From c54628ae9b5a6981ad6b81d4b9e2133afc920e7d Mon Sep 17 00:00:00 2001 From: JulioSCX Date: Tue, 30 Jan 2024 14:26:35 +0000 Subject: [PATCH 01/13] feat(query): cloud formation api gateway access logging disabled --- .../metadata.json | 12 ++++++ .../query.rego | 41 +++++++++++++++++++ .../test/negative1.json | 29 +++++++++++++ .../test/negative2.json | 23 +++++++++++ .../test/negative3.json | 22 ++++++++++ .../test/positive1.json | 25 +++++++++++ .../test/positive2.json | 18 ++++++++ .../test/positive_expected_result.json | 14 +++++++ 8 files changed, 184 insertions(+) create mode 100644 assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/metadata.json create mode 100644 assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/query.rego create mode 100644 assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative1.json create mode 100644 assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative2.json create mode 100644 assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative3.json create mode 100644 assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive1.json create mode 100644 assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive2.json create mode 100644 assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive_expected_result.json diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/metadata.json b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/metadata.json new file mode 100644 index 00000000000..0841819c270 --- /dev/null +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/metadata.json @@ -0,0 +1,12 @@ +{ + "id": "999ecb35-10df-4d73-8f17-3f4b8c3beec5", + "queryName": "API Gateway Access Logging Disabled", + "severity": "MEDIUM", + "category": "Observability", + "descriptionText": "API Gateway should have Access Log Settings defined", + "descriptionUrl": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-stage.html", + "platform": "CloudFormation", + "descriptionID": "d7151524", + "cloudProvider": "aws", + "cwe": "" + } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/query.rego b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/query.rego new file mode 100644 index 00000000000..6f74630b82c --- /dev/null +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/query.rego @@ -0,0 +1,41 @@ +package Cx + +import data.generic.cloudformation as cf_lib + +CxPolicy[result] { + doc := input.document[i] + res := doc.Resources[stage] + properties := res.Properties + res.Type == "AWS::ApiGatewayV2::Stage" + + not properties.AccessLogSettings + + result := { + "documentId": doc.id, + "issueType": "MissingAttribute", + "keyExpectedValue": "'AccessLogSettings' should be defined", + "keyActualValue": "'AccessLogSettings' is not defined", + "resourceType": res.Type, + "resourceName": cf_lib.get_resource_name(res, stage), + "searchKey": sprintf("Resources.%s.Properties", [stage]), + } +} + +CxPolicy[result] { + doc := input.document[i] + res := doc.Resources[stage] + properties := res.Properties + res.Type == "AWS::ApiGateway::Stage" + + not properties.AccessLogSetting + + result := { + "documentId": doc.id, + "issueType": "MissingAttribute", + "keyExpectedValue": "'AccessLogSetting' should be defined", + "keyActualValue": "'AccessLogSetting' is not defined", + "resourceType": res.Type, + "resourceName": cf_lib.get_resource_name(res, stage), + "searchKey": sprintf("Resources.%s.Properties", [stage]), + } +} diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative1.json b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative1.json new file mode 100644 index 00000000000..9d8af6a9eab --- /dev/null +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative1.json @@ -0,0 +1,29 @@ +{ + "AWSTemplateFormatVersion": "2010-09-09", + "Resources": { + "MyStage": { + "Type": "AWS::ApiGatewayV2::Stage", + "Properties": { + "StageName": "Prod", + "Description": "Prod Stage", + "AccessLogSettings": { + "DestinationArn": "dest", + "Format": "format" + }, + "DeploymentId": { + "Ref": "MyDeployment" + }, + "ApiId": { + "Ref": "CFNWebSocket" + }, + "DefaultRouteSettings": { + "DetailedMetricsEnabled": true, + "LoggingLevel": "INFO", + "DataTraceEnabled": false, + "ThrottlingBurstLimit": 10, + "ThrottlingRateLimit": 10 + } + } + } + } +} \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative2.json b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative2.json new file mode 100644 index 00000000000..cb84f233d53 --- /dev/null +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative2.json @@ -0,0 +1,23 @@ +{ + "AWSTemplateFormatVersion": "2010-09-09T00:00:00Z", + "Resources": { + "NewAmpApp-1": { + "Type": "AWS::Amplify::App", + "Properties": { + "OauthToken": "String", + "Repository": "String", + "BasicAuthConfig": { + "Username": "admin", + "EnableBasicAuth": true, + "Password": "@skdsjdk0234!AB" + }, + "CustomHeaders": "String", + "Description": "String", + "Name": "NewAmpApp", + "BuildSpec": "String", + "EnableBranchAutoDeletion": true, + "IAMServiceRole": "String" + } + } + } +} diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative3.json b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative3.json new file mode 100644 index 00000000000..8b434ae40f4 --- /dev/null +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative3.json @@ -0,0 +1,22 @@ +{ + "AWSTemplateFormatVersion": "2010-09-09", + "Resources": { + "MyStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "StageName": "Prod", + "Description": "Prod Stage", + "AccessLogSetting": { + "DestinationArn": "dest", + "Format": "format" + }, + "DeploymentId": { + "Ref": "MyDeployment" + }, + "RestApiId": { + "Ref": "CFNWebSocket" + } + } + } + } +} \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive1.json b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive1.json new file mode 100644 index 00000000000..0b3f72e21f8 --- /dev/null +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive1.json @@ -0,0 +1,25 @@ +{ + "AWSTemplateFormatVersion": "2010-09-09", + "Resources": { + "MyStage": { + "Type": "AWS::ApiGatewayV2::Stage", + "Properties": { + "StageName": "Prod", + "Description": "Prod Stage", + "DeploymentId": { + "Ref": "MyDeployment" + }, + "ApiId": { + "Ref": "CFNWebSocket" + }, + "DefaultRouteSettings": { + "DetailedMetricsEnabled": true, + "LoggingLevel": "INFO", + "DataTraceEnabled": false, + "ThrottlingBurstLimit": 10, + "ThrottlingRateLimit": 10 + } + } + } + } +} \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive2.json b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive2.json new file mode 100644 index 00000000000..bc489c06d0f --- /dev/null +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive2.json @@ -0,0 +1,18 @@ +{ + "AWSTemplateFormatVersion": "2010-09-09", + "Resources": { + "MyStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "StageName": "Prod", + "Description": "Prod Stage", + "DeploymentId": { + "Ref": "MyDeployment" + }, + "RestApiId": { + "Ref": "CFNWebSocket" + } + } + } + } +} \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive_expected_result.json new file mode 100644 index 00000000000..b3b255d6e55 --- /dev/null +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive_expected_result.json @@ -0,0 +1,14 @@ +[ + { + "queryName": "API Gateway Access Logging Disabled", + "severity": "MEDIUM", + "line": 6, + "filename": "positive1.json" + }, + { + "queryName": "API Gateway Access Logging Disabled", + "severity": "MEDIUM", + "line": 6, + "filename": "positive2.json" + } +] \ No newline at end of file From d1755a29ab548009abd8f01eee9714712a173904 Mon Sep 17 00:00:00 2001 From: JulioSCX Date: Mon, 5 Feb 2024 10:20:24 +0000 Subject: [PATCH 02/13] swapped descriptionurl for a more apt one --- .../aws/api_gateway_access_logging_disabled/metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/metadata.json b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/metadata.json index 0841819c270..56876bd43da 100644 --- a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/metadata.json @@ -4,7 +4,7 @@ "severity": "MEDIUM", "category": "Observability", "descriptionText": "API Gateway should have Access Log Settings defined", - "descriptionUrl": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-stage.html", + "descriptionUrl": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-stage.html#cfn-apigateway-stage-accesslogsetting", "platform": "CloudFormation", "descriptionID": "d7151524", "cloudProvider": "aws", From 8ac0687178361a1655245f6c9cafcdcb4360ed5c Mon Sep 17 00:00:00 2001 From: EduardoSemanas Date: Fri, 16 Feb 2024 11:12:25 +0000 Subject: [PATCH 03/13] Merged API Gateway Stage Access Logging Settings Not Defined into API Gateway Access Logging Disabled and corresponding unit tests --- .../metadata.json | 22 +-- .../query.rego | 141 ++++++++++++++++-- .../test/negative1.yaml | 0 .../test/negative2.json | 35 +++-- .../test/negative3.json | 44 +++--- .../test/negative4.json | 4 + .../test/{negative1.json => negative5.json} | 0 .../test/negative6.json | 23 +++ .../test/negative7.json | 29 ++++ .../test/positive1.yaml | 3 + .../test/positive2.json | 33 ++-- .../test/positive3.json | 4 + .../test/positive4.json | 4 + .../test/{positive1.json => positive5.json} | 0 .../test/positive6.json | 25 ++++ .../test/positive_expected_result.json | 26 +++- .../metadata.json | 12 -- .../query.rego | 128 ---------------- .../test/negative2.json | 26 ---- .../test/negative3.json | 22 --- .../test/positive2.json | 15 -- .../test/positive_expected_result.json | 26 ---- 22 files changed, 318 insertions(+), 304 deletions(-) rename assets/queries/cloudFormation/aws/{api_gateway_stage_access_logging_settings_not_defined => api_gateway_access_logging_disabled}/test/negative1.yaml (100%) rename assets/queries/cloudFormation/aws/{api_gateway_stage_access_logging_settings_not_defined => api_gateway_access_logging_disabled}/test/negative4.json (84%) rename assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/{negative1.json => negative5.json} (100%) create mode 100644 assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative6.json create mode 100644 assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative7.json rename assets/queries/cloudFormation/aws/{api_gateway_stage_access_logging_settings_not_defined => api_gateway_access_logging_disabled}/test/positive1.yaml (89%) rename assets/queries/cloudFormation/aws/{api_gateway_stage_access_logging_settings_not_defined => api_gateway_access_logging_disabled}/test/positive3.json (84%) rename assets/queries/cloudFormation/aws/{api_gateway_stage_access_logging_settings_not_defined => api_gateway_access_logging_disabled}/test/positive4.json (83%) rename assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/{positive1.json => positive5.json} (100%) create mode 100644 assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive6.json delete mode 100644 assets/queries/cloudFormation/aws/api_gateway_stage_access_logging_settings_not_defined/metadata.json delete mode 100644 assets/queries/cloudFormation/aws/api_gateway_stage_access_logging_settings_not_defined/query.rego delete mode 100644 assets/queries/cloudFormation/aws/api_gateway_stage_access_logging_settings_not_defined/test/negative2.json delete mode 100644 assets/queries/cloudFormation/aws/api_gateway_stage_access_logging_settings_not_defined/test/negative3.json delete mode 100644 assets/queries/cloudFormation/aws/api_gateway_stage_access_logging_settings_not_defined/test/positive2.json delete mode 100644 assets/queries/cloudFormation/aws/api_gateway_stage_access_logging_settings_not_defined/test/positive_expected_result.json diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/metadata.json b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/metadata.json index 56876bd43da..a03ede50be7 100644 --- a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/metadata.json @@ -1,12 +1,12 @@ { - "id": "999ecb35-10df-4d73-8f17-3f4b8c3beec5", - "queryName": "API Gateway Access Logging Disabled", - "severity": "MEDIUM", - "category": "Observability", - "descriptionText": "API Gateway should have Access Log Settings defined", - "descriptionUrl": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-stage.html#cfn-apigateway-stage-accesslogsetting", - "platform": "CloudFormation", - "descriptionID": "d7151524", - "cloudProvider": "aws", - "cwe": "" - } \ No newline at end of file + "id": "80d45af4-4920-4236-a56e-b7ef419d1941", + "queryName": "API Gateway Access Logging Disabled", + "severity": "MEDIUM", + "category": "Observability", + "descriptionText": "API Gateway Stage should have Access Logging Settings defined", + "descriptionUrl": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-stage.html#cfn-apigatewayv2-stage-accesslogsettings", + "platform": "CloudFormation", + "descriptionID": "2a69fc63", + "cloudProvider": "aws", + "cwe": "" +} \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/query.rego b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/query.rego index 6f74630b82c..87b7624b620 100644 --- a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/query.rego +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/query.rego @@ -1,12 +1,131 @@ package Cx +import data.generic.common as common_lib import data.generic.cloudformation as cf_lib +CxPolicy[result] { + document := input.document + resource = document[i].Resources[name] + resource.Type == "AWS::ApiGatewayV2::Stage" + + properties := resource.Properties + not common_lib.valid_key(properties, "DefaultRouteSettings") + + result := { + "documentId": input.document[i].id, + "resourceType": resource.Type, + "resourceName": cf_lib.get_resource_name(resource, name), + "searchKey": sprintf("Resources.%s.Properties", [name]), + "issueType": "MissingAttribute", + "keyExpectedValue": sprintf("Resources.%s.Properties.DefaultRouteSettings should be defined and not null", [name]), + "keyActualValue": sprintf("Resources.%s.Properties.DefaultRouteSettings are undefined or null", [name]), + } +} + +CxPolicy[result] { + document := input.document + resource = document[i].Resources[name] + resource.Type == "AWS::ApiGatewayV2::Stage" + + properties := resource.Properties + defaultRouteSettings := properties.DefaultRouteSettings + not common_lib.valid_key(defaultRouteSettings, "LoggingLevel") + + result := { + "documentId": input.document[i].id, + "resourceType": resource.Type, + "resourceName": cf_lib.get_resource_name(resource, name), + "searchKey": sprintf("Resources.%s.Properties.DefaultRouteSettings", [name]), + "issueType": "MissingAttribute", + "keyExpectedValue": sprintf("Resources.%s.Properties.DefaultRouteSettings.LoggingLevel should be defined and not null", [name]), + "keyActualValue": sprintf("Resources.%s.Properties.DefaultRouteSettings.LoggingLevel are undefined or null", [name]), + } +} + +CxPolicy[result] { + document := input.document + resource = document[i].Resources[name] + resource.Type == "AWS::ApiGatewayV2::Stage" + + properties := resource.Properties + loggingLevel := properties.DefaultRouteSettings.LoggingLevel + loggingLevel == "OFF" + + result := { + "documentId": input.document[i].id, + "resourceType": resource.Type, + "resourceName": cf_lib.get_resource_name(resource, name), + "searchKey": sprintf("Resources.%s.Properties.DefaultRouteSettings.LoggingLevel", [name]), + "issueType": "IncorrectValue", + "keyExpectedValue": sprintf("Resources.%s.Properties.DefaultRouteSettings.LoggingLevel should not be set to OFF", [name]), + "keyActualValue": sprintf("Resources.%s.Properties.DefaultRouteSettings.LoggingLevel is OFF", [name]), + } +} + +CxPolicy[result] { + document := input.document + resource = document[i].Resources[name] + resource.Type == "AWS::ApiGateway::Stage" + + properties := resource.Properties + not common_lib.valid_key(properties, "MethodSettings") + + result := { + "documentId": input.document[i].id, + "resourceType": resource.Type, + "resourceName": cf_lib.get_resource_name(resource, name), + "searchKey": sprintf("Resources.%s.Properties", [name]), + "issueType": "MissingAttribute", + "keyExpectedValue": sprintf("Resources.%s.Properties.MethodSettings should be defined and not null", [name]), + "keyActualValue": sprintf("Resources.%s.Properties.MethodSettings are undefined or null", [name]), + } +} + +CxPolicy[result] { + document := input.document + resource = document[i].Resources[name] + resource.Type == "AWS::ApiGateway::Stage" + + properties := resource.Properties + methodSettings := properties.MethodSettings + not common_lib.valid_key(methodSettings, "LoggingLevel") + + result := { + "documentId": input.document[i].id, + "resourceType": resource.Type, + "resourceName": cf_lib.get_resource_name(resource, name), + "searchKey": sprintf("Resources.%s.Properties.MethodSettings", [name]), + "issueType": "MissingAttribute", + "keyExpectedValue": sprintf("Resources.%s.Properties.MethodSettings.LoggingLevel should be defined and not null", [name]), + "keyActualValue": sprintf("Resources.%s.Properties.MethodSettings.LoggingLevel are undefined or null", [name]), + } +} + +CxPolicy[result] { + document := input.document + resource = document[i].Resources[name] + resource.Type == "AWS::ApiGateway::Stage" + + properties := resource.Properties + loggingLevel := properties.MethodSettings.LoggingLevel + loggingLevel == "OFF" + + result := { + "documentId": input.document[i].id, + "resourceType": resource.Type, + "resourceName": cf_lib.get_resource_name(resource, name), + "searchKey": sprintf("Resources.%s.Properties.MethodSettings.LoggingLevel", [name]), + "issueType": "IncorrectValue", + "keyExpectedValue": sprintf("Resources.%s.Properties.MethodSettings.LoggingLevel should not be set to OFF", [name]), + "keyActualValue": sprintf("Resources.%s.Properties.MethodSettings.LoggingLevel is OFF", [name]), + } +} + CxPolicy[result] { doc := input.document[i] - res := doc.Resources[stage] - properties := res.Properties - res.Type == "AWS::ApiGatewayV2::Stage" + resource := doc.Resources[stage] + properties := resource.Properties + resource.Type == "AWS::ApiGatewayV2::Stage" not properties.AccessLogSettings @@ -15,17 +134,17 @@ CxPolicy[result] { "issueType": "MissingAttribute", "keyExpectedValue": "'AccessLogSettings' should be defined", "keyActualValue": "'AccessLogSettings' is not defined", - "resourceType": res.Type, - "resourceName": cf_lib.get_resource_name(res, stage), + "resourceType": resource.Type, + "resourceName": cf_lib.get_resource_name(resource, stage), "searchKey": sprintf("Resources.%s.Properties", [stage]), } } CxPolicy[result] { doc := input.document[i] - res := doc.Resources[stage] - properties := res.Properties - res.Type == "AWS::ApiGateway::Stage" + resource := doc.Resources[stage] + properties := resource.Properties + resource.Type == "AWS::ApiGateway::Stage" not properties.AccessLogSetting @@ -34,8 +153,8 @@ CxPolicy[result] { "issueType": "MissingAttribute", "keyExpectedValue": "'AccessLogSetting' should be defined", "keyActualValue": "'AccessLogSetting' is not defined", - "resourceType": res.Type, - "resourceName": cf_lib.get_resource_name(res, stage), + "resourceType": resource.Type, + "resourceName": cf_lib.get_resource_name(resource, stage), "searchKey": sprintf("Resources.