github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/iam/set_minimum_password_length.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/iam/set_minimum_password_length.go (about)

     1  package iam
     2  
     3  import (
     4  	"github.com/khulnasoft-lab/defsec/internal/rules"
     5  	"github.com/khulnasoft-lab/defsec/pkg/framework"
     6  	"github.com/khulnasoft-lab/defsec/pkg/providers"
     7  	"github.com/khulnasoft-lab/defsec/pkg/scan"
     8  	"github.com/khulnasoft-lab/defsec/pkg/severity"
     9  	"github.com/khulnasoft-lab/defsec/pkg/state"
    10  )
    11  
    12  var CheckSetMinimumPasswordLength = rules.Register(
    13  	scan.Rule{
    14  		AVDID:     "AVD-AWS-0063",
    15  		Provider:  providers.AWSProvider,
    16  		Service:   "iam",
    17  		ShortCode: "set-minimum-password-length",
    18  		Frameworks: map[framework.Framework][]string{
    19  			framework.Default:     nil,
    20  			framework.CIS_AWS_1_2: {"1.9"},
    21  			framework.CIS_AWS_1_4: {"1.8"},
    22  		},
    23  		Summary:    "IAM Password policy should have minimum password length of 14 or more characters.",
    24  		Impact:     "Short, simple passwords are easier to compromise",
    25  		Resolution: "Enforce longer, more complex passwords in the policy",
    26  		Explanation: `IAM account password policies should ensure that passwords have a minimum length. 
    27  
    28  The account password policy should be set to enforce minimum password length of at least 14 characters.`,
    29  		Links: []string{
    30  			"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html#password-policy-details",
    31  		},
    32  		Terraform: &scan.EngineMetadata{
    33  			GoodExamples:        terraformSetMinimumPasswordLengthGoodExamples,
    34  			BadExamples:         terraformSetMinimumPasswordLengthBadExamples,
    35  			Links:               terraformSetMinimumPasswordLengthLinks,
    36  			RemediationMarkdown: terraformSetMinimumPasswordLengthRemediationMarkdown,
    37  		},
    38  		Severity: severity.Medium,
    39  	},
    40  	func(s *state.State) (results scan.Results) {
    41  		policy := s.AWS.IAM.PasswordPolicy
    42  		if policy.Metadata.IsUnmanaged() {
    43  			return
    44  		}
    45  
    46  		if policy.MinimumLength.LessThan(14) {
    47  			results.Add(
    48  				"Password policy has a minimum password length of less than 14 characters.",
    49  				policy.MinimumLength,
    50  			)
    51  		} else {
    52  			results.AddPassed(&policy)
    53  		}
    54  		return
    55  	},
    56  )