults to 'bridge'" - } - ] - }, - { - "query_name": "ELB With Security Group Without Inbound Rules", - "query_id": "e200a6f3-c589-49ec-9143-7421d4a2c845", - "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html#cfn-ec2-securitygroup-securitygroupingress", - "severity": "MEDIUM", - "platform": "CloudFormation", - "cloud_provider": "AWS", - "category": "Networking and Firewall", - "experimental": false, - "description": "An AWS Elastic Load Balancer (ELB) shouldn't have security groups without outbound rules", - "description_id": "3ccdd7d2", - "files": [ - { - "file_name": "/path/e2e/fixtures/samples/positive.yaml", - "similarity_id": "d762780be8bebaa6b6bc6b6075a5dcee0edd37f639aa63061f29a13160eae116", - "line": 14, - "resource_type": "AWS::ElasticLoadBalancingV2::LoadBalancer", - "resource_name": "ECSALB", - "issue_type": "MissingAttribute", - "search_key": "Resources.EcsSecurityGroup.Properties", - "search_line": -1, - "search_value": "", - "expected_value": "'Resources.EcsSecurityGroup.Properties.SecurityGroupIngress' is defined", - "actual_value": "'Resources.EcsSecurityGroup.Properties.SecurityGroupIngress' is undefined" - } - ] - }, - { - "query_name": "ELB With Security Group Without Outbound Rules", - "query_id": "01d5a458-a6c4-452a-ac50-054d59275b7c", - "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html#cfn-ec2-securitygroup-securitygroupegress", - "severity": "MEDIUM", - "platform": "CloudFormation", - "cloud_provider": "AWS", - "category": "Networking and Firewall", - "experimental": false, - "description": "An AWS Elastic Load Balancer (ELB) shouldn't have security groups without outbound rules", - "description_id": "7b876844", - "files": [ - { - "file_name": "/path/e2e/fixtures/samples/positive.yaml", - "similarity_id": "ee0915eb8433ec18c3f357c5eb0d243ce5c3a077e63e222230c4c0d7bf049416", - "line": 14, - "resource_type": "AWS::ElasticLoadBalancingV2::LoadBalancer", - "resource_name": "ECSALB", - "issue_type": "MissingAttribute", - "search_key": "Resources.EcsSecurityGroup.Properties", - "search_line": -1, - "search_value": "", - "expected_value": "'Resources.EcsSecurityGroup.Properties.SecurityGroupEgress' is defined", - "actual_value": "'Resources.EcsSecurityGroup.Properties.SecurityGroupEgress' is undefined" - } - ] - }, - { - "query_name": "Empty Roles For ECS Cluster Task Definitions", - "query_id": "7f384a5f-b5a2-4d84-8ca3-ee0a5247becb", - "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html", - "severity": "MEDIUM", - "platform": "CloudFormation", - "cloud_provider": "AWS", - "category": "Access Control", - "experimental": false, - "description": "Check if any ECS cluster has not defined proper roles for services' task definitions.", - "description_id": "b47b42b2", - "files": [ - { - "file_name": "/path/e2e/fixtures/samples/positive.yaml", - "similarity_id": "cea2579f8b8eccc6008dcddba492fb4bd8802d0926f4cc33ae95b8a5f758d0e3", - "line": 167, - "resource_type": "AWS::ECS::Service", - "resource_name": "service", - "issue_type": "IncorrectValue", - "search_key": "Resources.service.Properties.TaskDefinition", - "search_line": -1, - "search_value": "", - "expected_value": "'Resources.service.Properties.TaskDefinition' refers to a TaskDefinition with Role", - "actual_value": "'Resources.service.Properties.TaskDefinition' does not refer to a TaskDefinition with Role" - } - ] - }, - { - "query_name": "Security Group Ingress With Port Range", - "query_id": "87482183-a8e7-4e42-a566-7a23ec231c16", - "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group-ingress.html", - "severity": "MEDIUM", - "platform": "CloudFormation", - "cloud_provider": "AWS", - "category": "Networking and Firewall", - "experimental": false, - "description": "AWS Security Group Ingress should have a single port", - "description_id": "5f2b65f3", - "files": [ - { - "file_name": "/path/e2e/fixtures/samples/positive.yaml", - "similarity_id": "000056cd0b9697e13f2f4561f1963e34c58c042b921c4d0fad0f2fa5214374eb", - "line": 35, - "resource_type": "AWS::EC2::SecurityGroupIngress", - "resource_name": "EcsSecurityGroupALBports", - "issue_type": "IncorrectValue", - "search_key": "Resources.EcsSecurityGroupALBports.Properties", - "search_line": -1, - "search_value": "", - "expected_value": "Resources.EcsSecurityGroupALBports.Properties.FromPort should equal to Resources.EcsSecurityGroupALBports.Properties.ToPort", - "actual_value": "Resources.EcsSecurityGroupALBports.Properties.FromPort is not equal to Resources.EcsSecurityGroupALBports.Properties.ToPort" - }, - { - "file_name": "/path/e2e/fixtures/samples/positive.yaml", - "similarity_id": "d60022e14f1b45c574f71c0f48b3fee882b471819597b770e3545988a8f5295a", - "line": 19, - "resource_type": "AWS::EC2::SecurityGroupIngress", - "resource_name": "EcsSecurityGroupHTTPinbound02", - "issue_type": "IncorrectValue", - "search_key": "Resources.EcsSecurityGroupHTTPinbound02.Properties", - "search_line": -1, - "search_value": "", - "expected_value": "Resources.EcsSecurityGroupHTTPinbound02.Properties.FromPort should equal to Resources.EcsSecurityGroupHTTPinbound02.Properties.ToPort", - "actual_value": "Resources.EcsSecurityGroupHTTPinbound02.Properties.FromPort is not equal to Resources.EcsSecurityGroupHTTPinbound02.Properties.ToPort" - }, - { - "file_name": "/path/e2e/fixtures/samples/positive.yaml", - "similarity_id": "810487007189ac4de717dffc3204a05756e80e910b34f89ee08fd14f612328aa", - "line": 27, - "resource_type": "AWS::EC2::SecurityGroupIngress", - "resource_name": "EcsSecurityGroupSSHinbound", - "issue_type": "IncorrectValue", - "search_key": "Resources.EcsSecurityGroupSSHinbound.Properties", - "search_line": -1, - "search_value": "", - "expected_value": "Resources.EcsSecurityGroupSSHinbound.Properties.FromPort should equal to Resources.EcsSecurityGroupSSHinbound.Properties.ToPort", - "actual_value": "Resources.EcsSecurityGroupSSHinbound.Properties.FromPort is not equal to Resources.EcsSecurityGroupSSHinbound.Properties.ToPort" - } - ] - }, - { - "query_name": "ECS Service Without Running Tasks", - "query_id": "79d745f0-d5f3-46db-9504-bef73e9fd528", - "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-deploymentconfiguration", - "severity": "LOW", - "platform": "CloudFormation", - "cloud_provider": "AWS", - "category": "Availability", - "experimental": false, - "description": "ECS Service should have at least 1 task running", - "description_id": "cd242bdd", - "files": [ - { - "file_name": "/path/e2e/fixtures/samples/positive.yaml", - "similarity_id": "5022c0ba8f17197cb6ef6163bf16e6dd8e13290b1d91192c61742bca491ff4f7", - "line": 159, - "resource_type": "AWS::ECS::Service", - "resource_name": "service", - "issue_type": "MissingAttribute", - "search_key": "Resources.service.Properties", - "search_line": -1, - "search_value": "", - "expected_value": "Resources.service.Properties.DeploymentConfiguration should be defined and not null", - "actual_value": "Resources.service.Properties.DeploymentConfiguration is undefined or null" - } - ] - }, - { - "query_name": "ECS Task Definition HealthCheck Missing", - "query_id": "d24389b4-b209-4ff0-8345-dc7a4569dcdd", - "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-healthcheck.html", - "severity": "LOW", - "platform": "CloudFormation", - "cloud_provider": "AWS", - "category": "Observability", - "experimental": false, - "description": "Amazon ECS must have the HealthCheck property defined to give more control over monitoring the health of tasks", - "description_id": "e2e3a50a", - "files": [ - { - "file_name": "/path/e2e/fixtures/samples/positive.yaml", - "similarity_id": "e08fb6aa0ab3e2ed98aa9d08d8813df89af2b0005acdbda809c86f4897715c78", - "line": 67, - "resource_type": "AWS::ECS::TaskDefinition", - "resource_name": "TaskDefinition", - "issue_type": "MissingAttribute", - "search_key": "Resources.TaskDefinition.Properties.ContainerDefinitions", - "search_line": 67, - "search_value": "", - "expected_value": "'Resources.TaskDefinition.Properties.ContainerDefinitions' should contain 'HealthCheck' property", - "actual_value": "'Resources.TaskDefinition.Properties.ContainerDefinitions' doesn't contain 'HealthCheck' property" - }, - { - "file_name": "/path/e2e/fixtures/samples/positive.yaml", - "similarity_id": "7d931711c3ba34527d9a6660c82f06f4a2174812dcfbd69bb271187edec91a06", - "line": 51, - "resource_type": "AWS::ECS::TaskDefinition", - "resource_name": "TaskDefinition", - "issue_type": "MissingAttribute", - "search_key": "Resources.TaskDefinition.Properties.ContainerDefinitions", - "search_line": 51, - "search_value": "", - "expected_value": "'Resources.TaskDefinition.Properties.ContainerDefinitions' should contain 'HealthCheck' property", - "actual_value": "'Resources.TaskDefinition.Properties.ContainerDefinitions' doesn't contain 'HealthCheck' property" - } - ] - }, - { - "query_name": "IAM Access Analyzer Not Enabled", - "query_id": "8d29754a-2a18-460d-a1ba-9509f8d359da", - "query_url": "https://docs.amazonaws.cn/en_us/AWSCloudFormation/latest/UserGuide/aws-resource-accessanalyzer-analyzer.html", - "severity": "LOW", - "platform": "CloudFormation", - "cloud_provider": "AWS", - "category": "Best Practices", - "experimental": false, - "description": "IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions", - "description_id": "24a6978e", - "files": [ - { - "file_name": "/path/e2e/fixtures/samples/positive.yaml", - "similarity_id": "304c64d5ddfd93593c8aa4e9f10b34fe7d2e7e3634c6e64465b3be292029775c", - "line": 9, - "resource_type": "n/a", - "resource_name": "n/a", - "issue_type": "MissingAttribute", - "search_key": "Resources", - "search_line": -1, - "search_value": "", - "expected_value": "'AWS::AccessAnalyzer::Analyzer' should be set", - "actual_value": "'AWS::AccessAnalyzer::Analyzer' is undefined" - } - ] - }, - { - "query_name": "Secrets Manager Should Specify KmsKeyId", - "query_id": "c8ae9ba9-c2f7-4e5c-b32e-a4b7712d4d22", - "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secret.html", - "severity": "LOW", - "platform": "CloudFormation", - "cloud_provider": "AWS", - "category": "Secret Management", - "experimental": false, - "description": "Secrets Manager Secret should explicitly specify KmsKeyId, this will allow the secret to be shared cross-account", - "description_id": "d78bb871", - "files": [ - { - "file_name": "/path/e2e/fixtures/samples/positive.yaml", - "similarity_id": "fc5fc7cf72f42a639c6caf58ea2cdefd05811c7487abf44c401ad15225634ead", - "line": 270, - "resource_type": "AWS::SecretsManager::Secret", - "resource_name": "MyAmpAppSecretManagerRotater", - "issue_type": "MissingAttribute", - "search_key": "Resources.MyAmpAppSecretManagerRotater.Properties", - "search_line": -1, - "search_value": "", - "expected_value": "Resources.MyAmpAppSecretManagerRotater.Properties.KmsKeyId should be defined", - "actual_value": "Resources.MyAmpAppSecretManagerRotater.Properties.KmsKeyId is undefined" - } - ] - }, - { - "query_name": "Security Group Rule Without Description", - "query_id": "5e6c9c68-8a82-408e-8749-ddad78cbb9c5", - "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html", - "severity": "INFO", - "platform": "CloudFormation", - "cloud_provider": "AWS", - "category": "Best Practices", - "experimental": false, - "description": "It's considered a best practice for AWS Security Group to have a description", - "description_id": "f7c62b11", - "files": [ - { - "file_name": "/path/e2e/fixtures/samples/positive.yaml", - "similarity_id": "39fec612777f59fb4181dd2330ee465ec860c962acfebb07a4f1ee1f122d24e7", - "line": 35, - "resource_type": "AWS::EC2::SecurityGroupIngress", - "resource_name": "EcsSecurityGroupALBports", - "issue_type": "MissingAttribute", - "search_key": "Resources.EcsSecurityGroupALBports.Properties", - "search_line": -1, - "search_value": "", - "expected_value": "Resources.EcsSecurityGroupALBports.Properties.Description should be set", - "actual_value": "Resources.EcsSecurityGroupALBports.Properties.Description is undefined" - }, - { - "file_name": "/path/e2e/fixtures/samples/positive.yaml", - "similarity_id": "e96cf20cc6e1e11dce2d40d9e2b37446a00f00c3f541aa7dd13861059f6fcce8", - "line": 19, - "resource_type": "AWS::EC2::SecurityGroupIngress", - "resource_name": "EcsSecurityGroupHTTPinbound02", - "issue_type": "MissingAttribute", - "search_key": "Resources.EcsSecurityGroupHTTPinbound02.Properties", - "search_line": -1, - "search_value": "", - "expected_value": "Resources.EcsSecurityGroupHTTPinbound02.Properties.Description should be set", - "actual_value": "Resources.EcsSecurityGroupHTTPinbound02.Properties.Description is undefined" - }, - { - "file_name": "/path/e2e/fixtures/samples/positive.yaml", - "similarity_id": "95883c9f983adb8f547c54e24837b6aa402978a00417be98441514959d4171d4", - "line": 27, - "resource_type": "AWS::EC2::SecurityGroupIngress", - "resource_name": "EcsSecurityGroupSSHinbound", - "issue_type": "MissingAttribute", - "search_key": "Resources.EcsSecurityGroupSSHinbound.Properties", - "search_line": -1, - "search_value": "", - "expected_value": "Resources.EcsSecurityGroupSSHinbound.Properties.Description should be set", - "actual_value": "Resources.EcsSecurityGroupSSHinbound.Properties.Description is undefined" - } - ] - } - ] + "kics_version": "development", + "files_scanned": 1, + "lines_scanned": 289, + "files_parsed": 1, + "lines_parsed": 289, + "lines_ignored": 0, + "files_failed_to_scan": 0, + "queries_total": 500, + "queries_failed_to_execute": 0, + "queries_failed_to_compute_similarity_id": 0, + "scan_id": "console", + "severity_counters": { + "CRITICAL": 0, + "HIGH": 6, + "INFO": 3, + "LOW": 5, + "MEDIUM": 10, + "TRACE": 0 + }, + "total_counter": 24, + "total_bom_resources": 0, + "start": "2024-04-29T15:36:07.7321463+01:00", + "end": "2024-04-29T15:36:22.007629+01:00", + "paths": [ + "/path/e2e/fixtures/samples/positive.yaml" + ], + "queries": [ + { + "query_name": "Fully Open Ingress", + "query_id": "e415f8d3-fc2b-4f52-88ab-1129e8c8d3f5", + "query_url": "https://docs.aws.amazon.com/AmazonECS/latest/developerguide/get-set-up-for-amazon-ecs.html#create-a-base-security-group", + "severity": "HIGH", + "platform": "CloudFormation", + "cloud_provider": "AWS", + "category": "Networking and Firewall", + "experimental": false, + "description": "ECS Service's security group should not allow unrestricted access to all ports from all IPv4 addresses", + "description_id": "747f49ac", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/positive.yaml", + "similarity_id": "5f39aa8e63613a7e8bfd7641ccfb931fa0225e95b3449bc1210b50329d65d713", + "line": 32, + "resource_type": "AWS::EC2::SecurityGroupIngress", + "resource_name": "EcsSecurityGroupSSHinbound", + "issue_type": "IncorrectValue", + "search_key": "Resources.EcsSecurityGroupSSHinbound.Properties.CidrIp", + "search_line": -1, + "search_value": "", + "expected_value": "Resource name 'EcsSecurityGroupSSHinbound' of type 'AWS::EC2::SecurityGroupIngress' should not accept ingress connections from all IPv4 adresses and to all available ports", + "actual_value": "Resource name 'EcsSecurityGroupSSHinbound' of type 'AWS::EC2::SecurityGroupIngress' should not accept ingress connections from CIDR 0.0.0.0/0 to all available ports" + }, + { + "file_name": "/path/e2e/fixtures/samples/positive.yaml", + "similarity_id": "88653ab159ca0a15095afc685f98da24685fa547bb5f1ca7c95ef468f209387c", + "line": 24, + "resource_type": "AWS::EC2::SecurityGroupIngress", + "resource_name": "EcsSecurityGroupHTTPinbound02", + "issue_type": "IncorrectValue", + "search_key": "Resources.EcsSecurityGroupHTTPinbound02.Properties.CidrIp", + "search_line": -1, + "search_value": "", + "expected_value": "Resource name 'EcsSecurityGroupHTTPinbound02' of type 'AWS::EC2::SecurityGroupIngress' should not accept ingress connections from all IPv4 adresses and to all available ports", + "actual_value": "Resource name 'EcsSecurityGroupHTTPinbound02' of type 'AWS::EC2::SecurityGroupIngress' should not accept ingress connections from CIDR 0.0.0.0/0 to all available ports" + } + ] + }, + { + "query_name": "Passwords And Secrets - CloudFormation Secret Template", + "query_id": "e0f01838-b1c2-4669-b84b-981949ebe5ed", + "query_url": "https://docs.kics.io/latest/secrets/", + "severity": "HIGH", + "platform": "Common", + "cloud_provider": "COMMON", + "category": "Secret Management", + "experimental": false, + "description": "Query to find passwords and secrets in infrastructure code.", + "description_id": "d69d8a89", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/positive.yaml", + "similarity_id": "5f948e5c0c97f3e7c43cd531de50c6c54a2cec221a45f113a34a571165d30553", + "line": 273, + "issue_type": "RedundantAttribute", + "search_key": "", + "search_line": 0, + "search_value": "", + "expected_value": "Hardcoded secret key should not appear in source", + "actual_value": "Hardcoded secret key appears in source" + } + ] + }, + { + "query_name": "Passwords And Secrets - Generic Password", + "query_id": "487f4be7-3fd9-4506-a07a-eae252180c08", + "query_url": "https://docs.kics.io/latest/secrets/", + "severity": "HIGH", + "platform": "Common", + "cloud_provider": "COMMON", + "category": "Secret Management", + "experimental": false, + "description": "Query to find passwords and secrets in infrastructure code.", + "description_id": "d69d8a89", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/positive.yaml", + "similarity_id": "379b043925f80377f9a5c54a286392202b624f04f71e8d09f87da0ac414a5b04", + "line": 276, + "issue_type": "RedundantAttribute", + "search_key": "", + "search_line": 0, + "search_value": "", + "expected_value": "Hardcoded secret key should not appear in source", + "actual_value": "Hardcoded secret key appears in source" + } + ] + }, + { + "query_name": "Unrestricted Security Group Ingress", + "query_id": "4a1e6b34-1008-4e61-a5f2-1f7c276f8d14", + "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group-ingress.html", + "severity": "HIGH", + "platform": "CloudFormation", + "cloud_provider": "AWS", + "category": "Networking and Firewall", + "experimental": false, + "description": "AWS Security Group Ingress CIDR should not be open to the world", + "description_id": "08256d31", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/positive.yaml", + "similarity_id": "f1f15967fd4bd2b39610dcbe3c2d641068dc1b409821142f41d179dbc360b3aa", + "line": 32, + "resource_type": "AWS::EC2::SecurityGroupIngress", + "resource_name": "EcsSecurityGroupSSHinbound", + "issue_type": "IncorrectValue", + "search_key": "Resources.EcsSecurityGroupSSHinbound.Properties.CidrIp", + "search_line": -1, + "search_value": "", + "expected_value": "Resources.EcsSecurityGroupSSHinbound.Properties.CidrIp should not be open to the world (0.0.0.0/0)", + "actual_value": "Resources.EcsSecurityGroupSSHinbound.Properties.CidrIp is open to the world (0.0.0.0/0)" + }, + { + "file_name": "/path/e2e/fixtures/samples/positive.yaml", + "similarity_id": "3c4976bcd6061315525a23a644cb6ed3bc4888794f21e8161a1cd38ea0495f30", + "line": 24, + "resource_type": "AWS::EC2::SecurityGroupIngress", + "resource_name": "EcsSecurityGroupHTTPinbound02", + "issue_type": "IncorrectValue", + "search_key": "Resources.EcsSecurityGroupHTTPinbound02.Properties.CidrIp", + "search_line": -1, + "search_value": "", + "expected_value": "Resources.EcsSecurityGroupHTTPinbound02.Properties.CidrIp should not be open to the world (0.0.0.0/0)", + "actual_value": "Resources.EcsSecurityGroupHTTPinbound02.Properties.CidrIp is open to the world (0.0.0.0/0)" + } + ] + }, + { + "query_name": "ALB Is Not Integrated With WAF", + "query_id": "105ba098-1e34-48cd-b0f2-a8a43a51bf9b", + "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafregional-webaclassociation.html", + "severity": "MEDIUM", + "platform": "CloudFormation", + "cloud_provider": "AWS", + "category": "Networking and Firewall", + "experimental": false, + "description": "All Application Load Balancers (ALB) must be protected with Web Application Firewall (WAF) service", + "description_id": "2cad71a7", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/positive.yaml", + "similarity_id": "d542c20ac3e6177847cf5a565ff82704a5b63ec87332191ded7baca361b611e8", + "line": 86, + "resource_type": "AWS::ElasticLoadBalancingV2::LoadBalancer", + "resource_name": "ECSALB", + "issue_type": "MissingAttribute", + "search_key": "Resources.ECSALB", + "search_line": -1, + "search_value": "", + "expected_value": "'Resources.ECSALB' should not have an 'internal' scheme and should have a 'WebACLAssociation' associated", + "actual_value": "'Resources.ECSALB' does not have an 'internal' scheme and a 'WebACLAssociation' associated" + } + ] + }, + { + "query_name": "ALB Listening on HTTP", + "query_id": "275a3217-ca37-40c1-a6cf-bb57d245ab32", + "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-elb-listener.html#cfn-ec2-elb-listener-protocol", + "severity": "MEDIUM", + "platform": "CloudFormation", + "cloud_provider": "AWS", + "category": "Networking and Firewall", + "experimental": false, + "description": "AWS Application Load Balancer (alb) should not listen on HTTP", + "description_id": "55f05412", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/positive.yaml", + "similarity_id": "27c1aa11c215cb09ce1ad1e569a090d5bc80ca156c5bf81f3b52415dbd6608f0", + "line": 104, + "resource_type": "AWS::ElasticLoadBalancingV2::Listener", + "resource_name": "ALBListener", + "issue_type": "IncorrectValue", + "search_key": "Resources.ALBListener.Properties.Protocol=HTTP", + "search_line": 104, + "search_value": "", + "expected_value": "'Resources.ALBListener.Protocol' should not equal to 'HTTP'", + "actual_value": "'Resources.ALBListener.Protocol' equals to 'HTTP'" + } + ] + }, + { + "query_name": "Auto Scaling Group With No Associated ELB", + "query_id": "ad21e616-5026-4b9d-990d-5b007bfe679c", + "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html", + "severity": "MEDIUM", + "platform": "CloudFormation", + "cloud_provider": "AWS", + "category": "Availability", + "experimental": false, + "description": "AWS Auto Scaling Groups must have associated ELBs to ensure high availability and improve application performance. This means the attribute 'LoadBalancerNames' must be defined and not empty.", + "description_id": "99966f58", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/positive.yaml", + "similarity_id": "ef5069fb260b351100126334b0ba9b2776f480652d8d4f72c81f387d785d22d2", + "line": 131, + "resource_type": "AWS::AutoScaling::AutoScalingGroup", + "resource_name": "ECSAutoScalingGroup", + "issue_type": "MissingAttribute", + "search_key": "Resources.ECSAutoScalingGroup.Properties", + "search_line": -1, + "search_value": "", + "expected_value": "'Resources.ECSAutoScalingGroup.Properties.LoadBalancerNames' should be defined", + "actual_value": "'Resources.ECSAutoScalingGroup.Properties.LoadBalancerNames' is not defined" + } + ] + }, + { + "query_name": "ECS Task Definition Network Mode Not Recommended", + "query_id": "027a4b7a-8a59-4938-a04f-ed532512cf45", + "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-networkmode", + "severity": "MEDIUM", + "platform": "CloudFormation", + "cloud_provider": "AWS", + "category": "Insecure Configurations", + "experimental": false, + "description": "Network_Mode should be 'awsvpc' in ecs_task_definition. AWS VPCs provides the controls to facilitate a formal process for approving and testing all network connections and changes to the firewall and router configurations", + "description_id": "bded2e99", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/positive.yaml", + "similarity_id": "dd2585b378b43193cc748c9f68b4c226b6face1e271f07f84dcb9113ff6f7446", + "line": 48, + "resource_type": "AWS::ECS::TaskDefinition", + "resource_name": "TaskDefinition", + "issue_type": "MissingAttribute", + "search_key": "Resources.TaskDefinition.Properties", + "search_line": -1, + "search_value": "", + "expected_value": "'Resources.TaskDefinition.Properties.NetworkMode' should be set and should be 'awsvpc'", + "actual_value": "'Resources.TaskDefinition.Properties.NetworkMode' is undefined and defaults to 'bridge'" + } + ] + }, + { + "query_name": "ELB With Security Group Without Inbound Rules", + "query_id": "e200a6f3-c589-49ec-9143-7421d4a2c845", + "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html#cfn-ec2-securitygroup-securitygroupingress", + "severity": "MEDIUM", + "platform": "CloudFormation", + "cloud_provider": "AWS", + "category": "Networking and Firewall", + "experimental": false, + "description": "An AWS Elastic Load Balancer (ELB) shouldn't have security groups without outbound rules", + "description_id": "3ccdd7d2", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/positive.yaml", + "similarity_id": "d762780be8bebaa6b6bc6b6075a5dcee0edd37f639aa63061f29a13160eae116", + "line": 14, + "resource_type": "AWS::ElasticLoadBalancingV2::LoadBalancer", + "resource_name": "ECSALB", + "issue_type": "MissingAttribute", + "search_key": "Resources.EcsSecurityGroup.Properties", + "search_line": -1, + "search_value": "", + "expected_value": "'Resources.EcsSecurityGroup.Properties.SecurityGroupIngress' is defined", + "actual_value": "'Resources.EcsSecurityGroup.Properties.SecurityGroupIngress' is undefined" + } + ] + }, + { + "query_name": "ELB With Security Group Without Outbound Rules", + "query_id": "01d5a458-a6c4-452a-ac50-054d59275b7c", + "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html#cfn-ec2-securitygroup-securitygroupegress", + "severity": "MEDIUM", + "platform": "CloudFormation", + "cloud_provider": "AWS", + "category": "Networking and Firewall", + "experimental": false, + "description": "An AWS Elastic Load Balancer (ELB) shouldn't have security groups without outbound rules", + "description_id": "7b876844", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/positive.yaml", + "similarity_id": "ee0915eb8433ec18c3f357c5eb0d243ce5c3a077e63e222230c4c0d7bf049416", + "line": 14, + "resource_type": "AWS::ElasticLoadBalancingV2::LoadBalancer", + "resource_name": "ECSALB", + "issue_type": "MissingAttribute", + "search_key": "Resources.EcsSecurityGroup.Properties", + "search_line": -1, + "search_value": "", + "expected_value": "'Resources.EcsSecurityGroup.Properties.SecurityGroupEgress' is defined", + "actual_value": "'Resources.EcsSecurityGroup.Properties.SecurityGroupEgress' is undefined" + } + ] + }, + { + "query_name": "Empty Roles For ECS Cluster Task Definitions", + "query_id": "7f384a5f-b5a2-4d84-8ca3-ee0a5247becb", + "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html", + "severity": "MEDIUM", + "platform": "CloudFormation", + "cloud_provider": "AWS", + "category": "Access Control", + "experimental": false, + "description": "Check if any ECS cluster has not defined proper roles for services' task definitions.", + "description_id": "b47b42b2", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/positive.yaml", + "similarity_id": "cea2579f8b8eccc6008dcddba492fb4bd8802d0926f4cc33ae95b8a5f758d0e3", + "line": 167, + "resource_type": "AWS::ECS::Service", + "resource_name": "service", + "issue_type": "IncorrectValue", + "search_key": "Resources.service.Properties.TaskDefinition", + "search_line": -1, + "search_value": "", + "expected_value": "'Resources.service.Properties.TaskDefinition' refers to a TaskDefinition with Role", + "actual_value": "'Resources.service.Properties.TaskDefinition' does not refer to a TaskDefinition with Role" + } + ] + }, + { + "query_name": "Security Group Ingress With Port Range", + "query_id": "87482183-a8e7-4e42-a566-7a23ec231c16", + "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group-ingress.html", + "severity": "MEDIUM", + "platform": "CloudFormation", + "cloud_provider": "AWS", + "category": "Networking and Firewall", + "experimental": false, + "description": "AWS Security Group Ingress should have a single port", + "description_id": "5f2b65f3", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/positive.yaml", + "similarity_id": "000056cd0b9697e13f2f4561f1963e34c58c042b921c4d0fad0f2fa5214374eb", + "line": 35, + "resource_type": "AWS::EC2::SecurityGroupIngress", + "resource_name": "EcsSecurityGroupALBports", + "issue_type": "IncorrectValue", + "search_key": "Resources.EcsSecurityGroupALBports.Properties", + "search_line": -1, + "search_value": "", + "expected_value": "Resources.EcsSecurityGroupALBports.Properties.FromPort should equal to Resources.EcsSecurityGroupALBports.Properties.ToPort", + "actual_value": "Resources.EcsSecurityGroupALBports.Properties.FromPort is not equal to Resources.EcsSecurityGroupALBports.Properties.ToPort" + }, + { + "file_name": "/path/e2e/fixtures/samples/positive.yaml", + "similarity_id": "810487007189ac4de717dffc3204a05756e80e910b34f89ee08fd14f612328aa", + "line": 27, + "resource_type": "AWS::EC2::SecurityGroupIngress", + "resource_name": "EcsSecurityGroupSSHinbound", + "issue_type": "IncorrectValue", + "search_key": "Resources.EcsSecurityGroupSSHinbound.Properties", + "search_line": -1, + "search_value": "", + "expected_value": "Resources.EcsSecurityGroupSSHinbound.Properties.FromPort should equal to Resources.EcsSecurityGroupSSHinbound.Properties.ToPort", + "actual_value": "Resources.EcsSecurityGroupSSHinbound.Properties.FromPort is not equal to Resources.EcsSecurityGroupSSHinbound.Properties.ToPort" + }, + { + "file_name": "/path/e2e/fixtures/samples/positive.yaml", + "similarity_id": "d60022e14f1b45c574f71c0f48b3fee882b471819597b770e3545988a8f5295a", + "line": 19, + "resource_type": "AWS::EC2::SecurityGroupIngress", + "resource_name": "EcsSecurityGroupHTTPinbound02", + "issue_type": "IncorrectValue", + "search_key": "Resources.EcsSecurityGroupHTTPinbound02.Properties", + "search_line": -1, + "search_value": "", + "expected_value": "Resources.EcsSecurityGroupHTTPinbound02.Properties.FromPort should equal to Resources.EcsSecurityGroupHTTPinbound02.Properties.ToPort", + "actual_value": "Resources.EcsSecurityGroupHTTPinbound02.Properties.FromPort is not equal to Resources.EcsSecurityGroupHTTPinbound02.Properties.ToPort" + } + ] + }, + { + "query_name": "ECS Service Without Running Tasks", + "query_id": "79d745f0-d5f3-46db-9504-bef73e9fd528", + "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-deploymentconfiguration", + "severity": "LOW", + "platform": "CloudFormation", + "cloud_provider": "AWS", + "category": "Availability", + "experimental": false, + "description": "ECS Service should have at least 1 task running", + "description_id": "cd242bdd", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/positive.yaml", + "similarity_id": "5022c0ba8f17197cb6ef6163bf16e6dd8e13290b1d91192c61742bca491ff4f7", + "line": 159, + "resource_type": "AWS::ECS::Service", + "resource_name": "service", + "issue_type": "MissingAttribute", + "search_key": "Resources.service.Properties", + "search_line": -1, + "search_value": "", + "expected_value": "Resources.service.Properties.DeploymentConfiguration should be defined and not null", + "actual_value": "Resources.service.Properties.DeploymentConfiguration is undefined or null" + } + ] + }, + { + "query_name": "ECS Task Definition HealthCheck Missing", + "query_id": "d24389b4-b209-4ff0-8345-dc7a4569dcdd", + "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-healthcheck.html", + "severity": "LOW", + "platform": "CloudFormation", + "cloud_provider": "AWS", + "category": "Observability", + "experimental": false, + "description": "Amazon ECS must have the HealthCheck property defined to give more control over monitoring the health of tasks", + "description_id": "e2e3a50a", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/positive.yaml", + "similarity_id": "8cd0c1d85f668baacc2d37b0037e026fc5d62761f353dd314942b227afd41c43", + "line": 115, + "resource_type": "AWS::ECS::TaskDefinition", + "resource_name": "TaskDefinition", + "issue_type": "MissingAttribute", + "search_key": "Resources.TaskDefinition.Properties.ContainerDefinitions.1.Name=busybox", + "search_line": -1, + "search_value": "", + "expected_value": "'Resources.TaskDefinition.Properties.ContainerDefinitions' should contain 'HealthCheck' property", + "actual_value": "'Resources.TaskDefinition.Properties.ContainerDefinitions' doesn't contain 'HealthCheck' property" + }, + { + "file_name": "/path/e2e/fixtures/samples/positive.yaml", + "similarity_id": "1a3083ecb6510696d2224f736fbb492fc716b17b4061a0750af6f6e7cfbd6cd2", + "line": 207, + "resource_type": "AWS::ECS::TaskDefinition", + "resource_name": "TaskDefinition", + "issue_type": "MissingAttribute", + "search_key": "Resources.TaskDefinition.Properties.ContainerDefinitions.0.Name=simple-app", + "search_line": -1, + "search_value": "", + "expected_value": "'Resources.TaskDefinition.Properties.ContainerDefinitions' should contain 'HealthCheck' property", + "actual_value": "'Resources.TaskDefinition.Properties.ContainerDefinitions' doesn't contain 'HealthCheck' property" + } + ] + }, + { + "query_name": "IAM Access Analyzer Not Enabled", + "query_id": "8d29754a-2a18-460d-a1ba-9509f8d359da", + "query_url": "https://docs.amazonaws.cn/en_us/AWSCloudFormation/latest/UserGuide/aws-resource-accessanalyzer-analyzer.html", + "severity": "LOW", + "platform": "CloudFormation", + "cloud_provider": "AWS", + "category": "Best Practices", + "experimental": false, + "description": "IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions", + "description_id": "24a6978e", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/positive.yaml", + "similarity_id": "304c64d5ddfd93593c8aa4e9f10b34fe7d2e7e3634c6e64465b3be292029775c", + "line": 9, + "resource_type": "n/a", + "resource_name": "n/a", + "issue_type": "MissingAttribute", + "search_key": "Resources", + "search_line": -1, + "search_value": "", + "expected_value": "'AWS::AccessAnalyzer::Analyzer' should be set", + "actual_value": "'AWS::AccessAnalyzer::Analyzer' is undefined" + } + ] + }, + { + "query_name": "Secrets Manager Should Specify KmsKeyId", + "query_id": "c8ae9ba9-c2f7-4e5c-b32e-a4b7712d4d22", + "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secret.html", + "severity": "LOW", + "platform": "CloudFormation", + "cloud_provider": "AWS", + "category": "Secret Management", + "experimental": false, + "description": "Secrets Manager Secret should explicitly specify KmsKeyId, this will allow the secret to be shared cross-account", + "description_id": "d78bb871", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/positive.yaml", + "similarity_id": "fc5fc7cf72f42a639c6caf58ea2cdefd05811c7487abf44c401ad15225634ead", + "line": 270, + "resource_type": "AWS::SecretsManager::Secret", + "resource_name": "MyAmpAppSecretManagerRotater", + "issue_type": "MissingAttribute", + "search_key": "Resources.MyAmpAppSecretManagerRotater.Properties", + "search_line": -1, + "search_value": "", + "expected_value": "Resources.MyAmpAppSecretManagerRotater.Properties.KmsKeyId should be defined", + "actual_value": "Resources.MyAmpAppSecretManagerRotater.Properties.KmsKeyId is undefined" + } + ] + }, + { + "query_name": "Security Group Rule Without Description", + "query_id": "5e6c9c68-8a82-408e-8749-ddad78cbb9c5", + "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html", + "severity": "INFO", + "platform": "CloudFormation", + "cloud_provider": "AWS", + "category": "Best Practices", + "experimental": false, + "description": "It's considered a best practice for AWS Security Group to have a description", + "description_id": "f7c62b11", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/positive.yaml", + "similarity_id": "95883c9f983adb8f547c54e24837b6aa402978a00417be98441514959d4171d4", + "line": 27, + "resource_type": "AWS::EC2::SecurityGroupIngress", + "resource_name": "EcsSecurityGroupSSHinbound", + "issue_type": "MissingAttribute", + "search_key": "Resources.EcsSecurityGroupSSHinbound.Properties", + "search_line": -1, + "search_value": "", + "expected_value": "Resources.EcsSecurityGroupSSHinbound.Properties.Description should be set", + "actual_value": "Resources.EcsSecurityGroupSSHinbound.Properties.Description is undefined" + }, + { + "file_name": "/path/e2e/fixtures/samples/positive.yaml", + "similarity_id": "e96cf20cc6e1e11dce2d40d9e2b37446a00f00c3f541aa7dd13861059f6fcce8", + "line": 19, + "resource_type": "AWS::EC2::SecurityGroupIngress", + "resource_name": "EcsSecurityGroupHTTPinbound02", + "issue_type": "MissingAttribute", + "search_key": "Resources.EcsSecurityGroupHTTPinbound02.Properties", + "search_line": -1, + "search_value": "", + "expected_value": "Resources.EcsSecurityGroupHTTPinbound02.Properties.Description should be set", + "actual_value": "Resources.EcsSecurityGroupHTTPinbound02.Properties.Description is undefined" + }, + { + "file_name": "/path/e2e/fixtures/samples/positive.yaml", + "similarity_id": "39fec612777f59fb4181dd2330ee465ec860c962acfebb07a4f1ee1f122d24e7", + "line": 35, + "resource_type": "AWS::EC2::SecurityGroupIngress", + "resource_name": "EcsSecurityGroupALBports", + "issue_type": "MissingAttribute", + "search_key": "Resources.EcsSecurityGroupALBports.Properties", + "search_line": -1, + "search_value": "", + "expected_value": "Resources.EcsSecurityGroupALBports.Properties.Description should be set", + "actual_value": "Resources.EcsSecurityGroupALBports.Properties.Description is undefined" + } + ] + } + ] } diff --git a/e2e/fixtures/E2E_CLI_033_RESULT.json b/e2e/fixtures/E2E_CLI_033_RESULT.json index a0a5d1004af..997673c6120 100644 --- a/e2e/fixtures/E2E_CLI_033_RESULT.json +++ b/e2e/fixtures/E2E_CLI_033_RESULT.json @@ -40,7 +40,7 @@ "files": [ { "file_name": "/path/e2e/fixtures/samples/terraform-single.tf", - "similarity_id": "225c40e04fe9ac2285e2e47a448c8159cde8561762989f936c5cc6967977f664", + "similarity_id": "2abf26c3014fc445da69d8d5bb862c1c511e8e16ad3a6c6f6e14c28aa0adac1d", "line": 1, "resource_type": "aws_redshift_cluster", "resource_name": "default1", @@ -136,7 +136,7 @@ "files": [ { "file_name": "/path/e2e/fixtures/samples/terraform-single.tf", - "similarity_id": "34ae9f216456678405a82e7419b9b1614ee09a765529f717679e1fa4f4a1ae0a", + "similarity_id": "0460e3d4bb9ffcbc219231ebe8d154b6dc2ed00c348278dba780a721cd3a1a06", "line": 1, "resource_type": "aws_redshift_cluster", "resource_name": "default1", diff --git a/e2e/fixtures/E2E_CLI_036_RESULT.json b/e2e/fixtures/E2E_CLI_036_RESULT.json index 8195e04715f..937fe4d6434 100644 --- a/e2e/fixtures/E2E_CLI_036_RESULT.json +++ b/e2e/fixtures/E2E_CLI_036_RESULT.json @@ -1,472 +1,472 @@ { - "kics_version": "development", - "files_scanned": 1, - "lines_scanned": 289, - "files_parsed": 1, - "lines_parsed": 289, - "lines_ignored": 0, - "files_failed_to_scan": 0, - "queries_total": 13, - "queries_failed_to_execute": 0, - "queries_failed_to_compute_similarity_id": 0, - "scan_id": "console", - "severity_counters": { - "CRITICAL": 0, - "HIGH": 4, - "INFO": 3, - "LOW": 3, - "MEDIUM": 10, - "TRACE": 0 - }, - "total_counter": 20, - "total_bom_resources": 0, - "start": "2024-03-27T10:05:29.7492302Z", - "end": "2024-03-27T10:05:32.5244748Z", - "paths": [ - "/path/e2e/fixtures/samples/positive.yaml" - ], - "queries": [ - { - "query_name": "Fully Open Ingress", - "query_id": "e415f8d3-fc2b-4f52-88ab-1129e8c8d3f5", - "query_url": "https://docs.aws.amazon.com/AmazonECS/latest/developerguide/get-set-up-for-amazon-ecs.html#create-a-base-security-group", - "severity": "HIGH", - "platform": "CloudFormation", - "cloud_provider": "AWS", - "category": "Networking and Firewall", - "experimental": false, - "description": "ECS Service's security group should not allow unrestricted access to all ports from all IPv4 addresses", - "description_id": "747f49ac", - "files": [ - { - "file_name": "\\path\\e2e\\fixtures\\samples\\positive.yaml", - "similarity_id": "88653ab159ca0a15095afc685f98da24685fa547bb5f1ca7c95ef468f209387c", - "line": 24, - "resource_type": "AWS::EC2::SecurityGroupIngress", - "resource_name": "EcsSecurityGroupHTTPinbound02", - "issue_type": "IncorrectValue", - "search_key": "Resources.EcsSecurityGroupHTTPinbound02.Properties.CidrIp", - "search_line": -1, - "search_value": "", - "expected_value": "Resource name 'EcsSecurityGroupHTTPinbound02' of type 'AWS::EC2::SecurityGroupIngress' should not accept ingress connections from all IPv4 adresses and to all available ports", - "actual_value": "Resource name 'EcsSecurityGroupHTTPinbound02' of type 'AWS::EC2::SecurityGroupIngress' should not accept ingress connections from CIDR 0.0.0.0/0 to all available ports" - }, - { - "file_name": "\\path\\e2e\\fixtures\\samples\\positive.yaml", - "similarity_id": "5f39aa8e63613a7e8bfd7641ccfb931fa0225e95b3449bc1210b50329d65d713", - "line": 32, - "resource_type": "AWS::EC2::SecurityGroupIngress", - "resource_name": "EcsSecurityGroupSSHinbound", - "issue_type": "IncorrectValue", - "search_key": "Resources.EcsSecurityGroupSSHinbound.Properties.CidrIp", - "search_line": -1, - "search_value": "", - "expected_value": "Resource name 'EcsSecurityGroupSSHinbound' of type 'AWS::EC2::SecurityGroupIngress' should not accept ingress connections from all IPv4 adresses and to all available ports", - "actual_value": "Resource name 'EcsSecurityGroupSSHinbound' of type 'AWS::EC2::SecurityGroupIngress' should not accept ingress connections from CIDR 0.0.0.0/0 to all available ports" - } - ] - }, - { - "query_name": "Unrestricted Security Group Ingress", - "query_id": "4a1e6b34-1008-4e61-a5f2-1f7c276f8d14", - "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group-ingress.html", - "severity": "HIGH", - "platform": "CloudFormation", - "cloud_provider": "AWS", - "category": "Networking and Firewall", - "experimental": false, - "description": "AWS Security Group Ingress CIDR should not be open to the world", - "description_id": "08256d31", - "files": [ - { - "file_name": "\\path\\e2e\\fixtures\\samples\\positive.yaml", - "similarity_id": "f1f15967fd4bd2b39610dcbe3c2d641068dc1b409821142f41d179dbc360b3aa", - "line": 32, - "resource_type": "AWS::EC2::SecurityGroupIngress", - "resource_name": "EcsSecurityGroupSSHinbound", - "issue_type": "IncorrectValue", - "search_key": "Resources.EcsSecurityGroupSSHinbound.Properties.CidrIp", - "search_line": -1, - "search_value": "", - "expected_value": "Resources.EcsSecurityGroupSSHinbound.Properties.CidrIp should not be open to the world (0.0.0.0/0)", - "actual_value": "Resources.EcsSecurityGroupSSHinbound.Properties.CidrIp is open to the world (0.0.0.0/0)" - }, - { - "file_name": "\\path\\e2e\\fixtures\\samples\\positive.yaml", - "similarity_id": "3c4976bcd6061315525a23a644cb6ed3bc4888794f21e8161a1cd38ea0495f30", - "line": 24, - "resource_type": "AWS::EC2::SecurityGroupIngress", - "resource_name": "EcsSecurityGroupHTTPinbound02", - "issue_type": "IncorrectValue", - "search_key": "Resources.EcsSecurityGroupHTTPinbound02.Properties.CidrIp", - "search_line": -1, - "search_value": "", - "expected_value": "Resources.EcsSecurityGroupHTTPinbound02.Properties.CidrIp should not be open to the world (0.0.0.0/0)", - "actual_value": "Resources.EcsSecurityGroupHTTPinbound02.Properties.CidrIp is open to the world (0.0.0.0/0)" - } - ] - }, - { - "query_name": "ALB Is Not Integrated With WAF", - "query_id": "105ba098-1e34-48cd-b0f2-a8a43a51bf9b", - "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafregional-webaclassociation.html", - "severity": "MEDIUM", - "platform": "CloudFormation", - "cloud_provider": "AWS", - "category": "Networking and Firewall", - "experimental": false, - "description": "All