Skip to content

Commit

Permalink
chore: Update hermit and pre-commit packages
Browse files Browse the repository at this point in the history
Made with ❤️️ by updatecli
  • Loading branch information
cloudsecmachine committed Dec 23, 2024
1 parent de93505 commit 6409871
Show file tree
Hide file tree
Showing 108 changed files with 220 additions and 220 deletions.
2 changes: 1 addition & 1 deletion .pre-commit-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ repos:
files: deploy/cloudformation/.*yml

- repo: https://github.com/aws-cloudformation/cfn-lint
rev: v1.22.1
rev: v1.22.2
hooks:
- id: cfn-python-lint
files: deploy/cloudformation/.*.yml
Expand Down
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
2 changes: 1 addition & 1 deletion bin/aws
2 changes: 1 addition & 1 deletion bin/aws-iam-authenticator
2 changes: 1 addition & 1 deletion bin/aws_completer
2 changes: 1 addition & 1 deletion bin/bq
2 changes: 1 addition & 1 deletion bin/docker-credential-gcloud
2 changes: 1 addition & 1 deletion bin/elastic-package
2 changes: 1 addition & 1 deletion bin/gcloud
2 changes: 1 addition & 1 deletion bin/gh
2 changes: 1 addition & 1 deletion bin/git-credential-gcloud.sh
2 changes: 1 addition & 1 deletion bin/gsutil
2 changes: 1 addition & 1 deletion bin/kind
2 changes: 1 addition & 1 deletion bin/opa
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ test_not_evaluated if {
not_eval with input as test_data.not_evaluated_iam_user
}

rule_input(inline_policies, attached_policies) = test_data.generate_iam_user_with_policies(inline_policies, attached_policies)
rule_input(inline_policies, attached_policies) := test_data.generate_iam_user_with_policies(inline_policies, attached_policies)

eval_fail if {
test.assert_fail(finding) with data.benchmark_data_adapter as data_adapter
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ import future.keywords.if

# Eliminate use of the 'root' user for administrative and daily tasks
# daily interpret as a day (24h)
finding = result if {
finding := result if {
# filter
data_adapter.is_root_user

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ import data.compliance.lib.common as lib_common
import data.compliance.policy.aws_rds.data_adapter
import future.keywords.if

finding = result if {
finding := result if {
data_adapter.is_rds

result := lib_common.generate_result_without_expected(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ test_not_evaluated if {
not_eval with input as rule_input(true, [test_data.generate_rds_db_instance_subnet_with_route("0.0.0.0/0", "igw-12345678"), {"ID": "subnet-abcdef12", "RouteTable": null}])
}

rule_input(publicly_accessible, subnets) = test_data.generate_rds_db_instance(true, true, publicly_accessible, subnets)
rule_input(publicly_accessible, subnets) := test_data.generate_rds_db_instance(true, true, publicly_accessible, subnets)

eval_fail if {
test.assert_fail(finding) with data.benchmark_data_adapter as data_adapter
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,9 @@ import data.compliance.policy.aws_cloudtrail.data_adapter
import data.compliance.policy.aws_cloudtrail.trail
import future.keywords.if

default rule_evaluation = false
default rule_evaluation := false

finding = result if {
finding := result if {
# filter
data_adapter.is_multi_trails_type

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,10 @@ import data.compliance.lib.common
import data.compliance.policy.aws_cloudtrail.data_adapter
import future.keywords.if

default rule_evaluation = false
default rule_evaluation := false

# Ensure CloudTrail logs are encrypted at rest using KMS CMKs.
finding = result if {
finding := result if {
# filter
data_adapter.is_single_trail

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ import data.compliance.policy.aws_kms.ensure_symmetric_key_rotation_enabled as a
import data.lib.test
import future.keywords.if

finding = audit.finding
finding := audit.finding

test_violation if {
eval_fail with input as rule_input(false)
Expand All @@ -20,7 +20,7 @@ test_not_evaluated if {
not_eval with input as test_data.not_evaluated_trail
}

rule_input(symmetric_default_enabled) = test_data.generate_kms_resource(symmetric_default_enabled)
rule_input(symmetric_default_enabled) := test_data.generate_kms_resource(symmetric_default_enabled)

eval_fail if {
test.assert_fail(finding) with data.benchmark_data_adapter as data_adapter
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ test_pass if {
}])
}

rule_input(entry) = test_data.generate_monitoring_resources(entry)
rule_input(entry) := test_data.generate_monitoring_resources(entry)

eval_pass if {
test.assert_pass(finding) with data.benchmark_data_adapter as data_adapter
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,9 @@ import data.compliance.policy.aws_cloudtrail.pattern
import data.compliance.policy.aws_cloudtrail.trail
import future.keywords.if

default rule_evaluation = false
default rule_evaluation := false

finding = result if {
finding := result if {
# filter
data_adapter.is_multi_trails_type

