github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/iam/require_numbers_in_passwords.go (about) 1 package iam 2 3 import ( 4 "github.com/khulnasoft-lab/defsec/internal/rules" 5 "github.com/khulnasoft-lab/defsec/pkg/framework" 6 "github.com/khulnasoft-lab/defsec/pkg/providers" 7 "github.com/khulnasoft-lab/defsec/pkg/scan" 8 "github.com/khulnasoft-lab/defsec/pkg/severity" 9 "github.com/khulnasoft-lab/defsec/pkg/state" 10 ) 11 12 var CheckRequireNumbersInPasswords = rules.Register( 13 scan.Rule{ 14 AVDID: "AVD-AWS-0059", 15 Provider: providers.AWSProvider, 16 Service: "iam", 17 ShortCode: "require-numbers-in-passwords", 18 Frameworks: map[framework.Framework][]string{ 19 framework.Default: nil, 20 framework.CIS_AWS_1_2: {"1.8"}, 21 }, 22 Summary: "IAM Password policy should have requirement for at least one number in the password.", 23 Impact: "Short, simple passwords are easier to compromise", 24 Resolution: "Enforce longer, more complex passwords in the policy", 25 Explanation: `IAM account password policies should ensure that passwords content including at least one number.`, 26 Links: []string{ 27 "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html#password-policy-details", 28 }, 29 Terraform: &scan.EngineMetadata{ 30 GoodExamples: terraformRequireNumbersInPasswordsGoodExamples, 31 BadExamples: terraformRequireNumbersInPasswordsBadExamples, 32 Links: terraformRequireNumbersInPasswordsLinks, 33 RemediationMarkdown: terraformRequireNumbersInPasswordsRemediationMarkdown, 34 }, 35 Severity: severity.Medium, 36 }, 37 func(s *state.State) (results scan.Results) { 38 policy := s.AWS.IAM.PasswordPolicy 39 if policy.Metadata.IsUnmanaged() { 40 return 41 } 42 43 if policy.RequireNumbers.IsFalse() { 44 results.Add( 45 "Password policy does not require numbers.", 46 policy.RequireNumbers, 47 ) 48 } else { 49 results.AddPassed(&policy) 50 } 51 return 52 }, 53 )