From 49e4dc4ff5377bd5509ac01a3fbf8b24362b04b1 Mon Sep 17 00:00:00 2001
From: Roi Lubetkin <roi@orca.security>
Date: Thu, 10 Nov 2022 17:27:31 +0200
Subject: [PATCH] fix(query): align queries

---
 .../ansible/gcp/cos_node_image_not_used/metadata.json     | 2 +-
 .../metadata.json                                         | 2 +-
 .../rds_db_instance_with_iam_auth_disabled/metadata.json  | 4 ++--
 .../test/positive_expected_result.json                    | 8 ++++----
 .../aws/cloudfront_logging_disabled/metadata.json         | 2 +-
 .../crossplane/aws/sqs_with_sse_disabled/metadata.json    | 2 +-
 .../test/positive_expected_result.json                    | 4 ++--
 .../metadata.json                                         | 2 +-
 .../metadata.json                                         | 4 ++--
 .../metadata.json                                         | 2 +-
 .../metadata.json                                         | 2 +-
 11 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/assets/queries/ansible/gcp/cos_node_image_not_used/metadata.json b/assets/queries/ansible/gcp/cos_node_image_not_used/metadata.json
index a68b17e45a3..ec15a5dcbd5 100644
--- a/assets/queries/ansible/gcp/cos_node_image_not_used/metadata.json
+++ b/assets/queries/ansible/gcp/cos_node_image_not_used/metadata.json
@@ -2,7 +2,7 @@
   "id": "be41f891-96b1-4b9d-b74f-b922a918c778",
   "queryName": "COS Node Image Not Used",
   "severity": "MEDIUM",
-  "category": "Resource Management",
+  "category": "Insecure Configurations",
   "descriptionText": "The node image should be Container-Optimized OS(COS)",
   "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/google/cloud/gcp_container_node_pool_module.html#parameter-config/image_type",
   "platform": "Ansible",
diff --git a/assets/queries/cloudFormation/aws/elasticache_nodes_not_created_across_multi_az/metadata.json b/assets/queries/cloudFormation/aws/elasticache_nodes_not_created_across_multi_az/metadata.json
index 71f546003b3..f1d15d6a5df 100644
--- a/assets/queries/cloudFormation/aws/elasticache_nodes_not_created_across_multi_az/metadata.json
+++ b/assets/queries/cloudFormation/aws/elasticache_nodes_not_created_across_multi_az/metadata.json
@@ -3,7 +3,7 @@
   "queryName": "ElastiCache Nodes Not Created Across Multi AZ",
   "severity": "MEDIUM",
   "category": "Availability",
-  "descriptionText": "ElastiCache Nodes should have 'AZMode' set to 'cross-az' in in multi nodes cluster",
+  "descriptionText": "ElastiCache Nodes should be created across multi az, which means 'AZMode' should be set to 'cross-az' in in multi nodes cluster",
   "descriptionUrl": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticache-cache-cluster.html",
   "platform": "CloudFormation",
   "descriptionID": "35f94973",
diff --git a/assets/queries/cloudFormation/aws/rds_db_instance_with_iam_auth_disabled/metadata.json b/assets/queries/cloudFormation/aws/rds_db_instance_with_iam_auth_disabled/metadata.json
index f2ff4f62b33..03b6e5bc175 100644
--- a/assets/queries/cloudFormation/aws/rds_db_instance_with_iam_auth_disabled/metadata.json
+++ b/assets/queries/cloudFormation/aws/rds_db_instance_with_iam_auth_disabled/metadata.json
@@ -1,9 +1,9 @@
 {
   "id": "9fcd0a0a-9b6f-4670-a215-d94e6bf3f184",
-  "queryName": "RDS DB Instance With IAM Auth Disabled",
+  "queryName": "IAM Database Auth Not Enabled",
   "severity": "HIGH",
   "category": "Encryption",
-  "descriptionText": "IAM Database Auth Enabled should be configured to true when compatible with engine and version",
+  "descriptionText": "IAM Database Auth Enabled should be configured to true when using compatible engine and version",
   "descriptionUrl": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-enableiamdatabaseauthentication",
   "platform": "CloudFormation",
   "descriptionID": "e4c2c085",
