Refactoring and add missed tests

Threagile · May 30, 2024 · 8596bd5 · 8596bd5
1 parent 34a2e70
commit 8596bd5
Show file tree

Hide file tree

Showing 3 changed files with 740 additions and 111 deletions.
diff --git a/pkg/security/risks/builtin/missing_cloud_hardening_rule.go b/pkg/security/risks/builtin/missing_cloud_hardening_rule.go
@@ -84,27 +84,29 @@ func (r *MissingCloudHardeningRule) GenerateRisks(input *types.Model) ([]*types.
 
 	for _, trustBoundary := range input.TrustBoundaries {
 		taggedOuterTB := trustBoundary.IsTaggedWithAny(r.SupportedTags()...) // false = generic cloud risks only // true = cloud-individual risks
-		if taggedOuterTB || trustBoundary.Type.IsWithinCloud() {
-			r.addTrustBoundaryAccordingToBaseTag(trustBoundary, trustBoundariesWithUnspecificCloudRisks,
-				trustBoundaryIDsAWS, trustBoundaryIDsAzure, trustBoundaryIDsGCP, trustBoundaryIDsOCP)
-			for _, techAssetID := range trustBoundary.RecursivelyAllTechnicalAssetIDsInside(input) {
-				added := false
-				tA := input.TechnicalAssets[techAssetID]
-				if tA.IsTaggedWithAny(r.SupportedTags()...) {
-					addAccordingToBaseTag(tA, tA.Tags,
-						techAssetIDsWithSubtagSpecificCloudRisks,
-						techAssetIDsAWS, techAssetIDsAzure, techAssetIDsGCP, techAssetIDsOCP)
-					added = true
-				} else if taggedOuterTB {
-					addAccordingToBaseTag(tA, trustBoundary.Tags,
-						techAssetIDsWithSubtagSpecificCloudRisks,
-						techAssetIDsAWS, techAssetIDsAzure, techAssetIDsGCP, techAssetIDsOCP)
-					added = true
-				}
-				if !added {
-					techAssetsWithUnspecificCloudRisks[techAssetID] = true
-				}
+		if !taggedOuterTB && !trustBoundary.Type.IsWithinCloud() {
+			continue
+		}
+
+		r.addTrustBoundaryAccordingToBaseTag(trustBoundary, trustBoundariesWithUnspecificCloudRisks,
+			trustBoundaryIDsAWS, trustBoundaryIDsAzure, trustBoundaryIDsGCP, trustBoundaryIDsOCP)
+		for _, techAssetID := range trustBoundary.RecursivelyAllTechnicalAssetIDsInside(input) {
+			tA := input.TechnicalAssets[techAssetID]
+			if tA.IsTaggedWithAny(r.SupportedTags()...) {
+				addAccordingToBaseTag(tA, tA.Tags,
+					techAssetIDsWithSubtagSpecificCloudRisks,
+					techAssetIDsAWS, techAssetIDsAzure, techAssetIDsGCP, techAssetIDsOCP)
+				continue
 			}
+
+			if taggedOuterTB {
+				addAccordingToBaseTag(tA, trustBoundary.Tags,
+					techAssetIDsWithSubtagSpecificCloudRisks,
+					techAssetIDsAWS, techAssetIDsAzure, techAssetIDsGCP, techAssetIDsOCP)
+				continue
+			}
+
+			techAssetsWithUnspecificCloudRisks[techAssetID] = true
 		}
 	}