Application Load Balancers (ALB) must be protected with Web Application Firewall (WAF) service", - "description_id": "2cad71a7", - "files": [ - { - "file_name": "\\path\\e2e\\fixtures\\samples\\positive.yaml", - "similarity_id": "d542c20ac3e6177847cf5a565ff82704a5b63ec87332191ded7baca361b611e8", - "line": 86, - "resource_type": "AWS::ElasticLoadBalancingV2::LoadBalancer", - "resource_name": "ECSALB", - "issue_type": "MissingAttribute", - "search_key": "Resources.ECSALB", - "search_line": -1, - "search_value": "", - "expected_value": "'Resources.ECSALB' should not have an 'internal' scheme and should have a 'WebACLAssociation' associated", - "actual_value": "'Resources.ECSALB' does not have an 'internal' scheme and a 'WebACLAssociation' associated" - } - ] - }, - { - "query_name": "ALB Listening on HTTP", - "query_id": "275a3217-ca37-40c1-a6cf-bb57d245ab32", - "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-elb-listener.html#cfn-ec2-elb-listener-protocol", - "severity": "MEDIUM", - "platform": "CloudFormation", - "cloud_provider": "AWS", - "category": "Networking and Firewall", - "experimental": false, - "description": "AWS Application Load Balancer (alb) should not listen on HTTP", - "description_id": "55f05412", - "files": [ - { - "file_name": "\\path\\e2e\\fixtures\\samples\\positive.yaml", - "similarity_id": "7d59e0095d8eda260b02394f129910d70d01b55dffb356780166354f9360d848", - "line": 104, - "resource_type": "AWS::ElasticLoadBalancingV2::Listener", - "resource_name": "ALBListener", - "issue_type": "IncorrectValue", - "search_key": "Resources.ALBListener.Properties.Protocol=HTTP", - "search_line": 104, - "search_value": "", - "expected_value": "'Resources.ALBListener.Protocol' should not equal to 'HTTP'", - "actual_value": "'Resources.ALBListener.Protocol' equals to 'HTTP'" - } - ] - }, - { - "query_name": "Auto Scaling Group With No Associated ELB", - "query_id": "ad21e616-5026-4b9d-990d-5b007bfe679c", - "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html", - "severity": "MEDIUM", - "platform": "CloudFormation", - "cloud_provider": "AWS", - "category": "Availability", - "experimental": false, - "description": "AWS Auto Scaling Groups must have associated ELBs to ensure high availability and improve application performance. This means the attribute 'LoadBalancerNames' must be defined and not empty.", - "description_id": "99966f58", - "files": [ - { - "file_name": "\\path\\e2e\\fixtures\\samples\\positive.yaml", - "similarity_id": "ef5069fb260b351100126334b0ba9b2776f480652d8d4f72c81f387d785d22d2", - "line": 131, - "resource_type": "AWS::AutoScaling::AutoScalingGroup", - "resource_name": "ECSAutoScalingGroup", - "issue_type": "MissingAttribute", - "search_key": "Resources.ECSAutoScalingGroup.Properties", - "search_line": -1, - "search_value": "", - "expected_value": "'Resources.ECSAutoScalingGroup.Properties.LoadBalancerNames' should be defined", - "actual_value": "'Resources.ECSAutoScalingGroup.Properties.LoadBalancerNames' is not defined" - } - ] - }, - { - "query_name": "ECS Task Definition Network Mode Not Recommended", - "query_id": "027a4b7a-8a59-4938-a04f-ed532512cf45", - "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-networkmode", - "severity": "MEDIUM", - "platform": "CloudFormation", - "cloud_provider": "AWS", - "category": "Insecure Configurations", - "experimental": false, - "description": "Network_Mode should be 'awsvpc' in ecs_task_definition. AWS VPCs provides the controls to facilitate a formal process for approving and testing all network connections and changes to the firewall and router configurations", - "description_id": "bded2e99", - "files": [ - { - "file_name": "\\path\\e2e\\fixtures\\samples\\positive.yaml", - "similarity_id": "dd2585b378b43193cc748c9f68b4c226b6face1e271f07f84dcb9113ff6f7446", - "line": 48, - "resource_type": "AWS::ECS::TaskDefinition", - "resource_name": "TaskDefinition", - "issue_type": "MissingAttribute", - "search_key": "Resources.TaskDefinition.Properties", - "search_line": -1, - "search_value": "", - "expected_value": "'Resources.TaskDefinition.Properties.NetworkMode' should be set and should be 'awsvpc'", - "actual_value": "'Resources.TaskDefinition.Properties.NetworkMode' is undefined and defaults to 'bridge'" - } - ] - }, - { - "query_name": "ELB With Security Group Without Inbound Rules", - "query_id": "e200a6f3-c589-49ec-9143-7421d4a2c845", - "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html#cfn-ec2-securitygroup-securitygroupingress", - "severity": "MEDIUM", - "platform": "CloudFormation", - "cloud_provider": "AWS", - "category": "Networking and Firewall", - "experimental": false, - "description": "An AWS Elastic Load Balancer (ELB) shouldn't have security groups without outbound rules", - "description_id": "3ccdd7d2", - "files": [ - { - "file_name": "\\path\\e2e\\fixtures\\samples\\positive.yaml", - "similarity_id": "d762780be8bebaa6b6bc6b6075a5dcee0edd37f639aa63061f29a13160eae116", - "line": 14, - "resource_type": "AWS::ElasticLoadBalancingV2::LoadBalancer", - "resource_name": "ECSALB", - "issue_type": "MissingAttribute", - "search_key": "Resources.EcsSecurityGroup.Properties", - "search_line": -1, - "search_value": "", - "expected_value": "'Resources.EcsSecurityGroup.Properties.SecurityGroupIngress' is defined", - "actual_value": "'Resources.EcsSecurityGroup.Properties.SecurityGroupIngress' is undefined" - } - ] - }, - { - "query_name": "ELB With Security Group Without Outbound Rules", - "query_id": "01d5a458-a6c4-452a-ac50-054d59275b7c", - "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html#cfn-ec2-securitygroup-securitygroupegress", - "severity": "MEDIUM", - "platform": "CloudFormation", - "cloud_provider": "AWS", - "category": "Networking and Firewall", - "experimental": false, - "description": "An AWS Elastic Load Balancer (ELB) shouldn't have security groups without outbound rules", - "description_id": "7b876844", - "files": [ - { - "file_name": "\\path\\e2e\\fixtures\\samples\\positive.yaml", - "similarity_id": "ee0915eb8433ec18c3f357c5eb0d243ce5c3a077e63e222230c4c0d7bf049416", - "line": 14, - "resource_type": "AWS::ElasticLoadBalancingV2::LoadBalancer", - "resource_name": "ECSALB", - "issue_type": "MissingAttribute", - "search_key": "Resources.EcsSecurityGroup.Properties", - "search_line": -1, - "search_value": "", - "expected_value": "'Resources.EcsSecurityGroup.Properties.SecurityGroupEgress' is defined", - "actual_value": "'Resources.EcsSecurityGroup.Properties.SecurityGroupEgress' is undefined" - } - ] - }, - { - "query_name": "Empty Roles For ECS Cluster Task Definitions", - "query_id": "7f384a5f-b5a2-4d84-8ca3-ee0a5247becb", - "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html", - "severity": "MEDIUM", - "platform": "CloudFormation", - "cloud_provider": "AWS", - "category": "Access Control", - "experimental": false, - "description": "Check if any ECS cluster has not defined proper roles for services' task definitions.", - "description_id": "b47b42b2", - "files": [ - { - "file_name": "\\path\\e2e\\fixtures\\samples\\positive.yaml", - "similarity_id": "cea2579f8b8eccc6008dcddba492fb4bd8802d0926f4cc33ae95b8a5f758d0e3", - "line": 167, - "resource_type": "AWS::ECS::Service", - "resource_name": "service", - "issue_type": "IncorrectValue", - "search_key": "Resources.service.Properties.TaskDefinition", - "search_line": -1, - "search_value": "", - "expected_value": "'Resources.service.Properties.TaskDefinition' refers to a TaskDefinition with Role", - "actual_value": "'Resources.service.Properties.TaskDefinition' does not refer to a TaskDefinition with Role" - } - ] - }, - { - "query_name": "Security Group Ingress With Port Range", - "query_id": "87482183-a8e7-4e42-a566-7a23ec231c16", - "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group-ingress.html", - "severity": "MEDIUM", - "platform": "CloudFormation", - "cloud_provider": "AWS", - "category": "Networking and Firewall", - "experimental": false, - "description": "AWS Security Group Ingress should have a single port", - "description_id": "5f2b65f3", - "files": [ - { - "file_name": "\\path\\e2e\\fixtures\\samples\\positive.yaml", - "similarity_id": "000056cd0b9697e13f2f4561f1963e34c58c042b921c4d0fad0f2fa5214374eb", - "line": 35, - "resource_type": "AWS::EC2::SecurityGroupIngress", - "resource_name": "EcsSecurityGroupALBports", - "issue_type": "IncorrectValue", - "search_key": "Resources.EcsSecurityGroupALBports.Properties", - "search_line": -1, - "search_value": "", - "expected_value": "Resources.EcsSecurityGroupALBports.Properties.FromPort should equal to Resources.EcsSecurityGroupALBports.Properties.ToPort", - "actual_value": "Resources.EcsSecurityGroupALBports.Properties.FromPort is not equal to Resources.EcsSecurityGroupALBports.Properties.ToPort" - }, - { - "file_name": "\\path\\e2e\\fixtures\\samples\\positive.yaml", - "similarity_id": "d60022e14f1b45c574f71c0f48b3fee882b471819597b770e3545988a8f5295a", - "line": 19, - "resource_type": "AWS::EC2::SecurityGroupIngress", - "resource_name": "EcsSecurityGroupHTTPinbound02", - "issue_type": "IncorrectValue", - "search_key": "Resources.EcsSecurityGroupHTTPinbound02.Properties", - "search_line": -1, - "search_value": "", - "expected_value": "Resources.EcsSecurityGroupHTTPinbound02.Properties.FromPort should equal to Resources.EcsSecurityGroupHTTPinbound02.Properties.ToPort", - "actual_value": "Resources.EcsSecurityGroupHTTPinbound02.Properties.FromPort is not equal to Resources.EcsSecurityGroupHTTPinbound02.Properties.ToPort" - }, - { - "file_name": "\\path\\e2e\\fixtures\\samples\\positive.yaml", - "similarity_id": "810487007189ac4de717dffc3204a05756e80e910b34f89ee08fd14f612328aa", - "line": 27, - "resource_type": "AWS::EC2::SecurityGroupIngress", - "resource_name": "EcsSecurityGroupSSHinbound", - "issue_type": "IncorrectValue", - "search_key": "Resources.EcsSecurityGroupSSHinbound.Properties", - "search_line": -1, - "search_value": "", - "expected_value": "Resources.EcsSecurityGroupSSHinbound.Properties.FromPort should equal to Resources.EcsSecurityGroupSSHinbound.Properties.ToPort", - "actual_value": "Resources.EcsSecurityGroupSSHinbound.Properties.FromPort is not equal to Resources.EcsSecurityGroupSSHinbound.Properties.ToPort" - } - ] - }, - { - "query_name": "ECS Service Without Running Tasks", - "query_id": "79d745f0-d5f3-46db-9504-bef73e9fd528", - "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-deploymentconfiguration", - "severity": "LOW", - "platform": "CloudFormation", - "cloud_provider": "AWS", - "category": "Availability", - "experimental": false, - "description": "ECS Service should have at least 1 task running", - "description_id": "cd242bdd", - "files": [ - { - "file_name": "\\path\\e2e\\fixtures\\samples\\positive.yaml", - "similarity_id": "5022c0ba8f17197cb6ef6163bf16e6dd8e13290b1d91192c61742bca491ff4f7", - "line": 159, - "resource_type": "AWS::ECS::Service", - "resource_name": "service", - "issue_type": "MissingAttribute", - "search_key": "Resources.service.Properties", - "search_line": -1, - "search_value": "", - "expected_value": "Resources.service.Properties.DeploymentConfiguration should be defined and not null", - "actual_value": "Resources.service.Properties.DeploymentConfiguration is undefined or null" - } - ] - }, - { - "query_name": "ECS Task Definition HealthCheck Missing", - "query_id": "d24389b4-b209-4ff0-8345-dc7a4569dcdd", - "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-healthcheck.html", - "severity": "LOW", - "platform": "CloudFormation", - "cloud_provider": "AWS", - "category": "Observability", - "experimental": false, - "description": "Amazon ECS must have the HealthCheck property defined to give more control over monitoring the health of tasks", - "description_id": "e2e3a50a", - "files": [ - { - "file_name": "\\path\\e2e\\fixtures\\samples\\positive.yaml", - "similarity_id": "7d931711c3ba34527d9a6660c82f06f4a2174812dcfbd69bb271187edec91a06", - "line": 51, - "resource_type": "AWS::ECS::TaskDefinition", - "resource_name": "TaskDefinition", - "issue_type": "MissingAttribute", - "search_key": "Resources.TaskDefinition.Properties.ContainerDefinitions", - "search_line": 51, - "search_value": "", - "expected_value": "'Resources.TaskDefinition.Properties.ContainerDefinitions' should contain 'HealthCheck' property", - "actual_value": "'Resources.TaskDefinition.Properties.ContainerDefinitions' doesn't contain 'HealthCheck' property" - }, - { - "file_name": "\\path\\e2e\\fixtures\\samples\\positive.yaml", - "similarity_id": "e08fb6aa0ab3e2ed98aa9d08d8813df89af2b0005acdbda809c86f4897715c78", - "line": 67, - "resource_type": "AWS::ECS::TaskDefinition", - "resource_name": "TaskDefinition", - "issue_type": "MissingAttribute", - "search_key": "Resources.TaskDefinition.Properties.ContainerDefinitions", - "search_line": 67, - "search_value": "", - "expected_value": "'Resources.TaskDefinition.Properties.ContainerDefinitions' should contain 'HealthCheck' property", - "actual_value": "'Resources.TaskDefinition.Properties.ContainerDefinitions' doesn't contain 'HealthCheck' property" - } - ] - }, - { - "query_name": "Security Group Rule Without Description", - "query_id": "5e6c9c68-8a82-408e-8749-ddad78cbb9c5", - "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html", - "severity": "INFO", - "platform": "CloudFormation", - "cloud_provider": "AWS", - "category": "Best Practices", - "experimental": false, - "description": "It's considered a best practice for AWS Security Group to have a description", - "description_id": "f7c62b11", - "files": [ - { - "file_name": "\\path\\e2e\\fixtures\\samples\\positive.yaml", - "similarity_id": "39fec612777f59fb4181dd2330ee465ec860c962acfebb07a4f1ee1f122d24e7", - "line": 35, - "resource_type": "AWS::EC2::SecurityGroupIngress", - "resource_name": "EcsSecurityGroupALBports", - "issue_type": "MissingAttribute", - "search_key": "Resources.EcsSecurityGroupALBports.Properties", - "search_line": -1, - "search_value": "", - "expected_value": "Resources.EcsSecurityGroupALBports.Properties.Description should be set", - "actual_value": "Resources.EcsSecurityGroupALBports.Properties.Description is undefined" - }, - { - "file_name": "\\path\\e2e\\fixtures\\samples\\positive.yaml", - "similarity_id": "95883c9f983adb8f547c54e24837b6aa402978a00417be98441514959d4171d4", - "line": 27, - "resource_type": "AWS::EC2::SecurityGroupIngress", - "resource_name": "EcsSecurityGroupSSHinbound", - "issue_type": "MissingAttribute", - "search_key": "Resources.EcsSecurityGroupSSHinbound.Properties", - "search_line": -1, - "search_value": "", - "expected_value": "Resources.EcsSecurityGroupSSHinbound.Properties.Description should be set", - "actual_value": "Resources.EcsSecurityGroupSSHinbound.Properties.Description is undefined" - }, - { - "file_name": "\\path\\e2e\\fixtures\\samples\\positive.yaml", - "similarity_id": "e96cf20cc6e1e11dce2d40d9e2b37446a00f00c3f541aa7dd13861059f6fcce8", - "line": 19, - "resource_type": "AWS::EC2::SecurityGroupIngress", - "resource_name": "EcsSecurityGroupHTTPinbound02", - "issue_type": "MissingAttribute", - "search_key": "Resources.EcsSecurityGroupHTTPinbound02.Properties", - "search_line": -1, - "search_value": "", - "expected_value": "Resources.EcsSecurityGroupHTTPinbound02.Properties.Description should be set", - "actual_value": "Resources.EcsSecurityGroupHTTPinbound02.Properties.Description is undefined" - } - ] - } - ] + "kics_version": "development", + "files_scanned": 1, + "lines_scanned": 289, + "files_parsed": 1, + "lines_parsed": 289, + "lines_ignored": 0, + "files_failed_to_scan": 0, + "queries_total": 13, + "queries_failed_to_execute": 0, + "queries_failed_to_compute_similarity_id": 0, + "scan_id": "console", + "severity_counters": { + "CRITICAL": 0, + "HIGH": 4, + "INFO": 3, + "LOW": 3, + "MEDIUM": 10, + "TRACE": 0 + }, + "total_counter": 20, + "total_bom_resources": 0, + "start": "2024-04-29T15:30:58.0266967+01:00", + "end": "2024-04-29T15:31:04.6979039+01:00", + "paths": [ + "/path/e2e/fixtures/samples/positive.yaml" + ], + "queries": [ + { + "query_name": "Fully Open Ingress", + "query_id": "e415f8d3-fc2b-4f52-88ab-1129e8c8d3f5", + "query_url": "https://docs.aws.amazon.com/AmazonECS/latest/developerguide/get-set-up-for-amazon-ecs.html#create-a-base-security-group", + "severity": "HIGH", + "platform": "CloudFormation", + "cloud_provider": "AWS", + "category": "Networking and Firewall", + "experimental": false, + "description": "ECS Service's security group should not allow unrestricted access to all ports from all IPv4 addresses", + "description_id": "747f49ac", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/positive.yaml", + "similarity_id": "88653ab159ca0a15095afc685f98da24685fa547bb5f1ca7c95ef468f209387c", + "line": 24, + "resource_type": "AWS::EC2::SecurityGroupIngress", + "resource_name": "EcsSecurityGroupHTTPinbound02", + "issue_type": "IncorrectValue", + "search_key": "Resources.EcsSecurityGroupHTTPinbound02.Properties.CidrIp", + "search_line": -1, + "search_value": "", + "expected_value": "Resource name 'EcsSecurityGroupHTTPinbound02' of type 'AWS::EC2::SecurityGroupIngress' should not accept ingress connections from all IPv4 adresses and to all available ports", + "actual_value": "Resource name 'EcsSecurityGroupHTTPinbound02' of type 'AWS::EC2::SecurityGroupIngress' should not accept ingress connections from CIDR 0.0.0.0/0 to all available ports" + }, + { + "file_name": "/path/e2e/fixtures/samples/positive.yaml", + "similarity_id": "5f39aa8e63613a7e8bfd7641ccfb931fa0225e95b3449bc1210b50329d65d713", + "line": 32, + "resource_type": "AWS::EC2::SecurityGroupIngress", + "resource_name": "EcsSecurityGroupSSHinbound", + "issue_type": "IncorrectValue", + "search_key": "Resources.EcsSecurityGroupSSHinbound.Properties.CidrIp", + "search_line": -1, + "search_value": "", + "expected_value": "Resource name 'EcsSecurityGroupSSHinbound' of type 'AWS::EC2::SecurityGroupIngress' should not accept ingress connections from all IPv4 adresses and to all available ports", + "actual_value": "Resource name 'EcsSecurityGroupSSHinbound' of type 'AWS::EC2::SecurityGroupIngress' should not accept ingress connections from CIDR 0.0.0.0/0 to all available ports" + } + ] + }, + { + "query_name": "Unrestricted Security Group Ingress", + "query_id": "4a1e6b34-1008-4e61-a5f2-1f7c276f8d14", + "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group-ingress.html", + "severity": "HIGH", + "platform": "CloudFormation", + "cloud_provider": "AWS", + "category": "Networking and Firewall", + "experimental": false, + "description": "AWS Security Group Ingress CIDR should not be open to the world", + "description_id": "08256d31", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/positive.yaml", + "similarity_id": "f1f15967fd4bd2b39610dcbe3c2d641068dc1b409821142f41d179dbc360b3aa", + "line": 32, + "resource_type": "AWS::EC2::SecurityGroupIngress", + "resource_name": "EcsSecurityGroupSSHinbound", + "issue_type": "IncorrectValue", + "search_key": "Resources.EcsSecurityGroupSSHinbound.Properties.CidrIp", + "search_line": -1, + "search_value": "", + "expected_value": "Resources.EcsSecurityGroupSSHinbound.Properties.CidrIp should not be open to the world (0.0.0.0/0)", + "actual_value": "Resources.EcsSecurityGroupSSHinbound.Properties.CidrIp is open to the world (0.0.0.0/0)" + }, + { + "file_name": "/path/e2e/fixtures/samples/positive.yaml", + "similarity_id": "3c4976bcd6061315525a23a644cb6ed3bc4888794f21e8161a1cd38ea0495f30", + "line": 24, + "resource_type": "AWS::EC2::SecurityGroupIngress", + "resource_name": "EcsSecurityGroupHTTPinbound02", + "issue_type": "IncorrectValue", + "search_key": "Resources.EcsSecurityGroupHTTPinbound02.Properties.CidrIp", + "search_line": -1, + "search_value": "", + "expected_value": "Resources.EcsSecurityGroupHTTPinbound02.Properties.CidrIp should not be open to the world (0.0.0.0/0)", + "actual_value": "Resources.EcsSecurityGroupHTTPinbound02.Properties.CidrIp is open to the world (0.0.0.0/0)" + } + ] + }, + { + "query_name": "ALB Is Not Integrated With WAF", + "query_id": "105ba098-1e34-48cd-b0f2-a8a43a51bf9b", + "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafregional-webaclassociation.html", + "severity": "MEDIUM", + "platform": "CloudFormation", + "cloud_provider": "AWS", + "category": "Networking and Firewall", + "experimental": false, + "description": "All Application Load Balancers (ALB) must be protected with Web Application Firewall (WAF) service", + "description_id": "2cad71a7", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/positive.yaml", + "similarity_id": "d542c20ac3e6177847cf5a565ff82704a5b63ec87332191ded7baca361b611e8", + "line": 86, + "resource_type": "AWS::ElasticLoadBalancingV2::LoadBalancer", + "resource_name": "ECSALB", + "issue_type": "MissingAttribute", + "search_key": "Resources.ECSALB", + "search_line": -1, + "search_value": "", + "expected_value": "'Resources.ECSALB' should not have an 'internal' scheme and should have a 'WebACLAssociation' associated", + "actual_value": "'Resources.ECSALB' does not have an 'internal' scheme and a 'WebACLAssociation' associated" + } + ] + }, + { + "query_name": "ALB Listening on HTTP", + "query_id": "275a3217-ca37-40c1-a6cf-bb57d245ab32", + "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-elb-listener.html#cfn-ec2-elb-listener-protocol", + "severity": "MEDIUM", + "platform": "CloudFormation", + "cloud_provider": "AWS", + "category": "Networking and Firewall", + "experimental": false, + "description": "AWS Application Load Balancer (alb) should not listen on HTTP", + "description_id": "55f05412", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/positive.yaml", + "similarity_id": "27c1aa11c215cb09ce1ad1e569a090d5bc80ca156c5bf81f3b52415dbd6608f0", + "line": 104, + "resource_type": "AWS::ElasticLoadBalancingV2::Listener", + "resource_name": "ALBListener", + "issue_type": "IncorrectValue", + "search_key": "Resources.ALBListener.Properties.Protocol=HTTP", + "search_line": 104, + "search_value": "", + "expected_value": "'Resources.ALBListener.Protocol' should not equal to 'HTTP'", + "actual_value": "'Resources.ALBListener.Protocol' equals to 'HTTP'" + } + ] + }, + { + "query_name": "Auto Scaling Group With No Associated ELB", + "query_id": "ad21e616-5026-4b9d-990d-5b007bfe679c", + "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html", + "severity": "MEDIUM", + "platform": "CloudFormation", + "cloud_provider": "AWS", + "category": "Availability", + "experimental": false, + "description": "AWS Auto Scaling Groups must have associated ELBs to ensure high availability and improve application performance. This means the attribute 'LoadBalancerNames' must be defined and not empty.", + "description_id": "99966f58", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/positive.yaml", + "similarity_id": "ef5069fb260b351100126334b0ba9b2776f480652d8d4f72c81f387d785d22d2", + "line": 131, + "resource_type": "AWS::AutoScaling::AutoScalingGroup", + "resource_name": "ECSAutoScalingGroup", + "issue_type": "MissingAttribute", + "search_key": "Resources.ECSAutoScalingGroup.Properties", + "search_line": -1, + "search_value": "", + "expected_value": "'Resources.ECSAutoScalingGroup.Properties.LoadBalancerNames' should be defined", + "actual_value": "'Resources.ECSAutoScalingGroup.Properties.LoadBalancerNames' is not defined" + } + ] + }, + { + "query_name": "ECS Task Definition Network Mode Not Recommended", + "query_id": "027a4b7a-8a59-4938-a04f-ed532512cf45", + "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-networkmode", + "severity": "MEDIUM", + "platform": "CloudFormation", + "cloud_provider": "AWS", + "category": "Insecure Configurations", + "experimental": false, + "description": "Network_Mode should be 'awsvpc' in ecs_task_definition. AWS VPCs provides the controls to facilitate a formal process for approving and testing all network connections and changes to the firewall and router configurations", + "description_id": "bded2e99", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/positive.yaml", + "similarity_id": "dd2585b378b43193cc748c9f68b4c226b6face1e271f07f84dcb9113ff6f7446", + "line": 48, + "resource_type": "AWS::ECS::TaskDefinition", + "resource_name": "TaskDefinition", + "issue_type": "MissingAttribute", + "search_key": "Resources.TaskDefinition.Properties", + "search_line": -1, + "search_value": "", + "expected_value": "'Resources.TaskDefinition.Properties.NetworkMode' should be set and should be 'awsvpc'", + "actual_value": "'Resources.TaskDefinition.Properties.NetworkMode' is undefined and defaults to 'bridge'" + } + ] + }, + { + "query_name": "ELB With Security Group Without Inbound Rules", + "query_id": "e200a6f3-c589-49ec-9143-7421d4a2c845", + "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html#cfn-ec2-securitygroup-securitygroupingress", + "severity": "MEDIUM", + "platform": "CloudFormation", + "cloud_provider": "AWS", + "category": "Networking and Firewall", + "experimental": false, + "description": "An AWS Elastic Load Balancer (ELB) shouldn't have security groups without outbound rules", + "description_id": "3ccdd7d2", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/positive.yaml", + "similarity_id": "d762780be8bebaa6b6bc6b6075a5dcee0edd37f639aa63061f29a13160eae116", + "line": 14, + "resource_type": "AWS::ElasticLoadBalancingV2::LoadBalancer", + "resource_name": "ECSALB", + "issue_type": "MissingAttribute", + "search_key": "Resources.EcsSecurityGroup.Properties", + "search_line": -1, + "search_value": "", + "expected_value": "'Resources.EcsSecurityGroup.Properties.SecurityGroupIngress' is defined", + "actual_value": "'Resources.EcsSecurityGroup.Properties.SecurityGroupIngress' is undefined" + } + ] + }, + { + "query_name": "ELB With Security Group Without Outbound Rules", + "query_id": "01d5a458-a6c4-452a-ac50-054d59275b7c", + "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html#cfn-ec2-securitygroup-securitygroupegress", + "severity": "MEDIUM", + "platform": "CloudFormation", + "cloud_provider": "AWS", + "category": "Networking and Firewall", + "experimental": false, + "description": "An AWS Elastic Load Balancer (ELB) shouldn't have security groups without outbound rules", + "description_id": "7b876844", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/positive.yaml", + "similarity_id": "ee0915eb8433ec18c3f357c5eb0d243ce5c3a077e63e222230c4c0d7bf049416", + "line": 14, + "resource_type": "AWS::ElasticLoadBalancingV2::LoadBalancer", + "resource_name": "ECSALB", + "issue_type": "MissingAttribute", + "search_key": "Resources.EcsSecurityGroup.Properties", + "search_line": -1, + "search_value": "", + "expected_value": "'Resources.EcsSecurityGroup.Properties.SecurityGroupEgress' is defined", + "actual_value": "'Resources.EcsSecurityGroup.Properties.SecurityGroupEgress' is undefined" + } + ] + }, + { + "query_name": "Empty Roles For ECS Cluster Task Definitions", + "query_id": "7f384a5f-b5a2-4d84-8ca3-ee0a5247becb", + "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html", + "severity": "MEDIUM", + "platform": "CloudFormation", + "cloud_provider": "AWS", + "category": "Access Control", + "experimental": false, + "description": "Check if any ECS cluster has not defined proper roles for services' task definitions.", + "description_id": "b47b42b2", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/positive.yaml", + "similarity_id": "cea2579f8b8eccc6008dcddba492fb4bd8802d0926f4cc33ae95b8a5f758d0e3", + "line": 167, + "resource_type": "AWS::ECS::Service", + "resource_name": "service", + "issue_type": "IncorrectValue", + "search_key": "Resources.service.Properties.TaskDefinition", + "search_line": -1, + "search_value": "", + "expected_value": "'Resources.service.Properties.TaskDefinition' refers to a TaskDefinition with Role", + "actual_value": "'Resources.service.Properties.TaskDefinition' does not refer to a TaskDefinition with Role" + } + ] + }, + { + "query_name": "Security Group Ingress With Port Range", + "query_id": "87482183-a8e7-4e42-a566-7a23ec231c16", + "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group-ingress.html", + "severity": "MEDIUM", + "platform": "CloudFormation", + "cloud_provider": "AWS", + "category": "Networking and Firewall", + "experimental": false, + "description": "AWS Security Group Ingress should have a single port", + "description_id": "5f2b65f3", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/positive.yaml", + "similarity_id": "d60022e14f1b45c574f71c0f48b3fee882b471819597b770e3545988a8f5295a", + "line": 19, + "resource_type": "AWS::EC2::SecurityGroupIngress", + "resource_name": "EcsSecurityGroupHTTPinbound02", + "issue_type": "IncorrectValue", + "search_key": "Resources.EcsSecurityGroupHTTPinbound02.Properties", + "search_line": -1, + "search_value": "", + "expected_value": "Resources.EcsSecurityGroupHTTPinbound02.Properties.FromPort should equal to Resources.EcsSecurityGroupHTTPinbound02.Properties.ToPort", + "actual_value": "Resources.EcsSecurityGroupHTTPinbound02.Properties.FromPort is not equal to Resources.EcsSecurityGroupHTTPinbound02.Properties.ToPort" + }, + { + "file_name": "/path/e2e/fixtures/samples/positive.yaml", + "similarity_id": "000056cd0b9697e13f2f4561f1963e34c58c042b921c4d0fad0f2fa5214374eb", + "line": 35, + "resource_type": "AWS::EC2::SecurityGroupIngress", + "resource_name": "EcsSecurityGroupALBports", + "issue_type": "IncorrectValue", + "search_key": "Resources.EcsSecurityGroupALBports.Properties", + "search_line": -1, + "search_value": "", + "expected_value": "Resources.EcsSecurityGroupALBports.Properties.FromPort should equal to Resources.EcsSecurityGroupALBports.Properties.ToPort", + "actual_value": "Resources.EcsSecurityGroupALBports.Properties.FromPort is not equal to Resources.EcsSecurityGroupALBports.Properties.ToPort" + }, + { + "file_name": "/path/e2e/fixtures/samples/positive.yaml", + "similarity_id": "810487007189ac4de717dffc3204a05756e80e910b34f89ee08fd14f612328aa", + "line": 27, + "resource_type": "AWS::EC2::SecurityGroupIngress", + "resource_name": "EcsSecurityGroupSSHinbound", + "issue_type": "IncorrectValue", + "search_key": "Resources.EcsSecurityGroupSSHinbound.Properties", + "search_line": -1, + "search_value": "", + "expected_value": "Resources.EcsSecurityGroupSSHinbound.Properties.FromPort should equal to Resources.EcsSecurityGroupSSHinbound.Properties.ToPort", + "actual_value": "Resources.EcsSecurityGroupSSHinbound.Properties.FromPort is not equal to Resources.EcsSecurityGroupSSHinbound.Properties.ToPort" + } + ] + }, + { + "query_name": "ECS Service Without Running Tasks", + "query_id": "79d745f0-d5f3-46db-9504-bef73e9fd528", + "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-deploymentconfiguration", + "severity": "LOW", + "platform": "CloudFormation", + "cloud_provider": "AWS", + "category": "Availability", + "experimental": false, + "description": "ECS Service should have at least 1 task running", + "description_id": "cd242bdd", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/positive.yaml", + "similarity_id": "5022c0ba8f17197cb6ef6163bf16e6dd8e13290b1d91192c61742bca491ff4f7", + "line": 159, + "resource_type": "AWS::ECS::Service", + "resource_name": "service", + "issue_type": "MissingAttribute", + "search_key": "Resources.service.Properties", + "search_line": -1, + "search_value": "", + "expected_value": "Resources.service.Properties.DeploymentConfiguration should be defined and not null", + "actual_value": "Resources.service.Properties.DeploymentConfiguration is undefined or null" + } + ] + }, + { + "query_name": "ECS Task Definition HealthCheck Missing", + "query_id": "d24389b4-b209-4ff0-8345-dc7a4569dcdd", + "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-healthcheck.html", + "severity": "LOW", + "platform": "CloudFormation", + "cloud_provider": "AWS", + "category": "Observability", + "experimental": false, + "description": "Amazon ECS must have the HealthCheck property defined to give more control over monitoring the health of tasks", + "description_id": "e2e3a50a", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/positive.yaml", + "similarity_id": "8cd0c1d85f668baacc2d37b0037e026fc5d62761f353dd314942b227afd41c43", + "line": 115, + "resource_type": "AWS::ECS::TaskDefinition", + "resource_name": "TaskDefinition", + "issue_type": "MissingAttribute", + "search_key": "Resources.TaskDefinition.Properties.ContainerDefinitions.1.Name=busybox", + "search_line": -1, + "search_value": "", + "expected_value": "'Resources.TaskDefinition.Properties.ContainerDefinitions' should contain 'HealthCheck' property", + "actual_value": "'Resources.TaskDefinition.Properties.ContainerDefinitions' doesn't contain 'HealthCheck' property" + }, + { + "file_name": "/path/e2e/fixtures/samples/positive.yaml", + "similarity_id": "1a3083ecb6510696d2224f736fbb492fc716b17b4061a0750af6f6e7cfbd6cd2", + "line": 207, + "resource_type": "AWS::ECS::TaskDefinition", + "resource_name": "TaskDefinition", + "issue_type": "MissingAttribute", + "search_key": "Resources.TaskDefinition.Properties.ContainerDefinitions.0.Name=simple-app", + "search_line": -1, + "search_value": "", + "expected_value": "'Resources.TaskDefinition.Properties.ContainerDefinitions' should contain 'HealthCheck' property", + "actual_value": "'Resources.TaskDefinition.Properties.ContainerDefinitions' doesn't contain 'HealthCheck' property" + } + ] + }, + { + "query_name": "Security Group Rule Without Description", + "query_id": "5e6c9c68-8a82-408e-8749-ddad78cbb9c5", + "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html", + "severity": "INFO", + "platform": "CloudFormation", + "cloud_provider": "AWS", + "category": "Best Practices", + "experimental": false, + "description": "It's considered a best practice for AWS Security Group to have a description", + "description_id": "f7c62b11", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/positive.yaml", + "similarity_id": "e96cf20cc6e1e11dce2d40d9e2b37446a00f00c3f541aa7dd13861059f6fcce8", + "line": 19, + "resource_type": "AWS::EC2::SecurityGroupIngress", + "resource_name": "EcsSecurityGroupHTTPinbound02", + "issue_type": "MissingAttribute", + "search_key": "Resources.EcsSecurityGroupHTTPinbound02.Properties", + "search_line": -1, + "search_value": "", + "expected_value": "Resources.EcsSecurityGroupHTTPinbound02.Properties.Description should be set", + "actual_value": "Resources.EcsSecurityGroupHTTPinbound02.Properties.Description is undefined" + }, + { + "file_name": "/path/e2e/fixtures/samples/positive.yaml", + "similarity_id": "95883c9f983adb8f547c54e24837b6aa402978a00417be98441514959d4171d4", + "line": 27, + "resource_type": "AWS::EC2::SecurityGroupIngress", + "resource_name": "EcsSecurityGroupSSHinbound", + "issue_type": "MissingAttribute", + "search_key": "Resources.EcsSecurityGroupSSHinbound.Properties", + "search_line": -1, + "search_value": "", + "expected_value": "Resources.EcsSecurityGroupSSHinbound.Properties.Description should be set", + "actual_value": "Resources.EcsSecurityGroupSSHinbound.Properties.Description is undefined" + }, + { + "file_name": "/path/e2e/fixtures/samples/positive.yaml", + "similarity_id": "39fec612777f59fb4181dd2330ee465ec860c962acfebb07a4f1ee1f122d24e7", + "line": 35, + "resource_type": "AWS::EC2::SecurityGroupIngress", + "resource_name": "EcsSecurityGroupALBports", + "issue_type": "MissingAttribute", + "search_key": "Resources.EcsSecurityGroupALBports.Properties", + "search_line": -1, + "search_value": "", + "expected_value": "Resources.EcsSecurityGroupALBports.Properties.Description should be set", + "actual_value": "Resources.EcsSecurityGroupALBports.Properties.Description is undefined" + } + ] + } + ] } diff --git a/e2e/fixtures/E2E_CLI_036_RESULT_2.json b/e2e/fixtures/E2E_CLI_036_RESULT_2.json index 560f4a6579d..b7c73f9d331 100644 --- a/e2e/fixtures/E2E_CLI_036_RESULT_2.json +++ b/e2e/fixtures/E2E_CLI_036_RESULT_2.json @@ -1,83 +1,83 @@ { - "kics_version": "development", - "files_scanned": 1, - "lines_scanned": 289, - "files_parsed": 1, - "lines_parsed": 289, - "lines_ignored": 0, - "files_failed_to_scan": 0, - "queries_total": 1, - "queries_failed_to_execute": 0, - "queries_failed_to_compute_similarity_id": 0, - "scan_id": "console", - "severity_counters": { - "CRITICAL": 0, - "HIGH": 0, - "INFO": 0, - "LOW": 0, - "MEDIUM": 3, - "TRACE": 0 - }, - "total_counter": 3, - "total_bom_resources": 0, - "start": "2023-06-29T12:20:35.085794+01:00", - "end": "2023-06-29T12:20:40.0129014+01:00", - "paths": [ - "/path/e2e/fixtures/samples/positive.yaml" - ], - "queries": [ - { - "query_name": "Security Group Ingress With Port Range", - "query_id": "87482183-a8e7-4e42-a566-7a23ec231c16", - "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group-ingress.html", - "severity": "MEDIUM", - "platform": "CloudFormation", - "cloud_provider": "AWS", - "category": "Networking and Firewall", + "kics_version": "development", + "files_scanned": 1, + "lines_scanned": 289, + "files_parsed": 1, + "lines_parsed": 289, + "lines_ignored": 0, + "files_failed_to_scan": 0, + "queries_total": 1, + "queries_failed_to_execute": 0, + "queries_failed_to_compute_similarity_id": 0, + "scan_id": "console", + "severity_counters": { + "CRITICAL": 0, + "HIGH": 0, + "INFO": 0, + "LOW": 0, + "MEDIUM": 3, + "TRACE": 0 + }, + "total_counter": 3, + "total_bom_resources": 0, + "start": "2024-04-29T15:30:58.0337669+01:00", + "end": "2024-04-29T15:31:04.8370804+01:00", + "paths": [ + "/path/e2e/fixtures/samples/positive.yaml" + ], + "queries": [ + { + "query_name": "Security Group Ingress With Port Range", + "query_id": "87482183-a8e7-4e42-a566-7a23ec231c16", + "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group-ingress.html", + "severity": "MEDIUM", + "platform": "CloudFormation", + "cloud_provider": "AWS", + "category": "Networking and Firewall", "experimental": false, - "description": "AWS Security Group Ingress should have a single port", - "description_id": "5f2b65f3", - "files": [ - { - "file_name": "path\\e2e\\fixtures\\samples\\positive.yaml", - "similarity_id": "000056cd0b9697e13f2f4561f1963e34c58c042b921c4d0fad0f2fa5214374eb", - "line": 35, - "resource_type": "AWS::EC2::SecurityGroupIngress", - "resource_name": "EcsSecurityGroupALBports", - "issue_type": "IncorrectValue", - "search_key": "Resources.EcsSecurityGroupALBports.Properties", - "search_line": -1, - "search_value": "", - "expected_value": "Resources.EcsSecurityGroupALBports.Properties.FromPort should equal to Resources.EcsSecurityGroupALBports.Properties.ToPort", - "actual_value": "Resources.EcsSecurityGroupALBports.Properties.FromPort is not equal to Resources.EcsSecurityGroupALBports.Properties.ToPort" - }, - { - "file_name": "path\\e2e\\fixtures\\samples\\positive.yaml", - "similarity_id": "d60022e14f1b45c574f71c0f48b3fee882b471819597b770e3545988a8f5295a", - "line": 19, - "resource_type": "AWS::EC2::SecurityGroupIngress", - "resource_name": "EcsSecurityGroupHTTPinbound02", - "issue_type": "IncorrectValue", - "search_key": "Resources.EcsSecurityGroupHTTPinbound02.Properties", - "search_line": -1, - "search_value": "", - "expected_value": "Resources.EcsSecurityGroupHTTPinbound02.Properties.FromPort should equal to Resources.EcsSecurityGroupHTTPinbound02.Properties.ToPort", - "actual_value": "Resources.EcsSecurityGroupHTTPinbound02.Properties.FromPort is not equal to Resources.EcsSecurityGroupHTTPinbound02.Properties.ToPort" - }, - { - "file_name": "path\\e2e\\fixtures\\samples\\positive.yaml", - "similarity_id": "810487007189ac4de717dffc3204a05756e80e910b34f89ee08fd14f612328aa", - "line": 27, - "resource_type": "AWS::EC2::SecurityGroupIngress", - "resource_name": "EcsSecurityGroupSSHinbound", - "issue_type": "IncorrectValue", - "search_key": "Resources.EcsSecurityGroupSSHinbound.Properties", - "search_line": -1, - "search_value": "", - "expected_value": "Resources.EcsSecurityGroupSSHinbound.Properties.FromPort should equal to Resources.EcsSecurityGroupSSHinbound.Properties.ToPort", - "actual_value": "Resources.EcsSecurityGroupSSHinbound.Properties.FromPort is not equal to Resources.EcsSecurityGroupSSHinbound.Properties.ToPort" - } - ] - } - ] + "description": "AWS Security Group Ingress should have a single port", + "description_id": "5f2b65f3", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/positive.yaml", + "similarity_id": "810487007189ac4de717dffc3204a05756e80e910b34f89ee08fd14f612328aa", + "line": 27, + "resource_type": "AWS::EC2::SecurityGroupIngress", + "resource_name": "EcsSecurityGroupSSHinbound", + "issue_type": "IncorrectValue", + "search_key": "Resources.EcsSecurityGroupSSHinbound.Properties", + "search_line": -1, + "search_value": "", + "expected_value": "Resources.EcsSecurityGroupSSHinbound.Properties.FromPort should equal to Resources.EcsSecurityGroupSSHinbound.Properties.ToPort", + "actual_value": "Resources.EcsSecurityGroupSSHinbound.Properties.FromPort is not equal to Resources.EcsSecurityGroupSSHinbound.Properties.ToPort" + }, + { + "file_name": "/path/e2e/fixtures/samples/positive.yaml", + "similarity_id": "000056cd0b9697e13f2f4561f1963e34c58c042b921c4d0fad0f2fa5214374eb", + "line": 35, + "resource_type": "AWS::EC2::SecurityGroupIngress", + "resource_name": "EcsSecurityGroupALBports", + "issue_type": "IncorrectValue", + "search_key": "Resources.EcsSecurityGroupALBports.Properties", + "search_line": -1, + "search_value": "", + "expected_value": "Resources.EcsSecurityGroupALBports.Properties.FromPort should equal to Resources.EcsSecurityGroupALBports.Properties.ToPort", + "actual_value": "Resources.EcsSecurityGroupALBports.Properties.FromPort is not equal to Resources.EcsSecurityGroupALBports.Properties.ToPort" + }, + { + "file_name": "/path/e2e/fixtures/samples/positive.yaml", + "similarity_id": "d60022e14f1b45c574f71c0f48b3fee882b471819597b770e3545988a8f5295a", + "line": 19, + "resource_type": "AWS::EC2::SecurityGroupIngress", + "resource_name": "EcsSecurityGroupHTTPinbound02", + "issue_type": "IncorrectValue", + "search_key": "Resources.EcsSecurityGroupHTTPinbound02.Properties", + "search_line": -1, + "search_value": "", + "expected_value": "Resources.EcsSecurityGroupHTTPinbound02.Properties.FromPort should equal to Resources.EcsSecurityGroupHTTPinbound02.Properties.ToPort", + "actual_value": "Resources.EcsSecurityGroupHTTPinbound02.Properties.FromPort is not equal to Resources.EcsSecurityGroupHTTPinbound02.Properties.ToPort" + } + ] + } + ] } diff --git a/e2e/fixtures/E2E_CLI_069_RESULT.json b/e2e/fixtures/E2E_CLI_069_RESULT.json index a58d35344b4..343b17e6df4 100644 --- a/e2e/fixtures/E2E_CLI_069_RESULT.json +++ b/e2e/fixtures/E2E_CLI_069_RESULT.json @@ -41,7 +41,7 @@ "files": [ { "file_name": "path\\test\\fixtures\\experimental_test\\sample\\sample.tf", - "similarity_id": "32a6747d15f909ebe86d171c563878dd7e06dfb2f9ec1b569ef46e810860f27a", + "similarity_id": "2619cc4f607dcb69649da24e4581e56a4370894fc415f584424255db7277a670", "line": 4, "resource_type": "aws_elasticache_cluster", "resource_name": "cluster-example", diff --git a/e2e/fixtures/E2E_CLI_070_RESULT.json b/e2e/fixtures/E2E_CLI_070_RESULT.json index 98a4271c409..9df29e2881f 100644 --- a/e2e/fixtures/E2E_CLI_070_RESULT.json +++ b/e2e/fixtures/E2E_CLI_070_RESULT.json @@ -41,7 +41,7 @@ "files": [ { "file_name": "path\\test\\fixtures\\experimental_test\\sample\\sample.tf", - "similarity_id": "4e651f5c005de96ab66f25419b1f160d9e0eecae83181edfcd1b72b3afbe9f69", + "similarity_id": "01678051e13de3529caccc5806d9f47e1a37fc60a3c3260c8ef51c9eb0b12b62", "line": 4, "resource_type": "aws_elasticache_cluster", "resource_name": "cluster-example", @@ -70,7 +70,7 @@ "files": [ { "file_name": "path\\test\\fixtures\\experimental_test\\sample\\sample.tf", - "similarity_id": "32a6747d15f909ebe86d171c563878dd7e06dfb2f9ec1b569ef46e810860f27a", + "similarity_id": "2619cc4f607dcb69649da24e4581e56a4370894fc415f584424255db7277a670", "line": 4, "resource_type": "aws_elasticache_cluster", "resource_name": "cluster-example", diff --git a/e2e/fixtures/E2E_CLI_072_RESULT.json b/e2e/fixtures/E2E_CLI_072_RESULT.json index e15b47ecba6..9623692c860 100644 --- a/e2e/fixtures/E2E_CLI_072_RESULT.json +++ b/e2e/fixtures/E2E_CLI_072_RESULT.json @@ -1,100 +1,100 @@ { - "kics_version": "development", - "files_scanned": 1, - "lines_scanned": 50, - "files_parsed": 1, - "lines_parsed": 55, - "lines_ignored": 0, - "files_failed_to_scan": 0, - "queries_total": 17, - "queries_failed_to_execute": 0, - "queries_failed_to_compute_similarity_id": 0, - "scan_id": "console", - "severity_counters": { - "CRITICAL": 0, - "HIGH": 0, - "INFO": 1, - "LOW": 3, - "MEDIUM": 0, - "TRACE": 0 - }, - "total_counter": 4, - "total_bom_resources": 0, - "start": "2024-04-04T09:11:37.4243245+01:00", - "end": "2024-04-04T09:11:38.6566014+01:00", - "paths": [ - "/path/test/fixtures/resolve_references" - ], - "queries": [ - { - "query_name": "Response Code Missing (v3)", - "query_id": "6c35d2c6-09f2-4e5c-a094-e0e91327071d", - "query_url": "https://swagger.io/specification/#operation-object", - "severity": "LOW", - "platform": "OpenAPI", - "category": "Networking and Firewall", - "experimental": false, - "description": "500, 429 and 400 responses should be defined for all operations, except head operation. 