%s.Properties", [stage]), } -} +} \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/api_gateway_stage_access_logging_settings_not_defined/test/negative1.yaml b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative1.yaml similarity index 100% rename from assets/queries/cloudFormation/aws/api_gateway_stage_access_logging_settings_not_defined/test/negative1.yaml rename to assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative1.yaml diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative2.json b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative2.json index cb84f233d53..2f674a3b00e 100644 --- a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative2.json +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative2.json @@ -1,23 +1,26 @@ { - "AWSTemplateFormatVersion": "2010-09-09T00:00:00Z", "Resources": { - "NewAmpApp-1": { - "Type": "AWS::Amplify::App", + "MyStage": { + "Type": "AWS::ApiGatewayV2::Stage", "Properties": { - "OauthToken": "String", - "Repository": "String", - "BasicAuthConfig": { - "Username": "admin", - "EnableBasicAuth": true, - "Password": "@skdsjdk0234!AB" + "StageName": "Prod", + "Description": "Prod Stage", + "DeploymentId": "MyDeployment", + "ApiId": "CFNWebSocket", + "DefaultRouteSettings": { + "DetailedMetricsEnabled": true, + "LoggingLevel": "INFO", + "DataTraceEnabled": false, + "ThrottlingBurstLimit": 10, + "ThrottlingRateLimit": 10 }, - "CustomHeaders": "String", - "Description": "String", - "Name": "NewAmpApp", - "BuildSpec": "String", - "EnableBranchAutoDeletion": true, - "IAMServiceRole": "String" + "AccessLogSettings": { + "DestinationArn": "arn:aws:logs:us-east-1:123456789:log-group:my-log-group", + "Format": "{\"requestId\":\"$context.requestId\", \"ip\": \"$context.identity.sourceIp\", \"caller\":\"$context.identity.caller\", \"user\":\"$context.identity.user\",\"requestTime\":\"$context.requestTime\", \"eventType\":\"$context.eventType\",\"routeKey\":\"$context.routeKey\", \"status\":\"$context.status\",\"connectionId\":\"$context.connectionId\"}" + } } } - } + }, + "AWSTemplateFormatVersion": "2010-09-09", + "Description": "Router53" } diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative3.json b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative3.json index 8b434ae40f4..6a2a685747d 100644 --- a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative3.json +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative3.json @@ -1,22 +1,26 @@ { - "AWSTemplateFormatVersion": "2010-09-09", - "Resources": { - "MyStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "StageName": "Prod", - "Description": "Prod Stage", - "AccessLogSetting": { - "DestinationArn": "dest", - "Format": "format" - }, - "DeploymentId": { - "Ref": "MyDeployment" - }, - "RestApiId": { - "Ref": "CFNWebSocket" - } - } - } + "AWSTemplateFormatVersion": "2010-09-09", + "Description": "Router53", + "Resources": { + "MyStage": { + "Type": "AWS::ApiGatewayV2::Stage", + "Properties": { + "Description": "Prod Stage", + "AccessLogSettings": { + "DestinationArn": "dest", + "Format": "format" + }, + "DeploymentId": "MyDeployment", + "ApiId": "CFNWebSocket", + "DefaultRouteSettings": { + "ThrottlingBurstLimit": 10, + "ThrottlingRateLimit": 10, + "DetailedMetricsEnabled": true, + "LoggingLevel": "INFO", + "DataTraceEnabled": false + }, + "StageName": "Prod" + } } -} \ No newline at end of file + } +} diff --git a/assets/queries/cloudFormation/aws/api_gateway_stage_access_logging_settings_not_defined/test/negative4.json b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative4.json similarity index 84% rename from assets/queries/cloudFormation/aws/api_gateway_stage_access_logging_settings_not_defined/test/negative4.json rename to assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative4.json index e87044b5b6e..40ced901673 100644 --- a/assets/queries/cloudFormation/aws/api_gateway_stage_access_logging_settings_not_defined/test/negative4.json +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative4.json @@ -6,6 +6,10 @@ "Properties": { "StageName": "Prod", "Description": "Prod Stage", + "AccessLogSettings": { + "DestinationArn": "dest", + "Format": "format" + }, "DeploymentId": { "Ref": "MyDeployment" }, diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative1.json b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative5.json similarity index 100% rename from assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative1.json rename to assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative5.json diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative6.json b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative6.json new file mode 100644 index 00000000000..7b705f1ac7c --- /dev/null +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative6.json @@ -0,0 +1,23 @@ +{ + "AWSTemplateFormatVersion": "2010-09-09T00:00:00Z", + "Resources": { + "NewAmpApp-1": { + "Type": "AWS::Amplify::App", + "Properties": { + "OauthToken": "String", + "Repository": "String", + "BasicAuthConfig": { + "Username": "admin", + "EnableBasicAuth": true, + "Password": "String" + }, + "CustomHeaders": "String", + "Description": "String", + "Name": "NewAmpApp", + "BuildSpec": "String", + "EnableBranchAutoDeletion": true, + "IAMServiceRole": "String" + } + } + } +} diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative7.json b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative7.json new file mode 100644 index 00000000000..9d769ca6ee0 --- /dev/null +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative7.json @@ -0,0 +1,29 @@ +{ + "AWSTemplateFormatVersion": "2010-09-09", + "Resources": { + "MyStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "StageName": "Prod", + "Description": "Prod Stage", + "AccessLogSetting": { + "DestinationArn": "dest", + "Format": "format" + }, + "DeploymentId": { + "Ref": "MyDeployment" + }, + "MethodSettings": { + "DetailedMetricsEnabled": true, + "LoggingLevel": "INFO", + "DataTraceEnabled": false, + "ThrottlingBurstLimit": 10, + "ThrottlingRateLimit": 10 + }, + "RestApiId": { + "Ref": "CFNWebSocket" + } + } + } + } +} \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/api_gateway_stage_access_logging_settings_not_defined/test/positive1.yaml b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive1.yaml similarity index 89% rename from assets/queries/cloudFormation/aws/api_gateway_stage_access_logging_settings_not_defined/test/positive1.yaml rename to assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive1.yaml index d030372417c..4942cc4d81a 100644 --- a/assets/queries/cloudFormation/aws/api_gateway_stage_access_logging_settings_not_defined/test/positive1.yaml +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive1.yaml @@ -4,6 +4,9 @@ Resources: Properties: StageName: Prod Description: Prod Stage + AccessLogSetting: + DestinationArn: "dest" + Format: "format" RestApiId: !Ref MyRestApi DeploymentId: !Ref TestDeployment DocumentationVersion: "" diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive2.json b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive2.json index bc489c06d0f..1798ea0f8e8 100644 --- a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive2.json +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive2.json @@ -1,18 +1,19 @@ { - "AWSTemplateFormatVersion": "2010-09-09", - "Resources": { - "MyStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "StageName": "Prod", - "Description": "Prod Stage", - "DeploymentId": { - "Ref": "MyDeployment" - }, - "RestApiId": { - "Ref": "CFNWebSocket" - } - } - } + "AWSTemplateFormatVersion": "2010-09-09", + "Description": "Router53", + "Resources": { + "MyStage": { + "Type": "AWS::ApiGatewayV2::Stage", + "Properties": { + "Description": "Prod Stage", + "AccessLogSettings": { + "DestinationArn": "dest", + "Format": "format" + }, + "DeploymentId": "MyDeployment", + "ApiId": "CFNWebSocket", + "StageName": "Prod" + } } -} \ No newline at end of file + } +} diff --git a/assets/queries/cloudFormation/aws/api_gateway_stage_access_logging_settings_not_defined/test/positive3.json b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive3.json similarity index 84% rename from assets/queries/cloudFormation/aws/api_gateway_stage_access_logging_settings_not_defined/test/positive3.json rename to assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive3.json index d175cb339de..dcc63234775 100644 --- a/assets/queries/cloudFormation/aws/api_gateway_stage_access_logging_settings_not_defined/test/positive3.json +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive3.json @@ -6,6 +6,10 @@ "Properties": { "StageName": "Prod", "Description": "Prod Stage", + "AccessLogSettings": { + "DestinationArn": "dest", + "Format": "format" + }, "DeploymentId": { "Ref": "MyDeployment" }, diff --git a/assets/queries/cloudFormation/aws/api_gateway_stage_access_logging_settings_not_defined/test/positive4.json b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive4.json similarity index 83% rename from assets/queries/cloudFormation/aws/api_gateway_stage_access_logging_settings_not_defined/test/positive4.json rename to assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive4.json index 8b83dfe0073..0b8f2b89c0c 100644 --- a/assets/queries/cloudFormation/aws/api_gateway_stage_access_logging_settings_not_defined/test/positive4.json +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive4.json @@ -6,6 +6,10 @@ "Properties": { "StageName": "Prod", "Description": "Prod Stage", + "AccessLogSettings": { + "DestinationArn": "dest", + "Format": "format" + }, "DeploymentId": { "Ref": "MyDeployment" }, diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive1.json b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive5.json similarity index 100% rename from assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive1.json rename to assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive5.json diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive6.json b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive6.json new file mode 100644 index 00000000000..2133df7f76a --- /dev/null +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive6.json @@ -0,0 +1,25 @@ +{ + "AWSTemplateFormatVersion": "2010-09-09", + "Resources": { + "MyStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "StageName": "Prod", + "Description": "Prod Stage", + "DeploymentId": { + "Ref": "MyDeployment" + }, + "MethodSettings": { + "DetailedMetricsEnabled": true, + "LoggingLevel": "INFO", + "DataTraceEnabled": false, + "ThrottlingBurstLimit": 10, + "ThrottlingRateLimit": 10 + }, + "RestApiId": { + "Ref": "CFNWebSocket" + } + } + } + } +} \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive_expected_result.json index b3b255d6e55..3944cd4d2d2 100644 --- a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive_expected_result.json @@ -1,4 +1,28 @@ [ + { + "queryName": "API Gateway Stage Access Logging Settings Not Defined", + "severity": "MEDIUM", + "line": 4, + "fileName": "positive1.yaml" + }, + { + "queryName": "API Gateway Stage Access Logging Settings Not Defined", + "severity": "MEDIUM", + "line": 7, + "fileName": "positive2.json" + }, + { + "queryName": "API Gateway Stage Access Logging Settings Not Defined", + "severity": "MEDIUM", + "line": 15, + "fileName": "positive4.json" + }, + { + "queryName": "API Gateway Stage Access Logging Settings Not Defined", + "severity": "MEDIUM", + "line": 17, + "fileName": "positive3.json" + }, { "queryName": "API Gateway Access Logging Disabled", "severity": "MEDIUM", @@ -11,4 +35,4 @@ "line": 6, "filename": "positive2.json" } -] \ No newline at end of file +] diff --git a/assets/queries/cloudFormation/aws/api_gateway_stage_access_logging_settings_not_defined/metadata.json b/assets/queries/cloudFormation/aws/api_gateway_stage_access_logging_settings_not_defined/metadata.json deleted file mode 100644 index 57dad70cc26..00000000000 --- a/assets/queries/cloudFormation/aws/api_gateway_stage_access_logging_settings_not_defined/metadata.