Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor(query): policies for CloudFormation #4540

Merged
merged 2 commits into from
Dec 15, 2021
Merged

refactor(query): policies for CloudFormation #4540

merged 2 commits into from
Dec 15, 2021

Conversation

rafaela-soares
Copy link
Contributor

Proposed Changes

  • Refactored queries that do not consider correctly Statement as an array of objects or object or Effect set to allow

I submit this contribution under the Apache-2.0 license.

@rafaela-soares rafaela-soares added query New query feature cloudformation CloudFormation query labels Nov 19, 2021
@rafaela-soares rafaela-soares self-assigned this Nov 19, 2021
@kicsbot
Copy link
Contributor

kicsbot commented Nov 19, 2021

Scan submitted to Checkmarx

@kicsbot
Copy link
Contributor

kicsbot commented Nov 19, 2021

Logo
Checkmarx SAST - Scan Summary & Details

Cx-SAST Summary

Total of 4 vulnerabilities
High 0 High
Medium 0 Medium
Low 4 Low
Info 0 Info

Violation Summary

No policy violation found

@rafaela-soares rafaela-soares added the aws PR related with AWS Cloud label Nov 19, 2021
felipe-avelar
felipe-avelar suggested changes Nov 22, 2021
View reviewed changes
Copy link
Contributor

@felipe-avelar felipe-avelar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please, check comments

assets/queries/cloudFormation/iam_policies_with_full_privileges/query.rego Outdated

result := {
"documentId": input.document[i].id,
"searchKey": sprintf("Resources.%s.Properties.PolicyDocument.Statement", [name]),
"searchKey": sprintf("Resources.%s.Properties.PolicyDocumentt", [name]),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"searchKey": sprintf("Resources.%s.Properties.PolicyDocumentt", [name]),
"searchKey": sprintf("Resources.%s.Properties.PolicyDocument", [name]),

felipe-avelar
felipe-avelar approved these changes Dec 3, 2021
View reviewed changes
Copy link
Contributor

@felipe-avelar felipe-avelar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@cx-joao-reigota cx-joao-reigota merged commit 1d0a5d1 into master Dec 15, 2021
@cx-joao-reigota cx-joao-reigota deleted the refactor/policies_cf branch December 15, 2021 14:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@felipe-avelar felipe-avelar felipe-avelar approved these changes

@cx-joao-reigota cx-joao-reigota Awaiting requested review from cx-joao-reigota

Assignees

@rafaela-soares rafaela-soares

Labels
aws PR related with AWS Cloud cloudformation CloudFormation query query New query feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@rafaela-soares @kicsbot @felipe-avelar @cx-joao-reigota