415 response should be defined for the post, put, and patch operations. 404 response should be defined for the get, put, head, delete operations. 200 response should be defined for options operation. 401 and 403 response should be defined for all operations when the security field is defined.", - "description_id": "dbf15009", - "files": [ - { - "file_name": "/path/test/fixtures/resolve_references/swagger.yaml", - "similarity_id": "21b4b94761ab17c403b6455c8b88f295729ed9e98fd3101b2bb5cf5373fba1e6", - "line": 14, - "issue_type": "MissingAttribute", - "search_key": "paths.{{/users/{userId}}}.$ref=./paths/users/user.yaml", - "search_line": 0, - "search_value": "429 response", - "expected_value": "429 response should be set", - "actual_value": "429 response is undefined" - }, - { - "file_name": "/path/test/fixtures/resolve_references/swagger.yaml", - "similarity_id": "22e82edb39085e8787d853eed386b45f1774e7bbf7e1f08ed9662c33cd69d883", - "line": 14, - "issue_type": "MissingAttribute", - "search_key": "paths.{{/users/{userId}}}.$ref=./paths/users/user.yaml", - "search_line": 0, - "search_value": "500 response", - "expected_value": "500 response should be set", - "actual_value": "500 response is undefined" - }, - { - "file_name": "/path/test/fixtures/resolve_references/swagger.yaml", - "similarity_id": "0e9d0a90c2069babcc7d07b581105ebda5dba82dc83c0ef588103f8805662c8c", - "line": 14, - "issue_type": "MissingAttribute", - "search_key": "paths.{{/users/{userId}}}.$ref=./paths/users/user.yaml", - "search_line": 0, - "search_value": "400 response", - "expected_value": "400 response should be set", - "actual_value": "400 response is undefined" - } - ] - }, - { - "query_name": "Components Schema Definition Is Unused", - "query_id": "962fa01e-b791-4dcc-b04a-4a3e7389be5e", - "query_url": "https://swagger.io/specification/#components-object", - "severity": "INFO", - "platform": "OpenAPI", - "category": "Best Practices", - "experimental": false, - "description": "Components schemas definitions should be referenced or removed from Open API definition", - "description_id": "5cdc0f3b", - "files": [ - { - "file_name": "/path/test/fixtures/resolve_references/swagger.yaml", - "similarity_id": "ff39e561509c13315ce34a0be602a974d63231b70cb5cdf778109e062302f8eb", - "line": 17, - "issue_type": "IncorrectValue", - "search_key": "components.schemas.{{MyResponse}}", - "search_line": 0, - "search_value": "", - "expected_value": "Schema should be used as reference somewhere", - "actual_value": "Schema is not used as reference" - } - ] - } - ] + "kics_version": "development", + "files_scanned": 1, + "lines_scanned": 50, + "files_parsed": 1, + "lines_parsed": 55, + "lines_ignored": 0, + "files_failed_to_scan": 0, + "queries_total": 17, + "queries_failed_to_execute": 0, + "queries_failed_to_compute_similarity_id": 0, + "scan_id": "console", + "severity_counters": { + "CRITICAL": 0, + "HIGH": 0, + "INFO": 1, + "LOW": 3, + "MEDIUM": 0, + "TRACE": 0 + }, + "total_counter": 4, + "total_bom_resources": 0, + "start": "2024-04-05T10:49:18.3098326+01:00", + "end": "2024-04-05T10:49:23.7038417+01:00", + "paths": [ + "/path/test/fixtures/resolve_references" + ], + "queries": [ + { + "query_name": "Response Code Missing (v3)", + "query_id": "6c35d2c6-09f2-4e5c-a094-e0e91327071d", + "query_url": "https://swagger.io/specification/#operation-object", + "severity": "LOW", + "platform": "OpenAPI", + "category": "Networking and Firewall", + "experimental": false, + "description": "500, 429 and 400 responses should be defined for all operations, except head operation. 415 response should be defined for the post, put, and patch operations. 404 response should be defined for the get, put, head, delete operations. 200 response should be defined for options operation. 401 and 403 response should be defined for all operations when the security field is defined.", + "description_id": "dbf15009", + "files": [ + { + "file_name": "/path/test/fixtures/resolve_references/swagger.yaml", + "similarity_id": "21b4b94761ab17c403b6455c8b88f295729ed9e98fd3101b2bb5cf5373fba1e6", + "line": 14, + "issue_type": "MissingAttribute", + "search_key": "paths.{{/users/{userId}}}.$ref=./paths/users/user.yaml", + "search_line": 0, + "search_value": "429 response", + "expected_value": "429 response should be set", + "actual_value": "429 response is undefined" + }, + { + "file_name": "/path/test/fixtures/resolve_references/swagger.yaml", + "similarity_id": "22e82edb39085e8787d853eed386b45f1774e7bbf7e1f08ed9662c33cd69d883", + "line": 14, + "issue_type": "MissingAttribute", + "search_key": "paths.{{/users/{userId}}}.$ref=./paths/users/user.yaml", + "search_line": 0, + "search_value": "500 response", + "expected_value": "500 response should be set", + "actual_value": "500 response is undefined" + }, + { + "file_name": "/path/test/fixtures/resolve_references/swagger.yaml", + "similarity_id": "0e9d0a90c2069babcc7d07b581105ebda5dba82dc83c0ef588103f8805662c8c", + "line": 14, + "issue_type": "MissingAttribute", + "search_key": "paths.{{/users/{userId}}}.$ref=./paths/users/user.yaml", + "search_line": 0, + "search_value": "400 response", + "expected_value": "400 response should be set", + "actual_value": "400 response is undefined" + } + ] + }, + { + "query_name": "Components Schema Definition Is Unused", + "query_id": "962fa01e-b791-4dcc-b04a-4a3e7389be5e", + "query_url": "https://swagger.io/specification/#components-object", + "severity": "INFO", + "platform": "OpenAPI", + "category": "Best Practices", + "experimental": false, + "description": "Components schemas definitions should be referenced or removed from Open API definition", + "description_id": "5cdc0f3b", + "files": [ + { + "file_name": "/path/test/fixtures/resolve_references/swagger.yaml", + "similarity_id": "ff39e561509c13315ce34a0be602a974d63231b70cb5cdf778109e062302f8eb", + "line": 17, + "issue_type": "IncorrectValue", + "search_key": "components.schemas.{{MyResponse}}", + "search_line": 0, + "search_value": "", + "expected_value": "Schema should be used as reference somewhere", + "actual_value": "Schema is not used as reference" + } + ] + } + ] } diff --git a/e2e/fixtures/E2E_CLI_074_RESULT.json b/e2e/fixtures/E2E_CLI_074_RESULT.json index b9e65f99183..8b892c5c50a 100644 --- a/e2e/fixtures/E2E_CLI_074_RESULT.json +++ b/e2e/fixtures/E2E_CLI_074_RESULT.json @@ -1,846 +1,846 @@ { - "kics_version": "development", - "files_scanned": 1, - "lines_scanned": 633, - "files_parsed": 1, - "lines_parsed": 909, - "lines_ignored": 0, - "files_failed_to_scan": 0, - "queries_total": 1, - "queries_failed_to_execute": 0, - "queries_failed_to_compute_similarity_id": 0, - "scan_id": "console", - "severity_counters": { - "CRITICAL": 0, - "HIGH": 0, - "INFO": 73, - "LOW": 0, - "MEDIUM": 0, - "TRACE": 0 - }, - "total_counter": 73, - "total_bom_resources": 0, - "start": "2023-11-11T21:07:30.1876667Z", - "end": "2023-11-11T21:07:32.1639213Z", - "paths": [ - "/path/test/fixtures/resolve_references_json" - ], - "queries": [ - { - "query_name": "Property Not Unique", - "query_id": "750b40be-4bac-4f59-bdc4-1ca0e6c3450e", - "query_url": "https://swagger.io/specification/v2/#schemaObject", - "severity": "INFO", - "platform": "OpenAPI", - "category": "Structure and Semantics", - "experimental": false, - "description": "Every defined property must be unique throughout the whole API", - "description_id": "eb2e14e6", - "files": [ - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "d922a00ae36332672049542c53e877ca3cea762566073824805efe7902afa1b7", - "line": 307, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/user/create/password}}.post.responses.200.schema.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'info' property is unique throughout the whole API", - "actual_value": "'info' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "ae9a2c4194ef97f7a5e8dd6699ca69a23b5776268a44405e26ae261586c49aaa", - "line": 460, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/user/insert}}.post.parameters.schema.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'firstName' property is unique throughout the whole API", - "actual_value": "'firstName' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "e26a1373b6b00c852b5734d922665c09b9f200a32d796f0a08f5f0fd1b63935c", - "line": 468, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/user/insert}}.post.responses.200.schema.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'id' property is unique throughout the whole API", - "actual_value": "'id' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "f864a2440ec855e97e618df141d6d64560ae2b8c85f6fedcdbfcfa268e2f5eaf", - "line": 299, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/user/create/password}}.post.parameters.schema.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'id' property is unique throughout the whole API", - "actual_value": "'id' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "3f50576472289df6d0dc0a3ada162734486f5ca9b65c39fdd2d86b7e97ef3bfc", - "line": 249, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/user/create/mapCart}}.post.parameters.schema.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'info' property is unique throughout the whole API", - "actual_value": "'info' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "33d4880a27d20f1d94813f7839ffba6bd421d515b2a4a1a1d2f9439577a44cbd", - "line": 506, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/user/update}}.post.parameters.schema.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'info' property is unique throughout the whole API", - "actual_value": "'info' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "9d19bd172ff710d659a31e4196991fc11f4fb9ba856ea0c82bf86ab4ac1b0b53", - "line": 307, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/user/create/password}}.post.responses.200.schema.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'email' property is unique throughout the whole API", - "actual_value": "'email' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "076023938ac61210137d19ce19c441e9418be944be4c04a7fae641f2f3b086a8", - "line": 387, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/user/get/byId/{id}}}.get.responses.200.schema.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'id' property is unique throughout the whole API", - "actual_value": "'id' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "a18abf68c25c5626c5f3bb02f7804120cfec2b0af7d25234b35424965e7b9d57", - "line": 563, - "issue_type": "IncorrectValue", - "search_key": "definitions.$ref=./definitions.json", - "search_line": 0, - "search_value": "", - "expected_value": "'gmtOffset' property is unique throughout the whole API", - "actual_value": "'gmtOffset' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "eb7a06cc175f972b5d7edcb3616905a9a1cc3b8b20223316addd6f1114d5c33f", - "line": 307, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/user/create/password}}.post.responses.200.schema.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'id' property is unique throughout the whole API", - "actual_value": "'id' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "21c3a8b9dbb3622aa45eaa495d925bf9d298cc5d7c6618ff44ff6b15fff93183", - "line": 563, - "issue_type": "IncorrectValue", - "search_key": "definitions.$ref=./definitions.json", - "search_line": 0, - "search_value": "", - "expected_value": "'a2' property is unique throughout the whole API", - "actual_value": "'a2' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "db633da9cf870fa37830b3c65fb285c9a4b8cff92a36343e40a7cd9796c55e2f", - "line": 545, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/users/findAll}}.get.responses.200.schema.items.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'email' property is unique throughout the whole API", - "actual_value": "'email' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "066626dc90876e4b8e0acb085e4883f8742ead6e726f66b33ed364ed3aeb2d92", - "line": 563, - "issue_type": "IncorrectValue", - "search_key": "definitions.$ref=./definitions.json", - "search_line": 0, - "search_value": "", - "expected_value": "'password' property is unique throughout the whole API", - "actual_value": "'password' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "06131bef351103acfb7ee9fbb205cd3072eab03438dc64574bb4541cd7ba48d9", - "line": 348, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/user/get/byEmail/{email}}}.get.responses.200.schema.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'password' property is unique throughout the whole API", - "actual_value": "'password' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "7a7de79e78550abfe8a44b27648d61bf7d2e22e563792d106292d8110428b60f", - "line": 387, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/user/get/byId/{id}}}.get.responses.200.schema.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'email' property is unique throughout the whole API", - "actual_value": "'email' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "0ed9019bf3b823e4b9cec5623ecb02c577f495d7b3be84dceb009b9f6e7dc8ff", - "line": 299, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/user/create/password}}.post.parameters.schema.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'firstName' property is unique throughout the whole API", - "actual_value": "'firstName' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "a36106e9755dd59573e65e745036739846241c265d2265ce433882d80991d216", - "line": 545, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/users/findAll}}.get.responses.200.schema.items.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'firstName' property is unique throughout the whole API", - "actual_value": "'firstName' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "3e833473f334445d14dea0b81ad200bb6f9715983d5c330cea890862e3e621a1", - "line": 348, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/user/get/byEmail/{email}}}.get.responses.200.schema.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'info' property is unique throughout the whole API", - "actual_value": "'info' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "6a86f8ece0f67a20a6f2d953aeec7133a4d8b2db05a91c88b77e6daa559da255", - "line": 460, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/user/insert}}.post.parameters.schema.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'info' property is unique throughout the whole API", - "actual_value": "'info' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "742df9bdb7b0bbdfd27893a2328da8c0cf3313562121f05b4933e49df8d71d71", - "line": 299, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/user/create/password}}.post.parameters.schema.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'password' property is unique throughout the whole API", - "actual_value": "'password' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "70d44bfb825c6276aefef00842ac929b64193c9030066ecea83f8bfc9ed6f964", - "line": 545, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/users/findAll}}.get.responses.200.schema.items.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'password' property is unique throughout the whole API", - "actual_value": "'password' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "c9fc36b4134eceed43134427be36539a2733c36f0be7b001e2e28acf70138451", - "line": 49, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/country/get/byId/{id}}}.get.responses.200.schema.$ref=./definitions.json#/Country", - "search_line": 0, - "search_value": "", - "expected_value": "'a2' property is unique throughout the whole API", - "actual_value": "'a2' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "6f2361667cb5eef4416ee89133e7f000bc857bab23be7f63dc29fb219932ffae", - "line": 468, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/user/insert}}.post.responses.200.schema.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'firstName' property is unique throughout the whole API", - "actual_value": "'firstName' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "5eda8746744c20aeccec4b5e818cbed3788cd3703f4c2aa7327a88e1045dd256", - "line": 387, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/user/get/byId/{id}}}.get.responses.200.schema.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'firstName' property is unique throughout the whole API", - "actual_value": "'firstName' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "3ff7cf91a10e3c0dae8a89638de17797354aa05c16c0dc58b45e916bd393f1b3", - "line": 387, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/user/get/byId/{id}}}.get.responses.200.schema.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'password' property is unique throughout the whole API", - "actual_value": "'password' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "910467f7887c76affc7cea19c0fe396e3d3531ea8a43fd3144a91010f73f5f8e", - "line": 249, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/user/create/mapCart}}.post.parameters.schema.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'id' property is unique throughout the whole API", - "actual_value": "'id' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "68309d0960a7dc0655457b3ebf9fc6ba6ffe06957c7ee22fa569cc138d91868b", - "line": 49, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/country/get/byId/{id}}}.get.responses.200.schema.$ref=./definitions.json#/Country", - "search_line": 0, - "search_value": "", - "expected_value": "'definition' property is unique throughout the whole API", - "actual_value": "'definition' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "960914db94494373fc175325d916372db0940040c1d8a73c153dae8b398a6b3e", - "line": 194, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/user/create/cart}}.post.parameters.schema.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'email' property is unique throughout the whole API", - "actual_value": "'email' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "d8e93cca1ed74130a03faee787fd52a35a64c4d5093a264c969d47f05d8a7e53", - "line": 545, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/users/findAll}}.get.responses.200.schema.items.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'info' property is unique throughout the whole API", - "actual_value": "'info' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "115612d7d5a2e88c8ebdfda5c4e3c2e35671d903bf1c00a3a68465a4bc3c3a8a", - "line": 506, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/user/update}}.post.parameters.schema.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'password' property is unique throughout the whole API", - "actual_value": "'password' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "4e1e62ee80dc6711e967c9be6a1d14df22033bfe3b3e12b8385508d9ad942da6", - "line": 49, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/country/get/byId/{id}}}.get.responses.200.schema.$ref=./definitions.json#/Country", - "search_line": 0, - "search_value": "", - "expected_value": "'countryName' property is unique throughout the whole API", - "actual_value": "'countryName' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "f27d2a4dda9db71d94614e720681050e5cd74c17cdd01f7ff7061ab58707981c", - "line": 49, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/country/get/byId/{id}}}.get.responses.200.schema.$ref=./definitions.json#/Country", - "search_line": 0, - "search_value": "", - "expected_value": "'governmentForm' property is unique throughout the whole API", - "actual_value": "'governmentForm' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "5a722738fa25f4a6eb01b730edf5b4552255e4b76de45dc9ff4f7d78aa94210f", - "line": 299, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/user/create/password}}.post.parameters.schema.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'email' property is unique throughout the whole API", - "actual_value": "'email' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "ca6add4f28bb864af1341d26682aa2d0fa6d759b3efc99479127ca1c9758cc12", - "line": 460, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/user/insert}}.post.parameters.schema.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'email' property is unique throughout the whole API", - "actual_value": "'email' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "36abb555656ac0fa2cb2b975b1a4a90076d424c1083144673dfce7e1daa44512", - "line": 194, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/user/create/cart}}.post.parameters.schema.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'firstName' property is unique throughout the whole API", - "actual_value": "'firstName' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "44ff15d550e3eb9cb2a7b5d4de12a5df15ad61577ffc297ea27e832a453e7ab6", - "line": 49, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/country/get/byId/{id}}}.get.responses.200.schema.$ref=./definitions.json#/Country", - "search_line": 0, - "search_value": "", - "expected_value": "'id' property is unique throughout the whole API", - "actual_value": "'id' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "bb64c1c7f4b43fdb4a2d84048203a0183f1b88c8fcbfc505916cc8a974fef901", - "line": 545, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/users/findAll}}.get.responses.200.schema.items.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'id' property is unique throughout the whole API", - "actual_value": "'id' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "ae22dd7f5074e293bd07c146e0ef6e070c34c323307841641d9b19250d976896", - "line": 563, - "issue_type": "IncorrectValue", - "search_key": "definitions.$ref=./definitions.json", - "search_line": 0, - "search_value": "", - "expected_value": "'displayName' property is unique throughout the whole API", - "actual_value": "'displayName' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "506a8a035b6eafb480cdb17248ec20312a6977b73043a60da2ac4f7ae77777e5", - "line": 563, - "issue_type": "IncorrectValue", - "search_key": "definitions.$ref=./definitions.json", - "search_line": 0, - "search_value": "", - "expected_value": "'email' property is unique throughout the whole API", - "actual_value": "'email' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "d0afe0e12eb9e83f4ad891f0349a94bd059d33765209ceaa827ea5153ffcf8ed", - "line": 563, - "issue_type": "IncorrectValue", - "search_key": "definitions.$ref=./definitions.json", - "search_line": 0, - "search_value": "", - "expected_value": "'countryName' property is unique throughout the whole API", - "actual_value": "'countryName' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "1f1c4e0ee7b45e50c78cd7a2947a5c380620e2ff6099fd207985c81ebab2c193", - "line": 194, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/user/create/cart}}.post.parameters.schema.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'password' property is unique throughout the whole API", - "actual_value": "'password' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "78e7639ae2bdaa28b67a3b147d83befcbdc6fa12eff4bcbc04dd3d17fee8269e", - "line": 563, - "issue_type": "IncorrectValue", - "search_key": "definitions.$ref=./definitions.json", - "search_line": 0, - "search_value": "", - "expected_value": "'firstName' property is unique throughout the whole API", - "actual_value": "'firstName' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "6a933de1599716878e2e3ef21cdadff44c5481452d18dc63d835546693df7ebe", - "line": 49, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/country/get/byId/{id}}}.get.responses.200.schema.$ref=./definitions.json#/Country", - "search_line": 0, - "search_value": "", - "expected_value": "'gmtOffset' property is unique throughout the whole API", - "actual_value": "'gmtOffset' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "1ebf2eee6e73bf46d0b14e39a6a8b32b3c987ab78bfdf877203be7730ca8213a", - "line": 563, - "issue_type": "IncorrectValue", - "search_key": "definitions.$ref=./definitions.json", - "search_line": 0, - "search_value": "", - "expected_value": "'id' property is unique throughout the whole API", - "actual_value": "'id' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "5a33cd81809bbfbc0dd79fad23450999e4f9153e798ee7d1703cfb8230fe974a", - "line": 468, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/user/insert}}.post.responses.200.schema.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'info' property is unique throughout the whole API", - "actual_value": "'info' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "6e356e76aa611d446e8b47bcb98c2e89a60f4e11ec0215fa4c3cb68e6b8ef39b", - "line": 49, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/country/get/byId/{id}}}.get.responses.200.schema.$ref=./definitions.json#/Country", - "search_line": 0, - "search_value": "", - "expected_value": "'displayName' property is unique throughout the whole API", - "actual_value": "'displayName' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "931de466521d641a25205229ac2c975fb74d54bd9a6ff5a80b8a61b742bda09b", - "line": 249, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/user/create/mapCart}}.post.parameters.schema.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'email' property is unique throughout the whole API", - "actual_value": "'email' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "090388d5ad23a89ba5a21dd99ca769b91921ba85ac62f9fea9eef9b2a35ca3c2", - "line": 506, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/user/update}}.post.parameters.schema.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'firstName' property is unique throughout the whole API", - "actual_value": "'firstName' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "d7dc8a4773bc3422171faf9375a10992195d2995804cc67a1b397283e5be9742", - "line": 194, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/user/create/cart}}.post.parameters.schema.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'id' property is unique throughout the whole API", - "actual_value": "'id' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "00f42dde173a16ce24cee4f0c29f4da7af613a0ea5dbbf875323f1cb39ec214f", - "line": 506, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/user/update}}.post.parameters.schema.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'id' property is unique throughout the whole API", - "actual_value": "'id' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "2b831616eccfc184da4ed859fd2ee92e6c3e53753608eb855c65021d0ebfbdc9", - "line": 563, - "issue_type": "IncorrectValue", - "search_key": "definitions.$ref=./definitions.json", - "search_line": 0, - "search_value": "", - "expected_value": "'phoneCode' property is unique throughout the whole API", - "actual_value": "'phoneCode' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "850677a8f5bf1c669df3dab2b7c7a825af4fb99bf2012197de0d1729455aac8f", - "line": 563, - "issue_type": "IncorrectValue", - "search_key": "definitions.$ref=./definitions.json", - "search_line": 0, - "search_value": "", - "expected_value": "'a3' property is unique throughout the whole API", - "actual_value": "'a3' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "5caaee296537e635d3def3adaa4a110f1251f45f9c87682372e6dd8f0f7e64df", - "line": 563, - "issue_type": "IncorrectValue", - "search_key": "definitions.$ref=./definitions.json", - "search_line": 0, - "search_value": "", - "expected_value": "'definition' property is unique throughout the whole API", - "actual_value": "'definition' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "28c44bb9f10e51406f2e7afb8287fdd192eb5f02c2a8acdb1b2df4f8823da145", - "line": 194, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/user/create/cart}}.post.parameters.schema.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'info' property is unique throughout the whole API", - "actual_value": "'info' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "bf9a072e845e726db76c3c4b3de244e611f2cace131d1ae7d6f206d90b2a1ed6", - "line": 387, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/user/get/byId/{id}}}.get.responses.200.schema.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'info' property is unique throughout the whole API", - "actual_value": "'info' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "485cca9ca27689883477aadaff52f90dc1d5a264a423e1e32a4007a27d7d51bf", - "line": 249, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/user/create/mapCart}}.post.parameters.schema.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'password' property is unique throughout the whole API", - "actual_value": "'password' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "3c85384e7ef46fcbe92f029694d68dd19c8621a1a81d40c30c7ec7aba9a34278", - "line": 460, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/user/insert}}.post.parameters.schema.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'password' property is unique throughout the whole API", - "actual_value": "'password' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "e3077490ffad83609036247b4010681858afe1663ca767c8787ad86c83b63a42", - "line": 506, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/user/update}}.post.parameters.schema.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'email' property is unique throughout the whole API", - "actual_value": "'email' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "a60875f03b9d4ba7e30e984a1721574d40ae990a07f9580810362309499b47a9", - "line": 563, - "issue_type": "IncorrectValue", - "search_key": "definitions.$ref=./definitions.json", - "search_line": 0, - "search_value": "", - "expected_value": "'governmentForm' property is unique throughout the whole API", - "actual_value": "'governmentForm' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "9e71d759cb0f8f63855f0215e2c95c646c20083100bfa04ebf609e80841f816b", - "line": 460, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/user/insert}}.post.parameters.schema.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'id' property is unique throughout the whole API", - "actual_value": "'id' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "d63880c933e60f14fe31e1706419ad0131a43c47639fbfa68e9e18dc29353d89", - "line": 299, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/user/create/password}}.post.parameters.schema.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'info' property is unique throughout the whole API", - "actual_value": "'info' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "ba0fe4366991ff946be2b3264f2f12971e5b7a913bc67464bc1b7bda6aaff15b", - "line": 307, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/user/create/password}}.post.responses.200.schema.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'password' property is unique throughout the whole API", - "actual_value": "'password' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "63de9d74b7d91a430a8935b2b351a0bdef31166b67ddc5be974a684b2c58f576", - "line": 49, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/country/get/byId/{id}}}.get.responses.200.schema.$ref=./definitions.json#/Country", - "search_line": 0, - "search_value": "", - "expected_value": "'phoneCode' property is unique throughout the whole API", - "actual_value": "'phoneCode' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "03296fbe7d92c85cc639a282edacb96f285ea877602c60f95a9ea46052d07bbb", - "line": 348, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/user/get/byEmail/{email}}}.get.responses.200.schema.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'email' property is unique throughout the whole API", - "actual_value": "'email' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "12cba189eca9ebafb21b6d2b8c50e8b323bbd1a0032b93598b85573e27387c3e", - "line": 249, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/user/create/mapCart}}.post.parameters.schema.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'firstName' property is unique throughout the whole API", - "actual_value": "'firstName' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "ab36a26fc165f9e6f99745303d833c21eb3f0ebc8fe29a3f7f4c00ebdd7f5f4a", - "line": 307, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/user/create/password}}.post.responses.200.schema.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'firstName' property is unique throughout the whole API", - "actual_value": "'firstName' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "c13e062ec0e0a367b6fd475c182fb6db2e485cd29bd98cba6c8efc8715493280", - "line": 348, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/user/get/byEmail/{email}}}.get.responses.200.schema.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'firstName' property is unique throughout the whole API", - "actual_value": "'firstName' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "cd645894b66fff7e5353951a29877faf402ba3e3d51d56b9f2e936105949512f", - "line": 563, - "issue_type": "IncorrectValue", - "search_key": "definitions.$ref=./definitions.json", - "search_line": 0, - "search_value": "", - "expected_value": "'id' property is unique throughout the whole API", - "actual_value": "'id' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "9e825d84c9683c86687eac7a319c0ef77d5296a6f64ef1224e9808181e52879c", - "line": 348, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/user/get/byEmail/{email}}}.get.responses.200.schema.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'id' property is unique throughout the whole API", - "actual_value": "'id' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "9c53f0e8c5ed42f8c81e44b07ab37c073ec4af1bf6654c85e6795b17fee8d9f6", - "line": 563, - "issue_type": "IncorrectValue", - "search_key": "definitions.$ref=./definitions.json", - "search_line": 0, - "search_value": "", - "expected_value": "'info' property is unique throughout the whole API", - "actual_value": "'info' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "1596f75c7fa2b0d4362c6ea777462156610fca823d3025cb2999200b025130c2", - "line": 468, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/user/insert}}.post.responses.200.schema.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'password' property is unique throughout the whole API", - "actual_value": "'password' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "a29891f01be9d769faeb1937e8d5d741a05876fde469b6c50246b7a67e2597f1", - "line": 49, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/country/get/byId/{id}}}.get.responses.200.schema.$ref=./definitions.json#/Country", - "search_line": 0, - "search_value": "", - "expected_value": "'a3' property is unique throughout the whole API", - "actual_value": "'a3' property is not unique throughout the whole API" - }, - { - "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", - "similarity_id": "dd12c8363e0fcd3f36136d30a87321885a42d5da08b937e65f9ca4e74b8eb85f", - "line": 468, - "issue_type": "IncorrectValue", - "search_key": "paths.{{/user/insert}}.post.responses.200.schema.$ref=./definitions.json#/User", - "search_line": 0, - "search_value": "", - "expected_value": "'email' property is unique throughout the whole API", - "actual_value": "'email' property is not unique throughout the whole API" - } - ] - } - ] + "kics_version": "development", + "files_scanned": 1, + "lines_scanned": 633, + "files_parsed": 1, + "lines_parsed": 909, + "lines_ignored": 0, + "files_failed_to_scan": 0, + "queries_total": 1, + "queries_failed_to_execute": 0, + "queries_failed_to_compute_similarity_id": 0, + "scan_id": "console", + "severity_counters": { + "CRITICAL": 0, + "HIGH": 0, + "INFO": 73, + "LOW": 0, + "MEDIUM": 0, + "TRACE": 0 + }, + "total_counter": 73, + "total_bom_resources": 0, + "start": "2024-03-27T11:34:07.7517568Z", + "end": "2024-03-27T11:34:13.9523066Z", + "paths": [ + "/path/test/fixtures/resolve_references_json" + ], + "queries": [ + { + "query_name": "Property Not Unique", + "query_id": "750b40be-4bac-4f59-bdc4-1ca0e6c3450e", + "query_url": "https://swagger.io/specification/v2/#schemaObject", + "severity": "INFO", + "platform": "OpenAPI", + "category": "Structure and Semantics", + "experimental": false, + "description": "Every defined property must be unique throughout the whole API", + "description_id": "eb2e14e6", + "files": [ + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "7a7de79e78550abfe8a44b27648d61bf7d2e22e563792d106292d8110428b60f", + "line": 387, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/user/get/byId/{id}}}.get.responses.200.schema.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'email' property is unique throughout the whole API", + "actual_value": "'email' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "12cba189eca9ebafb21b6d2b8c50e8b323bbd1a0032b93598b85573e27387c3e", + "line": 249, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/user/create/mapCart}}.post.parameters.schema.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'firstName' property is unique throughout the whole API", + "actual_value": "'firstName' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "5a722738fa25f4a6eb01b730edf5b4552255e4b76de45dc9ff4f7d78aa94210f", + "line": 299, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/user/create/password}}.post.parameters.schema.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'email' property is unique throughout the whole API", + "actual_value": "'email' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "a18abf68c25c5626c5f3bb02f7804120cfec2b0af7d25234b35424965e7b9d57", + "line": 563, + "issue_type": "IncorrectValue", + "search_key": "definitions.$ref=./definitions.json", + "search_line": 0, + "search_value": "", + "expected_value": "'gmtOffset' property is unique throughout the whole API", + "actual_value": "'gmtOffset' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "9e825d84c9683c86687eac7a319c0ef77d5296a6f64ef1224e9808181e52879c", + "line": 348, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/user/get/byEmail/{email}}}.get.responses.200.schema.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'id' property is unique throughout the whole API", + "actual_value": "'id' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "06131bef351103acfb7ee9fbb205cd3072eab03438dc64574bb4541cd7ba48d9", + "line": 348, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/user/get/byEmail/{email}}}.get.responses.200.schema.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'password' property is unique throughout the whole API", + "actual_value": "'password' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "850677a8f5bf1c669df3dab2b7c7a825af4fb99bf2012197de0d1729455aac8f", + "line": 563, + "issue_type": "IncorrectValue", + "search_key": "definitions.$ref=./definitions.json", + "search_line": 0, + "search_value": "", + "expected_value": "'a3' property is unique throughout the whole API", + "actual_value": "'a3' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "1ebf2eee6e73bf46d0b14e39a6a8b32b3c987ab78bfdf877203be7730ca8213a", + "line": 563, + "issue_type": "IncorrectValue", + "search_key": "definitions.$ref=./definitions.json", + "search_line": 0, + "search_value": "", + "expected_value": "'id' property is unique throughout the whole API", + "actual_value": "'id' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "5a33cd81809bbfbc0dd79fad23450999e4f9153e798ee7d1703cfb8230fe974a", + "line": 468, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/user/insert}}.post.responses.200.schema.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'info' property is unique throughout the whole API", + "actual_value": "'info' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "68309d0960a7dc0655457b3ebf9fc6ba6ffe06957c7ee22fa569cc138d91868b", + "line": 49, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/country/get/byId/{id}}}.get.responses.200.schema.$ref=./definitions.json#/Country", + "search_line": 0, + "search_value": "", + "expected_value": "'definition' property is unique throughout the whole API", + "actual_value": "'definition' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "6f2361667cb5eef4416ee89133e7f000bc857bab23be7f63dc29fb219932ffae", + "line": 468, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/user/insert}}.post.responses.200.schema.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'firstName' property is unique throughout the whole API", + "actual_value": "'firstName' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "44ff15d550e3eb9cb2a7b5d4de12a5df15ad61577ffc297ea27e832a453e7ab6", + "line": 49, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/country/get/byId/{id}}}.get.responses.200.schema.$ref=./definitions.json#/Country", + "search_line": 0, + "search_value": "", + "expected_value": "'id' property is unique throughout the whole API", + "actual_value": "'id' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "00f42dde173a16ce24cee4f0c29f4da7af613a0ea5dbbf875323f1cb39ec214f", + "line": 506, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/user/update}}.post.parameters.schema.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'id' property is unique throughout the whole API", + "actual_value": "'id' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "d63880c933e60f14fe31e1706419ad0131a43c47639fbfa68e9e18dc29353d89", + "line": 299, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/user/create/password}}.post.parameters.schema.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'info' property is unique throughout the whole API", + "actual_value": "'info' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "485cca9ca27689883477aadaff52f90dc1d5a264a423e1e32a4007a27d7d51bf", + "line": 249, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/user/create/mapCart}}.post.parameters.schema.