diff --git a/assets/queries/ansible/gcp/object_versioning_not_enabled/metadata.json b/assets/queries/ansible/gcp/cloud_storage_bucket_versioning_disabled/metadata.json similarity index 87% rename from assets/queries/ansible/gcp/object_versioning_not_enabled/metadata.json rename to assets/queries/ansible/gcp/cloud_storage_bucket_versioning_disabled/metadata.json index 4da8e19f587..54284cabeb3 100644 --- a/assets/queries/ansible/gcp/object_versioning_not_enabled/metadata.json +++ b/assets/queries/ansible/gcp/cloud_storage_bucket_versioning_disabled/metadata.json @@ -1,6 +1,6 @@ { "id": "7814ddda-e758-4a56-8be3-289a81ded929", - "queryName": "Object Versioning Not Enabled", + "queryName": "Cloud Storage Bucket Versioning Disabled", "severity": "HIGH", "category": "Observability", "descriptionText": "Object Versioning not fully enabled on Cloud Storage Bucket", diff --git a/assets/queries/ansible/gcp/object_versioning_not_enabled/query.rego b/assets/queries/ansible/gcp/cloud_storage_bucket_versioning_disabled/query.rego similarity index 100% rename from assets/queries/ansible/gcp/object_versioning_not_enabled/query.rego rename to assets/queries/ansible/gcp/cloud_storage_bucket_versioning_disabled/query.rego diff --git a/assets/queries/ansible/gcp/object_versioning_not_enabled/test/negative.yaml b/assets/queries/ansible/gcp/cloud_storage_bucket_versioning_disabled/test/negative.yaml similarity index 100% rename from assets/queries/ansible/gcp/object_versioning_not_enabled/test/negative.yaml rename to assets/queries/ansible/gcp/cloud_storage_bucket_versioning_disabled/test/negative.yaml diff --git a/assets/queries/ansible/gcp/object_versioning_not_enabled/test/positive.yaml b/assets/queries/ansible/gcp/cloud_storage_bucket_versioning_disabled/test/positive.yaml similarity index 100% rename from assets/queries/ansible/gcp/object_versioning_not_enabled/test/positive.yaml rename to assets/queries/ansible/gcp/cloud_storage_bucket_versioning_disabled/test/positive.yaml diff --git a/assets/queries/ansible/gcp/cloud_storage_bucket_versioning_disabled/test/positive_expected_result.json b/assets/queries/ansible/gcp/cloud_storage_bucket_versioning_disabled/test/positive_expected_result.json new file mode 100644 index 00000000000..faf5f8bb122 --- /dev/null +++ b/assets/queries/ansible/gcp/cloud_storage_bucket_versioning_disabled/test/positive_expected_result.json @@ -0,0 +1,12 @@ +[ + { + "queryName": "Cloud Storage Bucket Versioning Disabled", + "severity": "HIGH", + "line": 3 + }, + { + "queryName": "Cloud Storage Bucket Versioning Disabled", + "severity": "HIGH", + "line": 17 + } +] diff --git a/assets/queries/ansible/gcp/object_versioning_not_enabled/test/positive_expected_result.json b/assets/queries/ansible/gcp/object_versioning_not_enabled/test/positive_expected_result.json deleted file mode 100644 index bae299cc48c..00000000000 --- a/assets/queries/ansible/gcp/object_versioning_not_enabled/test/positive_expected_result.json +++ /dev/null @@ -1,12 +0,0 @@ -[ - { - "queryName": "Object Versioning Not Enabled", - "severity": "HIGH", - "line": 3 - }, - { - "queryName": "Object Versioning Not Enabled", - "severity": "HIGH", - "line": 17 - } -] diff --git a/assets/queries/googleDeploymentManager/cloud_storage_bucket_versioning_disabled/metadata.json b/assets/queries/googleDeploymentManager/cloud_storage_bucket_versioning_disabled/metadata.json new file mode 100644 index 00000000000..3c60a3b4601 --- /dev/null +++ b/assets/queries/googleDeploymentManager/cloud_storage_bucket_versioning_disabled/metadata.json @@ -0,0 +1,11 @@ +{ + "id": "ad0875c1-0b39-4890-9149-173158ba3bba", + "queryName": "Cloud Storage Bucket Versioning