Skip to content
This repository has been archived by the owner on Jan 22, 2025. It is now read-only.

feat(digitalocean): improve AVD-AWS-0012 rule #65

Merged
merged 4 commits into from
Jan 18, 2024
Merged

feat(digitalocean): improve AVD-AWS-0012 rule #65

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
133555d
feat(digitalocean): improve AVD-AWS-0012 rule
nikpivkin Dec 12, 2023
0ecea79
Merge branch 'main' into do-redirect
nikpivkin Jan 17, 2024
61ff535
chore: update schema
nikpivkin Jan 17, 2024
0f7a1da
Merge branch 'main' into do-redirect
simar7 Jan 17, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,8 @@ require (
github.com/BurntSushi/toml v1.3.2
github.com/Masterminds/semver v1.5.0
github.com/apparentlymart/go-cidr v1.1.0
github.com/aquasecurity/defsec v0.93.2-0.20231211235541-4ab1fa82def6
github.com/aquasecurity/trivy-policies v0.7.1-0.20231208174659-54235f77763f
github.com/aquasecurity/defsec v0.93.2-0.20240104002958-968b8f115bc0
github.com/aquasecurity/trivy-policies v0.8.0
github.com/aws/smithy-go v1.19.0
github.com/bmatcuk/doublestar/v4 v4.6.0
github.com/google/uuid v1.5.0
Expand Down
8 changes: 4 additions & 4 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -236,10 +236,10 @@ github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6
github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo=
github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY=
github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4=
github.com/aquasecurity/defsec v0.93.2-0.20231211235541-4ab1fa82def6 h1:VIPdWgGVJ1A/Kgb7wCCLBWN0JPZ88ht+uen7DIr7IRU=
github.com/aquasecurity/defsec v0.93.2-0.20231211235541-4ab1fa82def6/go.mod h1:NBF6hvbQSc4s/WCHdKV5sNNxLl258M2OiIFoUfgEn/k=
github.com/aquasecurity/trivy-policies v0.7.1-0.20231208174659-54235f77763f h1:X6CuzkCZ0pMMQBJnHd7kKOn37Gz7jEy69hXuqFWS8wk=
github.com/aquasecurity/trivy-policies v0.7.1-0.20231208174659-54235f77763f/go.mod h1:qiERvJlaS1O6aSZ9Z5VqTDFuwAODiP8yoefviP3+Etw=
github.com/aquasecurity/defsec v0.93.2-0.20240104002958-968b8f115bc0 h1:K4XwF6joBVlGFtu78TzbhmsRNVojYTWANJWDeqXs50Y=
github.com/aquasecurity/defsec v0.93.2-0.20240104002958-968b8f115bc0/go.mod h1:NBF6hvbQSc4s/WCHdKV5sNNxLl258M2OiIFoUfgEn/k=
github.com/aquasecurity/trivy-policies v0.8.0 h1:LvmIdw/DfTF72Lc8L+CKLYzfb5BFYzLBGFFR95PKC74=
github.com/aquasecurity/trivy-policies v0.8.0/go.mod h1:qF/t59pgK/0JTV6tXaeA3Iw3opzoMgzGCDcTDBmqb30=
github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig+0+Ap1h4unLjW6YQJpKZVmUzxsD4E/Q=
github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE=
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
Expand Down
5 changes: 3 additions & 2 deletions internal/adapters/terraform/digitalocean/compute/adapt.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,8 +86,9 @@ func adaptLoadBalancers(module terraform.Modules) (loadBalancers []compute.LoadB
fRules = append(fRules, rule)
}
loadBalancers = append(loadBalancers, compute.LoadBalancer{
Metadata: block.GetMetadata(),
ForwardingRules: fRules,
Metadata: block.GetMetadata(),
RedirectHttpToHttps: block.GetAttribute("redirect_http_to_https").AsBoolValueOrDefault(false, block),
ForwardingRules: fRules,
})
}

