github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/openstack/networking/add_description_to_security_group.go (about) 1 package compute 2 3 import ( 4 "github.com/khulnasoft-lab/defsec/internal/rules" 5 "github.com/khulnasoft-lab/defsec/pkg/providers" 6 "github.com/khulnasoft-lab/defsec/pkg/scan" 7 "github.com/khulnasoft-lab/defsec/pkg/severity" 8 "github.com/khulnasoft-lab/defsec/pkg/state" 9 ) 10 11 var CheckSecurityGroupHasDescription = rules.Register( 12 scan.Rule{ 13 AVDID: "AVD-OPNSTK-0005", 14 Provider: providers.OpenStackProvider, 15 Service: "networking", 16 ShortCode: "describe-security-group", 17 Summary: "Missing description for security group.", 18 Impact: "Auditing capability and awareness limited.", 19 Resolution: "Add descriptions for all security groups", 20 Explanation: `Security groups should include a description for auditing purposes. Simplifies auditing, debugging, and managing security groups.`, 21 Links: []string{}, 22 Terraform: &scan.EngineMetadata{ 23 GoodExamples: terraformSecurityGroupHasDescriptionGoodExamples, 24 BadExamples: terraformSecurityGroupHasDescriptionBadExamples, 25 Links: terraformSecurityGroupHasDescriptionLinks, 26 RemediationMarkdown: terraformSecurityGroupHasDescriptionRemediationMarkdown, 27 }, 28 Severity: severity.Medium, 29 }, 30 func(s *state.State) (results scan.Results) { 31 for _, group := range s.OpenStack.Networking.SecurityGroups { 32 if group.Metadata.IsUnmanaged() { 33 continue 34 } 35 if group.Description.IsEmpty() { 36 results.Add( 37 "Security group rule allows egress to multiple public addresses.", 38 group.Description, 39 ) 40 } else { 41 results.AddPassed(group) 42 } 43 } 44 return 45 }, 46 )