Skip to content

Commit

Permalink
feat: Fixed rule 1.12
Browse files Browse the repository at this point in the history
  • Loading branch information
m-pizarro committed May 12, 2022
1 parent 6ca746f commit 6498ad1
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 14 deletions.
22 changes: 13 additions & 9 deletions src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.12.ts
Original file line number Diff line number Diff line change
Expand Up @@ -109,15 +109,19 @@ export default {
]
},
{
value: { daysAgo: {}, path: '@.passwordLastUsed' },
lessThanInclusive: 90,
},
{
path: '@.accessKeyData',
array_any: {
value: { daysAgo: {}, path: '[*].lastUsedDate' },
lessThanInclusive: 90,
},
and: [
{
value: { daysAgo: {}, path: '@.passwordLastUsed' },
lessThanInclusive: 90,
},
{
path: '@.accessKeyData',
array_any: {
value: { daysAgo: {}, path: '[*].lastUsedDate' },
lessThanInclusive: 90,
},
},
],
},
],
},
Expand Down
9 changes: 4 additions & 5 deletions src/aws/cis-1.3.0/tests/aws-cis-1.3.0-1.x.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -548,8 +548,8 @@ describe('CIS Amazon Web Services Foundations: 1.4.0', () => {
expect(processedRule.result).toBe(expectedResult)
}

test('No Security Issue when there are an access key unused for less than 90 days', async () => {
const data: CIS1xQueryResponse = getTestRuleFixture('', new Date().toISOString())
test('No Security Issue when there are an access key and password used for less than 90 days', async () => {
const data: CIS1xQueryResponse = getTestRuleFixture(new Date().toISOString(), new Date().toISOString())
await testRule(data, Result.PASS)
})

Expand All @@ -561,17 +561,16 @@ describe('CIS Amazon Web Services Foundations: 1.4.0', () => {
})

test('Security Issue when there are an access key unused for more than 90 days', async () => {
const data: CIS1xQueryResponse = getTestRuleFixture('', '2021-05-27T20:29:00.000Z')
const data: CIS1xQueryResponse = getTestRuleFixture(new Date().toISOString(), '2021-05-27T20:29:00.000Z')
await testRule(data, Result.FAIL)
})

test('Security Issue when there are a passwoord unused for more than 90 days', async () => {
const data: CIS1xQueryResponse = getTestRuleFixture('2021-05-27T20:29:00.000Z', '')
const data: CIS1xQueryResponse = getTestRuleFixture('2021-05-27T20:29:00.000Z', new Date().toISOString())
const queryawsIamUser = data.queryawsIamUser?.[0] as QueryawsIamUser
queryawsIamUser.accessKeyData = []
await testRule(data, Result.FAIL)
})

})

describe('AWS CIS 1.13 Ensure there is only one active access key available for any single IAM user', () => {
Expand Down

0 comments on commit 6498ad1

Please sign in to comment.