github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/redshift/add_description_to_security_group.go (about) 1 package redshift 2 3 import ( 4 "github.com/khulnasoft-lab/defsec/internal/rules" 5 "github.com/khulnasoft-lab/defsec/pkg/providers" 6 "github.com/khulnasoft-lab/defsec/pkg/scan" 7 "github.com/khulnasoft-lab/defsec/pkg/severity" 8 "github.com/khulnasoft-lab/defsec/pkg/state" 9 ) 10 11 var CheckAddDescriptionToSecurityGroup = rules.Register( 12 scan.Rule{ 13 AVDID: "AVD-AWS-0083", 14 Provider: providers.AWSProvider, 15 Service: "redshift", 16 ShortCode: "add-description-to-security-group", 17 Summary: "Missing description for security group/security group rule.", 18 Impact: "Descriptions provide context for the firewall rule reasons", 19 Resolution: "Add descriptions for all security groups and rules", 20 Explanation: `Security groups and security group rules should include a description for auditing purposes. 21 22 Simplifies auditing, debugging, and managing security groups.`, 23 Links: []string{ 24 "https://www.cloudconformity.com/knowledge-base/aws/EC2/security-group-rules-description.html", 25 }, 26 CloudFormation: &scan.EngineMetadata{ 27 GoodExamples: cloudFormationAddDescriptionToSecurityGroupGoodExamples, 28 BadExamples: cloudFormationAddDescriptionToSecurityGroupBadExamples, 29 Links: cloudFormationAddDescriptionToSecurityGroupLinks, 30 RemediationMarkdown: cloudFormationAddDescriptionToSecurityGroupRemediationMarkdown, 31 }, 32 Severity: severity.Low, 33 }, 34 func(s *state.State) (results scan.Results) { 35 for _, group := range s.AWS.Redshift.SecurityGroups { 36 if group.Description.IsEmpty() { 37 results.Add( 38 "Security group has no description.", 39 group.Description, 40 ) 41 } else { 42 results.AddPassed(&group) 43 } 44 } 45 return 46 }, 47 )