diff --git a/assets/queries/cloudFormation/aws/rds_db_instance_with_iam_auth_disabled/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/rds_db_instance_with_iam_auth_disabled/test/positive_expected_result.json
index e3f35aaea01..a699b0fd955 100644
--- a/assets/queries/cloudFormation/aws/rds_db_instance_with_iam_auth_disabled/test/positive_expected_result.json
+++ b/assets/queries/cloudFormation/aws/rds_db_instance_with_iam_auth_disabled/test/positive_expected_result.json
@@ -1,25 +1,25 @@
 [
   {
-    "queryName": "RDS DB Instance With IAM Auth Disabled",
+    "queryName": "IAM Database Auth Not Enabled",
     "severity": "HIGH",
     "line": 19,
     "fileName": "positive1.yaml"
   },
   {
-    "queryName": "RDS DB Instance With IAM Auth Disabled",
+    "queryName": "IAM Database Auth Not Enabled",
     "severity": "HIGH",
     "line": 31,
     "fileName": "positive2.json"
   },
   {
-    "queryName": "RDS DB Instance With IAM Auth Disabled",
+    "queryName": "IAM Database Auth Not Enabled",
     "severity": "HIGH",
     "line": 13,
     "fileName": "positive3.yaml"
   },
   {
     "fileName": "positive4.json",
-    "queryName": "RDS DB Instance With IAM Auth Disabled",
+    "queryName": "IAM Database Auth Not Enabled",
     "severity": "HIGH",
     "line": 18
   }
diff --git a/assets/queries/crossplane/aws/cloudfront_logging_disabled/metadata.json b/assets/queries/crossplane/aws/cloudfront_logging_disabled/metadata.json
index 95c6594bc50..ec896563442 100644
--- a/assets/queries/crossplane/aws/cloudfront_logging_disabled/metadata.json
+++ b/assets/queries/crossplane/aws/cloudfront_logging_disabled/metadata.json
@@ -3,7 +3,7 @@
   "queryName": "CloudFront Logging Disabled",
   "severity": "MEDIUM",
   "category": "Observability",
-  "descriptionText": "AWS CloudFront distributions must have logging enabled, which means the attribute 'logging' must be defined with 'enabled' set to true",
+  "descriptionText": "AWS CloudFront distributions should have logging enabled to collect all viewer requests, which means the attribute 'logging' must be defined with 'enabled' set to true",
   "descriptionUrl": "https://doc.crds.dev/github.com/crossplane/provider-aws/cloudfront.aws.crossplane.io/Distribution/v1alpha1@v0.29.0#spec-forProvider-distributionConfig-logging",
   "platform": "Crossplane",
   "descriptionID": "48cd0b5a",
diff --git a/assets/queries/crossplane/aws/sqs_with_sse_disabled/metadata.json b/assets/queries/crossplane/aws/sqs_with_sse_disabled/metadata.json
index d43cc1dc3cc..31a6d51b2e6 100644
--- a/assets/queries/crossplane/aws/sqs_with_sse_disabled/metadata.json
+++ b/assets/queries/crossplane/aws/sqs_with_sse_disabled/metadata.json
@@ -1,6 +1,6 @@
 {
   "id": "9296f1cc-7a40-45de-bd41-f31745488a0e",
-  "queryName": "SQS with SSE disabled",
+  "queryName": "SQS With SSE Disabled",
   "severity": "MEDIUM",
   "category": "Encryption",
   "descriptionText": "Amazon Simple Queue Service (SQS) queue should protect the contents of their messages using Server-Side Encryption (SSE)",
diff --git a/assets/queries/crossplane/aws/sqs_with_sse_disabled/test/positive_expected_result.json b/assets/queries/crossplane/aws/sqs_with_sse_disabled/test/positive_expected_result.json
index 7608ce4f674..3cfc042ed8d 100644
--- a/assets/queries/crossplane/aws/sqs_with_sse_disabled/test/positive_expected_result.json
+++ b/assets/queries/crossplane/aws/sqs_with_sse_disabled/test/positive_expected_result.json
@@ -1,12 +1,12 @@
 [
   {
-    "queryName": "SQS with SSE disabled",
+    "queryName": "SQS With SSE Disabled",
     "severity": "MEDIUM",
     "line": 6,
     "fileName": "positive.yaml"
   },
   {
-    "queryName": "SQS with SSE disabled",
+    "queryName": "SQS With SSE Disabled",
     "severity": "MEDIUM",
     "line": 40,
     "fileName": "positive.yaml"
