diff --git a/assets/queries/terraform/nifcloud/computing_instance_has_common_private/metadata.json b/assets/queries/terraform/nifcloud/computing_instance_has_common_private/metadata.json index e0d8094cda4..409c829b835 100644 --- a/assets/queries/terraform/nifcloud/computing_instance_has_common_private/metadata.json +++ b/assets/queries/terraform/nifcloud/computing_instance_has_common_private/metadata.json @@ -1,6 +1,6 @@ { "id": "df58dd45-8009-43c2-90f7-c90eb9d53ed9", - "queryName": "Beta - Nifcloud Computing Has Common Private Network", + "queryName": "Nifcloud Computing Has Common Private Network", "severity": "LOW", "category": "Networking and Firewall", "descriptionText": "The instance has common private network", diff --git a/assets/queries/terraform/nifcloud/computing_instance_has_common_private/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/computing_instance_has_common_private/test/positive_expected_result.json index e0f207ba71b..3b339c90f90 100644 --- a/assets/queries/terraform/nifcloud/computing_instance_has_common_private/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/computing_instance_has_common_private/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { - "queryName": "Beta - Nifcloud Computing Has Common Private Network", + "queryName": "Nifcloud Computing Has Common Private Network", "severity": "LOW", "line": 1, "fileName": "positive1.tf" }, { - "queryName": "Beta - Nifcloud Computing Has Common Private Network", + "queryName": "Nifcloud Computing Has Common Private Network", "severity": "LOW", "line": 1, "fileName": "positive2.tf" diff --git a/assets/queries/terraform/nifcloud/computing_instance_has_public_ingress_sgr/metadata.json b/assets/queries/terraform/nifcloud/computing_instance_has_public_ingress_sgr/metadata.json index 73ac9f9525b..85886974344 100644 --- a/assets/queries/terraform/nifcloud/computing_instance_has_public_ingress_sgr/metadata.json +++ b/assets/queries/terraform/nifcloud/computing_instance_has_public_ingress_sgr/metadata.json @@ -1,6 +1,6 @@ { "id": "b2ea2367-8dc9-4231-a035-d0b28bfa3dde", - "queryName": "Beta - Nifcloud Computing Has Public Ingress Security Group Rule", + "queryName": "Nifcloud Computing Has Public Ingress Security Group Rule", "severity": "HIGH", "category": "Networking and Firewall", "descriptionText": "An ingress security group rule allows traffic from /0", diff --git a/assets/queries/terraform/nifcloud/computing_instance_has_public_ingress_sgr/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/computing_instance_has_public_ingress_sgr/test/positive_expected_result.json index 3ed3da3556d..c155888d657 100644 --- a/assets/queries/terraform/nifcloud/computing_instance_has_public_ingress_sgr/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/computing_instance_has_public_ingress_sgr/test/positive_expected_result.json @@ -1,6 +1,6 @@ [ { - "queryName": "Beta - Nifcloud Computing Has Public Ingress Security Group Rule", + "queryName": "Nifcloud Computing Has Public Ingress Security Group Rule", "severity": "HIGH", "line": 1, "fileName": "positive.tf" diff --git a/assets/queries/terraform/nifcloud/computing_instance_security_group_undefined/metadata.json b/assets/queries/terraform/nifcloud/computing_instance_security_group_undefined/metadata.json index f6966d65bf1..839bfb1ef07 100644 --- a/assets/queries/terraform/nifcloud/computing_instance_security_group_undefined/metadata.json +++ b/assets/queries/terraform/nifcloud/computing_instance_security_group_undefined/metadata.json @@ -1,6 +1,6 @@ { "id": "89218b48-75c9-4cb3-aaba-5299e852e8bc", - "queryName": "Beta - Nifcloud Computing Undefined Security Group To Instance", + "queryName": "Nifcloud Computing Undefined Security Group To Instance", "severity": "HIGH", "category": "Networking and Firewall", "descriptionText": "Missing security group for instance", diff --git a/assets/queries/terraform/nifcloud/computing_instance_security_group_undefined/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/computing_instance_security_group_undefined/test/positive_expected_result.json index 39f1b2247af..9aa880cd9a9 100644 --- a/assets/queries/terraform/nifcloud/computing_instance_security_group_undefined/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/computing_instance_security_group_undefined/test/positive_expected_result.json @@ -1,6 +1,6 @@ [ { - "queryName": "Beta - Nifcloud Computing Undefined Security Group To Instance", + "queryName": "Nifcloud Computing Undefined Security Group To Instance", "severity": "HIGH", "line": 1, "fileName": "positive.tf" diff --git a/assets/queries/terraform/nifcloud/computing_security_group_description_undefined/metadata.json b/assets/queries/terraform/nifcloud/computing_security_group_description_undefined/metadata.json index b10f59599b3..b4c715fdf59 100644 --- a/assets/queries/terraform/nifcloud/computing_security_group_description_undefined/metadata.json +++ b/assets/queries/terraform/nifcloud/computing_security_group_description_undefined/metadata.json @@ -1,9 +1,9 @@ { "id": "41c127a9-3a85-4bc3-a333-ed374eb9c3e4", - "queryName": "Beta - Nifcloud Computing Undefined Description To Security Group", - "severity": "LOW", - "category": "Networking and Firewall", - "descriptionText": "Missing description for security group", + "queryName": "Nifcloud Computing Undefined Description To Security Group", + "severity": "INFO", + "category": "Best Practices", + "descriptionText": "It's considered a best practice for Security Group to have a description", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/security_group#description", "platform": "Terraform", "descriptionID": "dedce967", diff --git a/assets/queries/terraform/nifcloud/computing_security_group_description_undefined/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/computing_security_group_description_undefined/test/positive_expected_result.json index 9a6dfc8dc8b..1b4ae154932 100644 --- a/assets/queries/terraform/nifcloud/computing_security_group_description_undefined/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/computing_security_group_description_undefined/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { - "queryName": "Beta - Nifcloud Computing Undefined Description To Security Group", - "severity": "LOW", + "queryName": "Nifcloud Computing Undefined Description To Security Group", + "severity": "INFO", "line": 1, "fileName": "positive.tf" } diff --git a/assets/queries/terraform/nifcloud/computing_security_group_rule_description_undefined/metadata.json b/assets/queries/terraform/nifcloud/computing_security_group_rule_description_undefined/metadata.json index 0647da56a9a..3b0c9482ed4 100644 --- a/assets/queries/terraform/nifcloud/computing_security_group_rule_description_undefined/metadata.json +++ b/assets/queries/terraform/nifcloud/computing_security_group_rule_description_undefined/metadata.json @@ -1,9 +1,9 @@ { "id": "e4610872-0b1c-4fb7-ab57-d81c0afdb291", - "queryName": "Beta - Nifcloud Computing Undefined Description To Security Group Rule", - "severity": "LOW", - "category": "Networking and Firewall", - "descriptionText": "Missing