Skip to content

Commit

Permalink
feat(aws): Add support to see successes in results
Browse files Browse the repository at this point in the history
Fixes: #4417

Signed-off-by: Simar <simar@linux.com>
  • Loading branch information
simar7 committed Jun 2, 2023
1 parent b84b5ec commit 47f9a74
Show file tree
Hide file tree
Showing 3 changed files with 61 additions and 5 deletions.
7 changes: 6 additions & 1 deletion pkg/cloud/aws/commands/run.go
Original file line number Diff line number Diff line change
Expand Up @@ -142,7 +142,12 @@ func Run(ctx context.Context, opt flag.Options) error {
})
}

r := report.New(cloud.ProviderAWS, opt.Account, opt.Region, results.GetFailed(), opt.Services)
res := results.GetFailed()
if opt.MisconfOptions.IncludeNonFailures {
res = results
}

r := report.New(cloud.ProviderAWS, opt.Account, opt.Region, res, opt.Services)
if err := report.Write(r, opt, cached); err != nil {
return fmt.Errorf("unable to write results: %w", err)
}
Expand Down
54 changes: 51 additions & 3 deletions pkg/cloud/aws/commands/run_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,7 @@ func Test_Run(t *testing.T) {
CloudOptions: flag.CloudOptions{
MaxCacheAge: time.Hour * 24 * 365 * 100,
},
MisconfOptions: flag.MisconfOptions{IncludeNonFailures: true},
},
cacheContent: exampleS3Cache,
want: `{
Expand All @@ -99,7 +100,7 @@ func Test_Run(t *testing.T) {
"Class": "config",
"Type": "cloud",
"MisconfSummary": {
"Successes": 0,
"Successes": 1,
"Failures": 9,
"Exceptions": 0
},
Expand Down Expand Up @@ -272,6 +273,29 @@ func Test_Run(t *testing.T) {
}
}
},
{
"Type": "AWS",
"ID": "AVD-AWS-0092",
"AVDID": "AVD-AWS-0092",
"Title": "S3 Buckets not publicly accessible through ACL.",
"Description": "Buckets should not have ACLs that allow public access",
"Resolution": "Don't use canned ACLs or switch to private acl",
"Severity": "HIGH",
"PrimaryURL": "https://avd.aquasec.com/misconfig/avd-aws-0092",
"References": [
"https://avd.aquasec.com/misconfig/avd-aws-0092"
],
"Status": "PASS",
"Layer": {},
"CauseMetadata": {
"Resource": "arn:aws:s3:::examplebucket",
"Provider": "aws",
"Service": "s3",
"Code": {
"Lines": null
}
}
},
{
"Type": "AWS",
"ID": "AVD-AWS-0093",
Expand Down Expand Up @@ -327,7 +351,7 @@ func Test_Run(t *testing.T) {
`,
},
{
name: "custom rego rule",
name: "custom rego rule with passed results",
options: flag.Options{
AWSOptions: flag.AWSOptions{
Region: "us-east-1",
Expand All @@ -347,6 +371,7 @@ func Test_Run(t *testing.T) {
},
SkipPolicyUpdate: true,
},
MisconfOptions: flag.MisconfOptions{IncludeNonFailures: true},
},
regoPolicy: `# METADATA
# title: No example buckets
Expand Down Expand Up @@ -390,7 +415,7 @@ deny[res] {
"Class": "config",
"Type": "cloud",
"MisconfSummary": {
"Successes": 0,
"Successes": 1,
"Failures": 10,
"Exceptions": 0
},
Expand Down Expand Up @@ -563,6 +588,29 @@ deny[res] {
}
}
},
{
"Type": "AWS",
"ID": "AVD-AWS-0092",
"AVDID": "AVD-AWS-0092",
"Title": "S3 Buckets not publicly accessible through ACL.",
"Description": "Buckets should not have ACLs that allow public access",
"Resolution": "Don't use canned ACLs or switch to private acl",
"Severity": "HIGH",
"PrimaryURL": "https://avd.aquasec.com/misconfig/avd-aws-0092",
"References": [
"https://avd.aquasec.com/misconfig/avd-aws-0092"
],
"Status": "PASS",
"Layer": {},
"CauseMetadata": {
"Resource": "arn:aws:s3:::examplebucket",
"Provider": "aws",
"Service": "s3",
"Code": {
"Lines": null
}
}
},
{
"Type": "AWS",
"ID": "AVD-AWS-0093",
Expand Down
5 changes: 4 additions & 1 deletion pkg/cloud/report/report.go
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,10 @@ func Write(rep *Report, opt flag.Options, fromCache bool) error {
for _, resultsAtTime := range rep.Results {
for _, res := range resultsAtTime.Results {
resCopy := res
if err := result.FilterResult(ctx, &resCopy, result.FilterOption{Severities: opt.Severities}); err != nil {
if err := result.FilterResult(ctx, &resCopy, result.FilterOption{
Severities: opt.Severities,
IncludeNonFailures: opt.IncludeNonFailures,
}); err != nil {
return err
}
sort.Slice(resCopy.Misconfigurations, func(i, j int) bool {
Expand Down

0 comments on commit 47f9a74

Please sign in to comment.