From f75c0d1f0069d4856cb4826d6049f32c5b9409d9 Mon Sep 17 00:00:00 2001 From: simar7 <1254783+simar7@users.noreply.github.com> Date: Wed, 23 Oct 2024 12:54:29 -0600 Subject: [PATCH] feat(misconf): Show misconfig ID in output (#7762) --- pkg/report/table/misconfig.go | 12 ++++++------ pkg/report/table/misconfig_test.go | 21 +++++++++++---------- 2 files changed, 17 insertions(+), 16 deletions(-) diff --git a/pkg/report/table/misconfig.go b/pkg/report/table/misconfig.go index 112d783d0875..dfb724bdf458 100644 --- a/pkg/report/table/misconfig.go +++ b/pkg/report/table/misconfig.go @@ -124,18 +124,18 @@ func (r *misconfigRenderer) renderSummary(misconf types.DetectedMisconfiguration } } - // severity + // ID & severity switch misconf.Severity { case severityCritical: - r.printf("%s: ", misconf.Severity) + r.printf("%s (%s): ", misconf.AVDID, misconf.Severity) case severityHigh: - r.printf("%s: ", misconf.Severity) + r.printf("%s (%s): ", misconf.AVDID, misconf.Severity) case severityMedium: - r.printf("%s: ", misconf.Severity) + r.printf("%s (%s): ", misconf.AVDID, misconf.Severity) case severityLow: - r.printf("%s: ", misconf.Severity) + r.printf("%s (%s): ", misconf.AVDID, misconf.Severity) default: - r.printf("%s: ", misconf.Severity) + r.printf("%s (%s): ", misconf.AVDID, misconf.Severity) } // heading diff --git a/pkg/report/table/misconfig_test.go b/pkg/report/table/misconfig_test.go index a57399f0e253..785b2621b504 100644 --- a/pkg/report/table/misconfig_test.go +++ b/pkg/report/table/misconfig_test.go @@ -27,7 +27,8 @@ func TestMisconfigRenderer(t *testing.T) { MisconfSummary: &types.MisconfSummary{Successes: 0, Failures: 1, Exceptions: 0}, Misconfigurations: []types.DetectedMisconfiguration{ { - ID: "AVD-XYZ-0123", + ID: "some-alias-for-a-check", + AVDID: "AVD-XYZ-0123", Title: "Config file is bad", Description: "Your config file is not good.", Message: "Oh no, a bad config.", @@ -44,7 +45,7 @@ my-file () Tests: 1 (SUCCESSES: 0, FAILURES: 1, EXCEPTIONS: 0) Failures: 1 (LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) -HIGH: Oh no, a bad config. +AVD-XYZ-0123 (HIGH): Oh no, a bad config. ════════════════════════════════════════ Your config file is not good. @@ -61,7 +62,7 @@ See https://google.com/search?q=bad%20config MisconfSummary: &types.MisconfSummary{Successes: 0, Failures: 1, Exceptions: 0}, Misconfigurations: []types.DetectedMisconfiguration{ { - ID: "AVD-XYZ-0123", + AVDID: "AVD-XYZ-0123", Title: "Config file is bad", Description: "Your config file is not good.", Message: "Oh no, a bad config.", @@ -103,7 +104,7 @@ my-file () Tests: 1 (SUCCESSES: 0, FAILURES: 1, EXCEPTIONS: 0) Failures: 1 (LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) -HIGH: Oh no, a bad config. +AVD-XYZ-0123 (HIGH): Oh no, a bad config. ════════════════════════════════════════ Your config file is not good. @@ -126,7 +127,7 @@ See https://google.com/search?q=bad%20config MisconfSummary: &types.MisconfSummary{Successes: 1, Failures: 1, Exceptions: 0}, Misconfigurations: []types.DetectedMisconfiguration{ { - ID: "AVD-XYZ-0123", + AVDID: "AVD-XYZ-0123", Title: "Config file is bad", Description: "Your config file is not good.", Message: "Oh no, a bad config.", @@ -157,7 +158,7 @@ See https://google.com/search?q=bad%20config }, }, { - ID: "AVD-XYZ-0456", + AVDID: "AVD-XYZ-0456", Title: "Config file is bad again", Description: "Your config file is still not good.", Message: "Oh no, a bad config AGAIN.", @@ -174,7 +175,7 @@ my-file () Tests: 2 (SUCCESSES: 1, FAILURES: 1, EXCEPTIONS: 0) Failures: 1 (LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) -FAIL: HIGH: Oh no, a bad config. +FAIL: AVD-XYZ-0123 (HIGH): Oh no, a bad config. ════════════════════════════════════════ Your config file is not good. @@ -188,7 +189,7 @@ See https://google.com/search?q=bad%20config ──────────────────────────────────────── -PASS: MEDIUM: Oh no, a bad config AGAIN. +PASS: AVD-XYZ-0456 (MEDIUM): Oh no, a bad config AGAIN. ════════════════════════════════════════ Your config file is still not good. @@ -213,7 +214,7 @@ See https://google.com/search?q=bad%20config { Type: "Terraform Security Check", ID: "AVD-AWS-0107", - AVDID: "AVS-AWS-0107", + AVDID: "AVD-AWS-0107", Title: "An ingress security group rule allows traffic from /0", Description: "Opening up ports to the public internet is generally to be avoided. You should restrict access to IP addresses or ranges that explicitly require it where possible.", Message: "Security group rule allows ingress from public internet.", @@ -312,7 +313,7 @@ terraform-aws-modules/security-group/aws/main.tf (terraform) Tests: 6 (SUCCESSES: 5, FAILURES: 1, EXCEPTIONS: 0) Failures: 1 (LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 1) -CRITICAL: Security group rule allows ingress from public internet. +AVD-AWS-0107 (CRITICAL): Security group rule allows ingress from public internet. ════════════════════════════════════════ Opening up ports to the public internet is generally to be avoided. You should restrict access to IP addresses or ranges that explicitly require it where possible.