Checkmarx · rafaela-soares · Jul 13, 2022 · Jul 13, 2022
@@ -16,7 +16,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}", [task.name, modules[m]]),
 		"issueType": "MissingAttribute",
-		"keyExpectedValue": "azure_rm_sqlserver.ad_user is defined",
+		"keyExpectedValue": "azure_rm_sqlserver.ad_user should be defined",
 		"keyActualValue": "azure_rm_sqlserver.ad_user is undefined",
 	}
 }
@@ -18,7 +18,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}", [task.name, modules[m]]),
 		"issueType": "MissingAttribute",
-		"keyExpectedValue": "azure_rm_aks.addon is set",
+		"keyExpectedValue": "azure_rm_aks.addon should be set",
 		"keyActualValue": "azure_rm_aks.addon is undefined",
 	}
 }
@@ -36,7 +36,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}.addon", [task.name, modules[m]]),
 		"issueType": "MissingAttribute",
-		"keyExpectedValue": "azure_rm_aks.addon.monitoring is set",
+		"keyExpectedValue": "azure_rm_aks.addon.monitoring should be set",
 		"keyActualValue": "azure_rm_aks.addon.monitoring is undefined",
 	}
 }
@@ -56,7 +56,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}.addon.monitoring", [task.name, modules[m]]),
 		"issueType": "MissingAttribute",
-		"keyExpectedValue": sprintf("azure_rm_aks.addon.monitoring.%s is set", [attr]),
+		"keyExpectedValue": sprintf("azure_rm_aks.addon.monitoring.%s should be set", [attr]),
 		"keyActualValue": sprintf("azure_rm_aks.addon.monitoring.%s is undefined", [attr]),
 	}
 }
@@ -74,7 +74,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}.addon.monitoring.enabled", [task.name, modules[m]]),
 		"issueType": "IncorrectValue",
-		"keyExpectedValue": "azure_rm_aks.addon.monitoring.enabled is set to 'yes' or 'false'",
+		"keyExpectedValue": "azure_rm_aks.addon.monitoring.enabled should be set to 'yes' or 'false'",
 		"keyActualValue": "azure_rm_aks.addon.monitoring.enabled is not set to 'yes' or 'false'",
 	}
 }
@@ -18,7 +18,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}", [task.name, modules[m]]),
 		"issueType": "MissingAttribute",
-		"keyExpectedValue": "azure_rm_aks.enable_rbac is defined",
+		"keyExpectedValue": "azure_rm_aks.enable_rbac should be defined",
 		"keyActualValue": "azure_rm_aks.enable_rbac is undefined",
 	}
 }
@@ -36,7 +36,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}.enable_rbac", [task.name, modules[m]]),
 		"issueType": "IncorrectValue",
-		"keyExpectedValue": "azure_rm_aks.enable_rbac is set to 'yes' or 'true'",
+		"keyExpectedValue": "azure_rm_aks.enable_rbac should be set to 'yes' or 'true'",
 		"keyActualValue": "azure_rm_aks.enable_rbac is not set to 'yes' or 'true'",
 	}
 }
@@ -17,7 +17,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}", [task.name, modules[m]]),
 		"issueType": "IncorrectValue",
-		"keyExpectedValue": sprintf("'%s' is referenced by an existing lock", [modules[m]]),
+		"keyExpectedValue": sprintf("'%s' should be referenced by an existing lock", [modules[m]]),
 		"keyActualValue": sprintf("'%s' is not referenced by an existing lock", [modules[m]]),
 		"searchLine": common_lib.build_search_line(["playbooks", task, modules[m]], []),
 	}

