github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/nifcloud/computing/add_description_to_security_group.go (about) 1 package computing 2 3 import ( 4 "github.com/khulnasoft-lab/defsec/internal/rules" 5 "github.com/khulnasoft-lab/defsec/pkg/providers" 6 "github.com/khulnasoft-lab/defsec/pkg/scan" 7 "github.com/khulnasoft-lab/defsec/pkg/severity" 8 "github.com/khulnasoft-lab/defsec/pkg/state" 9 ) 10 11 var CheckAddDescriptionToSecurityGroup = rules.Register( 12 scan.Rule{ 13 AVDID: "AVD-NIF-0002", 14 Aliases: []string{"nifcloud-computing-add-description-to-security-group"}, 15 Provider: providers.NifcloudProvider, 16 Service: "computing", 17 ShortCode: "add-description-to-security-group", 18 Summary: "Missing description for security group.", 19 Impact: "Descriptions provide context for the firewall rule reasons", 20 Resolution: "Add descriptions for all security groups", 21 Explanation: `Security groups should include a description for auditing purposes. 22 23 Simplifies auditing, debugging, and managing security groups.`, 24 Links: []string{ 25 "https://pfs.nifcloud.com/help/fw/change.htm", 26 }, 27 Terraform: &scan.EngineMetadata{ 28 GoodExamples: terraformAddDescriptionToSecurityGroupGoodExamples, 29 BadExamples: terraformAddDescriptionToSecurityGroupBadExamples, 30 Links: terraformAddDescriptionToSecurityGroupLinks, 31 RemediationMarkdown: terraformAddDescriptionToSecurityGroupRemediationMarkdown, 32 }, 33 Severity: severity.Low, 34 }, 35 func(s *state.State) (results scan.Results) { 36 for _, group := range s.Nifcloud.Computing.SecurityGroups { 37 if group.Metadata.IsUnmanaged() { 38 continue 39 } 40 if group.Description.IsEmpty() { 41 results.Add( 42 "Security group does not have a description.", 43 group.Description, 44 ) 45 } else if group.Description.EqualTo("Managed by Terraform") { 46 results.Add( 47 "Security group explicitly uses the default description.", 48 group.Description, 49 ) 50 } else { 51 results.AddPassed(&group) 52 } 53 } 54 return 55 }, 56 )