From 2cd55cd5cdfa6492e5e29e6cabae5f4f5a843fa6 Mon Sep 17 00:00:00 2001 From: Artur Ribeiro Date: Sat, 29 Jun 2024 23:08:45 +0100 Subject: [PATCH 1/8] add cwe infos to all ARM queries --- .../account_admins_not_notified_by_email/metadata.json | 2 +- .../aks_cluster_network_policy_not_configured/metadata.json | 2 +- .../aks_cluster_rbac_disabled/metadata.json | 2 +- .../azureResourceManager/aks_dashboard_enabled/metadata.json | 2 +- .../aks_logging_azure_monitoring_disabled/metadata.json | 2 +- .../aks_with_authorized_ip_ranges_disabled/metadata.json | 2 +- .../app_service_authentication_not_set/metadata.json | 2 +- .../azure_instance_using_basic_authentication/metadata.json | 2 +- .../azure_managed_disk_without_encryption/metadata.json | 2 +- .../metadata.json | 2 +- .../email_notifications_set_off/metadata.json | 2 +- .../metadata.json | 2 +- .../key_vault_not_recoverable/metadata.json | 2 +- .../log_profile_incorrect_category/metadata.json | 2 +- .../mysql_server_ssl_enforcement_disabled/metadata.json | 2 +- .../metadata.json | 2 +- .../metadata.json | 2 +- .../phone_number_not_set_security_contacts/metadata.json | 2 +- .../metadata.json | 2 +- .../postgres_sql_server_log_checkpoint_disabled/metadata.json | 2 +- .../metadata.json | 2 +- .../postgres_sql_server_ssl_disabled/metadata.json | 2 +- .../metadata.json | 2 +- .../secret_without_expiration_date/metadata.json | 2 +- .../sql_alert_policy_without_emails/metadata.json | 2 +- .../sql_database_server_firewall_allows_all_ips/metadata.json | 2 +- .../sql_server_database_with_alerts_disabled/metadata.json | 2 +- .../sql_server_database_with_low_retention_days/metadata.json | 2 +- .../sql_server_database_without_auditing/metadata.json | 2 +- .../standard_price_not_selected/metadata.json | 2 +- .../metadata.json | 2 +- .../storage_account_allows_unsecure_transfer/metadata.json | 2 +- .../metadata.json | 2 +- .../metadata.json | 2 +- .../trusted_microsoft_services_not_enabled/metadata.json | 2 +- .../unrecommended_log_profile_retention_policy/metadata.json | 2 +- .../metadata.json | 2 +- .../web_app_not_using_tls_last_version/metadata.json | 2 +- .../website_azure_active_directory_disabled/metadata.json | 4 ++-- .../website_not_forcing_https/metadata.json | 2 +- .../metadata.json | 2 +- .../website_with_http20enabled_disabled/metadata.json | 2 +- 42 files changed, 43 insertions(+), 43 deletions(-) diff --git a/assets/queries/azureResourceManager/account_admins_not_notified_by_email/metadata.json b/assets/queries/azureResourceManager/account_admins_not_notified_by_email/metadata.json index 1fdb448a6c1..1af5f42d262 100644 --- a/assets/queries/azureResourceManager/account_admins_not_notified_by_email/metadata.json +++ b/assets/queries/azureResourceManager/account_admins_not_notified_by_email/metadata.json @@ -8,5 +8,5 @@ "platform": "AzureResourceManager", "descriptionID": "f7c29c0d", "cloudProvider": "azure", - "cwe": "" + "cwe": "778" } \ No newline at end of file diff --git a/assets/queries/azureResourceManager/aks_cluster_network_policy_not_configured/metadata.json b/assets/queries/azureResourceManager/aks_cluster_network_policy_not_configured/metadata.json index bb7758861a5..2686d6d548f 100644 --- a/assets/queries/azureResourceManager/aks_cluster_network_policy_not_configured/metadata.json +++ b/assets/queries/azureResourceManager/aks_cluster_network_policy_not_configured/metadata.json @@ -8,5 +8,5 @@ "platform": "AzureResourceManager", "descriptionID": "25c0df8e", "cloudProvider": "azure", - "cwe": "" + "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/azureResourceManager/aks_cluster_rbac_disabled/metadata.json b/assets/queries/azureResourceManager/aks_cluster_rbac_disabled/metadata.json index 9cbce0d419b..577ac39b90d 100644 --- a/assets/queries/azureResourceManager/aks_cluster_rbac_disabled/metadata.json +++ b/assets/queries/azureResourceManager/aks_cluster_rbac_disabled/metadata.json @@ -8,6 +8,6 @@ "platform": "AzureResourceManager", "descriptionID": "b07ac0d6", "cloudProvider": "azure", - "cwe": "", + "cwe": "287", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/azureResourceManager/aks_dashboard_enabled/metadata.json b/assets/queries/azureResourceManager/aks_dashboard_enabled/metadata.json index 4cc14b5ff0b..cf8b5d38573 100644 --- a/assets/queries/azureResourceManager/aks_dashboard_enabled/metadata.json +++ b/assets/queries/azureResourceManager/aks_dashboard_enabled/metadata.json @@ -8,5 +8,5 @@ "platform": "AzureResourceManager", "descriptionID": "c12d3b42", "cloudProvider": "azure", - "cwe": "" + "cwe": "200" } \ No newline at end of file diff --git a/assets/queries/azureResourceManager/aks_logging_azure_monitoring_disabled/metadata.json b/assets/queries/azureResourceManager/aks_logging_azure_monitoring_disabled/metadata.json index f8628ff49a0..2923a1f1119 100644 --- a/assets/queries/azureResourceManager/aks_logging_azure_monitoring_disabled/metadata.json +++ b/assets/queries/azureResourceManager/aks_logging_azure_monitoring_disabled/metadata.json @@ -8,5 +8,5 @@ "platform": "AzureResourceManager", "descriptionID": "9b09c3e1", "cloudProvider": "azure", - "cwe": "" + "cwe": "778" } \ No newline at end of file diff --git a/assets/queries/azureResourceManager/aks_with_authorized_ip_ranges_disabled/metadata.json b/assets/queries/azureResourceManager/aks_with_authorized_ip_ranges_disabled/metadata.json index 82e49ee7438..0478fbdbb9e 100644 --- a/assets/queries/azureResourceManager/aks_with_authorized_ip_ranges_disabled/metadata.json +++ b/assets/queries/azureResourceManager/aks_with_authorized_ip_ranges_disabled/metadata.json @@ -8,6 +8,6 @@ "platform": "AzureResourceManager", "descriptionID": "258efab1", "cloudProvider": "azure", - "cwe": "", + "cwe": "284", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/azureResourceManager/app_service_authentication_not_set/metadata.json b/assets/queries/azureResourceManager/app_service_authentication_not_set/metadata.json index 37e02eea294..57db3d9eb77 100644 --- a/assets/queries/azureResourceManager/app_service_authentication_not_set/metadata.json +++ b/assets/queries/azureResourceManager/app_service_authentication_not_set/metadata.json @@ -8,6 +8,6 @@ "platform": "AzureResourceManager", "descriptionID": "831efa07", "cloudProvider": "azure", - "cwe": "", + "cwe": "778", "oldSeverity": "INFO" } \ No newline at end of file diff --git a/assets/queries/azureResourceManager/azure_instance_using_basic_authentication/metadata.json b/assets/queries/azureResourceManager/azure_instance_using_basic_authentication/metadata.json index 4056150f4ee..14ec9513fce 100644 --- a/assets/queries/azureResourceManager/azure_instance_using_basic_authentication/metadata.json +++ b/assets/queries/azureResourceManager/azure_instance_using_basic_authentication/metadata.json @@ -8,6 +8,6 @@ "platform": "AzureResourceManager", "descriptionID": "98ba05ca", "cloudProvider": "azure", - "cwe": "", + "cwe": "522", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/azureResourceManager/azure_managed_disk_without_encryption/metadata.json b/assets/queries/azureResourceManager/azure_managed_disk_without_encryption/metadata.json index 434804d37eb..ff86f3ecde8 100644 --- a/assets/queries/azureResourceManager/azure_managed_disk_without_encryption/metadata.json +++ b/assets/queries/azureResourceManager/azure_managed_disk_without_encryption/metadata.json @@ -8,5 +8,5 @@ "platform": "AzureResourceManager", "descriptionID": "e2fa6cda", "cloudProvider": "azure", - "cwe": "" + "cwe": "311" } \ No newline at end of file diff --git a/assets/queries/azureResourceManager/default_azure_storage_account_network_access_is_too_permissive/metadata.json b/assets/queries/azureResourceManager/default_azure_storage_account_network_access_is_too_permissive/metadata.json index ff940d0744a..5203ccbcc3f 100644 --- a/assets/queries/azureResourceManager/default_azure_storage_account_network_access_is_too_permissive/metadata.json +++ b/assets/queries/azureResourceManager/default_azure_storage_account_network_access_is_too_permissive/metadata.json @@ -8,6 +8,6 @@ "platform": "AzureResourceManager", "descriptionID": "d855ced8", "cloudProvider": "azure", - "cwe": "", + "cwe": "284", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/azureResourceManager/email_notifications_set_off/metadata.json b/assets/queries/azureResourceManager/email_notifications_set_off/metadata.json index df5f10b41d3..7a8dd768da1 100644 --- a/assets/queries/azureResourceManager/email_notifications_set_off/metadata.json +++ b/assets/queries/azureResourceManager/email_notifications_set_off/metadata.json @@ -9,5 +9,5 @@ "descriptionID": "7f5b9ef4", "aggregation": 2, "cloudProvider": "azure", - "cwe": "" + "cwe": "778" } \ No newline at end of file diff --git a/assets/queries/azureResourceManager/hardcoded_securestring_parameter_default_value/metadata.json b/assets/queries/azureResourceManager/hardcoded_securestring_parameter_default_value/metadata.json index 5829abb5287..6bb722d2c01 100644 --- a/assets/queries/azureResourceManager/hardcoded_securestring_parameter_default_value/metadata.json +++ b/assets/queries/azureResourceManager/hardcoded_securestring_parameter_default_value/metadata.json @@ -8,6 +8,6 @@ "platform": "AzureResourceManager", "descriptionID": "a7bb7cb1", "cloudProvider": "azure", - "cwe": "", + "cwe": "798", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/azureResourceManager/key_vault_not_recoverable/metadata.json b/assets/queries/azureResourceManager/key_vault_not_recoverable/metadata.json index 0065871ee44..83a81469340 100644 --- a/assets/queries/azureResourceManager/key_vault_not_recoverable/metadata.json +++ b/assets/queries/azureResourceManager/key_vault_not_recoverable/metadata.json @@ -8,5 +8,5 @@ "platform": "AzureResourceManager", "descriptionID": "8e3ca202", "cloudProvider": "azure", - "cwe": "" + "cwe": "530" } \ No newline at end of file diff --git a/assets/queries/azureResourceManager/log_profile_incorrect_category/metadata.json b/assets/queries/azureResourceManager/log_profile_incorrect_category/metadata.json index 26cb70d0834..4fc2c5c151d 100644 --- a/assets/queries/azureResourceManager/log_profile_incorrect_category/metadata.json +++ b/assets/queries/azureResourceManager/log_profile_incorrect_category/metadata.json @@ -8,6 +8,6 @@ "platform": "AzureResourceManager", "descriptionID": "ead4e0f2", "cloudProvider": "azure", - "cwe": "", + "cwe": "778", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/azureResourceManager/mysql_server_ssl_enforcement_disabled/metadata.json b/assets/queries/azureResourceManager/mysql_server_ssl_enforcement_disabled/metadata.json index af22b94c0e9..e626ae7643e 100644 --- a/assets/queries/azureResourceManager/mysql_server_ssl_enforcement_disabled/metadata.json +++ b/assets/queries/azureResourceManager/mysql_server_ssl_enforcement_disabled/metadata.json @@ -8,6 +8,6 @@ "platform": "AzureResourceManager", "descriptionID": "69fea5b1", "cloudProvider": "azure", - "cwe": "", + "cwe": "319", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/azureResourceManager/network_security_group_with_unrestricted_access_to_rdp/metadata.json b/assets/queries/azureResourceManager/network_security_group_with_unrestricted_access_to_rdp/metadata.json index 96626feb9bb..c3f8ea9ec06 100644 --- a/assets/queries/azureResourceManager/network_security_group_with_unrestricted_access_to_rdp/metadata.json +++ b/assets/queries/azureResourceManager/network_security_group_with_unrestricted_access_to_rdp/metadata.json @@ -8,5 +8,5 @@ "platform": "AzureResourceManager", "descriptionID": "e09bde32", "cloudProvider": "azure", - "cwe": "" + "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/azureResourceManager/network_security_group_with_unrestricted_access_to_ssh/metadata.json b/assets/queries/azureResourceManager/network_security_group_with_unrestricted_access_to_ssh/metadata.json index 385ac1cd466..96af678ba1a 100644 --- a/assets/queries/azureResourceManager/network_security_group_with_unrestricted_access_to_ssh/metadata.json +++ b/assets/queries/azureResourceManager/network_security_group_with_unrestricted_access_to_ssh/metadata.json @@ -8,6 +8,6 @@ "platform": "AzureResourceManager", "descriptionID": "97b6233c", "cloudProvider": "azure", - "cwe": "", + "cwe": "284", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/azureResourceManager/phone_number_not_set_security_contacts/metadata.json b/assets/queries/azureResourceManager/phone_number_not_set_security_contacts/metadata.json index e1277aa90c2..b6845503bff 100644 --- a/assets/queries/azureResourceManager/phone_number_not_set_security_contacts/metadata.json +++ b/assets/queries/azureResourceManager/phone_number_not_set_security_contacts/metadata.json @@ -8,5 +8,5 @@ "platform": "AzureResourceManager", "descriptionID": "8b9ef792", "cloudProvider": "azure", - "cwe": "" + "cwe": "778" } \ No