@@ -16,7 +16,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}", [task.name, modules[m]]),
 		"issueType": "MissingAttribute",
-		"keyExpectedValue": "'azurerm_cosmosdb_account.ip_range_filter' is defined",
+		"keyExpectedValue": "'azurerm_cosmosdb_account.ip_range_filter' should be defined",
 		"keyActualValue": "'azurerm_cosmosdb_account.ip_range_filter' is undefined",
 	}
 }
@@ -17,7 +17,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}.tags", [task.name, modules[m]]),
 		"issueType": "MissingAttribute",
-		"keyExpectedValue": "azure_rm_cosmosdbaccount.tags is defined",
+		"keyExpectedValue": "azure_rm_cosmosdbaccount.tags should be defined",
 		"keyActualValue": "azure_rm_cosmosdbaccount.tags is undefined",
 	}
 }
@@ -18,7 +18,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}.network_acls.default_action", [task.name, modules[m]]),
 		"issueType": "IncorrectValue",
-		"keyExpectedValue": "azure_rm_storageaccount.network_acls.default_action is 'Deny'",
+		"keyExpectedValue": "azure_rm_storageaccount.network_acls.default_action should be set to 'Deny'",
 		"keyActualValue": "azure_rm_storageaccount.network_acls.default_action is 'Allow'",
 	}
 }
@@ -21,7 +21,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}.start_ip_address", [task.name, modules[m]]),
 		"issueType": "IncorrectValue",
-		"keyExpectedValue": "azure_rm_rediscachefirewallrule.start_ip_address and end_ip_address allow up to 255 hosts",
+		"keyExpectedValue": "azure_rm_rediscachefirewallrule.start_ip_address and end_ip_address should allow up to 255 hosts",
 		"keyActualValue": sprintf("azure_rm_rediscachefirewallrule.start_ip_address and end_ip_address allow %d hosts", [available]),
 	}
 }
@@ -18,7 +18,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}.enable_soft_delete", [task.name, modules[m]]),
 		"issueType": "IncorrectValue",
-		"keyExpectedValue": "azure_rm_keyvault.enable_soft_delete is true",
+		"keyExpectedValue": "azure_rm_keyvault.enable_soft_delete should be true",
 		"keyActualValue": "azure_rm_keyvault.enable_soft_delete is false",
 	}
 }
@@ -36,7 +36,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}", [task.name, modules[m]]),
 		"issueType": "MissingAttribute",
-		"keyExpectedValue": "azure_rm_keyvault.enable_soft_delete is defined",
+		"keyExpectedValue": "azure_rm_keyvault.enable_soft_delete should be defined",
 		"keyActualValue": "azure_rm_keyvault.enable_soft_delete is undefined",
 	}
 }
@@ -20,7 +20,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}.value", [task.name, modules[m]]),
 		"issueType": "IncorrectValue",
-		"keyExpectedValue": "azure_rm_postgresqlconfiguration.value is equal to 'on'",
+		"keyExpectedValue": "azure_rm_postgresqlconfiguration.value should be equal to 'on'",
 		"keyActualValue": "azure_rm_postgresqlconfiguration.value is not equal to 'on'",
 	}
 }
@@ -38,7 +38,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}", [task.name, modules[m]]),
 		"issueType": "MissingAttribute",
-		"keyExpectedValue": "azure_rm_monitorlogprofile.categories is defined",
+		"keyExpectedValue": "azure_rm_monitorlogprofile.categories should be defined",
 		"keyActualValue": "azure_rm_monitorlogprofile.categories is undefined",
 	}
 }
@@ -40,7 +40,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}.network_acls.ip_rules", [task.name, modules[m]]),
 		"issueType": "IncorrectValue",
-		"keyExpectedValue": "azure_rm_storageaccount.network_acls.default_action is 'Deny' and azure_rm_storageaccount.network_acls.ip_rules does not contain value '0.0.0.0/0' ",
+		"keyExpectedValue": "azure_rm_storageaccount.network_acls.default_action should be set to 'Deny' and azure_rm_storageaccount.network_acls.ip_rules should not contain value '0.0.0.0/0' ",
 		"keyActualValue": "azure_rm_storageaccount.network_acls.default_action is 'Deny' and azure_rm_storageaccount.network_acls.ip_rules contains value '0.0.0.0/0'",
 	}
 }
@@ -17,7 +17,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}.start_ip_address", [task.name, modules[m]]),
 		"issueType": "IncorrectValue",
-		"keyExpectedValue": "azure_rm_rediscachefirewallrule start_ip and end_ip are not equal to '0.0.0.0'",
+		"keyExpectedValue": "azure_rm_rediscachefirewallrule start_ip and end_ip should not equal to '0.0.0.0'",
 		"keyActualValue": "azure_rm_rediscachefirewallrule start_ip and end_ip are equal to '0.0.0.0'",
 	}
 }
@@ -18,7 +18,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}.start_ip_address", [task.name, modules[m]]),
 		"issueType": "IncorrectValue",
-		"keyExpectedValue": "azure_rm_rediscachefirewallrule ip range is private",
+		"keyExpectedValue": "azure_rm_rediscachefirewallrule ip range should be private",
 		"keyActualValue": "azure_rm_rediscachefirewallrule ip range is public",
 	}
 }
@@ -19,7 +19,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}.permissions.actions", [task.name, modules[m]]),
 		"issueType": "IncorrectValue",
-		"keyExpectedValue": sprintf("%s.permissions[%d].actions does not allow custom role creation", [modules[m], p]),
+		"keyExpectedValue": sprintf("%s.permissions[%d].actions should not allow custom role creation", [modules[m], p]),
 		"keyActualValue": sprintf("%s.permissions[%d].actions allows custom role creation", [modules[m], p]),
 		"searchLine": common_lib.build_search_line(["playbooks", t, modules[m], "permissions", p, "actions"], []),
 	}

@@ -19,7 +19,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}", [task.name, modules[m]]),
 		"issueType": "MissingAttribute",
-		"keyExpectedValue": "azure_rm_subnet.security_group is defined and not null",
+		"keyExpectedValue": "azure_rm_subnet.security_group should be defined and not null",
 		"keyActualValue": "azure_rm_subnet.security_group is undefined or null",
 	}
 }