description for security group rule", + "queryName": "Nifcloud Computing Undefined Description To Security Group Rule", + "severity": "INFO", + "category": "Best Practices", + "descriptionText": "It's considered a best practice for Security Group Rules to have a description", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/security_group_rule#description", "platform": "Terraform", "descriptionID": "66ed83ab", diff --git a/assets/queries/terraform/nifcloud/computing_security_group_rule_description_undefined/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/computing_security_group_rule_description_undefined/test/positive_expected_result.json index 7794ee78efd..9bd94917eb8 100644 --- a/assets/queries/terraform/nifcloud/computing_security_group_rule_description_undefined/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/computing_security_group_rule_description_undefined/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { - "queryName": "Beta - Nifcloud Computing Undefined Description To Security Group Rule", - "severity": "LOW", + "queryName": "Nifcloud Computing Undefined Description To Security Group Rule", + "severity": "INFO", "line": 1, "fileName": "positive.tf" } diff --git a/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/metadata.json b/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/metadata.json index 684be1bbde0..7ddabdafb85 100644 --- a/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/metadata.json +++ b/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/metadata.json @@ -1,9 +1,9 @@ { "id": "e5071f76-cbe7-468d-bb2b-d10f02d2b713", - "queryName": "Beta - Nifcloud RDB Has Backup Retention Less Than 2 Day", - "severity": "MEDIUM", + "queryName": "Nifcloud Low RDB Backup Retention Period", + "severity": "LOW", "category": "Backup", - "descriptionText": "The rdb has backup retention less than 2 day", + "descriptionText": "Nifcloud RDB backup retention should be at least 7 days", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/db_instance#backup_retention_period", "platform": "Terraform", "descriptionID": "5fadf94a", diff --git a/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/query.rego b/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/query.rego index 5c6e1692de5..965203d8c44 100644 --- a/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/query.rego +++ b/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/query.rego @@ -14,15 +14,15 @@ CxPolicy[result] { "resourceName": tf_lib.get_resource_name(dbInstance, name), "searchKey": sprintf("nifcloud_db_instance[%s]", [name]), "issueType": "MissingAttribute", - "keyExpectedValue": sprintf("'nifcloud_db_instance[%s]' should have backup retention longer than 1 day", [name]), - "keyActualValue": sprintf("'nifcloud_db_instance[%s]' does not have backup retention period", [name]), + "keyExpectedValue": sprintf("'nifcloud_db_instance[%s]' should have backup retention of at least 7 days", [name]), + "keyActualValue": sprintf("'nifcloud_db_instance[%s]' doesn't have a backup retention period defined", [name]), } } CxPolicy[result] { dbInstance := input.document[i].resource.nifcloud_db_instance[name] - dbInstance.backup_retention_period < 2 + dbInstance.backup_retention_period < 7 result := { "documentId": input.document[i].id, @@ -30,7 +30,7 @@ CxPolicy[result] { "resourceName": tf_lib.get_resource_name(dbInstance, name), "searchKey": sprintf("nifcloud_db_instance[%s]", [name]), "issueType": "IncorrectValue", - "keyExpectedValue": sprintf("'nifcloud_db_instance[%s]' should have backup retention longer than 1 day", [name]), - "keyActualValue": sprintf("'nifcloud_db_instance[%s]' has 1 day backup retention period", [name]), + "keyExpectedValue": sprintf("'nifcloud_db_instance[%s]' should have backup retention of at least 7 days", [name]), + "keyActualValue": sprintf("'nifcloud_db_instance[%s]' has backup retention period of '%s' which is less than minimum of 7 days", [name, dbInstance.backup_retention_period]), } } diff --git a/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/test/negative.tf b/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/test/negative.tf index 8d8d3ce3fbb..ecd9ef57106 100644 --- a/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/test/negative.tf +++ b/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/test/negative.tf @@ -1,5 +1,5 @@ resource "nifcloud_db_instance" "negative" { identifier = "example" instance_class = "db.large8" - backup_retention_period = 5 + backup_retention_period = 7 } diff --git a/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/test/positive2.tf b/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/test/positive2.tf index 032bb4bd814..2ff6aade499 100644 --- a/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/test/positive2.tf +++ b/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/test/positive2.tf @@ -1,5 +1,5 @@ resource "nifcloud_db_instance" "positive" { identifier = "example" instance_class = "db.large8" - backup_retention_period = 1 + backup_retention_period = 5 } diff --git a/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/test/positive_expected_result.json index 3061202486d..27c28135d5e 100644 --- a/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/db_does_not_have_long_backup_retention/test/positive_expected_result.json @@ -1,13 +1,13 @@ [ { - "queryName": "Beta - Nifcloud RDB Has Backup Retention Less Than 2 Day", - "severity": "MEDIUM", + "queryName": "Nifcloud Low RDB Backup Retention Period", + "severity": "LOW", "line": 1, "fileName": "positive1.tf" }, { - "queryName": "Beta - Nifcloud RDB Has Backup Retention Less Than 2 Day", - "severity": "MEDIUM", + "queryName": "Nifcloud Low RDB Backup Retention Period", + "severity": "LOW", "line": 1, "fileName": "positive2.tf" } diff --git a/assets/queries/terraform/nifcloud/db_has_public_access/metadata.json b/assets/queries/terraform/nifcloud/db_has_public_access/metadata.json index f5217ccd260..85eb554d52c 100644 --- a/assets/queries/terraform/nifcloud/db_has_public_access/metadata.json +++ b/assets/queries/terraform/nifcloud/db_has_public_access/metadata.json @@ -1,12 +1,12 @@ { - "id": "fb387023-e4bb-42a8-9a70-6708aa7ff21b", - "queryName": "Beta - Nifcloud RDB Has Public DB Access", - "severity": "HIGH", - "category": "Networking and Firewall", - "descriptionText": "The rdb has public db access", - "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/db_instance#publicly_accessible", - "platform": "Terraform", - "descriptionID": "e4ce28b6", - "cloudProvider": "nifcloud", - "cwe": "732" -} + "id": "fb387023-e4bb-42a8-9a70-6708aa7ff21b", + "queryName": "Nifcloud RDB Has Public DB Access", + "severity": "HIGH", + "category": "Access Control", + "descriptionText": "The RDB has public DB access", + "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/db_instance#publicly_accessible", + "platform": "Terraform", + "descriptionID": "e4ce28b6", + "cloudProvider": "nifcloud", + "cwe": "732" + } \ No newline at end of file diff --git a/assets/queries/terraform/nifcloud/db_has_public_access/query.rego