newline at end of file diff --git a/assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/metadata.json b/assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/metadata.json index 3c6b7edcc46..7c8dd6ff072 100644 --- a/assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/metadata.json +++ b/assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/metadata.json @@ -8,5 +8,5 @@ "platform": "AzureResourceManager", "descriptionID": "2eb0e3a8", "cloudProvider": "azure", - "cwe": "" + "cwe": "770" } \ No newline at end of file diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/metadata.json b/assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/metadata.json index 7daf22d4659..ea6dabe8b15 100644 --- a/assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/metadata.json +++ b/assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/metadata.json @@ -8,5 +8,5 @@ "platform": "AzureResourceManager", "descriptionID": "be873a2e", "cloudProvider": "azure", - "cwe": "" + "cwe": "778" } \ No newline at end of file diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/metadata.json b/assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/metadata.json index 77418c6d773..f8874a3990d 100644 --- a/assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/metadata.json +++ b/assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/metadata.json @@ -8,5 +8,5 @@ "platform": "AzureResourceManager", "descriptionID": "3769181b", "cloudProvider": "azure", - "cwe": "" + "cwe": "778" } \ No newline at end of file diff --git a/assets/queries/azureResourceManager/postgres_sql_server_ssl_disabled/metadata.json b/assets/queries/azureResourceManager/postgres_sql_server_ssl_disabled/metadata.json index b269a300ab1..de563ccccb1 100644 --- a/assets/queries/azureResourceManager/postgres_sql_server_ssl_disabled/metadata.json +++ b/assets/queries/azureResourceManager/postgres_sql_server_ssl_disabled/metadata.json @@ -8,6 +8,6 @@ "platform": "AzureResourceManager", "descriptionID": "67cfaa3b", "cloudProvider": "azure", - "cwe": "", + "cwe": "319", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/azureResourceManager/role_definitions_allow_custom_subscription_role_creation/metadata.json b/assets/queries/azureResourceManager/role_definitions_allow_custom_subscription_role_creation/metadata.json index 57a8ac5a59e..f1bbe575761 100644 --- a/assets/queries/azureResourceManager/role_definitions_allow_custom_subscription_role_creation/metadata.json +++ b/assets/queries/azureResourceManager/role_definitions_allow_custom_subscription_role_creation/metadata.json @@ -8,6 +8,6 @@ "platform": "AzureResourceManager", "descriptionID": "7d8860a5", "cloudProvider": "azure", - "cwe": "", + "cwe": "266", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/azureResourceManager/secret_without_expiration_date/metadata.json b/assets/queries/azureResourceManager/secret_without_expiration_date/metadata.json index c723e376a27..35b42e74010 100644 --- a/assets/queries/azureResourceManager/secret_without_expiration_date/metadata.json +++ b/assets/queries/azureResourceManager/secret_without_expiration_date/metadata.json @@ -8,6 +8,6 @@ "platform": "AzureResourceManager", "descriptionID": "bb5f96a2", "cloudProvider": "azure", - "cwe": "", + "cwe": "1390", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/azureResourceManager/sql_alert_policy_without_emails/metadata.json b/assets/queries/azureResourceManager/sql_alert_policy_without_emails/metadata.json index 6a00031c278..110077640e6 100644 --- a/assets/queries/azureResourceManager/sql_alert_policy_without_emails/metadata.json +++ b/assets/queries/azureResourceManager/sql_alert_policy_without_emails/metadata.json @@ -8,5 +8,5 @@ "platform": "AzureResourceManager", "descriptionID": "3b84ba2d", "cloudProvider": "azure", - "cwe": "" + "cwe": "778" } \ No newline at end of file diff --git a/assets/queries/azureResourceManager/sql_database_server_firewall_allows_all_ips/metadata.json b/assets/queries/azureResourceManager/sql_database_server_firewall_allows_all_ips/metadata.json index bdddf9653f6..fc2f6d9245a 100644 --- a/assets/queries/azureResourceManager/sql_database_server_firewall_allows_all_ips/metadata.json +++ b/assets/queries/azureResourceManager/sql_database_server_firewall_allows_all_ips/metadata.json @@ -8,6 +8,6 @@ "platform": "AzureResourceManager", "descriptionID": "6664d4d6", "cloudProvider": "azure", - "cwe": "", + "cwe": "284", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/azureResourceManager/sql_server_database_with_alerts_disabled/metadata.json b/assets/queries/azureResourceManager/sql_server_database_with_alerts_disabled/metadata.json index 0c992a4c26f..33e22adbca7 100644 --- a/assets/queries/azureResourceManager/sql_server_database_with_alerts_disabled/metadata.json +++ b/assets/queries/azureResourceManager/sql_server_database_with_alerts_disabled/metadata.json @@ -8,5 +8,5 @@ "platform": "AzureResourceManager", "descriptionID": "e8a4e321", "cloudProvider": "azure", - "cwe": "" + "cwe": "778" } \ No newline at end of file diff --git a/assets/queries/azureResourceManager/sql_server_database_with_low_retention_days/metadata.json b/assets/queries/azureResourceManager/sql_server_database_with_low_retention_days/metadata.json index e7411c29edb..171c56e7877 100644 --- a/assets/queries/azureResourceManager/sql_server_database_with_low_retention_days/metadata.json +++ b/assets/queries/azureResourceManager/sql_server_database_with_low_retention_days/metadata.json @@ -8,6 +8,6 @@ "platform": "AzureResourceManager", "descriptionID": "7867ae74", "cloudProvider": "azure", - "cwe": "", + "cwe": "778", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/azureResourceManager/sql_server_database_without_auditing/metadata.json b/assets/queries/azureResourceManager/sql_server_database_without_auditing/metadata.json index 9fec0054fd8..c7832107476 100644 --- a/assets/queries/azureResourceManager/sql_server_database_without_auditing/metadata.json +++ b/assets/queries/azureResourceManager/sql_server_database_without_auditing/metadata.json @@ -8,5 +8,5 @@ "platform": "AzureResourceManager", "descriptionID": "16d077a1", "cloudProvider": "azure", - "cwe": "" + "cwe": "778" } \ No newline at end of file diff --git a/assets/queries/azureResourceManager/standard_price_not_selected/metadata.json b/assets/queries/azureResourceManager/standard_price_not_selected/metadata.json index b10e68aa97f..bbaabff18f1 100644 --- a/assets/queries/azureResourceManager/standard_price_not_selected/metadata.json +++ b/assets/queries/azureResourceManager/standard_price_not_selected/metadata.json @@ -8,6 +8,6 @@ "platform": "AzureResourceManager", "descriptionID": "2081c7dc", "cloudProvider": "azure", - "cwe": "", + "cwe": "732", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/azureResourceManager/storage_account_allows_network_default_access/metadata.json b/assets/queries/azureResourceManager/storage_account_allows_network_default_access/metadata.json index 45f8cafdb6d..6173ab6d26d 100644 --- a/assets/queries/azureResourceManager/storage_account_allows_network_default_access/metadata.json +++ b/assets/queries/azureResourceManager/storage_account_allows_network_default_access/metadata.json @@ -8,5 +8,5 @@ "platform": "AzureResourceManager", "descriptionID": "6ae0507e", "cloudProvider": "azure", - "cwe": "" + "cwe": "319" } \ No newline at end of file diff --git a/assets/queries/azureResourceManager/storage_account_allows_unsecure_transfer/metadata.json b/assets/queries/azureResourceManager/storage_account_allows_unsecure_transfer/metadata.json index f888e42c2e0..78a1d71bff5 100644 --- a/assets/queries/azureResourceManager/storage_account_allows_unsecure_transfer/metadata.json +++ b/assets/queries/azureResourceManager/storage_account_allows_unsecure_transfer/metadata.json @@ -8,6 +8,6 @@ "platform": "AzureResourceManager", "descriptionID": "f87b26ea", "cloudProvider": "azure", - "cwe": "", + "cwe": "319", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/azureResourceManager/storage_blob_service_container_with_public_access/metadata.json b/assets/queries/azureResourceManager/storage_blob_service_container_with_public_access/metadata.json index 77503c4387e..bf6d923107c 100644 --- a/assets/queries/azureResourceManager/storage_blob_service_container_with_public_access/metadata.json +++ b/assets/queries/azureResourceManager/storage_blob_service_container_with_public_access/metadata.json @@ -8,5 +8,5 @@ "platform": "AzureResourceManager", "descriptionID": "49e52e15", "cloudProvider": "azure", - "cwe": "" + "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/azureResourceManager/storage_logging_for_read_write_delete_requests_disabled/metadata.json b/assets/queries/azureResourceManager/storage_logging_for_read_write_delete_requests_disabled/metadata.json index 0f985498cda..10985d173f8 100644 --- a/assets/queries/azureResourceManager/storage_logging_for_read_write_delete_requests_disabled/metadata.json +++ b/assets/queries/azureResourceManager/storage_logging_for_read_write_delete_requests_disabled/metadata.json @@ -8,5 +8,5 @@ "platform": "AzureResourceManager", "descriptionID": "83fa7bb6", "cloudProvider": "azure", - "cwe": "" + "cwe": "778" } \ No newline at end of file diff --git a/assets/queries/azureResourceManager/trusted_microsoft_services_not_enabled/metadata.json b/assets/queries/azureResourceManager/trusted_microsoft_services_not_enabled/metadata.json index 0e103afc307..e77251a7d64 100644 --- a/assets/queries/azureResourceManager/trusted_microsoft_services_not_enabled/metadata.json +++ b/assets/queries/azureResourceManager/trusted_microsoft_services_not_enabled/metadata.json @@ -8,6 +8,6 @@ "platform": "AzureResourceManager", "descriptionID": "88ca11b3", "cloudProvider": "azure", - "cwe": "", + "cwe": "284", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/azureResourceManager/unrecommended_log_profile_retention_policy/metadata.json b/assets/queries/azureResourceManager/unrecommended_log_profile_retention_policy/metadata.json index c8479a59e8d..51ecd397dde 100644 --- a/assets/queries/azureResourceManager/unrecommended_log_profile_retention_policy/metadata.json +++ b/assets/queries/azureResourceManager/unrecommended_log_profile_retention_policy/metadata.json @@ -8,6 +8,6 @@ "platform": "AzureResourceManager", "descriptionID": "f5d9a1fc", "cloudProvider": "azure", - "cwe": "", + "cwe": "778", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/azureResourceManager/unrecommended_network_watcher_flow_log_retention_policy/metadata.json b/assets/queries/azureResourceManager/unrecommended_network_watcher_flow_log_retention_policy/metadata.json index 1141eb0e781..cedd983274b 100644 --- a/assets/queries/azureResourceManager/unrecommended_network_watcher_flow_log_retention_policy/metadata.json +++ b/assets/queries/azureResourceManager/unrecommended_network_watcher_flow_log_retention_policy/metadata.json @@ -8,6 +8,6 @@ "platform": "AzureResourceManager", "descriptionID": "71ce9f8c", "cloudProvider": "azure", - "cwe": "", + "cwe": "778", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/azureResourceManager/web_app_not_using_tls_last_version/metadata.json b/assets/queries/azureResourceManager/web_app_not_using_tls_last_version/metadata.json index 58b76cf69d1..60113855595 100644 --- a/assets/queries/azureResourceManager/web_app_not_using_tls_last_version/metadata.json +++ b/assets/queries/azureResourceManager/web_app_not_using_tls_last_version/metadata.json @@ -8,6 +8,6 @@ "platform": "AzureResourceManager", "descriptionID": "1a442064", "cloudProvider": "azure", - "cwe": "", + "cwe": "327", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/azureResourceManager/website_azure_active_directory_disabled/metadata.json b/assets/queries/azureResourceManager/website_azure_active_directory_disabled/metadata.json index 85c32052a59..521b9ecf9e1 100644 --- a/assets/queries/azureResourceManager/website_azure_active_directory_disabled/metadata.json +++ b/assets/queries/azureResourceManager/website_azure_active_directory_disabled/metadata.json @@ -3,10 +3,10 @@ "queryName": "Website Azure Active Directory Disabled", "severity": "LOW", "category": "Access Control", - "descriptionText": "WebApp should have Azure Active Directory enabled with 'identity.type' set to 'SystemAssigned' or 'userAssignedIdentities' set to 'true'", + "descriptionText": "WebApp should have Azure Active Directory enabled with 'identity.type' set to 'SystemAssigned' or 'userAssignedIdentities' set to 'true'", "descriptionUrl": "https://docs.microsoft.com/en-us/azure/templates/microsoft.web/2019-08-01/sites?tabs=json#ManagedServiceIdentity", "platform": "AzureResourceManager", "descriptionID": "f50ec4cb", "cloudProvider": "azure", - "cwe": "" + "cwe": "287" } \ No newline at end of file diff --git a/assets/queries/azureResourceManager/website_not_forcing_https/metadata.json