github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/nifcloud/nas/no_common_private_nas_instance.go (about) 1 package nas 2 3 import ( 4 "github.com/khulnasoft-lab/defsec/internal/rules" 5 "github.com/khulnasoft-lab/defsec/pkg/providers" 6 "github.com/khulnasoft-lab/defsec/pkg/scan" 7 "github.com/khulnasoft-lab/defsec/pkg/severity" 8 "github.com/khulnasoft-lab/defsec/pkg/state" 9 ) 10 11 var CheckNoCommonPrivateNASInstance = rules.Register( 12 scan.Rule{ 13 AVDID: "AVD-NIF-0013", 14 Aliases: []string{"nifcloud-nas-no-common-private-nas-instance"}, 15 Provider: providers.NifcloudProvider, 16 Service: "nas", 17 ShortCode: "no-common-private-nas-instance", 18 Summary: "The nas instance has common private network", 19 Impact: "The common private network is shared with other users", 20 Resolution: "Use private LAN", 21 Explanation: `When handling sensitive data between servers, please consider using a private LAN to isolate the private side network from the shared network.`, 22 Links: []string{ 23 "https://pfs.nifcloud.com/service/plan.htm", 24 }, 25 Terraform: &scan.EngineMetadata{ 26 GoodExamples: terraformNoCommonPrivateNASInstanceGoodExamples, 27 BadExamples: terraformNoCommonPrivateNASInstanceBadExamples, 28 Links: terraformNoCommonPrivateNASInstanceLinks, 29 RemediationMarkdown: terraformNoCommonPrivateNASInstanceRemediationMarkdown, 30 }, 31 Severity: severity.Low, 32 }, 33 func(s *state.State) (results scan.Results) { 34 for _, instance := range s.Nifcloud.NAS.NASInstances { 35 if instance.NetworkID.EqualTo("net-COMMON_PRIVATE") { 36 results.Add( 37 "The nas instance has common private network", 38 instance.NetworkID, 39 ) 40 } else { 41 results.AddPassed(&instance) 42 } 43 } 44 return 45 }, 46 )