diff --git a/assets/queries/pulumi/aws/elasticache_nodes_not_created_across_multi_az/metadata.json b/assets/queries/pulumi/aws/elasticache_nodes_not_created_across_multi_az/metadata.json
index 2ccbcf45943..7037c5c87e2 100644
--- a/assets/queries/pulumi/aws/elasticache_nodes_not_created_across_multi_az/metadata.json
+++ b/assets/queries/pulumi/aws/elasticache_nodes_not_created_across_multi_az/metadata.json
@@ -3,7 +3,7 @@
   "queryName": "ElastiCache Nodes Not Created Across Multi AZ",
   "severity": "MEDIUM",
   "category": "Availability",
-  "descriptionText": "ElastiCache Nodes should have 'AZMode' set to 'cross-az' in in multi nodes cluster",
+  "descriptionText": "ElastiCache Nodes should be created across multi az, which means 'AZMode' should be set to 'cross-az' in in multi nodes cluster",
   "descriptionUrl": "https://www.pulumi.com/registry/packages/aws/api-docs/elasticache/cluster/#azmode_yaml",
   "platform": "Pulumi",
   "descriptionID": "149de780",
diff --git a/assets/queries/terraform/aws/cloudtrail_log_files_not_encrypted_with_kms/metadata.json b/assets/queries/terraform/aws/cloudtrail_log_files_not_encrypted_with_kms/metadata.json
index 316dccfb8b4..c5d98161478 100644
--- a/assets/queries/terraform/aws/cloudtrail_log_files_not_encrypted_with_kms/metadata.json
+++ b/assets/queries/terraform/aws/cloudtrail_log_files_not_encrypted_with_kms/metadata.json
@@ -2,8 +2,8 @@
   "id": "5d9e3164-9265-470c-9a10-57ae454ac0c7",
   "queryName": "CloudTrail Log Files Not Encrypted With KMS",
   "severity": "LOW",
-  "category": "Observability",
-  "descriptionText": "Logs delivered by CloudTrail should be encrypted using KMS",
+  "category": "Encryption",
+  "descriptionText": "Logs delivered by CloudTrail should be encrypted using KMS to increase security of your CloudTrail",
   "descriptionUrl": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudtrail#kms_key_id",
   "platform": "Terraform",
   "descriptionID": "ee8a4d47",
diff --git a/assets/queries/terraform/aws/elasticache_nodes_not_created_across_multi_az/metadata.json b/assets/queries/terraform/aws/elasticache_nodes_not_created_across_multi_az/metadata.json
index e257772b1d4..ed15dcf6a52 100644
--- a/assets/queries/terraform/aws/elasticache_nodes_not_created_across_multi_az/metadata.json
+++ b/assets/queries/terraform/aws/elasticache_nodes_not_created_across_multi_az/metadata.json
@@ -3,7 +3,7 @@
   "queryName": "ElastiCache Nodes Not Created Across Multi AZ",
   "severity": "MEDIUM",
   "category": "Availability",
-  "descriptionText": "ElastiCache Nodes should have 'az_mode' set to 'cross-az' in in multi nodes cluster",
+  "descriptionText": "ElastiCache Nodes should be created across multi az, which means 'az_mode' should be set to 'cross-az' in in multi nodes cluster",
   "descriptionUrl": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_cluster",
   "platform": "Terraform",
   "descriptionID": "1bbfe45b",
diff --git a/assets/queries/terraform/gcp/vm_serial_ports_are_enabled_for_vm_instances/metadata.json b/assets/queries/terraform/gcp/vm_serial_ports_are_enabled_for_vm_instances/metadata.json
index 5491bd6106e..5176c6da976 100644
--- a/assets/queries/terraform/gcp/vm_serial_ports_are_enabled_for_vm_instances/metadata.json
+++ b/assets/queries/terraform/gcp/vm_serial_ports_are_enabled_for_vm_instances/metadata.json
@@ -2,7 +2,7 @@
   "id": "97fa667a-d05b-4f16-9071-58b939f34751",
   "queryName": "Serial Ports Are Enabled For VM Instances",
   "severity": "MEDIUM",
-  "category": "Insecure Configurations",
+  "category": "Networking and Firewall",
   "descriptionText": "Google Compute Engine VM instances should not enable serial ports. When enabled, anyone can access your VM, if they know the username, project ID, SSH key, instance name and zone",
   "descriptionUrl": "https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_instance",
   "platform": "Terraform",