Merge pull request #6945 from Checkmarx/fix-6704

update(query): s3 bucket without enabled mfa delete query severity update
Checkmarx · Mar 28, 2024 · 5c78431 · 5c78431
2 parents 4a5763a + 3e5a933
commit 5c78431
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 13 deletions.
diff --git a/assets/queries/terraform/aws/s3_bucket_without_enabled_mfa_delete/metadata.json b/assets/queries/terraform/aws/s3_bucket_without_enabled_mfa_delete/metadata.json
@@ -1,7 +1,7 @@
 {
   "id": "c5b31ab9-0f26-4a49-b8aa-4cc064392f4d",
   "queryName": "S3 Bucket Without Enabled MFA Delete",
-  "severity": "HIGH",
+  "severity": "LOW",
   "category": "Insecure Configurations",
   "descriptionText": "S3 bucket without MFA Delete Enabled. MFA delete cannot be enabled through Terraform, it can be done by adding a MFA device (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable.html) and enabling versioning and MFA delete by using AWS CLI: 'aws s3api put-bucket-versioning --versioning-configuration=Status=Enabled,MFADelete=Enabled --bucket=\u003cBUCKET_NAME\u003e --mfa=\u003cMFA_SERIAL_NUMBER\u003e'. Please, also notice that MFA delete can not be used with lifecycle configurations",
   "descriptionUrl": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket#mfa_delete",

diff --git a/...ies/terraform/aws/s3_bucket_without_enabled_mfa_delete/test/positive_expected_result.json b/...ies/terraform/aws/s3_bucket_without_enabled_mfa_delete/test/positive_expected_result.json
@@ -1,74 +1,74 @@
 [
   {
     "queryName": "S3 Bucket Without Enabled MFA Delete",
-    "severity": "HIGH",
+    "severity": "LOW",
     "line": 14,
     "fileName": "positive1.tf"
   },
   {
     "queryName": "S3 Bucket Without Enabled MFA Delete",
-    "severity": "HIGH",
+    "severity": "LOW",
     "line": 23,
     "fileName": "positive2.tf"
   },
   {
     "queryName": "S3 Bucket Without Enabled MFA Delete",
-    "severity": "HIGH",
+    "severity": "LOW",
     "line": 25,
     "fileName": "positive3.tf"
   },
   {
     "queryName": "S3 Bucket Without Enabled MFA Delete",
-    "severity": "HIGH",
+    "severity": "LOW",
     "line": 24,
     "fileName": "positive4.tf"
   },
   {
     "queryName": "S3 Bucket Without Enabled MFA Delete",
-    "severity": "HIGH",
+    "severity": "LOW",
     "line": 23,
     "fileName": "positive4.tf"
   },
 
   {
     "queryName": "S3 Bucket Without Enabled MFA Delete",
-    "severity": "HIGH",
+    "severity": "LOW",
     "line": 1,
     "fileName": "positive5.tf"
   },
   {
     "queryName": "S3 Bucket Without Enabled MFA Delete",
-    "severity": "HIGH",
+    "severity": "LOW",
     "line": 8,
     "fileName": "positive6.tf"
   },
   {
     "queryName": "S3 Bucket Without Enabled MFA Delete",
-    "severity": "HIGH",
+    "severity": "LOW",
     "line": 10,
     "fileName": "positive7.tf"
   },
   {
     "queryName": "S3 Bucket Without Enabled MFA Delete",
-    "severity": "HIGH",
+    "severity": "LOW",
     "line": 8,
     "fileName": "positive8.tf"
   },
   {
     "queryName": "S3 Bucket Without Enabled MFA Delete",
-    "severity": "HIGH",
+    "severity": "LOW",
     "line": 9,
     "fileName": "positive8.tf"
   },
   {
     "queryName": "S3 Bucket Without Enabled MFA Delete",
-    "severity": "HIGH",
+    "severity": "LOW",
     "line": 28,
     "fileName": "positive9.tf"
   },
   {
     "queryName": "S3 Bucket Without Enabled MFA Delete",
-    "severity": "HIGH",
+    "severity": "LOW",
     "line": 27,
     "fileName": "positive10.tf"
   }