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'password' property is unique throughout the whole API", + "actual_value": "'password' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "c9fc36b4134eceed43134427be36539a2733c36f0be7b001e2e28acf70138451", + "line": 49, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/country/get/byId/{id}}}.get.responses.200.schema.$ref=./definitions.json#/Country", + "search_line": 0, + "search_value": "", + "expected_value": "'a2' property is unique throughout the whole API", + "actual_value": "'a2' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "d0afe0e12eb9e83f4ad891f0349a94bd059d33765209ceaa827ea5153ffcf8ed", + "line": 563, + "issue_type": "IncorrectValue", + "search_key": "definitions.$ref=./definitions.json", + "search_line": 0, + "search_value": "", + "expected_value": "'countryName' property is unique throughout the whole API", + "actual_value": "'countryName' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "f864a2440ec855e97e618df141d6d64560ae2b8c85f6fedcdbfcfa268e2f5eaf", + "line": 299, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/user/create/password}}.post.parameters.schema.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'id' property is unique throughout the whole API", + "actual_value": "'id' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "e26a1373b6b00c852b5734d922665c09b9f200a32d796f0a08f5f0fd1b63935c", + "line": 468, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/user/insert}}.post.responses.200.schema.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'id' property is unique throughout the whole API", + "actual_value": "'id' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "bb64c1c7f4b43fdb4a2d84048203a0183f1b88c8fcbfc505916cc8a974fef901", + "line": 545, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/users/findAll}}.get.responses.200.schema.items.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'id' property is unique throughout the whole API", + "actual_value": "'id' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "03296fbe7d92c85cc639a282edacb96f285ea877602c60f95a9ea46052d07bbb", + "line": 348, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/user/get/byEmail/{email}}}.get.responses.200.schema.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'email' property is unique throughout the whole API", + "actual_value": "'email' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "e3077490ffad83609036247b4010681858afe1663ca767c8787ad86c83b63a42", + "line": 506, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/user/update}}.post.parameters.schema.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'email' property is unique throughout the whole API", + "actual_value": "'email' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "78e7639ae2bdaa28b67a3b147d83befcbdc6fa12eff4bcbc04dd3d17fee8269e", + "line": 563, + "issue_type": "IncorrectValue", + "search_key": "definitions.$ref=./definitions.json", + "search_line": 0, + "search_value": "", + "expected_value": "'firstName' property is unique throughout the whole API", + "actual_value": "'firstName' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "931de466521d641a25205229ac2c975fb74d54bd9a6ff5a80b8a61b742bda09b", + "line": 249, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/user/create/mapCart}}.post.parameters.schema.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'email' property is unique throughout the whole API", + "actual_value": "'email' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "db633da9cf870fa37830b3c65fb285c9a4b8cff92a36343e40a7cd9796c55e2f", + "line": 545, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/users/findAll}}.get.responses.200.schema.items.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'email' property is unique throughout the whole API", + "actual_value": "'email' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "ae9a2c4194ef97f7a5e8dd6699ca69a23b5776268a44405e26ae261586c49aaa", + "line": 460, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/user/insert}}.post.parameters.schema.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'firstName' property is unique throughout the whole API", + "actual_value": "'firstName' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "ae22dd7f5074e293bd07c146e0ef6e070c34c323307841641d9b19250d976896", + "line": 563, + "issue_type": "IncorrectValue", + "search_key": "definitions.$ref=./definitions.json", + "search_line": 0, + "search_value": "", + "expected_value": "'displayName' property is unique throughout the whole API", + "actual_value": "'displayName' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "ab36a26fc165f9e6f99745303d833c21eb3f0ebc8fe29a3f7f4c00ebdd7f5f4a", + "line": 307, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/user/create/password}}.post.responses.200.schema.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'firstName' property is unique throughout the whole API", + "actual_value": "'firstName' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "5eda8746744c20aeccec4b5e818cbed3788cd3703f4c2aa7327a88e1045dd256", + "line": 387, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/user/get/byId/{id}}}.get.responses.200.schema.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'firstName' property is unique throughout the whole API", + "actual_value": "'firstName' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "6a86f8ece0f67a20a6f2d953aeec7133a4d8b2db05a91c88b77e6daa559da255", + "line": 460, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/user/insert}}.post.parameters.schema.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'info' property is unique throughout the whole API", + "actual_value": "'info' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "d8e93cca1ed74130a03faee787fd52a35a64c4d5093a264c969d47f05d8a7e53", + "line": 545, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/users/findAll}}.get.responses.200.schema.items.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'info' property is unique throughout the whole API", + "actual_value": "'info' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "742df9bdb7b0bbdfd27893a2328da8c0cf3313562121f05b4933e49df8d71d71", + "line": 299, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/user/create/password}}.post.parameters.schema.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'password' property is unique throughout the whole API", + "actual_value": "'password' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "a29891f01be9d769faeb1937e8d5d741a05876fde469b6c50246b7a67e2597f1", + "line": 49, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/country/get/byId/{id}}}.get.responses.200.schema.$ref=./definitions.json#/Country", + "search_line": 0, + "search_value": "", + "expected_value": "'a3' property is unique throughout the whole API", + "actual_value": "'a3' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "3e833473f334445d14dea0b81ad200bb6f9715983d5c330cea890862e3e621a1", + "line": 348, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/user/get/byEmail/{email}}}.get.responses.200.schema.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'info' property is unique throughout the whole API", + "actual_value": "'info' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "36abb555656ac0fa2cb2b975b1a4a90076d424c1083144673dfce7e1daa44512", + "line": 194, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/user/create/cart}}.post.parameters.schema.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'firstName' property is unique throughout the whole API", + "actual_value": "'firstName' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "a36106e9755dd59573e65e745036739846241c265d2265ce433882d80991d216", + "line": 545, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/users/findAll}}.get.responses.200.schema.items.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'firstName' property is unique throughout the whole API", + "actual_value": "'firstName' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "076023938ac61210137d19ce19c441e9418be944be4c04a7fae641f2f3b086a8", + "line": 387, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/user/get/byId/{id}}}.get.responses.200.schema.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'id' property is unique throughout the whole API", + "actual_value": "'id' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "21c3a8b9dbb3622aa45eaa495d925bf9d298cc5d7c6618ff44ff6b15fff93183", + "line": 563, + "issue_type": "IncorrectValue", + "search_key": "definitions.$ref=./definitions.json", + "search_line": 0, + "search_value": "", + "expected_value": "'a2' property is unique throughout the whole API", + "actual_value": "'a2' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "f27d2a4dda9db71d94614e720681050e5cd74c17cdd01f7ff7061ab58707981c", + "line": 49, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/country/get/byId/{id}}}.get.responses.200.schema.$ref=./definitions.json#/Country", + "search_line": 0, + "search_value": "", + "expected_value": "'governmentForm' property is unique throughout the whole API", + "actual_value": "'governmentForm' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "28c44bb9f10e51406f2e7afb8287fdd192eb5f02c2a8acdb1b2df4f8823da145", + "line": 194, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/user/create/cart}}.post.parameters.schema.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'info' property is unique throughout the whole API", + "actual_value": "'info' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "3ff7cf91a10e3c0dae8a89638de17797354aa05c16c0dc58b45e916bd393f1b3", + "line": 387, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/user/get/byId/{id}}}.get.responses.200.schema.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'password' property is unique throughout the whole API", + "actual_value": "'password' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "70d44bfb825c6276aefef00842ac929b64193c9030066ecea83f8bfc9ed6f964", + "line": 545, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/users/findAll}}.get.responses.200.schema.items.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'password' property is unique throughout the whole API", + "actual_value": "'password' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "5caaee296537e635d3def3adaa4a110f1251f45f9c87682372e6dd8f0f7e64df", + "line": 563, + "issue_type": "IncorrectValue", + "search_key": "definitions.$ref=./definitions.json", + "search_line": 0, + "search_value": "", + "expected_value": "'definition' property is unique throughout the whole API", + "actual_value": "'definition' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "506a8a035b6eafb480cdb17248ec20312a6977b73043a60da2ac4f7ae77777e5", + "line": 563, + "issue_type": "IncorrectValue", + "search_key": "definitions.$ref=./definitions.json", + "search_line": 0, + "search_value": "", + "expected_value": "'email' property is unique throughout the whole API", + "actual_value": "'email' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "6a933de1599716878e2e3ef21cdadff44c5481452d18dc63d835546693df7ebe", + "line": 49, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/country/get/byId/{id}}}.get.responses.200.schema.$ref=./definitions.json#/Country", + "search_line": 0, + "search_value": "", + "expected_value": "'gmtOffset' property is unique throughout the whole API", + "actual_value": "'gmtOffset' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "cd645894b66fff7e5353951a29877faf402ba3e3d51d56b9f2e936105949512f", + "line": 563, + "issue_type": "IncorrectValue", + "search_key": "definitions.$ref=./definitions.json", + "search_line": 0, + "search_value": "", + "expected_value": "'id' property is unique throughout the whole API", + "actual_value": "'id' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "bf9a072e845e726db76c3c4b3de244e611f2cace131d1ae7d6f206d90b2a1ed6", + "line": 387, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/user/get/byId/{id}}}.get.responses.200.schema.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'info' property is unique throughout the whole API", + "actual_value": "'info' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "63de9d74b7d91a430a8935b2b351a0bdef31166b67ddc5be974a684b2c58f576", + "line": 49, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/country/get/byId/{id}}}.get.responses.200.schema.$ref=./definitions.json#/Country", + "search_line": 0, + "search_value": "", + "expected_value": "'phoneCode' property is unique throughout the whole API", + "actual_value": "'phoneCode' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "6e356e76aa611d446e8b47bcb98c2e89a60f4e11ec0215fa4c3cb68e6b8ef39b", + "line": 49, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/country/get/byId/{id}}}.get.responses.200.schema.$ref=./definitions.json#/Country", + "search_line": 0, + "search_value": "", + "expected_value": "'displayName' property is unique throughout the whole API", + "actual_value": "'displayName' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "c13e062ec0e0a367b6fd475c182fb6db2e485cd29bd98cba6c8efc8715493280", + "line": 348, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/user/get/byEmail/{email}}}.get.responses.200.schema.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'firstName' property is unique throughout the whole API", + "actual_value": "'firstName' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "9c53f0e8c5ed42f8c81e44b07ab37c073ec4af1bf6654c85e6795b17fee8d9f6", + "line": 563, + "issue_type": "IncorrectValue", + "search_key": "definitions.$ref=./definitions.json", + "search_line": 0, + "search_value": "", + "expected_value": "'info' property is unique throughout the whole API", + "actual_value": "'info' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "3f50576472289df6d0dc0a3ada162734486f5ca9b65c39fdd2d86b7e97ef3bfc", + "line": 249, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/user/create/mapCart}}.post.parameters.schema.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'info' property is unique throughout the whole API", + "actual_value": "'info' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "33d4880a27d20f1d94813f7839ffba6bd421d515b2a4a1a1d2f9439577a44cbd", + "line": 506, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/user/update}}.post.parameters.schema.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'info' property is unique throughout the whole API", + "actual_value": "'info' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "1596f75c7fa2b0d4362c6ea777462156610fca823d3025cb2999200b025130c2", + "line": 468, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/user/insert}}.post.responses.200.schema.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'password' property is unique throughout the whole API", + "actual_value": "'password' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "2b831616eccfc184da4ed859fd2ee92e6c3e53753608eb855c65021d0ebfbdc9", + "line": 563, + "issue_type": "IncorrectValue", + "search_key": "definitions.$ref=./definitions.json", + "search_line": 0, + "search_value": "", + "expected_value": "'phoneCode' property is unique throughout the whole API", + "actual_value": "'phoneCode' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "960914db94494373fc175325d916372db0940040c1d8a73c153dae8b398a6b3e", + "line": 194, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/user/create/cart}}.post.parameters.schema.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'email' property is unique throughout the whole API", + "actual_value": "'email' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "dd12c8363e0fcd3f36136d30a87321885a42d5da08b937e65f9ca4e74b8eb85f", + "line": 468, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/user/insert}}.post.responses.200.schema.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'email' property is unique throughout the whole API", + "actual_value": "'email' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "9e71d759cb0f8f63855f0215e2c95c646c20083100bfa04ebf609e80841f816b", + "line": 460, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/user/insert}}.post.parameters.schema.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'id' property is unique throughout the whole API", + "actual_value": "'id' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "066626dc90876e4b8e0acb085e4883f8742ead6e726f66b33ed364ed3aeb2d92", + "line": 563, + "issue_type": "IncorrectValue", + "search_key": "definitions.$ref=./definitions.json", + "search_line": 0, + "search_value": "", + "expected_value": "'password' property is unique throughout the whole API", + "actual_value": "'password' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "1f1c4e0ee7b45e50c78cd7a2947a5c380620e2ff6099fd207985c81ebab2c193", + "line": 194, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/user/create/cart}}.post.parameters.schema.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'password' property is unique throughout the whole API", + "actual_value": "'password' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "115612d7d5a2e88c8ebdfda5c4e3c2e35671d903bf1c00a3a68465a4bc3c3a8a", + "line": 506, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/user/update}}.post.parameters.schema.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'password' property is unique throughout the whole API", + "actual_value": "'password' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "4e1e62ee80dc6711e967c9be6a1d14df22033bfe3b3e12b8385508d9ad942da6", + "line": 49, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/country/get/byId/{id}}}.get.responses.200.schema.$ref=./definitions.json#/Country", + "search_line": 0, + "search_value": "", + "expected_value": "'countryName' property is unique throughout the whole API", + "actual_value": "'countryName' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "9d19bd172ff710d659a31e4196991fc11f4fb9ba856ea0c82bf86ab4ac1b0b53", + "line": 307, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/user/create/password}}.post.responses.200.schema.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'email' property is unique throughout the whole API", + "actual_value": "'email' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "ca6add4f28bb864af1341d26682aa2d0fa6d759b3efc99479127ca1c9758cc12", + "line": 460, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/user/insert}}.post.parameters.schema.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'email' property is unique throughout the whole API", + "actual_value": "'email' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "a60875f03b9d4ba7e30e984a1721574d40ae990a07f9580810362309499b47a9", + "line": 563, + "issue_type": "IncorrectValue", + "search_key": "definitions.$ref=./definitions.json", + "search_line": 0, + "search_value": "", + "expected_value": "'governmentForm' property is unique throughout the whole API", + "actual_value": "'governmentForm' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "eb7a06cc175f972b5d7edcb3616905a9a1cc3b8b20223316addd6f1114d5c33f", + "line": 307, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/user/create/password}}.post.responses.200.schema.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'id' property is unique throughout the whole API", + "actual_value": "'id' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "ba0fe4366991ff946be2b3264f2f12971e5b7a913bc67464bc1b7bda6aaff15b", + "line": 307, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/user/create/password}}.post.responses.200.schema.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'password' property is unique throughout the whole API", + "actual_value": "'password' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "0ed9019bf3b823e4b9cec5623ecb02c577f495d7b3be84dceb009b9f6e7dc8ff", + "line": 299, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/user/create/password}}.post.parameters.schema.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'firstName' property is unique throughout the whole API", + "actual_value": "'firstName' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "090388d5ad23a89ba5a21dd99ca769b91921ba85ac62f9fea9eef9b2a35ca3c2", + "line": 506, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/user/update}}.post.parameters.schema.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'firstName' property is unique throughout the whole API", + "actual_value": "'firstName' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "d7dc8a4773bc3422171faf9375a10992195d2995804cc67a1b397283e5be9742", + "line": 194, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/user/create/cart}}.post.parameters.schema.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'id' property is unique throughout the whole API", + "actual_value": "'id' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "910467f7887c76affc7cea19c0fe396e3d3531ea8a43fd3144a91010f73f5f8e", + "line": 249, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/user/create/mapCart}}.post.parameters.schema.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'id' property is unique throughout the whole API", + "actual_value": "'id' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "d922a00ae36332672049542c53e877ca3cea762566073824805efe7902afa1b7", + "line": 307, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/user/create/password}}.post.responses.200.schema.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'info' property is unique throughout the whole API", + "actual_value": "'info' property is not unique throughout the whole API" + }, + { + "file_name": "path\\test\\fixtures\\resolve_references_json\\scan-2files.json", + "similarity_id": "3c85384e7ef46fcbe92f029694d68dd19c8621a1a81d40c30c7ec7aba9a34278", + "line": 460, + "issue_type": "IncorrectValue", + "search_key": "paths.{{/user/insert}}.post.parameters.schema.$ref=./definitions.json#/User", + "search_line": 0, + "search_value": "", + "expected_value": "'password' property is unique throughout the whole API", + "actual_value": "'password' property is not unique throughout the whole API" + } + ] + } + ] } diff --git a/e2e/fixtures/E2E_CLI_077_RESULT.json b/e2e/fixtures/E2E_CLI_077_RESULT.json index 817e3d04533..72bdf7e9191 100644 --- a/e2e/fixtures/E2E_CLI_077_RESULT.json +++ b/e2e/fixtures/E2E_CLI_077_RESULT.json @@ -1,70 +1,70 @@ { - "kics_version": "development", - "files_scanned": 1, - "lines_scanned": 44, - "files_parsed": 1, - "lines_parsed": 44, - "lines_ignored": 0, - "files_failed_to_scan": 0, - "queries_total": 1, - "queries_failed_to_execute": 0, - "queries_failed_to_compute_similarity_id": 0, - "scan_id": "console", - "severity_counters": { - "CRITICAL": 0, - "HIGH": 0, - "INFO": 0, - "LOW": 0, - "MEDIUM": 2, - "TRACE": 0 - }, - "total_counter": 2, - "total_bom_resources": 0, - "start": "2024-03-27T11:15:24.7815997Z", - "end": "2024-03-27T11:15:25.7563531Z", - "paths": [ - "/path/test/fixtures/similarity_id" - ], - "queries": [ - { - "query_name": "Website Not Forcing HTTPS", - "query_id": "488847ff-6031-487c-bf42-98fd6ac5c9a0", - "query_url": "https://docs.microsoft.com/en-us/azure/templates/microsoft.web/sites?tabs=json#siteproperties-object", - "severity": "MEDIUM", - "platform": "AzureResourceManager", - "cloud_provider": "AZURE", - "category": "Insecure Configurations", - "experimental": false, - "description": "'Microsoft.Web/sites' should force the use of HTTPS", - "description_id": "3af52329", - "files": [ - { - "file_name": "/path/test/fixtures/similarity_id/1_general_deployment.json", - "similarity_id": "f649e674f984920f340e4078adb4d472fa857d1a8bcfa3e4e0418743faa946fd", - "line": 34, - "resource_type": "Microsoft.Web/sites", - "resource_name": "[variables('functionApp').microsoft_unbilled_synchronization]", - "issue_type": "IncorrectValue", - "search_key": "resources.name={{[variables('functionApp').microsoft_unbilled_synchronization]}}.properties.httpsOnly", - "search_line": 34, - "search_value": "", - "expected_value": "resource with type 'Microsoft.Web/sites' should have the 'httpsOnly' false set to true", - "actual_value": "resource with type 'Microsoft.Web/sites' doesn't have 'httpsOnly' set to true" - }, - { - "file_name": "/path/test/fixtures/similarity_id/1_general_deployment.json", - "similarity_id": "8e341b61966dfc47b2e78304b28b445c9891be5143fcf6bd09f5ba0679e1b0ca", - "line": 18, - "resource_type": "Microsoft.Web/sites", - "resource_name": "[variables('functionApp').unbilled_usage_process]", - "issue_type": "IncorrectValue", - "search_key": "resources.name={{[variables('functionApp').unbilled_usage_process]}}.properties.httpsOnly", - "search_line": 18, - "search_value": "", - "expected_value": "resource with type 'Microsoft.Web/sites' should have the 'httpsOnly' false set to true", - "actual_value": "resource with type 'Microsoft.Web/sites' doesn't have 'httpsOnly' set to true" - } - ] - } - ] + "kics_version": "development", + "files_scanned": 1, + "lines_scanned": 44, + "files_parsed": 1, + "lines_parsed": 44, + "lines_ignored": 0, + "files_failed_to_scan": 0, + "queries_total": 1, + "queries_failed_to_execute": 0, + "queries_failed_to_compute_similarity_id": 0, + "scan_id": "console", + "severity_counters": { + "CRITICAL": 0, + "HIGH": 0, + "INFO": 0, + "LOW": 0, + "MEDIUM": 2, + "TRACE": 0 + }, + "total_counter": 2, + "total_bom_resources": 0, + "start": "2024-04-05T10:56:26.6558386+01:00", + "end": "2024-04-05T10:56:30.9071254+01:00", + "paths": [ + "/path/test/fixtures/similarity_id" + ], + "queries": [ + { + "query_name": "Website Not Forcing HTTPS", + "query_id": "488847ff-6031-487c-bf42-98fd6ac5c9a0", + "query_url": "https://docs.microsoft.com/en-us/azure/templates/microsoft.web/sites?tabs=json#siteproperties-object", + "severity": "MEDIUM", + "platform": "AzureResourceManager", + "cloud_provider": "AZURE", + "category": "Insecure Configurations", + "experimental": false, + "description": "'Microsoft.Web/sites' should force the use of HTTPS", + "description_id": "3af52329", + "files": [ + { + "file_name": "/path/test/fixtures/similarity_id/1_general_deployment.json", + "similarity_id": "60db1dec778c035dd27b92ac2a39f06a8e44d5e16fc81140d7a70d86cee4a370", + "line": 34, + "resource_type": "Microsoft.Web/sites", + "resource_name": "[variables('functionApp').microsoft_unbilled_synchronization]", + "issue_type": "IncorrectValue", + "search_key": "resources.name={{[variables('functionApp').microsoft_unbilled_synchronization]}}.properties.httpsOnly", + "search_line": 34, + "search_value": "", + "expected_value": "resource with type 'Microsoft.Web/sites' should have the 'httpsOnly' false set to true", + "actual_value": "resource with type 'Microsoft.Web/sites' doesn't have 'httpsOnly' set to true" + }, + { + "file_name": "/path/test/fixtures/similarity_id/1_general_deployment.json", + "similarity_id": "ce5fe80b1d6f673cd23c2e92e490cae2fb8616a482058547d9e63b5417a92b25", + "line": 18, + "resource_type": "Microsoft.Web/sites", + "resource_name": "[variables('functionApp').unbilled_usage_process]", + "issue_type": "IncorrectValue", + "search_key": "resources.name={{[variables('functionApp').unbilled_usage_process]}}.properties.httpsOnly", + "search_line": 18, + "search_value": "", + "expected_value": "resource with type 'Microsoft.Web/sites' should have the 'httpsOnly' false set to true", + "actual_value": "resource with type 'Microsoft.Web/sites' doesn't have 'httpsOnly' set to true" + } + ] + } + ] } diff --git a/e2e/fixtures/E2E_CLI_081_RESULT.json b/e2e/fixtures/E2E_CLI_081_RESULT.json index 2bfcb45c873..e0d4e97c629 100644 --- a/e2e/fixtures/E2E_CLI_081_RESULT.json +++ b/e2e/fixtures/E2E_CLI_081_RESULT.json @@ -1,57 +1,57 @@ { - "kics_version": "development", - "files_scanned": 1, - "lines_scanned": 78, - "files_parsed": 1, - "lines_parsed": 78, - "lines_ignored": 0, - "files_failed_to_scan": 0, - "queries_total": 43, - "queries_failed_to_execute": 0, - "queries_failed_to_compute_similarity_id": 0, - "scan_id": "console", - "severity_counters": { - "CRITICAL": 0, - "HIGH": 0, - "INFO": 0, - "LOW": 0, - "MEDIUM": 1, - "TRACE": 0 - }, - "total_counter": 1, - "total_bom_resources": 0, - "start": "2024-03-27T12:57:39.1952639Z", - "end": "2024-03-27T12:57:40.2523796Z", - "paths": [ - "/path/test/fixtures/test_output_path" - ], - "queries": [ - { - "query_name": "Azure Instance Using Basic Authentication", - "query_id": "6797f581-0433-4768-ae3e-7ceb2f8b138e", - "query_url": "https://docs.microsoft.com/en-us/azure/templates/microsoft.compute/virtualmachines?tabs=json#linuxconfiguration-object", - "severity": "MEDIUM", - "platform": "AzureResourceManager", - "cloud_provider": "AZURE", - "category": "Best Practices", - "experimental": false, - "description": "Azure Instances should use SSH Key instead of basic authentication", - "description_id": "98ba05ca", - "files": [ - { - "file_name": "/path/test/fixtures/test_output_path/positive1.json", - "similarity_id": "42d73d5b2fa1fbcb1145ea43b7dc4ec20f92adda85c61161b6a7714b6cd86219", - "line": 53, - "resource_type": "Microsoft.Compute/virtualMachines", - "resource_name": "[variables('vmName')]", - "issue_type": "IncorrectValue", - "search_key": "resources.name=[variables('vmName')].properties.osProfile.linuxConfiguration.disablePasswordAuthentication", - "search_line": 53, - "search_value": "", - "expected_value": "'disablePasswordAuthentication' should be set to true", - "actual_value": "'disablePasswordAuthentication' property value is set to false" - } - ] - } - ] + "kics_version": "development", + "files_scanned": 1, + "lines_scanned": 78, + "files_parsed": 1, + "lines_parsed": 78, + "lines_ignored": 0, + "files_failed_to_scan": 0, + "queries_total": 43, + "queries_failed_to_execute": 0, + "queries_failed_to_compute_similarity_id": 0, + "scan_id": "console", + "severity_counters": { + "CRITICAL": 0, + "HIGH": 0, + "INFO": 0, + "LOW": 0, + "MEDIUM": 1, + "TRACE": 0 + }, + "total_counter": 1, + "total_bom_resources": 0, + "start": "2024-04-05T11:00:26.5703068+01:00", + "end": "2024-04-05T11:00:31.1164274+01:00", + "paths": [ + "/path/test/fixtures/test_output_path" + ], + "queries": [ + { + "query_name": "Azure Instance Using Basic Authentication", + "query_id": "6797f581-0433-4768-ae3e-7ceb2f8b138e", + "query_url": "https://docs.microsoft.com/en-us/azure/templates/microsoft.compute/virtualmachines?tabs=json#linuxconfiguration-object", + "severity": "MEDIUM", + "platform": "AzureResourceManager", + "cloud_provider": "AZURE", + "category": "Best Practices", + "experimental": false, + "description": "Azure Instances should use SSH Key instead of basic authentication", + "description_id": "98ba05ca", + "files": [ + { + "file_name": "/path/test/fixtures/test_output_path/positive1.json", + "similarity_id": "82c4e2ecf183c3887cf3f974f33db6f946d78a108744a8314e938f215b320ebc", + "line": 53, + "resource_type": "Microsoft.Compute/virtualMachines", + "resource_name": "[variables('vmName')]", + "issue_type": "IncorrectValue", + "search_key": "resources.name=[variables('vmName')].properties.osProfile.linuxConfiguration.disablePasswordAuthentication", + "search_line": 53, + "search_value": "", + "expected_value": "'disablePasswordAuthentication' should be set to true", + "actual_value": "'disablePasswordAuthentication' property value is set to false" + } + ] + } + ] } diff --git a/e2e/fixtures/E2E_CLI_086_RESULT.json b/e2e/fixtures/E2E_CLI_086_RESULT.json index ffa55e80039..1a3f7343eae 100644 --- a/e2e/fixtures/E2E_CLI_086_RESULT.json +++ b/e2e/fixtures/E2E_CLI_086_RESULT.json @@ -1,371 +1,371 @@ { - "kics_version": "development", - "files_scanned": 1, - "lines_scanned": 19, - "files_parsed": 1, - "lines_parsed": 19, - "lines_ignored": 0, - "files_failed_to_scan": 0, - "queries_total": 1041, - "queries_failed_to_execute": 0, - "queries_failed_to_compute_similarity_id": 0, - "scan_id": "console", - "severity_counters": { - "CRITICAL": 0, - "HIGH": 6, - "INFO": 2, - "LOW": 7, - "MEDIUM": 2, - "TRACE": 0 - }, - "total_counter": 17, - "total_bom_resources": 0, - "start": "2024-03-27T11:17:59.9149862Z", - "end": "2024-03-27T11:18:08.3311188Z", - "paths": [ - "/path/e2e/fixtures/samples/terraform.tf" - ], - "queries": [ - { - "query_name": "Passwords And Secrets - Generic Password", - "query_id": "487f4be7-3fd9-4506-a07a-eae252180c08", - "query_url": "https://docs.kics.io/latest/secrets/", - "severity": "HIGH", - "platform": "Common", - "cloud_provider": "COMMON", - "category": "Secret Management", - "experimental": false, - "description": "Query to find passwords and secrets in infrastructure code.", - "description_id": "d69d8a89", - "files": [ - { - "file_name": "/path/e2e/fixtures/samples/terraform.tf", - "similarity_id": "d6a018d85a93d338ed89c82b791f30c1913eff5e743f67cfa52176f5135aea2b", - "line": 14, - "issue_type": "RedundantAttribute", - "search_key": "", - "search_line": 0, - "search_value": "", - "expected_value": "Hardcoded secret key should not appear in source", - "actual_value": "Hardcoded secret key appears in source" - }, - { - "file_name": "/path/e2e/fixtures/samples/terraform.tf", - "similarity_id": "9e26d1ce4d2e0f7fa9b77195bd329f18c135b946ba74a13bc05a289dfc3455f1", - "line": 5, - "issue_type": "RedundantAttribute", - "search_key": "", - "search_line": 0, - "search_value": "", - "expected_value": "Hardcoded secret key should not appear in source", - "actual_value": "Hardcoded secret key appears in source" - } - ] - }, - { - "query_name": "Redshift Not Encrypted", - "query_id": "cfdcabb0-fc06-427c-865b-c59f13e898ce", - "query_url": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_cluster#encrypted", - "severity": "HIGH", - "platform": "Terraform", - "cloud_provider": "AWS", - "category": "Encryption", - "experimental": false, - "description": "AWS Redshift Cluster should be encrypted. Check if 'encrypted' field is false or undefined (default is false)", - "description_id": "2bee4895", - "files": [ - { - "file_name": "/path/e2e/fixtures/samples/terraform.tf", - "similarity_id": "bd00cd9cd4edd1015d1a1e89f98bdd8128cdaa51456e605ca2c29bd64888efcd", - "line": 1, - "resource_type": "aws_redshift_cluster", - "resource_name": "default", - "issue_type": "MissingAttribute", - "search_key": "aws_redshift_cluster[default]", - "search_line": 1, - "search_value": "", - "expected_value": "aws_redshift_cluster.encrypted should be defined and not null", - "actual_value": "aws_redshift_cluster.encrypted is undefined or null", - "remediation": "encrypted = true", - "remediation_type": "addition" - }, - { - "file_name": "/path/e2e/fixtures/samples/terraform.tf", - "similarity_id": "a5941ee6cc25be94d6a2dfc73fd602e587638d6ad6caf188c09c374b77283917", - "line": 10, - "resource_type": "aws_redshift_cluster", - "resource_name": "default1", - "issue_type": "MissingAttribute", - "search_key": "aws_redshift_cluster[default1]", - "search_line": 10, - "search_value": "", - "expected_value": "aws_redshift_cluster.encrypted should be defined and not null", - "actual_value": "aws_redshift_cluster.encrypted is undefined or null", - "remediation": "encrypted = true", - "remediation_type": "addition" - } - ] - }, - { - "query_name": "Redshift Publicly Accessible", - "query_id": "af173fde-95ea-4584-b904-bb3923ac4bda", - "query_url": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_cluster", - "severity": "HIGH", - "platform": "Terraform", - "cloud_provider": "AWS", - "category": "Insecure Configurations", - "experimental": false, - "description": "AWS Redshift Clusters must not be publicly accessible. Check if 'publicly_accessible' field is true or undefined (default is true)", - "description_id": "9a581503", - "files": [ - { - "file_name": "/path/e2e/fixtures/samples/terraform.tf", - "similarity_id": "4234052fbe1fed19a465cec7fbed9eb156c22eeae7d97c3ac8096bcc7b39a2fe", - "line": 1, - "resource_type": "aws_redshift_cluster", - "resource_name": "default", - "issue_type": "MissingAttribute", - "search_key": "aws_redshift_cluster[default]", - "search_line": -1, - "search_value": "", - "expected_value": "aws_redshift_cluster.publicly_accessible should be defined and not null", - "actual_value": "aws_redshift_cluster.publicly_accessible is undefined or null", - "remediation": "publicly_accessible = false", - "remediation_type": "addition" - }, - { - "file_name": "/path/e2e/fixtures/samples/terraform.tf", - "similarity_id": "7ae2741fb3c480c38776368fbe21412672c6458d490e4648eb1ad1aadc24a741", - "line": 17, - "resource_type": "aws_redshift_cluster", - "resource_name": "default1", - "issue_type": "IncorrectValue", - "search_key": "aws_redshift_cluster[default1].publicly_accessible", - "search_line": -1, - "search_value": "", - "expected_value": "aws_redshift_cluster.publicly_accessible should be set to false", - "actual_value": "aws_redshift_cluster.publicly_accessible is true", - "remediation": "{\"after\":\"false\",\"before\":\"true\"}", - "remediation_type": "replacement" - } - ] - }, - { - "query_name": "Redshift Cluster Logging Disabled", - "query_id": "15ffbacc-fa42-4f6f-a57d-2feac7365caa", - "query_url": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_cluster#enable", - "severity": "MEDIUM", - "platform": "Terraform", - "cloud_provider": "AWS", - "category": "Observability", - "experimental": false, - "description": "Make sure Logging is enabled for Redshift Cluster", - "description_id": "458fe7a3", - "files": [ - { - "file_name": "/path/e2e/fixtures/samples/terraform.tf", - "similarity_id": "65c5c77aa946123a3434e2508fa5f8c6d37412fd55f4adc3d04b22d7b820822b", - "line": 10, - "resource_type": "aws_redshift_cluster", - "resource_name": "default1", - "issue_type": "MissingAttribute", - "search_key": "aws_redshift_cluster[default1]", - "search_line": 10, - "search_value": "", - "expected_value": "'aws_redshift_cluster.logging' should be true", - "actual_value": "'aws_redshift_cluster.logging' is undefined", - "remediation": "logging {\n\t\tenable = true \n\t}", - "remediation_type": "addition" - }, - { - "file_name": "/path/e2e/fixtures/samples/terraform.tf", - "similarity_id": "225c40e04fe9ac2285e2e47a448c8159cde8561762989f936c5cc6967977f664", - "line": 1, - "resource_type": "aws_redshift_cluster", - "resource_name": "default", - "issue_type": "MissingAttribute", - "search_key": "aws_redshift_cluster[default]", - "search_line": 1, - "search_value": "", - "expected_value": "'aws_redshift_cluster.logging' should be true", - "actual_value": "'aws_redshift_cluster.logging' is undefined", - "remediation": "logging {\n\t\tenable = true \n\t}", - "remediation_type": "addition" - } - ] - }, - { - "query_name": "IAM Access Analyzer Not Enabled", - "query_id": "e592a0c5-5bdb-414c-9066-5dba7cdea370", - "query_url": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/accessanalyzer_analyzer", - "severity": "LOW", - "platform": "Terraform", - "cloud_provider": "AWS", - "category": "Best Practices", - "experimental": false, - "description": "IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions", - "description_id": "d03e85ae", - "files": [ - { - "file_name": "/path/e2e/fixtures/samples/terraform.tf", - "similarity_id": "aa346cd1642a83b40e221f96a43d88dbfacecdf1f8e5314c24145f8d35530197", - "line": 1, - "resource_type": "n/a", - "resource_name": "n/a", - "issue_type": "MissingAttribute", - "search_key": "resource", - "search_line": -1, - "search_value": "", - "expected_value": "'aws_accessanalyzer_analyzer' should be set", - "actual_value": "'aws_accessanalyzer_analyzer' is undefined" - } - ] - }, - { - "query_name": "Redshift Cluster Without VPC", - "query_id": "0a494a6a-ebe2-48a0-9d77-cf9d5125e1b3", - "query_url": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_cluster#vpc_security_group_ids", - "severity": "LOW", - "platform": "Terraform", - "cloud_provider": "AWS", - "category": "Insecure Configurations", - "experimental": false, - "description": "Redshift Cluster should be configured in VPC (Virtual Private Cloud)", - "description_id": "6fd531fa", - "files": [ - { - "file_name": "/path/e2e/fixtures/samples/terraform.tf", - "similarity_id": "83461a5eac8fed2264fac68a6d352d1ed752867a9b0a131afa9ba7e366159b59", - "line": 10, - "resource_type": "aws_redshift_cluster", - "resource_name": "default1", - "issue_type": "MissingAttribute", - "search_key": "aws_redshift_cluster[default1]", - "search_line": -1, - "search_value": "vpc_security_group_ids", - "expected_value": "aws_redshift_cluster[default1].vpc_security_group_ids should be set", - "actual_value": "aws_redshift_cluster[default1].vpc_security_group_ids is undefined" - }, - { - "file_name": "/path/e2e/fixtures/samples/terraform.tf", - "similarity_id": "c703e26654dc3e9da1ad3519663f38aed2a29e629b4342f9e75af464a07699e0", - "line": 1, - "resource_type": "aws_redshift_cluster", - "resource_name": "default", - "issue_type": "MissingAttribute", - "search_key": "aws_redshift_cluster[default]", - "search_line": -1, - "search_value": "vpc_security_group_ids", - "expected_value": "aws_redshift_cluster[default].vpc_security_group_ids should be set", - "actual_value": "aws_redshift_cluster[default].vpc_security_group_ids is undefined" - }, - { - "file_name": "/path/e2e/fixtures/samples/terraform.tf", - "similarity_id": "4aa3f159f39767de53b49ed871977b8b499bf19b3b0865b1631042aa830598aa", - "line": 10, - "resource_type": "aws_redshift_cluster", - "resource_name": "default1", - "issue_type": "MissingAttribute", - "search_key": "aws_redshift_cluster[default1]", - "search_line": -1, - "search_value": "cluster_subnet_group_name", - "expected_value": "aws_redshift_cluster[default1].cluster_subnet_group_name should be set", - "actual_value": "aws_redshift_cluster[default1].cluster_subnet_group_name is undefined" - }, - { - "file_name": "/path/e2e/fixtures/samples/terraform.tf", - "similarity_id": "709853fdb034e451c68825041190bbff098e2893528d91c39d84d31ea93ecae6", - "line": 1, - "resource_type": "aws_redshift_cluster", - "resource_name": "default", - "issue_type": "MissingAttribute", - "search_key": "aws_redshift_cluster[default]", - "search_line": -1, - "search_value": "cluster_subnet_group_name", - "expected_value": "aws_redshift_cluster[default].cluster_subnet_group_name should be set", - "actual_value": "aws_redshift_cluster[default].cluster_subnet_group_name is undefined" - } - ] - }, - { - "query_name": "Redshift Using Default Port", - "query_id": "41abc6cc-dde1-4217-83d3-fb5f0cc09d8f", - "query_url": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_cluster#port", - "severity": "LOW", - "platform": "Terraform", - "cloud_provider": "AWS", - "category": "Networking and Firewall", - "experimental": false, - "description": "Redshift should not use the default port (5439) because an attacker can easily guess the port", - "description_id": "e2e48d27", - "files": [ - { - "file_name": "/path/e2e/fixtures/samples/terraform.tf", - "similarity_id": "34ae9f216456678405a82e7419b9b1614ee09a765529f717679e1fa4f4a1ae0a", - "line": 1, - "resource_type": "aws_redshift_cluster", - "resource_name": "default", - "issue_type": "MissingAttribute", - "search_key": "aws_redshift_cluster[default]", - "search_line": 1, - "search_value": "", - "expected_value": "aws_redshift_cluster.port should be defined and not null", - "actual_value": "aws_redshift_cluster.port is undefined or