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "id": "80d45af4-4920-4236-a56e-b7ef419d1941", - "queryName": "API Gateway Stage Access Logging Settings Not Defined", - "severity": "MEDIUM", - "category": "Observability", - "descriptionText": "API Gateway Stage should have Access Logging Settings defined", - "descriptionUrl": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-stage.html#cfn-apigatewayv2-stage-accesslogsettings", - "platform": "CloudFormation", - "descriptionID": "2a69fc63", - "cloudProvider": "aws", - "cwe": "" -} \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/api_gateway_stage_access_logging_settings_not_defined/query.rego b/assets/queries/cloudFormation/aws/api_gateway_stage_access_logging_settings_not_defined/query.rego deleted file mode 100644 index 82370615d74..00000000000 --- a/assets/queries/cloudFormation/aws/api_gateway_stage_access_logging_settings_not_defined/query.rego +++ /dev/null @@ -1,128 +0,0 @@ -package Cx - -import data.generic.common as common_lib -import data.generic.cloudformation as cf_lib - -CxPolicy[result] { - document := input.document - resource = document[i].Resources[name] - resource.Type == "AWS::ApiGatewayV2::Stage" - - properties := resource.Properties - not common_lib.valid_key(resource.Properties, "AccessLogSettings") - not common_lib.valid_key(resource.Properties, "DefaultRouteSettings") - - result := { - "documentId": input.document[i].id, - "resourceType": resource.Type, - "resourceName": cf_lib.get_resource_name(resource, name), - "searchKey": sprintf("Resources.%s.Properties", [name]), - "issueType": "MissingAttribute", - "keyExpectedValue": sprintf("Resources.%s.Properties.AccessLogSettings or Resources.%s.Properties.DefaultRouteSettings should be defined and not null", [name]), - "keyActualValue": sprintf("Resources.%s.Properties.AccessLogSettings and Resources.%s.Properties.DefaultRouteSettings are undefined or null", [name]), - } -} - -CxPolicy[result] { - document := input.document - resource = document[i].Resources[name] - resource.Type == "AWS::ApiGatewayV2::Stage" - - properties := resource.Properties - not common_lib.valid_key(resource.Properties, "AccessLogSettings") - defaultRouteSettings := resource.Properties.DefaultRouteSettings - not common_lib.valid_key(defaultRouteSettings, "LoggingLevel") - - result := { - "documentId": input.document[i].id, - "resourceType": resource.Type, - "resourceName": cf_lib.get_resource_name(resource, name), - "searchKey": sprintf("Resources.%s.Properties.DefaultRouteSettings", [name]), - "issueType": "MissingAttribute", - "keyExpectedValue": sprintf("Resources.%s.Properties.AccessLogSettings or Resources.%s.Properties.DefaultRouteSettings.LoggingLevel should be defined and not null", [name]), - "keyActualValue": sprintf("Resources.%s.Properties.AccessLogSettings and Resources.%s.Properties.DefaultRouteSettings.LoggingLevel are undefined or null", [name]), - } -} - -CxPolicy[result] { - document := input.document - resource = document[i].Resources[name] - resource.Type == "AWS::ApiGatewayV2::Stage" - - properties := resource.Properties - not common_lib.valid_key(resource.Properties, "AccessLogSettings") - loggingLevel := resource.Properties.DefaultRouteSettings.LoggingLevel - loggingLevel == "OFF" - - result := { - "documentId": input.document[i].id, - "resourceType": resource.Type, - "resourceName": cf_lib.get_resource_name(resource, name), - "searchKey": sprintf("Resources.%s.Properties.DefaultRouteSettings.LoggingLevel", [name]), - "issueType": "IncorrectValue", - "keyExpectedValue": sprintf("Resources.%s.Properties.AccessLogSettings should be defined and not null or Resources.%s.Properties.DefaultRouteSettings.LoggingLevel should not be set to OFF", [name]), - "keyActualValue": sprintf("Resources.%s.Properties.AccessLogSettings is undefined or null and Resources.%s.Properties.DefaultRouteSettings.LoggingLevel is OFF", [name]), - } -} - -CxPolicy[result] { - document := input.document - resource = document[i].Resources[name] - resource.Type == "AWS::ApiGateway::Stage" - - properties := resource.Properties - not common_lib.valid_key(resource.Properties, "AccessLogSettings") - not common_lib.valid_key(resource.Properties, "DefaultRouteSettings") - - result := { - "documentId": input.document[i].id, - "resourceType": resource.Type, - "resourceName": cf_lib.get_resource_name(resource, name), - "searchKey": sprintf("Resources.%s.Properties", [name]), - "issueType": "MissingAttribute", - "keyExpectedValue": sprintf("Resources.%s.Properties.AccessLogSettings or Resources.%s.Properties.DefaultRouteSettings should be defined and not null", [name]), - "keyActualValue": sprintf("Resources.%s.Properties.AccessLogSettings and Resources.%s.Properties.DefaultRouteSettings are undefined or null", [name]), - } -} - -CxPolicy[result] { - document := input.document - resource = document[i].Resources[name] - resource.Type == "AWS::ApiGateway::Stage" - - properties := resource.Properties - not common_lib.valid_key(resource.Properties, "AccessLogSettings") - defaultRouteSettings := resource.Properties.DefaultRouteSettings - not common_lib.valid_key(defaultRouteSettings, "LoggingLevel") - - result := { - "documentId": input.document[i].id, - "resourceType": resource.Type, - "resourceName": cf_lib.get_resource_name(resource, name), - "searchKey": sprintf("Resources.%s.Properties.DefaultRouteSettings", [name]), - "issueType": "MissingAttribute", - "keyExpectedValue": sprintf("Resources.%s.Properties.AccessLogSettings or Resources.%s.Properties.DefaultRouteSettings.LoggingLevel should be defined and not null", [name]), - "keyActualValue": sprintf("Resources.%s.Properties.AccessLogSettings and Resources.%s.Properties.DefaultRouteSettings.LoggingLevel are undefined or null", [name]), - } -} - -CxPolicy[result] { - document := input.document - resource = document[i].Resources[name] - resource.Type == "AWS::ApiGateway::Stage" - - properties := resource.Properties - not common_lib.valid_key(resource.Properties, "AccessLogSettings") - loggingLevel := resource.Properties.DefaultRouteSettings.LoggingLevel - loggingLevel == "OFF" - - result := { - "documentId": input.document[i].id, - "resourceType": resource.Type, - "resourceName": cf_lib.get_resource_name(resource, name), - "searchKey": sprintf("Resources.%s.Properties.DefaultRouteSettings.LoggingLevel", [name]), - "issueType": "IncorrectValue", - "keyExpectedValue": sprintf("Resources.%s.Properties.AccessLogSettings should be defined and not null or Resources.%s.Properties.DefaultRouteSettings.LoggingLevel should not be set to OFF", [name]), - "keyActualValue": sprintf("Resources.%s.Properties.AccessLogSettings is undefined or null and Resources.%s.Properties.DefaultRouteSettings.LoggingLevel is OFF", [name]), - } -} \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/api_gateway_stage_access_logging_settings_not_defined/test/negative2.json b/assets/queries/cloudFormation/aws/api_gateway_stage_access_logging_settings_not_defined/test/negative2.json deleted file mode 100644 index 2f674a3b00e..00000000000 --- a/assets/queries/cloudFormation/aws/api_gateway_stage_access_logging_settings_not_defined/test/negative2.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "Resources": { - "MyStage": { - "Type": "AWS::ApiGatewayV2::Stage", - "Properties": { - "StageName": "Prod", - "Description": "Prod Stage", - "DeploymentId": "MyDeployment", - "ApiId": "CFNWebSocket", - "DefaultRouteSettings": { - "DetailedMetricsEnabled": true, - "LoggingLevel": "INFO", - "DataTraceEnabled": false, - "ThrottlingBurstLimit": 10, - "ThrottlingRateLimit": 10 - }, - "AccessLogSettings": { - "DestinationArn": "arn:aws:logs:us-east-1:123456789:log-group:my-log-group", - "Format": "{\"requestId\":\"$context.requestId\", \"ip\": \"$context.identity.sourceIp\", \"caller\":\"$context.identity.caller\", \"user\":\"$context.identity.user\",\"requestTime\":\"$context.requestTime\", \"eventType\":\"$context.eventType\",\"routeKey\":\"$context.routeKey\", \"status\":\"$context.status\",\"connectionId\":\"$context.connectionId\"}" - } - } - } - }, - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Router53" -} diff --git a/assets/queries/cloudFormation/aws/api_gateway_stage_access_logging_settings_not_defined/test/negative3.json b/assets/queries/cloudFormation/aws/api_gateway_stage_access_logging_settings_not_defined/test/negative3.json deleted file mode 100644 index e4c2eeb17b2..00000000000 --- a/assets/queries/cloudFormation/aws/api_gateway_stage_access_logging_settings_not_defined/test/negative3.json +++ /dev/null @@ -1,22 +0,0 @@ -{ - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Router53", - "Resources": { - "MyStage": { - "Type": "AWS::ApiGatewayV2::Stage", - "Properties": { - "Description": "Prod Stage", - "DeploymentId": "MyDeployment", - "ApiId": "CFNWebSocket", - "DefaultRouteSettings": { - "ThrottlingBurstLimit": 10, - "ThrottlingRateLimit": 10, - "DetailedMetricsEnabled": true, - "LoggingLevel": "INFO", - "DataTraceEnabled": false - }, - "StageName": "Prod" - } - } - } -} diff --git a/assets/queries/cloudFormation/aws/api_gateway_stage_access_logging_settings_not_defined/test/positive2.json b/assets/queries/cloudFormation/aws/api_gateway_stage_access_logging_settings_not_defined/test/positive2.json deleted file mode 100644 index ae196515b68..00000000000 --- a/assets/queries/cloudFormation/aws/api_gateway_stage_access_logging_settings_not_defined/test/positive2.