github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/nifcloud/nas/add_description_to_nas_security_group.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/nifcloud/nas/add_description_to_nas_security_group.go (about)

     1  package nas
     2  
     3  import (
     4  	"github.com/khulnasoft-lab/defsec/internal/rules"
     5  	"github.com/khulnasoft-lab/defsec/pkg/providers"
     6  	"github.com/khulnasoft-lab/defsec/pkg/scan"
     7  	"github.com/khulnasoft-lab/defsec/pkg/severity"
     8  	"github.com/khulnasoft-lab/defsec/pkg/state"
     9  )
    10  
    11  var CheckAddDescriptionToNASSecurityGroup = rules.Register(
    12  	scan.Rule{
    13  		AVDID:      "AVD-NIF-0015",
    14  		Aliases:    []string{"nifcloud-nas-add-description-to-nas-security-group"},
    15  		Provider:   providers.NifcloudProvider,
    16  		Service:    "nas",
    17  		ShortCode:  "add-description-to-nas-security-group",
    18  		Summary:    "Missing description for nas security group.",
    19  		Impact:     "Descriptions provide context for the firewall rule reasons",
    20  		Resolution: "Add descriptions for all nas security groups",
    21  		Explanation: `NAS security groups should include a description for auditing purposes.
    22  
    23  Simplifies auditing, debugging, and managing nas security groups.`,
    24  		Links: []string{
    25  			"https://pfs.nifcloud.com/help/nas/fw_new.htm",
    26  		},
    27  		Terraform: &scan.EngineMetadata{
    28  			GoodExamples:        terraformAddDescriptionToNASSecurityGroupGoodExamples,
    29  			BadExamples:         terraformAddDescriptionToNASSecurityGroupBadExamples,
    30  			Links:               terraformAddDescriptionToNASSecurityGroupLinks,
    31  			RemediationMarkdown: terraformAddDescriptionToNASSecurityGroupRemediationMarkdown,
    32  		},
    33  		Severity: severity.Low,
    34  	},
    35  	func(s *state.State) (results scan.Results) {
    36  		for _, group := range s.Nifcloud.NAS.NASSecurityGroups {
    37  			if group.Metadata.IsUnmanaged() {
    38  				continue
    39  			}
    40  			if group.Description.IsEmpty() {
    41  				results.Add(
    42  					"NAS security group does not have a description.",
    43  					group.Description,
    44  				)
    45  			} else if group.Description.EqualTo("Managed by Terraform") {
    46  				results.Add(
    47  					"NAS security group explicitly uses the default description.",
    48  					group.Description,
    49  				)
    50  			} else {
    51  				results.AddPassed(&group)
    52  			}
    53  		}
    54  		return
    55  	},
    56  )