null" - }, - { - "file_name": "/path/e2e/fixtures/samples/terraform.tf", - "similarity_id": "8f5d57a5515ee4c9c5e6d26274b4e7ae5e408e39399caff57aebe5121dc11af6", - "line": 10, - "resource_type": "aws_redshift_cluster", - "resource_name": "default1", - "issue_type": "MissingAttribute", - "search_key": "aws_redshift_cluster[default1]", - "search_line": 10, - "search_value": "", - "expected_value": "aws_redshift_cluster.port should be defined and not null", - "actual_value": "aws_redshift_cluster.port is undefined or null" - } - ] - }, - { - "query_name": "Resource Not Using Tags", - "query_id": "e38a8e0a-b88b-4902-b3fe-b0fcb17d5c10", - "query_url": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/guides/resource-tagging", - "severity": "INFO", - "platform": "Terraform", - "cloud_provider": "AWS", - "category": "Best Practices", - "experimental": false, - "description": "AWS services resource tags are an essential part of managing components. As a best practice, the field 'tags' should have additional tags defined other than 'Name'", - "description_id": "09db2d52", - "files": [ - { - "file_name": "/path/e2e/fixtures/samples/terraform.tf", - "similarity_id": "406b71d9fd0edb656a4735df30dde77c5f8a6c4ec3caa3442f986a92832c653b", - "line": 10, - "resource_type": "aws_redshift_cluster", - "resource_name": "default1", - "issue_type": "MissingAttribute", - "search_key": "aws_redshift_cluster[{{default1}}]", - "search_line": -1, - "search_value": "", - "expected_value": "aws_redshift_cluster[{{default1}}].tags should be defined and not null", - "actual_value": "aws_redshift_cluster[{{default1}}].tags is undefined or null" - }, - { - "file_name": "/path/e2e/fixtures/samples/terraform.tf", - "similarity_id": "b44463ffd0f5c1eadc04ce6649982da68658349ad880daef470250661d3d1512", - "line": 1, - "resource_type": "aws_redshift_cluster", - "resource_name": "default", - "issue_type": "MissingAttribute", - "search_key": "aws_redshift_cluster[{{default}}]", - "search_line": -1, - "search_value": "", - "expected_value": "aws_redshift_cluster[{{default}}].tags should be defined and not null", - "actual_value": "aws_redshift_cluster[{{default}}].tags is undefined or null" - } - ] - } - ] + "kics_version": "development", + "files_scanned": 1, + "lines_scanned": 19, + "files_parsed": 1, + "lines_parsed": 19, + "lines_ignored": 0, + "files_failed_to_scan": 0, + "queries_total": 1037, + "queries_failed_to_execute": 0, + "queries_failed_to_compute_similarity_id": 0, + "scan_id": "console", + "severity_counters": { + "CRITICAL": 0, + "HIGH": 6, + "INFO": 2, + "LOW": 7, + "MEDIUM": 2, + "TRACE": 0 + }, + "total_counter": 17, + "total_bom_resources": 0, + "start": "2024-04-29T16:21:47.3016367+01:00", + "end": "2024-04-29T16:22:22.269544+01:00", + "paths": [ + "/path/e2e/fixtures/samples/terraform.tf" + ], + "queries": [ + { + "query_name": "Passwords And Secrets - Generic Password", + "query_id": "487f4be7-3fd9-4506-a07a-eae252180c08", + "query_url": "https://docs.kics.io/latest/secrets/", + "severity": "HIGH", + "platform": "Common", + "cloud_provider": "COMMON", + "category": "Secret Management", + "experimental": false, + "description": "Query to find passwords and secrets in infrastructure code.", + "description_id": "d69d8a89", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/terraform.tf", + "similarity_id": "d6a018d85a93d338ed89c82b791f30c1913eff5e743f67cfa52176f5135aea2b", + "line": 14, + "issue_type": "RedundantAttribute", + "search_key": "", + "search_line": 0, + "search_value": "", + "expected_value": "Hardcoded secret key should not appear in source", + "actual_value": "Hardcoded secret key appears in source" + }, + { + "file_name": "/path/e2e/fixtures/samples/terraform.tf", + "similarity_id": "9e26d1ce4d2e0f7fa9b77195bd329f18c135b946ba74a13bc05a289dfc3455f1", + "line": 5, + "issue_type": "RedundantAttribute", + "search_key": "", + "search_line": 0, + "search_value": "", + "expected_value": "Hardcoded secret key should not appear in source", + "actual_value": "Hardcoded secret key appears in source" + } + ] + }, + { + "query_name": "Redshift Not Encrypted", + "query_id": "cfdcabb0-fc06-427c-865b-c59f13e898ce", + "query_url": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_cluster#encrypted", + "severity": "HIGH", + "platform": "Terraform", + "cloud_provider": "AWS", + "category": "Encryption", + "experimental": false, + "description": "AWS Redshift Cluster should be encrypted. Check if 'encrypted' field is false or undefined (default is false)", + "description_id": "2bee4895", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/terraform.tf", + "similarity_id": "a09d6aefe0fec02ce6b1b30afb3186c7fa4454165a4a1754ed104d22d6156af7", + "line": 10, + "resource_type": "aws_redshift_cluster", + "resource_name": "default1", + "issue_type": "MissingAttribute", + "search_key": "aws_redshift_cluster[default1]", + "search_line": 10, + "search_value": "", + "expected_value": "aws_redshift_cluster.encrypted should be defined and not null", + "actual_value": "aws_redshift_cluster.encrypted is undefined or null", + "remediation": "encrypted = true", + "remediation_type": "addition" + }, + { + "file_name": "/path/e2e/fixtures/samples/terraform.tf", + "similarity_id": "e413b091a0cfff9b692ce5d9fa075e3f69e037a58030e9ef592d5f58ae446fbc", + "line": 1, + "resource_type": "aws_redshift_cluster", + "resource_name": "default", + "issue_type": "MissingAttribute", + "search_key": "aws_redshift_cluster[default]", + "search_line": 1, + "search_value": "", + "expected_value": "aws_redshift_cluster.encrypted should be defined and not null", + "actual_value": "aws_redshift_cluster.encrypted is undefined or null", + "remediation": "encrypted = true", + "remediation_type": "addition" + } + ] + }, + { + "query_name": "Redshift Publicly Accessible", + "query_id": "af173fde-95ea-4584-b904-bb3923ac4bda", + "query_url": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_cluster", + "severity": "HIGH", + "platform": "Terraform", + "cloud_provider": "AWS", + "category": "Insecure Configurations", + "experimental": false, + "description": "AWS Redshift Clusters must not be publicly accessible. Check if 'publicly_accessible' field is true or undefined (default is true)", + "description_id": "9a581503", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/terraform.tf", + "similarity_id": "7ae2741fb3c480c38776368fbe21412672c6458d490e4648eb1ad1aadc24a741", + "line": 17, + "resource_type": "aws_redshift_cluster", + "resource_name": "default1", + "issue_type": "IncorrectValue", + "search_key": "aws_redshift_cluster[default1].publicly_accessible", + "search_line": -1, + "search_value": "", + "expected_value": "aws_redshift_cluster.publicly_accessible should be set to false", + "actual_value": "aws_redshift_cluster.publicly_accessible is true", + "remediation": "{\"after\":\"false\",\"before\":\"true\"}", + "remediation_type": "replacement" + }, + { + "file_name": "/path/e2e/fixtures/samples/terraform.tf", + "similarity_id": "4234052fbe1fed19a465cec7fbed9eb156c22eeae7d97c3ac8096bcc7b39a2fe", + "line": 1, + "resource_type": "aws_redshift_cluster", + "resource_name": "default", + "issue_type": "MissingAttribute", + "search_key": "aws_redshift_cluster[default]", + "search_line": -1, + "search_value": "", + "expected_value": "aws_redshift_cluster.publicly_accessible should be defined and not null", + "actual_value": "aws_redshift_cluster.publicly_accessible is undefined or null", + "remediation": "publicly_accessible = false", + "remediation_type": "addition" + } + ] + }, + { + "query_name": "Redshift Cluster Logging Disabled", + "query_id": "15ffbacc-fa42-4f6f-a57d-2feac7365caa", + "query_url": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_cluster#enable", + "severity": "MEDIUM", + "platform": "Terraform", + "cloud_provider": "AWS", + "category": "Observability", + "experimental": false, + "description": "Make sure Logging is enabled for Redshift Cluster", + "description_id": "458fe7a3", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/terraform.tf", + "similarity_id": "0455ad9d92fa1dc1cbf20dd5042ee21d9ae176388662b5982501aa01724e50d9", + "line": 1, + "resource_type": "aws_redshift_cluster", + "resource_name": "default", + "issue_type": "MissingAttribute", + "search_key": "aws_redshift_cluster[default]", + "search_line": 1, + "search_value": "", + "expected_value": "'aws_redshift_cluster.logging' should be true", + "actual_value": "'aws_redshift_cluster.logging' is undefined", + "remediation": "logging {\n\t\tenable = true \n\t}", + "remediation_type": "addition" + }, + { + "file_name": "/path/e2e/fixtures/samples/terraform.tf", + "similarity_id": "2abf26c3014fc445da69d8d5bb862c1c511e8e16ad3a6c6f6e14c28aa0adac1d", + "line": 10, + "resource_type": "aws_redshift_cluster", + "resource_name": "default1", + "issue_type": "MissingAttribute", + "search_key": "aws_redshift_cluster[default1]", + "search_line": 10, + "search_value": "", + "expected_value": "'aws_redshift_cluster.logging' should be true", + "actual_value": "'aws_redshift_cluster.logging' is undefined", + "remediation": "logging {\n\t\tenable = true \n\t}", + "remediation_type": "addition" + } + ] + }, + { + "query_name": "IAM Access Analyzer Not Enabled", + "query_id": "e592a0c5-5bdb-414c-9066-5dba7cdea370", + "query_url": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/accessanalyzer_analyzer", + "severity": "LOW", + "platform": "Terraform", + "cloud_provider": "AWS", + "category": "Best Practices", + "experimental": false, + "description": "IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions", + "description_id": "d03e85ae", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/terraform.tf", + "similarity_id": "aa346cd1642a83b40e221f96a43d88dbfacecdf1f8e5314c24145f8d35530197", + "line": 1, + "resource_type": "n/a", + "resource_name": "n/a", + "issue_type": "MissingAttribute", + "search_key": "resource", + "search_line": -1, + "search_value": "", + "expected_value": "'aws_accessanalyzer_analyzer' should be set", + "actual_value": "'aws_accessanalyzer_analyzer' is undefined" + } + ] + }, + { + "query_name": "Redshift Cluster Without VPC", + "query_id": "0a494a6a-ebe2-48a0-9d77-cf9d5125e1b3", + "query_url": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_cluster#vpc_security_group_ids", + "severity": "LOW", + "platform": "Terraform", + "cloud_provider": "AWS", + "category": "Insecure Configurations", + "experimental": false, + "description": "Redshift Cluster should be configured in VPC (Virtual Private Cloud)", + "description_id": "6fd531fa", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/terraform.tf", + "similarity_id": "4aa3f159f39767de53b49ed871977b8b499bf19b3b0865b1631042aa830598aa", + "line": 10, + "resource_type": "aws_redshift_cluster", + "resource_name": "default1", + "issue_type": "MissingAttribute", + "search_key": "aws_redshift_cluster[default1]", + "search_line": -1, + "search_value": "cluster_subnet_group_name", + "expected_value": "aws_redshift_cluster[default1].cluster_subnet_group_name should be set", + "actual_value": "aws_redshift_cluster[default1].cluster_subnet_group_name is undefined" + }, + { + "file_name": "/path/e2e/fixtures/samples/terraform.tf", + "similarity_id": "83461a5eac8fed2264fac68a6d352d1ed752867a9b0a131afa9ba7e366159b59", + "line": 10, + "resource_type": "aws_redshift_cluster", + "resource_name": "default1", + "issue_type": "MissingAttribute", + "search_key": "aws_redshift_cluster[default1]", + "search_line": -1, + "search_value": "vpc_security_group_ids", + "expected_value": "aws_redshift_cluster[default1].vpc_security_group_ids should be set", + "actual_value": "aws_redshift_cluster[default1].vpc_security_group_ids is undefined" + }, + { + "file_name": "/path/e2e/fixtures/samples/terraform.tf", + "similarity_id": "709853fdb034e451c68825041190bbff098e2893528d91c39d84d31ea93ecae6", + "line": 1, + "resource_type": "aws_redshift_cluster", + "resource_name": "default", + "issue_type": "MissingAttribute", + "search_key": "aws_redshift_cluster[default]", + "search_line": -1, + "search_value": "cluster_subnet_group_name", + "expected_value": "aws_redshift_cluster[default].cluster_subnet_group_name should be set", + "actual_value": "aws_redshift_cluster[default].cluster_subnet_group_name is undefined" + }, + { + "file_name": "/path/e2e/fixtures/samples/terraform.tf", + "similarity_id": "c703e26654dc3e9da1ad3519663f38aed2a29e629b4342f9e75af464a07699e0", + "line": 1, + "resource_type": "aws_redshift_cluster", + "resource_name": "default", + "issue_type": "MissingAttribute", + "search_key": "aws_redshift_cluster[default]", + "search_line": -1, + "search_value": "vpc_security_group_ids", + "expected_value": "aws_redshift_cluster[default].vpc_security_group_ids should be set", + "actual_value": "aws_redshift_cluster[default].vpc_security_group_ids is undefined" + } + ] + }, + { + "query_name": "Redshift Using Default Port", + "query_id": "41abc6cc-dde1-4217-83d3-fb5f0cc09d8f", + "query_url": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_cluster#port", + "severity": "LOW", + "platform": "Terraform", + "cloud_provider": "AWS", + "category": "Networking and Firewall", + "experimental": false, + "description": "Redshift should not use the default port (5439) because an attacker can easily guess the port", + "description_id": "e2e48d27", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/terraform.tf", + "similarity_id": "9fca92ccbbb8e3f95df092898d7e287dde416e4ea8212f6c4bb30e37c27f2cab", + "line": 1, + "resource_type": "aws_redshift_cluster", + "resource_name": "default", + "issue_type": "MissingAttribute", + "search_key": "aws_redshift_cluster[default]", + "search_line": 1, + "search_value": "", + "expected_value": "aws_redshift_cluster.port should be defined and not null", + "actual_value": "aws_redshift_cluster.port is undefined or null" + }, + { + "file_name": "/path/e2e/fixtures/samples/terraform.tf", + "similarity_id": "0460e3d4bb9ffcbc219231ebe8d154b6dc2ed00c348278dba780a721cd3a1a06", + "line": 10, + "resource_type": "aws_redshift_cluster", + "resource_name": "default1", + "issue_type": "MissingAttribute", + "search_key": "aws_redshift_cluster[default1]", + "search_line": 10, + "search_value": "", + "expected_value": "aws_redshift_cluster.port should be defined and not null", + "actual_value": "aws_redshift_cluster.port is undefined or null" + } + ] + }, + { + "query_name": "Resource Not Using Tags", + "query_id": "e38a8e0a-b88b-4902-b3fe-b0fcb17d5c10", + "query_url": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/guides/resource-tagging", + "severity": "INFO", + "platform": "Terraform", + "cloud_provider": "AWS", + "category": "Best Practices", + "experimental": false, + "description": "AWS services resource tags are an essential part of managing components. As a best practice, the field 'tags' should have additional tags defined other than 'Name'", + "description_id": "09db2d52", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/terraform.tf", + "similarity_id": "b44463ffd0f5c1eadc04ce6649982da68658349ad880daef470250661d3d1512", + "line": 1, + "resource_type": "aws_redshift_cluster", + "resource_name": "default", + "issue_type": "MissingAttribute", + "search_key": "aws_redshift_cluster[{{default}}]", + "search_line": -1, + "search_value": "", + "expected_value": "aws_redshift_cluster[{{default}}].tags should be defined and not null", + "actual_value": "aws_redshift_cluster[{{default}}].tags is undefined or null" + }, + { + "file_name": "/path/e2e/fixtures/samples/terraform.tf", + "similarity_id": "406b71d9fd0edb656a4735df30dde77c5f8a6c4ec3caa3442f986a92832c653b", + "line": 10, + "resource_type": "aws_redshift_cluster", + "resource_name": "default1", + "issue_type": "MissingAttribute", + "search_key": "aws_redshift_cluster[{{default1}}]", + "search_line": -1, + "search_value": "", + "expected_value": "aws_redshift_cluster[{{default1}}].tags should be defined and not null", + "actual_value": "aws_redshift_cluster[{{default1}}].tags is undefined or null" + } + ] + } + ] } diff --git a/e2e/fixtures/E2E_CLI_087_RESULT.json b/e2e/fixtures/E2E_CLI_087_RESULT.json index c0fe2140de2..be93ff7788b 100644 --- a/e2e/fixtures/E2E_CLI_087_RESULT.json +++ b/e2e/fixtures/E2E_CLI_087_RESULT.json @@ -1,371 +1,371 @@ { - "kics_version": "development", - "files_scanned": 1, - "lines_scanned": 19, - "files_parsed": 1, - "lines_parsed": 19, - "lines_ignored": 0, - "files_failed_to_scan": 0, - "queries_total": 1041, - "queries_failed_to_execute": 0, - "queries_failed_to_compute_similarity_id": 0, - "scan_id": "console", - "severity_counters": { - "CRITICAL": 0, - "HIGH": 6, - "INFO": 2, - "LOW": 7, - "MEDIUM": 2, - "TRACE": 0 - }, - "total_counter": 17, - "total_bom_resources": 0, - "start": "2024-03-27T10:36:40.6913792Z", - "end": "2024-03-27T10:37:37.1091002Z", - "paths": [ - "/path/e2e/fixtures/samples/terraform.tf" - ], - "queries": [ - { - "query_name": "Passwords And Secrets - Generic Password", - "query_id": "487f4be7-3fd9-4506-a07a-eae252180c08", - "query_url": "https://docs.kics.io/latest/secrets/", - "severity": "HIGH", - "platform": "Common", - "cloud_provider": "COMMON", - "category": "Secret Management", - "experimental": false, - "description": "Query to find passwords and secrets in infrastructure code.", - "description_id": "d69d8a89", - "files": [ - { - "file_name": "\\path\\e2e\\fixtures\\samples\\terraform.tf", - "similarity_id": "9e26d1ce4d2e0f7fa9b77195bd329f18c135b946ba74a13bc05a289dfc3455f1", - "line": 5, - "issue_type": "RedundantAttribute", - "search_key": "", - "search_line": 0, - "search_value": "", - "expected_value": "Hardcoded secret key should not appear in source", - "actual_value": "Hardcoded secret key appears in source" - }, - { - "file_name": "\\path\\e2e\\fixtures\\samples\\terraform.tf", - "similarity_id": "d6a018d85a93d338ed89c82b791f30c1913eff5e743f67cfa52176f5135aea2b", - "line": 14, - "issue_type": "RedundantAttribute", - "search_key": "", - "search_line": 0, - "search_value": "", - "expected_value": "Hardcoded secret key should not appear in source", - "actual_value": "Hardcoded secret key appears in source" - } - ] - }, - { - "query_name": "Redshift Not Encrypted", - "query_id": "cfdcabb0-fc06-427c-865b-c59f13e898ce", - "query_url": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_cluster#encrypted", - "severity": "HIGH", - "platform": "Terraform", - "cloud_provider": "AWS", - "category": "Encryption", - "experimental": false, - "description": "AWS Redshift Cluster should be encrypted. Check if 'encrypted' field is false or undefined (default is false)", - "description_id": "2bee4895", - "files": [ - { - "file_name": "\\path\\e2e\\fixtures\\samples\\terraform.tf", - "similarity_id": "bd00cd9cd4edd1015d1a1e89f98bdd8128cdaa51456e605ca2c29bd64888efcd", - "line": 1, - "resource_type": "aws_redshift_cluster", - "resource_name": "default", - "issue_type": "MissingAttribute", - "search_key": "aws_redshift_cluster[default]", - "search_line": 1, - "search_value": "", - "expected_value": "aws_redshift_cluster.encrypted should be defined and not null", - "actual_value": "aws_redshift_cluster.encrypted is undefined or null", - "remediation": "encrypted = true", - "remediation_type": "addition" - }, - { - "file_name": "\\path\\e2e\\fixtures\\samples\\terraform.tf", - "similarity_id": "a5941ee6cc25be94d6a2dfc73fd602e587638d6ad6caf188c09c374b77283917", - "line": 10, - "resource_type": "aws_redshift_cluster", - "resource_name": "default1", - "issue_type": "MissingAttribute", - "search_key": "aws_redshift_cluster[default1]", - "search_line": 10, - "search_value": "", - "expected_value": "aws_redshift_cluster.encrypted should be defined and not null", - "actual_value": "aws_redshift_cluster.encrypted is undefined or null", - "remediation": "encrypted = true", - "remediation_type": "addition" - } - ] - }, - { - "query_name": "Redshift Publicly Accessible", - "query_id": "af173fde-95ea-4584-b904-bb3923ac4bda", - "query_url": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_cluster", - "severity": "HIGH", - "platform": "Terraform", - "cloud_provider": "AWS", - "category": "Insecure Configurations", - "experimental": false, - "description": "AWS Redshift Clusters must not be publicly accessible. Check if 'publicly_accessible' field is true or undefined (default is true)", - "description_id": "9a581503", - "files": [ - { - "file_name": "\\path\\e2e\\fixtures\\samples\\terraform.tf", - "similarity_id": "4234052fbe1fed19a465cec7fbed9eb156c22eeae7d97c3ac8096bcc7b39a2fe", - "line": 1, - "resource_type": "aws_redshift_cluster", - "resource_name": "default", - "issue_type": "MissingAttribute", - "search_key": "aws_redshift_cluster[default]", - "search_line": -1, - "search_value": "", - "expected_value": "aws_redshift_cluster.publicly_accessible should be defined and not null", - "actual_value": "aws_redshift_cluster.publicly_accessible is undefined or null", - "remediation": "publicly_accessible = false", - "remediation_type": "addition" - }, - { - "file_name": "\\path\\e2e\\fixtures\\samples\\terraform.tf", - "similarity_id": "7ae2741fb3c480c38776368fbe21412672c6458d490e4648eb1ad1aadc24a741", - "line": 17, - "resource_type": "aws_redshift_cluster", - "resource_name": "default1", - "issue_type": "IncorrectValue", - "search_key": "aws_redshift_cluster[default1].publicly_accessible", - "search_line": -1, - "search_value": "", - "expected_value": "aws_redshift_cluster.publicly_accessible should be set to false", - "actual_value": "aws_redshift_cluster.publicly_accessible is true", - "remediation": "{\"after\":\"false\",\"before\":\"true\"}", - "remediation_type": "replacement" - } - ] - }, - { - "query_name": "Redshift Cluster Logging Disabled", - "query_id": "15ffbacc-fa42-4f6f-a57d-2feac7365caa", - "query_url": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_cluster#enable", - "severity": "MEDIUM", - "platform": "Terraform", - "cloud_provider": "AWS", - "category": "Observability", - "experimental": false, - "description": "Make sure Logging is enabled for Redshift Cluster", - "description_id": "458fe7a3", - "files": [ - { - "file_name": "\\path\\e2e\\fixtures\\samples\\terraform.tf", - "similarity_id": "225c40e04fe9ac2285e2e47a448c8159cde8561762989f936c5cc6967977f664", - "line": 1, - "resource_type": "aws_redshift_cluster", - "resource_name": "default", - "issue_type": "MissingAttribute", - "search_key": "aws_redshift_cluster[default]", - "search_line": 1, - "search_value": "", - "expected_value": "'aws_redshift_cluster.logging' should be true", - "actual_value": "'aws_redshift_cluster.logging' is undefined", - "remediation": "logging {\n\t\tenable = true \n\t}", - "remediation_type": "addition" - }, - { - "file_name": "\\path\\e2e\\fixtures\\samples\\terraform.tf", - "similarity_id": "65c5c77aa946123a3434e2508fa5f8c6d37412fd55f4adc3d04b22d7b820822b", - "line": 10, - "resource_type": "aws_redshift_cluster", - "resource_name": "default1", - "issue_type": "MissingAttribute", - "search_key": "aws_redshift_cluster[default1]", - "search_line": 10, - "search_value": "", - "expected_value": "'aws_redshift_cluster.logging' should be true", - "actual_value": "'aws_redshift_cluster.logging' is undefined", - "remediation": "logging {\n\t\tenable = true \n\t}", - "remediation_type": "addition" - } - ] - }, - { - "query_name": "IAM Access Analyzer Not Enabled", - "query_id": "e592a0c5-5bdb-414c-9066-5dba7cdea370", - "query_url": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/accessanalyzer_analyzer", - "severity": "LOW", - "platform": "Terraform", - "cloud_provider": "AWS", - "category": "Best Practices", - "experimental": false, - "description": "IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions", - "description_id": "d03e85ae", - "files": [ - { - "file_name": "\\path\\e2e\\fixtures\\samples\\terraform.tf", - "similarity_id": "aa346cd1642a83b40e221f96a43d88dbfacecdf1f8e5314c24145f8d35530197", - "line": 1, - "resource_type": "n/a", - "resource_name": "n/a", - "issue_type": "MissingAttribute", - "search_key": "resource", - "search_line": -1, - "search_value": "", - "expected_value": "'aws_accessanalyzer_analyzer' should be set", - "actual_value": "'aws_accessanalyzer_analyzer' is undefined" - } - ] - }, - { - "query_name": "Redshift Cluster Without VPC", - "query_id": "0a494a6a-ebe2-48a0-9d77-cf9d5125e1b3", - "query_url": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_cluster#vpc_security_group_ids", - "severity": "LOW", - "platform": "Terraform", - "cloud_provider": "AWS", - "category": "Insecure Configurations", - "experimental": false, - "description": "Redshift Cluster should be configured in VPC (Virtual Private Cloud)", - "description_id": "6fd531fa", - "files": [ - { - "file_name": "\\path\\e2e\\fixtures\\samples\\terraform.tf", - "similarity_id": "c703e26654dc3e9da1ad3519663f38aed2a29e629b4342f9e75af464a07699e0", - "line": 1, - "resource_type": "aws_redshift_cluster", - "resource_name": "default", - "issue_type": "MissingAttribute", - "search_key": "aws_redshift_cluster[default]", - "search_line": -1, - "search_value": "vpc_security_group_ids", - "expected_value": "aws_redshift_cluster[default].vpc_security_group_ids should be set", - "actual_value": "aws_redshift_cluster[default].vpc_security_group_ids is undefined" - }, - { - "file_name": "\\path\\e2e\\fixtures\\samples\\terraform.tf", - "similarity_id": "83461a5eac8fed2264fac68a6d352d1ed752867a9b0a131afa9ba7e366159b59", - "line": 10, - "resource_type": "aws_redshift_cluster", - "resource_name": "default1", - "issue_type": "MissingAttribute", - "search_key": "aws_redshift_cluster[default1]", - "search_line": -1, - "search_value": "vpc_security_group_ids", - "expected_value": "aws_redshift_cluster[default1].vpc_security_group_ids should be set", - "actual_value": "aws_redshift_cluster[default1].vpc_security_group_ids is undefined" - }, - { - "file_name": "\\path\\e2e\\fixtures\\samples\\terraform.tf", - "similarity_id": "4aa3f159f39767de53b49ed871977b8b499bf19b3b0865b1631042aa830598aa", - "line": 10, - "resource_type": "aws_redshift_cluster", - "resource_name": "default1", - "issue_type": "MissingAttribute", - "search_key": "aws_redshift_cluster[default1]", - "search_line": -1, - "search_value": "cluster_subnet_group_name", - "expected_value": "aws_redshift_cluster[default1].cluster_subnet_group_name should be set", - "actual_value": "aws_redshift_cluster[default1].cluster_subnet_group_name is undefined" - }, - { - "file_name": "\\path\\e2e\\fixtures\\samples\\terraform.tf", - "similarity_id": "709853fdb034e451c68825041190bbff098e2893528d91c39d84d31ea93ecae6", - "line": 1, - "resource_type": "aws_redshift_cluster", - "resource_name": "default", - "issue_type": "MissingAttribute", - "search_key": "aws_redshift_cluster[default]", - "search_line": -1, - "search_value": "cluster_subnet_group_name", - "expected_value": "aws_redshift_cluster[default].cluster_subnet_group_name should be set", - "actual_value": "aws_redshift_cluster[default].cluster_subnet_group_name is undefined" - } - ] - }, - { - "query_name": "Redshift Using Default Port", - "query_id": "41abc6cc-dde1-4217-83d3-fb5f0cc09d8f", - "query_url": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_cluster#port", - "severity": "LOW", - "platform": "Terraform", - "cloud_provider": "AWS", - "category": "Networking and Firewall", - "experimental": false, - "description": "Redshift should not use the default port (5439) because an attacker can easily guess the port", - "description_id": "e2e48d27", - "files": [ - { - "file_name": "\\path\\e2e\\fixtures\\samples\\terraform.tf", - "similarity_id": "8f5d57a5515ee4c9c5e6d26274b4e7ae5e408e39399caff57aebe5121dc11af6", - "line": 10, - "resource_type": "aws_redshift_cluster", - "resource_name": "default1", - "issue_type": "MissingAttribute", - "search_key": "aws_redshift_cluster[default1]", - "search_line": 10, - "search_value": "", - "expected_value": "aws_redshift_cluster.port should be defined and not null", - "actual_value": "aws_redshift_cluster.port is undefined or null" - }, - { - "file_name": "\\path\\e2e\\fixtures\\samples\\terraform.tf", - "similarity_id": "34ae9f216456678405a82e7419b9b1614ee09a765529f717679e1fa4f4a1ae0a", - "line": 1, - "resource_type": "aws_redshift_cluster", - "resource_name": "default", - "issue_type": "MissingAttribute", - "search_key": "aws_redshift_cluster[default]", - "search_line": 1, - "search_value": "", - "expected_value": "aws_redshift_cluster.port should be defined and not null", - "actual_value": "aws_redshift_cluster.port is undefined or null" - } - ] - }, - { - "query_name": "Resource Not Using Tags", - "query_id": "e38a8e0a-b88b-4902-b3fe-b0fcb17d5c10", - "query_url": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/guides/resource-tagging", - "severity": "INFO", - "platform": "Terraform", - "cloud_provider": "AWS", - "category": "Best Practices", - "experimental": false, - "description": "AWS services resource tags are an essential part of managing components. As a best practice, the field 'tags' should have additional tags defined other than 'Name'", - "description_id": "09db2d52", - "files": [ - { - "file_name": "\\path\\e2e\\fixtures\\samples\\terraform.tf", - "similarity_id": "406b71d9fd0edb656a4735df30dde77c5f8a6c4ec3caa3442f986a92832c653b", - "line": 10, - "resource_type": "aws_redshift_cluster", - "resource_name": "default1", - "issue_type": "MissingAttribute", - "search_key": "aws_redshift_cluster[{{default1}}]", - "search_line": -1, - "search_value": "", - "expected_value": "aws_redshift_cluster[{{default1}}].tags should be defined and not null", - "actual_value": "aws_redshift_cluster[{{default1}}].tags is undefined or null" - }, - { - "file_name": "\\path\\e2e\\fixtures\\samples\\terraform.tf", - "similarity_id": "b44463ffd0f5c1eadc04ce6649982da68658349ad880daef470250661d3d1512", - "line": 1, - "resource_type": "aws_redshift_cluster", - "resource_name": "default", - "issue_type": "MissingAttribute", - "search_key": "aws_redshift_cluster[{{default}}]", - "search_line": -1, - "search_value": "", - "expected_value": "aws_redshift_cluster[{{default}}].tags should be defined and not null", - "actual_value": "aws_redshift_cluster[{{default}}].tags is undefined or null" - } - ] - } - ] + "kics_version": "development", + "files_scanned": 1, + "lines_scanned": 19, + "files_parsed": 1, + "lines_parsed": 19, + "lines_ignored": 0, + "files_failed_to_scan": 0, + "queries_total": 1037, + "queries_failed_to_execute": 0, + "queries_failed_to_compute_similarity_id": 0, + "scan_id": "console", + "severity_counters": { + "CRITICAL": 0, + "HIGH": 6, + "INFO": 2, + "LOW": 7, + "MEDIUM": 2, + "TRACE": 0 + }, + "total_counter": 17, + "total_bom_resources": 0, + "start": "2024-04-29T16:25:56.540155+01:00", + "end": "2024-04-29T16:26:57.6416493+01:00", + "paths": [ + "/path/e2e/fixtures/samples/terraform.tf" + ], + "queries": [ + { + "query_name": "Passwords And Secrets - Generic Password", + "query_id": "487f4be7-3fd9-4506-a07a-eae252180c08", + "query_url": "https://docs.kics.io/latest/secrets/", + "severity": "HIGH", + "platform": "Common", + "cloud_provider": "COMMON", + "category": "Secret Management", + "experimental": false, + "description": "Query to find passwords and secrets in infrastructure code.", + "description_id": "d69d8a89", + "files": [ + { + "file_name": "\\path\\e2e\\fixtures\\samples\\terraform.tf", + "similarity_id": "9e26d1ce4d2e0f7fa9b77195bd329f18c135b946ba74a13bc05a289dfc3455f1", + "line": 5, + "issue_type": "RedundantAttribute", + "search_key": "", + "search_line": 0, + "search_value": "", + "expected_value": "Hardcoded secret key should not appear in source", + "actual_value": "Hardcoded secret key appears in source" + }, + { + "file_name": "\\path\\e2e\\fixtures\\samples\\terraform.tf", + "similarity_id": "d6a018d85a93d338ed89c82b791f30c1913eff5e743f67cfa52176f5135aea2b", + "line": 14, + "issue_type": "RedundantAttribute", + "search_key": "", + "search_line": 0, + "search_value": "", + "expected_value": "Hardcoded secret key should not appear in source", + "actual_value": "Hardcoded secret key appears in source" + } + ] + }, + { + "query_name": "Redshift Not Encrypted", + "query_id": "cfdcabb0-fc06-427c-865b-c59f13e898ce", + "query_url": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_cluster#encrypted", + "severity": "HIGH", + "platform": "Terraform", + "cloud_provider": "AWS", + "category": "Encryption", + "experimental": false, + "description": "AWS Redshift Cluster should be encrypted. Check if 'encrypted' field is false or undefined (default is false)", + "description_id": "2bee4895", + "files": [ + { + "file_name": "\\path\\e2e\\fixtures\\samples\\terraform.tf", + "similarity_id": "e413b091a0cfff9b692ce5d9fa075e3f69e037a58030e9ef592d5f58ae446fbc", + "line": 1, + "resource_type": "aws_redshift_cluster", + "resource_name": "default", + "issue_type": "MissingAttribute", + "search_key": "aws_redshift_cluster[default]", + "search_line": 1, + "search_value": "", + "expected_value": "aws_redshift_cluster.encrypted should be defined and not null", + "actual_value": "aws_redshift_cluster.encrypted is undefined or null", + "remediation": "encrypted = true", + "remediation_type": "addition" + }, + { + "file_name": "\\path\\e2e\\fixtures\\samples\\terraform.tf", + "similarity_id": "a09d6aefe0fec02ce6b1b30afb3186c7fa4454165a4a1754ed104d22d6156af7", + "line": 10, + "resource_type": "aws_redshift_cluster", + "resource_name": "default1", + "issue_type": "MissingAttribute", + "search_key": "aws_redshift_cluster[default1]", + "search_line": 10, + "search_value": "", + "expected_value": "aws_redshift_cluster.encrypted should be defined and not null", + "actual_value": "aws_redshift_cluster.encrypted is undefined or null", + "remediation": "encrypted = true", + "remediation_type": "addition" + } + ] + }, + { + "query_name": "Redshift Publicly Accessible", + "query_id": "af173fde-95ea-4584-b904-bb3923ac4bda", + "query_url": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_cluster", + "severity": "HIGH", + "platform": "Terraform", + "cloud_provider": "AWS", + "category": "Insecure Configurations", + "experimental": false, + "description": "AWS Redshift Clusters must not be publicly accessible. Check if 'publicly_accessible' field is true or undefined (default is true)", + "description_id": "9a581503", + "files": [ + { + "file_name": "\\path\\e2e\\fixtures\\samples\\terraform.tf", + "similarity_id": "4234052fbe1fed19a465cec7fbed9eb156c22eeae7d97c3ac8096bcc7b39a2fe", + "line": 1, + "resource_type": "aws_redshift_cluster", + "resource_name": "default", + "issue_type": "MissingAttribute", + "search_key": "aws_redshift_cluster[default]", + "search_line": -1, + "search_value": "", + "expected_value": "aws_redshift_cluster.publicly_accessible should be defined and not null", + "actual_value": "aws_redshift_cluster.publicly_accessible is undefined or null", + "remediation": "publicly_accessible = false", + "remediation_type": "addition" + }, + { + "file_name": "\\path\\e2e\\fixtures\\samples\\terraform.tf", + "similarity_id": "7ae2741fb3c480c38776368fbe21412672c6458d490e4648eb1ad1aadc24a741", + "line": 17, + "resource_type": "aws_redshift_cluster", + "resource_name": "default1", + "issue_type": "IncorrectValue", + "search_key": "aws_redshift_cluster[default1].publicly_accessible", + "search_line": -1, + "search_value": "", + "expected_value": "aws_redshift_cluster.publicly_accessible should be set to false", + "actual_value": "aws_redshift_cluster.publicly_accessible is true", + "remediation": "{\"after\":\"false\",\"before\":\"true\"}", + "remediation_type": "replacement" + } + ] + }, + { + "query_name": "Redshift Cluster Logging Disabled", + "query_id": "15ffbacc-fa42-4f6f-a57d-2feac7365caa", + "query_url": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_cluster#enable", + "severity": "MEDIUM", + "platform": "Terraform", + "cloud_provider": "AWS", + "category": "Observability", + "experimental": false, + "description": "Make sure Logging is enabled for Redshift Cluster", + "description_id": "458fe7a3", + "files": [ + { + "file_name": "\\path\\e2e\\fixtures\\samples\\terraform.tf", + "similarity_id": "0455ad9d92fa1dc1cbf20dd5042ee21d9ae176388662b5982501aa01724e50d9", + "line": 1, + "resource_type": "aws_redshift_cluster", + "resource_name": "default", + "issue_type": "MissingAttribute", + "search_key": "aws_redshift_cluster[default]", + "search_line": 1, + "search_value": "", + "expected_value": "'aws_redshift_cluster.logging' should be true", + "actual_value": "'aws_redshift_cluster.logging' is undefined", + "remediation": "logging {\n\t\tenable = true \n\t}", + "remediation_type": "addition" + }, + { + "file_name": "\\path\\e2e\\fixtures\\samples\\terraform.tf", + "similarity_id": "2abf26c3014fc445da69d8d5bb862c1c511e8e16ad3a6c6f6e14c28aa0adac1d", + "line": 10, + "resource_type": "aws_redshift_cluster", + "resource_name": "default1", + "issue_type": "MissingAttribute", + "search_key": "aws_redshift_cluster[default1]", + "search_line": 10, + "search_value": "", + "expected_value": "'aws_redshift_cluster.logging' should be true", + "actual_value": "'aws_redshift_cluster.logging' is undefined", + "remediation": "logging {\n\t\tenable = true \n\t}", + "remediation_type": "addition" + } + ] + }, + { + "query_name": "IAM Access Analyzer Not Enabled", + "query_id": "e592a0c5-5bdb-414c-9066-5dba7cdea370", + "query_url": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/accessanalyzer_analyzer", + "severity": "LOW", + "platform": "Terraform", + "cloud_provider": "AWS", + "category": "Best Practices", + "experimental": false, + "description": "IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions", + "description_id": "d03e85ae", + "files": [ + { + "file_name": "\\path\\e2e\\fixtures\\samples\\terraform.tf", + "similarity_id": "aa346cd1642a83b40e221f96a43d88dbfacecdf1f8e5314c24145f8d35530197", + "line": 1, + "resource_type": "n/a", + "resource_name": "n/a", + "issue_type": "MissingAttribute", + "search_key": "resource", + "search_line": -1, + "search_value": "", + "expected_value": "'aws_accessanalyzer_analyzer' should be set", + "actual_value": "'aws_accessanalyzer_analyzer' is undefined" + } + ] + }, + { + "query_name": "Redshift Cluster Without VPC", + "query_id": "0a494a6a-ebe2-48a0-9d77-cf9d5125e1b3", + "query_url": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_cluster#vpc_security_group_ids", + "severity": "LOW", + "platform": "Terraform", + "cloud_provider": "AWS", + "category": "Insecure Configurations", + "experimental": false, + "description": "Redshift Cluster should be configured in VPC (Virtual Private Cloud)", + "description_id": "6fd531fa", + "files": [ + { + "file_name": "\\path\\e2e\\fixtures\\samples\\terraform.tf", + "similarity_id": "4aa3f159f39767de53b49ed871977b8b499bf19b3b0865b1631042aa830598aa", + "line": 10, + "resource_type": "aws_redshift_cluster", + "resource_name": "default1", + "issue_type": "MissingAttribute", + "search_key": "aws_redshift_cluster[default1]", + "search_line": -1, + "search_value": "cluster_subnet_group_name", + "expected_value": "aws_redshift_cluster[default1].cluster_subnet_group_name should be set", + "actual_value": "aws_redshift_cluster[default1].cluster_subnet_group_name is undefined" + }, + { + "file_name": "\\path\\e2e\\fixtures\\samples\\terraform.tf", + "similarity_id": "c703e26654dc3e9da1ad3519663f38aed2a29e629b4342f9e75af464a07699e0", + "line": 1, + "resource_type": "aws_redshift_cluster", + "resource_name": "default", + "issue_type": "MissingAttribute", + "search_key": "aws_redshift_cluster[default]", + "search_line": -1, + "search_value": "vpc_security_group_ids", + "expected_value": "aws_redshift_cluster[default].vpc_security_group_ids should be set", + "actual_value": "aws_redshift_cluster[default].vpc_security_group_ids is undefined" + }, + { + "file_name": "\\path\\e2e\\fixtures\\samples\\terraform.tf", + "similarity_id": "709853fdb034e451c68825041190bbff098e2893528d91c39d84d31ea93ecae6", + "line": 1, + "resource_type": "aws_redshift_cluster", + "resource_name": "default", + "issue_type": "MissingAttribute", + "search_key": "aws_redshift_cluster[default]", + "search_line": -1, + "search_value": "cluster_subnet_group_name", + "expected_value": "aws_redshift_cluster[default].cluster_subnet_group_name should be set", + "actual_value": "aws_redshift_cluster[default].cluster_subnet_group_name is undefined" + }, + { + "file_name": "\\path\\e2e\\fixtures\\samples\\terraform.tf", + "similarity_id": "83461a5eac8fed2264fac68a6d352d1ed752867a9b0a131afa9ba7e366159b59", + "line": 10, + "resource_type": "aws_redshift_cluster", + "resource_name": "default1", + "issue_type": "MissingAttribute", + "search_key": "aws_redshift_cluster[default1]", + "search_line": -1, + "search_value": "vpc_security_group_ids", + "expected_value": "aws_redshift_cluster[default1].vpc_security_group_ids should be set", + "actual_value": "aws_redshift_cluster[default1].vpc_security_group_ids is undefined" + } + ] + }, + { + "query_name": "Redshift Using Default Port", + "query_id": "41abc6cc-dde1-4217-83d3-fb5f0cc09d8f", + "query_url": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_cluster#port", + "severity": "LOW", + "platform": "Terraform", + "cloud_provider": "AWS", + "category": "Networking and Firewall", + "experimental": false, + "description": "Redshift should not use the default port (5439) because an attacker can easily guess the port", + "description_id": "e2e48d27", + "files": [ + { + "file_name": "\\path\\e2e\\fixtures\\samples\\terraform.tf", + "similarity_id": "9fca92ccbbb8e3f95df092898d7e287dde416e4ea8212f6c4bb30e37c27f2cab", + "line": 1, + "resource_type": "aws_redshift_cluster", + "resource_name": "default", + "issue_type": "MissingAttribute", + "search_key": "aws_redshift_cluster[default]", + "search_line": 1, + "search_value": "", + "expected_value": "aws_redshift_cluster.port should be defined and not null", + "actual_value": "aws_redshift_cluster.port is undefined or null" + }, + { + "file_name": "\\path\\e2e\\fixtures\\samples\\terraform.tf", + "similarity_id": "0460e3d4bb9ffcbc219231ebe8d154b6dc2ed00c348278dba780a721cd3a1a06", + "line": 10, + "resource_type": "aws_redshift_cluster", + "resource_name": "default1", + "issue_type": "MissingAttribute", + "search_key": "aws_redshift_cluster[default1]", + "search_line": 10, + "search_value": "", + "expected_value": "aws_redshift_cluster.port should be defined and not null", + "actual_value": "aws_redshift_cluster.port is undefined or null" + } + ] + }, + { + "query_name": "Resource Not Using Tags", + "query_id": "e38a8e0a-b88b-4902-b3fe-b0fcb17d5c10", + "query_url": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/guides/resource-tagging", + "severity": "INFO", + "platform": "Terraform", + "cloud_provider": "AWS", + "category": "Best Practices", + "experimental": false, + "description": "AWS services resource tags are an essential part of managing components. As a best practice, the field 'tags' should have additional tags defined other than 'Name'", + "description_id": "09db2d52", + "files": [ + { + "file_name": "\\path\\e2e\\fixtures\\samples\\terraform.tf", + "similarity_id": "b44463ffd0f5c1eadc04ce6649982da68658349ad880daef470250661d3d1512", + "line": 