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Router53", - "Resources": { - "MyStage": { - "Type": "AWS::ApiGatewayV2::Stage", - "Properties": { - "Description": "Prod Stage", - "DeploymentId": "MyDeployment", - "ApiId": "CFNWebSocket", - "StageName": "Prod" - } - } - } -} diff --git a/assets/queries/cloudFormation/aws/api_gateway_stage_access_logging_settings_not_defined/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/api_gateway_stage_access_logging_settings_not_defined/test/positive_expected_result.json deleted file mode 100644 index 6f8e54b5662..00000000000 --- a/assets/queries/cloudFormation/aws/api_gateway_stage_access_logging_settings_not_defined/test/positive_expected_result.json +++ /dev/null @@ -1,26 +0,0 @@ -[ - { - "queryName": "API Gateway Stage Access Logging Settings Not Defined", - "severity": "MEDIUM", - "line": 4, - "fileName": "positive1.yaml" - }, - { - "queryName": "API Gateway Stage Access Logging Settings Not Defined", - "severity": "MEDIUM", - "line": 7, - "fileName": "positive2.json" - }, - { - "queryName": "API Gateway Stage Access Logging Settings Not Defined", - "severity": "MEDIUM", - "line": 15, - "fileName": "positive4.json" - }, - { - "queryName": "API Gateway Stage Access Logging Settings Not Defined", - "severity": "MEDIUM", - "line": 17, - "fileName": "positive3.json" - } -] From 26c84648fa298e5f61bbda0375e17343e73929ba Mon Sep 17 00:00:00 2001 From: EduardoSemanas Date: Fri, 16 Feb 2024 11:55:08 +0000 Subject: [PATCH 04/13] Code cleaning and positive expected result correction --- .../test/negative6.json | 4 +--- .../test/positive_expected_result.json | 14 +++++++------- 2 files changed, 8 insertions(+), 10 deletions(-) diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative6.json b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative6.json index 7b705f1ac7c..4f0ee691a9f 100644 --- a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative6.json +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative6.json @@ -4,12 +4,10 @@ "NewAmpApp-1": { "Type": "AWS::Amplify::App", "Properties": { - "OauthToken": "String", "Repository": "String", "BasicAuthConfig": { "Username": "admin", - "EnableBasicAuth": true, - "Password": "String" + "EnableBasicAuth": true }, "CustomHeaders": "String", "Description": "String", diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive_expected_result.json index 3944cd4d2d2..1168d4c495e 100644 --- a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive_expected_result.json @@ -2,7 +2,7 @@ { "queryName": "API Gateway Stage Access Logging Settings Not Defined", "severity": "MEDIUM", - "line": 4, + "line": 16, "fileName": "positive1.yaml" }, { @@ -14,25 +14,25 @@ { "queryName": "API Gateway Stage Access Logging Settings Not Defined", "severity": "MEDIUM", - "line": 15, - "fileName": "positive4.json" + "line": 21, + "fileName": "positive3.json" }, { "queryName": "API Gateway Stage Access Logging Settings Not Defined", "severity": "MEDIUM", - "line": 17, - "fileName": "positive3.json" + "line": 19, + "fileName": "positive4.json" }, { "queryName": "API Gateway Access Logging Disabled", "severity": "MEDIUM", "line": 6, - "filename": "positive1.json" + "filename": "positive5.json" }, { "queryName": "API Gateway Access Logging Disabled", "severity": "MEDIUM", "line": 6, - "filename": "positive2.json" + "filename": "positive6.json" } ] From 6523593c1688a8307f8792812a05e9688308954f Mon Sep 17 00:00:00 2001 From: EduardoSemanas Date: Tue, 20 Feb 2024 12:00:03 +0000 Subject: [PATCH 05/13] Best coding practices/comments update --- .../aws/api_gateway_access_logging_disabled/query.rego | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/query.rego b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/query.rego index 87b7624b620..78f96533be0 100644 --- a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/query.rego +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/query.rego @@ -124,8 +124,8 @@ CxPolicy[result] { CxPolicy[result] { doc := input.document[i] resource := doc.Resources[stage] - properties := resource.Properties resource.Type == "AWS::ApiGatewayV2::Stage" + properties := resource.Properties not properties.AccessLogSettings @@ -143,8 +143,8 @@ CxPolicy[result] { CxPolicy[result] { doc := input.document[i] resource := doc.Resources[stage] - properties := resource.Properties resource.Type == "AWS::ApiGateway::Stage" + properties := resource.Properties not properties.AccessLogSetting From 79a09b05de24f8dac626120063f7973d1a26b772 Mon Sep 17 00:00:00 2001 From: EduardoSemanas Date: Tue, 20 Feb 2024 12:26:54 +0000 Subject: [PATCH 06/13] Updated expected results query description --- .../test/positive_expected_result.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive_expected_result.json index 1168d4c495e..d9405e5ddfa 100644 --- a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive_expected_result.json @@ -1,24 +1,24 @@ [ { - "queryName": "API Gateway Stage Access Logging Settings Not Defined", + "queryName": "API Gateway Access Logging Disabled", "severity": "MEDIUM", "line": 16, "fileName": "positive1.yaml" }, { - "queryName": "API Gateway Stage Access Logging Settings Not Defined", + "queryName": "API Gateway Access Logging Disabled", "severity": "MEDIUM", "line": 7, "fileName": "positive2.json" }, { - "queryName": "API Gateway Stage Access Logging Settings Not Defined", + "queryName": "API Gateway Access Logging Disabled", "severity": "MEDIUM", "line": 21, "fileName": "positive3.json" }, { - "queryName": "API Gateway Stage Access Logging Settings Not Defined", + "queryName": "API Gateway Access Logging Disabled", "severity": "MEDIUM", "line": 19, "fileName": "positive4.json" From 4bff1a95dd37cc24d44df5ed4609bdbe9b93213f Mon Sep 17 00:00:00 2001 From: EduardoSemanas Date: Thu, 22 Feb 2024 16:57:24 +0000 Subject: [PATCH 07/13] Weird Behaviour while identifying empty json fields corrected. --- .../query.rego | 26 +++++++++++++------ 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/query.rego b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/query.rego index 78f96533be0..5eb70e348cb 100644 --- a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/query.rego +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/query.rego @@ -9,13 +9,13 @@ CxPolicy[result] { resource.Type == "AWS::ApiGatewayV2::Stage" properties := resource.Properties - not common_lib.valid_key(properties, "DefaultRouteSettings") + searchKeyValid := validNonEmptyKey(properties, "DefaultRouteSettings") result := { "documentId": input.document[i].id, "resourceType": resource.Type, "resourceName": cf_lib.get_resource_name(resource, name), - "searchKey": sprintf("Resources.%s.Properties", [name]), + "searchKey": sprintf("Resources.%s.Properties%s", [name, searchKeyValid]), "issueType": "MissingAttribute", "keyExpectedValue": sprintf("Resources.%s.Properties.DefaultRouteSettings should be defined and not null", [name]), "keyActualValue": sprintf("Resources.%s.Properties.DefaultRouteSettings are undefined or null", [name]), @@ -29,13 +29,13 @@ CxPolicy[result] { properties := resource.Properties defaultRouteSettings := properties.DefaultRouteSettings - not common_lib.valid_key(defaultRouteSettings, "LoggingLevel") + searchKeyValid := validNonEmptyKey(defaultRouteSettings, "LoggingLevel") result := { "documentId": input.document[i].id, "resourceType": resource.Type, "resourceName": cf_lib.get_resource_name(resource, name), - "searchKey": sprintf("Resources.%s.Properties.DefaultRouteSettings", [name]), + "searchKey": sprintf("Resources.%s.Properties.DefaultRouteSettings%s", [name, searchKeyValid]), "issueType": "MissingAttribute", "keyExpectedValue": sprintf("Resources.%s.Properties.DefaultRouteSettings.LoggingLevel should be defined and not null", [name]), "keyActualValue": sprintf("Resources.%s.Properties.DefaultRouteSettings.LoggingLevel are undefined or null", [name]), @@ -68,13 +68,13 @@ CxPolicy[result] { resource.Type == "AWS::ApiGateway::Stage" properties := resource.Properties - not common_lib.valid_key(properties, "MethodSettings") + searchKeyValid := validNonEmptyKey(properties, "MethodSettings") result := { "documentId": input.document[i].id, "resourceType": resource.Type, "resourceName": cf_lib.get_resource_name(resource, name), - "searchKey": sprintf("Resources.%s.Properties", [name]), + "searchKey": sprintf("Resources.%s.Properties%s", [name, searchKeyValid]), "issueType": "MissingAttribute", "keyExpectedValue": sprintf("Resources.%s.Properties.MethodSettings should be defined and not null", [name]), "keyActualValue": sprintf("Resources.%s.Properties.MethodSettings are undefined or null", [name]), @@ -88,13 +88,13 @@ CxPolicy[result] { properties := resource.Properties methodSettings := properties.MethodSettings - not common_lib.valid_key(methodSettings, "LoggingLevel") + searchKeyValid := validNonEmptyKey(methodSettings, "LoggingLevel") result := { "documentId": input.document[i].id, "resourceType": resource.Type, "resourceName": cf_lib.get_resource_name(resource, name), - "searchKey": sprintf("Resources.%s.Properties.MethodSettings", [name]), + "searchKey": sprintf("Resources.%s.Properties.MethodSettings%s", [name, searchKeyValid]), "issueType": "MissingAttribute", "keyExpectedValue": sprintf("Resources.%s.Properties.MethodSettings.LoggingLevel should be defined and not null", [name]), "keyActualValue": sprintf("Resources.%s.Properties.MethodSettings.LoggingLevel are undefined or null", [name]), @@ -157,4 +157,14 @@ CxPolicy[result] { "resourceName": cf_lib.get_resource_name(resource, stage), "searchKey": sprintf("Resources.