forked from aquasecurity/tfsec
-
Notifications
You must be signed in to change notification settings - Fork 0
/
require_symbols_in_passwords.go
53 lines (50 loc) · 1.83 KB
/
require_symbols_in_passwords.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
package iam
import (
"github.com/mightymarty/tfsec/defsec/internal/rules"
framework2 "github.com/mightymarty/tfsec/defsec/pkg/framework"
providers2 "github.com/mightymarty/tfsec/defsec/pkg/providers"
scan2 "github.com/mightymarty/tfsec/defsec/pkg/scan"
severity2 "github.com/mightymarty/tfsec/defsec/pkg/severity"
state2 "github.com/mightymarty/tfsec/defsec/pkg/state"
)
var CheckRequireSymbolsInPasswords = rules.Register(
scan2.Rule{
AVDID: "AVD-AWS-0060",
Provider: providers2.AWSProvider,
Service: "iam",
ShortCode: "require-symbols-in-passwords",
Frameworks: map[framework2.Framework][]string{
framework2.Default: nil,
framework2.CIS_AWS_1_2: {"1.7"},
},
Summary: "IAM Password policy should have requirement for at least one symbol in the password.",
Impact: "Short, simple passwords are easier to compromise",
Resolution: "Enforce longer, more complex passwords in the policy",
Explanation: `IAM account password policies should ensure that passwords content including a symbol.`,
Links: []string{
"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html#password-policy-details",
},
Terraform: &scan2.EngineMetadata{
GoodExamples: terraformRequireSymbolsInPasswordsGoodExamples,
BadExamples: terraformRequireSymbolsInPasswordsBadExamples,
Links: terraformRequireSymbolsInPasswordsLinks,
RemediationMarkdown: terraformRequireSymbolsInPasswordsRemediationMarkdown,
},
Severity: severity2.Medium,
},
func(s *state2.State) (results scan2.Results) {
policy := s.AWS.IAM.PasswordPolicy
if policy.IsUnmanaged() {
return
}
if policy.RequireSymbols.IsFalse() {
results.Add(
"Password policy does not require symbols.",
policy.RequireSymbols,
)
} else {
results.AddPassed(&policy)
}
return
},
)