b/assets/queries/terraform/nifcloud/db_has_public_access/query.rego index 7096649a477..7c36874fee8 100644 --- a/assets/queries/terraform/nifcloud/db_has_public_access/query.rego +++ b/assets/queries/terraform/nifcloud/db_has_public_access/query.rego @@ -4,17 +4,31 @@ import data.generic.terraform as tf_lib import data.generic.common as common_lib CxPolicy[result] { - dbInstance := input.document[i].resource.nifcloud_db_instance[name] dbInstance.publicly_accessible == true - result := { "documentId": input.document[i].id, "resourceType": "nifcloud_db_instance", "resourceName": tf_lib.get_resource_name(dbInstance, name), "searchKey": sprintf("nifcloud_db_instance[%s]", [name]), "issueType": "IncorrectValue", - "keyExpectedValue": sprintf("'nifcloud_db_instance[%s]' should not use publicly available. You should limit all access to the minimum that is required for your application to function.", [name]), - "keyActualValue": sprintf("'nifcloud_db_instance[%s]' use publicly available", [name]), + "keyExpectedValue": sprintf("'nifcloud_db_instance[%s]' should not use publicly accessible set to true. You should limit all access to the minimum that is required for your application to function.", [name]), + "keyActualValue": sprintf("'nifcloud_db_instance[%s]' has publicly accessible set to true.", [name]), } } + +CxPolicy[result] { + + dbInstance := input.document[i].resource.nifcloud_db_instance[name] + not common_lib.valid_key(dbInstance, "publicly_accessible") + + result := { + "documentId": input.document[i].id, + "resourceType": "nifcloud_db_instance", + "resourceName": tf_lib.get_resource_name(dbInstance, name), + "searchKey": sprintf("nifcloud_db_instance[%s]", [name]), + "issueType": "MissingAttribute", + "keyExpectedValue": sprintf("'nifcloud_db_instance[%s]' should have publicly accessible defined as the default value is set to true. You should limit all access to the minimum that is required for your application to function.", [name]), + "keyActualValue": sprintf("'nifcloud_db_instance[%s]' doesn't define publicly accessible.", [name]), + } +} \ No newline at end of file diff --git a/assets/queries/terraform/nifcloud/db_has_public_access/test/negative.tf b/assets/queries/terraform/nifcloud/db_has_public_access/test/negative.tf index 3b0b1a51837..caaa6b74a91 100644 --- a/assets/queries/terraform/nifcloud/db_has_public_access/test/negative.tf +++ b/assets/queries/terraform/nifcloud/db_has_public_access/test/negative.tf @@ -2,4 +2,4 @@ resource "nifcloud_db_instance" "negative" { identifier = "example" instance_class = "db.large8" publicly_accessible = false -} +} \ No newline at end of file diff --git a/assets/queries/terraform/nifcloud/db_has_public_access/test/positive.tf b/assets/queries/terraform/nifcloud/db_has_public_access/test/positive.tf index 1b481c93433..34fc1dfbf9b 100644 --- a/assets/queries/terraform/nifcloud/db_has_public_access/test/positive.tf +++ b/assets/queries/terraform/nifcloud/db_has_public_access/test/positive.tf @@ -2,4 +2,4 @@ resource "nifcloud_db_instance" "positive" { identifier = "example" instance_class = "db.large8" publicly_accessible = true -} +} \ No newline at end of file diff --git a/assets/queries/terraform/nifcloud/db_has_public_access/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/db_has_public_access/test/positive_expected_result.json index e296e014786..f1c041a3ef5 100644 --- a/assets/queries/terraform/nifcloud/db_has_public_access/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/db_has_public_access/test/positive_expected_result.json @@ -1,6 +1,6 @@ [ { - "queryName": "Beta - Nifcloud RDB Has Public DB Access", + "queryName": "Nifcloud RDB Has Public DB Access", "severity": "HIGH", "line": 1, "fileName": "positive.tf" diff --git a/assets/queries/terraform/nifcloud/db_instance_has_common_private/metadata.json b/assets/queries/terraform/nifcloud/db_instance_has_common_private/metadata.json index 2e06cb2bc03..11a80ee7ac4 100644 --- a/assets/queries/terraform/nifcloud/db_instance_has_common_private/metadata.json +++ b/assets/queries/terraform/nifcloud/db_instance_has_common_private/metadata.json @@ -1,9 +1,9 @@ { "id": "9bf57c23-fbab-4222-85f3-3f207a53c6a8", - "queryName": "Beta - Nifcloud RDB Has Common Private Network", + "queryName": "Nifcloud RDB Has Common Private Network", "severity": "LOW", "category": "Networking and Firewall", - "descriptionText": "The rdb has common private network", + "descriptionText": "The RDB has common private network", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/db_instance#network_id", "platform": "Terraform", "descriptionID": "89f1ff38", diff --git a/assets/queries/terraform/nifcloud/db_instance_has_common_private/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/db_instance_has_common_private/test/positive_expected_result.json index c41c5a0fd11..0c41e6b1eb8 100644 --- a/assets/queries/terraform/nifcloud/db_instance_has_common_private/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/db_instance_has_common_private/test/positive_expected_result.json @@ -1,6 +1,6 @@ [ { - "queryName": "Beta - Nifcloud RDB Has Common Private Network", + "queryName": "Nifcloud RDB Has Common Private Network", "severity": "LOW", "line": 1, "fileName": "positive.tf" diff --git a/assets/queries/terraform/nifcloud/db_security_group_description_undefined/metadata.json b/assets/queries/terraform/nifcloud/db_security_group_description_undefined/metadata.json index 5dbfd29427e..ee9fb1772e5 100644 --- a/assets/queries/terraform/nifcloud/db_security_group_description_undefined/metadata.json +++ b/assets/queries/terraform/nifcloud/db_security_group_description_undefined/metadata.json @@ -1,9 +1,9 @@ { "id": "940ddce2-26bd-4e31-a9b4-382714f73231", - "queryName": "Beta - Nifcloud RDB Undefined Description To DB Security Group", - "severity": "LOW", - "category": "Networking and Firewall", - "descriptionText": "Missing description for db security group", + "queryName": "Nifcloud RDB Undefined Description To DB Security Group", + "severity": "INFO", + "category": "Best Practices", + "descriptionText": "Missing description for DB security group", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/db_security_group#description", "platform": "Terraform", "descriptionID": "badc7874", diff --git a/assets/queries/terraform/nifcloud/db_security_group_description_undefined/query.rego b/assets/queries/terraform/nifcloud/db_security_group_description_undefined/query.rego index 1c95b8e2f7d..eb5e8b887df 100644 --- a/assets/queries/terraform/nifcloud/db_security_group_description_undefined/query.rego +++ b/assets/queries/terraform/nifcloud/db_security_group_description_undefined/query.rego @@ -14,7 +14,7 @@ CxPolicy[result] { "resourceName": tf_lib.get_resource_name(dbSecurityGroup, name), "searchKey": sprintf("nifcloud_db_security_group[%s]", [name]), "issueType": "MissingAttribute", - "keyExpectedValue": sprintf("'nifcloud_db_security_group[%s]' should include a description for auditing purposes", [name]), - "keyActualValue": sprintf("'nifcloud_db_security_group[%s]' does not have a description", [name]), + "keyExpectedValue": sprintf("'nifcloud_db_security_group[%s]' should