Expand Down
5 changes: 4 additions & 1 deletion internal/adapters/terraform/digitalocean/compute/adapt_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -173,11 +173,14 @@ func Test_adaptLoadBalancers(t *testing.T) {
target_port = 443
target_protocol = "https"
}

redirect_http_to_https = true
}
`,
expected: []compute.LoadBalancer{
{
Metadata: defsecTypes.NewTestMetadata(),
Metadata: defsecTypes.NewTestMetadata(),
RedirectHttpToHttps: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()),
ForwardingRules: []compute.ForwardingRule{
{
Metadata: defsecTypes.NewTestMetadata(),
Expand Down
4 changes: 4 additions & 0 deletions pkg/rego/schemas/cloud.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4783,6 +4783,10 @@
"type": "object",
"$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.providers.digitalocean.compute.ForwardingRule"
}
},
"redirecthttptohttps": {
"type": "object",
"$ref": "#/definitions/github.aaakk.us.kg.aquasecurity.defsec.pkg.types.BoolValue"
}
}
},
Expand Down
16 changes: 8 additions & 8 deletions pkg/scanners/helm/test/scanner_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ func Test_helm_scanner_with_archive(t *testing.T) {
require.NotNil(t, results)

failed := results.GetFailed()
assert.Equal(t, 19, len(failed))
assert.Equal(t, 13, len(failed))

visited := make(map[string]bool)
var errorCodes []string
Expand All @@ -57,7 +57,7 @@ func Test_helm_scanner_with_archive(t *testing.T) {
errorCodes = append(errorCodes, id)
}
}
assert.Len(t, errorCodes, 14)
assert.Len(t, errorCodes, 13)

sort.Strings(errorCodes)

Expand All @@ -66,7 +66,7 @@ func Test_helm_scanner_with_archive(t *testing.T) {
"AVD-KSV-0011", "AVD-KSV-0012", "AVD-KSV-0014",
"AVD-KSV-0015", "AVD-KSV-0016", "AVD-KSV-0018",
"AVD-KSV-0020", "AVD-KSV-0021", "AVD-KSV-0030",
"AVD-KSV-0104", "AVD-KSV-0106", "AVD-KSV-0116",
"AVD-KSV-0104", "AVD-KSV-0106",
}, errorCodes)
}
}
Expand Down Expand Up @@ -126,7 +126,7 @@ func Test_helm_scanner_with_dir(t *testing.T) {
require.NotNil(t, results)

failed := results.GetFailed()
assert.Equal(t, 17, len(failed))
assert.Equal(t, 14, len(failed))

visited := make(map[string]bool)
var errorCodes []string
Expand All @@ -145,7 +145,7 @@ func Test_helm_scanner_with_dir(t *testing.T) {
"AVD-KSV-0011", "AVD-KSV-0012", "AVD-KSV-0014",
"AVD-KSV-0015", "AVD-KSV-0016", "AVD-KSV-0018",
"AVD-KSV-0020", "AVD-KSV-0021", "AVD-KSV-0030",
"AVD-KSV-0104", "AVD-KSV-0106", "AVD-KSV-0116",
"AVD-KSV-0104", "AVD-KSV-0106",
"AVD-KSV-0117",
}, errorCodes)
}
Expand Down Expand Up @@ -213,7 +213,7 @@ deny[res] {
require.NotNil(t, results)

failed := results.GetFailed()
assert.Equal(t, 21, len(failed))
assert.Equal(t, 15, len(failed))

visited := make(map[string]bool)
var errorCodes []string
Expand All @@ -224,7 +224,7 @@ deny[res] {
errorCodes = append(errorCodes, id)
}
}
assert.Len(t, errorCodes, 15)
assert.Len(t, errorCodes, 14)

sort.Strings(errorCodes)

Expand All @@ -233,7 +233,7 @@ deny[res] {
"AVD-KSV-0011", "AVD-KSV-0012", "AVD-KSV-0014",
"AVD-KSV-0015", "AVD-KSV-0016", "AVD-KSV-0018",
"AVD-KSV-0020", "AVD-KSV-0021", "AVD-KSV-0030",
"AVD-KSV-0104", "AVD-KSV-0106", "AVD-KSV-0116", "AVD-USR-ID001",
"AVD-KSV-0104", "AVD-KSV-0106", "AVD-USR-ID001",
}, errorCodes)
})
}
Expand Down