fix(query): align queries

Checkmarx · Nov 13, 2022 · 49e4dc4 · 49e4dc4
1 parent fd2a6ac
commit 49e4dc4
Show file tree

Hide file tree

Showing 11 changed files with 17 additions and 17 deletions.
diff --git a/assets/queries/ansible/gcp/cos_node_image_not_used/metadata.json b/assets/queries/ansible/gcp/cos_node_image_not_used/metadata.json
@@ -2,7 +2,7 @@
   "id": "be41f891-96b1-4b9d-b74f-b922a918c778",
   "queryName": "COS Node Image Not Used",
   "severity": "MEDIUM",
-  "category": "Resource Management",
+  "category": "Insecure Configurations",
   "descriptionText": "The node image should be Container-Optimized OS(COS)",
   "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/google/cloud/gcp_container_node_pool_module.html#parameter-config/image_type",
   "platform": "Ansible",

diff --git a/...ts/queries/cloudFormation/aws/elasticache_nodes_not_created_across_multi_az/metadata.json b/...ts/queries/cloudFormation/aws/elasticache_nodes_not_created_across_multi_az/metadata.json
@@ -3,7 +3,7 @@
   "queryName": "ElastiCache Nodes Not Created Across Multi AZ",
   "severity": "MEDIUM",
   "category": "Availability",
-  "descriptionText": "ElastiCache Nodes should have 'AZMode' set to 'cross-az' in in multi nodes cluster",
+  "descriptionText": "ElastiCache Nodes should be created across multi az, which means 'AZMode' should be set to 'cross-az' in in multi nodes cluster",
   "descriptionUrl": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticache-cache-cluster.html",
   "platform": "CloudFormation",
   "descriptionID": "35f94973",

diff --git a/assets/queries/cloudFormation/aws/rds_db_instance_with_iam_auth_disabled/metadata.json b/assets/queries/cloudFormation/aws/rds_db_instance_with_iam_auth_disabled/metadata.json
@@ -1,9 +1,9 @@
 {
   "id": "9fcd0a0a-9b6f-4670-a215-d94e6bf3f184",
-  "queryName": "RDS DB Instance With IAM Auth Disabled",
+  "queryName": "IAM Database Auth Not Enabled",
   "severity": "HIGH",
   "category": "Encryption",
-  "descriptionText": "IAM Database Auth Enabled should be configured to true when compatible with engine and version",
+  "descriptionText": "IAM Database Auth Enabled should be configured to true when using compatible engine and version",
   "descriptionUrl": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-enableiamdatabaseauthentication",
   "platform": "CloudFormation",
   "descriptionID": "e4c2c085",

diff --git a/...udFormation/aws/rds_db_instance_with_iam_auth_disabled/test/positive_expected_result.json b/...udFormation/aws/rds_db_instance_with_iam_auth_disabled/test/positive_expected_result.json
@@ -1,25 +1,25 @@
 [
   {
-    "queryName": "RDS DB Instance With IAM Auth Disabled",
+    "queryName": "IAM Database Auth Not Enabled",
     "severity": "HIGH",
     "line": 19,
     "fileName": "positive1.yaml"
   },
   {
-    "queryName": "RDS DB Instance With IAM Auth Disabled",
+    "queryName": "IAM Database Auth Not Enabled",
     "severity": "HIGH",
     "line": 31,
     "fileName": "positive2.json"
   },
   {
-    "queryName": "RDS DB Instance With IAM Auth Disabled",
+    "queryName": "IAM Database Auth Not Enabled",
     "severity": "HIGH",
     "line": 13,
     "fileName": "positive3.yaml"
   },
   {
     "fileName": "positive4.json",
-    "queryName": "RDS DB Instance With IAM Auth Disabled",
+    "queryName": "IAM Database Auth Not Enabled",
     "severity": "HIGH",
     "line": 18
   }

diff --git a/assets/queries/crossplane/aws/cloudfront_logging_disabled/metadata.json b/assets/queries/crossplane/aws/cloudfront_logging_disabled/metadata.json
@@ -3,7 +3,7 @@
   "queryName": "CloudFront Logging Disabled",
   "severity": "MEDIUM",
   "category": "Observability",
-  "descriptionText": "AWS CloudFront distributions must have logging enabled, which means the attribute 'logging' must be defined with 'enabled' set to true",
+  "descriptionText": "AWS CloudFront distributions should have logging enabled to collect all viewer requests, which means the attribute 'logging' must be defined with 'enabled' set to true",
   "descriptionUrl": "https://doc.crds.dev/github.com/crossplane/provider-aws/cloudfront.aws.crossplane.io/Distribution/[email protected]#spec-forProvider-distributionConfig-logging",
   "platform": "Crossplane",
   "descriptionID": "48cd0b5a",