@@ -18,7 +18,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}.retention_policy.enabled", [task.name, modules[m]]),
 		"issueType": "IncorrectValue",
-		"keyExpectedValue": "azure_rm_monitorlogprofile.retention_policy.enabled is true or yes",
+		"keyExpectedValue": "azure_rm_monitorlogprofile.retention_policy.enabled should be true or yes",
 		"keyActualValue": "azure_rm_monitorlogprofile.retention_policy.enabled is false or no",
 	}
 }
@@ -38,7 +38,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}.retention_policy.days", [task.name, modules[m]]),
 		"issueType": "IncorrectValue",
-		"keyExpectedValue": "azure_rm_monitorlogprofile.retention_policy.days is greater than or equal to 365 days or 0 (indefinitely)",
+		"keyExpectedValue": "azure_rm_monitorlogprofile.retention_policy.days should be greater than or equal to 365 days or 0 (indefinitely)",
 		"keyActualValue": "azure_rm_monitorlogprofile.retention_policy.days is lesser than 365 days or different than 0 (indefinitely)",
 	}
 }
@@ -56,7 +56,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}", [task.name, modules[m]]),
 		"issueType": "MissingAttribute",
-		"keyExpectedValue": "azure_rm_monitorlogprofile.retention_policy is defined",
+		"keyExpectedValue": "azure_rm_monitorlogprofile.retention_policy should be defined",
 		"keyActualValue": "azure_rm_monitorlogprofile.retention_policy is undefined",
 	}
 }
@@ -17,7 +17,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}.end_ip_address", [task.name, modules[m]]),
 		"issueType": "IncorrectValue",
-		"keyExpectedValue": "azure_rm_sqlfirewallrule should allows all IPs",
+		"keyExpectedValue": "azure_rm_sqlfirewallrule should allow all IPs",
 		"keyActualValue": "azure_rm_sqlfirewallrule should not allow all IPs (range from start_ip_address to end_ip_address)",
 	}
 }

@@ -18,7 +18,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}.ad_user", [task.name, modules[m]]),
 		"issueType": "IncorrectValue",
-		"keyExpectedValue": "azure_ad_serviceprincipal.ad_user is neither empty nor null",
+		"keyExpectedValue": "azure_ad_serviceprincipal.ad_user should be neither empty nor null",
 		"keyActualValue": "azure_ad_serviceprincipal.ad_user is empty or null",
 	}
 }

@@ -18,7 +18,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}", [task.name, modules[index]]),
 		"issueType": "MissingAttribute",
-		"keyExpectedValue": "azure_rm_storageaccount.https_only is defined",
+		"keyExpectedValue": "azure_rm_storageaccount.https_only should be defined",
 		"keyActualValue": "azure_rm_storageaccount.https_only is undefined (defaults to false)",
 	}
 }

@@ -18,7 +18,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}", [task.name, modules[m]]),
 		"issueType": "MissingAttribute",
-		"keyExpectedValue": "azure_rm_storageaccount.minimum_tls_version is defined",
+		"keyExpectedValue": "azure_rm_storageaccount.minimum_tls_version should be defined",
 		"keyActualValue": "azure_rm_storageaccount.minimum_tls_version is undefined",
 	}
 }
@@ -36,7 +36,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}.minimum_tls_version", [task.name, modules[m]]),
 		"issueType": "IncorrectValue",
-		"keyExpectedValue": "azure_rm_storageaccount is using the latest version of TLS encryption",
+		"keyExpectedValue": "azure_rm_storageaccount should be using the latest version of TLS encryption",
 		"keyActualValue": sprintf("azure_rm_storageaccount is using version %s of TLS encryption", [storage.minimum_tls_version]),
 	}
 }
@@ -21,7 +21,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}", [task.name, modules[m]]),
 		"issueType": "IncorrectValue",
-		"keyExpectedValue": "The difference between the value of azure_rm_sqlfirewallrule end_ip_address and start_ip_address is lesser than 256",
+		"keyExpectedValue": "The difference between the value of azure_rm_sqlfirewallrule end_ip_address and start_ip_address should be lesser than 256",
 		"keyActualValue": "The difference between the value of azure_rm_sqlfirewallrule end_ip_address and start_ip_address is greater than or equal to 256",
 	}
 }
@@ -18,7 +18,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}", [task.name, modules[m]]),
 		"issueType": "MissingAttribute",
-		"keyExpectedValue": "azure_rm_virtualmachine.network_interface_names is defined",
+		"keyExpectedValue": "azure_rm_virtualmachine.network_interface_names should be defined",
 		"keyActualValue": "azure_rm_virtualmachine.network_interface_names is undefined",
 	}
 }
@@ -18,7 +18,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}.https_only", [task.name, modules[m]]),
 		"issueType": "IncorrectValue",
-		"keyExpectedValue": "azure_rm_webapp.https_only is set to true or 'yes'",
+		"keyExpectedValue": "azure_rm_webapp.https_only should be set to true or 'yes'",
 		"keyActualValue": sprintf("azure_rm_webapp.https_only value is '%s'", [webapp.https_only]),
 	}
 }
@@ -36,7 +36,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}", [task.name, modules[m]]),
 		"issueType": "MissingAttribute",
-		"keyExpectedValue": "azure_rm_webapp.https_only is defined",
+		"keyExpectedValue": "azure_rm_webapp.https_only should be defined",
 		"keyActualValue": "azure_rm_webapp.https_only is undefined",
 	}
 }