b/assets/queries/azureResourceManager/website_not_forcing_https/metadata.json index 4ea7b68e22f..b376722a6ed 100644 --- a/assets/queries/azureResourceManager/website_not_forcing_https/metadata.json +++ b/assets/queries/azureResourceManager/website_not_forcing_https/metadata.json @@ -8,6 +8,6 @@ "platform": "AzureResourceManager", "descriptionID": "3af52329", "cloudProvider": "azure", - "cwe": "", + "cwe": "319", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/azureResourceManager/website_with_client_certificate_auth_disabled/metadata.json b/assets/queries/azureResourceManager/website_with_client_certificate_auth_disabled/metadata.json index 42b3f436c68..f5c85295b52 100644 --- a/assets/queries/azureResourceManager/website_with_client_certificate_auth_disabled/metadata.json +++ b/assets/queries/azureResourceManager/website_with_client_certificate_auth_disabled/metadata.json @@ -8,6 +8,6 @@ "platform": "AzureResourceManager", "descriptionID": "1b3c50da", "cloudProvider": "azure", - "cwe": "", + "cwe": "287", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/azureResourceManager/website_with_http20enabled_disabled/metadata.json b/assets/queries/azureResourceManager/website_with_http20enabled_disabled/metadata.json index 81dbfe45e99..c03f28a694f 100644 --- a/assets/queries/azureResourceManager/website_with_http20enabled_disabled/metadata.json +++ b/assets/queries/azureResourceManager/website_with_http20enabled_disabled/metadata.json @@ -8,5 +8,5 @@ "platform": "AzureResourceManager", "descriptionID": "e0cdbc75", "cloudProvider": "azure", - "cwe": "" + "cwe": "757" } \ No newline at end of file From 0a2c05a2b7dd88b06b2de9351b9bdf0c0d0569e4 Mon Sep 17 00:00:00 2001 From: Artur Ribeiro Date: Sat, 29 Jun 2024 23:49:59 +0100 Subject: [PATCH 2/8] update e2e with cwe field --- e2e/fixtures/E2E_CLI_077_RESULT.json | 1 + e2e/fixtures/E2E_CLI_081_RESULT.json | 1 + e2e/fixtures/E2E_CLI_091_RESULT.json | 1 + 3 files changed, 3 insertions(+) diff --git a/e2e/fixtures/E2E_CLI_077_RESULT.json b/e2e/fixtures/E2E_CLI_077_RESULT.json index 60bf7acdced..f0394339704 100644 --- a/e2e/fixtures/E2E_CLI_077_RESULT.json +++ b/e2e/fixtures/E2E_CLI_077_RESULT.json @@ -32,6 +32,7 @@ "query_url": "https://docs.microsoft.com/en-us/azure/templates/microsoft.web/sites?tabs=json#siteproperties-object", "severity": "MEDIUM", "platform": "AzureResourceManager", + "cwe": "319", "cloud_provider": "AZURE", "category": "Insecure Configurations", "experimental": false, diff --git a/e2e/fixtures/E2E_CLI_081_RESULT.json b/e2e/fixtures/E2E_CLI_081_RESULT.json index a8e45c05917..6dc33b20475 100644 --- a/e2e/fixtures/E2E_CLI_081_RESULT.json +++ b/e2e/fixtures/E2E_CLI_081_RESULT.json @@ -32,6 +32,7 @@ "query_url": "https://docs.microsoft.com/en-us/azure/templates/microsoft.compute/virtualmachines?tabs=json#linuxconfiguration-object", "severity": "MEDIUM", "platform": "AzureResourceManager", + "cwe": "522", "cloud_provider": "AZURE", "category": "Best Practices", "experimental": false, diff --git a/e2e/fixtures/E2E_CLI_091_RESULT.json b/e2e/fixtures/E2E_CLI_091_RESULT.json index dd99830dd17..28c2b1d4f9a 100644 --- a/e2e/fixtures/E2E_CLI_091_RESULT.json +++ b/e2e/fixtures/E2E_CLI_091_RESULT.json @@ -32,6 +32,7 @@ "query_url": "https://docs.microsoft.com/en-us/azure/templates/microsoft.security/securitycontacts", "severity": "INFO", "platform": "AzureResourceManager", + "cwe": "778", "cloud_provider": "AZURE", "category": "Networking and Firewall", "experimental": false, From b99faaff236bd6f6fa97ddc56f8b3affc9af2ced Mon Sep 17 00:00:00 2001 From: Artur Ribeiro Date: Thu, 4 Jul 2024 12:41:12 +0100 Subject: [PATCH 3/8] update query naming --- .../metadata.json | 12 ++++++++++++ .../query.rego | 0 .../test/negative1.bicep | 0 .../test/negative1.json | 0 .../test/negative2.bicep | 0 .../test/negative2.json | 0 .../test/negative3.bicep | 0 .../test/negative3.json | 0 .../test/negative4.bicep | 0 .../test/negative4.json | 0 .../test/positive1.bicep | 0 .../test/positive1.json | 0 .../test/positive2.bicep | 0 .../test/positive2.json | 0 .../test/positive3.bicep | 0 .../test/positive3.json | 0 .../test/positive4.bicep | 0 .../test/positive4.json | 0 .../test/positive5.bicep | 0 .../test/positive5.json | 0 .../test/positive6.bicep | 0 .../test/positive6.json | 0 .../test/positive_expected_result.json | 0 .../metadata.json | 12 ++++++++++++ .../query.rego | 0 .../test/negative1.bicep | 0 .../test/negative1.json | 0 .../test/negative2.bicep | 0 .../test/negative2.json | 0 .../test/positive1.bicep | 0 .../test/positive1.json | 0 .../test/positive2.bicep | 0 .../test/positive2.json | 0 .../test/positive3.bicep | 0 .../test/positive3.json | 0 .../test/positive4.bicep | 0 .../test/positive4.json | 0 .../test/positive5.bicep | 0 .../test/positive5.json | 0 .../test/positive6.bicep | 0 .../test/positive6.json | 0 .../test/positive7.bicep | 0 .../test/positive7.json | 0 .../test/positive8.bicep | 0 .../test/positive8.json | 0 .../test/positive_expected_result.json | 0 .../metadata.json | 12 ++++++++++++ .../query.rego | 0 .../test/negative1.bicep | 0 .../test/negative1.json | 0 .../test/negative2.bicep | 0 .../test/negative2.json | 0 .../test/negative3.bicep | 0 .../test/negative3.json | 0 .../test/negative4.bicep | 0 .../test/negative4.json | 0 .../test/positive1.bicep | 0 .../test/positive1.json | 0 .../test/positive2.bicep | 0 .../test/positive2.json | 0 .../test/positive3.bicep | 0 .../test/positive3.json | 0 .../test/positive4.bicep | 0 .../test/positive4.json | 0 .../test/positive5.bicep | 0 .../test/positive5.json | 0 .../test/positive6.bicep | 0 .../test/positive6.json | 0 .../test/positive7.bicep | 0 .../test/positive7.json | 0 .../test/positive8.bicep | 0 .../test/positive8.json | 0 .../test/positive_expected_result.json | 0 .../postgresql_server_ssl_disabled/metadata.json | 13 +++++++++++++ .../query.rego | 0 .../test/negative1.bicep | 0 .../test/negative1.json | 0 .../test/negative2.bicep | 0 .../test/negative2.json | 0 .../test/positive1.bicep | 0 .../test/positive1.json | 0 .../test/positive2.bicep | 0 .../test/positive2.json | 0 .../test/positive3.bicep | 0 .../test/positive3.json | 0 .../test/positive4.bicep | 0 .../test/positive4.json | 0 .../test/positive_expected_result.json | 0 88 files changed, 49 insertions(+) create mode 100644 assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/metadata.json rename assets/queries/azureResourceManager/{postgres_sql_database_server_connection_throttling_disabled => postgresql_database_server_connection_throttling_disabled}/query.rego (100%) rename assets/queries/azureResourceManager/{postgres_sql_database_server_connection_throttling_disabled => postgresql_database_server_connection_throttling_disabled}/test/negative1.bicep (100%) rename assets/queries/azureResourceManager/{postgres_sql_database_server_connection_throttling_disabled => postgresql_database_server_connection_throttling_disabled}/test/negative1.json (100%) rename assets/queries/azureResourceManager/{postgres_sql_database_server_connection_throttling_disabled => postgresql_database_server_connection_throttling_disabled}/test/negative2.bicep (100%) rename assets/queries/azureResourceManager/{postgres_sql_database_server_connection_throttling_disabled => postgresql_database_server_connection_throttling_disabled}/test/negative2.json (100%) rename assets/queries/azureResourceManager/{postgres_sql_database_server_connection_throttling_disabled => postgresql_database_server_connection_throttling_disabled}/test/negative3.bicep (100%) rename assets/queries/azureResourceManager/{postgres_sql_database_server_connection_throttling_disabled => postgresql_database_server_connection_throttling_disabled}/test/negative3.json (100%) rename assets/queries/azureResourceManager/{postgres_sql_database_server_connection_throttling_disabled => postgresql_database_server_connection_throttling_disabled}/test/negative4.bicep (100%) rename assets/queries/azureResourceManager/{postgres_sql_database_server_connection_throttling_disabled => postgresql_database_server_connection_throttling_disabled}/test/negative4.json (100%) rename assets/queries/azureResourceManager/{postgres_sql_database_server_connection_throttling_disabled => postgresql_database_server_connection_throttling_disabled}/test/positive1.bicep (100%) rename assets/queries/azureResourceManager/{postgres_sql_database_server_connection_throttling_disabled => postgresql_database_server_connection_throttling_disabled}/test/positive1.json (100%) rename assets/queries/azureResourceManager/{postgres_sql_database_server_connection_throttling_disabled => postgresql_database_server_connection_throttling_disabled}/test/positive2.bicep (100%) rename assets/queries/azureResourceManager/{postgres_sql_database_server_connection_throttling_disabled => postgresql_database_server_connection_throttling_disabled}/test/positive2.json (100%) rename assets/queries/azureResourceManager/{postgres_sql_database_server_connection_throttling_disabled => postgresql_database_server_connection_throttling_disabled}/test/positive3.bicep (100%) rename assets/queries/azureResourceManager/{postgres_sql_database_server_connection_throttling_disabled => postgresql_database_server_connection_throttling_disabled}/test/positive3.json (100%) rename assets/queries/azureResourceManager/{postgres_sql_database_server_connection_throttling_disabled => postgresql_database_server_connection_throttling_disabled}/test/positive4.bicep (100%) rename assets/queries/azureResourceManager/{postgres_sql_database_server_connection_throttling_disabled => postgresql_database_server_connection_throttling_disabled}/test/positive4.json (100%) rename assets/queries/azureResourceManager/{postgres_sql_database_server_connection_throttling_disabled => postgresql_database_server_connection_throttling_disabled}/test/positive5.bicep (100%) rename assets/queries/azureResourceManager/{postgres_sql_database_server_connection_throttling_disabled => postgresql_database_server_connection_throttling_disabled}/test/positive5.json (100%) rename assets/queries/azureResourceManager/{postgres_sql_database_server_connection_throttling_disabled => postgresql_database_server_connection_throttling_disabled}/test/positive6.bicep (100%) rename assets/queries/azureResourceManager/{postgres_sql_database_server_connection_throttling_disabled => postgresql_database_server_connection_throttling_disabled}/test/positive6.json (100%) rename assets/queries/azureResourceManager/{postgres_sql_database_server_connection_throttling_disabled => postgresql_database_server_connection_throttling_disabled}/test/positive_expected_result.json (100%) create mode 100644 assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/metadata.json rename assets/queries/azureResourceManager/{postgres_sql_server_log_checkpoint_disabled => postgresql_server_log_checkpoint_disabled}/query.rego (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_log_checkpoint_disabled => postgresql_server_log_checkpoint_disabled}/test/negative1.bicep (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_log_checkpoint_disabled => postgresql_server_log_checkpoint_disabled}/test/negative1.json (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_log_checkpoint_disabled => postgresql_server_log_checkpoint_disabled}/test/negative2.bicep (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_log_checkpoint_disabled => postgresql_server_log_checkpoint_disabled}/test/negative2.json (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_log_checkpoint_disabled => postgresql_server_log_checkpoint_disabled}/test/positive1.bicep (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_log_checkpoint_disabled => postgresql_server_log_checkpoint_disabled}/test/positive1.json (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_log_checkpoint_disabled => postgresql_server_log_checkpoint_disabled}/test/positive2.bicep (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_log_checkpoint_disabled => postgresql_server_log_checkpoint_disabled}/test/positive2.json (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_log_checkpoint_disabled => postgresql_server_log_checkpoint_disabled}/test/positive3.bicep (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_log_checkpoint_disabled => postgresql_server_log_checkpoint_disabled}/test/positive3.json (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_log_checkpoint_disabled => postgresql_server_log_checkpoint_disabled}/test/positive4.bicep (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_log_checkpoint_disabled => postgresql_server_log_checkpoint_disabled}/test/positive4.json (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_log_checkpoint_disabled => postgresql_server_log_checkpoint_disabled}/test/positive5.bicep (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_log_checkpoint_disabled => postgresql_server_log_checkpoint_disabled}/test/positive5.json (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_log_checkpoint_disabled => postgresql_server_log_checkpoint_disabled}/test/positive6.bicep (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_log_checkpoint_disabled => postgresql_server_log_checkpoint_disabled}/test/positive6.json (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_log_checkpoint_disabled => postgresql_server_log_checkpoint_disabled}/test/positive7.bicep (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_log_checkpoint_disabled => postgresql_server_log_checkpoint_disabled}/test/positive7.json (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_log_checkpoint_disabled => postgresql_server_log_checkpoint_disabled}/test/positive8.bicep (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_log_checkpoint_disabled => postgresql_server_log_checkpoint_disabled}/test/positive8.json (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_log_checkpoint_disabled => postgresql_server_log_checkpoint_disabled}/test/positive_expected_result.json (100%) create mode 100644 assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/metadata.json rename assets/queries/azureResourceManager/{postgres_sql_server_log_connections_disabled => postgresql_server_log_connections_disabled}/query.rego (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_log_connections_disabled => postgresql_server_log_connections_disabled}/test/negative1.bicep (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_log_connections_disabled => postgresql_server_log_connections_disabled}/test/negative1.json (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_log_connections_disabled => postgresql_server_log_connections_disabled}/test/negative2.bicep (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_log_connections_disabled => postgresql_server_log_connections_disabled}/test/negative2.json (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_log_connections_disabled => postgresql_server_log_connections_disabled}/test/negative3.bicep (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_log_connections_disabled => postgresql_server_log_connections_disabled}/test/negative3.json (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_log_connections_disabled => postgresql_server_log_connections_disabled}/test/negative4.bicep (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_log_connections_disabled => postgresql_server_log_connections_disabled}/test/negative4.json (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_log_connections_disabled => postgresql_server_log_connections_disabled}/test/positive1.bicep (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_log_connections_disabled => postgresql_server_log_connections_disabled}/test/positive1.json (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_log_connections_disabled => postgresql_server_log_connections_disabled}/test/positive2.bicep (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_log_connections_disabled => postgresql_server_log_connections_disabled}/test/positive2.json (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_log_connections_disabled => postgresql_server_log_connections_disabled}/test/positive3.bicep (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_log_connections_disabled => postgresql_server_log_connections_disabled}/test/positive3.json (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_log_connections_disabled => postgresql_server_log_connections_disabled}/test/positive4.bicep (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_log_connections_disabled => postgresql_server_log_connections_disabled}/test/positive4.json (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_log_connections_disabled => postgresql_server_log_connections_disabled}/test/positive5.bicep (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_log_connections_disabled => postgresql_server_log_connections_disabled}/test/positive5.json (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_log_connections_disabled => postgresql_server_log_connections_disabled}/test/positive6.bicep (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_log_connections_disabled => postgresql_server_log_connections_disabled}/test/positive6.json (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_log_connections_disabled => postgresql_server_log_connections_disabled}/test/positive7.bicep (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_log_connections_disabled => postgresql_server_log_connections_disabled}/test/positive7.json (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_log_connections_disabled => postgresql_server_log_connections_disabled}/test/positive8.bicep (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_log_connections_disabled => postgresql_server_log_connections_disabled}/test/positive8.json (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_log_connections_disabled => postgresql_server_log_connections_disabled}/test/positive_expected_result.json (100%) create mode 100644 assets/queries/azureResourceManager/postgresql_server_ssl_disabled/metadata.json rename assets/queries/azureResourceManager/{postgres_sql_server_ssl_disabled => postgresql_server_ssl_disabled}/query.rego (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_ssl_disabled => postgresql_server_ssl_disabled}/test/negative1.bicep (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_ssl_disabled => postgresql_server_ssl_disabled}/test/negative1.json (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_ssl_disabled => postgresql_server_ssl_disabled}/test/negative2.bicep (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_ssl_disabled => postgresql_server_ssl_disabled}/test/negative2.json (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_ssl_disabled => postgresql_server_ssl_disabled}/test/positive1.bicep (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_ssl_disabled => postgresql_server_ssl_disabled}/test/positive1.json (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_ssl_disabled => postgresql_server_ssl_disabled}/test/positive2.bicep (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_ssl_disabled => postgresql_server_ssl_disabled}/test/positive2.json (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_ssl_disabled => postgresql_server_ssl_disabled}/test/positive3.bicep (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_ssl_disabled => postgresql_server_ssl_disabled}/test/positive3.json (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_ssl_disabled => postgresql_server_ssl_disabled}/test/positive4.bicep (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_ssl_disabled => postgresql_server_ssl_disabled}/test/positive4.json (100%) rename assets/queries/azureResourceManager/{postgres_sql_server_ssl_disabled => postgresql_server_ssl_disabled}/test/positive_expected_result.json (100%) diff --git a/assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/metadata.json b/assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/metadata.json new file mode 100644 index 00000000000..c0c70775d38 --- /dev/null +++ b/assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/metadata.json @@ -0,0 +1,12 @@ +{ + "id": "a6d774b6-d9ea-4bf4-8433-217bf15d2fb8", + "queryName": "PostgreSQL Database Server Connection Throttling Disabled", + "severity": "MEDIUM", + "category": "Networking and Firewall", + "descriptionText": "Microsoft.DBforPostgreSQL/servers/configurations should have 'connection_throttling' property set to 'on'", + "descriptionUrl": "https://docs.microsoft.com/en-us/azure/templates/microsoft.dbforpostgresql/servers/configurations?tabs=json", + "platform": "AzureResourceManager", + "descriptionID": "2eb0e3a8", + "cloudProvider": "azure", + "cwe": "" +} \ No newline at end of file diff --git a/assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/query.rego b/assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/query.rego similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/query.rego rename to assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/query.rego diff --git a/assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/test/negative1.bicep b/assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/test/negative1.bicep similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/test/negative1.bicep rename to assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/test/negative1.bicep diff --git a/assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/test/negative1.json b/assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/test/negative1.json similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/test/negative1.json rename to assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/test/negative1.json diff --git a/assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/test/negative2.bicep b/assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/test/negative2.bicep similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/test/negative2.bicep rename to assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/test/negative2.bicep diff --git a/assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/test/negative2.json b/assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/test/negative2.json similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/test/negative2.json rename to assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/test/negative2.json diff --git a/assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/test/negative3.bicep b/assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/test/negative3.bicep similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/test/negative3.bicep rename to assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/test/negative3.bicep diff --git a/assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/test/negative3.json b/assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/test/negative3.json similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/test/negative3.json rename to assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/test/negative3.json diff --git a/assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/test/negative4.bicep b/assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/test/negative4.bicep similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/test/negative4.bicep rename to assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/test/negative4.bicep diff --git a/assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/test/negative4.json b/assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/test/negative4.json similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/test/negative4.json rename to assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/test/negative4.json diff --git a/assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/test/positive1.bicep b/assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/test/positive1.bicep similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/test/positive1.bicep rename to assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/test/positive1.bicep diff --git a/assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/test/positive1.json b/assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/test/positive1.json similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/test/positive1.json rename to assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/test/positive1.json diff --git a/assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/test/positive2.bicep b/assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/test/positive2.bicep similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/test/positive2.bicep rename to assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/test/positive2.bicep diff --git a/assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/test/positive2.json b/assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/test/positive2.json similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/test/positive2.json rename to assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/test/positive2.json diff --git a/assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/test/positive3.bicep b/assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/test/positive3.bicep similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/test/positive3.bicep rename to assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/test/positive3.bicep diff --git a/assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/test/positive3.json b/assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/test/positive3.json similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/test/positive3.json rename to assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/test/positive3.json