diff --git a/assets/queries/crossplane/aws/sqs_with_sse_disabled/metadata.json b/assets/queries/crossplane/aws/sqs_with_sse_disabled/metadata.json
@@ -1,6 +1,6 @@
 {
   "id": "9296f1cc-7a40-45de-bd41-f31745488a0e",
-  "queryName": "SQS with SSE disabled",
+  "queryName": "SQS With SSE Disabled",
   "severity": "MEDIUM",
   "category": "Encryption",
   "descriptionText": "Amazon Simple Queue Service (SQS) queue should protect the contents of their messages using Server-Side Encryption (SSE)",

diff --git a/assets/queries/crossplane/aws/sqs_with_sse_disabled/test/positive_expected_result.json b/assets/queries/crossplane/aws/sqs_with_sse_disabled/test/positive_expected_result.json
@@ -1,12 +1,12 @@
 [
   {
-    "queryName": "SQS with SSE disabled",
+    "queryName": "SQS With SSE Disabled",
     "severity": "MEDIUM",
     "line": 6,
     "fileName": "positive.yaml"
   },
   {
-    "queryName": "SQS with SSE disabled",
+    "queryName": "SQS With SSE Disabled",
     "severity": "MEDIUM",
     "line": 40,
     "fileName": "positive.yaml"

diff --git a/assets/queries/pulumi/aws/elasticache_nodes_not_created_across_multi_az/metadata.json b/assets/queries/pulumi/aws/elasticache_nodes_not_created_across_multi_az/metadata.json
@@ -3,7 +3,7 @@
   "queryName": "ElastiCache Nodes Not Created Across Multi AZ",
   "severity": "MEDIUM",
   "category": "Availability",
-  "descriptionText": "ElastiCache Nodes should have 'AZMode' set to 'cross-az' in in multi nodes cluster",
+  "descriptionText": "ElastiCache Nodes should be created across multi az, which means 'AZMode' should be set to 'cross-az' in in multi nodes cluster",
   "descriptionUrl": "https://www.pulumi.com/registry/packages/aws/api-docs/elasticache/cluster/#azmode_yaml",
   "platform": "Pulumi",
   "descriptionID": "149de780",

diff --git a/assets/queries/terraform/aws/cloudtrail_log_files_not_encrypted_with_kms/metadata.json b/assets/queries/terraform/aws/cloudtrail_log_files_not_encrypted_with_kms/metadata.json
@@ -2,8 +2,8 @@
   "id": "5d9e3164-9265-470c-9a10-57ae454ac0c7",
   "queryName": "CloudTrail Log Files Not Encrypted With KMS",
   "severity": "LOW",
-  "category": "Observability",
-  "descriptionText": "Logs delivered by CloudTrail should be encrypted using KMS",
+  "category": "Encryption",
+  "descriptionText": "Logs delivered by CloudTrail should be encrypted using KMS to increase security of your CloudTrail",
   "descriptionUrl": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudtrail#kms_key_id",
   "platform": "Terraform",
   "descriptionID": "ee8a4d47",

diff --git a/assets/queries/terraform/aws/elasticache_nodes_not_created_across_multi_az/metadata.json b/assets/queries/terraform/aws/elasticache_nodes_not_created_across_multi_az/metadata.json
@@ -3,7 +3,7 @@
   "queryName": "ElastiCache Nodes Not Created Across Multi AZ",
   "severity": "MEDIUM",
   "category": "Availability",
-  "descriptionText": "ElastiCache Nodes should have 'az_mode' set to 'cross-az' in in multi nodes cluster",
+  "descriptionText": "ElastiCache Nodes should be created across multi az, which means 'az_mode' should be set to 'cross-az' in in multi nodes cluster",
   "descriptionUrl": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_cluster",
   "platform": "Terraform",
   "descriptionID": "1bbfe45b",

diff --git a/assets/queries/terraform/gcp/vm_serial_ports_are_enabled_for_vm_instances/metadata.json b/assets/queries/terraform/gcp/vm_serial_ports_are_enabled_for_vm_instances/metadata.json
@@ -2,7 +2,7 @@
   "id": "97fa667a-d05b-4f16-9071-58b939f34751",
   "queryName": "Serial Ports Are Enabled For VM Instances",
   "severity": "MEDIUM",
-  "category": "Insecure Configurations",
+  "category": "Networking and Firewall",
   "descriptionText": "Google Compute Engine VM instances should not enable serial ports. When enabled, anyone can access your VM, if they know the username, project ID, SSH key, instance name and zone",
   "descriptionUrl": "https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_instance",
   "platform": "Terraform",