include a description for auditing purposes.", [name]), + "keyActualValue": sprintf("'nifcloud_db_security_group[%s]' does not have a description.", [name]), } } diff --git a/assets/queries/terraform/nifcloud/db_security_group_description_undefined/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/db_security_group_description_undefined/test/positive_expected_result.json index 849553f1b27..547983c13bf 100644 --- a/assets/queries/terraform/nifcloud/db_security_group_description_undefined/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/db_security_group_description_undefined/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { - "queryName": "Beta - Nifcloud RDB Undefined Description To DB Security Group", - "severity": "LOW", + "queryName": "Nifcloud RDB Undefined Description To DB Security Group", + "severity": "INFO", "line": 1, "fileName": "positive.tf" } diff --git a/assets/queries/terraform/nifcloud/db_security_group_has_public_ingress_sgr/metadata.json b/assets/queries/terraform/nifcloud/db_security_group_has_public_ingress_sgr/metadata.json index e718bf1ddee..d2da7e39736 100644 --- a/assets/queries/terraform/nifcloud/db_security_group_has_public_ingress_sgr/metadata.json +++ b/assets/queries/terraform/nifcloud/db_security_group_has_public_ingress_sgr/metadata.json @@ -1,9 +1,9 @@ { "id": "a0b846e8-815f-4f15-b660-bc4ab9fa1e1a", - "queryName": "Beta - Nifcloud RDB Has Public DB Ingress Security Group Rule", + "queryName": "Nifcloud RDB Has Public DB Ingress Security Group Rule", "severity": "HIGH", "category": "Networking and Firewall", - "descriptionText": "An db ingress security group rule allows traffic from /0", + "descriptionText": "A DB ingress security group rule allows traffic from /0", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/db_security_group#cidr_ip", "platform": "Terraform", "descriptionID": "05a9f362", diff --git a/assets/queries/terraform/nifcloud/db_security_group_has_public_ingress_sgr/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/db_security_group_has_public_ingress_sgr/test/positive_expected_result.json index 993aac712c5..425cc5d611a 100644 --- a/assets/queries/terraform/nifcloud/db_security_group_has_public_ingress_sgr/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/db_security_group_has_public_ingress_sgr/test/positive_expected_result.json @@ -1,6 +1,6 @@ [ { - "queryName": "Beta - Nifcloud RDB Has Public DB Ingress Security Group Rule", + "queryName": "Nifcloud RDB Has Public DB Ingress Security Group Rule", "severity": "HIGH", "line": 1, "fileName": "positive.tf" diff --git a/assets/queries/terraform/nifcloud/dns_has_verified_record/metadata.json b/assets/queries/terraform/nifcloud/dns_has_verified_record/metadata.json index 47cd35264b2..e62628cec5b 100644 --- a/assets/queries/terraform/nifcloud/dns_has_verified_record/metadata.json +++ b/assets/queries/terraform/nifcloud/dns_has_verified_record/metadata.json @@ -1,7 +1,7 @@ { "id": "a1defcb6-55e8-4511-8c2a-30b615b0e057", - "queryName": "Beta - Nifcloud DNS Has Verified Record", - "severity": "HIGH", + "queryName": "Nifcloud DNS Has Verified Record", + "severity": "LOW", "category": "Insecure Configurations", "descriptionText": "Removing verified record of TXT auth the risk that If the authentication record remains, anyone can register the zone", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/dns_record#record", diff --git a/assets/queries/terraform/nifcloud/dns_has_verified_record/query.rego b/assets/queries/terraform/nifcloud/dns_has_verified_record/query.rego index 60fe9c795e1..08dfd6e7ccc 100644 --- a/assets/queries/terraform/nifcloud/dns_has_verified_record/query.rego +++ b/assets/queries/terraform/nifcloud/dns_has_verified_record/query.rego @@ -14,7 +14,7 @@ CxPolicy[result] { "resourceName": tf_lib.get_resource_name(dnsRecord, name), "searchKey": sprintf("nifcloud_dns_record[%s]", [name]), "issueType": "IncorrectValue", - "keyExpectedValue": sprintf("'nifcloud_dns_record[%s]' remove verified record", [name]), - "keyActualValue": sprintf("'nifcloud_dns_record[%s]' has risk of DNS records be used by others", [name]), + "keyExpectedValue": sprintf("Verified records should be removed from 'nifcloud_dns_record[%s]'.", [name]), + "keyActualValue": sprintf("'nifcloud_dns_record[%s]' has risk of DNS records being used by others.", [name]), } } diff --git a/assets/queries/terraform/nifcloud/dns_has_verified_record/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/dns_has_verified_record/test/positive_expected_result.json index aedcb06ad91..b6523967215 100644 --- a/assets/queries/terraform/nifcloud/dns_has_verified_record/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/dns_has_verified_record/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { - "queryName": "Beta - Nifcloud DNS Has Verified Record", - "severity": "HIGH", + "queryName": "Nifcloud DNS Has Verified Record", + "severity": "LOW", "line": 1, "fileName": "positive.tf" } diff --git a/assets/queries/terraform/nifcloud/elb_has_common_private/metadata.json b/assets/queries/terraform/nifcloud/elb_has_common_private/metadata.json index 0d94c29cb09..95ec4f6513c 100644 --- a/assets/queries/terraform/nifcloud/elb_has_common_private/metadata.json +++ b/assets/queries/terraform/nifcloud/elb_has_common_private/metadata.json @@ -1,9 +1,9 @@ { "id": "5061f84c-ab66-4660-90b9-680c9df346c0", - "queryName": "Beta - Nifcloud ELB Has Common Private Network", + "queryName": "Nifcloud ELB Has Common Private Network", "severity": "LOW", "category": "Networking and Firewall", - "descriptionText": "The elb has common private network", + "descriptionText": "The ELB has common private network", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/elb#network_id", "platform": "Terraform", "descriptionID": "40e5b2b8", diff --git a/assets/queries/terraform/nifcloud/elb_has_common_private/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/elb_has_common_private/test/positive_expected_result.json index 26c689cfdbb..93ef9fa8953 100644 --- a/assets/queries/terraform/nifcloud/elb_has_common_private/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/elb_has_common_private/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { - "queryName": "Beta - Nifcloud ELB Has Common Private Network", + "queryName": "Nifcloud ELB Has Common Private Network", "severity": "LOW", "line": 1, "fileName": "positive1.tf" }, { - "queryName": "Beta - Nifcloud ELB Has Common Private Network", + "queryName": "Nifcloud ELB Has Common Private Network", "severity": "LOW", "line": 1, "fileName": "positive2.tf" diff --git a/assets/queries/terraform/nifcloud/elb_listener_use_http/metadata.json b/assets/queries/terraform/nifcloud/elb_listener_use_http/metadata.json index 98d41738eef..6c7b9179971 100644 --- a/assets/queries/terraform/nifcloud/elb_listener_use_http/metadata.json +++ b/assets/queries/terraform/nifcloud/elb_listener_use_http/metadata.json @@ -1,9 +1,9 @@ { "id": "afcb0771-4f94-44ed-ad4a-9f73f11ce6e0", - "queryName": "Beta - Nifcloud ELB Listener Use HTTP Protocol", - "severity": "HIGH", - "category": "Insecure