1, + "resource_type": "aws_redshift_cluster", + "resource_name": "default", + "issue_type": "MissingAttribute", + "search_key": "aws_redshift_cluster[{{default}}]", + "search_line": -1, + "search_value": "", + "expected_value": "aws_redshift_cluster[{{default}}].tags should be defined and not null", + "actual_value": "aws_redshift_cluster[{{default}}].tags is undefined or null" + }, + { + "file_name": "\\path\\e2e\\fixtures\\samples\\terraform.tf", + "similarity_id": "406b71d9fd0edb656a4735df30dde77c5f8a6c4ec3caa3442f986a92832c653b", + "line": 10, + "resource_type": "aws_redshift_cluster", + "resource_name": "default1", + "issue_type": "MissingAttribute", + "search_key": "aws_redshift_cluster[{{default1}}]", + "search_line": -1, + "search_value": "", + "expected_value": "aws_redshift_cluster[{{default1}}].tags should be defined and not null", + "actual_value": "aws_redshift_cluster[{{default1}}].tags is undefined or null" + } + ] + } + ] } diff --git a/e2e/fixtures/E2E_CLI_088_RESULT.json b/e2e/fixtures/E2E_CLI_088_RESULT.json index c7aa46c9168..5f640ab1e51 100644 --- a/e2e/fixtures/E2E_CLI_088_RESULT.json +++ b/e2e/fixtures/E2E_CLI_088_RESULT.json @@ -1,371 +1,371 @@ { - "kics_version": "development", - "files_scanned": 1, - "lines_scanned": 19, - "files_parsed": 1, - "lines_parsed": 19, - "lines_ignored": 0, - "files_failed_to_scan": 0, - "queries_total": 1041, - "queries_failed_to_execute": 0, - "queries_failed_to_compute_similarity_id": 0, - "scan_id": "console", - "severity_counters": { - "CRITICAL": 0, - "HIGH": 6, - "INFO": 2, - "LOW": 7, - "MEDIUM": 2, - "TRACE": 0 - }, - "total_counter": 17, - "total_bom_resources": 0, - "start": "2024-03-27T11:20:09.7446867Z", - "end": "2024-03-27T11:20:18.7739629Z", - "paths": [ - "/path/e2e/fixtures/samples/terraform.tf" - ], - "queries": [ - { - "query_name": "Passwords And Secrets - Generic Password", - "query_id": "487f4be7-3fd9-4506-a07a-eae252180c08", - "query_url": "https://docs.kics.io/latest/secrets/", - "severity": "HIGH", - "platform": "Common", - "cloud_provider": "COMMON", - "category": "Secret Management", - "experimental": false, - "description": "Query to find passwords and secrets in infrastructure code.", - "description_id": "d69d8a89", - "files": [ - { - "file_name": "/path/e2e/fixtures/samples/terraform.tf", - "similarity_id": "d6a018d85a93d338ed89c82b791f30c1913eff5e743f67cfa52176f5135aea2b", - "line": 14, - "issue_type": "RedundantAttribute", - "search_key": "", - "search_line": 0, - "search_value": "", - "expected_value": "Hardcoded secret key should not appear in source", - "actual_value": "Hardcoded secret key appears in source" - }, - { - "file_name": "/path/e2e/fixtures/samples/terraform.tf", - "similarity_id": "9e26d1ce4d2e0f7fa9b77195bd329f18c135b946ba74a13bc05a289dfc3455f1", - "line": 5, - "issue_type": "RedundantAttribute", - "search_key": "", - "search_line": 0, - "search_value": "", - "expected_value": "Hardcoded secret key should not appear in source", - "actual_value": "Hardcoded secret key appears in source" - } - ] - }, - { - "query_name": "Redshift Not Encrypted", - "query_id": "cfdcabb0-fc06-427c-865b-c59f13e898ce", - "query_url": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_cluster#encrypted", - "severity": "HIGH", - "platform": "Terraform", - "cloud_provider": "AWS", - "category": "Encryption", - "experimental": false, - "description": "AWS Redshift Cluster should be encrypted. Check if 'encrypted' field is false or undefined (default is false)", - "description_id": "2bee4895", - "files": [ - { - "file_name": "/path/e2e/fixtures/samples/terraform.tf", - "similarity_id": "a5941ee6cc25be94d6a2dfc73fd602e587638d6ad6caf188c09c374b77283917", - "line": 10, - "resource_type": "aws_redshift_cluster", - "resource_name": "default1", - "issue_type": "MissingAttribute", - "search_key": "aws_redshift_cluster[default1]", - "search_line": 10, - "search_value": "", - "expected_value": "aws_redshift_cluster.encrypted should be defined and not null", - "actual_value": "aws_redshift_cluster.encrypted is undefined or null", - "remediation": "encrypted = true", - "remediation_type": "addition" - }, - { - "file_name": "/path/e2e/fixtures/samples/terraform.tf", - "similarity_id": "bd00cd9cd4edd1015d1a1e89f98bdd8128cdaa51456e605ca2c29bd64888efcd", - "line": 1, - "resource_type": "aws_redshift_cluster", - "resource_name": "default", - "issue_type": "MissingAttribute", - "search_key": "aws_redshift_cluster[default]", - "search_line": 1, - "search_value": "", - "expected_value": "aws_redshift_cluster.encrypted should be defined and not null", - "actual_value": "aws_redshift_cluster.encrypted is undefined or null", - "remediation": "encrypted = true", - "remediation_type": "addition" - } - ] - }, - { - "query_name": "Redshift Publicly Accessible", - "query_id": "af173fde-95ea-4584-b904-bb3923ac4bda", - "query_url": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_cluster", - "severity": "HIGH", - "platform": "Terraform", - "cloud_provider": "AWS", - "category": "Insecure Configurations", - "experimental": false, - "description": "AWS Redshift Clusters must not be publicly accessible. Check if 'publicly_accessible' field is true or undefined (default is true)", - "description_id": "9a581503", - "files": [ - { - "file_name": "/path/e2e/fixtures/samples/terraform.tf", - "similarity_id": "7ae2741fb3c480c38776368fbe21412672c6458d490e4648eb1ad1aadc24a741", - "line": 17, - "resource_type": "aws_redshift_cluster", - "resource_name": "default1", - "issue_type": "IncorrectValue", - "search_key": "aws_redshift_cluster[default1].publicly_accessible", - "search_line": -1, - "search_value": "", - "expected_value": "aws_redshift_cluster.publicly_accessible should be set to false", - "actual_value": "aws_redshift_cluster.publicly_accessible is true", - "remediation": "{\"after\":\"false\",\"before\":\"true\"}", - "remediation_type": "replacement" - }, - { - "file_name": "/path/e2e/fixtures/samples/terraform.tf", - "similarity_id": "4234052fbe1fed19a465cec7fbed9eb156c22eeae7d97c3ac8096bcc7b39a2fe", - "line": 1, - "resource_type": "aws_redshift_cluster", - "resource_name": "default", - "issue_type": "MissingAttribute", - "search_key": "aws_redshift_cluster[default]", - "search_line": -1, - "search_value": "", - "expected_value": "aws_redshift_cluster.publicly_accessible should be defined and not null", - "actual_value": "aws_redshift_cluster.publicly_accessible is undefined or null", - "remediation": "publicly_accessible = false", - "remediation_type": "addition" - } - ] - }, - { - "query_name": "Redshift Cluster Logging Disabled", - "query_id": "15ffbacc-fa42-4f6f-a57d-2feac7365caa", - "query_url": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_cluster#enable", - "severity": "MEDIUM", - "platform": "Terraform", - "cloud_provider": "AWS", - "category": "Observability", - "experimental": false, - "description": "Make sure Logging is enabled for Redshift Cluster", - "description_id": "458fe7a3", - "files": [ - { - "file_name": "/path/e2e/fixtures/samples/terraform.tf", - "similarity_id": "225c40e04fe9ac2285e2e47a448c8159cde8561762989f936c5cc6967977f664", - "line": 1, - "resource_type": "aws_redshift_cluster", - "resource_name": "default", - "issue_type": "MissingAttribute", - "search_key": "aws_redshift_cluster[default]", - "search_line": 1, - "search_value": "", - "expected_value": "'aws_redshift_cluster.logging' should be true", - "actual_value": "'aws_redshift_cluster.logging' is undefined", - "remediation": "logging {\n\t\tenable = true \n\t}", - "remediation_type": "addition" - }, - { - "file_name": "/path/e2e/fixtures/samples/terraform.tf", - "similarity_id": "65c5c77aa946123a3434e2508fa5f8c6d37412fd55f4adc3d04b22d7b820822b", - "line": 10, - "resource_type": "aws_redshift_cluster", - "resource_name": "default1", - "issue_type": "MissingAttribute", - "search_key": "aws_redshift_cluster[default1]", - "search_line": 10, - "search_value": "", - "expected_value": "'aws_redshift_cluster.logging' should be true", - "actual_value": "'aws_redshift_cluster.logging' is undefined", - "remediation": "logging {\n\t\tenable = true \n\t}", - "remediation_type": "addition" - } - ] - }, - { - "query_name": "IAM Access Analyzer Not Enabled", - "query_id": "e592a0c5-5bdb-414c-9066-5dba7cdea370", - "query_url": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/accessanalyzer_analyzer", - "severity": "LOW", - "platform": "Terraform", - "cloud_provider": "AWS", - "category": "Best Practices", - "experimental": false, - "description": "IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions", - "description_id": "d03e85ae", - "files": [ - { - "file_name": "/path/e2e/fixtures/samples/terraform.tf", - "similarity_id": "aa346cd1642a83b40e221f96a43d88dbfacecdf1f8e5314c24145f8d35530197", - "line": 1, - "resource_type": "n/a", - "resource_name": "n/a", - "issue_type": "MissingAttribute", - "search_key": "resource", - "search_line": -1, - "search_value": "", - "expected_value": "'aws_accessanalyzer_analyzer' should be set", - "actual_value": "'aws_accessanalyzer_analyzer' is undefined" - } - ] - }, - { - "query_name": "Redshift Cluster Without VPC", - "query_id": "0a494a6a-ebe2-48a0-9d77-cf9d5125e1b3", - "query_url": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_cluster#vpc_security_group_ids", - "severity": "LOW", - "platform": "Terraform", - "cloud_provider": "AWS", - "category": "Insecure Configurations", - "experimental": false, - "description": "Redshift Cluster should be configured in VPC (Virtual Private Cloud)", - "description_id": "6fd531fa", - "files": [ - { - "file_name": "/path/e2e/fixtures/samples/terraform.tf", - "similarity_id": "83461a5eac8fed2264fac68a6d352d1ed752867a9b0a131afa9ba7e366159b59", - "line": 10, - "resource_type": "aws_redshift_cluster", - "resource_name": "default1", - "issue_type": "MissingAttribute", - "search_key": "aws_redshift_cluster[default1]", - "search_line": -1, - "search_value": "vpc_security_group_ids", - "expected_value": "aws_redshift_cluster[default1].vpc_security_group_ids should be set", - "actual_value": "aws_redshift_cluster[default1].vpc_security_group_ids is undefined" - }, - { - "file_name": "/path/e2e/fixtures/samples/terraform.tf", - "similarity_id": "709853fdb034e451c68825041190bbff098e2893528d91c39d84d31ea93ecae6", - "line": 1, - "resource_type": "aws_redshift_cluster", - "resource_name": "default", - "issue_type": "MissingAttribute", - "search_key": "aws_redshift_cluster[default]", - "search_line": -1, - "search_value": "cluster_subnet_group_name", - "expected_value": "aws_redshift_cluster[default].cluster_subnet_group_name should be set", - "actual_value": "aws_redshift_cluster[default].cluster_subnet_group_name is undefined" - }, - { - "file_name": "/path/e2e/fixtures/samples/terraform.tf", - "similarity_id": "4aa3f159f39767de53b49ed871977b8b499bf19b3b0865b1631042aa830598aa", - "line": 10, - "resource_type": "aws_redshift_cluster", - "resource_name": "default1", - "issue_type": "MissingAttribute", - "search_key": "aws_redshift_cluster[default1]", - "search_line": -1, - "search_value": "cluster_subnet_group_name", - "expected_value": "aws_redshift_cluster[default1].cluster_subnet_group_name should be set", - "actual_value": "aws_redshift_cluster[default1].cluster_subnet_group_name is undefined" - }, - { - "file_name": "/path/e2e/fixtures/samples/terraform.tf", - "similarity_id": "c703e26654dc3e9da1ad3519663f38aed2a29e629b4342f9e75af464a07699e0", - "line": 1, - "resource_type": "aws_redshift_cluster", - "resource_name": "default", - "issue_type": "MissingAttribute", - "search_key": "aws_redshift_cluster[default]", - "search_line": -1, - "search_value": "vpc_security_group_ids", - "expected_value": "aws_redshift_cluster[default].vpc_security_group_ids should be set", - "actual_value": "aws_redshift_cluster[default].vpc_security_group_ids is undefined" - } - ] - }, - { - "query_name": "Redshift Using Default Port", - "query_id": "41abc6cc-dde1-4217-83d3-fb5f0cc09d8f", - "query_url": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_cluster#port", - "severity": "LOW", - "platform": "Terraform", - "cloud_provider": "AWS", - "category": "Networking and Firewall", - "experimental": false, - "description": "Redshift should not use the default port (5439) because an attacker can easily guess the port", - "description_id": "e2e48d27", - "files": [ - { - "file_name": "/path/e2e/fixtures/samples/terraform.tf", - "similarity_id": "34ae9f216456678405a82e7419b9b1614ee09a765529f717679e1fa4f4a1ae0a", - "line": 1, - "resource_type": "aws_redshift_cluster", - "resource_name": "default", - "issue_type": "MissingAttribute", - "search_key": "aws_redshift_cluster[default]", - "search_line": 1, - "search_value": "", - "expected_value": "aws_redshift_cluster.port should be defined and not null", - "actual_value": "aws_redshift_cluster.port is undefined or null" - }, - { - "file_name": "/path/e2e/fixtures/samples/terraform.tf", - "similarity_id": "8f5d57a5515ee4c9c5e6d26274b4e7ae5e408e39399caff57aebe5121dc11af6", - "line": 10, - "resource_type": "aws_redshift_cluster", - "resource_name": "default1", - "issue_type": "MissingAttribute", - "search_key": "aws_redshift_cluster[default1]", - "search_line": 10, - "search_value": "", - "expected_value": "aws_redshift_cluster.port should be defined and not null", - "actual_value": "aws_redshift_cluster.port is undefined or null" - } - ] - }, - { - "query_name": "Resource Not Using Tags", - "query_id": "e38a8e0a-b88b-4902-b3fe-b0fcb17d5c10", - "query_url": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/guides/resource-tagging", - "severity": "INFO", - "platform": "Terraform", - "cloud_provider": "AWS", - "category": "Best Practices", - "experimental": false, - "description": "AWS services resource tags are an essential part of managing components. As a best practice, the field 'tags' should have additional tags defined other than 'Name'", - "description_id": "09db2d52", - "files": [ - { - "file_name": "/path/e2e/fixtures/samples/terraform.tf", - "similarity_id": "406b71d9fd0edb656a4735df30dde77c5f8a6c4ec3caa3442f986a92832c653b", - "line": 10, - "resource_type": "aws_redshift_cluster", - "resource_name": "default1", - "issue_type": "MissingAttribute", - "search_key": "aws_redshift_cluster[{{default1}}]", - "search_line": -1, - "search_value": "", - "expected_value": "aws_redshift_cluster[{{default1}}].tags should be defined and not null", - "actual_value": "aws_redshift_cluster[{{default1}}].tags is undefined or null" - }, - { - "file_name": "/path/e2e/fixtures/samples/terraform.tf", - "similarity_id": "b44463ffd0f5c1eadc04ce6649982da68658349ad880daef470250661d3d1512", - "line": 1, - "resource_type": "aws_redshift_cluster", - "resource_name": "default", - "issue_type": "MissingAttribute", - "search_key": "aws_redshift_cluster[{{default}}]", - "search_line": -1, - "search_value": "", - "expected_value": "aws_redshift_cluster[{{default}}].tags should be defined and not null", - "actual_value": "aws_redshift_cluster[{{default}}].tags is undefined or null" - } - ] - } - ] + "kics_version": "development", + "files_scanned": 1, + "lines_scanned": 19, + "files_parsed": 1, + "lines_parsed": 19, + "lines_ignored": 0, + "files_failed_to_scan": 0, + "queries_total": 1037, + "queries_failed_to_execute": 0, + "queries_failed_to_compute_similarity_id": 0, + "scan_id": "console", + "severity_counters": { + "CRITICAL": 0, + "HIGH": 6, + "INFO": 2, + "LOW": 7, + "MEDIUM": 2, + "TRACE": 0 + }, + "total_counter": 17, + "total_bom_resources": 0, + "start": "2024-04-29T16:29:48.7350213+01:00", + "end": "2024-04-29T16:30:37.6222305+01:00", + "paths": [ + "/path/e2e/fixtures/samples/terraform.tf" + ], + "queries": [ + { + "query_name": "Passwords And Secrets - Generic Password", + "query_id": "487f4be7-3fd9-4506-a07a-eae252180c08", + "query_url": "https://docs.kics.io/latest/secrets/", + "severity": "HIGH", + "platform": "Common", + "cloud_provider": "COMMON", + "category": "Secret Management", + "experimental": false, + "description": "Query to find passwords and secrets in infrastructure code.", + "description_id": "d69d8a89", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/terraform.tf", + "similarity_id": "d6a018d85a93d338ed89c82b791f30c1913eff5e743f67cfa52176f5135aea2b", + "line": 14, + "issue_type": "RedundantAttribute", + "search_key": "", + "search_line": 0, + "search_value": "", + "expected_value": "Hardcoded secret key should not appear in source", + "actual_value": "Hardcoded secret key appears in source" + }, + { + "file_name": "/path/e2e/fixtures/samples/terraform.tf", + "similarity_id": "9e26d1ce4d2e0f7fa9b77195bd329f18c135b946ba74a13bc05a289dfc3455f1", + "line": 5, + "issue_type": "RedundantAttribute", + "search_key": "", + "search_line": 0, + "search_value": "", + "expected_value": "Hardcoded secret key should not appear in source", + "actual_value": "Hardcoded secret key appears in source" + } + ] + }, + { + "query_name": "Redshift Not Encrypted", + "query_id": "cfdcabb0-fc06-427c-865b-c59f13e898ce", + "query_url": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_cluster#encrypted", + "severity": "HIGH", + "platform": "Terraform", + "cloud_provider": "AWS", + "category": "Encryption", + "experimental": false, + "description": "AWS Redshift Cluster should be encrypted. Check if 'encrypted' field is false or undefined (default is false)", + "description_id": "2bee4895", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/terraform.tf", + "similarity_id": "e413b091a0cfff9b692ce5d9fa075e3f69e037a58030e9ef592d5f58ae446fbc", + "line": 1, + "resource_type": "aws_redshift_cluster", + "resource_name": "default", + "issue_type": "MissingAttribute", + "search_key": "aws_redshift_cluster[default]", + "search_line": 1, + "search_value": "", + "expected_value": "aws_redshift_cluster.encrypted should be defined and not null", + "actual_value": "aws_redshift_cluster.encrypted is undefined or null", + "remediation": "encrypted = true", + "remediation_type": "addition" + }, + { + "file_name": "/path/e2e/fixtures/samples/terraform.tf", + "similarity_id": "a09d6aefe0fec02ce6b1b30afb3186c7fa4454165a4a1754ed104d22d6156af7", + "line": 10, + "resource_type": "aws_redshift_cluster", + "resource_name": "default1", + "issue_type": "MissingAttribute", + "search_key": "aws_redshift_cluster[default1]", + "search_line": 10, + "search_value": "", + "expected_value": "aws_redshift_cluster.encrypted should be defined and not null", + "actual_value": "aws_redshift_cluster.encrypted is undefined or null", + "remediation": "encrypted = true", + "remediation_type": "addition" + } + ] + }, + { + "query_name": "Redshift Publicly Accessible", + "query_id": "af173fde-95ea-4584-b904-bb3923ac4bda", + "query_url": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_cluster", + "severity": "HIGH", + "platform": "Terraform", + "cloud_provider": "AWS", + "category": "Insecure Configurations", + "experimental": false, + "description": "AWS Redshift Clusters must not be publicly accessible. Check if 'publicly_accessible' field is true or undefined (default is true)", + "description_id": "9a581503", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/terraform.tf", + "similarity_id": "4234052fbe1fed19a465cec7fbed9eb156c22eeae7d97c3ac8096bcc7b39a2fe", + "line": 1, + "resource_type": "aws_redshift_cluster", + "resource_name": "default", + "issue_type": "MissingAttribute", + "search_key": "aws_redshift_cluster[default]", + "search_line": -1, + "search_value": "", + "expected_value": "aws_redshift_cluster.publicly_accessible should be defined and not null", + "actual_value": "aws_redshift_cluster.publicly_accessible is undefined or null", + "remediation": "publicly_accessible = false", + "remediation_type": "addition" + }, + { + "file_name": "/path/e2e/fixtures/samples/terraform.tf", + "similarity_id": "7ae2741fb3c480c38776368fbe21412672c6458d490e4648eb1ad1aadc24a741", + "line": 17, + "resource_type": "aws_redshift_cluster", + "resource_name": "default1", + "issue_type": "IncorrectValue", + "search_key": "aws_redshift_cluster[default1].publicly_accessible", + "search_line": -1, + "search_value": "", + "expected_value": "aws_redshift_cluster.publicly_accessible should be set to false", + "actual_value": "aws_redshift_cluster.publicly_accessible is true", + "remediation": "{\"after\":\"false\",\"before\":\"true\"}", + "remediation_type": "replacement" + } + ] + }, + { + "query_name": "Redshift Cluster Logging Disabled", + "query_id": "15ffbacc-fa42-4f6f-a57d-2feac7365caa", + "query_url": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_cluster#enable", + "severity": "MEDIUM", + "platform": "Terraform", + "cloud_provider": "AWS", + "category": "Observability", + "experimental": false, + "description": "Make sure Logging is enabled for Redshift Cluster", + "description_id": "458fe7a3", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/terraform.tf", + "similarity_id": "2abf26c3014fc445da69d8d5bb862c1c511e8e16ad3a6c6f6e14c28aa0adac1d", + "line": 10, + "resource_type": "aws_redshift_cluster", + "resource_name": "default1", + "issue_type": "MissingAttribute", + "search_key": "aws_redshift_cluster[default1]", + "search_line": 10, + "search_value": "", + "expected_value": "'aws_redshift_cluster.logging' should be true", + "actual_value": "'aws_redshift_cluster.logging' is undefined", + "remediation": "logging {\n\t\tenable = true \n\t}", + "remediation_type": "addition" + }, + { + "file_name": "/path/e2e/fixtures/samples/terraform.tf", + "similarity_id": "0455ad9d92fa1dc1cbf20dd5042ee21d9ae176388662b5982501aa01724e50d9", + "line": 1, + "resource_type": "aws_redshift_cluster", + "resource_name": "default", + "issue_type": "MissingAttribute", + "search_key": "aws_redshift_cluster[default]", + "search_line": 1, + "search_value": "", + "expected_value": "'aws_redshift_cluster.logging' should be true", + "actual_value": "'aws_redshift_cluster.logging' is undefined", + "remediation": "logging {\n\t\tenable = true \n\t}", + "remediation_type": "addition" + } + ] + }, + { + "query_name": "IAM Access Analyzer Not Enabled", + "query_id": "e592a0c5-5bdb-414c-9066-5dba7cdea370", + "query_url": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/accessanalyzer_analyzer", + "severity": "LOW", + "platform": "Terraform", + "cloud_provider": "AWS", + "category": "Best Practices", + "experimental": false, + "description": "IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions", + "description_id": "d03e85ae", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/terraform.tf", + "similarity_id": "aa346cd1642a83b40e221f96a43d88dbfacecdf1f8e5314c24145f8d35530197", + "line": 1, + "resource_type": "n/a", + "resource_name": "n/a", + "issue_type": "MissingAttribute", + "search_key": "resource", + "search_line": -1, + "search_value": "", + "expected_value": "'aws_accessanalyzer_analyzer' should be set", + "actual_value": "'aws_accessanalyzer_analyzer' is undefined" + } + ] + }, + { + "query_name": "Redshift Cluster Without VPC", + "query_id": "0a494a6a-ebe2-48a0-9d77-cf9d5125e1b3", + "query_url": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_cluster#vpc_security_group_ids", + "severity": "LOW", + "platform": "Terraform", + "cloud_provider": "AWS", + "category": "Insecure Configurations", + "experimental": false, + "description": "Redshift Cluster should be configured in VPC (Virtual Private Cloud)", + "description_id": "6fd531fa", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/terraform.tf", + "similarity_id": "83461a5eac8fed2264fac68a6d352d1ed752867a9b0a131afa9ba7e366159b59", + "line": 10, + "resource_type": "aws_redshift_cluster", + "resource_name": "default1", + "issue_type": "MissingAttribute", + "search_key": "aws_redshift_cluster[default1]", + "search_line": -1, + "search_value": "vpc_security_group_ids", + "expected_value": "aws_redshift_cluster[default1].vpc_security_group_ids should be set", + "actual_value": "aws_redshift_cluster[default1].vpc_security_group_ids is undefined" + }, + { + "file_name": "/path/e2e/fixtures/samples/terraform.tf", + "similarity_id": "709853fdb034e451c68825041190bbff098e2893528d91c39d84d31ea93ecae6", + "line": 1, + "resource_type": "aws_redshift_cluster", + "resource_name": "default", + "issue_type": "MissingAttribute", + "search_key": "aws_redshift_cluster[default]", + "search_line": -1, + "search_value": "cluster_subnet_group_name", + "expected_value": "aws_redshift_cluster[default].cluster_subnet_group_name should be set", + "actual_value": "aws_redshift_cluster[default].cluster_subnet_group_name is undefined" + }, + { + "file_name": "/path/e2e/fixtures/samples/terraform.tf", + "similarity_id": "4aa3f159f39767de53b49ed871977b8b499bf19b3b0865b1631042aa830598aa", + "line": 10, + "resource_type": "aws_redshift_cluster", + "resource_name": "default1", + "issue_type": "MissingAttribute", + "search_key": "aws_redshift_cluster[default1]", + "search_line": -1, + "search_value": "cluster_subnet_group_name", + "expected_value": "aws_redshift_cluster[default1].cluster_subnet_group_name should be set", + "actual_value": "aws_redshift_cluster[default1].cluster_subnet_group_name is undefined" + }, + { + "file_name": "/path/e2e/fixtures/samples/terraform.tf", + "similarity_id": "c703e26654dc3e9da1ad3519663f38aed2a29e629b4342f9e75af464a07699e0", + "line": 1, + "resource_type": "aws_redshift_cluster", + "resource_name": "default", + "issue_type": "MissingAttribute", + "search_key": "aws_redshift_cluster[default]", + "search_line": -1, + "search_value": "vpc_security_group_ids", + "expected_value": "aws_redshift_cluster[default].vpc_security_group_ids should be set", + "actual_value": "aws_redshift_cluster[default].vpc_security_group_ids is undefined" + } + ] + }, + { + "query_name": "Redshift Using Default Port", + "query_id": "41abc6cc-dde1-4217-83d3-fb5f0cc09d8f", + "query_url": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_cluster#port", + "severity": "LOW", + "platform": "Terraform", + "cloud_provider": "AWS", + "category": "Networking and Firewall", + "experimental": false, + "description": "Redshift should not use the default port (5439) because an attacker can easily guess the port", + "description_id": "e2e48d27", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/terraform.tf", + "similarity_id": "9fca92ccbbb8e3f95df092898d7e287dde416e4ea8212f6c4bb30e37c27f2cab", + "line": 1, + "resource_type": "aws_redshift_cluster", + "resource_name": "default", + "issue_type": "MissingAttribute", + "search_key": "aws_redshift_cluster[default]", + "search_line": 1, + "search_value": "", + "expected_value": "aws_redshift_cluster.port should be defined and not null", + "actual_value": "aws_redshift_cluster.port is undefined or null" + }, + { + "file_name": "/path/e2e/fixtures/samples/terraform.tf", + "similarity_id": "0460e3d4bb9ffcbc219231ebe8d154b6dc2ed00c348278dba780a721cd3a1a06", + "line": 10, + "resource_type": "aws_redshift_cluster", + "resource_name": "default1", + "issue_type": "MissingAttribute", + "search_key": "aws_redshift_cluster[default1]", + "search_line": 10, + "search_value": "", + "expected_value": "aws_redshift_cluster.port should be defined and not null", + "actual_value": "aws_redshift_cluster.port is undefined or null" + } + ] + }, + { + "query_name": "Resource Not Using Tags", + "query_id": "e38a8e0a-b88b-4902-b3fe-b0fcb17d5c10", + "query_url": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/guides/resource-tagging", + "severity": "INFO", + "platform": "Terraform", + "cloud_provider": "AWS", + "category": "Best Practices", + "experimental": false, + "description": "AWS services resource tags are an essential part of managing components. As a best practice, the field 'tags' should have additional tags defined other than 'Name'", + "description_id": "09db2d52", + "files": [ + { + "file_name": "/path/e2e/fixtures/samples/terraform.tf", + "similarity_id": "b44463ffd0f5c1eadc04ce6649982da68658349ad880daef470250661d3d1512", + "line": 1, + "resource_type": "aws_redshift_cluster", + "resource_name": "default", + "issue_type": "MissingAttribute", + "search_key": "aws_redshift_cluster[{{default}}]", + "search_line": -1, + "search_value": "", + "expected_value": "aws_redshift_cluster[{{default}}].tags should be defined and not null", + "actual_value": "aws_redshift_cluster[{{default}}].tags is undefined or null" + }, + { + "file_name": "/path/e2e/fixtures/samples/terraform.tf", + "similarity_id": "406b71d9fd0edb656a4735df30dde77c5f8a6c4ec3caa3442f986a92832c653b", + "line": 10, + "resource_type": "aws_redshift_cluster", + "resource_name": "default1", + "issue_type": "MissingAttribute", + "search_key": "aws_redshift_cluster[{{default1}}]", + "search_line": -1, + "search_value": "", + "expected_value": "aws_redshift_cluster[{{default1}}].tags should be defined and not null", + "actual_value": "aws_redshift_cluster[{{default1}}].tags is undefined or null" + } + ] + } + ] } diff --git a/e2e/fixtures/E2E_CLI_089_RESULT.json b/e2e/fixtures/E2E_CLI_089_RESULT.json index 380ecb8e1fe..ab7c6525ffc 100644 --- a/e2e/fixtures/E2E_CLI_089_RESULT.json +++ b/e2e/fixtures/E2E_CLI_089_RESULT.json @@ -20,8 +20,8 @@ }, "total_counter": 2, "total_bom_resources": 0, - "start": "2024-02-26T16:32:34.7508686Z", - "end": "2024-02-26T16:32:35.1060554Z", + "start": "2024-05-15T15:44:45.3600052+01:00", + "end": "2024-05-15T15:44:45.6773859+01:00", "paths": [ "/path/test/fixtures/test_critical_severity/run_block_injection/test", "/path/test/fixtures/test_critical_severity/run_block_injection/query" @@ -41,7 +41,7 @@ "files": [ { "file_name": "path\\test\\fixtures\\test_critical_severity\\run_block_injection\\test\\positive1.yaml", - "similarity_id": "2197922dab336742ff58010e01218006c9b2c930a840018ef8b42fb1284f2a45", + "similarity_id": "bc1190ab3eb96cba01d963d7fc2b1d244f311aa30c6c1bad37c44ff1f746a09c", "line": 10, "issue_type": "IncorrectValue", "search_key": "run={{if [ \"${{ github.event.issue.body }}\" ]; then\n if [[ \"${{ github.event.issue.title }}\" =~ ^\\[Auto\\]* ]]; then\n :\n else\n echo \"This issue does not need to generate a markdown file.\" 1\u003e\u00262\n exit 1;\n fi;\nelse\n echo \"The description of the issue is empty.\" 1\u003e\u00262\n exit 1;\nfi;\n}}", @@ -52,7 +52,7 @@ }, { "file_name": "path\\test\\fixtures\\test_critical_severity\\run_block_injection\\test\\positive1.yaml", - "similarity_id": "efac914cab5fb466570dd3a71ee3edd8197a15928c56c2aabff00f54d05c5e6d", + "similarity_id": "a1294c1a63bca998f5cadb852c2680cd6be87510b295234219f2018d684e93fc", "line": 10, "issue_type": "IncorrectValue", "search_key": "run={{if [ \"${{ github.event.issue.body }}\" ]; then\n if [[ \"${{ github.event.issue.title }}\" =~ ^\\[Auto\\]* ]]; then\n :\n else\n echo \"This issue does not need to generate a markdown file.\" 1\u003e\u00262\n exit 1;\n fi;\nelse\n echo \"The description of the issue is empty.\" 1\u003e\u00262\n exit 1;\nfi;\n}}", diff --git a/e2e/fixtures/E2E_CLI_091_PAYLOAD.json b/e2e/fixtures/E2E_CLI_091_PAYLOAD.json index 2cc4ea05b0d..6580a23dde0 100644 --- a/e2e/fixtures/E2E_CLI_091_PAYLOAD.json +++ b/e2e/fixtures/E2E_CLI_091_PAYLOAD.json @@ -1,372 +1,372 @@ { - "document": [ - { - "file": "file", - "id": "0", - "parameters": {}, - "resources": [ - { - "apiVersion": "2020-01-01-preview", - "identifier": "security_contact", - "name": "security contact", - "properties": { - "alertNotifications": { - "minimalSeverity": "High", - "state": "On" - }, - "emails": "sample@email.com", - "notificationsByRole": { - "roles": [ - "Owner" - ], - "state": "On" - }, - "phone": "9999999" - }, - "type": "Microsoft.Security/securityContacts" - } - ], - "variables": {} - }, - { - "file": "file", - "id": "0", - "parameters": {}, - "resources": [ - { - "apiVersion": "2020-01-01-preview", - "identifier": "security_contact", - "name": "security contact", - "properties": { - "alertNotifications": { - "minimalSeverity": "High", - "state": "On" - }, - "emails": "sample@email.com", - "notificationsByRole": { - "roles": [ - "Owner" - ], - "state": "On" - }, - "phone": "9999999" - }, - "type": "Microsoft.Security/securityContacts" - } - ], - "variables": {} - }, - { - "file": "file", - "id": "0", - "parameters": {}, - "resources": [ - { - "apiVersion": "2020-01-01-preview", - "identifier": "security_contact", - "name": "security contact", - "properties": { - "alertNotifications": { - "minimalSeverity": "High", - "state": "Off" - }, - "emails": "sample@email.com", - "notificationsByRole": { - "roles": [ - "Owner" - ], - "state": "On" - }, - "phone": "9999999" - }, - "type": "Microsoft.Security/securityContacts" - } - ], - "variables": {} - }, - { - "file": "file", - "id": "0", - "parameters": {}, - "resources": [ - { - "apiVersion": "2020-01-01-preview", - "identifier": "security_contact", - "name": "security contact", - "properties": { - "alertNotifications": { - "minimalSeverity": "High", - "state": "On" - }, - "emails": "sample@email.com", - "phone": "9999999" - }, - "type": "Microsoft.Security/securityContacts" - } - ], - "variables": {} - }, - { - "file": "file", - "id": "0", - "parameters": {}, - "resources": [ - { - "apiVersion": "2020-01-01-preview", - "identifier": "security_contact", - "name": "security contact", - "properties": { - "alertNotifications": { - "minimalSeverity": "High", - "state": "On" - }, - "emails": "sample@email.com", - "notificationsByRole": { - "roles": [ - "Owner" - ], - "state": "Off" - }, - "phone": "9999999" - }, - "type": "Microsoft.Security/securityContacts" - } - ], - "variables": {} - }, - { - "file": "file", - "id": "0", - "parameters": {}, - "resources": [ - { - "apiVersion": "2020-01-01-preview", - "identifier": "security_contact", - "name": "security contact", - "properties": { - "alertNotifications": { - "minimalSeverity": "High", - "state": "On" - }, - "emails": "sample@email.com", - "notificationsByRole": { - "roles": [ - "Owner" - ] - }, - "phone": "9999999" - }, - "type": "Microsoft.Security/securityContacts" - } - ], - "variables": {} - }, - { - "file": "file", - "id": "0", - "parameters": {}, - "resources": [ - { - "apiVersion": "2020-01-01-preview", - "identifier": "security_contact", - "name": "security contact", - "properties": { - "emails": "sample@email.com", - "notificationsByRole": { - "roles": [ - "Owner" - ], - "state": "On" - }, - "phone": "9999999" - }, - "type": "Microsoft.Security/securityContacts" - } - ], - "variables": {} - }, - { - "file": "file", - "id": "0", - "parameters": {}, - "resources": [ - { - "apiVersion": "2020-01-01-preview", - "identifier": "security_contact", - "name": "security contact", - "properties": { - "alertNotifications": { - "minimalSeverity": "High" - }, - "emails": "sample@email.com", - "notificationsByRole": { - "roles": [ - "Owner" - ], - "state": "On" - }, - "phone": "9999999" - }, - "type": "Microsoft.Security/securityContacts" - } - ], - "variables": {} - }, - { - "file": "file", - "id": "0", - "parameters": {}, - "resources": [ - { - "apiVersion": "2020-01-01-preview", - "identifier": "security_contact", - "name": "security contact", - "properties": { - "alertNotifications": { - "minimalSeverity": "High", - "state": "On" - }, - "emails": "sample@email.com", - "phone": "9999999" - }, - "type": "Microsoft.Security/securityContacts" - } - ], - "variables": {} - }, - { - "file": "file", - "id": "0", - "parameters": {}, - "resources": [ - { - "apiVersion": "2020-01-01-preview", - "identifier": "security_contact", - "name": "security contact", - "properties": { - "alertNotifications": { - "minimalSeverity": "High", - "state": "On" - }, - "emails": "sample@email.com", - "notificationsByRole": { - "roles": [ - "Owner" - ], - "state": "Off" - }, - "phone": "9999999" - }, - "type": "Microsoft.Security/securityContacts" - } - ], - "variables": {} - }, - { - "file": "file", - "id": "0", - "parameters": {}, - "resources": [ - { - "apiVersion": "2020-01-01-preview", - "identifier": "security_contact", - "name": "security contact", - "properties": { - "alertNotifications": { - "minimalSeverity": "High", - "state": "On" - }, - "emails": "sample@email.com", - "notificationsByRole": { - "roles": [ - "Owner" - ] - }, - "phone": "9999999" - }, - "type": "Microsoft.Security/securityContacts" - } - ], - "variables": {} - }, - { - "file": "file", - "id": "0", - "parameters": {}, - "resources": [ - { - "apiVersion": "2020-01-01-preview", - "identifier": "security_contact", - "name": "security contact", - "properties": { - "alertNotifications": { - "minimalSeverity": "High", - "state": "Off" - }, - "emails": "sample@email.com", - "notificationsByRole": { - "roles": [ - "Owner" - ], - "state": "On" - }, - "phone": "9999999" - }, - "type": "Microsoft.Security/securityContacts" - } - ], - "variables": {} - }, - { - "file": "file", - "id": "0", - "parameters": {}, - "resources": [ - { - "apiVersion": "2020-01-01-preview", - "identifier": "security_contact", - "name": "security contact", - "properties": { - "emails": "sample@email.com", - "notificationsByRole": { - "roles": [ - "Owner" - ], - "state": "On" - }, - "phone": "9999999" - }, - "type": "Microsoft.Security/securityContacts" - } - ], - "variables": {} - }, - { - "file": "file", - "id": "0", - "parameters": {}, - "resources": [ - { - "apiVersion": "2020-01-01-preview", - "identifier": "security_contact", - "name": "security contact", - "properties": { - "alertNotifications": { - "minimalSeverity": "High" - }, - "emails": "sample@email.com", - "notificationsByRole": { - "roles": [ - "Owner" - ], - "state": "On" - }, - "phone": "9999999" - }, - "type": "Microsoft.Security/securityContacts" - } - ], - "variables": {} - } - ] + "document": [ + { + "file": "file", + "id": "0", + "parameters": {}, + "resources": [ + { + "apiVersion": "2020-01-01-preview", + "identifier": "security_contact", + "name": "security contact", + "properties": { + "alertNotifications": { + "minimalSeverity": "High", + "state": "On" + }, + "emails": "sample@email.com", + "notificationsByRole": { + "roles": [ + "Owner" + ], + "state": "On" + }, + "phone": "9999999" + }, + "type": "Microsoft.Security/securityContacts" + } + ], + "variables": {} + }, + { + "file": "file", + "id": "0", + "parameters": {}, + "resources": [ + { + "apiVersion": "2020-01-01-preview", + "identifier": "security_contact", + "name": "security contact", + "properties": { + "alertNotifications": { + "minimalSeverity": "High", + "state": "On" + }, + "emails": "sample@email.com", + "notificationsByRole": { + "roles": [ + "Owner" + ], + "state": "On" + }, + "phone": "9999999" + }, + "type": "Microsoft.Security/securityContacts" + } + ], + "variables": {} + }, + { + "file": "file", + "id": "0", + "parameters": {}, + "resources": [ + { + "apiVersion": "2020-01-01-preview", + "identifier": "security_contact", + "name": "security contact", + "properties": { + "alertNotifications": { + "minimalSeverity": "High", + "state": "Off" + }, + "emails": "sample@email.com", + "notificationsByRole": { + "roles": [ + "Owner" + ], + "state": "On" + }, + "phone": "9999999" + }, + "type": "Microsoft.Security/securityContacts" + } + ], + "variables": {} + }, + { + "file": "file", + "id": "0", + "parameters": {}, + "resources": [ + { + "apiVersion": "2020-01-01-preview", + "identifier": "security_contact", + "name": "security contact", + "properties": { + "alertNotifications": { + "minimalSeverity": "High", + "state": "On" + }, + "emails": "sample@email.com", + "phone": "9999999" + }, + "type": "Microsoft.Security/securityContacts" + } + ], + "variables": {} + }, + { + "file": "file", + "id": "0", + "parameters": {}, + "resources": [ + { + "apiVersion": "2020-01-01-preview", + "identifier": "security_contact", + "name": "security contact", + "properties": { + "alertNotifications": { + "minimalSeverity": "High", + "state": "On" + }, + "emails": "sample@email.com", + "notificationsByRole": { + "roles": [ + "Owner" + ], + "state": "Off" + }, + "phone": "9999999" + }, + "type": "Microsoft.Security/securityContacts" + } + ], + "variables": {} + }, + { + "file": "file", + "id": "0", + "parameters": {}, + "resources": [ + { + "apiVersion": "2020-01-01-preview", + "identifier": "security_contact", + "name": "security contact", + "properties": { + "alertNotifications": { + "minimalSeverity": "High", + "state": "On" + }, + "emails": "sample@email.com", + "notificationsByRole": { + "roles": [ + "Owner" + ] + }, + "phone": "9999999" + }, + "type": "Microsoft.Security/securityContacts" + } + ], + "variables": {} + }, + { + "file": "file", + "id": "0", + "parameters": {}, + "resources": [ + { + "apiVersion": "2020-01-01-preview", + "identifier": "security_contact", + "name": "security contact", + "properties": { + "emails": "sample@email.com", + "notificationsByRole": { + "roles": [ + "Owner" + ], + "state": "On" + }, + "phone": "9999999" + }, + "type": "Microsoft.Security/securityContacts" + } + ], + "variables": {} + }, + { + "file": "file", + "id": "0", + "parameters": {}, + "resources": [ + { + "apiVersion": "2020-01-01-preview", + "identifier": "security_contact", + "name": "security contact", + "properties": { + "alertNotifications": { + "minimalSeverity": "High" + }, + "emails": "sample@email.com", + "notificationsByRole": { + "roles": [ + "Owner" + ], + "state": "On" + }, + "phone": "9999999" + }, + "type": "Microsoft.Security/securityContacts" + } + ], + "variables": {} + }, + { + "file": "file", + "id": "0", + "parameters": {}, + "resources": [ + { + "apiVersion": "2020-01-01-preview", + "identifier": "security_contact", + "name": "security contact", + "properties": { + "alertNotifications": { + "minimalSeverity": "High", + "state": "On" + }, + "emails": "sample@email.com", + "phone": "9999999" + }, + "type": "Microsoft.Security/securityContacts" + } + ], + "variables": {} + }, + { + "file": "file", + "id": "0", + "parameters": {}, + "resources": [ + { + "apiVersion": "2020-01-01-preview", + "identifier": "security_contact", + "name": "security contact", + "properties": { + "alertNotifications": { + "minimalSeverity": "High", + "state": "On" + }, + "emails": "sample@email.com", + "notificationsByRole": { + "roles": [ + "Owner" + ], + "state": "Off" + }, + "phone": "9999999" + }, + "type": "Microsoft.Security/securityContacts" + } + ], + "variables": {} + }, + { + "file": "file", + "id": "0", + "parameters": {}, + "resources": [ + { + "apiVersion": "2020-01-01-preview", + "identifier": "security_contact", + "name": "security contact", + "properties": { + "alertNotifications": { + "minimalSeverity": "High", + "state": "On" + }, + "emails": "sample@email.com", + "notificationsByRole": { + "roles": [ + "Owner" + ] + }, + "phone": "9999999" + }, + "type": "Microsoft.Security/securityContacts" + } + ], + "variables": {} + }, + { + "file": "file", + "id": "0", + "parameters": {}, + "resources": [ + { + "apiVersion": "2020-01-01-preview", + "identifier": "security_contact", + "name": "security contact", + "properties": { + "alertNotifications": { + "minimalSeverity": "High", + "state": "Off" + }, + "emails": "sample@email.com", + "notificationsByRole": { + "roles": [ + "Owner" + ], + "state": "On" + }, + "phone": "9999999" + }, + "type": "Microsoft.Security/securityContacts" + } + ], + "variables": {} + }, + { + "file": "file", + "id": "0", + "parameters": {}, + "resources": [ + { + "apiVersion": "2020-01-01-preview", + "identifier": "security_contact", + "name": "security