diff --git a/assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/test/positive4.bicep b/assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/test/positive4.bicep similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/test/positive4.bicep rename to assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/test/positive4.bicep diff --git a/assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/test/positive4.json b/assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/test/positive4.json similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/test/positive4.json rename to assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/test/positive4.json diff --git a/assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/test/positive5.bicep b/assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/test/positive5.bicep similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/test/positive5.bicep rename to assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/test/positive5.bicep diff --git a/assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/test/positive5.json b/assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/test/positive5.json similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/test/positive5.json rename to assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/test/positive5.json diff --git a/assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/test/positive6.bicep b/assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/test/positive6.bicep similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/test/positive6.bicep rename to assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/test/positive6.bicep diff --git a/assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/test/positive6.json b/assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/test/positive6.json similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/test/positive6.json rename to assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/test/positive6.json diff --git a/assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/test/positive_expected_result.json b/assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/test/positive_expected_result.json similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/test/positive_expected_result.json rename to assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/test/positive_expected_result.json diff --git a/assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/metadata.json b/assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/metadata.json new file mode 100644 index 00000000000..7daf22d4659 --- /dev/null +++ b/assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/metadata.json @@ -0,0 +1,12 @@ +{ + "id": "f9112910-c7bb-4864-9f5e-2059ba413bb7", + "queryName": "PostgreSQL Database Server Log Checkpoints Disabled", + "severity": "MEDIUM", + "category": "Networking and Firewall", + "descriptionText": "Microsoft.DBforPostgreSQL/servers/configurations should have 'log_checkpoint' property set to 'on'", + "descriptionUrl": "https://docs.microsoft.com/en-us/azure/templates/microsoft.dbforpostgresql/2017-12-01/servers/configurations?tabs=json", + "platform": "AzureResourceManager", + "descriptionID": "be873a2e", + "cloudProvider": "azure", + "cwe": "" +} \ No newline at end of file diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/query.rego b/assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/query.rego similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/query.rego rename to assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/query.rego diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/test/negative1.bicep b/assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/test/negative1.bicep similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/test/negative1.bicep rename to assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/test/negative1.bicep diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/test/negative1.json b/assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/test/negative1.json similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/test/negative1.json rename to assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/test/negative1.json diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/test/negative2.bicep b/assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/test/negative2.bicep similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/test/negative2.bicep rename to assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/test/negative2.bicep diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/test/negative2.json b/assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/test/negative2.json similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/test/negative2.json rename to assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/test/negative2.json diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/test/positive1.bicep b/assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/test/positive1.bicep similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/test/positive1.bicep rename to assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/test/positive1.bicep diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/test/positive1.json b/assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/test/positive1.json similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/test/positive1.json rename to assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/test/positive1.json diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/test/positive2.bicep b/assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/test/positive2.bicep similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/test/positive2.bicep rename to assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/test/positive2.bicep diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/test/positive2.json b/assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/test/positive2.json similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/test/positive2.json rename to assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/test/positive2.json diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/test/positive3.bicep b/assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/test/positive3.bicep similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/test/positive3.bicep rename to assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/test/positive3.bicep diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/test/positive3.json b/assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/test/positive3.json similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/test/positive3.json rename to assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/test/positive3.json diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/test/positive4.bicep b/assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/test/positive4.bicep similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/test/positive4.bicep rename to assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/test/positive4.bicep diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/test/positive4.json b/assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/test/positive4.json similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/test/positive4.json rename to assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/test/positive4.json diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/test/positive5.bicep b/assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/test/positive5.bicep similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/test/positive5.bicep rename to assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/test/positive5.bicep diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/test/positive5.json b/assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/test/positive5.json similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/test/positive5.json rename to assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/test/positive5.json diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/test/positive6.bicep b/assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/test/positive6.bicep similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/test/positive6.bicep rename to assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/test/positive6.bicep diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/test/positive6.json b/assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/test/positive6.json similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/test/positive6.json rename to assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/test/positive6.json diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/test/positive7.bicep b/assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/test/positive7.bicep similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/test/positive7.bicep rename to assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/test/positive7.bicep diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/test/positive7.json b/assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/test/positive7.json similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/test/positive7.json rename to assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/test/positive7.json diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/test/positive8.bicep b/assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/test/positive8.bicep similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/test/positive8.bicep rename to assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/test/positive8.bicep diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/test/positive8.json b/assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/test/positive8.json similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/test/positive8.json rename to assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/test/positive8.json diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/test/positive_expected_result.json b/assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/test/positive_expected_result.json similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/test/positive_expected_result.json rename to assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/test/positive_expected_result.json diff --git a/assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/metadata.json b/assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/metadata.json new file mode 100644 index 00000000000..77418c6d773 --- /dev/null +++ b/assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/metadata.json @@ -0,0 +1,12 @@ +{ + "id": "e69bda39-e1e2-47ca-b9ee-b6531b23aedd", + "queryName": "PostgreSQL Database Server Log Connections Disabled", + "severity": "MEDIUM", + "category": "Networking and Firewall", + "descriptionText": "Microsoft.DBforPostgreSQL/servers/configurations should have 'log_connections' property set to 'on'", + "descriptionUrl": "https://docs.microsoft.com/en-us/azure/templates/microsoft.dbforpostgresql/servers/configurations?tabs=json#configurationproperties-object", + "platform": "AzureResourceManager", + "descriptionID": "3769181b", + "cloudProvider": "azure", + "cwe": "" +} \ No newline at end of file diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/query.rego b/assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/query.rego similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/query.rego rename to assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/query.rego diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/negative1.bicep b/assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/negative1.bicep similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/negative1.bicep rename to assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/negative1.bicep diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/negative1.json b/assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/negative1.json similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/negative1.json rename to assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/negative1.json diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/negative2.bicep b/assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/negative2.bicep similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/negative2.bicep rename to assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/negative2.bicep diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/negative2.json b/assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/negative2.json similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/negative2.json rename to assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/negative2.json diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/negative3.bicep b/assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/negative3.bicep similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/negative3.bicep rename to assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/negative3.bicep diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/negative3.json b/assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/negative3.json similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/negative3.json rename to assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/negative3.json diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/negative4.bicep b/assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/negative4.bicep similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/negative4.bicep rename to assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/negative4.bicep diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/negative4.json b/assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/negative4.json similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/negative4.json rename to assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/negative4.json diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/positive1.bicep b/assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/positive1.bicep similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/positive1.bicep rename to assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/positive1.bicep diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/positive1.json b/assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/positive1.json similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/positive1.json rename to assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/positive1.json diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/positive2.bicep b/assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/positive2.bicep similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/positive2.bicep rename to assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/positive2.bicep diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/positive2.json b/assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/positive2.json similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/positive2.json rename to assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/positive2.json diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/positive3.bicep b/assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/positive3.bicep similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/positive3.bicep rename to assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/positive3.bicep diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/positive3.json b/assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/positive3.json similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/positive3.json rename to assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/positive3.json diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/positive4.bicep b/assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/positive4.bicep similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/positive4.bicep rename to assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/positive4.bicep diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/positive4.json b/assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/positive4.json similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/positive4.json rename to assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/positive4.json diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/positive5.bicep b/assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/positive5.bicep similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/positive5.bicep rename to assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/positive5.bicep diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/positive5.json b/assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/positive5.json similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/positive5.json rename to assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/positive5.json diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/positive6.bicep b/assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/positive6.bicep similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/positive6.bicep rename to assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/positive6.bicep diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/positive6.json b/assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/positive6.json similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/positive6.json rename to assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/positive6.json diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/positive7.bicep b/assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/positive7.bicep similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/positive7.bicep rename to assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/positive7.bicep diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/positive7.json b/assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/positive7.json similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/positive7.json rename to assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/positive7.json diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/positive8.bicep b/assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/positive8.bicep similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/positive8.bicep rename to assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/positive8.bicep diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/positive8.json b/assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/positive8.json similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/positive8.json rename to assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/positive8.json diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/positive_expected_result.json b/assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/positive_expected_result.json similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/test/positive_expected_result.json rename to assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/test/positive_expected_result.json diff --git a/assets/queries/azureResourceManager/postgresql_server_ssl_disabled/metadata.json b/assets/queries/azureResourceManager/postgresql_server_ssl_disabled/metadata.json new file mode 100644 index 00000000000..b269a300ab1 --- /dev/null +++ b/assets/queries/azureResourceManager/postgresql_server_ssl_disabled/metadata.json @@ -0,0 +1,13 @@ +{ + "id": "bf500309-da53-4dd3-bcf7-95f7974545a5", + "queryName": "PostgreSQL Database Server SSL Disabled", + "severity": "MEDIUM", + "category": "Networking and Firewall", + "descriptionText": "Microsoft.DBforPostgreSQL/servers sslEnforcement property should be set to 'Enabled'", + "descriptionUrl": "https://docs.microsoft.com/en-us/azure/templates/microsoft.dbforpostgresql/2017-12-01/servers?tabs=json", + "platform": "AzureResourceManager", + "descriptionID": "67cfaa3b", + "cloudProvider": "azure", + "cwe": "", + "oldSeverity": "HIGH" +} \ No newline at end of file diff --git a/assets/queries/azureResourceManager/postgres_sql_server_ssl_disabled/query.rego b/assets/queries/azureResourceManager/postgresql_server_ssl_disabled/query.rego similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_ssl_disabled/query.rego rename to assets/queries/azureResourceManager/postgresql_server_ssl_disabled/query.rego diff --git a/assets/queries/azureResourceManager/postgres_sql_server_ssl_disabled/test/negative1.bicep b/assets/queries/azureResourceManager/postgresql_server_ssl_disabled/test/negative1.bicep similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_ssl_disabled/test/negative1.bicep rename to assets/queries/azureResourceManager/postgresql_server_ssl_disabled/test/negative1.bicep diff --git a/assets/queries/azureResourceManager/postgres_sql_server_ssl_disabled/test/negative1.json b/assets/queries/azureResourceManager/postgresql_server_ssl_disabled/test/negative1.json similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_ssl_disabled/test/negative1.json rename to assets/queries/azureResourceManager/postgresql_server_ssl_disabled/test/negative1.json diff --git a/assets/queries/azureResourceManager/postgres_sql_server_ssl_disabled/test/negative2.bicep b/assets/queries/azureResourceManager/postgresql_server_ssl_disabled/test/negative2.bicep similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_ssl_disabled/test/negative2.bicep rename to assets/queries/azureResourceManager/postgresql_server_ssl_disabled/test/negative2.bicep diff --git a/assets/queries/azureResourceManager/postgres_sql_server_ssl_disabled/test/negative2.json b/assets/queries/azureResourceManager/postgresql_server_ssl_disabled/test/negative2.json similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_ssl_disabled/test/negative2.json rename to assets/queries/azureResourceManager/postgresql_server_ssl_disabled/test/negative2.json diff --git a/assets/queries/azureResourceManager/postgres_sql_server_ssl_disabled/test/positive1.bicep b/assets/queries/azureResourceManager/postgresql_server_ssl_disabled/test/positive1.bicep similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_ssl_disabled/test/positive1.bicep rename to assets/queries/azureResourceManager/postgresql_server_ssl_disabled/test/positive1.bicep diff --git a/assets/queries/azureResourceManager/postgres_sql_server_ssl_disabled/test/positive1.json b/assets/queries/azureResourceManager/postgresql_server_ssl_disabled/test/positive1.json similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_ssl_disabled/test/positive1.json rename to assets/queries/azureResourceManager/postgresql_server_ssl_disabled/test/positive1.json diff --git a/assets/queries/azureResourceManager/postgres_sql_server_ssl_disabled/test/positive2.bicep b/assets/queries/azureResourceManager/postgresql_server_ssl_disabled/test/positive2.bicep similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_ssl_disabled/test/positive2.bicep rename to assets/queries/azureResourceManager/postgresql_server_ssl_disabled/test/positive2.bicep diff --git a/assets/queries/azureResourceManager/postgres_sql_server_ssl_disabled/test/positive2.json b/assets/queries/azureResourceManager/postgresql_server_ssl_disabled/test/positive2.json similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_ssl_disabled/test/positive2.json rename to assets/queries/azureResourceManager/postgresql_server_ssl_disabled/test/positive2.json diff --git a/assets/queries/azureResourceManager/postgres_sql_server_ssl_disabled/test/positive3.bicep b/assets/queries/azureResourceManager/postgresql_server_ssl_disabled/test/positive3.bicep similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_ssl_disabled/test/positive3.bicep rename to assets/queries/azureResourceManager/postgresql_server_ssl_disabled/test/positive3.bicep diff --git a/assets/queries/azureResourceManager/postgres_sql_server_ssl_disabled/test/positive3.json b/assets/queries/azureResourceManager/postgresql_server_ssl_disabled/test/positive3.json similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_ssl_disabled/test/positive3.json rename to assets/queries/azureResourceManager/postgresql_server_ssl_disabled/test/positive3.json diff --git a/assets/queries/azureResourceManager/postgres_sql_server_ssl_disabled/test/positive4.bicep b/assets/queries/azureResourceManager/postgresql_server_ssl_disabled/test/positive4.bicep similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_ssl_disabled/test/positive4.bicep rename to assets/queries/azureResourceManager/postgresql_server_ssl_disabled/test/positive4.bicep diff --git a/assets/queries/azureResourceManager/postgres_sql_server_ssl_disabled/test/positive4.json b/assets/queries/azureResourceManager/postgresql_server_ssl_disabled/test/positive4.json similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_ssl_disabled/test/positive4.json rename to assets/queries/azureResourceManager/postgresql_server_ssl_disabled/test/positive4.json diff --git a/assets/queries/azureResourceManager/postgres_sql_server_ssl_disabled/test/positive_expected_result.json b/assets/queries/azureResourceManager/postgresql_server_ssl_disabled/test/positive_expected_result.json similarity index 100% rename from assets/queries/azureResourceManager/postgres_sql_server_ssl_disabled/test/positive_expected_result.json rename to assets/queries/azureResourceManager/postgresql_server_ssl_disabled/test/positive_expected_result.json From fc03ead7c53edfb0c99d9036c3bbac218a02de33 Mon Sep 17 00:00:00 2001 From: Artur Ribeiro Date: Thu, 4 Jul 2024 12:52:57 +0100 Subject: [PATCH 4/8] remove wrong query naming --- .../metadata.json | 12 ------------ .../metadata.json | 12 ------------ .../metadata.json | 12 ------------ .../postgres_sql_server_ssl_disabled/metadata.json | 13 ------------- 4 files changed, 49 deletions(-) delete mode 100644 assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/metadata.json delete mode 100644 assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/metadata.json delete mode 100644 assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/metadata.json delete mode 100644 assets/queries/azureResourceManager/postgres_sql_server_ssl_disabled/metadata.json diff --git a/assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/metadata.json b/assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/metadata.json deleted file mode 100644 index 7c8dd6ff072..00000000000 --- a/assets/queries/azureResourceManager/postgres_sql_database_server_connection_throttling_disabled/metadata.