github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/iam/limit_user_access_keys.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/iam/limit_user_access_keys.go (about)

     1  package iam
     2  
     3  import (
     4  	"github.com/khulnasoft-lab/defsec/pkg/framework"
     5  
     6  	"github.com/khulnasoft-lab/defsec/pkg/severity"
     7  
     8  	"github.com/khulnasoft-lab/defsec/pkg/state"
     9  
    10  	"github.com/khulnasoft-lab/defsec/pkg/scan"
    11  
    12  	"github.com/khulnasoft-lab/defsec/internal/rules"
    13  
    14  	"github.com/khulnasoft-lab/defsec/pkg/providers"
    15  )
    16  
    17  var CheckLimitUserAccessKeys = rules.Register(
    18  	scan.Rule{
    19  		AVDID:    "AVD-AWS-0167",
    20  		Provider: providers.AWSProvider,
    21  		Frameworks: map[framework.Framework][]string{
    22  			framework.CIS_AWS_1_4: {"1.13"},
    23  		},
    24  		Service:    "iam",
    25  		ShortCode:  "limit-user-access-keys",
    26  		Summary:    "No user should have more than one active access key.",
    27  		Impact:     "Widened scope for compromise.",
    28  		Resolution: "Limit the number of active access keys to one key per user.",
    29  		Explanation: `
    30  Multiple active access keys widens the scope for compromise.
    31  			`,
    32  		Links: []string{
    33  			"https://console.aws.amazon.com/iam/",
    34  		},
    35  		Severity: severity.Low,
    36  	},
    37  	func(s *state.State) (results scan.Results) {
    38  		for _, user := range s.AWS.IAM.Users {
    39  			var countActive int
    40  			for _, key := range user.AccessKeys {
    41  				if key.Active.IsTrue() {
    42  					countActive++
    43  				}
    44  			}
    45  			if countActive > 1 {
    46  				results.Add("User has more than one active access key", &user)
    47  			} else {
    48  				results.AddPassed(&user)
    49  			}
    50  		}
    51  		return
    52  	},
    53  )