Fix(query): S3 Bucket Policy Accepts Http Requests (Checkmarx#4949)

* Added Allow true to deny_http_requests function

* i had one job

assets/queries/terraform/aws/s3_bucket_policy_accepts_http_requests/query.rego

@@ -48,11 +48,24 @@ check_action(action) {
 	action[a] == validActions[x]
 }
 
+is_equal(secure, target)
+{
+    secure == target
+}else {
+    secure[_]==target
+}
 deny_http_requests(policyValue) {
-	policy := common_lib.json_unmarshal(policyValue)
-	st := common_lib.get_statement(policy)
-	statement := st[_]
-	check_action(statement.Action)
-	statement.Effect == "Deny"
-	statement.Condition.Bool["aws:SecureTransport"] == "false"
+    policy := common_lib.json_unmarshal(policyValue)
+    st := common_lib.get_statement(policy)
+    statement := st[_]
+    check_action(statement.Action)
+    statement.Effect == "Deny"
+    is_equal(statement.Condition.Bool["aws:SecureTransport"], "false")
+} else {
+    policy := common_lib.json_unmarshal(policyValue)
+    st := common_lib.get_statement(policy)
+    statement := st[_]
+    check_action(statement.Action)
+    statement.Effect == "Allow"
+    is_equal(statement.Condition.Bool["aws:SecureTransport"], "true")
 }

assets/queries/terraform/aws/s3_bucket_policy_accepts_http_requests/test/negative4.tf

@@ -0,0 +1,34 @@
+module "s3_bucket" {
+  source = "terraform-aws-modules/s3-bucket/aws"
+  version = "3.7.0"
+
+  bucket = "my-s3-bucket"
+  acl    = "private"
+
+  versioning = {
+    enabled = true
+  }
+
+  policy = <<EOF
+{
+    "Version": "2012-10-17",
+    "Id": "MYBUCKETPOLICY",
+    "Statement": [
+      {
+        "Sid": "IPAllow",
+        "Effect": "Allow",
+        "Principal": "*",
+        "Action": "s3:*",
+        "Resource": [
+          "aws_s3_bucket.b.arn"
+        ],
+        "Condition": {
+          "Bool": {
+            "aws:SecureTransport": "true"
+          }
+        }
+      }
+    ]
+}
+EOF
+}