github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/iam/require_uppercase_in_passwords.go (about) 1 package iam 2 3 import ( 4 "github.com/khulnasoft-lab/defsec/internal/rules" 5 "github.com/khulnasoft-lab/defsec/pkg/framework" 6 "github.com/khulnasoft-lab/defsec/pkg/providers" 7 "github.com/khulnasoft-lab/defsec/pkg/scan" 8 "github.com/khulnasoft-lab/defsec/pkg/severity" 9 "github.com/khulnasoft-lab/defsec/pkg/state" 10 ) 11 12 var CheckRequireUppercaseInPasswords = rules.Register( 13 scan.Rule{ 14 AVDID: "AVD-AWS-0061", 15 Provider: providers.AWSProvider, 16 Service: "iam", 17 ShortCode: "require-uppercase-in-passwords", 18 Frameworks: map[framework.Framework][]string{ 19 framework.Default: nil, 20 framework.CIS_AWS_1_2: {"1.5"}, 21 }, 22 Summary: "IAM Password policy should have requirement for at least one uppercase character.", 23 Impact: "Short, simple passwords are easier to compromise", 24 Resolution: "Enforce longer, more complex passwords in the policy", 25 Explanation: `, 26 IAM account password policies should ensure that passwords content including at least one uppercase character.`, 27 Links: []string{ 28 "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html#password-policy-details", 29 }, 30 Terraform: &scan.EngineMetadata{ 31 GoodExamples: terraformRequireUppercaseInPasswordsGoodExamples, 32 BadExamples: terraformRequireUppercaseInPasswordsBadExamples, 33 Links: terraformRequireUppercaseInPasswordsLinks, 34 RemediationMarkdown: terraformRequireUppercaseInPasswordsRemediationMarkdown, 35 }, 36 Severity: severity.Medium, 37 }, 38 func(s *state.State) (results scan.Results) { 39 policy := s.AWS.IAM.PasswordPolicy 40 if policy.Metadata.IsUnmanaged() { 41 return 42 } 43 44 if policy.RequireUppercase.IsFalse() { 45 results.Add( 46 "Password policy does not require uppercase characters.", 47 policy.RequireUppercase, 48 ) 49 } else { 50 results.AddPassed(&policy) 51 } 52 return 53 }, 54 )