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "id": "a6d774b6-d9ea-4bf4-8433-217bf15d2fb8", - "queryName": "PostgresSQL Database Server Connection Throttling Disabled", - "severity": "MEDIUM", - "category": "Networking and Firewall", - "descriptionText": "Microsoft.DBforPostgreSQL/servers/configurations should have 'connection_throttling' property set to 'on'", - "descriptionUrl": "https://docs.microsoft.com/en-us/azure/templates/microsoft.dbforpostgresql/servers/configurations?tabs=json", - "platform": "AzureResourceManager", - "descriptionID": "2eb0e3a8", - "cloudProvider": "azure", - "cwe": "770" -} \ No newline at end of file diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/metadata.json b/assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/metadata.json deleted file mode 100644 index ea6dabe8b15..00000000000 --- a/assets/queries/azureResourceManager/postgres_sql_server_log_checkpoint_disabled/metadata.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "id": "f9112910-c7bb-4864-9f5e-2059ba413bb7", - "queryName": "PostgreSQL Database Server Log Checkpoints Disabled", - "severity": "MEDIUM", - "category": "Networking and Firewall", - "descriptionText": "Microsoft.DBforPostgreSQL/servers/configurations should have 'log_checkpoint' property set to 'on'", - "descriptionUrl": "https://docs.microsoft.com/en-us/azure/templates/microsoft.dbforpostgresql/2017-12-01/servers/configurations?tabs=json", - "platform": "AzureResourceManager", - "descriptionID": "be873a2e", - "cloudProvider": "azure", - "cwe": "778" -} \ No newline at end of file diff --git a/assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/metadata.json b/assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/metadata.json deleted file mode 100644 index f8874a3990d..00000000000 --- a/assets/queries/azureResourceManager/postgres_sql_server_log_connections_disabled/metadata.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "id": "e69bda39-e1e2-47ca-b9ee-b6531b23aedd", - "queryName": "PostgreSQL Database Server Log Connections Disabled", - "severity": "MEDIUM", - "category": "Networking and Firewall", - "descriptionText": "Microsoft.DBforPostgreSQL/servers/configurations should have 'log_connections' property set to 'on'", - "descriptionUrl": "https://docs.microsoft.com/en-us/azure/templates/microsoft.dbforpostgresql/servers/configurations?tabs=json#configurationproperties-object", - "platform": "AzureResourceManager", - "descriptionID": "3769181b", - "cloudProvider": "azure", - "cwe": "778" -} \ No newline at end of file diff --git a/assets/queries/azureResourceManager/postgres_sql_server_ssl_disabled/metadata.json b/assets/queries/azureResourceManager/postgres_sql_server_ssl_disabled/metadata.json deleted file mode 100644 index de563ccccb1..00000000000 --- a/assets/queries/azureResourceManager/postgres_sql_server_ssl_disabled/metadata.json +++ /dev/null @@ -1,13 +0,0 @@ -{ - "id": "bf500309-da53-4dd3-bcf7-95f7974545a5", - "queryName": "PostgreSQL Database Server SSL Disabled", - "severity": "MEDIUM", - "category": "Networking and Firewall", - "descriptionText": "Microsoft.DBforPostgreSQL/servers sslEnforcement property should be set to 'Enabled'", - "descriptionUrl": "https://docs.microsoft.com/en-us/azure/templates/microsoft.dbforpostgresql/2017-12-01/servers?tabs=json", - "platform": "AzureResourceManager", - "descriptionID": "67cfaa3b", - "cloudProvider": "azure", - "cwe": "319", - "oldSeverity": "HIGH" -} \ No newline at end of file From c281e72837b2f0837315f214c10eb6f144aef6fa Mon Sep 17 00:00:00 2001 From: Artur Ribeiro Date: Thu, 4 Jul 2024 13:04:19 +0100 Subject: [PATCH 5/8] upadte positive expected results with new query name --- .../test/positive_expected_result.json | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/test/positive_expected_result.json b/assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/test/positive_expected_result.json index b27316cd0d4..b6417cef88c 100644 --- a/assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/test/positive_expected_result.json +++ b/assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/test/positive_expected_result.json @@ -1,72 +1,72 @@ [ { - "queryName": "PostgresSQL Database Server Connection Throttling Disabled", + "queryName": "PostgreSQL Database Server Connection Throttling Disabled", "severity": "MEDIUM", "line": 45, "fileName": "positive1.json" }, { - "queryName": "PostgresSQL Database Server Connection Throttling Disabled", + "queryName": "PostgreSQL Database Server Connection Throttling Disabled", "severity": "MEDIUM", "line": 9, "fileName": "positive2.json" }, { - "queryName": "PostgresSQL Database Server Connection Throttling Disabled", + "queryName": "PostgreSQL Database Server Connection Throttling Disabled", "severity": "MEDIUM", "line": 9, "fileName": "positive3.json" }, { - "queryName": "PostgresSQL Database Server Connection Throttling Disabled", + "queryName": "PostgreSQL Database Server Connection Throttling Disabled", "severity": "MEDIUM", "line": 47, "fileName": "positive4.json" }, { - "queryName": "PostgresSQL Database Server Connection Throttling Disabled", + "queryName": "PostgreSQL Database Server Connection Throttling Disabled", "severity": "MEDIUM", "line": 11, "fileName": "positive5.json" }, { - "queryName": "PostgresSQL Database Server Connection Throttling Disabled", + "queryName": "PostgreSQL Database Server Connection Throttling Disabled", "severity": "MEDIUM", "line": 11, "fileName": "positive6.json" }, { - "queryName": "PostgresSQL Database Server Connection Throttling Disabled", + "queryName": "PostgreSQL Database Server Connection Throttling Disabled", "severity": "MEDIUM", "line": 36, "fileName": "positive1.bicep" }, { - "queryName": "PostgresSQL Database Server Connection Throttling Disabled", + "queryName": "PostgreSQL Database Server Connection Throttling Disabled", "severity": "MEDIUM", "line": 2, "fileName": "positive2.bicep" }, { - "queryName": "PostgresSQL Database Server Connection Throttling Disabled", + "queryName": "PostgreSQL Database Server Connection Throttling Disabled", "severity": "MEDIUM", "line": 2, "fileName": "positive3.bicep" }, { - "queryName": "PostgresSQL Database Server Connection Throttling Disabled", + "queryName": "PostgreSQL Database Server Connection Throttling Disabled", "severity": "MEDIUM", "line": 36, "fileName": "positive4.bicep" }, { - "queryName": "PostgresSQL Database Server Connection Throttling Disabled", + "queryName": "PostgreSQL Database Server Connection Throttling Disabled", "severity": "MEDIUM", "line": 2, "fileName": "positive5.bicep" }, { - "queryName": "PostgresSQL Database Server Connection Throttling Disabled", + "queryName": "PostgreSQL Database Server Connection Throttling Disabled", "severity": "MEDIUM", "line": 2, "fileName": "positive6.bicep" From cdc7f6ca4efaa1481d2ed05ca2d34401bacfdc92 Mon Sep 17 00:00:00 2001 From: Artur Ribeiro Date: Thu, 19 Sep 2024 16:57:29 +0100 Subject: [PATCH 6/8] add cwe info to missing queries --- .../metadata.json | 2 +- .../postgresql_server_log_checkpoint_disabled/metadata.json | 2 +- .../postgresql_server_log_connections_disabled/metadata.json | 2 +- .../postgresql_server_ssl_disabled/metadata.json | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/metadata.json b/assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/metadata.json index c0c70775d38..e21f70d70aa 100644 --- a/assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/metadata.json +++ b/assets/queries/azureResourceManager/postgresql_database_server_connection_throttling_disabled/metadata.json @@ -8,5 +8,5 @@ "platform": "AzureResourceManager", "descriptionID": "2eb0e3a8", "cloudProvider": "azure", - "cwe": "" + "cwe": "770" } \ No newline at end of file diff --git a/assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/metadata.json b/assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/metadata.json index 7daf22d4659..ea6dabe8b15 100644 --- a/assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/metadata.json +++ b/assets/queries/azureResourceManager/postgresql_server_log_checkpoint_disabled/metadata.json @@ -8,5 +8,5 @@ "platform": "AzureResourceManager", "descriptionID": "be873a2e", "cloudProvider": "azure", - "cwe": "" + "cwe": "778" } \ No newline at end of file diff --git a/assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/metadata.json b/assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/metadata.json index 77418c6d773..f8874a3990d 100644 --- a/assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/metadata.json +++ b/assets/queries/azureResourceManager/postgresql_server_log_connections_disabled/metadata.json @@ -8,5 +8,5 @@ "platform": "AzureResourceManager", "descriptionID": "3769181b", "cloudProvider": "azure", - "cwe": "" + "cwe": "778" } \ No newline at end of file diff --git a/assets/queries/azureResourceManager/postgresql_server_ssl_disabled/metadata.json b/assets/queries/azureResourceManager/postgresql_server_ssl_disabled/metadata.json index b269a300ab1..a37477a6bf3 100644 --- a/assets/queries/azureResourceManager/postgresql_server_ssl_disabled/metadata.json +++ b/assets/queries/azureResourceManager/postgresql_server_ssl_disabled/metadata.json @@ -8,6 +8,6 @@ "platform": "AzureResourceManager", "descriptionID": "67cfaa3b", "cloudProvider": "azure", - "cwe": "", + "cwe": "732", "oldSeverity": "HIGH" } \ No newline at end of file From 890d933cf3ae76121ddd8601c2145222c728ee40 Mon Sep 17 00:00:00 2001 From: Artur Ribeiro Date: Fri, 20 Sep 2024 11:48:30 +0100 Subject: [PATCH 7/8] dummy pr to run cxone scan --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f4c8d52664a..377993f8461 100644 --- a/README.md +++ b/README.md @@ -262,7 +262,7 @@ KICS is used by various companies and organizations, some are listed below. If y - [Firefly](https://www.firefly.ai/) ([Firefly Integrates With Checkmarx's KICS](https://www.firefly.ai/blog/firefly-integrates-with-checkmarxs-kics-to-enable-seamless-cloud-governance-from-code-to-cloud)) - [Redpanda](https://redpanda.com/) - [Keptn](https://github.com/keptn) / [Keptn Lifecycle Toolkit](https://keptn.sh) - + **Keeping Infrastructure as Code Secure!** --- From 0bc3fe2a51a0959975b1498993b7b2dfebec13a6 Mon Sep 17 00:00:00 2001 From: Artur Ribeiro Date: Fri, 20 Sep 2024 11:51:50 +0100 Subject: [PATCH 8/8] update packages to fix vulnerabilities --- go.mod | 43 ++++++++++++++---------------- go.sum | 84 ++++++++++++++++++++++++++++++---------------------------- 2 files changed, 63 insertions(+), 64 deletions(-) diff --git a/go.mod b/go.mod index 43c799d2f0b..752662d8ed9 100644 --- a/go.mod +++ b/go.mod @@ -35,12 +35,12 @@ require ( github.com/johnfercher/maroto v1.0.0 github.com/mackerelio/go-osstat v0.2.5 github.com/moby/buildkit v0.15.1-0.20240730223335-bc92b63b98aa - github.com/open-policy-agent/opa v0.65.0 + github.com/open-policy-agent/opa v0.68.0 github.com/pkg/errors v0.9.1 github.com/relex/aini v1.6.0 github.com/rs/zerolog v1.33.0 github.com/sosedoff/ansible-vault-go v0.2.0 - github.com/spf13/cobra v1.8.0 + github.com/spf13/cobra v1.8.1 github.com/spf13/pflag v1.0.5 github.com/spf13/viper v1.19.0 github.com/stretchr/testify v1.9.0 @@ -49,7 +49,7 @@ require ( github.com/xeipuuv/gojsonschema v1.2.0 github.com/yargevad/filepathx v1.0.0 github.com/zclconf/go-cty v1.14.4 - golang.org/x/net v0.26.0 + golang.org/x/net v0.28.0 golang.org/x/text v0.17.0 golang.org/x/tools v0.22.0 gopkg.in/yaml.v3 v3.0.1 @@ -73,7 +73,6 @@ require ( github.com/felixge/httpsnoop v1.0.4 // indirect github.com/go-ini/ini v1.67.0 // indirect github.com/go-logr/stdr v1.2.2 // indirect - github.com/golang/glog v1.2.1 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/google/flatbuffers v24.3.25+incompatible // indirect github.com/google/gnostic-models v0.6.8 // indirect @@ -94,20 +93,18 @@ require ( github.com/tchap/go-patricia/v2 v2.3.1 // indirect go.opencensus.io v0.24.0 // indirect go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0 // indirect - go.opentelemetry.io/otel v1.27.