contact", + "properties": { + "emails": "sample@email.com", + "notificationsByRole": { + "roles": [ + "Owner" + ], + "state": "On" + }, + "phone": "9999999" + }, + "type": "Microsoft.Security/securityContacts" + } + ], + "variables": {} + }, + { + "file": "file", + "id": "0", + "parameters": {}, + "resources": [ + { + "apiVersion": "2020-01-01-preview", + "identifier": "security_contact", + "name": "security contact", + "properties": { + "alertNotifications": { + "minimalSeverity": "High" + }, + "emails": "sample@email.com", + "notificationsByRole": { + "roles": [ + "Owner" + ], + "state": "On" + }, + "phone": "9999999" + }, + "type": "Microsoft.Security/securityContacts" + } + ], + "variables": {} + } + ] } diff --git a/e2e/fixtures/E2E_CLI_091_RESULT.json b/e2e/fixtures/E2E_CLI_091_RESULT.json index 81255188947..0aca16413be 100644 --- a/e2e/fixtures/E2E_CLI_091_RESULT.json +++ b/e2e/fixtures/E2E_CLI_091_RESULT.json @@ -1,200 +1,200 @@ { - "kics_version": "development", - "files_scanned": 14, - "lines_scanned": 204, - "files_parsed": 14, - "lines_parsed": 204, - "lines_ignored": 0, - "files_failed_to_scan": 0, - "queries_total": 43, - "queries_failed_to_execute": 0, - "queries_failed_to_compute_similarity_id": 0, - "scan_id": "console", - "severity_counters": { - "CRITICAL": 0, - "HIGH": 0, - "INFO": 12, - "LOW": 0, - "MEDIUM": 0, - "TRACE": 0 - }, - "total_counter": 12, - "total_bom_resources": 0, - "start": "2024-05-13T14:56:28.4200497+01:00", - "end": "2024-05-13T14:56:32.4884749+01:00", - "paths": [ - "/path/test/fixtures/bicep_test/test" - ], - "queries": [ - { - "query_name": "Email Notifications Disabled", - "query_id": "79c2c2c0-eb00-47c0-ac16-f8b0e2c81c92", - "query_url": "https://docs.microsoft.com/en-us/azure/templates/microsoft.security/securitycontacts", - "severity": "INFO", - "platform": "AzureResourceManager", - "cloud_provider": "AZURE", - "category": "Networking and Firewall", - "experimental": false, - "description": "Email notifications about new security alerts, should be set to 'On', and be sent to persons with specific RBAC roles on the subscription", - "description_id": "7f5b9ef4", - "files": [ - { - "file_name": "/path/test/fixtures/bicep_test/test/positive12.bicep", - "similarity_id": "c1c095342af7dbf263e52e6ed344fd07ef39dca36e654aeffecb3c40530728aa", - "line": 10, - "resource_type": "Microsoft.Security/securityContacts", - "resource_name": "security contact", - "issue_type": "MissingAttribute", - "search_key": "resources.name={{security contact}}.properties.notificationsByRole", - "search_line": 10, - "search_value": "", - "expected_value": "resource with type 'Microsoft.Security/securityContacts' should have 'notificationsByRole.state' property set to 'On'", - "actual_value": "resource with type 'Microsoft.Security/securityContacts' doesn't have 'notificationsByRole.state' property defined" - }, - { - "file_name": "/path/test/fixtures/bicep_test/test/positive2.bicep", - "similarity_id": "cde286e1f04fd3a1ce64f647e9483728511e154bab26b6ed418ac9373fbb42e6", - "line": 3, - "resource_type": "Microsoft.Security/securityContacts", - "resource_name": "security contact", - "issue_type": "MissingAttribute", - "search_key": "resources.name={{security contact}}.properties", - "search_line": 3, - "search_value": "", - "expected_value": "resource with type 'Microsoft.Security/securityContacts' should have 'alertNotifications.state' property set to 'On'", - "actual_value": "resource with type 'Microsoft.Security/securityContacts' doesn't have 'alertNotifications' property defined" - }, - { - "file_name": "/path/test/fixtures/bicep_test/test/positive7.bicep", - "similarity_id": "1137382a29991fd5de51071734a6b3ba2deb0b5090fd06c0573e35bb79d78b15", - "line": 7, - "resource_type": "Microsoft.Security/securityContacts", - "resource_name": "security contact", - "issue_type": "IncorrectValue", - "search_key": "resources.name={{security contact}}.properties.alertNotifications.state", - "search_line": 7, - "search_value": "", - "expected_value": "resource with type 'Microsoft.Security/securityContacts' property value should have 'alertNotifications.state' property set to 'On'", - "actual_value": "resource with type 'Microsoft.Security/securityContacts' should have 'alertNotifications.state' property set to 'Off'" - }, - { - "file_name": "/path/test/fixtures/bicep_test/test/positive10.bicep", - "similarity_id": "904900ad2ed3ec646f8f9390b6a223b4541044101f250b4d4e4740eea76a9461", - "line": 3, - "resource_type": "Microsoft.Security/securityContacts", - "resource_name": "security contact", - "issue_type": "MissingAttribute", - "search_key": "resources.name={{security contact}}.properties", - "search_line": 3, - "search_value": "", - "expected_value": "resource with type 'Microsoft.Security/securityContacts' should have 'notificationsByRole.state' property set to 'On'", - "actual_value": "resource with type 'Microsoft.Security/securityContacts' doesn't have 'notificationsByRole' property defined" - }, - { - "file_name": "/path/test/fixtures/bicep_test/test/positive8.bicep", - "similarity_id": "34afd47f5ee4c855d2733888cc0b2a9df989a61d33340fb873a666ab4cc87eb1", - "line": 3, - "resource_type": "Microsoft.Security/securityContacts", - "resource_name": "security contact", - "issue_type": "MissingAttribute", - "search_key": "resources.name={{security contact}}.properties", - "search_line": 3, - "search_value": "", - "expected_value": "resource with type 'Microsoft.Security/securityContacts' should have 'alertNotifications.state' property set to 'On'", - "actual_value": "resource with type 'Microsoft.Security/securityContacts' doesn't have 'alertNotifications' property defined" - }, - { - "file_name": "/path/test/fixtures/bicep_test/test/positive5.bicep", - "similarity_id": "3e045654ceb3b05fe41f5e9e64a797725302d50ce01079e8f04255a7c0cdf9a6", - "line": 11, - "resource_type": "Microsoft.Security/securityContacts", - "resource_name": "security contact", - "issue_type": "IncorrectValue", - "search_key": "resources.name={{security contact}}.properties.notificationsByRole.state", - "search_line": 11, - "search_value": "", - "expected_value": "resource with type 'Microsoft.Security/securityContacts' property value should have 'notificationsByRole.state' property set to 'On'", - "actual_value": "resource with type 'Microsoft.Security/securityContacts' should have 'notificationsByRole.state' property set to 'Off'" - }, - { - "file_name": "/path/test/fixtures/bicep_test/test/positive1.bicep", - "similarity_id": "e29ed60beffa13540f660e8290dd546afe1c3ff9f735b0851f8862010b0cd03c", - "line": 7, - "resource_type": "Microsoft.Security/securityContacts", - "resource_name": "security contact", - "issue_type": "IncorrectValue", - "search_key": "resources.name={{security contact}}.properties.alertNotifications.state", - "search_line": 7, - "search_value": "", - "expected_value": "resource with type 'Microsoft.Security/securityContacts' property value should have 'alertNotifications.state' property set to 'On'", - "actual_value": "resource with type 'Microsoft.Security/securityContacts' should have 'alertNotifications.state' property set to 'Off'" - }, - { - "file_name": "/path/test/fixtures/bicep_test/test/positive4.bicep", - "similarity_id": "18470b0d2877779414ff2b495c997afe4cd925fb5c055eeeadb8e617772a5c52", - "line": 3, - "resource_type": "Microsoft.Security/securityContacts", - "resource_name": "security contact", - "issue_type": "MissingAttribute", - "search_key": "resources.name={{security contact}}.properties", - "search_line": 3, - "search_value": "", - "expected_value": "resource with type 'Microsoft.Security/securityContacts' should have 'notificationsByRole.state' property set to 'On'", - "actual_value": "resource with type 'Microsoft.Security/securityContacts' doesn't have 'notificationsByRole' property defined" - }, - { - "file_name": "/path/test/fixtures/bicep_test/test/positive3.bicep", - "similarity_id": "f0bc728e7dd11b3bd9bb68ba9ed364a1918e1988de56cef9aada9bd658c668f0", - "line": 6, - "resource_type": "Microsoft.Security/securityContacts", - "resource_name": "security contact", - "issue_type": "MissingAttribute", - "search_key": "resources.name={{security contact}}.properties.alertNotifications", - "search_line": 6, - "search_value": "", - "expected_value": "resource with type 'Microsoft.Security/securityContacts' should have 'alertNotifications.state' property set to 'On'", - "actual_value": "resource with type 'Microsoft.Security/securityContacts' doesn't have 'alertNotifications.state' property defined" - }, - { - "file_name": "/path/test/fixtures/bicep_test/test/positive11.bicep", - "similarity_id": "e7f46abecbf3efb96157925b4e3c7b693e8670673f12b8241e6c2f8d0d1ff11a", - "line": 11, - "resource_type": "Microsoft.Security/securityContacts", - "resource_name": "security contact", - "issue_type": "IncorrectValue", - "search_key": "resources.name={{security contact}}.properties.notificationsByRole.state", - "search_line": 11, - "search_value": "", - "expected_value": "resource with type 'Microsoft.Security/securityContacts' property value should have 'notificationsByRole.state' property set to 'On'", - "actual_value": "resource with type 'Microsoft.Security/securityContacts' should have 'notificationsByRole.state' property set to 'Off'" - }, - { - "file_name": "/path/test/fixtures/bicep_test/test/positive6.bicep", - "similarity_id": "c607324d4aaa4b87c9652f3e2c345d60d17e009d138e6873f457b08f5da58b20", - "line": 10, - "resource_type": "Microsoft.Security/securityContacts", - "resource_name": "security contact", - "issue_type": "MissingAttribute", - "search_key": "resources.name={{security contact}}.properties.notificationsByRole", - "search_line": 10, - "search_value": "", - "expected_value": "resource with type 'Microsoft.Security/securityContacts' should have 'notificationsByRole.state' property set to 'On'", - "actual_value": "resource with type 'Microsoft.Security/securityContacts' doesn't have 'notificationsByRole.state' property defined" - }, - { - "file_name": "/path/test/fixtures/bicep_test/test/positive9.bicep", - "similarity_id": "abe2b32de833f56224ef281c8833ed5398a80c29fb4f0cbdf00462b2f4cb80eb", - "line": 6, - "resource_type": "Microsoft.Security/securityContacts", - "resource_name": "security contact", - "issue_type": "MissingAttribute", - "search_key": "resources.name={{security contact}}.properties.alertNotifications", - "search_line": 6, - "search_value": "", - "expected_value": "resource with type 'Microsoft.Security/securityContacts' should have 'alertNotifications.state' property set to 'On'", - "actual_value": "resource with type 'Microsoft.Security/securityContacts' doesn't have 'alertNotifications.state' property defined" - } - ] - } - ] + "kics_version": "development", + "files_scanned": 14, + "lines_scanned": 204, + "files_parsed": 14, + "lines_parsed": 204, + "lines_ignored": 0, + "files_failed_to_scan": 0, + "queries_total": 43, + "queries_failed_to_execute": 0, + "queries_failed_to_compute_similarity_id": 0, + "scan_id": "console", + "severity_counters": { + "CRITICAL": 0, + "HIGH": 0, + "INFO": 12, + "LOW": 0, + "MEDIUM": 0, + "TRACE": 0 + }, + "total_counter": 12, + "total_bom_resources": 0, + "start": "2024-05-16T12:22:19.6406548+01:00", + "end": "2024-05-16T12:22:22.9796004+01:00", + "paths": [ + "/path/test/fixtures/bicep_test/test" + ], + "queries": [ + { + "query_name": "Email Notifications Disabled", + "query_id": "79c2c2c0-eb00-47c0-ac16-f8b0e2c81c92", + "query_url": "https://docs.microsoft.com/en-us/azure/templates/microsoft.security/securitycontacts", + "severity": "INFO", + "platform": "AzureResourceManager", + "cloud_provider": "AZURE", + "category": "Networking and Firewall", + "experimental": false, + "description": "Email notifications about new security alerts, should be set to 'On', and be sent to persons with specific RBAC roles on the subscription", + "description_id": "7f5b9ef4", + "files": [ + { + "file_name": "test\\fixtures\\bicep_test\\test\\positive4.bicep", + "similarity_id": "c3a89bdfc23db16c32d6cad47b70e7dfc4ff8da9a06100a9aa428def0e25d73a", + "line": 3, + "resource_type": "Microsoft.Security/securityContacts", + "resource_name": "security contact", + "issue_type": "MissingAttribute", + "search_key": "resources.name={{security contact}}.properties", + "search_line": 3, + "search_value": "", + "expected_value": "resource with type 'Microsoft.Security/securityContacts' should have 'notificationsByRole.state' property set to 'On'", + "actual_value": "resource with type 'Microsoft.Security/securityContacts' doesn't have 'notificationsByRole' property defined" + }, + { + "file_name": "test\\fixtures\\bicep_test\\test\\positive10.bicep", + "similarity_id": "d62ff55a894c12aef6d63451c93a1712a5927be37d73dfdafaa8104f67676612", + "line": 3, + "resource_type": "Microsoft.Security/securityContacts", + "resource_name": "security contact", + "issue_type": "MissingAttribute", + "search_key": "resources.name={{security contact}}.properties", + "search_line": 3, + "search_value": "", + "expected_value": "resource with type 'Microsoft.Security/securityContacts' should have 'notificationsByRole.state' property set to 'On'", + "actual_value": "resource with type 'Microsoft.Security/securityContacts' doesn't have 'notificationsByRole' property defined" + }, + { + "file_name": "test\\fixtures\\bicep_test\\test\\positive9.bicep", + "similarity_id": "7a4ecff4ed97ef70d2cd01711e2fd64d945f61478b100bd364da9128b69c4c27", + "line": 6, + "resource_type": "Microsoft.Security/securityContacts", + "resource_name": "security contact", + "issue_type": "MissingAttribute", + "search_key": "resources.name={{security contact}}.properties.alertNotifications", + "search_line": 6, + "search_value": "", + "expected_value": "resource with type 'Microsoft.Security/securityContacts' should have 'alertNotifications.state' property set to 'On'", + "actual_value": "resource with type 'Microsoft.Security/securityContacts' doesn't have 'alertNotifications.state' property defined" + }, + { + "file_name": "test\\fixtures\\bicep_test\\test\\positive2.bicep", + "similarity_id": "92862177794a4b65f74486f9b75d275086edcf896fe5fe7b8c45bcd97251006f", + "line": 3, + "resource_type": "Microsoft.Security/securityContacts", + "resource_name": "security contact", + "issue_type": "MissingAttribute", + "search_key": "resources.name={{security contact}}.properties", + "search_line": 3, + "search_value": "", + "expected_value": "resource with type 'Microsoft.Security/securityContacts' should have 'alertNotifications.state' property set to 'On'", + "actual_value": "resource with type 'Microsoft.Security/securityContacts' doesn't have 'alertNotifications' property defined" + }, + { + "file_name": "test\\fixtures\\bicep_test\\test\\positive7.bicep", + "similarity_id": "fe5c5d568f3f549230b3fabc61cc91db33bbbb33c91121c573ca9021c5fabb94", + "line": 7, + "resource_type": "Microsoft.Security/securityContacts", + "resource_name": "security contact", + "issue_type": "IncorrectValue", + "search_key": "resources.name={{security contact}}.properties.alertNotifications.state", + "search_line": 7, + "search_value": "", + "expected_value": "resource with type 'Microsoft.Security/securityContacts' property value should have 'alertNotifications.state' property set to 'On'", + "actual_value": "resource with type 'Microsoft.Security/securityContacts' should have 'alertNotifications.state' property set to 'Off'" + }, + { + "file_name": "test\\fixtures\\bicep_test\\test\\positive12.bicep", + "similarity_id": "819c0d3b809c5e4a21cea208cf7059693f5ad2008b14e35231a93403ecc27ec0", + "line": 10, + "resource_type": "Microsoft.Security/securityContacts", + "resource_name": "security contact", + "issue_type": "MissingAttribute", + "search_key": "resources.name={{security contact}}.properties.notificationsByRole", + "search_line": 10, + "search_value": "", + "expected_value": "resource with type 'Microsoft.Security/securityContacts' should have 'notificationsByRole.state' property set to 'On'", + "actual_value": "resource with type 'Microsoft.Security/securityContacts' doesn't have 'notificationsByRole.state' property defined" + }, + { + "file_name": "test\\fixtures\\bicep_test\\test\\positive1.bicep", + "similarity_id": "ed52317a84fffab64f38db8b68ce5fcb46623839ddf6469c7c0c29b169135281", + "line": 7, + "resource_type": "Microsoft.Security/securityContacts", + "resource_name": "security contact", + "issue_type": "IncorrectValue", + "search_key": "resources.name={{security contact}}.properties.alertNotifications.state", + "search_line": 7, + "search_value": "", + "expected_value": "resource with type 'Microsoft.Security/securityContacts' property value should have 'alertNotifications.state' property set to 'On'", + "actual_value": "resource with type 'Microsoft.Security/securityContacts' should have 'alertNotifications.state' property set to 'Off'" + }, + { + "file_name": "test\\fixtures\\bicep_test\\test\\positive3.bicep", + "similarity_id": "71d4e8fdfafb8e5c0344fa0bb6a6d9d3a1148ad9396a708e1f8dbb158b6546f4", + "line": 6, + "resource_type": "Microsoft.Security/securityContacts", + "resource_name": "security contact", + "issue_type": "MissingAttribute", + "search_key": "resources.name={{security contact}}.properties.alertNotifications", + "search_line": 6, + "search_value": "", + "expected_value": "resource with type 'Microsoft.Security/securityContacts' should have 'alertNotifications.state' property set to 'On'", + "actual_value": "resource with type 'Microsoft.Security/securityContacts' doesn't have 'alertNotifications.state' property defined" + }, + { + "file_name": "test\\fixtures\\bicep_test\\test\\positive8.bicep", + "similarity_id": "28a02c3dca43920204623f345040bda86e24ac6b9f3449d06790f471ce74042d", + "line": 3, + "resource_type": "Microsoft.Security/securityContacts", + "resource_name": "security contact", + "issue_type": "MissingAttribute", + "search_key": "resources.name={{security contact}}.properties", + "search_line": 3, + "search_value": "", + "expected_value": "resource with type 'Microsoft.Security/securityContacts' should have 'alertNotifications.state' property set to 'On'", + "actual_value": "resource with type 'Microsoft.Security/securityContacts' doesn't have 'alertNotifications' property defined" + }, + { + "file_name": "test\\fixtures\\bicep_test\\test\\positive11.bicep", + "similarity_id": "77e70e9212bf3096ff0481641855ba48a3a4b0cd4cb2a05ff5abf53e28e10bdf", + "line": 11, + "resource_type": "Microsoft.Security/securityContacts", + "resource_name": "security contact", + "issue_type": "IncorrectValue", + "search_key": "resources.name={{security contact}}.properties.notificationsByRole.state", + "search_line": 11, + "search_value": "", + "expected_value": "resource with type 'Microsoft.Security/securityContacts' property value should have 'notificationsByRole.state' property set to 'On'", + "actual_value": "resource with type 'Microsoft.Security/securityContacts' should have 'notificationsByRole.state' property set to 'Off'" + }, + { + "file_name": "test\\fixtures\\bicep_test\\test\\positive5.bicep", + "similarity_id": "e3abdcd8333d4ae5919f7d5af53e7d9b968f9b2d6af048b9744522553a4ac540", + "line": 11, + "resource_type": "Microsoft.Security/securityContacts", + "resource_name": "security contact", + "issue_type": "IncorrectValue", + "search_key": "resources.name={{security contact}}.properties.notificationsByRole.state", + "search_line": 11, + "search_value": "", + "expected_value": "resource with type 'Microsoft.Security/securityContacts' property value should have 'notificationsByRole.state' property set to 'On'", + "actual_value": "resource with type 'Microsoft.Security/securityContacts' should have 'notificationsByRole.state' property set to 'Off'" + }, + { + "file_name": "test\\fixtures\\bicep_test\\test\\positive6.bicep", + "similarity_id": "8291d1fb706e78b1999cf52879929aad0d4585355ffa0d7ef795ef1b8d5fbaea", + "line": 10, + "resource_type": "Microsoft.Security/securityContacts", + "resource_name": "security contact", + "issue_type": "MissingAttribute", + "search_key": "resources.name={{security contact}}.properties.notificationsByRole", + "search_line": 10, + "search_value": "", + "expected_value": "resource with type 'Microsoft.Security/securityContacts' should have 'notificationsByRole.state' property set to 'On'", + "actual_value": "resource with type 'Microsoft.Security/securityContacts' doesn't have 'notificationsByRole.state' property defined" + } + ] + } + ] } diff --git a/e2e/fixtures/E2E_CLI_093_RESULT.json b/e2e/fixtures/E2E_CLI_093_RESULT.json index f1bca4bf80c..82814198a15 100644 --- a/e2e/fixtures/E2E_CLI_093_RESULT.json +++ b/e2e/fixtures/E2E_CLI_093_RESULT.json @@ -20,8 +20,8 @@ }, "total_counter": 2, "total_bom_resources": 0, - "start": "2024-01-31T15:46:25.2714687Z", - "end": "2024-01-31T15:46:25.5747871Z", + "start": "2024-05-15T15:52:17.0576034+01:00", + "end": "2024-05-15T15:52:17.9838169+01:00", "paths": [ "/path/test/fixtures/test_old_severity/test", "/path/test/fixtures/test_old_severity/info" @@ -40,24 +40,24 @@ "description_id": "02044a75", "files": [ { - "file_name": "path\\test\\fixtures\\test_old_severities\\test\\positive1.yaml", - "similarity_id": "2197922dab336742ff58010e01218006c9b2c930a840018ef8b42fb1284f2a45", + "file_name": "path\\test\\fixtures\\test_old_severity\\test\\positive1.yaml", + "similarity_id": "a1294c1a63bca998f5cadb852c2680cd6be87510b295234219f2018d684e93fc", "line": 10, "issue_type": "IncorrectValue", "search_key": "run={{if [ \"${{ github.event.issue.body }}\" ]; then\n if [[ \"${{ github.event.issue.title }}\" =~ ^\\[Auto\\]* ]]; then\n :\n else\n echo \"This issue does not need to generate a markdown file.\" 1\u003e\u00262\n exit 1;\n fi;\nelse\n echo \"The description of the issue is empty.\" 1\u003e\u00262\n exit 1;\nfi;\n}}", "search_line": 10, - "search_value": "github.event.issue.body", + "search_value": "github.event.issue.title", "expected_value": "Run block does not contain dangerous input controlled by user.", "actual_value": "Run block contains dangerous input controlled by user." }, { - "file_name": "path\\test\\fixtures\\test_old_severities\\test\\positive1.yaml", - "similarity_id": "efac914cab5fb466570dd3a71ee3edd8197a15928c56c2aabff00f54d05c5e6d", + "file_name": "path\\test\\fixtures\\test_old_severity\\test\\positive1.yaml", + "similarity_id": "bc1190ab3eb96cba01d963d7fc2b1d244f311aa30c6c1bad37c44ff1f746a09c", "line": 10, "issue_type": "IncorrectValue", "search_key": "run={{if [ \"${{ github.event.issue.body }}\" ]; then\n if [[ \"${{ github.event.issue.title }}\" =~ ^\\[Auto\\]* ]]; then\n :\n else\n echo \"This issue does not need to generate a markdown file.\" 1\u003e\u00262\n exit 1;\n fi;\nelse\n echo \"The description of the issue is empty.\" 1\u003e\u00262\n exit 1;\nfi;\n}}", "search_line": 10, - "search_value": "github.event.issue.title", + "search_value": "github.event.issue.body", "expected_value": "Run block does not contain dangerous input controlled by user.", "actual_value": "Run block contains dangerous input controlled by user." } diff --git a/e2e/fixtures/E2E_CLI_093_RESULT_2.json b/e2e/fixtures/E2E_CLI_093_RESULT_2.json index 1a4b75329cf..1fb3754811d 100644 --- a/e2e/fixtures/E2E_CLI_093_RESULT_2.json +++ b/e2e/fixtures/E2E_CLI_093_RESULT_2.json @@ -1,47 +1,47 @@ { - "kics_version": "development", - "files_scanned": 2, - "lines_scanned": 68, - "files_parsed": 2, - "lines_parsed": 68, - "lines_ignored": 0, - "files_failed_to_scan": 0, - "queries_total": 1, - "queries_failed_to_execute": 0, - "queries_failed_to_compute_similarity_id": 0, - "scan_id": "console", - "severity_counters": { - "CRITICAL": 0, - "HIGH": 0, - "INFO": 0, - "LOW": 2, - "MEDIUM": 0, - "TRACE": 0 - }, - "total_counter": 2, - "total_bom_resources": 0, - "start": "2024-01-31T15:46:25.2714687Z", - "end": "2024-01-31T15:46:25.5747871Z", - "paths": [ + "kics_version": "development", + "files_scanned": 2, + "lines_scanned": 68, + "files_parsed": 2, + "lines_parsed": 68, + "lines_ignored": 0, + "files_failed_to_scan": 0, + "queries_total": 1, + "queries_failed_to_execute": 0, + "queries_failed_to_compute_similarity_id": 0, + "scan_id": "console", + "severity_counters": { + "CRITICAL": 0, + "HIGH": 0, + "INFO": 0, + "LOW": 2, + "MEDIUM": 0, + "TRACE": 0 + }, + "total_counter": 2, + "total_bom_resources": 0, + "start": "2024-05-15T15:52:17.0253447+01:00", + "end": "2024-05-15T15:52:17.9489874+01:00", + "paths": [ "/path/test/fixtures/test_old_severity/test", "/path/test/fixtures/test_old_severity/low" - ], - "queries": [ - { - "query_name": "Run Block Injection", - "query_id": "20f14e1a-a899-4e79-9f09-b6a84cd4649b", - "query_url": "https://securitylab.github.com/research/github-actions-untrusted-input/", - "severity": "LOW", - "platform": "CICD", - "cloud_provider": "COMMON", - "category": "Insecure Configurations", - "experimental": false, - "description": "GitHub Actions workflows can be triggered by a variety of events. Every workflow trigger is provided with a GitHub context that contains information about the triggering event, such as which user triggered it, the branch name, and other event context details. Some of this event data, like the base repository name, hash value of a changeset, or pull request number, is unlikely to be controlled or used for injection by the user that triggered the event.", - "description_id": "02044a75", - "files": [ + ], + "queries": [ + { + "query_name": "Run Block Injection", + "query_id": "20f14e1a-a899-4e79-9f09-b6a84cd4649b", + "query_url": "https://securitylab.github.com/research/github-actions-untrusted-input/", + "severity": "LOW", + "platform": "CICD", + "cloud_provider": "COMMON", + "category": "Insecure Configurations", + "experimental": false, + "description": "GitHub Actions workflows can be triggered by a variety of events. Every workflow trigger is provided with a GitHub context that contains information about the triggering event, such as which user triggered it, the branch name, and other event context details. Some of this event data, like the base repository name, hash value of a changeset, or pull request number, is unlikely to be controlled or used for injection by the user that triggered the event.", + "description_id": "02044a75", + "files": [ { - "file_name": "path\\test\\fixtures\\test_old_severities\\test\\positive1.yaml", - "similarity_id": "2197922dab336742ff58010e01218006c9b2c930a840018ef8b42fb1284f2a45", + "file_name": "path\\test\\fixtures\\test_old_severity\\test\\positive1.yaml", + "similarity_id": "bc1190ab3eb96cba01d963d7fc2b1d244f311aa30c6c1bad37c44ff1f746a09c", "line": 10, "issue_type": "IncorrectValue", "search_key": "run={{if [ \"${{ github.event.issue.body }}\" ]; then\n if [[ \"${{ github.event.issue.title }}\" =~ ^\\[Auto\\]* ]]; then\n :\n else\n echo \"This issue does not need to generate a markdown file.\" 1\u003e\u00262\n exit 1;\n fi;\nelse\n echo \"The description of the issue is empty.\" 1\u003e\u00262\n exit 1;\nfi;\n}}", @@ -51,8 +51,8 @@ "actual_value": "Run block contains dangerous input controlled by user." }, { - "file_name": "path\\test\\fixtures\\test_old_severities\\test\\positive1.yaml", - "similarity_id": "efac914cab5fb466570dd3a71ee3edd8197a15928c56c2aabff00f54d05c5e6d", + "file_name": "path\\test\\fixtures\\test_old_severity\\test\\positive1.yaml", + "similarity_id": "a1294c1a63bca998f5cadb852c2680cd6be87510b295234219f2018d684e93fc", "line": 10, "issue_type": "IncorrectValue", "search_key": "run={{if [ \"${{ github.event.issue.body }}\" ]; then\n if [[ \"${{ github.event.issue.title }}\" =~ ^\\[Auto\\]* ]]; then\n :\n else\n echo \"This issue does not need to generate a markdown file.\" 1\u003e\u00262\n exit 1;\n fi;\nelse\n echo \"The description of the issue is empty.\" 1\u003e\u00262\n exit 1;\nfi;\n}}", @@ -61,7 +61,7 @@ "expected_value": "Run block does not contain dangerous input controlled by user.", "actual_value": "Run block contains dangerous input controlled by user." } - ] - } - ] + ] + } + ] } diff --git a/e2e/fixtures/E2E_CLI_093_RESULT_3.json b/e2e/fixtures/E2E_CLI_093_RESULT_3.json index c8ec6f32852..83591c1dd34 100644 --- a/e2e/fixtures/E2E_CLI_093_RESULT_3.json +++ b/e2e/fixtures/E2E_CLI_093_RESULT_3.json @@ -1,47 +1,47 @@ { - "kics_version": "development", - "files_scanned": 2, - "lines_scanned": 68, - "files_parsed": 2, - "lines_parsed": 68, - "lines_ignored": 0, - "files_failed_to_scan": 0, - "queries_total": 1, - "queries_failed_to_execute": 0, - "queries_failed_to_compute_similarity_id": 0, - "scan_id": "console", - "severity_counters": { - "CRITICAL": 0, - "HIGH": 0, - "INFO": 0, - "LOW": 0, - "MEDIUM": 2, - "TRACE": 0 - }, - "total_counter": 2, - "total_bom_resources": 0, - "start": "2024-01-31T15:46:25.2714687Z", - "end": "2024-01-31T15:46:25.5747871Z", - "paths": [ + "kics_version": "development", + "files_scanned": 2, + "lines_scanned": 68, + "files_parsed": 2, + "lines_parsed": 68, + "lines_ignored": 0, + "files_failed_to_scan": 0, + "queries_total": 1, + "queries_failed_to_execute": 0, + "queries_failed_to_compute_similarity_id": 0, + "scan_id": "console", + "severity_counters": { + "CRITICAL": 0, + "HIGH": 0, + "INFO": 0, + "LOW": 0, + "MEDIUM": 2, + "TRACE": 0 + }, + "total_counter": 2, + "total_bom_resources": 0, + "start": "2024-05-15T15:52:17.0695682+01:00", + "end": "2024-05-15T15:52:17.9846628+01:00", + "paths": [ "/path/test/fixtures/test_old_severity/test", "/path/test/fixtures/test_old_severity/medium" - ], - "queries": [ - { - "query_name": "Run Block Injection", - "query_id": "20f14e1a-a899-4e79-9f09-b6a84cd4649b", - "query_url": "https://securitylab.github.com/research/github-actions-untrusted-input/", - "severity": "MEDIUM", - "platform": "CICD", - "cloud_provider": "COMMON", - "category": "Insecure Configurations", - "experimental": false, - "description": "GitHub Actions workflows can be triggered by a variety of events. Every workflow trigger is provided with a GitHub context that contains information about the triggering event, such as which user triggered it, the branch name, and other event context details. Some of this event data, like the base repository name, hash value of a changeset, or pull request number, is unlikely to be controlled or used for injection by the user that triggered the event.", - "description_id": "02044a75", - "files": [ + ], + "queries": [ + { + "query_name": "Run Block Injection", + "query_id": "20f14e1a-a899-4e79-9f09-b6a84cd4649b", + "query_url": "https://securitylab.github.com/research/github-actions-untrusted-input/", + "severity": "MEDIUM", + "platform": "CICD", + "cloud_provider": "COMMON", + "category": "Insecure Configurations", + "experimental": false, + "description": "GitHub Actions workflows can be triggered by a variety of events. Every workflow trigger is provided with a GitHub context that contains information about the triggering event, such as which user triggered it, the branch name, and other event context details. Some of this event data, like the base repository name, hash value of a changeset, or pull request number, is unlikely to be controlled or used for injection by the user that triggered the event.", + "description_id": "02044a75", + "files": [ { - "file_name": "path\\test\\fixtures\\test_old_severities\\test\\positive1.yaml", - "similarity_id": "2197922dab336742ff58010e01218006c9b2c930a840018ef8b42fb1284f2a45", + "file_name": "path\\test\\fixtures\\test_old_severity\\test\\positive1.yaml", + "similarity_id": "bc1190ab3eb96cba01d963d7fc2b1d244f311aa30c6c1bad37c44ff1f746a09c", "line": 10, "issue_type": "IncorrectValue", "search_key": "run={{if [ \"${{ github.event.issue.body }}\" ]; then\n if [[ \"${{ github.event.issue.title }}\" =~ ^\\[Auto\\]* ]]; then\n :\n else\n echo \"This issue does not need to generate a markdown file.\" 1\u003e\u00262\n exit 1;\n fi;\nelse\n echo \"The description of the issue is empty.\" 1\u003e\u00262\n exit 1;\nfi;\n}}", @@ -51,8 +51,8 @@ "actual_value": "Run block contains dangerous input controlled by user." }, { - "file_name": "path\\test\\fixtures\\test_old_severities\\test\\positive1.yaml", - "similarity_id": "efac914cab5fb466570dd3a71ee3edd8197a15928c56c2aabff00f54d05c5e6d", + "file_name": "path\\test\\fixtures\\test_old_severity\\test\\positive1.yaml", + "similarity_id": "a1294c1a63bca998f5cadb852c2680cd6be87510b295234219f2018d684e93fc", "line": 10, "issue_type": "IncorrectValue", "search_key": "run={{if [ \"${{ github.event.issue.body }}\" ]; then\n if [[ \"${{ github.event.issue.title }}\" =~ ^\\[Auto\\]* ]]; then\n :\n else\n echo \"This issue does not need to generate a markdown file.\" 1\u003e\u00262\n exit 1;\n fi;\nelse\n echo \"The description of the issue is empty.\" 1\u003e\u00262\n exit 1;\nfi;\n}}", @@ -61,7 +61,7 @@ "expected_value": "Run block does not contain dangerous input controlled by user.", "actual_value": "Run block contains dangerous input controlled by user." } - ] - } - ] + ] + } + ] } diff --git a/e2e/fixtures/E2E_CLI_093_RESULT_4.json b/e2e/fixtures/E2E_CLI_093_RESULT_4.json index b6095c912e6..cd9c8945a52 100644 --- a/e2e/fixtures/E2E_CLI_093_RESULT_4.json +++ b/e2e/fixtures/E2E_CLI_093_RESULT_4.json @@ -1,47 +1,47 @@ { - "kics_version": "development", - "files_scanned": 2, - "lines_scanned": 68, - "files_parsed": 2, - "lines_parsed": 68, - "lines_ignored": 0, - "files_failed_to_scan": 0, - "queries_total": 1, - "queries_failed_to_execute": 0, - "queries_failed_to_compute_similarity_id": 0, - "scan_id": "console", - "severity_counters": { - "CRITICAL": 0, - "HIGH": 2, - "INFO": 0, - "LOW": 0, - "MEDIUM": 0, - "TRACE": 0 - }, - "total_counter": 2, - "total_bom_resources": 0, - "start": "2024-01-31T15:46:25.2714687Z", - "end": "2024-01-31T15:46:25.5747871Z", - "paths": [ + "kics_version": "development", + "files_scanned": 2, + "lines_scanned": 68, + "files_parsed": 2, + "lines_parsed": 68, + "lines_ignored": 0, + "files_failed_to_scan": 0, + "queries_total": 1, + "queries_failed_to_execute": 0, + "queries_failed_to_compute_similarity_id": 0, + "scan_id": "console", + "severity_counters": { + "CRITICAL": 0, + "HIGH": 2, + "INFO": 0, + "LOW": 0, + "MEDIUM": 0, + "TRACE": 0 + }, + "total_counter": 2, + "total_bom_resources": 0, + "start": "2024-05-15T15:52:17.0377038+01:00", + "end": "2024-05-15T15:52:17.9722107+01:00", + "paths": [ "/path/test/fixtures/test_old_severity/test", "/path/test/fixtures/test_old_severity/high" - ], - "queries": [ - { - "query_name": "Run Block Injection", - "query_id": "20f14e1a-a899-4e79-9f09-b6a84cd4649b", - "query_url": "https://securitylab.github.com/research/github-actions-untrusted-input/", - "severity": "HIGH", - "platform": "CICD", - "cloud_provider": "COMMON", - "category": "Insecure Configurations", - "experimental": false, - "description": "GitHub Actions workflows can be triggered by a variety of events. Every workflow trigger is provided with a GitHub context that contains information about the triggering event, such as which user triggered it, the branch name, and other event context details. Some of this event data, like the base repository name, hash value of a changeset, or pull request number, is unlikely to be controlled or used for injection by the user that triggered the event.", - "description_id": "02044a75", - "files": [ + ], + "queries": [ + { + "query_name": "Run Block Injection", + "query_id": "20f14e1a-a899-4e79-9f09-b6a84cd4649b", + "query_url": "https://securitylab.github.com/research/github-actions-untrusted-input/", + "severity": "HIGH", + "platform": "CICD", + "cloud_provider": "COMMON", + "category": "Insecure Configurations", + "experimental": false, + "description": "GitHub Actions workflows can be triggered by a variety of events. Every workflow trigger is provided with a GitHub context that contains information about the triggering event, such as which user triggered it, the branch name, and other event context details. Some of this event data, like the base repository name, hash value of a changeset, or pull request number, is unlikely to be controlled or used for injection by the user that triggered the event.", + "description_id": "02044a75", + "files": [ { - "file_name": "path\\test\\fixtures\\test_old_severities\\test\\positive1.yaml", - "similarity_id": "2197922dab336742ff58010e01218006c9b2c930a840018ef8b42fb1284f2a45", + "file_name": "path\\test\\fixtures\\test_old_severity\\test\\positive1.yaml", + "similarity_id": "bc1190ab3eb96cba01d963d7fc2b1d244f311aa30c6c1bad37c44ff1f746a09c", "line": 10, "issue_type": "IncorrectValue", "search_key": "run={{if [ \"${{ github.event.issue.body }}\" ]; then\n if [[ \"${{ github.event.issue.title }}\" =~ ^\\[Auto\\]* ]]; then\n :\n else\n echo \"This issue does not need to generate a markdown file.\" 1\u003e\u00262\n exit 1;\n fi;\nelse\n echo \"The description of the issue is empty.\" 1\u003e\u00262\n exit 1;\nfi;\n}}", @@ -51,8 +51,8 @@ "actual_value": "Run block contains dangerous input controlled by user." }, { - "file_name": "path\\test\\fixtures\\test_old_severities\\test\\positive1.yaml", - "similarity_id": "efac914cab5fb466570dd3a71ee3edd8197a15928c56c2aabff00f54d05c5e6d", + "file_name": "path\\test\\fixtures\\test_old_severity\\test\\positive1.yaml", + "similarity_id": "a1294c1a63bca998f5cadb852c2680cd6be87510b295234219f2018d684e93fc", "line": 10, "issue_type": "IncorrectValue", "search_key": "run={{if [ \"${{ github.event.issue.body }}\" ]; then\n if [[ \"${{ github.event.issue.title }}\" =~ ^\\[Auto\\]* ]]; then\n :\n else\n echo \"This issue does not need to generate a markdown file.\" 1\u003e\u00262\n exit 1;\n fi;\nelse\n echo \"The description of the issue is empty.\" 1\u003e\u00262\n exit 1;\nfi;\n}}", @@ -61,7 +61,7 @@ "expected_value": "Run block does not contain dangerous input controlled by user.", "actual_value": "Run block contains dangerous input controlled by user." } - ] - } - ] + ] + } + ] } diff --git a/e2e/fixtures/E2E_CLI_093_RESULT_5.json b/e2e/fixtures/E2E_CLI_093_RESULT_5.json index d5ab8e61476..c168165505d 100644 --- a/e2e/fixtures/E2E_CLI_093_RESULT_5.json +++ b/e2e/fixtures/E2E_CLI_093_RESULT_5.json @@ -1,47 +1,47 @@ { - "kics_version": "development", - "files_scanned": 2, - "lines_scanned": 68, - "files_parsed": 2, - "lines_parsed": 68, - "lines_ignored": 0, - "files_failed_to_scan": 0, - "queries_total": 1, - "queries_failed_to_execute": 0, - "queries_failed_to_compute_similarity_id": 0, - "scan_id": "console", - "severity_counters": { - "CRITICAL": 2, - "HIGH": 0, - "INFO": 0, - "LOW": 0, - "MEDIUM": 0, - "TRACE": 0 - }, - "total_counter": 2, - "total_bom_resources": 0, - "start": "2024-01-31T15:46:25.2714687Z", - "end": "2024-01-31T15:46:25.5747871Z", - "paths": [ + "kics_version": "development", + "files_scanned": 2, + "lines_scanned": 68, + "files_parsed": 2, + "lines_parsed": 68, + "lines_ignored": 0, + "files_failed_to_scan": 0, + "queries_total": 1, + "queries_failed_to_execute": 0, + "queries_failed_to_compute_similarity_id": 0, + "scan_id": "console", + "severity_counters": { + "CRITICAL": 2, + "HIGH": 0, + "INFO": 0, + "LOW": 0, + "MEDIUM": 0, + "TRACE": 0 + }, + "total_counter": 2, + "total_bom_resources": 0, + "start": "2024-05-15T15:52:17.0073737+01:00", + "end": "2024-05-15T15:52:17.8480606+01:00", + "paths": [ "/path/test/fixtures/test_old_severity/test", "/path/test/fixtures/test_old_severity/critical" - ], - "queries": [ - { - "query_name": "Run Block Injection", - "query_id": "20f14e1a-a899-4e79-9f09-b6a84cd4649b", - "query_url": "https://securitylab.github.com/research/github-actions-untrusted-input/", - "severity": "CRITICAL", - "platform": "CICD", - "cloud_provider": "COMMON", - "category": "Insecure Configurations", - "experimental": false, - "description": "GitHub Actions workflows can be triggered by a variety of events. Every workflow trigger is provided with a GitHub context that contains information about the triggering event, such as which user triggered it, the branch name, and other event context details. Some of this event data, like the base repository name, hash value of a changeset, or pull request number, is unlikely to be controlled or used for injection by the user that triggered the event.", - "description_id": "02044a75", - "files": [ + ], + "queries": [ + { + "query_name": "Run Block Injection", + "query_id": "20f14e1a-a899-4e79-9f09-b6a84cd4649b", + "query_url": "https://securitylab.github.com/research/github-actions-untrusted-input/", + "severity": "CRITICAL", + "platform": "CICD", + "cloud_provider": "COMMON", + "category": "Insecure Configurations", + "experimental": false, + "description": "GitHub Actions workflows can be triggered by a variety of events. Every workflow trigger is provided with a GitHub context that contains information about the triggering event, such as which user triggered it, the branch name, and other event context details. Some of this event data, like the base repository name, hash value of a changeset, or pull request number, is unlikely to be controlled or used for injection by the user that triggered the event.", + "description_id": "02044a75", + "files": [ { - "file_name": "path\\test\\fixtures\\test_old_severities\\test\\positive1.yaml", - "similarity_id": "2197922dab336742ff58010e01218006c9b2c930a840018ef8b42fb1284f2a45", + "file_name": "path\\test\\fixtures\\test_old_severity\\test\\positive1.yaml", + "similarity_id": "bc1190ab3eb96cba01d963d7fc2b1d244f311aa30c6c1bad37c44ff1f746a09c", "line": 10, "issue_type": "IncorrectValue", "search_key": "run={{if [ \"${{ github.event.issue.body }}\" ]; then\n if [[ \"${{ github.event.issue.title }}\" =~ ^\\[Auto\\]* ]]; then\n :\n else\n echo \"This issue does not need to generate a markdown file.\" 1\u003e\u00262\n exit 1;\n fi;\nelse\n echo \"The description of the issue is empty.\" 1\u003e\u00262\n exit 1;\nfi;\n}}", @@ -51,8 +51,8 @@ "actual_value": "Run block contains dangerous input controlled by user." }, { - "file_name": "path\\test\\fixtures\\test_old_severities\\test\\positive1.yaml", - "similarity_id": "efac914cab5fb466570dd3a71ee3edd8197a15928c56c2aabff00f54d05c5e6d", + "file_name": "path\\test\\fixtures\\test_old_severity\\test\\positive1.yaml", + "similarity_id": "a1294c1a63bca998f5cadb852c2680cd6be87510b295234219f2018d684e93fc", "line": 10, "issue_type": "IncorrectValue", "search_key": "run={{if [ \"${{ github.event.issue.body }}\" ]; then\n if [[ \"${{ github.event.issue.title }}\" =~ ^\\[Auto\\]* ]]; then\n :\n else\n echo \"This issue does not need to generate a markdown file.\" 1\u003e\u00262\n exit 1;\n fi;\nelse\n echo \"The description of the issue is empty.