Feat(Query): Healthcheck Not Set for docker compose (Checkmarx#5160)

* query Healthcheck Not Set

* build(deps): bump github.com/aws/aws-sdk-go from 1.43.31 to 1.43.32 (Checkmarx#5134)

Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.43.31 to 1.43.32.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md)
- [Commits](aws/aws-sdk-go@v1.43.31...v1.43.32)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* changed query scope and samples

* fixed searchline

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

assets/queries/dockerCompose/healthcheck_not_set/metadata.json

@@ -0,0 +1,10 @@
+{
+    "id": "698ed579-b239-4f8f-a388-baa4bcb13ef8",
+    "queryName": "Healthcheck Not Set",
+    "severity": "MEDIUM",
+    "category": "Availability",
+    "descriptionText": "Check containers periodically to see if they are running properly.",
+    "descriptionUrl": "https://docs.docker.com/compose/compose-file/compose-file-v3/#healthcheck",
+    "platform": "DockerCompose",
+    "descriptionID": "449b7c5c"
+}

assets/queries/dockerCompose/healthcheck_not_set/query.rego

@@ -0,0 +1,49 @@
+package Cx
+
+import data.generic.common as common_lib
+
+CxPolicy[result] {
+	resource := input.document[i]
+	service_parameters := resource.services[name]
+    not common_lib.valid_key(service_parameters, "healthcheck")
+
+	result := {
+		"documentId": sprintf("%s", [resource.id]),
+		"searchKey": sprintf("services.%s",[name]),
+		"issueType": "MissingAttribute",
+		"keyExpectedValue": "Healthcheck to be defined.",
+		"keyActualValue": "Healthcheck is not defined.",
+		"searchLine": common_lib.build_search_line(["services", name], []),
+	}
+}
+
+CxPolicy[result] {
+	resource := input.document[i]
+	service_parameters := resource.services[name]
+    service_parameters.healthcheck.disable == true
+
+	result := {
+		"documentId": sprintf("%s", [resource.id]),
+		"searchKey": sprintf("services.%s.healthcheck.disable",[name]),
+		"issueType": "IncorrectValue",
+		"keyExpectedValue": "Healthcheck to be enabled.",
+		"keyActualValue": "Healthcheck is disabled.",
+		"searchLine": common_lib.build_search_line(["services", name, "healthcheck", "disable"], []),
+	}
+}
+
+CxPolicy[result] {
+	resource := input.document[i]
+	service_parameters := resource.services[name]
+    test := service_parameters.healthcheck.test
+    test == ["NONE"]
+
+	result := {
+		"documentId": sprintf("%s", [resource.id]),
+		"searchKey": sprintf("services.%s.healthcheck.test",[name]),
+		"issueType": "IncorrectValue",
+		"keyExpectedValue": "Healthcheck to be enabled.",
+		"keyActualValue": "Healthcheck is disabled.",
+		"searchLine": common_lib.build_search_line(["services", name, "healthcheck", "test"], []),
+	}
+}

assets/queries/dockerCompose/healthcheck_not_set/test/negative1.yaml

@@ -0,0 +1,18 @@
+version: '3.1'
+
+services:
+ lelele-service:
+    build: ./
+    image: lelele-service
+    restart: always
+    container_name: lelele
+    network_mode: "host"
+    hostname: localhost
+    ports:
+      - 8092:8092
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost"]
+      interval: 1m30s
+      timeout: 10s
+      retries: 3
+      start_period: 40s

assets/queries/dockerCompose/healthcheck_not_set/test/negative2.yaml

@@ -0,0 +1,15 @@
+version: '3.1'
+
+services:
+ lelele-service:
+    build: ./
+    image: lelele-service
+    restart: always
+    container_name: lelele
+    network_mode: "host"
+    hostname: localhost
+    ports:
+      - 8092:8092
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost"]
+

assets/queries/dockerCompose/healthcheck_not_set/test/positive1.yaml

@@ -0,0 +1,12 @@
+version: '2.1'
+
+services:
+ lelele-service:
+    build: ./
+    image: lelele-service
+    restart: always
+    container_name: lelele
+    network_mode: "host"
+    hostname: localhost
+    ports:
+      - 8092:8092

assets/queries/dockerCompose/healthcheck_not_set/test/positive2.yaml

@@ -0,0 +1,14 @@
+version: '2.1'
+
+services:
+ lelele-service:
+    build: ./
+    image: lelele-service
+    restart: always
+    container_name: lelele
+    network_mode: "host"
+    hostname: localhost
+    ports:
+      - 8092:8092
+    healthcheck:
+      disable: true

assets/queries/dockerCompose/healthcheck_not_set/test/positive3.yaml

@@ -0,0 +1,14 @@
+version: '2.1'
+
+services:
+ lelele-service:
+    build: ./
+    image: lelele-service
+    restart: always
+    container_name: lelele
+    network_mode: "host"
+    hostname: localhost
+    ports:
+      - 8092:8092
+    healthcheck:
+      test: ["NONE"]

assets/queries/dockerCompose/healthcheck_not_set/test/positive_expected_result.json

@@ -0,0 +1,20 @@
+[
+    {
+      "queryName": "Healthcheck Not Set",
+      "severity": "MEDIUM",
+      "line": 4,
+      "filename": "positive1.yaml"
+    },
+    {
+      "queryName": "Healthcheck Not Set",
+      "severity": "MEDIUM",
+      "line": 14,
+      "filename": "positive2.yaml"
+    },
+    {
+      "queryName": "Healthcheck Not Set",
+      "severity": "MEDIUM",
+      "line": 14,
+      "filename": "positive3.yaml"
+    }
+]