Configurations", - "descriptionText": "The elb listener use http protocol", + "queryName": "Nifcloud ELB Listener Using HTTP Protocol", + "severity": "MEDIUM", + "category": "Networking and Firewall", + "descriptionText": "The ELB listener using http protocol", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/elb_listener#protocol", "platform": "Terraform", "descriptionID": "5a3b83e8", diff --git a/assets/queries/terraform/nifcloud/elb_listener_use_http/query.rego b/assets/queries/terraform/nifcloud/elb_listener_use_http/query.rego index a4a98c2ec62..f62aec73e0e 100644 --- a/assets/queries/terraform/nifcloud/elb_listener_use_http/query.rego +++ b/assets/queries/terraform/nifcloud/elb_listener_use_http/query.rego @@ -20,8 +20,8 @@ CxPolicy[result] { "resourceName": tf_lib.get_resource_name(elb_listener, name), "searchKey": sprintf("nifcloud_elb_listener[%s]", [name]), "issueType": "IncorrectValue", - "keyExpectedValue": sprintf("'nifcloud_elb_listener[%s]' should switch to HTTPS to benefit from TLS security features", [name]), - "keyActualValue": sprintf("'nifcloud_elb_listener[%s]' use HTTP protocol", [name]), + "keyExpectedValue": sprintf("'nifcloud_elb_listener[%s]' should switch to HTTPS to benefit from TLS security features.", [name]), + "keyActualValue": sprintf("'nifcloud_elb_listener[%s]' using HTTP protocol.", [name]), } } diff --git a/assets/queries/terraform/nifcloud/elb_listener_use_http/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/elb_listener_use_http/test/positive_expected_result.json index f2192b13dc7..1c910a5b611 100644 --- a/assets/queries/terraform/nifcloud/elb_listener_use_http/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/elb_listener_use_http/test/positive_expected_result.json @@ -1,13 +1,13 @@ [ { - "queryName": "Beta - Nifcloud ELB Listener Use HTTP Protocol", - "severity": "HIGH", + "queryName": "Nifcloud ELB Listener Using HTTP Protocol", + "severity": "MEDIUM", "line": 1, "fileName": "positive1.tf" }, { - "queryName": "Beta - Nifcloud ELB Listener Use HTTP Protocol", - "severity": "HIGH", + "queryName": "Nifcloud ELB Listener Using HTTP Protocol", + "severity": "MEDIUM", "line": 1, "fileName": "positive2.tf" } diff --git a/assets/queries/terraform/nifcloud/elb_use_http/metadata.json b/assets/queries/terraform/nifcloud/elb_use_http/metadata.json index 3ae6a06647b..f8437857308 100644 --- a/assets/queries/terraform/nifcloud/elb_use_http/metadata.json +++ b/assets/queries/terraform/nifcloud/elb_use_http/metadata.json @@ -1,9 +1,9 @@ { "id": "e2de2b80-2fc2-4502-a764-40930dfcc70a", - "queryName": "Beta - Nifcloud ELB Use HTTP Protocol", - "severity": "HIGH", - "category": "Insecure Configurations", - "descriptionText": "The elb use http protocol", + "queryName": "Nifcloud ELB Using HTTP Protocol", + "severity": "MEDIUM", + "category": "Networking and Firewall", + "descriptionText": "The ELB using HTTP protocol", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/elb#protocol", "platform": "Terraform", "descriptionID": "051c06d1", diff --git a/assets/queries/terraform/nifcloud/elb_use_http/query.rego b/assets/queries/terraform/nifcloud/elb_use_http/query.rego index 1802d083b95..3fdbf23e575 100644 --- a/assets/queries/terraform/nifcloud/elb_use_http/query.rego +++ b/assets/queries/terraform/nifcloud/elb_use_http/query.rego @@ -40,7 +40,7 @@ CxPolicy[result] { "resourceName": tf_lib.get_resource_name(elb, name), "searchKey": sprintf("nifcloud_elb[%s]", [name]), "issueType": "IncorrectValue", - "keyExpectedValue": sprintf("'nifcloud_elb[%s]' should switch to HTTPS to benefit from TLS security features", [name]), - "keyActualValue": sprintf("'nifcloud_elb[%s]' use HTTP protocol", [name]), + "keyExpectedValue": sprintf("'nifcloud_elb[%s]' should switch to HTTPS to benefit from TLS security features.", [name]), + "keyActualValue": sprintf("'nifcloud_elb[%s]' using HTTP protocol.", [name]), } } diff --git a/assets/queries/terraform/nifcloud/elb_use_http/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/elb_use_http/test/positive_expected_result.json index 146d2fe7bd9..8234db197e2 100644 --- a/assets/queries/terraform/nifcloud/elb_use_http/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/elb_use_http/test/positive_expected_result.json @@ -1,13 +1,13 @@ [ { - "queryName": "Beta - Nifcloud ELB Use HTTP Protocol", - "severity": "HIGH", + "queryName": "Nifcloud ELB Using HTTP Protocol", + "severity": "MEDIUM", "line": 1, "fileName": "positive1.tf" }, { - "queryName": "Beta - Nifcloud ELB Use HTTP Protocol", - "severity": "HIGH", + "queryName": "Nifcloud ELB Using HTTP Protocol", + "severity": "MEDIUM", "line": 1, "fileName": "positive2.tf" } diff --git a/assets/queries/terraform/nifcloud/load_balancer_listener_use_http/metadata.json b/assets/queries/terraform/nifcloud/load_balancer_listener_use_http/metadata.json index c15c409afb9..8800cb9396a 100644 --- a/assets/queries/terraform/nifcloud/load_balancer_listener_use_http/metadata.json +++ b/assets/queries/terraform/nifcloud/load_balancer_listener_use_http/metadata.json @@ -1,9 +1,9 @@ { "id": "9f751a80-31f0-43a3-926c-20772791a038", - "queryName": "Beta - Nifcloud LB Listener Use HTTP Port", - "severity": "HIGH", - "category": "Insecure Configurations", - "descriptionText": "The lb listener use http port", + "queryName": "Nifcloud LB Listener Using HTTP Port", + "severity": "MEDIUM", + "category": "Networking and Firewall", + "descriptionText": "The LB listener using HTTP port", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/load_balancer_listener#load_balancer_port", "platform": "Terraform", "descriptionID": "c078c492", diff --git a/assets/queries/terraform/nifcloud/load_balancer_listener_use_http/query.rego b/assets/queries/terraform/nifcloud/load_balancer_listener_use_http/query.rego index 857c05785a6..00045c9c3ba 100644 --- a/assets/queries/terraform/nifcloud/load_balancer_listener_use_http/query.rego +++ b/assets/queries/terraform/nifcloud/load_balancer_listener_use_http/query.rego @@ -14,7 +14,7 @@ CxPolicy[result] { "resourceName": tf_lib.get_resource_name(lb_listener, name), "searchKey": sprintf("nifcloud_load_balancer_listener[%s]", [name]), "issueType": "IncorrectValue", - "keyExpectedValue": sprintf("'nifcloud_load_balancer_listener[%s]' should switch to HTTPS to benefit from TLS security features", [name]), - "keyActualValue": sprintf("'nifcloud_load_balancer_listener[%s]' use HTTP port", [name]), + "keyExpectedValue": sprintf("'nifcloud_load_balancer_listener[%s]' should switch to HTTPS to benefit from TLS security features.", [name]), + "keyActualValue": sprintf("'nifcloud_load_balancer_listener[%s]' using HTTP port.", [name]), } } diff --git a/assets/queries/terraform/nifcloud/load_balancer_listener_use_http/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/load_balancer_listener_use_http/test/positive_expected_result.json index bc9ab818464..2546d14e399 100644 --- a/assets/queries/terraform/nifcloud/load_balancer_listener_use_http/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/load_balancer_listener_use_http/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { - "queryName": "Beta - Nifcloud LB Listener Use HTTP Port", - "severity": "HIGH", + "queryName": "Nifcloud LB Listener Using HTTP Port", + "severity": "MEDIUM", "line": 1, "fileName": "positive.tf" } diff --git a/assets/queries/terraform/nifcloud/load_balancer_use_http/metadata.json b/assets/queries/terraform/nifcloud/load_balancer_use_http/metadata.json index e2c64cb5c13..63ae5799555 100644 --- a/assets/queries/terraform/nifcloud/load_balancer_use_http/metadata.json +++ b/assets/queries/terraform/nifcloud/load_balancer_use_http/metadata.json @@ -1,9 +1,9 @@ { "id": "94e47f3f-b90b-43a1-a36d-521580bae863", - "queryName": "Beta - Nifcloud LB Use HTTP Port", - "severity": "HIGH", - "category": "Insecure Configurations", - "descriptionText": "The lb use http port", + "queryName": "Nifcloud LB Using HTTP Port", + "severity": "MEDIUM", + "category": "Networking and Firewall", + "descriptionText": "The LB using HTTP port", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/load_balancer#load_balancer_port", "platform": "Terraform", "descriptionID": "fc3831f9", diff --git a/assets/queries/terraform/nifcloud/load_balancer_use_http/query.rego b/assets/queries/terraform/nifcloud/load_balancer_use_http/query.rego index d561621bd1b..0f66222c54c 100644 --- a/assets/queries/terraform/nifcloud/load_balancer_use_http/query.rego +++ b/assets/queries/terraform/nifcloud/load_balancer_use_http/query.rego @@ -14,7 +14,7 @@ CxPolicy[result] { "resourceName": tf_lib.get_resource_name(lb, name), "searchKey": sprintf("nifcloud_load_balancer[%s]", [name]), "issueType": "IncorrectValue", - "keyExpectedValue": sprintf("'nifcloud_load_balancer[%s]' should switch to HTTPS to benefit from TLS security features", [name]), - "keyActualValue": sprintf("'nifcloud_load_balancer[%s]' use HTTP port", [name]), + "keyExpectedValue": sprintf("'nifcloud_load_balancer[%s]' should switch to HTTPS to benefit from TLS security features.", [name]), + "keyActualValue": sprintf("'nifcloud_load_balancer[%s]' using HTTP port.", [name]), } } diff --git a/assets/queries/terraform/nifcloud/load_balancer_use_http/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/load_balancer_use_http/test/positive_expected_result.json index 6a1ff808de3..9e59261f27a 100644 --- a/assets/queries/terraform/nifcloud/load_balancer_use_http/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/load_balancer_use_http/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { - "queryName": "Beta - Nifcloud LB Use HTTP Port", - "severity": "HIGH", + "queryName": "Nifcloud LB Using HTTP Port", + "severity": "MEDIUM", "line": 1, "fileName": "positive.tf" } diff --git a/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_id/metadata.json b/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_id/metadata.json index 7da6370a1af..521812003d8 100644 --- a/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_id/metadata.json +++ b/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_id/metadata.json @@ -1,9 +1,9 @@ { "id": "944439c7-b4b8-476a-8f83-14641ea876ba", - "queryName": "Beta - Nifcloud LB Use Insecure TLS Policy ID", - "severity": "HIGH", - "category": "Insecure Configurations", - "descriptionText": "The lb use insecure tls policy", + "queryName": "Nifcloud LB Using Insecure TLS Policy ID", + "severity": "MEDIUM", + "category": "Encryption", + "descriptionText": "The LB using insecure TLS policy", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/load_balancer#ssl_policy_id", "platform": "Terraform", "descriptionID": "4e6e920b", diff --git a/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_id/query.rego b/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_id/query.rego index e0b5c9a5c51..f8d5efe46ae 100644 --- a/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_id/query.rego +++ b/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_id/query.rego @@ -23,7 +23,7 @@ CxPolicy[result] { "searchKey": sprintf("nifcloud_load_balancer[%s]", [name]), "issueType": "MissingAttribute", "keyExpectedValue": sprintf("'nifcloud_load_balancer[%s]' should not use outdated/insecure TLS versions for encryption. You should be using TLS v1.2+.", [name]), - "keyActualValue": sprintf("'nifcloud_load_balancer[%s]' use outdated SSL policy", [name]), + "keyActualValue": sprintf("'nifcloud_load_balancer[%s]' using outdated SSL policy.", [name]), } } @@ -39,6 +39,6 @@ CxPolicy[result] { "searchKey": sprintf("nifcloud_load_balancer[%s]", [name]), "issueType": "IncorrectValue", "keyExpectedValue": sprintf("'nifcloud_load_balancer[%s]' should not use outdated/insecure TLS versions for encryption. You should be using TLS v1.2+.", [name]), - "keyActualValue": sprintf("'nifcloud_load_balancer[%s]' use outdated SSL policy", [name]), + "keyActualValue": sprintf("'nifcloud_load_balancer[%s]' using outdated SSL policy.", [name]), } } diff --git a/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_id/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_id/test/positive_expected_result.json index dccfbf00a2e..7cc8afe871c 100644 --- a/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_id/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_id/test/positive_expected_result.json @@ -1,13 +1,13 @@ [ { - "queryName": "Beta - Nifcloud LB Use Insecure TLS Policy ID", - "severity": "HIGH", + "queryName": "Nifcloud LB Using Insecure TLS Policy ID", + "severity": "MEDIUM", "line": 1, "fileName": "positive1.tf" }, { - "queryName": "Beta - Nifcloud LB Use Insecure TLS Policy ID", - "severity": "HIGH", + "queryName": "Nifcloud LB Using Insecure TLS Policy ID", + "severity": "MEDIUM", "line": 1, "fileName": "positive2.tf" } diff --git a/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_name/metadata.json b/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_name/metadata.json index 907659e9af8..105c670c1e3 100644 --- a/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_name/metadata.json +++ b/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_name/metadata.json @@ -1,9 +1,9 @@ { "id": "675e8eaa-2754-42b7-bf33-bfa295d1601d", - "queryName": "Beta - Nifcloud LB Use Insecure TLS Policy Name", - "severity": "HIGH", - "category": "Insecure Configurations", - "descriptionText": "The lb use insecure tls policy", + "queryName": "Nifcloud LB Using Insecure TLS Policy Name", + "severity": "MEDIUM", + "category": "Encryption", + "descriptionText": "The LB using insecure TLS policy", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/load_balancer#ssl_policy_name", "platform": "Terraform", "descriptionID": "be14dafb", diff --git a/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_name/query.rego b/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_name/query.rego index ca671d267b7..eb14db07744 100644 --- a/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_name/query.rego +++ b/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_name/query.rego @@ -23,7 +23,7 @@ CxPolicy[result] { "searchKey": sprintf("nifcloud_load_balancer[%s]", [name]), "issueType": "MissingAttribute", "keyExpectedValue": sprintf("'nifcloud_load_balancer[%s]' should not