\" 1\u003e\u00262\n exit 1;\nfi;\n}}", @@ -61,7 +61,7 @@ "expected_value": "Run block does not contain dangerous input controlled by user.", "actual_value": "Run block contains dangerous input controlled by user." } - ] - } - ] + ] + } + ] } diff --git a/e2e/fixtures/E2E_CLI_094_RESULT.json b/e2e/fixtures/E2E_CLI_094_RESULT.json index 4c93078eb14..cd4ab305e63 100644 --- a/e2e/fixtures/E2E_CLI_094_RESULT.json +++ b/e2e/fixtures/E2E_CLI_094_RESULT.json @@ -1,54 +1,54 @@ { - "kics_version": "development", - "files_scanned": 1, - "lines_scanned": 19, - "files_parsed": 1, - "lines_parsed": 19, - "lines_ignored": 0, - "files_failed_to_scan": 0, - "queries_total": 17, - "queries_failed_to_execute": 0, - "queries_failed_to_compute_similarity_id": 0, - "scan_id": "console", - "severity_counters": { - "CRITICAL": 0, - "HIGH": 0, - "INFO": 1, - "LOW": 0, - "MEDIUM": 0, - "TRACE": 0 - }, - "total_counter": 1, - "total_bom_resources": 0, - "start": "2024-05-06T15:45:28.1028682+01:00", - "end": "2024-05-06T15:45:29.6882643+01:00", - "paths": [ - "/path/test/fixtures/resolve_references" - ], - "queries": [ - { - "query_name": "Components Schema Definition Is Unused", - "query_id": "962fa01e-b791-4dcc-b04a-4a3e7389be5e", - "query_url": "https://swagger.io/specification/#components-object", - "severity": "INFO", - "platform": "OpenAPI", - "category": "Best Practices", - "experimental": false, - "description": "Components schemas definitions should be referenced or removed from Open API definition", - "description_id": "5cdc0f3b", - "files": [ - { - "file_name": "path\\test\\fixtures\\resolve_references\\swagger.yaml", - "similarity_id": "ff39e561509c13315ce34a0be602a974d63231b70cb5cdf778109e062302f8eb", - "line": 17, - "issue_type": "IncorrectValue", - "search_key": "components.schemas.{{MyResponse}}", - "search_line": -1, - "search_value": "", - "expected_value": "Schema should be used as reference somewhere", - "actual_value": "Schema is not used as reference" - } - ] - } - ] + "kics_version": "development", + "files_scanned": 1, + "lines_scanned": 19, + "files_parsed": 1, + "lines_parsed": 19, + "lines_ignored": 0, + "files_failed_to_scan": 0, + "queries_total": 17, + "queries_failed_to_execute": 0, + "queries_failed_to_compute_similarity_id": 0, + "scan_id": "console", + "severity_counters": { + "CRITICAL": 0, + "HIGH": 0, + "INFO": 1, + "LOW": 0, + "MEDIUM": 0, + "TRACE": 0 + }, + "total_counter": 1, + "total_bom_resources": 0, + "start": "2024-05-06T15:45:28.1028682+01:00", + "end": "2024-05-06T15:45:29.6882643+01:00", + "paths": [ + "/path/test/fixtures/resolve_references" + ], + "queries": [ + { + "query_name": "Components Schema Definition Is Unused", + "query_id": "962fa01e-b791-4dcc-b04a-4a3e7389be5e", + "query_url": "https://swagger.io/specification/#components-object", + "severity": "INFO", + "platform": "OpenAPI", + "category": "Best Practices", + "experimental": false, + "description": "Components schemas definitions should be referenced or removed from Open API definition", + "description_id": "5cdc0f3b", + "files": [ + { + "file_name": "path\\test\\fixtures\\resolve_references\\swagger.yaml", + "similarity_id": "ff39e561509c13315ce34a0be602a974d63231b70cb5cdf778109e062302f8eb", + "line": 17, + "issue_type": "IncorrectValue", + "search_key": "components.schemas.{{MyResponse}}", + "search_line": -1, + "search_value": "", + "expected_value": "Schema should be used as reference somewhere", + "actual_value": "Schema is not used as reference" + } + ] + } + ] } diff --git a/e2e/fixtures/E2E_CLI_095_RESULT.json b/e2e/fixtures/E2E_CLI_095_RESULT.json index ddd56ce055c..3dfd278e5d7 100644 --- a/e2e/fixtures/E2E_CLI_095_RESULT.json +++ b/e2e/fixtures/E2E_CLI_095_RESULT.json @@ -1,29 +1,29 @@ { - "kics_version": "development", - "files_scanned": 2, - "lines_scanned": 22, - "files_parsed": 2, - "lines_parsed": 6887, - "lines_ignored": 0, - "files_failed_to_scan": 0, - "queries_total": 0, - "queries_failed_to_execute": 0, - "queries_failed_to_compute_similarity_id": 0, - "scan_id": "console", - "severity_counters": { - "CRITICAL": 0, - "HIGH": 0, - "INFO": 0, - "LOW": 0, - "MEDIUM": 0, - "TRACE": 0 - }, - "total_counter": 0, - "total_bom_resources": 0, - "start": "2024-05-06T15:47:33.0217097+01:00", - "end": "2024-05-06T15:47:35.1422829+01:00", - "paths": [ - "/path/test/fixtures/resolve_circular_loop" - ], - "queries": [] + "kics_version": "development", + "files_scanned": 2, + "lines_scanned": 22, + "files_parsed": 2, + "lines_parsed": 6887, + "lines_ignored": 0, + "files_failed_to_scan": 0, + "queries_total": 0, + "queries_failed_to_execute": 0, + "queries_failed_to_compute_similarity_id": 0, + "scan_id": "console", + "severity_counters": { + "CRITICAL": 0, + "HIGH": 0, + "INFO": 0, + "LOW": 0, + "MEDIUM": 0, + "TRACE": 0 + }, + "total_counter": 0, + "total_bom_resources": 0, + "start": "2024-05-06T15:47:33.0217097+01:00", + "end": "2024-05-06T15:47:35.1422829+01:00", + "paths": [ + "/path/test/fixtures/resolve_circular_loop" + ], + "queries": [] } diff --git a/e2e/fixtures/E2E_CLI_096_RESULT.json b/e2e/fixtures/E2E_CLI_096_RESULT.json new file mode 100644 index 00000000000..7bba95a6aa0 --- /dev/null +++ b/e2e/fixtures/E2E_CLI_096_RESULT.json @@ -0,0 +1,67 @@ +{ + "kics_version": "development", + "files_scanned": 1, + "lines_scanned": 66, + "files_parsed": 1, + "lines_parsed": 66, + "lines_ignored": 0, + "files_failed_to_scan": 0, + "queries_total": 1, + "queries_failed_to_execute": 0, + "queries_failed_to_compute_similarity_id": 0, + "scan_id": "console", + "severity_counters": { + "CRITICAL": 0, + "HIGH": 0, + "INFO": 0, + "LOW": 0, + "MEDIUM": 2, + "TRACE": 0 + }, + "total_counter": 2, + "total_bom_resources": 0, + "start": "2024-04-29T15:47:48.2304103+01:00", + "end": "2024-04-29T15:47:52.5595973+01:00", + "paths": [ + "/path/test/fixtures/new_similarity_id" + ], + "queries": [ + { + "query_name": "Memory Not Limited", + "query_id": "bb9ac4f7-e13b-423d-a010-c74a1bfbe492", + "query_url": "https://docs.docker.com/compose/compose-file/compose-file-v3/#resources", + "severity": "MEDIUM", + "platform": "DockerCompose", + "category": "Resource Management", + "experimental": false, + "description": "Memory limits should be defined for each container. This prevents potential resource exhaustion by ensuring that containers consume not more than the designated amount of memory", + "description_id": "8fcb9f7d", + "files": [ + { + "file_name": "path\\test\\fixtures\\new_similarity_id\\stack.yml", + "similarity_id": "074e833d4a971ef74dcaca53f1af93c15f90ea6627fded399529a4b7c2e8ce59", + "old_similarity_id": "d961aaad4a5f76c10bbb5af77b2ee8bd88dd2f977d6af847bd03d12b54569820", + "line": 4, + "issue_type": "MissingAttribute", + "search_key": "services.ui.deploy", + "search_line": 4, + "search_value": "", + "expected_value": "'deploy.resources' should be defined", + "actual_value": "'deploy.resources' is not defined" + }, + { + "file_name": "path\\test\\fixtures\\new_similarity_id\\stack.yml", + "similarity_id": "7a2fb2748dcebcb8a4169e65b71a5f51dff8b3dabca853847b9f7568485c5e37", + "old_similarity_id": "d961aaad4a5f76c10bbb5af77b2ee8bd88dd2f977d6af847bd03d12b54569820", + "line": 4, + "issue_type": "MissingAttribute", + "search_key": "services.api.deploy", + "search_line": 4, + "search_value": "", + "expected_value": "'deploy.resources' should be defined", + "actual_value": "'deploy.resources' is not defined" + } + ] + } + ] +} diff --git a/e2e/fixtures/E2E_CLI_097_RESULT.json b/e2e/fixtures/E2E_CLI_097_RESULT.json new file mode 100644 index 00000000000..392ebedf71b --- /dev/null +++ b/e2e/fixtures/E2E_CLI_097_RESULT.json @@ -0,0 +1,65 @@ +{ + "kics_version": "development", + "files_scanned": 1, + "lines_scanned": 66, + "files_parsed": 1, + "lines_parsed": 66, + "lines_ignored": 0, + "files_failed_to_scan": 0, + "queries_total": 1, + "queries_failed_to_execute": 0, + "queries_failed_to_compute_similarity_id": 0, + "scan_id": "console", + "severity_counters": { + "CRITICAL": 0, + "HIGH": 0, + "INFO": 0, + "LOW": 0, + "MEDIUM": 2, + "TRACE": 0 + }, + "total_counter": 2, + "total_bom_resources": 0, + "start": "2024-03-26T14:46:52.4090749Z", + "end": "2024-03-26T14:46:55.6257816Z", + "paths": [ + "/path/test/fixtures/new_similarity_id" + ], + "queries": [ + { + "query_name": "Memory Not Limited", + "query_id": "bb9ac4f7-e13b-423d-a010-c74a1bfbe492", + "query_url": "https://docs.docker.com/compose/compose-file/compose-file-v3/#resources", + "severity": "MEDIUM", + "platform": "DockerCompose", + "category": "Resource Management", + "experimental": false, + "description": "Memory limits should be defined for each container. This prevents potential resource exhaustion by ensuring that containers consume not more than the designated amount of memory", + "description_id": "8fcb9f7d", + "files": [ + { + "file_name": "path\\test\\fixtures\\new_similarity_id\\stack.yml", + "similarity_id": "7a2fb2748dcebcb8a4169e65b71a5f51dff8b3dabca853847b9f7568485c5e37", + "line": 4, + "issue_type": "MissingAttribute", + "search_key": "services.api.deploy", + "search_line": 4, + "search_value": "", + "expected_value": "'deploy.resources' should be defined", + "actual_value": "'deploy.resources' is not defined" + }, + { + "file_name": "path\\test\\fixtures\\new_similarity_id\\stack.yml", + "similarity_id": "074e833d4a971ef74dcaca53f1af93c15f90ea6627fded399529a4b7c2e8ce59", + "line": 4, + "issue_type": "MissingAttribute", + "search_key": "services.ui.deploy", + "search_line": 4, + "search_value": "", + "expected_value": "'deploy.resources' should be defined", + "actual_value": "'deploy.resources' is not defined" + } + ] + } + ] +} diff --git a/e2e/testcases/e2e-cli-096_new_similarity_id_with_old_similarity_id.go b/e2e/testcases/e2e-cli-096_new_similarity_id_with_old_similarity_id.go new file mode 100644 index 00000000000..9c57f943b36 --- /dev/null +++ b/e2e/testcases/e2e-cli-096_new_similarity_id_with_old_similarity_id.go @@ -0,0 +1,27 @@ +package testcases + +// E2E-CLI-096 - KICS scan +// should perform a scan successfully giving results with similarity ids unique and the old similarity id +func init() { //nolint + testSample := TestCase{ + Name: "should perform a scan successfully giving results with similarity ids unique, showing the old similarity id [E2E-CLI-096]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-o", "/path/e2e/output", + "--output-name", "E2E_CLI_096_RESULT", + "-p", "\"/path/test/fixtures/new_similarity_id\"", + "-i", "bb9ac4f7-e13b-423d-a010-c74a1bfbe492", + "--kics_compute_new_simid", + }, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_096_RESULT", + }, + }, + }, + WantStatus: []int{40}, + } + + Tests = append(Tests, testSample) +} diff --git a/e2e/testcases/e2e-cli-097_new_similarity_id_without_old_similarity_id.go b/e2e/testcases/e2e-cli-097_new_similarity_id_without_old_similarity_id.go new file mode 100644 index 00000000000..56db7569290 --- /dev/null +++ b/e2e/testcases/e2e-cli-097_new_similarity_id_without_old_similarity_id.go @@ -0,0 +1,26 @@ +package testcases + +// E2E-CLI-097 - KICS scan +// should perform a scan successfully giving results with similarity ids unique without showing the old similarity id +func init() { //nolint + testSample := TestCase{ + Name: "should perform a scan successfully giving results with similarity ids unique without showing the old similarity id [E2E-CLI-097]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-o", "/path/e2e/output", + "--output-name", "E2E_CLI_097_RESULT", + "-p", "\"/path/test/fixtures/new_similarity_id\"", + "-i", "bb9ac4f7-e13b-423d-a010-c74a1bfbe492", + }, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_097_RESULT", + }, + }, + }, + WantStatus: []int{40}, + } + + Tests = append(Tests, testSample) +} diff --git a/internal/console/assets/scan-flags.json b/internal/console/assets/scan-flags.json index ddc56476c9a..f4646c19285 100644 --- a/internal/console/assets/scan-flags.json +++ b/internal/console/assets/scan-flags.json @@ -223,15 +223,22 @@ "usage": "max file size permitted for scanning, in MB" }, "old-severities": { - "flagType": "bool", - "shorthandFlag": "", - "defaultValue": "false", - "usage": "uses old severities in query results" + "flagType": "bool", + "shorthandFlag": "", + "defaultValue": "false", + "usage": "uses old severities in query results" }, "max-resolver-depth": { "flagType": "int", "shorthandFlag": "", "defaultValue": "15", "usage": "max depth to which the resolver will traverse to resolve files" + }, + "kics_compute_new_simid": { + "flagType": "bool", + "shorthandFlag": "", + "defaultValue": "false", + "usage": "calculate old similarity id in query results", + "hidden": true } } diff --git a/internal/console/flags/scan_flags.go b/internal/console/flags/scan_flags.go index 8b7399abe69..9e45168efad 100644 --- a/internal/console/flags/scan_flags.go +++ b/internal/console/flags/scan_flags.go @@ -39,4 +39,5 @@ const ( MaxFileSizeFlag = "max-file-size" UseOldSeveritiesFlag = "old-severities" MaxResolverDepth = "max-resolver-depth" + KicsComputeNewSimIDFlag = "kics_compute_new_simid" ) diff --git a/internal/console/scan.go b/internal/console/scan.go index d4300cdc5e3..12bdf86d020 100644 --- a/internal/console/scan.go +++ b/internal/console/scan.go @@ -144,6 +144,7 @@ func getScanParameters(changedDefaultQueryPath, changedDefaultLibrariesPath bool MaxFileSizeFlag: flags.GetIntFlag(flags.MaxFileSizeFlag), UseOldSeverities: flags.GetBoolFlag(flags.UseOldSeveritiesFlag), MaxResolverDepth: flags.GetIntFlag(flags.MaxResolverDepth), + KicsComputeNewSimID: flags.GetBoolFlag(flags.KicsComputeNewSimIDFlag), } return &scanParams diff --git a/internal/tracker/ci.go b/internal/tracker/ci.go index 169f72c2f4b..a91896c9ffb 100644 --- a/internal/tracker/ci.go +++ b/internal/tracker/ci.go @@ -16,22 +16,23 @@ var ( ) type CITracker struct { - ExecutingQueries int - ExecutedQueries int - FoundFiles int - FailedSimilarityID int - LoadedQueries int - ParsedFiles int - ScanSecrets int - ScanPaths int - lines int - FoundCountLines int - ParsedCountLines int - IgnoreCountLines int - Version model.Version - BagOfFilesParse map[string]int - BagOfFilesFound map[string]int - syncFileMutex sync.Mutex + ExecutingQueries int + ExecutedQueries int + FoundFiles int + FailedSimilarityID int + FailedOldSimilarityID int + LoadedQueries int + ParsedFiles int + ScanSecrets int + ScanPaths int + lines int + FoundCountLines int + ParsedCountLines int + IgnoreCountLines int + Version model.Version + BagOfFilesParse map[string]int + BagOfFilesFound map[string]int + syncFileMutex sync.Mutex } // NewTracker will create a new instance of a tracker with the number of lines to display in results output @@ -106,6 +107,11 @@ func (c *CITracker) FailedComputeSimilarityID() { c.FailedSimilarityID++ } +// FailedComputeOldSimilarityID - queries that failed to compute old similarity ID +func (c *CITracker) FailedComputeOldSimilarityID() { + c.FailedOldSimilarityID++ +} + // TrackScanSecret - add to secrets scanned func (c *CITracker) TrackScanSecret() { c.ScanSecrets++ diff --git a/internal/tracker/ci_test.go b/internal/tracker/ci_test.go index 6d1f2d99f49..487357c743f 100644 --- a/internal/tracker/ci_test.go +++ b/internal/tracker/ci_test.go @@ -17,19 +17,20 @@ TestCITracker tests the functions [TrackQueryLoad(),TrackQueryExecution(),TrackF */ func TestCITracker(t *testing.T) { type fields struct { - LoadedQueries int - ExecutedQueries int - ExecutingQueries int - FoundFiles int - ParsedFiles int - FailedSimilarityID int - ScanSecrets int - ScanPaths int - Version model.Version - FoundCountLines int - ParsedCountLines int - IgnoreCountLines int - lines int + LoadedQueries int + ExecutedQueries int + ExecutingQueries int + FoundFiles int + ParsedFiles int + FailedSimilarityID int + FailedOldSimilarityID int + ScanSecrets int + ScanPaths int + Version model.Version + FoundCountLines int + ParsedCountLines int + IgnoreCountLines int + lines int } tests := []struct { name string @@ -38,19 +39,20 @@ func TestCITracker(t *testing.T) { { name: "testing_case_1", fields: fields{ - LoadedQueries: 0, - ExecutedQueries: 0, - ExecutingQueries: 0, - FoundFiles: 0, - ParsedFiles: 0, - FailedSimilarityID: 0, - ScanSecrets: 0, - ScanPaths: 0, - Version: model.Version{}, - FoundCountLines: 2, - ParsedCountLines: 1, - IgnoreCountLines: 4, - lines: 3, + LoadedQueries: 0, + ExecutedQueries: 0, + ExecutingQueries: 0, + FoundFiles: 0, + ParsedFiles: 0, + FailedSimilarityID: 0, + FailedOldSimilarityID: 0, + ScanSecrets: 0, + ScanPaths: 0, + Version: model.Version{}, + FoundCountLines: 2, + ParsedCountLines: 1, + IgnoreCountLines: 4, + lines: 3, }, }, } @@ -100,6 +102,10 @@ func TestCITracker(t *testing.T) { c.FailedComputeSimilarityID() require.Equal(t, 1, c.FailedSimilarityID) }) + t.Run(fmt.Sprintf(tt.name+"_FailedComputeOldSimilarityID"), func(t *testing.T) { + c.FailedComputeOldSimilarityID() + require.Equal(t, 1, c.FailedOldSimilarityID) + }) t.Run(fmt.Sprintf(tt.name+"_FailedDetectLine"), func(t *testing.T) { c.FailedDetectLine() require.Equal(t, 0, c.ExecutedQueries) diff --git a/pkg/engine/inspector.go b/pkg/engine/inspector.go index 1c60e8ce525..695ad16e5fc 100644 --- a/pkg/engine/inspector.go +++ b/pkg/engine/inspector.go @@ -58,7 +58,7 @@ type QueryLoader struct { // VulnerabilityBuilder represents a function that will build a vulnerability type VulnerabilityBuilder func(ctx *QueryContext, tracker Tracker, v interface{}, - detector *detector.DetectLine, useOldSeverities bool) (*model.Vulnerability, error) + detector *detector.DetectLine, useOldSeverities bool, kicsComputeNewSimID bool) (*model.Vulnerability, error) // PreparedQuery includes the opaQuery and its metadata type PreparedQuery struct { @@ -81,6 +81,7 @@ type Inspector struct { queryExecTimeout time.Duration useOldSeverities bool numWorkers int + kicsComputeNewSimID bool } // QueryContext contains the context where the query is executed, which scan it belongs, basic information of query, @@ -121,7 +122,8 @@ func NewInspector( queryTimeout int, useOldSeverities bool, needsLog bool, - numWorkers int) (*Inspector, error) { + numWorkers int, + kicsComputeNewSimID bool) (*Inspector, error) { log.Debug().Msg("engine.NewInspector()") metrics.Metric.Start("get_queries") @@ -165,15 +167,16 @@ func NewInspector( } return &Inspector{ - QueryLoader: &queryLoader, - vb: vb, - tracker: tracker, - failedQueries: failedQueries, - excludeResults: excludeResults, - detector: lineDetector, - queryExecTimeout: queryExecTimeout, - useOldSeverities: useOldSeverities, - numWorkers: adjustNumWorkers(numWorkers), + QueryLoader: &queryLoader, + vb: vb, + tracker: tracker, + failedQueries: failedQueries, + excludeResults: excludeResults, + detector: lineDetector, + queryExecTimeout: queryExecTimeout, + useOldSeverities: useOldSeverities, + numWorkers: adjustNumWorkers(numWorkers), + kicsComputeNewSimID: kicsComputeNewSimID, }, nil } @@ -477,7 +480,7 @@ func (c *Inspector) DecodeQueryResults( } func getVulnerabilitiesFromQuery(ctx *QueryContext, c *Inspector, queryResultItem interface{}) (*model.Vulnerability, bool) { - vulnerability, err := c.vb(ctx, c.tracker, queryResultItem, c.detector, c.useOldSeverities) + vulnerability, err := c.vb(ctx, c.tracker, queryResultItem, c.detector, c.useOldSeverities, c.kicsComputeNewSimID) if err != nil && err.Error() == ErrNoResult.Error() { // Ignoring bad results return nil, false diff --git a/pkg/engine/inspector_test.go b/pkg/engine/inspector_test.go index f7583beaa83..08198175ffe 100644 --- a/pkg/engine/inspector_test.go +++ b/pkg/engine/inspector_test.go @@ -186,9 +186,10 @@ func TestInspect(t *testing.T) { //nolint excludeResults map[string]bool } type args struct { - ctx context.Context - scanID string - files model.FileMetadatas + ctx context.Context + scanID string + files model.FileMetadatas + kicsComputeNewSimID bool } tests := []struct { name string @@ -233,11 +234,13 @@ func TestInspect(t *testing.T) { //nolint LinesOriginalData: utils.SplitLines("orig_data"), }, }, + kicsComputeNewSimID: true, }, want: []model.Vulnerability{ { ID: 0, SimilarityID: "fec62a97d569662093dbb9739360942fc2a0c47bedec0bfcae05dc9d899d3ebe", + OldSimilarityID: "fec62a97d569662093dbb9739360942fc2a0c47bedec0bfcae05dc9d899d3ebe", ScanID: "scanID", FileID: "3a3be8f7-896e-4ef8-9db3-d6c19e60510b", FileName: "assets/queries/dockerfile/add_instead_of_copy/test/positive.dockerfile", @@ -296,6 +299,7 @@ func TestInspect(t *testing.T) { //nolint LinesOriginalData: utils.SplitLines("orig_data"), }, }, + kicsComputeNewSimID: true, }, want: []model.Vulnerability{}, wantErr: false, @@ -321,6 +325,7 @@ func TestInspect(t *testing.T) { //nolint detector: inspDetector, queryExecTimeout: time.Duration(60) * time.Second, numWorkers: 1, + kicsComputeNewSimID: tt.args.kicsComputeNewSimID, } got, err := c.Inspect(tt.args.ctx, tt.args.scanID, tt.args.files, []string{filepath.FromSlash("assets/queries/")}, []string{"Dockerfile"}, currentQuery) @@ -399,16 +404,17 @@ func TestNewInspector(t *testing.T) { //nolint Aggregation: 1, }) type args struct { - ctx context.Context - source source.QueriesSource - vb VulnerabilityBuilder - tracker Tracker - queryFilter source.QueryInspectorParameters - excludeResults map[string]bool - queryExecTimeout int - needsLog bool - useOldSeverities bool - numWorkers int + ctx context.Context + source source.QueriesSource + vb VulnerabilityBuilder + tracker Tracker + queryFilter source.QueryInspectorParameters + excludeResults map[string]bool + queryExecTimeout int + needsLog bool + useOldSeverities bool + numWorkers int + kicsComputeNewSimID bool } tests := []struct { name string @@ -432,10 +438,11 @@ func TestNewInspector(t *testing.T) { //nolint ByCategories: []string{}, }, }, - excludeResults: map[string]bool{}, - queryExecTimeout: 60, - needsLog: true, - numWorkers: 1, + excludeResults: map[string]bool{}, + queryExecTimeout: 60, + needsLog: true, + numWorkers: 1, + kicsComputeNewSimID: true, }, want: &Inspector{ vb: vbs, @@ -458,7 +465,7 @@ func TestNewInspector(t *testing.T) { //nolint tt.args.queryExecTimeout, tt.args.useOldSeverities, tt.args.needsLog, - tt.args.numWorkers) + tt.args.numWorkers, tt.args.kicsComputeNewSimID) if (err != nil) != tt.wantErr { t.Errorf("NewInspector() error: got = %v,\n wantErr = %v", err, tt.wantErr) @@ -547,8 +554,9 @@ func TestEngine_LenQueriesByPlat(t *testing.T) { } type args struct { - queriesPath []string - platform []string + queriesPath []string + platform []string + kicsComputeNewSimID bool } tests := []struct { name string @@ -558,8 +566,9 @@ func TestEngine_LenQueriesByPlat(t *testing.T) { { name: "test_len_queries_plat", args: args{ - queriesPath: []string{filepath.FromSlash("./test/fixtures")}, - platform: []string{"terraform"}, + queriesPath: []string{filepath.FromSlash("./test/fixtures")}, + platform: []string{"terraform"}, + kicsComputeNewSimID: true, }, min: 1, }, @@ -570,7 +579,8 @@ func TestEngine_LenQueriesByPlat(t *testing.T) { filepath.FromSlash("./assets/queries/terraform/aws/alb_deletion_protection_disabled"), filepath.FromSlash("./assets/queries/terraform/aws/alb_is_not_integrated_with_waf"), }, - platform: []string{"terraform"}, + platform: []string{"terraform"}, + kicsComputeNewSimID: true, }, min: 2, }, @@ -578,7 +588,7 @@ func TestEngine_LenQueriesByPlat(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - ins := newInspectorInstance(t, tt.args.queriesPath) + ins := newInspectorInstance(t, tt.args.queriesPath, tt.args.kicsComputeNewSimID) got := ins.LenQueriesByPlat(tt.args.platform) require.True(t, got >= tt.min) }) @@ -590,8 +600,9 @@ func TestEngine_GetFailedQueries(t *testing.T) { t.Fatal(err) } type args struct { - queriesPath []string - nrFailedQueries int + queriesPath []string + nrFailedQueries int + kicsComputeNewSimID bool } tests := []struct { name string @@ -600,15 +611,16 @@ func TestEngine_GetFailedQueries(t *testing.T) { { name: "test_get_failed_queries", args: args{ - queriesPath: []string{filepath.FromSlash("./test/fixtures")}, - nrFailedQueries: 5, + queriesPath: []string{filepath.FromSlash("./test/fixtures")}, + nrFailedQueries: 5, + kicsComputeNewSimID: true, }, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - ins := newInspectorInstance(t, tt.args.queriesPath) + ins := newInspectorInstance(t, tt.args.queriesPath, tt.args.kicsComputeNewSimID) fail := make([]string, tt.args.nrFailedQueries) for idx := range fail { ins.failedQueries[fmt.Sprint(idx)] = nil @@ -692,7 +704,7 @@ func TestInspector_DecodeQueryResults(t *testing.T) { contextToUSe := context.Background() //build inspector - c := newInspectorInstance(t, []string{}) + c := newInspectorInstance(t, []string{}, true) type args struct { queryContext QueryContext @@ -761,10 +773,10 @@ func newQueryContext(ctx context.Context) QueryContext { return queryContext } -func newInspectorInstance(t *testing.T, queryPath []string) *Inspector { +func newInspectorInstance(t *testing.T, queryPath []string, kicsComputeNewSimID bool) *Inspector { querySource := source.NewFilesystemSource(queryPath, []string{""}, []string{""}, filepath.FromSlash("./assets/libraries"), true) var vb = func(ctx *QueryContext, tracker Tracker, v interface{}, - detector *detector.DetectLine, useOldSeverity bool) (*model.Vulnerability, error) { + detector *detector.DetectLine, useOldSeverity bool, kicsComputeNewSimID bool) (*model.Vulnerability, error) { return &model.Vulnerability{}, nil } ins, err := NewInspector( @@ -773,7 +785,9 @@ func newInspectorInstance(t *testing.T, queryPath []string) *Inspector { vb, &tracker.CITracker{}, &source.QueryInspectorParameters{}, - map[string]bool{}, 60, false, true, 1, + map[string]bool{}, 60, + false, true, 1, + kicsComputeNewSimID, ) require.NoError(t, err) return ins diff --git a/pkg/engine/tracker.go b/pkg/engine/tracker.go index 49302a5274c..68219f6f078 100644 --- a/pkg/engine/tracker.go +++ b/pkg/engine/tracker.go @@ -13,5 +13,6 @@ type Tracker interface { TrackScanSecret() FailedDetectLine() FailedComputeSimilarityID() + FailedComputeOldSimilarityID() GetOutputLines() int } diff --git a/pkg/engine/vulnerability_builder.go b/pkg/engine/vulnerability_builder.go index 86898cfda6d..69fad1b760d 100644 --- a/pkg/engine/vulnerability_builder.go +++ b/pkg/engine/vulnerability_builder.go @@ -56,7 +56,9 @@ func modifyVulSearchKeyReference(doc interface{}, originalSearchKey string, stri var DefaultVulnerabilityBuilder = func(ctx *QueryContext, tracker Tracker, v interface{}, - detector *dec.DetectLine, useOldSeverities bool) (*model.Vulnerability, error) { + detector *dec.DetectLine, + useOldSeverities bool, + kicsComputeNewSimID bool) (*model.Vulnerability, error) { vObj, ok := v.(map[string]interface{}) if !ok { return &model.Vulnerability{}, ErrInvalidResult @@ -122,6 +124,7 @@ var DefaultVulnerabilityBuilder = func(ctx *QueryContext, } lineNumber := 0 + var similarityIDLineInfoOld = similarityIDLineInfo if file.Kind != model.KindHELM && len(file.ResolvedFiles) == 0 { searchLineCalc := &searchLineCalculator{ lineNr: -1, @@ -132,7 +135,7 @@ var DefaultVulnerabilityBuilder = func(ctx *QueryContext, linesVulne: linesVulne, } // calculate search Line if possible (default uses values of search key) - lineNumber, similarityIDLineInfo, linesVulne = calculeSearchLine(searchLineCalc) + lineNumber, similarityIDLineInfoOld, linesVulne = calculeSearchLine(searchLineCalc) } if linesVulne.Line == -1 { @@ -158,16 +161,14 @@ var DefaultVulnerabilityBuilder = func(ctx *QueryContext, if v := mustMapKeyToString(vObj, "issueType"); v != nil { issueType = model.IssueType(*v) } - similarityID, err := buildSimilarityID(ctx, linesVulne.ResolvedFile, queryID, searchKey, similarityIDLineInfo, searchValue) - if err != nil { - logWithFields.Err(err).Send() - tracker.FailedComputeSimilarityID() - } + similarityID, oldSimilarityID := generateSimilaritiesID(ctx, linesVulne.ResolvedFile, queryID, similarityIDLineInfo, searchValue, + searchKey, similarityIDLineInfoOld, kicsComputeNewSimID, &logWithFields, tracker) return &model.Vulnerability{ ID: 0, SimilarityID: PtrStringToString(similarityID), + OldSimilarityID: PtrStringToString(oldSimilarityID), ScanID: ctx.scanID, FileID: file.ID, FileName: linesVulne.ResolvedFile, @@ -199,7 +200,39 @@ var DefaultVulnerabilityBuilder = func(ctx *QueryContext, }, nil } +// +func generateSimilaritiesID(ctx *QueryContext, + resolvedFile, queryID, similarityIDLineInfo, searchValue, searchKey, similarityIDLineInfoOld string, + kicsComputeNewSimID bool, + logWithFields *zerolog.Logger, + tracker Tracker) (similarityID, oldSimilarityID *string) { + similarityID, err := buildSimilarityID(ctx, resolvedFile, queryID, similarityIDLineInfo, searchValue) + if err != nil { + logWithFields.Err(err).Send() + tracker.FailedComputeSimilarityID() + } + + if kicsComputeNewSimID { + oldSimilarityID, err = oldBuildSimilarityID(ctx, resolvedFile, queryID, searchKey, similarityIDLineInfoOld, searchValue) + if err != nil { + logWithFields.Err(err).Send() + tracker.FailedComputeOldSimilarityID() + } + } + return similarityID, oldSimilarityID +} + func buildSimilarityID( + ctx *QueryContext, + resolvedFile, + queryID, + searchKey, + searchValue string) (*string, error) { + return similarity.ComputeSimilarityID(ctx.BaseScanPaths, resolvedFile, queryID, searchKey, searchValue) +} + +// +func oldBuildSimilarityID( ctx *QueryContext, resolvedFile, queryID, @@ -222,6 +255,9 @@ func checkMinified(ctx *QueryContext, resolvedFile string) bool { return false } +// +// + func getCloudProvider(overrideKey string, vObj map[string]interface{}, logWithFields *zerolog.Logger) string { cloudProvider := "" if _, ok := vObj["cloudProvider"]; ok { diff --git a/pkg/engine/vulnerability_builder_test.go b/pkg/engine/vulnerability_builder_test.go index 94ce70bb8ad..02fd98313ff 100644 --- a/pkg/engine/vulnerability_builder_test.go +++ b/pkg/engine/vulnerability_builder_test.go @@ -25,9 +25,10 @@ var vbTests = []struct { want model.Vulnerability useNewVulnerability bool wantErr bool + kicsComputeNewSimID bool }{ { - name: "DefaultVulnerabilityBuilder", + name: "DefaultVulnerabilityBuilderWithOldSimId", args: vbArgs{ tracker: &tracker.CITracker{}, ctx: &QueryContext{ @@ -56,6 +57,7 @@ var vbTests = []struct { want: model.Vulnerability{ ID: 0, SimilarityID: "2fefa27cc667decf203d10f103b7ffdec232e9af16e361f47d626e72c72b8d63", + OldSimilarityID: "2fefa27cc667decf203d10f103b7ffdec232e9af16e361f47d626e72c72b8d63", ScanID: "ScanID", FileID: "", FileName: "", @@ -75,10 +77,122 @@ var vbTests = []struct { Value: nil, Output: `{"documentId":"testV","issueType":"IncorrectValue","key":"123","oldSeverity":"CRITICAL","searchKey":"testSearchKey","severity":"INFO"}`, }, - wantErr: false, + wantErr: false, + kicsComputeNewSimID: true, }, { - name: "DefaultVulnerabilityBuilder with override for severity", + name: "DefaultVulnerabilityBuilderWithoutOldSimId", + args: vbArgs{ + tracker: &tracker.CITracker{}, + ctx: &QueryContext{ + scanID: "ScanID", + Query: &PreparedQuery{ + Metadata: model.QueryMetadata{ + Metadata: map[string]interface{}{ + "key": "123", + "severity": model.SeverityInfo, + "oldSeverity": model.SeverityCritical, + "issueType": "IncorrectValue", + "searchKey": "testSearchKey", + }, + Query: "TestQuery", + CWE: "", + }, + }, + Files: map[string]model.FileMetadata{ + "testV": {LinesOriginalData: &[]string{}}, + }, + }, + v: map[string]interface{}{ + "documentId": "testV", + }, + }, + want: model.Vulnerability{ + ID: 0, + SimilarityID: "2fefa27cc667decf203d10f103b7ffdec232e9af16e361f47d626e72c72b8d63", + OldSimilarityID: "", + ScanID: "ScanID", + FileID: "", + FileName: "", + DescriptionID: "Undefined", + CWE: "", + QueryID: "Undefined", + QueryName: "Anonymous", + QueryURI: "https://github.com/Checkmarx/kics/", + Severity: model.SeverityInfo, + Line: 1, + SearchLine: -1, + VulnLines: &[]model.CodeLine{}, + IssueType: "IncorrectValue", + SearchKey: "testSearchKey", + KeyActualValue: "", + KeyExpectedValue: "", + Value: nil, + Output: `{"documentId":"testV","issueType":"IncorrectValue","key":"123","oldSeverity":"CRITICAL","searchKey":"testSearchKey","severity":"INFO"}`, + }, + wantErr: false, + kicsComputeNewSimID: false, + }, + { + name: "DefaultVulnerabilityBuilder with override for severity and old sim id", + args: vbArgs{ + tracker: &tracker.CITracker{}, + ctx: &QueryContext{ + scanID: "ScanID", + Query: &PreparedQuery{ + Metadata: model.QueryMetadata{ + Metadata: map[string]interface{}{ + "key": "123", + "severity": model.SeverityInfo, + "issueType": "IncorrectValue", + "searchKey": "testSearchKey", + "overrideKey": "testOverride", + "override": map[string]interface{}{ + "testOverride": map[string]interface{}{ + "severity": model.SeverityHigh, + }, + }, + }, + Query: "TestQuery", + CWE: "", + }, + }, + Files: map[string]model.FileMetadata{ + "testV": {LinesOriginalData: &[]string{}}, + }, + }, + v: map[string]interface{}{ + "documentId": "testV", + }, + }, + want: model.Vulnerability{ + ID: 0, + SimilarityID: "2fefa27cc667decf203d10f103b7ffdec232e9af16e361f47d626e72c72b8d63", + OldSimilarityID: "2fefa27cc667decf203d10f103b7ffdec232e9af16e361f47d626e72c72b8d63", + ScanID: "ScanID", + FileID: "", + FileName: "", + DescriptionID: "Undefined", + CWE: "", + QueryID: "Undefined", + QueryName: "Anonymous", + QueryURI: "https://github.com/Checkmarx/kics/", + Severity: model.SeverityHigh, + Line: 1, + SearchLine: -1, + VulnLines: &[]model.CodeLine{}, + IssueType: "IncorrectValue", + SearchKey: "testSearchKey", + KeyActualValue: "", + KeyExpectedValue: "", + Value: nil, + Output: `{"documentId":"testV","issueType":"IncorrectValue","key":"123","override":{"testOverride":{"severity":"HIGH"}},"overrideKey":"testOverride","searchKey":"testSearchKey","severity":"INFO"}`, //nolint + }, + wantErr: false, + kicsComputeNewSimID: true, + }, + { + name: "DefaultVulnerabilityBuilder with override for severity and without old sim id", args: vbArgs{ tracker: &tracker.CITracker{}, ctx: &QueryContext{ @@ -112,6 +226,7 @@ var vbTests = []struct { want: model.Vulnerability{ ID: 0, SimilarityID: "2fefa27cc667decf203d10f103b7ffdec232e9af16e361f47d626e72c72b8d63", + OldSimilarityID: "", ScanID: "ScanID", FileID: "", FileName: "", @@ -131,7 +246,8 @@ var vbTests = []struct { Value: nil, Output: `{"documentId":"testV","issueType":"IncorrectValue","key":"123","override":{"testOverride":{"severity":"HIGH"}},"overrideKey":"testOverride","searchKey":"testSearchKey","severity":"INFO"}`, //nolint }, - wantErr: false, + wantErr: false, + kicsComputeNewSimID: false, }, { name: "DefaultVulnerabilityBuilder with override for name", @@ -169,6 +285,7 @@ var vbTests = []struct { want: model.Vulnerability{ ID: 0, SimilarityID: "2fefa27cc667decf203d10f103b7ffdec232e9af16e361f47d626e72c72b8d63", + OldSimilarityID: "2fefa27cc667decf203d10f103b7ffdec232e9af16e361f47d626e72c72b8d63", ScanID: "ScanID", FileID: "", FileName: "", @@ -188,7 +305,8 @@ var vbTests = []struct { Value: nil, Output: `{"documentId":"testV","issueType":"IncorrectValue","key":"123","override":{"testOverride":{"queryName":"testName"}},"overrideKey":"testOverride","queryName":"test","searchKey":"testSearchKey","severity":"INFO"}`, //nolint }, - wantErr: false, + wantErr: false, + kicsComputeNewSimID: true, }, { name: "DefaultVulnerabilityBuilder with new Severity", @@ -222,6 +340,7 @@ var vbTests = []struct { want: model.Vulnerability{ ID: 0, SimilarityID: "2fefa27cc667decf203d10f103b7ffdec232e9af16e361f47d626e72c72b8d63", + OldSimilarityID: "2fefa27cc667decf203d10f103b7ffdec232e9af16e361f47d626e72c72b8d63", ScanID: "ScanID", FileID: "", FileName: "", @@ -241,7 +360,8 @@ var vbTests = []struct { Value: nil, Output: `{"documentId":"testV","issueType":"IncorrectValue","key":"123","oldSeverity":"CRITICAL","queryName":"testName","searchKey":"testSearchKey","severity":"INFO"}`, //nolint }, - wantErr: false, + wantErr: false, + kicsComputeNewSimID: true, }, { name: "DefaultVulnerabilityBuilder with override for platform and cloud provider", @@ -275,6 +395,7 @@ var vbTests = []struct { want: model.Vulnerability{ ID: 0, SimilarityID: "2fefa27cc667decf203d10f103b7ffdec232e9af16e361f47d626e72c72b8d63", + OldSimilarityID: "2fefa27cc667decf203d10f103b7ffdec232e9af16e361f47d626e72c72b8d63", ScanID: "ScanID", FileID: "", FileName: "", @@ -296,7 +417,8 @@ var vbTests = []struct { Value: nil, Output: `{"cloudProvider":"common","documentId":"testV","issueType":"IncorrectValue","key":"123","oldSeverity":"CRITICAL","platform":"CICD","searchKey":"testSearchKey","severity":"INFO"}`, }, - wantErr: false, + wantErr: false, + kicsComputeNewSimID: true, }, } @@ -305,7 +427,7 @@ func TestDefaultVulnerabilityBuilder(t *testing.T) { for _, tt := range vbTests { insDetector := detector.NewDetectLine(3) t.Run(tt.name, func(t *testing.T) { - got, err := DefaultVulnerabilityBuilder(tt.args.ctx, tt.args.tracker, tt.args.v, insDetector, tt.useNewVulnerability) + got, err := DefaultVulnerabilityBuilder(tt.args.ctx, tt.args.tracker, tt.args.v, insDetector, tt.useNewVulnerability, tt.kicsComputeNewSimID) if (err != nil) != tt.wantErr { t.Errorf("test[%s] DefaultVulnerabilityBuilder() error %v, wantErr %v", tt.name, err, tt.wantErr) return diff --git a/pkg/kics/resolver_sink_test.go b/pkg/kics/resolver_sink_test.go index 1f3e01ada30..2121d297b8e 100644 --- a/pkg/kics/resolver_sink_test.go +++ b/pkg/kics/resolver_sink_test.go @@ -147,6 +147,7 @@ func MockService(paths []string, false, true, 1, + false, ) if err != nil { log.Error().Msgf(`Failed to build inspector for path %s with error: %v`, path, err) diff --git a/pkg/model/model.go b/pkg/model/model.go index 8284908de43..cf49fb65ecd 100644 --- a/pkg/model/model.go +++ b/pkg/model/model.go @@ -156,6 +156,7 @@ type Vulnerability struct { ID int `json:"id"` ScanID string `db:"scan_id" json:"-"` SimilarityID string `db:"similarity_id" json:"similarityID"` + OldSimilarityID string `db:"old_similarity_id" json:"oldSimilarityID"` FileID string `db:"file_id" json:"-"` FileName string `db:"file_name" json:"fileName"` QueryID string `db:"query_id" json:"queryID"` diff --git a/pkg/model/summary.go b/pkg/model/summary.go index 1e3e9890c8c..e96f02ffadc 100644 --- a/pkg/model/summary.go +++ b/pkg/model/summary.go @@ -23,6 +23,7 @@ type SeveritySummary struct { type VulnerableFile struct { FileName string `json:"file_name"` SimilarityID string `json:"similarity_id"` + OldSimilarityID string `json:"old_similarity_id,omitempty"` Line int `json:"line"` VulnLines *[]CodeLine `json:"-"` ResourceType string `json:"resource_type,omitempty"` @@ -216,6 +217,7 @@ func CreateSummary(counters Counters, vulnerabilities []Vulnerability, qItem.Files = append(qItem.Files, VulnerableFile{ FileName: resolvedPath, SimilarityID: item.SimilarityID, + OldSimilarityID: item.OldSimilarityID, Line: item.Line, VulnLines: item.VulnLines, ResourceType: item.ResourceType, diff --git a/pkg/remediation/scan.go b/pkg/remediation/scan.go index 9de199c2b20..7634cbf3fa4 100644 --- a/pkg/remediation/scan.go +++ b/pkg/remediation/scan.go @@ -246,6 +246,7 @@ func initScan(queryID string) (*engine.Inspector, error) { c.ScanParams.UseOldSeverities, false, c.ScanParams.ParallelScanFlag, + c.ScanParams.KicsComputeNewSimID, ) return inspector, err diff --git a/pkg/scan/client.go b/pkg/scan/client.go index b017bb4894c..b34936f721c 100644 --- a/pkg/scan/client.go +++ b/pkg/scan/client.go @@ -49,6 +49,7 @@ type Parameters struct { MaxFileSizeFlag int UseOldSeverities bool MaxResolverDepth int + KicsComputeNewSimID bool } // Client represents a scan client diff --git a/pkg/scan/scan.go b/pkg/scan/scan.go index 0c5c19ecbdf..73c216a8cfa 100644 --- a/pkg/scan/scan.go +++ b/pkg/scan/scan.go @@ -78,6 +78,7 @@ func (c *Client) initScan(ctx context.Context) (*executeScanParameters, error) { c.ScanParams.UseOldSeverities, true, c.ScanParams.ParallelScanFlag, + c.ScanParams.KicsComputeNewSimID, ) if err != nil { return nil, err diff --git a/pkg/scanner/scanner_test.go b/pkg/scanner/scanner_test.go index aa223db17e8..e331ab5fda1 100644 --- a/pkg/scanner/scanner_test.go +++ b/pkg/scanner/scanner_test.go @@ -101,7 +101,7 @@ func createServices(types, cloudProviders []string) (serviceSlice, *storage.Memo inspector, err := engine.NewInspector(context.Background(), querySource, engine.DefaultVulnerabilityBuilder, - t, &source.QueryInspectorParameters{}, map[string]bool{}, 60, true, true, 1) + t, &source.QueryInspectorParameters{}, map[string]bool{}, 60, true, true, 1, false) if err != nil { return nil, nil, err } diff --git a/test/fixtures/new_similarity_id/stack.yml b/test/fixtures/new_similarity_id/stack.yml new file mode 100644 index 00000000000..8aa1b8d6e50 --- /dev/null +++ b/test/fixtures/new_similarity_id/stack.yml @@ -0,0 +1,65 @@ +version: "3.9" + +x-base-deploy: &deploy-base + deploy: + labels: + com.docker.ucp.access.label: /devops + restart_policy: + condition: any + delay: 30s + max_attempts: 5 + rollback_config: + parallelism: 1 + failure_action: pause + monitor: 5s + max_failure_ratio: 0 + order: start-first + update_config: + order: start-first + monitor: 5s + placement: + constraints: + - "node.role==worker" + +services: + ui: + <<: *deploy-base + image: ${MSR_HOSTNAME}/devops/cicd-dashboard-ui:${DI_UI_TAG} + stop_grace_period: 10s + environment: + - ENVIRONMENT + - SENTRY_UI_DSN + ports: + - target: 80 + published: $INGRESS_PORT + protocol: tcp + mode: ingress + healthcheck: + test: ["CMD-SHELL", "curl --fail --silent http://localhost/health || exit 1"] + interval: 15s + timeout: 3s + labels: + com.silacins.log: "nginx" + api: + <<: *deploy-base + image: ${MSR_HOSTNAME}/devops/cicd-dashboard-api:${DI_API_TAG} + stop_grace_period: 10s + environment: + - MKE_DEV_USERNAME + - MKE_DEV_PASSWORD + - MKE_PRE_PROD_USERNAME + - MKE_PRE_PROD_PASSWORD + - MKE_PROD_USERNAME + - MKE_PROD_PASSWORD + - MSR_USERNAME + - MSR_ACCESS_TOKEN + - APP_URL + - ENVIRONMENT + - SENTRY_API_DSN + - UPDATE_INTERVAL_SEC + healthcheck: + test: ["CMD-SHELL", "curl --fail --silent http://localhost:8080/api/health || exit 1"] + interval: 15s + timeout: 3s + labels: + com.silacins.log: "nodejs" diff --git a/test/queries_content_test.go b/test/queries_content_test.go index 61c001a90f9..7ed765627c7 100644 --- a/test/queries_content_test.go +++ b/test/queries_content_test.go @@ -201,7 +201,7 @@ func testQueryHasGoodReturnParams(t *testing.T, entry queryEntry) { //nolint inspector, err := engine.NewInspector( ctx, queriesSource, - func(ctx *engine.QueryContext, trk engine.Tracker, v interface{}, detector *detector.DetectLine, useOldSeverities bool) (*model.Vulnerability, error) { + func(ctx *engine.QueryContext, trk engine.Tracker, v interface{}, detector *detector.DetectLine, useOldSeverities bool, kicsComputeNewSimID bool) (*model.Vulnerability, error) { m, ok := v.(map[string]interface{}) require.True(t, ok) @@ -269,6 +269,7 @@ func testQueryHasGoodReturnParams(t *testing.T, entry queryEntry) { //nolint true, true, 1, + false, ) require.Nil(t, err) require.NotNil(t, inspector) diff --git a/test/queries_test.go b/test/queries_test.go index 7007c2b52cc..896e2fc6837 100644 --- a/test/queries_test.go +++ b/test/queries_test.go @@ -226,7 +226,7 @@ func testQuery(tb testing.TB, entry queryEntry, filesPath []string, expectedVuln ExcludeQueries: source.ExcludeQueries{ByIDs: []string{}, ByCategories: []string{}}, InputDataPath: "", }, - map[string]bool{}, 60, false, true, 1) + map[string]bool{}, 60, false, true, 1, false) require.Nil(tb, err) require.NotNil(tb, inspector) diff --git a/test/similarity_id_test.go b/test/similarity_id_test.go index 376791a8a57..9709d5f5d4a 100644 --- a/test/similarity_id_test.go +++ b/test/similarity_id_test.go @@ -309,7 +309,7 @@ func createInspectorAndGetVulnerabilities(ctx context.Context, t testing.TB, ExcludeQueries: source.ExcludeQueries{ByIDs: []string{}, ByCategories: []string{}}, InputDataPath: "", }, - map[string]bool{}, 60, true, true, 1) + map[string]bool{}, 60, true, true, 1, false) require.Nil(t, err) require.NotNil(t, inspector)