%s.Properties", [stage]), } +} + +validNonEmptyKey(field, key) = output { + not common_lib.valid_key(field, key) + output = "" +} else = output { + keyObj := field[key] + is_object(keyObj) + count(keyObj) == 0 + output := concat(".", ["", key]) } \ No newline at end of file From dbe0e6e9b39245de8b2a4233c74a5a24497f7b15 Mon Sep 17 00:00:00 2001 From: EduardoSemanas Date: Thu, 22 Feb 2024 16:57:36 +0000 Subject: [PATCH 08/13] QA sugested Unit Tests added --- .../test/positive10.json | 24 +++++++++++++++ .../test/positive11.yml | 13 +++++++++ .../test/positive12.json | 29 +++++++++++++++++++ .../test/positive13.yml | 14 +++++++++ .../test/positive14.yml | 14 +++++++++ .../test/positive15.yml | 15 ++++++++++ .../test/positive16.yml | 11 +++++++ .../test/positive17.yml | 12 ++++++++ .../test/positive7.json | 19 ++++++++++++ .../test/positive8.yml | 12 ++++++++ .../test/positive9.yml | 13 +++++++++ 11 files changed, 176 insertions(+) create mode 100644 assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive10.json create mode 100644 assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive11.yml create mode 100644 assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive12.json create mode 100644 assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive13.yml create mode 100644 assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive14.yml create mode 100644 assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive15.yml create mode 100644 assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive16.yml create mode 100644 assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive17.yml create mode 100644 assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive7.json create mode 100644 assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive8.yml create mode 100644 assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive9.yml diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive10.json b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive10.json new file mode 100644 index 00000000000..8dd532335a1 --- /dev/null +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive10.json @@ -0,0 +1,24 @@ +{ + "AWSTemplateFormatVersion": "2010-09-09", + "Resources": { + "MyStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "StageName": "Prod", + "Description": "Prod Stage", + "AccessLogSetting": { + "DestinationArn": "dest", + "Format": "format" + }, + "DeploymentId": { + "Ref": "MyDeployment" + }, + "RestApiId": { + "Ref": "CFNWebSocket" + }, + "MethodSettings": { + } + } + } + } +} \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive11.yml b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive11.yml new file mode 100644 index 00000000000..4adf05d2a6c --- /dev/null +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive11.yml @@ -0,0 +1,13 @@ +Resources: + Prod: + Type: AWS::ApiGateway::Stage + Properties: + StageName: Prod + Description: Prod Stage + AccessLogSetting: + DestinationArn: "dest" + Format: "format" + RestApiId: !Ref MyRestApi + DeploymentId: !Ref TestDeployment + DocumentationVersion: "" + MethodSettings: \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive12.json b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive12.json new file mode 100644 index 00000000000..3bbd4b22c77 --- /dev/null +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive12.json @@ -0,0 +1,29 @@ +{ + "AWSTemplateFormatVersion": "2010-09-09", + "Resources": { + "MyStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "StageName": "Prod", + "Description": "Prod Stage", + "AccessLogSetting": { + "DestinationArn": "dest", + "Format": "format" + }, + "DeploymentId": { + "Ref": "MyDeployment" + }, + "RestApiId": { + "Ref": "CFNWebSocket" + }, + "MethodSettings": { + "DetailedMetricsEnabled": true, + "LoggingLevel": "OFF", + "DataTraceEnabled": false, + "ThrottlingBurstLimit": 10, + "ThrottlingRateLimit": 10 + } + } + } + } +} \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive13.yml b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive13.yml new file mode 100644 index 00000000000..860851c6626 --- /dev/null +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive13.yml @@ -0,0 +1,14 @@ +Resources: + Prod: + Type: AWS::ApiGatewayV2::Stage + Properties: + StageName: Prod + Description: Prod Stage + AccessLogSettings: + DestinationArn: "dest" + Format: "format" + RestApiId: !Ref MyRestApi + DeploymentId: !Ref TestDeployment + DocumentationVersion: "" + ApiId: "teste" + DefaultRouteSettings: \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive14.yml b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive14.yml new file mode 100644 index 00000000000..91e68e12d8f --- /dev/null +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive14.yml @@ -0,0 +1,14 @@ +Resources: + Prod: + Type: AWS::ApiGateway::Stage + Properties: + StageName: Prod + Description: Prod Stage + AccessLogSetting: + DestinationArn: "dest" + Format: "format" + RestApiId: !Ref MyRestApi + DeploymentId: !Ref TestDeployment + DocumentationVersion: "" + MethodSettings: + LoggingLevel: "OFF" \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive15.yml b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive15.yml new file mode 100644 index 00000000000..c5de550b2a9 --- /dev/null +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive15.yml @@ -0,0 +1,15 @@ +Resources: + Prod: + Type: AWS::ApiGatewayV2::Stage + Properties: + StageName: Prod + Description: Prod Stage + AccessLogSettings: + DestinationArn: "dest" + Format: "format" + RestApiId: !Ref MyRestApi + DeploymentId: !Ref TestDeployment + DocumentationVersion: "" + ApiId: "teste" + DefaultRouteSettings: + LoggingLevel: "OFF" \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive16.yml b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive16.yml new file mode 100644 index 00000000000..11ebeedb967 --- /dev/null +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive16.yml @@ -0,0 +1,11 @@ +Resources: + Prod: + Type: AWS::ApiGateway::Stage + Properties: + StageName: Prod + Description: Prod Stage + RestApiId: !Ref MyRestApi + DeploymentId: !Ref TestDeployment + DocumentationVersion: "" + MethodSettings: + LoggingLevel: "ON" \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive17.yml b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive17.yml new file mode 100644 index 00000000000..e75aeb6159b --- /dev/null +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive17.yml @@ -0,0 +1,12 @@ +Resources: + Prod: + Type: AWS::ApiGatewayV2::Stage + Properties: + StageName: Prod + Description: Prod Stage + RestApiId: !Ref MyRestApi + DeploymentId: !Ref TestDeployment + DocumentationVersion: "" + ApiId: "teste" + DefaultRouteSettings: + LoggingLevel: "ON" \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive7.json b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive7.json new file mode 100644 index 00000000000..1d2171c4ac8 --- /dev/null +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive7.json @@ -0,0 +1,19 @@ +{ + "AWSTemplateFormatVersion": "2010-09-09", + "Description": "Router53", + "Resources": { + "MyStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "Description": "Prod Stage", + "AccessLogSetting": { + "DestinationArn": "dest", + "Format": "format" + }, + "DeploymentId": "MyDeployment", + "RestApiId": "CFNWebSocket", + "StageName": "Prod" + } + } + } +} \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive8.yml b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive8.yml new file mode 100644 index 00000000000..ff2587b2c87 --- /dev/null +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive8.yml @@ -0,0 +1,12 @@ +Resources: + Prod: + Type: AWS::ApiGateway::Stage + Properties: + StageName: Prod + Description: Prod Stage + AccessLogSetting: + DestinationArn: "dest" + Format: "format" + RestApiId: !Ref MyRestApi + DeploymentId: !Ref TestDeployment + DocumentationVersion: "" \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive9.yml b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive9.yml new file mode 100644 index 00000000000..cde2ef542eb --- /dev/null +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive9.yml @@ -0,0 +1,13 @@ +Resources: + Prod: + Type: AWS::ApiGatewayV2::Stage + Properties: + StageName: Prod + Description: Prod Stage + AccessLogSettings: + DestinationArn: "dest" + Format: "format" + RestApiId: !Ref MyRestApi + DeploymentId: !Ref TestDeployment + DocumentationVersion: "" + ApiId: "teste" \ No newline at end of file From 5a3f011e4dd20d8365e999c4d819bef97a1c5e07 Mon Sep 17 00:00:00 2001 From: EduardoSemanas Date: Thu, 22 Feb 2024 17:19:02 +0000 Subject: [PATCH 09/13] Expected results updated --- .../test/positive_expected_result.json | 84 +++++++++++++++++++ 1 file changed, 84 insertions(+) diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive_expected_result.json index d9405e5ddfa..3b7143523e7 100644 --- a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive_expected_result.json @@ -34,5 +34,89 @@ "severity": "MEDIUM", "line": 6, "filename": "positive6.json" + }, + { + "queryName": "API Gateway Access Logging Disabled", + "severity": "MEDIUM", + "line": 7, + "filename": "positive7.json" + }, + { + "queryName": "API Gateway Access Logging Disabled", + "severity": "MEDIUM", + "line": 4, + "filename": "positive8.json" + }, + { + "queryName": "API Gateway Access Logging Disabled", + "severity": "MEDIUM", + "line": 4, + "filename": "positive9.json" + }, + { + "queryName": "API Gateway Access Logging Disabled", + "severity": "MEDIUM", + "line": 19, + "filename": "positive10.json" + }, + { + "queryName": "API Gateway Access Logging Disabled", + "severity": "MEDIUM", + "line": 19, + "filename": "positive10.json" + }, + { + "queryName": "API Gateway Access Logging Disabled", + "severity": "MEDIUM", + "line": 4, + "filename": "positive11.json" + }, + { + "queryName": "API Gateway Access Logging Disabled", + "severity": "MEDIUM", + "line": 13, + "filename": "positive11.json" + }, + { + "queryName": "API Gateway Access Logging Disabled", + "severity": "MEDIUM", + "line": 21, + "filename": "positive12.json" + }, + { + "queryName": "API Gateway Access Logging Disabled", + "severity": "MEDIUM", + "line": 4, + "filename": "positive13.json" + }, + { + "queryName": "API Gateway Access Logging