use outdated/insecure TLS versions for encryption. You should be using TLS v1.2+.", [name]), - "keyActualValue": sprintf("'nifcloud_load_balancer[%s]' use outdated SSL policy", [name]), + "keyActualValue": sprintf("'nifcloud_load_balancer[%s]' using outdated SSL policy.", [name]), } } @@ -39,6 +39,6 @@ CxPolicy[result] { "searchKey": sprintf("nifcloud_load_balancer[%s]", [name]), "issueType": "IncorrectValue", "keyExpectedValue": sprintf("'nifcloud_load_balancer[%s]' should not use outdated/insecure TLS versions for encryption. You should be using TLS v1.2+.", [name]), - "keyActualValue": sprintf("'nifcloud_load_balancer[%s]' use outdated SSL policy", [name]), + "keyActualValue": sprintf("'nifcloud_load_balancer[%s]' using outdated SSL policy.", [name]), } } diff --git a/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_name/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_name/test/positive_expected_result.json index e6d0ee61318..7bb192e65b9 100644 --- a/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_name/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/load_balancer_use_insecure_tls_policy_name/test/positive_expected_result.json @@ -1,13 +1,13 @@ [ { - "queryName": "Beta - Nifcloud LB Use Insecure TLS Policy Name", - "severity": "HIGH", + "queryName": "Nifcloud LB Using Insecure TLS Policy Name", + "severity": "MEDIUM", "line": 1, "fileName": "positive1.tf" }, { - "queryName": "Beta - Nifcloud LB Use Insecure TLS Policy Name", - "severity": "HIGH", + "queryName": "Nifcloud LB Using Insecure TLS Policy Name", + "severity": "MEDIUM", "line": 1, "fileName": "positive2.tf" } diff --git a/assets/queries/terraform/nifcloud/nas_instance_has_common_private/metadata.json b/assets/queries/terraform/nifcloud/nas_instance_has_common_private/metadata.json index c3fac59d416..665efe0976d 100644 --- a/assets/queries/terraform/nifcloud/nas_instance_has_common_private/metadata.json +++ b/assets/queries/terraform/nifcloud/nas_instance_has_common_private/metadata.json @@ -1,9 +1,9 @@ { "id": "4b801c38-ebb4-4c81-984b-1ba525d43adf", - "queryName": "Beta - Nifcloud NAS Has Common Private Network", + "queryName": "Nifcloud NAS Has Common Private Network", "severity": "LOW", "category": "Networking and Firewall", - "descriptionText": "The nas has common private network", + "descriptionText": "The NAS has common private network", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/nas_instance#network_id", "platform": "Terraform", "descriptionID": "a54c489c", diff --git a/assets/queries/terraform/nifcloud/nas_instance_has_common_private/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/nas_instance_has_common_private/test/positive_expected_result.json index e3d6da98c5f..25d43939456 100644 --- a/assets/queries/terraform/nifcloud/nas_instance_has_common_private/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/nas_instance_has_common_private/test/positive_expected_result.json @@ -1,6 +1,6 @@ [ { - "queryName": "Beta - Nifcloud NAS Has Common Private Network", + "queryName": "Nifcloud NAS Has Common Private Network", "severity": "LOW", "line": 1, "fileName": "positive.tf" diff --git a/assets/queries/terraform/nifcloud/nas_security_group_description_undefined/metadata.json b/assets/queries/terraform/nifcloud/nas_security_group_description_undefined/metadata.json index f22a90b39d8..63048a1d7ee 100644 --- a/assets/queries/terraform/nifcloud/nas_security_group_description_undefined/metadata.json +++ b/assets/queries/terraform/nifcloud/nas_security_group_description_undefined/metadata.json @@ -1,9 +1,9 @@ { "id": "e840c54a-7a4c-405f-b8c1-c49a54b87d11", - "queryName": "Beta - Nifcloud NAS Undefined Description To NAS Security Group", - "severity": "LOW", - "category": "Networking and Firewall", - "descriptionText": "Missing description for nas security group", + "queryName": "Nifcloud NAS Undefined Description To NAS Security Group", + "severity": "INFO", + "category": "Best Practices", + "descriptionText": "It's considered a best practice for NAS Security Group to have a description", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/nas_security_group#description", "platform": "Terraform", "descriptionID": "ae325808", diff --git a/assets/queries/terraform/nifcloud/nas_security_group_description_undefined/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/nas_security_group_description_undefined/test/positive_expected_result.json index 166c9db9633..7a29f969aee 100644 --- a/assets/queries/terraform/nifcloud/nas_security_group_description_undefined/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/nas_security_group_description_undefined/test/positive_expected_result.json @@ -1,7 +1,7 @@ [ { - "queryName": "Beta - Nifcloud NAS Undefined Description To NAS Security Group", - "severity": "LOW", + "queryName": "Nifcloud NAS Undefined Description To NAS Security Group", + "severity": "INFO", "line": 1, "fileName": "positive.tf" } diff --git a/assets/queries/terraform/nifcloud/nas_security_group_has_public_ingress_sgr/metadata.json b/assets/queries/terraform/nifcloud/nas_security_group_has_public_ingress_sgr/metadata.json index 4f3a915a2cc..afd8fe18534 100644 --- a/assets/queries/terraform/nifcloud/nas_security_group_has_public_ingress_sgr/metadata.json +++ b/assets/queries/terraform/nifcloud/nas_security_group_has_public_ingress_sgr/metadata.json @@ -1,9 +1,9 @@ { "id": "8d7758a7-d9cd-499a-a83e-c9bdcbff728d", - "queryName": "Beta - Nifcloud NAS Has Public Ingress NAS Security Group Rule", + "queryName": "Nifcloud NAS Has Public Ingress NAS Security Group Rule", "severity": "HIGH", "category": "Networking and Firewall", - "descriptionText": "An ingress nas security group rule allows traffic from /0", + "descriptionText": "An ingress NAS security group rule allows traffic from /0", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/nas_security_group#cidr_ip", "platform": "Terraform", "descriptionID": "5cf1f2e2", diff --git a/assets/queries/terraform/nifcloud/nas_security_group_has_public_ingress_sgr/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/nas_security_group_has_public_ingress_sgr/test/positive_expected_result.json index 1a29d198142..3aa266359bb 100644 --- a/assets/queries/terraform/nifcloud/nas_security_group_has_public_ingress_sgr/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/nas_security_group_has_public_ingress_sgr/test/positive_expected_result.json @@ -1,6 +1,6 @@ [ { - "queryName": "Beta - Nifcloud NAS Has Public Ingress NAS Security Group Rule", + "queryName": "Nifcloud NAS Has Public Ingress NAS Security Group Rule", "severity": "HIGH", "line": 1, "fileName": "positive.tf" diff --git a/assets/queries/terraform/nifcloud/router_has_common_private/metadata.json b/assets/queries/terraform/nifcloud/router_has_common_private/metadata.json index edadfc8e81c..3fefc640b3b 100644 --- a/assets/queries/terraform/nifcloud/router_has_common_private/metadata.json +++ b/assets/queries/terraform/nifcloud/router_has_common_private/metadata.json @@ -1,9 +1,9 @@ { "id": "30c2760c-740e-4672-9d7f-2c29e0cb385d", - "queryName": "Beta - Nifcloud Router Has Common