github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/azure/storage/queue_services_logging_enabled.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/azure/storage/queue_services_logging_enabled.go (about)

     1  package storage
     2  
     3  import (
     4  	"github.com/khulnasoft-lab/defsec/internal/rules"
     5  	"github.com/khulnasoft-lab/defsec/pkg/providers"
     6  	"github.com/khulnasoft-lab/defsec/pkg/scan"
     7  	"github.com/khulnasoft-lab/defsec/pkg/severity"
     8  	"github.com/khulnasoft-lab/defsec/pkg/state"
     9  )
    10  
    11  var CheckQueueServicesLoggingEnabled = rules.Register(
    12  	scan.Rule{
    13  		AVDID:      "AVD-AZU-0009",
    14  		Provider:   providers.AzureProvider,
    15  		Service:    "storage",
    16  		ShortCode:  "queue-services-logging-enabled",
    17  		Summary:    "When using Queue Services for a storage account, logging should be enabled.",
    18  		Impact:     "Logging provides valuable information about access and usage",
    19  		Resolution: "Enable logging for Queue Services",
    20  		Explanation: `Storage Analytics logs detailed information about successful and failed requests to a storage service. 
    21  
    22  This information can be used to monitor individual requests and to diagnose issues with a storage service. 
    23  
    24  Requests are logged on a best-effort basis.`,
    25  		Links: []string{
    26  			"https://docs.microsoft.com/en-us/azure/storage/common/storage-analytics-logging?tabs=dotnet",
    27  		},
    28  		Terraform: &scan.EngineMetadata{
    29  			GoodExamples:        terraformQueueServicesLoggingEnabledGoodExamples,
    30  			BadExamples:         terraformQueueServicesLoggingEnabledBadExamples,
    31  			Links:               terraformQueueServicesLoggingEnabledLinks,
    32  			RemediationMarkdown: terraformQueueServicesLoggingEnabledRemediationMarkdown,
    33  		},
    34  		Severity: severity.Medium,
    35  	},
    36  	func(s *state.State) (results scan.Results) {
    37  		for _, account := range s.Azure.Storage.Accounts {
    38  			if account.Metadata.IsUnmanaged() || len(account.Queues) == 0 {
    39  				continue
    40  			}
    41  			if account.QueueProperties.EnableLogging.IsFalse() {
    42  				results.Add(
    43  					"Queue services storage account does not have logging enabled.",
    44  					account.QueueProperties.EnableLogging,
    45  				)
    46  			} else {
    47  				results.AddPassed(&account)
    48  			}
    49  		}
    50  		return
    51  	},
    52  )