Disabled", + "severity": "MEDIUM", + "line": 14, + "filename": "positive13.json" + }, + { + "queryName": "API Gateway Access Logging Disabled", + "severity": "MEDIUM", + "line": 14, + "filename": "positive14.json" + }, + { + "queryName": "API Gateway Access Logging Disabled", + "severity": "MEDIUM", + "line": 15, + "filename": "positive15.json" + }, + { + "queryName": "API Gateway Access Logging Disabled", + "severity": "MEDIUM", + "line": 4, + "filename": "positive16.json" + }, + { + "queryName": "API Gateway Access Logging Disabled", + "severity": "MEDIUM", + "line": 4, + "filename": "positive17.json" } ] From 4ff189806c02e56d609939a9f9a43477d465bb20 Mon Sep 17 00:00:00 2001 From: EduardoSemanas Date: Fri, 23 Feb 2024 16:50:20 +0000 Subject: [PATCH 10/13] Problem related with Yaml extensions resolved --- .../test/{positive11.yml => positive11.yaml} | 0 .../test/{positive13.yml => positive13.yaml} | 0 .../test/{positive14.yml => positive14.yaml} | 0 .../test/{positive15.yml => positive15.yaml} | 0 .../test/{positive16.yml => positive16.yaml} | 0 .../test/{positive17.yml => positive17.yaml} | 0 .../test/{positive8.yml => positive8.yaml} | 0 .../test/{positive9.yml => positive9.yaml} | 0 .../test/positive_expected_result.json | 32 +++++++++---------- 9 files changed, 16 insertions(+), 16 deletions(-) rename assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/{positive11.yml => positive11.yaml} (100%) rename assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/{positive13.yml => positive13.yaml} (100%) rename assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/{positive14.yml => positive14.yaml} (100%) rename assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/{positive15.yml => positive15.yaml} (100%) rename assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/{positive16.yml => positive16.yaml} (100%) rename assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/{positive17.yml => positive17.yaml} (100%) rename assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/{positive8.yml => positive8.yaml} (100%) rename assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/{positive9.yml => positive9.yaml} (100%) diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive11.yml b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive11.yaml similarity index 100% rename from assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive11.yml rename to assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive11.yaml diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive13.yml b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive13.yaml similarity index 100% rename from assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive13.yml rename to assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive13.yaml diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive14.yml b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive14.yaml similarity index 100% rename from assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive14.yml rename to assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive14.yaml diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive15.yml b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive15.yaml similarity index 100% rename from assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive15.yml rename to assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive15.yaml diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive16.yml b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive16.yaml similarity index 100% rename from assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive16.yml rename to assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive16.yaml diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive17.yml b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive17.yaml similarity index 100% rename from assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive17.yml rename to assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive17.yaml diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive8.yml b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive8.yaml similarity index 100% rename from assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive8.yml rename to assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive8.yaml diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive9.yml b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive9.yaml similarity index 100% rename from assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive9.yml rename to assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive9.yaml diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive_expected_result.json index 3b7143523e7..3d2c5cc87e8 100644 --- a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/positive_expected_result.json @@ -27,96 +27,96 @@ "queryName": "API Gateway Access Logging Disabled", "severity": "MEDIUM", "line": 6, - "filename": "positive5.json" + "fileName": "positive5.json" }, { "queryName": "API Gateway Access Logging Disabled", "severity": "MEDIUM", "line": 6, - "filename": "positive6.json" + "fileName": "positive6.json" }, { "queryName": "API Gateway Access Logging Disabled", "severity": "MEDIUM", "line": 7, - "filename": "positive7.json" + "fileName": "positive7.json" }, { "queryName": "API Gateway Access Logging Disabled", "severity": "MEDIUM", "line": 4, - "filename": "positive8.json" + "fileName": "positive8.yaml" }, { "queryName": "API Gateway Access Logging Disabled", "severity": "MEDIUM", "line": 4, - "filename": "positive9.json" + "fileName": "positive9.yaml" }, { "queryName": "API Gateway Access Logging Disabled", "severity": "MEDIUM", "line": 19, - "filename": "positive10.json" + "fileName": "positive10.json" }, { "queryName": "API Gateway Access Logging Disabled", "severity": "MEDIUM", "line": 19, - "filename": "positive10.json" + "fileName": "positive10.json" }, { "queryName": "API Gateway Access Logging Disabled", "severity": "MEDIUM", "line": 4, - "filename": "positive11.json" + "fileName": "positive11.yaml" }, { "queryName": "API Gateway Access Logging Disabled", "severity": "MEDIUM", "line": 13, - "filename": "positive11.json" + "fileName": "positive11.yaml" }, { "queryName": "API Gateway Access Logging Disabled", "severity": "MEDIUM", "line": 21, - "filename": "positive12.json" + "fileName": "positive12.json" }, { "queryName": "API Gateway Access Logging Disabled", "severity": "MEDIUM", "line": 4, - "filename": "positive13.json" + "fileName": "positive13.yaml" }, { "queryName": "API Gateway Access Logging Disabled", "severity": "MEDIUM", "line": 14, - "filename": "positive13.json" + "fileName": "positive13.yaml" }, { "queryName": "API Gateway Access Logging Disabled", "severity": "MEDIUM", "line": 14, - "filename": "positive14.json" + "fileName": "positive14.yaml" }, { "queryName": "API Gateway Access Logging Disabled", "severity": "MEDIUM", "line": 15, - "filename": "positive15.json" + "fileName": "positive15.yaml" }, { "queryName": "API Gateway Access Logging Disabled", "severity": "MEDIUM", "line": 4, - "filename": "positive16.json" + "fileName": "positive16.yaml" }, { "queryName": "API Gateway Access Logging Disabled", "severity": "MEDIUM", "line": 4, - "filename": "positive17.json" + "fileName": "positive17.yaml" } ] From ab1d1ee4401945a150c988faafd51743405cb285 Mon Sep 17 00:00:00 2001 From: EduardoSemanas Date: Mon, 26 Feb 2024 10:00:14 +0000 Subject: [PATCH 11/13] Negative unit tests trimmed --- .../test/negative3.json | 51 ++++++++++--------- .../test/negative4.json | 29 ----------- .../test/negative4.yml | 14 +++++ .../test/negative5.json | 29 ----------- .../test/negative6.json | 21 -------- .../test/negative7.json | 29 ----------- 6 files changed, 41 insertions(+), 132 deletions(-) delete mode 100644 assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative4.json create mode 100644 assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative4.yml delete mode 100644 assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative5.json delete mode 100644 assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative6.json delete mode 100644 assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative7.json diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative3.json b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative3.json index 6a2a685747d..9d769ca6ee0 100644 --- a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative3.json +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative3.json @@ -1,26 +1,29 @@ { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Router53", - "Resources": { - "MyStage": { - "Type": "AWS::ApiGatewayV2::Stage", - "Properties": { - "Description": "Prod Stage", - "AccessLogSettings": { - "DestinationArn": "dest", - "Format": "format" - }, - "DeploymentId": "MyDeployment", - "ApiId": "CFNWebSocket", - "DefaultRouteSettings": { - "ThrottlingBurstLimit": 10, - "ThrottlingRateLimit": 10, - "DetailedMetricsEnabled": true, - "LoggingLevel": "INFO", - "DataTraceEnabled": false - }, - "StageName": "Prod" - } + "AWSTemplateFormatVersion": "2010-09-09", + "Resources": { + "MyStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "StageName": "Prod", + "Description": "Prod Stage", + "AccessLogSetting": { + "DestinationArn": "dest", + "Format": "format" + }, + "DeploymentId": { + "Ref": "MyDeployment" + }, + "MethodSettings": { + "DetailedMetricsEnabled": true, + "LoggingLevel": "INFO", + "DataTraceEnabled": false, + "ThrottlingBurstLimit": 10, + "ThrottlingRateLimit": 10 + }, + "RestApiId": { + "Ref": "CFNWebSocket" + } + } + } } - } -} +} \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative4.json b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative4.json deleted file mode 100644 index 40ced901673..00000000000 --- a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative4.