Private Network", + "queryName": "Nifcloud Router Has Common Private Network", "severity": "LOW", "category": "Networking and Firewall", - "descriptionText": "The router has common private network", + "descriptionText": "The Router has common private network", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/router#network_id", "platform": "Terraform", "descriptionID": "ca6704da", diff --git a/assets/queries/terraform/nifcloud/router_has_common_private/query.rego b/assets/queries/terraform/nifcloud/router_has_common_private/query.rego index 0d767d52c6c..1d1165bcc5f 100644 --- a/assets/queries/terraform/nifcloud/router_has_common_private/query.rego +++ b/assets/queries/terraform/nifcloud/router_has_common_private/query.rego @@ -14,8 +14,8 @@ CxPolicy[result] { "resourceName": tf_lib.get_resource_name(router, name), "searchKey": sprintf("nifcloud_router[%s]", [name]), "issueType": "IncorrectValue", - "keyExpectedValue": sprintf("'nifcloud_router[%s]' should use a private LAN to isolate the private side network from the shared network", [name]), - "keyActualValue": sprintf("'nifcloud_router[%s]' has common private network", [name]), + "keyExpectedValue": sprintf("'nifcloud_router[%s]' should use a private LAN to isolate the private side network from the shared network.", [name]), + "keyActualValue": sprintf("'nifcloud_router[%s]' has common private network.", [name]), } } @@ -30,7 +30,7 @@ CxPolicy[result] { "resourceName": tf_lib.get_resource_name(router, name), "searchKey": sprintf("nifcloud_router[%s]", [name]), "issueType": "IncorrectValue", - "keyExpectedValue": sprintf("'nifcloud_router[%s]' should use a private LAN to isolate the private side network from the shared network", [name]), - "keyActualValue": sprintf("'nifcloud_router[%s]' has common private network", [name]), + "keyExpectedValue": sprintf("'nifcloud_router[%s]' should use a private LAN to isolate the private side network from the shared network.", [name]), + "keyActualValue": sprintf("'nifcloud_router[%s]' has common private network.", [name]), } } diff --git a/assets/queries/terraform/nifcloud/router_has_common_private/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/router_has_common_private/test/positive_expected_result.json index dc13e7e881a..4ee87233b90 100644 --- a/assets/queries/terraform/nifcloud/router_has_common_private/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/router_has_common_private/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { - "queryName": "Beta - Nifcloud Router Has Common Private Network", + "queryName": "Nifcloud Router Has Common Private Network", "severity": "LOW", "line": 1, "fileName": "positive1.tf" }, { - "queryName": "Beta - Nifcloud Router Has Common Private Network", + "queryName": "Nifcloud Router Has Common Private Network", "severity": "LOW", "line": 1, "fileName": "positive2.tf" diff --git a/assets/queries/terraform/nifcloud/router_security_group_undefined/metadata.json b/assets/queries/terraform/nifcloud/router_security_group_undefined/metadata.json index bd8731ceb84..362d3245f08 100644 --- a/assets/queries/terraform/nifcloud/router_security_group_undefined/metadata.json +++ b/assets/queries/terraform/nifcloud/router_security_group_undefined/metadata.json @@ -1,9 +1,9 @@ { "id": "e7dada38-af20-4899-8955-dabea84ab1f0", - "queryName": "Beta - Nifcloud Router Undefined Security Group To Router", + "queryName": "Nifcloud Router Undefined Security Group", "severity": "HIGH", "category": "Networking and Firewall", - "descriptionText": "Missing security group for router", + "descriptionText": "Missing security group for Router", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/router#security_group", "platform": "Terraform", "descriptionID": "4cd22b80", diff --git a/assets/queries/terraform/nifcloud/router_security_group_undefined/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/router_security_group_undefined/test/positive_expected_result.json index 5b5091810f0..56e9ea411de 100644 --- a/assets/queries/terraform/nifcloud/router_security_group_undefined/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/router_security_group_undefined/test/positive_expected_result.json @@ -1,6 +1,6 @@ [ { - "queryName": "Beta - Nifcloud Router Undefined Security Group To Router", + "queryName": "Nifcloud Router Undefined Security Group", "severity": "HIGH", "line": 1, "fileName": "positive.tf" diff --git a/assets/queries/terraform/nifcloud/vpn_gateway_security_group_undefined/metadata.json b/assets/queries/terraform/nifcloud/vpn_gateway_security_group_undefined/metadata.json index c5181b32af6..11823abfa80 100644 --- a/assets/queries/terraform/nifcloud/vpn_gateway_security_group_undefined/metadata.json +++ b/assets/queries/terraform/nifcloud/vpn_gateway_security_group_undefined/metadata.json @@ -1,9 +1,9 @@ { "id": "b3535a48-910c-47f8-8b3b-14222f29ef80", - "queryName": "Beta - Nifcloud Vpn Gateway Undefined Security Group To Vpn Gateway", + "queryName": "Nifcloud VPN Gateway Undefined Security Group", "severity": "HIGH", "category": "Networking and Firewall", - "descriptionText": "Missing security group for vpn gateway", + "descriptionText": "Missing security group for VPN gateway", "descriptionUrl": "https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/vpn_gateway#security_group", "platform": "Terraform", "descriptionID": "ba50cd20", diff --git a/assets/queries/terraform/nifcloud/vpn_gateway_security_group_undefined/query.rego b/assets/queries/terraform/nifcloud/vpn_gateway_security_group_undefined/query.rego index 492121d4468..bbba29a4222 100644 --- a/assets/queries/terraform/nifcloud/vpn_gateway_security_group_undefined/query.rego +++ b/assets/queries/terraform/nifcloud/vpn_gateway_security_group_undefined/query.rego @@ -14,7 +14,7 @@ CxPolicy[result] { "resourceName": tf_lib.get_resource_name(vpnGateway, name), "searchKey": sprintf("nifcloud_vpn_gateway[%s]", [name]), "issueType": "MissingAttribute", - "keyExpectedValue": sprintf("'nifcloud_vpn_gateway[%s]' should include a security_group for security purposes", [name]), - "keyActualValue": sprintf("'nifcloud_vpn_gateway[%s]' does not have a security_group", [name]), + "keyExpectedValue": sprintf("'nifcloud_vpn_gateway[%s]' should include a security_group for security purposes.", [name]), + "keyActualValue": sprintf("'nifcloud_vpn_gateway[%s]' does not have a security_group defined.", [name]), } } diff --git a/assets/queries/terraform/nifcloud/vpn_gateway_security_group_undefined/test/positive_expected_result.json b/assets/queries/terraform/nifcloud/vpn_gateway_security_group_undefined/test/positive_expected_result.json index 8ad51ae0f85..78ad7248b59 100644 --- a/assets/queries/terraform/nifcloud/vpn_gateway_security_group_undefined/test/positive_expected_result.json +++ b/assets/queries/terraform/nifcloud/vpn_gateway_security_group_undefined/test/positive_expected_result.json @@ -1,6 +1,6 @@ [ { - "queryName": "Beta - Nifcloud Vpn Gateway Undefined Security Group To Vpn Gateway", + "queryName": "Nifcloud VPN Gateway Undefined Security Group", "severity": "HIGH", "line": 1, "fileName": "positive.tf"