Disabled", + "severity": "HIGH", + "category": "Observability", + "descriptionText": "Cloud Storage Bucket should be enabled", + "descriptionUrl": "https://cloud.google.com/storage/docs/json_api/v1/buckets", + "platform": "GoogleDeploymentManager", + "descriptionID": "9b7ba7de", + "cloudProvider": "gcp" +} diff --git a/assets/queries/googleDeploymentManager/cloud_storage_bucket_versioning_disabled/query.rego b/assets/queries/googleDeploymentManager/cloud_storage_bucket_versioning_disabled/query.rego new file mode 100644 index 00000000000..bb90505f1e0 --- /dev/null +++ b/assets/queries/googleDeploymentManager/cloud_storage_bucket_versioning_disabled/query.rego @@ -0,0 +1,36 @@ +package Cx + +import data.generic.common as common_lib + +CxPolicy[result] { + resource := input.document[i].resources[idx] + resource.type == "storage.v1.bucket" + + not common_lib.valid_key(resource.properties, "versioning") + + result := { + "documentId": input.document[i].id, + "searchKey": sprintf("resources.name={{%s}}.properties", [resource.name]), + "issueType": "MissingAttribute", + "keyExpectedValue": "'versioning' is defined and not null", + "keyActualValue": "'versioning' is undefined or null", + "searchLine": common_lib.build_search_line(["resources", idx, "properties"], []), + } +} + +CxPolicy[result] { + resource := input.document[i].resources[idx] + resource.type == "storage.v1.bucket" + + resource.properties.versioning.enabled == false + + result := { + "documentId": input.document[i].id, + "searchKey": sprintf("resources.name={{%s}}.properties.versioning.enabled", [resource.name]), + "issueType": "IncorrectValue", + "keyExpectedValue": "'enabled' is set to true", + "keyActualValue": "'enabled' is set to false", + "searchLine": common_lib.build_search_line(["resources", idx, "properties", "versioning", "enabled"], []), + } +} + diff --git a/assets/queries/googleDeploymentManager/cloud_storage_bucket_versioning_disabled/test/negative1.yaml b/assets/queries/googleDeploymentManager/cloud_storage_bucket_versioning_disabled/test/negative1.yaml new file mode 100644 index 00000000000..a51d71fabbc --- /dev/null +++ b/assets/queries/googleDeploymentManager/cloud_storage_bucket_versioning_disabled/test/negative1.yaml @@ -0,0 +1,8 @@ +resources: +- name: a-new-pubsub-topic3 + type: storage.v1.bucket + properties: + storageClass: STANDARD + location: EUROPE-WEST3 + versioning: + enabled: true diff --git a/assets/queries/googleDeploymentManager/cloud_storage_bucket_versioning_disabled/test/positive1.yaml b/assets/queries/googleDeploymentManager/cloud_storage_bucket_versioning_disabled/test/positive1.yaml new file mode 100644 index 00000000000..f7fa7ac9e30 --- /dev/null +++ b/assets/queries/googleDeploymentManager/cloud_storage_bucket_versioning_disabled/test/positive1.yaml @@ -0,0 +1,6 @@ +resources: +- name: a-new-pubsub-topic + type: storage.v1.bucket + properties: + storageClass: STANDARD + location: EUROPE-WEST3 diff --git a/assets/queries/googleDeploymentManager/cloud_storage_bucket_versioning_disabled/test/positive2.yaml b/assets/queries/googleDeploymentManager/cloud_storage_bucket_versioning_disabled/test/positive2.yaml new file mode 100644 index 00000000000..e4f165f0dd2 --- /dev/null +++ b/assets/queries/googleDeploymentManager/cloud_storage_bucket_versioning_disabled/test/positive2.yaml @@ -0,0 +1,8 @@ +resources: +- name: a-new-pubsub-topic2 + type: storage.v1.bucket + properties: + storageClass: STANDARD + location: EUROPE-WEST3 + versioning: + enabled: false diff --git a/assets/queries/googleDeploymentManager/cloud_storage_bucket_versioning_disabled/test/positive_expected_result.json b/assets/queries/googleDeploymentManager/cloud_storage_bucket_versioning_disabled/test/positive_expected_result.json