From 6498ad17405f64f277d8caccf96c853c3805fa88 Mon Sep 17 00:00:00 2001 From: "mariano.pizarro" Date: Thu, 12 May 2022 17:48:40 -0300 Subject: [PATCH] feat: Fixed rule 1.12 --- src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.12.ts | 22 +++++++++++-------- .../cis-1.3.0/tests/aws-cis-1.3.0-1.x.test.ts | 9 ++++---- 2 files changed, 17 insertions(+), 14 deletions(-) diff --git a/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.12.ts b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.12.ts index fc53fe66..72e1f6ba 100644 --- a/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.12.ts +++ b/src/aws/cis-1.3.0/rules/aws-cis-1.3.0-1.12.ts @@ -109,15 +109,19 @@ export default { ] }, { - value: { daysAgo: {}, path: '@.passwordLastUsed' }, - lessThanInclusive: 90, - }, - { - path: '@.accessKeyData', - array_any: { - value: { daysAgo: {}, path: '[*].lastUsedDate' }, - lessThanInclusive: 90, - }, + and: [ + { + value: { daysAgo: {}, path: '@.passwordLastUsed' }, + lessThanInclusive: 90, + }, + { + path: '@.accessKeyData', + array_any: { + value: { daysAgo: {}, path: '[*].lastUsedDate' }, + lessThanInclusive: 90, + }, + }, + ], }, ], }, diff --git a/src/aws/cis-1.3.0/tests/aws-cis-1.3.0-1.x.test.ts b/src/aws/cis-1.3.0/tests/aws-cis-1.3.0-1.x.test.ts index 022d43a9..e90bc42e 100644 --- a/src/aws/cis-1.3.0/tests/aws-cis-1.3.0-1.x.test.ts +++ b/src/aws/cis-1.3.0/tests/aws-cis-1.3.0-1.x.test.ts @@ -548,8 +548,8 @@ describe('CIS Amazon Web Services Foundations: 1.4.0', () => { expect(processedRule.result).toBe(expectedResult) } - test('No Security Issue when there are an access key unused for less than 90 days', async () => { - const data: CIS1xQueryResponse = getTestRuleFixture('', new Date().toISOString()) + test('No Security Issue when there are an access key and password used for less than 90 days', async () => { + const data: CIS1xQueryResponse = getTestRuleFixture(new Date().toISOString(), new Date().toISOString()) await testRule(data, Result.PASS) }) @@ -561,17 +561,16 @@ describe('CIS Amazon Web Services Foundations: 1.4.0', () => { }) test('Security Issue when there are an access key unused for more than 90 days', async () => { - const data: CIS1xQueryResponse = getTestRuleFixture('', '2021-05-27T20:29:00.000Z') + const data: CIS1xQueryResponse = getTestRuleFixture(new Date().toISOString(), '2021-05-27T20:29:00.000Z') await testRule(data, Result.FAIL) }) test('Security Issue when there are a passwoord unused for more than 90 days', async () => { - const data: CIS1xQueryResponse = getTestRuleFixture('2021-05-27T20:29:00.000Z', '') + const data: CIS1xQueryResponse = getTestRuleFixture('2021-05-27T20:29:00.000Z', new Date().toISOString()) const queryawsIamUser = data.queryawsIamUser?.[0] as QueryawsIamUser queryawsIamUser.accessKeyData = [] await testRule(data, Result.FAIL) }) - }) describe('AWS CIS 1.13 Ensure there is only one active access key available for any single IAM user', () => {