github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/nifcloud/network/add_security_group_to_router.go (about) 1 package network 2 3 import ( 4 "github.com/khulnasoft-lab/defsec/internal/rules" 5 "github.com/khulnasoft-lab/defsec/pkg/providers" 6 "github.com/khulnasoft-lab/defsec/pkg/scan" 7 "github.com/khulnasoft-lab/defsec/pkg/severity" 8 "github.com/khulnasoft-lab/defsec/pkg/state" 9 ) 10 11 var CheckAddSecurityGroupToRouter = rules.Register( 12 scan.Rule{ 13 AVDID: "AVD-NIF-0016", 14 Aliases: []string{"nifcloud-computing-add-security-group-to-router"}, 15 Provider: providers.NifcloudProvider, 16 Service: "network", 17 ShortCode: "add-security-group-to-router", 18 Summary: "Missing security group for router.", 19 Impact: "A security group controls the traffic that is allowed to reach and leave the resources that it is associated with.", 20 Resolution: "Add security group for all routers", 21 Explanation: "Need to add a security group to your router.", 22 Links: []string{ 23 "https://pfs.nifcloud.com/help/router/change.htm", 24 }, 25 Terraform: &scan.EngineMetadata{ 26 GoodExamples: terraformAddSecurityGroupToRouterGoodExamples, 27 BadExamples: terraformAddSecurityGroupToRouterBadExamples, 28 Links: terraformAddSecurityGroupToRouterLinks, 29 RemediationMarkdown: terraformAddSecurityGroupToRouterRemediationMarkdown, 30 }, 31 Severity: severity.Critical, 32 }, 33 func(s *state.State) (results scan.Results) { 34 for _, router := range s.Nifcloud.Network.Routers { 35 if router.Metadata.IsUnmanaged() { 36 continue 37 } 38 if router.SecurityGroup.IsEmpty() { 39 results.Add( 40 "Router does not have a securiy group.", 41 router.SecurityGroup, 42 ) 43 } else { 44 results.AddPassed(&router) 45 } 46 } 47 return 48 }, 49 )