new file mode 100644 index 00000000000..12d80183b47 --- /dev/null +++ b/assets/queries/googleDeploymentManager/cloud_storage_bucket_versioning_disabled/test/positive_expected_result.json @@ -0,0 +1,14 @@ +[ + { + "queryName": "Cloud Storage Bucket Versioning Disabled", + "severity": "HIGH", + "line": 4, + "filename": "positive1.yaml" + }, + { + "queryName": "Cloud Storage Bucket Versioning Disabled", + "severity": "HIGH", + "line": 8, + "filename": "positive2.yaml" + } +] diff --git a/assets/queries/terraform/gcp/object_versioning_not_enabled/metadata.json b/assets/queries/terraform/gcp/cloud_storage_bucket_versioning_disabled/metadata.json similarity index 86% rename from assets/queries/terraform/gcp/object_versioning_not_enabled/metadata.json rename to assets/queries/terraform/gcp/cloud_storage_bucket_versioning_disabled/metadata.json index 0e45e38ef58..eb1068a445a 100644 --- a/assets/queries/terraform/gcp/object_versioning_not_enabled/metadata.json +++ b/assets/queries/terraform/gcp/cloud_storage_bucket_versioning_disabled/metadata.json @@ -1,6 +1,6 @@ { "id": "e7e961ac-d17e-4413-84bc-8a1fbe242944", - "queryName": "Object Versioning Not Enabled", + "queryName": "Cloud Storage Bucket Versioning Disabled", "severity": "HIGH", "category": "Observability", "descriptionText": "Object Versioning Not Enabled on Cloud Storage Bucket", diff --git a/assets/queries/terraform/gcp/object_versioning_not_enabled/query.rego b/assets/queries/terraform/gcp/cloud_storage_bucket_versioning_disabled/query.rego similarity index 100% rename from assets/queries/terraform/gcp/object_versioning_not_enabled/query.rego rename to assets/queries/terraform/gcp/cloud_storage_bucket_versioning_disabled/query.rego diff --git a/assets/queries/terraform/gcp/object_versioning_not_enabled/test/negative.tf b/assets/queries/terraform/gcp/cloud_storage_bucket_versioning_disabled/test/negative.tf similarity index 100% rename from assets/queries/terraform/gcp/object_versioning_not_enabled/test/negative.tf rename to assets/queries/terraform/gcp/cloud_storage_bucket_versioning_disabled/test/negative.tf diff --git a/assets/queries/terraform/gcp/object_versioning_not_enabled/test/positive.tf b/assets/queries/terraform/gcp/cloud_storage_bucket_versioning_disabled/test/positive.tf similarity index 100% rename from assets/queries/terraform/gcp/object_versioning_not_enabled/test/positive.tf rename to assets/queries/terraform/gcp/cloud_storage_bucket_versioning_disabled/test/positive.tf diff --git a/assets/queries/terraform/gcp/cloud_storage_bucket_versioning_disabled/test/positive_expected_result.json b/assets/queries/terraform/gcp/cloud_storage_bucket_versioning_disabled/test/positive_expected_result.json new file mode 100644 index 00000000000..3f83a9192a9 --- /dev/null +++ b/assets/queries/terraform/gcp/cloud_storage_bucket_versioning_disabled/test/positive_expected_result.json @@ -0,0 +1,12 @@ +[ + { + "queryName": "Cloud Storage Bucket Versioning Disabled", + "severity": "HIGH", + "line": 6 + }, + { + "queryName": "Cloud Storage Bucket Versioning Disabled", + "severity": "HIGH", + "line": 10 + } +] diff --git a/assets/queries/terraform/gcp/object_versioning_not_enabled/test/positive_expected_result.json b/assets/queries/terraform/gcp/object_versioning_not_enabled/test/positive_expected_result.json deleted file mode 100644 index 624ab74c0c6..00000000000 --- a/assets/queries/terraform/gcp/object_versioning_not_enabled/test/positive_expected_result.json +++ /dev/null @@ -1,12 +0,0 @@ -[ - { - "queryName": "Object Versioning Not Enabled", - "severity": "HIGH", - "line": 6 - }, - { - "queryName": "Object Versioning Not Enabled", - "severity": "HIGH", - "line": 10 - } -]