Feat(query): Added Lifecycle_rule Disabled Query for Alicloud Terrafo…

…rm (Checkmarx#4935)

* Added lifecycle_rule disabled query

* Changed query

assets/queries/terraform/alicloud/oss_bucket_lifecycle_disabled/metadata.json

@@ -0,0 +1,11 @@
+{
+    "id": "7db8bd7e-9772-478c-9ec5-4bc202c5686f",
+    "queryName": "OSS Bucket Lifecycle Rule Disabled",
+    "severity": "LOW",
+    "category": "Backup",
+    "descriptionText": "OSS Bucket should have lifecycle rule enabled and set to true",
+    "descriptionUrl": "https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/oss_bucket#lifecycle_rule",
+    "platform": "Terraform",
+    "descriptionID": "66609561",
+    "cloudProvider": "alicloud"
+  }

assets/queries/terraform/alicloud/oss_bucket_lifecycle_disabled/query.rego

@@ -0,0 +1,35 @@
+package Cx
+
+import data.generic.common as common_lib
+
+CxPolicy[result] {
+	some i
+	resource := input.document[i].resource.alicloud_oss_bucket[name].lifecycle_rule[_]
+
+    resource["enabled"] == false 
+
+	result := {
+		"documentId": input.document[i].id,
+		"searchKey": sprintf("alicloud_oss_bucket[%s].lifecycle_rule.enabled", [name]),
+		"issueType": "IncorrectValue",
+		"keyExpectedValue": "'lifecycle_rule' is set and enabled",
+		"keyActualValue": "'lifecycle_rule' is set but disabled",
+        "searchline":common_lib.build_search_line(["resource", "alicloud_oss_bucket", name, "lifecycle_rule", "enabled"], []),
+	}
+}
+
+CxPolicy[result] {
+	some i
+	resource := input.document[i].resource.alicloud_oss_bucket[name]
+
+    not common_lib.valid_key(resource, "lifecycle_rule")
+
+	result := {
+		"documentId": input.document[i].id,
+		"searchKey": sprintf("alicloud_oss_bucket[%s]", [name]),
+		"issueType": "MissingAttribute",
+		"keyExpectedValue": "'lifecycle_rule' is set and enabled",
+		"keyActualValue": "'lifecycle_rule' is not set",
+        "searchline":common_lib.build_search_line(["resource", "alicloud_oss_bucket", name], []),
+	}
+}

assets/queries/terraform/alicloud/oss_bucket_lifecycle_disabled/test/negative1.tf

@@ -0,0 +1,23 @@
+resource "alicloud_oss_bucket" "oss_bucket_lifecycle_enabled1" {
+  bucket = "bucket-170309-lifecycle"
+  acl    = "public-read"
+
+  lifecycle_rule {
+    id      = "rule-days"
+    prefix  = "path1/"
+    enabled = true
+
+    expiration {
+      days = 365
+    }
+  }
+  lifecycle_rule {
+    id      = "rule-date"
+    prefix  = "path2/"
+    enabled = true
+
+    expiration {
+      date = "2018-01-12"
+    }
+  }
+}

assets/queries/terraform/alicloud/oss_bucket_lifecycle_disabled/test/positive1.tf

@@ -0,0 +1,23 @@
+resource "alicloud_oss_bucket" "oss_bucket_lifecycle_enabled2" {
+  bucket = "bucket-170309-lifecycle"
+  acl    = "public-read"
+
+  lifecycle_rule {
+    id      = "rule-days"
+    prefix  = "path1/"
+    enabled = false
+
+    expiration {
+      days = 365
+    }
+  }
+  lifecycle_rule {
+    id      = "rule-date"
+    prefix  = "path2/"
+    enabled = true
+
+    expiration {
+      date = "2018-01-12"
+    }
+  }
+}

assets/queries/terraform/alicloud/oss_bucket_lifecycle_disabled/test/positive2.tf

@@ -0,0 +1,8 @@
+resource "alicloud_oss_bucket" "oss_bucket_lifecycle_enabled3" {
+  bucket = "bucket-170309-versioning"
+  acl    = "private"
+
+  versioning {
+    status = "Enabled"
+  }
+}

assets/queries/terraform/alicloud/oss_bucket_lifecycle_disabled/test/positive_expected_result.json

@@ -0,0 +1,15 @@
+[
+    {
+      "queryName": "OSS Bucket Lifecycle Rule Disabled",
+      "severity": "LOW",
+      "line": 8,
+      "fileName": "positive1.tf"
+    },
+    {
+      "queryName": "OSS Bucket Lifecycle Rule Disabled",
+      "severity": "LOW",
+      "line": 1,
+      "fileName": "positive2.tf"
+    }
+  ]
+