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "AWSTemplateFormatVersion": "2010-09-09", - "Resources": { - "MyStage": { - "Type": "AWS::ApiGatewayV2::Stage", - "Properties": { - "StageName": "Prod", - "Description": "Prod Stage", - "AccessLogSettings": { - "DestinationArn": "dest", - "Format": "format" - }, - "DeploymentId": { - "Ref": "MyDeployment" - }, - "ApiId": { - "Ref": "CFNWebSocket" - }, - "DefaultRouteSettings": { - "DetailedMetricsEnabled": true, - "LoggingLevel": "INFO", - "DataTraceEnabled": false, - "ThrottlingBurstLimit": 10, - "ThrottlingRateLimit": 10 - } - } - } - } -} diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative4.yml b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative4.yml new file mode 100644 index 00000000000..1785d620fae --- /dev/null +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative4.yml @@ -0,0 +1,14 @@ +Resources: + Prod: + Type: AWS::ApiGateway::Stage + Properties: + StageName: Prod + Description: Prod Stage + RestApiId: !Ref MyRestApi + DeploymentId: !Ref TestDeployment + DocumentationVersion: "" + MethodSettings: + LoggingLevel: "ON" + AccessLogSetting: + DestinationArn: "dest" + Format: "format" \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative5.json b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative5.json deleted file mode 100644 index 9d8af6a9eab..00000000000 --- a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative5.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "AWSTemplateFormatVersion": "2010-09-09", - "Resources": { - "MyStage": { - "Type": "AWS::ApiGatewayV2::Stage", - "Properties": { - "StageName": "Prod", - "Description": "Prod Stage", - "AccessLogSettings": { - "DestinationArn": "dest", - "Format": "format" - }, - "DeploymentId": { - "Ref": "MyDeployment" - }, - "ApiId": { - "Ref": "CFNWebSocket" - }, - "DefaultRouteSettings": { - "DetailedMetricsEnabled": true, - "LoggingLevel": "INFO", - "DataTraceEnabled": false, - "ThrottlingBurstLimit": 10, - "ThrottlingRateLimit": 10 - } - } - } - } -} \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative6.json b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative6.json deleted file mode 100644 index 4f0ee691a9f..00000000000 --- a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative6.json +++ /dev/null @@ -1,21 +0,0 @@ -{ - "AWSTemplateFormatVersion": "2010-09-09T00:00:00Z", - "Resources": { - "NewAmpApp-1": { - "Type": "AWS::Amplify::App", - "Properties": { - "Repository": "String", - "BasicAuthConfig": { - "Username": "admin", - "EnableBasicAuth": true - }, - "CustomHeaders": "String", - "Description": "String", - "Name": "NewAmpApp", - "BuildSpec": "String", - "EnableBranchAutoDeletion": true, - "IAMServiceRole": "String" - } - } - } -} diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative7.json b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative7.json deleted file mode 100644 index 9d769ca6ee0..00000000000 --- a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative7.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "AWSTemplateFormatVersion": "2010-09-09", - "Resources": { - "MyStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "StageName": "Prod", - "Description": "Prod Stage", - "AccessLogSetting": { - "DestinationArn": "dest", - "Format": "format" - }, - "DeploymentId": { - "Ref": "MyDeployment" - }, - "MethodSettings": { - "DetailedMetricsEnabled": true, - "LoggingLevel": "INFO", - "DataTraceEnabled": false, - "ThrottlingBurstLimit": 10, - "ThrottlingRateLimit": 10 - }, - "RestApiId": { - "Ref": "CFNWebSocket" - } - } - } - } -} \ No newline at end of file From 0b4914e0da875a329f2e4f63a59ed74c938685e4 Mon Sep 17 00:00:00 2001 From: EduardoSemanas Date: Mon, 26 Feb 2024 10:21:55 +0000 Subject: [PATCH 12/13] Corrected new neagative unti test extension --- .../test/{negative4.yml => negative4.yaml} | 0 test/main_test.go | 10 +++++----- 2 files changed, 5 insertions(+), 5 deletions(-) rename assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/{negative4.yml => negative4.yaml} (100%) diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative4.yml b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative4.yaml similarity index 100% rename from assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative4.yml rename to assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative4.yaml diff --git a/test/main_test.go b/test/main_test.go index c748caba8a7..7b2ab472916 100644 --- a/test/main_test.go +++ b/test/main_test.go @@ -30,7 +30,7 @@ import ( var ( queriesPaths = map[string]model.QueryConfig{ - "../assets/queries/terraform/aws_bom": {FileKind: []model.FileKind{model.KindTerraform, model.KindJSON}, Platform: "terraform"}, + /* "../assets/queries/terraform/aws_bom": {FileKind: []model.FileKind{model.KindTerraform, model.KindJSON}, Platform: "terraform"}, "../assets/queries/terraform/aws": {FileKind: []model.FileKind{model.KindTerraform, model.KindJSON}, Platform: "terraform"}, "../assets/queries/terraform/azure": {FileKind: []model.FileKind{model.KindTerraform, model.KindJSON}, Platform: "terraform"}, "../assets/queries/terraform/databricks": {FileKind: []model.FileKind{model.KindTerraform, model.KindJSON}, Platform: "terraform"}, @@ -48,9 +48,9 @@ var ( "../assets/queries/pulumi/gcp": {FileKind: []model.FileKind{model.KindYAML}, Platform: "pulumi"}, "../assets/queries/pulumi/kubernetes": {FileKind: []model.FileKind{model.KindYAML}, Platform: "pulumi"}, "../assets/queries/pulumi/azure": {FileKind: []model.FileKind{model.KindYAML}, Platform: "pulumi"}, - "../assets/queries/k8s": {FileKind: []model.FileKind{model.KindYAML, model.KindJSON}, Platform: "k8s"}, - "../assets/queries/cloudFormation/aws": {FileKind: []model.FileKind{model.KindYAML, model.KindJSON}, Platform: "cloudFormation"}, - "../assets/queries/cloudFormation/aws_bom": {FileKind: []model.FileKind{model.KindYAML, model.KindJSON}, Platform: "cloudFormation"}, + "../assets/queries/k8s": {FileKind: []model.FileKind{model.KindYAML, model.KindJSON}, Platform: "k8s"}, */ + "../assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled": {FileKind: []model.FileKind{model.KindYAML, model.KindJSON}, Platform: "cloudFormation"}, + /* "../assets/queries/cloudFormation/aws_bom": {FileKind: []model.FileKind{model.KindYAML, model.KindJSON}, Platform: "cloudFormation"}, "../assets/queries/cloudFormation/aws_sam": {FileKind: []model.FileKind{model.KindYAML}, Platform: "cloudFormation"}, "../assets/queries/ansible/aws": {FileKind: []model.FileKind{model.KindYAML}, Platform: "ansible"}, "../assets/queries/ansible/gcp": {FileKind: []model.FileKind{model.KindYAML}, Platform: "ansible"}, @@ -70,7 +70,7 @@ var ( "../assets/queries/buildah": {FileKind: []model.FileKind{model.KindBUILDAH}, Platform: "buildah"}, "../assets/queries/serverlessFW": {FileKind: []model.FileKind{model.KindYAML, model.KindYML}, Platform: "serverlessFW"}, "../assets/queries/knative": {FileKind: []model.FileKind{model.KindYAML}, Platform: "knative"}, - "../assets/queries/cicd/github": {FileKind: []model.FileKind{model.KindYAML}, Platform: "cicd"}, + "../assets/queries/cicd/github": {FileKind: []model.FileKind{model.KindYAML}, Platform: "cicd"}, */ } issueTypes = map[string]string{ From 1af7c1fb0a9b4c4d1c3d322c2dfca7549757d9e8 Mon Sep 17 00:00:00 2001 From: EduardoSemanas Date: Mon, 26 Feb 2024 10:23:39 +0000 Subject: [PATCH 13/13] Mani_test corrected --- test/main_test.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/test/main_test.go b/test/main_test.go index 7b2ab472916..c748caba8a7 100644 --- a/test/main_test.go +++ b/test/main_test.go @@ -30,7 +30,7 @@ import ( var ( queriesPaths = map[string]model.QueryConfig{ - /* "../assets/queries/terraform/aws_bom": {FileKind: []model.FileKind{model.KindTerraform, model.KindJSON}, Platform: "terraform"}, + "../assets/queries/terraform/aws_bom": {FileKind: []model.FileKind{model.KindTerraform, model.KindJSON}, Platform: "terraform"}, "../assets/queries/terraform/aws": {FileKind: []model.FileKind{model.KindTerraform, model.KindJSON}, Platform: "terraform"}, "../assets/queries/terraform/azure": {FileKind: []model.FileKind{model.KindTerraform, model.KindJSON}, Platform: "terraform"}, "../assets/queries/terraform/databricks": {FileKind: []model.FileKind{model.KindTerraform, model.KindJSON}, Platform: "terraform"}, @@ -48,9 +48,9 @@ var ( "../assets/queries/pulumi/gcp": {FileKind: []model.FileKind{model.KindYAML}, Platform: "pulumi"}, "../assets/queries/pulumi/kubernetes": {FileKind: []model.FileKind{model.KindYAML}, Platform: "pulumi"}, "../assets/queries/pulumi/azure": {FileKind: []model.FileKind{model.KindYAML}, Platform: "pulumi"}, - "../assets/queries/k8s": {FileKind: []model.FileKind{model.KindYAML, model.KindJSON}, Platform: "k8s"}, */ - "../assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled": {FileKind: []model.FileKind{model.KindYAML, model.KindJSON}, Platform: "cloudFormation"}, - /* "../assets/queries/cloudFormation/aws_bom": {FileKind: []model.FileKind{model.KindYAML, model.KindJSON}, Platform: "cloudFormation"}, + "../assets/queries/k8s": {FileKind: []model.FileKind{model.KindYAML, model.KindJSON}, Platform: "k8s"}, + "../assets/queries/cloudFormation/aws": {FileKind: []model.FileKind{model.KindYAML, model.KindJSON}, Platform: "cloudFormation"}, + "../assets/queries/cloudFormation/aws_bom": {FileKind: []model.FileKind{model.KindYAML, model.KindJSON}, Platform: "cloudFormation"}, "../assets/queries/cloudFormation/aws_sam": {FileKind: []model.FileKind{model.KindYAML}, Platform: "cloudFormation"}, "../assets/queries/ansible/aws": {FileKind: []model.FileKind{model.KindYAML}, Platform: "ansible"}, "../assets/queries/ansible/gcp": {FileKind: []model.FileKind{model.KindYAML}, Platform: "ansible"}, @@ -70,7 +70,7 @@ var ( "../assets/queries/buildah": {FileKind: []model.FileKind{model.KindBUILDAH}, Platform: "buildah"}, "../assets/queries/serverlessFW": {FileKind: []model.FileKind{model.KindYAML, model.KindYML}, Platform: "serverlessFW"}, "../assets/queries/knative": {FileKind: []model.FileKind{model.KindYAML}, Platform: "knative"}, - "../assets/queries/cicd/github": {FileKind: []model.FileKind{model.KindYAML}, Platform: "cicd"}, */ + "../assets/queries/cicd/github": {FileKind: []model.FileKind{model.KindYAML}, Platform: "cicd"}, } issueTypes = map[string]string{