forked from Checkmarx/kics
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
added "Cloud Storage Bucket Versioning Disabled" (Checkmarx#4593)
- Loading branch information
1 parent
867e231
commit d5ae6a7
Showing
18 changed files
with
109 additions
and
26 deletions.
There are no files selected for viewing
2 changes: 1 addition & 1 deletion
2
...ject_versioning_not_enabled/metadata.json → ..._bucket_versioning_disabled/metadata.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
File renamed without changes.
File renamed without changes.
12 changes: 12 additions & 0 deletions
12
...s/ansible/gcp/cloud_storage_bucket_versioning_disabled/test/positive_expected_result.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| [ | ||
| { | ||
| "queryName": "Cloud Storage Bucket Versioning Disabled", | ||
| "severity": "HIGH", | ||
| "line": 3 | ||
| }, | ||
| { | ||
| "queryName": "Cloud Storage Bucket Versioning Disabled", | ||
| "severity": "HIGH", | ||
| "line": 17 | ||
| } | ||
| ] |
12 changes: 0 additions & 12 deletions
12
assets/queries/ansible/gcp/object_versioning_not_enabled/test/positive_expected_result.json
This file was deleted.
Oops, something went wrong.
11 changes: 11 additions & 0 deletions
11
...ts/queries/googleDeploymentManager/cloud_storage_bucket_versioning_disabled/metadata.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| { | ||
| "id": "ad0875c1-0b39-4890-9149-173158ba3bba", | ||
| "queryName": "Cloud Storage Bucket Versioning Disabled", | ||
| "severity": "HIGH", | ||
| "category": "Observability", | ||
| "descriptionText": "Cloud Storage Bucket should be enabled", | ||
| "descriptionUrl": "https://cloud.google.com/storage/docs/json_api/v1/buckets", | ||
| "platform": "GoogleDeploymentManager", | ||
| "descriptionID": "9b7ba7de", | ||
| "cloudProvider": "gcp" | ||
| } |
36 changes: 36 additions & 0 deletions
36
assets/queries/googleDeploymentManager/cloud_storage_bucket_versioning_disabled/query.rego
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| package Cx | ||
|
|
||
| import data.generic.common as common_lib | ||
|
|
||
| CxPolicy[result] { | ||
| resource := input.document[i].resources[idx] | ||
| resource.type == "storage.v1.bucket" | ||
|
|
||
| not common_lib.valid_key(resource.properties, "versioning") | ||
|
|
||
| result := { | ||
| "documentId": input.document[i].id, | ||
| "searchKey": sprintf("resources.name={{%s}}.properties", [resource.name]), | ||
| "issueType": "MissingAttribute", | ||
| "keyExpectedValue": "'versioning' is defined and not null", | ||
| "keyActualValue": "'versioning' is undefined or null", | ||
| "searchLine": common_lib.build_search_line(["resources", idx, "properties"], []), | ||
| } | ||
| } | ||
|
|
||
| CxPolicy[result] { | ||
| resource := input.document[i].resources[idx] | ||
| resource.type == "storage.v1.bucket" | ||
|
|
||
| resource.properties.versioning.enabled == false | ||
|
|
||
| result := { | ||
| "documentId": input.document[i].id, | ||
| "searchKey": sprintf("resources.name={{%s}}.properties.versioning.enabled", [resource.name]), | ||
| "issueType": "IncorrectValue", | ||
| "keyExpectedValue": "'enabled' is set to true", | ||
| "keyActualValue": "'enabled' is set to false", | ||
| "searchLine": common_lib.build_search_line(["resources", idx, "properties", "versioning", "enabled"], []), | ||
| } | ||
| } | ||
|
|
8 changes: 8 additions & 0 deletions
8
...ries/googleDeploymentManager/cloud_storage_bucket_versioning_disabled/test/negative1.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| resources: | ||
| - name: a-new-pubsub-topic3 | ||
| type: storage.v1.bucket | ||
| properties: | ||
| storageClass: STANDARD | ||
| location: EUROPE-WEST3 | ||
| versioning: | ||
| enabled: true |
6 changes: 6 additions & 0 deletions
6
...ries/googleDeploymentManager/cloud_storage_bucket_versioning_disabled/test/positive1.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| resources: | ||
| - name: a-new-pubsub-topic | ||
| type: storage.v1.bucket | ||
| properties: | ||
| storageClass: STANDARD | ||
| location: EUROPE-WEST3 |
8 changes: 8 additions & 0 deletions
8
...ries/googleDeploymentManager/cloud_storage_bucket_versioning_disabled/test/positive2.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| resources: | ||
| - name: a-new-pubsub-topic2 | ||
| type: storage.v1.bucket | ||
| properties: | ||
| storageClass: STANDARD | ||
| location: EUROPE-WEST3 | ||
| versioning: | ||
| enabled: false |
14 changes: 14 additions & 0 deletions
14
...oymentManager/cloud_storage_bucket_versioning_disabled/test/positive_expected_result.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| [ | ||
| { | ||
| "queryName": "Cloud Storage Bucket Versioning Disabled", | ||
| "severity": "HIGH", | ||
| "line": 4, | ||
| "filename": "positive1.yaml" | ||
| }, | ||
| { | ||
| "queryName": "Cloud Storage Bucket Versioning Disabled", | ||
| "severity": "HIGH", | ||
| "line": 8, | ||
| "filename": "positive2.yaml" | ||
| } | ||
| ] |
2 changes: 1 addition & 1 deletion
2
...ject_versioning_not_enabled/metadata.json → ..._bucket_versioning_disabled/metadata.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
File renamed without changes.
File renamed without changes.
12 changes: 12 additions & 0 deletions
12
...terraform/gcp/cloud_storage_bucket_versioning_disabled/test/positive_expected_result.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| [ | ||
| { | ||
| "queryName": "Cloud Storage Bucket Versioning Disabled", | ||
| "severity": "HIGH", | ||
| "line": 6 | ||
| }, | ||
| { | ||
| "queryName": "Cloud Storage Bucket Versioning Disabled", | ||
| "severity": "HIGH", | ||
| "line": 10 | ||
| } | ||
| ] |
12 changes: 0 additions & 12 deletions
12
...ts/queries/terraform/gcp/object_versioning_not_enabled/test/positive_expected_result.json
This file was deleted.
Oops, something went wrong.