Expand All @@ -19,7 +19,7 @@ finding = result if {
)
}

required_patterns = [
required_patterns := [
# { ($.eventName = \"ConsoleLogin\") && ($.additionalEventData.MFAUsed != \"Yes\") }
pattern.complex_expression("&&", [
pattern.simple_expression("$.eventName", "=", "\"ConsoleLogin\""),
Expand All @@ -34,4 +34,4 @@ required_patterns = [
]),
]

rule_evaluation = trail.at_least_one_trail_satisfied(required_patterns)
rule_evaluation := trail.at_least_one_trail_satisfied(required_patterns)
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@ test_fail if {
])
}

rule_input(entry) = test_data.generate_monitoring_resources(entry)
rule_input(entry) := test_data.generate_monitoring_resources(entry)

eval_pass if {
test.assert_pass(finding) with data.benchmark_data_adapter as data_adapter
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ test_not_evaluated if {
not_eval with input as rule_input({"GroupName": "custom", "IpPermissionsEgress": [{}]})
}

rule_input(entry) = test_data.generate_security_group(entry)
rule_input(entry) := test_data.generate_security_group(entry)

eval_fail if {
test.assert_fail(finding) with data.benchmark_data_adapter as data_adapter
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ import data.compliance.policy.azure.data_adapter
import future.keywords.if
import future.keywords.in

finding = result if {
finding := result if {
# filter
data_adapter.is_security_contacts

Expand All @@ -16,7 +16,7 @@ finding = result if {
)
}

default owner_enabled = false
default owner_enabled := false

owner_enabled if {
# Ensure at least one Security Contact Settings exists and owner is selected.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ import data.compliance.policy.azure.data_adapter
import data.compliance.policy.azure.storage_account.ensure_tls_version as audit
import future.keywords.if

finding = result if {
finding := result if {
# filter
data_adapter.is_storage_account

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ import data.compliance.policy.azure.data_adapter
import data.compliance.policy.azure.storage_account.ensure_service_log as audit
import future.keywords.if

finding = result if {
finding := result if {
# filter
data_adapter.is_storage_account

Expand All @@ -16,7 +16,7 @@ finding = result if {
)
}

default logs_are_enabled = false
default logs_are_enabled := false

logs_are_enabled if {
audit.service_diagnostic_settings_log_rwd_enabled(data_adapter.resource.extension.queueDiagnosticSettings)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ import data.compliance.policy.azure.data_adapter
import data.compliance.policy.azure.storage_account.ensure_public_access as audit
import future.keywords.if

finding = result if {
finding := result if {
# filter
data_adapter.is_storage_account

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ import data.compliance.lib.common
import data.compliance.policy.azure.data_adapter
import future.keywords.if

finding = result if {
finding := result if {
# filter
data_adapter.is_postgresql_single_server_db

Expand All @@ -15,7 +15,7 @@ finding = result if {
)
}

default log_retention_long_enough = false
default log_retention_long_enough := false

log_retention_long_enough if {
some i
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ import data.compliance.policy.azure.activity_log_alert.activity_log_alert_operat
import data.compliance.policy.azure.data_adapter
import future.keywords.if

finding = result if {
finding := result if {
# filter
data_adapter.is_activity_log_alerts

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -44,13 +44,13 @@ not_eval if {

# test data
# alert rule that does not match the rule by operation and category
mismatch_alert = test_data.generate_activity_log_alert("mismatch_opreation", "mismatch_category")
mismatch_alert := test_data.generate_activity_log_alert("mismatch_opreation", "mismatch_category")

# alert rule that does not match the rule by operation
mismatch_alert_only_operation = test_data.generate_activity_log_alert("mismatch_opreation", "Administrative")
mismatch_alert_only_operation := test_data.generate_activity_log_alert("mismatch_opreation", "Administrative")

# alert rule that does not match the rule by category
mismatch_alert_only_category = test_data.generate_activity_log_alert("Microsoft.Sql/servers/firewallRules/write", "mismatch_category")
mismatch_alert_only_category := test_data.generate_activity_log_alert("Microsoft.Sql/servers/firewallRules/write", "mismatch_category")

# alert rule that matches the rule
matching_alert = test_data.generate_activity_log_alert("Microsoft.Sql/servers/firewallRules/write", "Administrative")
matching_alert := test_data.generate_activity_log_alert("Microsoft.Sql/servers/firewallRules/write", "Administrative")
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ import data.compliance.policy.azure.data_adapter
import data.compliance.policy.azure.virtual_machine.network_rules as audit
import future.keywords.if

finding = result if {
finding := result if {
# filter
data_adapter.is_vm

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ import data.compliance.policy.azure.data_adapter
import data.compliance.policy.azure.virtual_machine.network_rules as audit
import future.keywords.if

finding = result if {
finding := result if {
# filter
data_adapter.is_vm

Expand Down
Loading

0 comments on commit 6409871

Please sign in to comment.