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.27.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 // indirect - go.opentelemetry.io/otel/metric v1.27.0 // indirect - go.opentelemetry.io/otel/sdk v1.27.0 // indirect - go.opentelemetry.io/otel/trace v1.27.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect + go.opentelemetry.io/otel v1.28.0 // indirect + go.opentelemetry.io/otel/metric v1.28.0 // indirect + go.opentelemetry.io/otel/sdk v1.28.0 // indirect + go.opentelemetry.io/otel/trace v1.28.0 // indirect go.uber.org/multierr v1.11.0 // indirect golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8 // indirect golang.org/x/mod v0.18.0 // indirect google.golang.org/api v0.171.0 // indirect google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 // indirect ) require ( @@ -126,7 +123,7 @@ require ( github.com/boombuler/barcode v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/chai2010/gettext-go v1.0.2 // indirect - github.com/containerd/containerd v1.7.21-0.20240730235713-20966044526b // indirect + github.com/containerd/containerd v1.7.21 // indirect github.com/cyphar/filepath-securejoin v0.2.4 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/docker/cli v27.1.1+incompatible // indirect @@ -193,9 +190,9 @@ require ( github.com/pelletier/go-toml/v2 v2.2.2 // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect - github.com/prometheus/client_golang v1.19.1 // indirect + github.com/prometheus/client_golang v1.20.2 // indirect github.com/prometheus/client_model v0.6.1 // indirect - github.com/prometheus/common v0.54.0 // indirect + github.com/prometheus/common v0.55.0 // indirect github.com/prometheus/procfs v0.15.1 // indirect github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect github.com/rivo/uniseg v0.4.7 // indirect @@ -217,14 +214,14 @@ require ( github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778 // indirect github.com/yashtewari/glob-intersection v0.2.0 // indirect go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect - golang.org/x/crypto v0.25.0 // indirect - golang.org/x/oauth2 v0.20.0 // indirect + golang.org/x/crypto v0.26.0 // indirect + golang.org/x/oauth2 v0.21.0 // indirect golang.org/x/sync v0.8.0 // indirect - golang.org/x/sys v0.22.0 // indirect - golang.org/x/term v0.21.0 // indirect - golang.org/x/time v0.5.0 // indirect - google.golang.org/grpc v1.64.1 // indirect - google.golang.org/protobuf v1.34.1 // indirect + golang.org/x/sys v0.23.0 // indirect + golang.org/x/term v0.23.0 // indirect + golang.org/x/time v0.6.0 // indirect + google.golang.org/grpc v1.66.0 // indirect + google.golang.org/protobuf v1.34.2 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff --git a/go.sum b/go.sum index a6c30f4053f..510907c10eb 100644 --- a/go.sum +++ b/go.sum @@ -300,7 +300,7 @@ github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3 github.com/containerd/typeurl/v2 v2.1.1 h1:3Q4Pt7i8nYwy2KmQWIw2+1hTvwTE/6w9FqcttATPO/4= github.com/containerd/typeurl/v2 v2.1.1/go.mod h1:IDp2JFvbwZ31H8dQbEIY7sDl2L3o3HZj1hsSQlywkQ0= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= -github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.21 h1:1/QdRyBaHHJP61QkWMXlOIBfsgdDeeKfK8SYVUWJKf0= github.com/creack/pty v1.1.21/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= @@ -625,6 +625,8 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= +github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 h1:SOEGU9fKiNWd/HOJuq6+3iTQz8KNCLtVX6idSoTLdUw= github.com/lann/builder v0.0.0-20180802200727-47ae307949d0/go.mod h1:dXGbAdH5GtBTC4WfIxhKZfyBF/HBFgRZSWwZ9g/He9o= github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 h1:P6pPBnrTSX3DEVR4fDembhRWSsG5rVo6hYhAB/ADZrk= @@ -705,8 +707,8 @@ github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To= github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= -github.com/open-policy-agent/opa v0.65.0 h1:wnEU0pEk80YjFi3yoDbFTMluyNssgPI4VJNJetD9a4U= -github.com/open-policy-agent/opa v0.65.0/go.mod h1:CNoLL44LuCH1Yot/zoeZXRKFylQtCJV+oGFiP2TeeEc= +github.com/open-policy-agent/opa v0.68.0 h1:Jl3U2vXRjwk7JrHmS19U3HZO5qxQRinQbJ2eCJYSqJQ= +github.com/open-policy-agent/opa v0.68.0/go.mod h1:5E5SvaPwTpwt2WM177I9Z3eT7qUpmOGjk1ZdHs+TZ4w= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.0.2 h1:9yCKha/T5XdGtO0q9Q9a6T5NUCsTn/DrBg0D7ufOcFM= @@ -734,8 +736,8 @@ github.com/poy/onpar v1.1.2/go.mod h1:6X8FLNoxyr9kkmnlqpK6LSoiOtrO6MICtWwEuWkLjz github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g= -github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE= -github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho= +github.com/prometheus/client_golang v1.20.2 h1:5ctymQzZlyOON1666svgwn3s6IKWgfbjsejTMiXIyjg= +github.com/prometheus/client_golang v1.20.2/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= @@ -743,8 +745,8 @@ github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc= -github.com/prometheus/common v0.54.0 h1:ZlZy0BgJhTwVZUn7dLOkwCZHUkrAqd3WYtcFCWnM1D8= -github.com/prometheus/common v0.54.0/go.mod h1:/TQgMJP5CuVYveyT7n/0Ix8yLNNXy9yRSkhnLTHPDIQ= +github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc= +github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ= @@ -797,8 +799,8 @@ github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTd github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0= github.com/spf13/cast v1.6.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= -github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0= -github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho= +github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= +github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/viper v1.19.0 h1:RWq5SEjt8o25SROyN3z2OrDB9l7RPd3lwTWU8EcEdcI= @@ -885,23 +887,23 @@ go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 h1:4Pp6oUg3+e/6M4C0A/3kJ2VYa++dsWVTtGgLVj5xtHg= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0/go.mod h1:Mjt1i1INqiaoZOMGR1RIUJN+i3ChKoFRqzrRQhlkbs0= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0 h1:9l89oX4ba9kHbBol3Xin3leYJ+252h0zszDtBwyKe2A= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0/go.mod h1:XLZfZboOJWHNKUv7eH0inh0E9VV6eWDFB/9yJyTLPp0= -go.opentelemetry.io/otel v1.27.0 h1:9BZoF3yMK/O1AafMiQTVu0YDj5Ea4hPhxCs7sGva+cg= -go.opentelemetry.io/otel v1.27.0/go.mod h1:DMpAK8fzYRzs+bi3rS5REupisuqTheUlSZJ1WnZaPAQ= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.27.0 h1:R9DE4kQ4k+YtfLI2ULwX82VtNQ2J8yZmA7ZIF/D+7Mc= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.27.0/go.mod h1:OQFyQVrDlbe+R7xrEyDr/2Wr67Ol0hRUgsfA+V5A95s= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 h1:qFffATk0X+HD+f1Z8lswGiOQYKHRlzfmdJm0wEaVrFA= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0/go.mod h1:MOiCmryaYtc+V0Ei+Tx9o5S1ZjA7kzLucuVuyzBZloQ= -go.opentelemetry.io/otel/metric v1.27.0 h1:hvj3vdEKyeCi4YaYfNjv2NUje8FqKqUY8IlF0FxV/ik= -go.opentelemetry.io/otel/metric v1.27.0/go.mod h1:mVFgmRlhljgBiuk/MP/oKylr4hs85GZAylncepAX/ak= -go.opentelemetry.io/otel/sdk v1.27.0 h1:mlk+/Y1gLPLn84U4tI8d3GNJmGT/eXe3ZuOXN9kTWmI= -go.opentelemetry.io/otel/sdk v1.27.0/go.mod h1:Ha9vbLwJE6W86YstIywK2xFfPjbWlCuwPtMkKdz/Y4A= -go.opentelemetry.io/otel/trace v1.27.0 h1:IqYb813p7cmbHk0a5y6pD5JPakbVfftRXABGt5/Rscw= -go.opentelemetry.io/otel/trace v1.27.0/go.mod h1:6RiD1hkAprV4/q+yd2ln1HG9GoPx39SuvvstaLBl+l4= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 h1:4K4tsIXefpVJtvA/8srF4V4y0akAoPHkIslgAkjixJA= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0/go.mod h1:jjdQuTGVsXV4vSs+CJ2qYDeDPf9yIJV23qlIzBm73Vg= +go.opentelemetry.io/otel v1.28.0 h1:/SqNcYk+idO0CxKEUOtKQClMK/MimZihKYMruSMViUo= +go.opentelemetry.io/otel v1.28.0/go.mod h1:q68ijF8Fc8CnMHKyzqL6akLO46ePnjkgfIMIjUIX9z4= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 h1:3Q/xZUyC1BBkualc9ROb4G8qkH90LXEIICcs5zv1OYY= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0/go.mod h1:s75jGIWA9OfCMzF0xr+ZgfrB5FEbbV7UuYo32ahUiFI= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.28.0 h1:R3X6ZXmNPRR8ul6i3WgFURCHzaXjHdm0karRG/+dj3s= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.28.0/go.mod h1:QWFXnDavXWwMx2EEcZsf3yxgEKAqsxQ+Syjp+seyInw= +go.opentelemetry.io/otel/metric v1.28.0 h1:f0HGvSl1KRAU1DLgLGFjrwVyismPlnuU6JD6bOeuA5Q= +go.opentelemetry.io/otel/metric v1.28.0/go.mod h1:Fb1eVBFZmLVTMb6PPohq3TO9IIhUisDsbJoL/+uQW4s= +go.opentelemetry.io/otel/sdk v1.28.0 h1:b9d7hIry8yZsgtbmM0DKyPWMMUMlK9NEKuIG4aBqWyE= +go.opentelemetry.io/otel/sdk v1.28.0/go.mod h1:oYj7ClPUA7Iw3m+r7GeEjz0qckQRJK2B8zjcZEfu7Pg= +go.opentelemetry.io/otel/trace v1.28.0 h1:GhQ9cUuQGmNDd5BTCP2dAvv75RdMxEfTmYejp+lkx9g= +go.opentelemetry.io/otel/trace v1.28.0/go.mod h1:jPyXzNPg6da9+38HEwElrQiHlVMTnVfM3/yv2OlIHaI= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= -go.opentelemetry.io/proto/otlp v1.2.0 h1:pVeZGk7nXDC9O2hncA6nHldxEjm6LByfA2aN8IOkz94= -go.opentelemetry.io/proto/otlp v1.2.0/go.mod h1:gGpR8txAl5M03pDhMC79G6SdqNV26naRm/KDsgaHD8A= +go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0= +go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8= go.starlark.net v0.0.0-20230525235612-a134d8f9ddca h1:VdD38733bfYv5tUZwEIskMM93VanwNIi5bIKnDrJdEY= go.starlark.net v0.0.0-20230525235612-a134d8f9ddca/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= @@ -1002,8 +1004,8 @@ golang.org/x/net v0.0.0-20221014081412-f15817d10f9b/go.mod h1:YDH+HFinaLZZlnHAfS golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= -golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= -golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= +golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE= +golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1029,8 +1031,8 @@ golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094/go.mod h1:h4gKUeWbJ4rQPri golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= golang.org/x/oauth2 v0.1.0/go.mod h1:G9FE4dLTsbXUu90h/Pf85g4w1D+SSAgR+q46nJZ8M4A= -golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo= -golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs= +golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1121,8 +1123,8 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= -golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.23.0 h1:YfKFowiIMvtgl1UERQoTPPToxltDeZfbj4H7dVUCwmM= +golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -1130,8 +1132,8 @@ golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= -golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= -golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= +golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU= +golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1149,8 +1151,8 @@ golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= -golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U= +golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= @@ -1380,10 +1382,10 @@ google.golang.org/genproto v0.0.0-20221014213838-99cd37c6964a/go.mod h1:1vXfmgAz google.golang.org/genproto v0.0.0-20221025140454-527a21cfbd71/go.mod h1:9qHF0xnpdSfF6knlcsnpzUu5y+rpwgbvsyGAZPBMg4s= google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 h1:9+tzLLstTlPTRyJTh+ah5wIMsBW5c4tQwGTN3thOW9Y= google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9/go.mod h1:mqHbVIp48Muh7Ywss/AD6I5kNVKZMmAa/QEW58Gxp2s= -google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117 h1:+rdxYoE3E5htTEWIe15GlN6IfvbURM//Jt0mmkmm6ZU= -google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117/go.mod h1:OimBR/bc1wPO9iV4NC2bpyjy3VnAwZh5EBPQdtaE5oo= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117 h1:1GBuWVLM/KMVUv1t1En5Gs+gFZCNd360GGb4sSxtrhU= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0= +google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094 h1:0+ozOGcrp+Y8Aq8TLNN2Aliibms5LEzsq99ZZmAGYm0= +google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094/go.mod h1:fJ/e3If/Q67Mj99hin0hMhiNyCRmt6BQ2aWIJshUSJw= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 h1:BwIjyKYGsK9dMCBOorzRri8MQwmi7mT9rGHsCEinZkA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1419,8 +1421,8 @@ google.golang.org/grpc v1.48.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACu google.golang.org/grpc v1.49.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= google.golang.org/grpc v1.50.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= -google.golang.org/grpc v1.64.1 h1:LKtvyfbX3UGVPFcGqJ9ItpVWW6oN/2XqTxfAnwRRXiA= -google.golang.org/grpc v1.64.1/go.mod h1:hiQF4LFZelK2WKaP6W0L92zGHtiQdZxk8CrSdvyjeP0= +google.golang.org/grpc v1.66.0 h1:DibZuoBznOxbDQxRINckZcUvnCEvrW9pcWIE2yF9r1c= +google.golang.org/grpc v1.66.0/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=